Binghamton University

| Home | Contact Us |

BUC$ Debit Card System Campus Preschool Dining Services Laundry Services Refrigerator Rental University Banking University Bookstore Vending Services

Card Access Office

Policy on the Use of Social Security Numbers
The Department of Auxiliary Services Card Access Office acknowledges that it collects and maintains the Social Security numbers of the students, employees, and individuals associated with the University in connection with the operation of its card access system. The Card Access staff is dedicated to properly handling Social Security numbers and protecting the privacy of the individuals associated with the University by regularly engaging in the following practices:

• Paper documents containing Social Security numbers will be stored securely in locked areas only accessible by authorized Auxiliary Services staff members. Paper documents will be destroyed by shredding and will be discarded into confidential recycling bins on a daily basis after cardholder data has been successfully entered into the card access software. All cardholder data shall be destroyed prior to the first business day in August following a person’s access termination from the card access system. Destruction of records will be considered adequate if no Social Security numbers may be obtained from them after shredding.
  
  Computers with electronic documents or databases containing Social Security numbers and other confidential data will be stored on password based systems and locked when unattended. Electronic documentation containing Social Security numbers will be deleted and cardholder databases will be purged on the first business day in August of the following a person’s access termination from the card access system.
• Should Social Security numbers be electronically transmitted through software devices such as email, they shall be secured in an encrypted format when transferred from the originating area to its destination(s).

The Card Access office will release Social Security numbers only:

• As required by law or lawfully issued subpoena; OR
• When the individual provides authorization.

Electronic Access Hierarchy
The Department Access Manager with technical guidance and support from the Card Access Office determines the access level of. They may consult with University Police before unusual requests are granted. Access level includes:

• Affiliation (student, faculty, staff, vendor)
• Space (where access should be granted)
• Time (when access should be granted)

Responsibilities of Departments:

1. It is every individual department's responsibility to designate a "Department Access Manager." This individual will be officially authorized by the Dean, Director, or Chair of a department and given the authority and responsibility to authorize electronic access credentials for the department. This individual will be responsible for the following:

a. Submitting requests for electronic access credentials to the Card Access Office. Each request must include the name, SSN, and affiliation of the individual who will be receiving the credential. In addition, access level changes must be submitted to the Card Access Office

i. Individuals must show proper identification when picking up their electronic access credential(s) from the Department Access Manager.
ii. Persons changing from one department to another the must complete the Electronic Request Form.

b. Collection of electronic access credentials from the users once their affiliation with the collecting department has ended is imperative.

c. The secure recordkeeping of all confidential information related to persons who have access and who have been issued electronic access credentials for any area that falls under the control of the department.

d. Authorize the issuance of exterior door access credentials to only those individuals who have a continuous need to access the building(s) after normal building hours.

e. Shall not allow electronic access credentials of any kind to be transferred from one individual to another. Since the credentials are in an individual's name, they must be returned by the Department Access Manager to the Card Access Office, appropriately authorized by the Department Access Manager to the staff/faculty/student member, and then issued to the new staff/faculty/student member via the normal process

i. Returning a signed receipt from the individual to the Card Access Office.

2. The department will be held accountable for any individual for whom it has authorized an electronic access credential. If the authorized individual loses a credential or does not return a credential(s) upon the end of their relationship with the University, the individual will be charged $15.00. This fee is required to recoup a portion of the costs associated with the need to replace a damaged, lost, or stolen electronic access credential and all spaces accessible by the credential. This is absolutely essential to maintain the safety and security of university environs.

3. All building access records will be subject to random audit by the University's internal auditor.

Responsibilities of Individual Electronic Access Credential Holders:

1. Any individual issued an electronic access credential for use at any University facility is responsible for the safekeeping of the credential and its authorized use. It must never be loaned, given, or transferred to any other individual.

2. Damaged credentials must be reported and returned immediately to the Department Access Manager who will coordinate with the Card Access Office. Replacement charges will be waived if the damage is a result of normal wear and tear and not the fault of the cardholder. If a damaged credential is reported but not returned, it will be treated as lost.

3. Lost or stolen electronic access credentials must be reported immediately to the Department Access Manager during normal business hours and the University Police Department after normal business hours.

4. Personnel whose employment with the University is ending or those being placed on a leave where access to the University facilities (for which they have electronic access credentials) has not been authorized must return all electronic access credentials to the Department Access Manager for return to the Card Access Office by their last day of work. Access levels assigned to the users credential will be rendered nonfunctional.

5. Personnel transferring from one department or building to another must return their electronic access credential to the originating Department Access Manager except in the case that the access credential they are using is their University ID card. If the credential is a University ID card, the Department Access Manager must request from the Card Access Office that all access level(s) associated with the former department and/or building be removed. If the individual requires electronic access at the location they are transferring to, they must process a new Electronic Access Request Form signed by their new Department Access Manager.

6. Electronic access credential(s) must be surrendered by an individual at anytime at the request of University Police, the Card Access Office, the authorizing department, or upon separation from the University. A receipt will be issued upon return of all electronic access credentials. An electronic access credential is not considered officially surrendered until an individual is issued a receipt for the return.