Explore UAB

Colleges & Schools

Information Technology

If you don’t need it, delete it.

If you have stored Restricted/PHI data, such as SSNs, on your computer, departmental server, UABFile drive or in cloud storage such as OneDrive or Box, you need to review your files and delete or redact any information that is no longer needed. This guide is meant to help staff and faculty find and remove Restricted/PHI data in support of a university-wide initiative to secure student and staff data.

Remove

Remove

Replace

Replace

Retain

Retain

Why reduce data?

Due to the increasing threat of identity theft and fraud, state and federal governments have created privacy laws, and UAB has adopted internal policies that require the security and privacy of an individual’s Social Security number.

Many laws and UAB policies still apply to instances where partial SSN data (e.g. just the last four digits of a SSN) is stored/processed/transmitted. Consequently, partial SSN data are included in the scope of UAB’s SSN elimination initiative.

Information systems and business processes are required to evaluate data and reduction possibilities as part of this effort. Archived paper records that are not currently used in business processes are not required; however, they are recommended to be reviewed and reduced.

  • Removing
    If you do not need the file, delete or shred it. According to the UAB Records Retention Schedule, coursework only needs to be retained for a semester after it is submitted, if the grade is uncontested.
  • Redacting
    If the file is necessary, but the SSN is not, redact it by replacing it with Xs or using a black marker on paper documents. It is UAB’s position that it is lawful and permissible to redact Social Security numbers from archived electronic or paper records for the purposes of identity protection.
  • Replacing
    If the SSN serves as an identifier: a unique name or number used in a business processes to ensure a specific person is linked with a file or document. Examples include using a Student ID on exams or projects, or including a SSN on financial documents or tax forms, replace it with another appropriate identifier.

    If the SSN serves as an authenticator: a password paired with a user ID to grant access to a service. Authenticators are intended to prevent unauthorized visitors from accessing specific resources. use a different authenticator.
  • Retaining
    Where the SSN must be kept, additional security measures must be taken to ensure the SSN cannot be easily compromised. Please follow all policies and the Records Retention Policy.

How to find SSNs

Start by looking in the places or files most likely to contain SSNs. As you find them, either keep a list to deal with later or deal with them on the spot. Use the regular search tool that comes with Windows or Mac to help find more SSNs. Be sure to search files “Containing Text” and not just files named what you are searching. Also, to save time make sure the location where you are searching is limited to the places you listed in the above step. Unfortunately, Windows and Mac search cannot find SSNs that do not include the search terms you use. Below are some search terms to try:

  • Social Security
  • SSN
  • Last Four

For an advanced approach, you can search for all of these at once by typing the following: (If using OR or AND, they must be all capital letters to work right in Windows.) Example: “Social Security” OR SSN OR “last four”

Where to look

The first task is to determine where to look. Where do you store documents or spreadsheets? What kind of files might have SSNs? Do you have any network folders or web sites that might contain SSNs? Even if you are fairly sure your documents do not contain SSNs, it’s important to check. Here are some example places, but think about any places personal to you that may not be listed:

Types of Files

  • Word documents
  • Spreadsheets
  • Grade rolls
  • Student exams, papers, homework, etc.
  • Tax and financial forms
  • Archived e-mail
  • Database backup files
  • Website backup files

Locations to Search

  • My Documents folder
  • Backup or storage folders
  • Network drives or storage folders
  • Emails or listservs
  • Any websites, especially old versions, or files no longer in use.
  • Old CD backups of past works