Safeguard Personal Information
Protecting Your Social Security Number at Duke
A Social Security number is intended to identify wage earners in the US in order to accurately record their earnings. Most employees are required to pay a certain percentage of their earnings to the Social Security system through the Federal Insurance Compensation Act (the FICA tax). Your Social Security number is used to identify you and ensure that your earnings and FICA taxes are properly recorded. While a Social Security number can be one of several ways to identify an individual for purposes of tax or earnings reporting, it is an inappropriate number to use to authenticate someone's identity for other purposes. Social Security numbers will continue to be required for employment, for financial aid, for transactions that require reporting to federal agencies, and as a business necessity for certain transactions.
As a student, faculty or staff member at Duke, before you give out your Social Security number to someone at Duke, ask what it will be used for. Unless your Social Security number is needed for employment or tax purposes, or some other legitimate purpose, consider offering your Duke Unique ID or some other form of identification instead. If someone asks for your Social Security number, ask the following questions:
Why do you need my Social Security number?
How will my Social Security number be used?
What law requires me to give you my Social Security number?
What will happen if I don't give you my Social Security number?
Sometimes a business may not provide you with the service or benefit you're seeking if you don't provide your Social Security number. Getting answers to these questions will help you decide whether you want to share it with the business. Remember - the decision is yours.
Check this link for more information on the use of Social Security numbers: http://www.ssa.gov/pubs/10002.html
How to Protect Your Credit Card Information when Shopping Online
Unfortunately,it is not possible to be completely safe regardless of what you do; however, these tips may save you some hassle.
Make certain that the site is encrypting your credit card number when you send it to them. Usually, your web browser will have a small picture of a lock that is open at the bottom of the page. When the company is using encryption the lock picture will show a closed lock indicating increased security. Another way to determine if you are using encryption is to check the URL of the current page (this is often listed near the top of the web browser). If the page URL starts with http:// then the page is NOT encrypted. If the URL starts with https:// then the page is encrypted.
Consider using only one credit card online. This may not protect that one credit card, but it definitely limits your exposure.
Use a credit card that has a good policy regarding your liability in case the credit card number has been stolen. Most major credit cards limit your liability to $50 or less; however, you should check on the specifics of your card.
Never use a debit card online. Surely you would prefer to dispute a potential charge on a credit card than a charge that has wiped out your checking account.
Where possible, have your vendor NOT store your credit card number for use next time. This is no guarantee that they don't have your credit card number stored in a database, but, it may keep your card number off of their web server.
Finally, some credit card companies may offer one-time use credit card numbers that are tied to your main account. You present the one-time use number to the vendor, to whom it looks like a regular credit card number, but any subsequent attempts to use it will be denied. This is probably the BEST way of protecting yourself.
Securing Your Data
Duke has created an Information Classification Framework to help Duke users understand what institutional data needs to be protected. In addition, you should take precautions to protect your own private information so that it is not accessed without your permission. Some things you can do:
- Check your credit report regularly
- Search for your name in a search engine to check publicly available information about you
- Track what personal info you allow to be stored by third parties (cloud & services vendors) and ask yourself what could happen if this information were stolen?
- Never email account numbers, credit card numbers, Social Security numbers, and other data that can be used to access your accounts or impersonate you.
- Never reveal your location or travel plans on social media.
- Never reuse passwords and always use strong passwords or passphrases. See our Password Security page for ideas.
- Do not store protected Duke data on your work or home computers, or on smart phones, PDAs, thumb drives, or other devices.
Prevent identity theft
Avoid storing sensitive information (such as your Social Security number, credit card, bank account or driver’s license numbers) on your computer. Periodically clean your web browser caches.
Protecting data at Duke
Duke has several policies and standards intended to protect data at Duke:
- The Duke Acceptable Use Policy and the Duke Social Security Number Use Policy are supported by a set of University IT Security Office standards, which assist Duke IT staff and faculty in classifying and securing Duke data electronically.
- Duke's Data Classification Standard (pdf) requires data owners to assign a level of protection to Duke data: Sensitive, Restricted or Public.
Protecting data while traveling
Using secure methods of remote access to Duke resources helps keep them secure.
International travel with Duke data or devices can carry unique risks and require special protections. Encryption may be an appropriate method for protecting some data.