Social Security Numbers

Key: Permission Levels

  • Permitted
  • Permitted with Information Assurance (IA) Consultation
  • Not Permitted

For IA consultation, please contact the ITS Service Center

Protecting sensitive data is a shared responsibility. You are responsible for ensuring that your use of permitted services complies with laws, regulations, and policies where applicable.

Permitted

Permitted with IA Consultation

Not Permitted

Data Type Description 

Social Security Numbers are unique, nine-digit numbers issued to U.S. citizens, permanent residents, and temporary (working) residents for taxation, Social Security benefits, and other purposes. Social Security Numbers are a primary target for identity thieves. While Social Security Numbers are a type of Personally Identifiable Information (PII), the legal requirements for protecting them are much more stringent than for other PII. U-M has not used Social Security Numbers as identifiers for students and employees since 2004. 

Social Security Numbers are managed and protected in accordance with the Institutional Data Resource Management Policy (SPG 601.12), the Privacy and the Need to Monitor and Access Records (SPG 601.11), and the IT Standard on Social Security Number Privacy and Protection (DS-10). Before storing Social Security Numbers in any system, ensure you have reviewed DS-10 and have a plan to maintain compliance with the requirements in the Standard. For systems that require IA consultation, be prepared to discuss your plans for complying with DS-10.

Data Steward: HR Records & Information Services

Examples 

  • Numbers in this format: 123-45-6789
  • Tax forms (W-2, W-4, W-9, 1099, and so on) that require Social Security numbers
  • Taxpayer Identification Number—issued by the Social Security Administration or the Internal Revenue Service (IRS)
  • Employer Identification Number—issued by the IRS
Andrew File System (AFS): 
Not Permitted
Canvas: 
With Approval
Cloud Storage Included with Software: 
Not Permitted
Data Warehouse: 
Permitted
Desktop Backup (Powered by Code42): 
With Approval
MiDesktop: 
With Approval
Digital Signage: 
Not Permitted
Echo360 - Lecture Capture and LectureTools: 
Not Permitted
eResearch: 
Not Permitted
Globus: 
With Approval
Amazon Web Services GovCloud at U-M: 
With Approval
Amazon Web Services (AWS) at U-M: 
With Approval
Google Non-Core Services: 
Not Permitted
Google Drive at U-M: 
Not Permitted
Google Mail and Calendar at U-M: 
Not Permitted
Google at U-M Core Services: 
Not Permitted
MiDatabase: 
With Approval
MiServer: 
With Approval
MiShare: 
Permitted
MiStorage CIFS with AWS S3 Cloud Storage Integration: 
With Approval
MiStorage (NFS): 
Not Permitted
MiVideo: 
Not Permitted
MiWorkspace: 
With Approval
Personal Accounts: 
Not Permitted
Personally Owned Devices (phone, tablet, laptop, etc.): 
With Approval
Qualtrics: 
With Approval
ServiceNow at Michigan Medicine: 
With Approval
MiBackup: 
Permitted
Turbo Research Storage (NFS): 
Not Permitted
Turbo Research Storage (NFSv4+Kerberos or CIFS): 
With Approval
Michigan Medicine Exchange/Outlook Email and Calendar: 
With Approval
Document Imaging System: 
Permitted
E-signature Service - SignNow: 
Permitted
Piazza Q&A: 
Not Permitted
Gradescope: 
Not Permitted
Electronic Research Notebook at U-M: 
Not Permitted
Microsoft Azure at U-M: 
With Approval
Google Cloud Platform at U-M: 
With Approval
Perusall: 
Not Permitted
Yottabyte Research Cloud: 
With Approval
Microsoft Office 365 at U-M: 
Not Permitted
LastPass at Michigan Medicine: 
Not Permitted
Armis2: 
With Approval
Great Lakes Cluster: 
With Approval
Adobe Cloud Storage: 
Not Permitted
Zoom at U-M: 
Not Permitted
TeamDynamix at U-M: 
With Approval
Dropbox at U-M: 
With Approval
Virtru at U-M: 
With Approval
Microsoft Teams at U-M: 
Not Permitted
Denodo at U-M: 
Not Permitted
Slack at U-M: 
Not Permitted
Microsoft 365 at Michigan Medicine: 
With Approval
Lighthouse HPC Cluster: 
With Approval