Privatus has established the following procedures to protect the confidentiality and security of Social Security numbers (SSNs) received by the Company. This policy applies to SSNs received for any employment-related purpose, including, but not limited to, pre-employment background screening; payroll, benefits, and human resources administration; and employment-related investigations.
Access to, and Use of, Information or Documents That Contain SSNs
Only authorized employees of the Company may access information and documents containing SSNs. Authorized employees may access information or documents containing SSNs only on a need- to-know basis and may use such information and documents only for the purpose for which access is permitted.
Disclosures of Information or Documents That Contain SSNs
The Company will disclose documents containing SSNs outside the Company only as permitted or required by law or court order. If the recipient of the document does not have a need to know the SSN, the SSN should be redacted before disclosure. If the recipient of the document does have a need to know the SSN, then the Company, whenever feasible, should obtain the recipient’s written agreement to provide adequate protections for the documents containing the SSN. SSNs may not be disclosed to a third-party without the prior approval of the Legal Department or of the Director of Human Resources.
Additional Safeguards for SSNs
SSNs should not be publicly displayed, for example, by including them in electronic documents posted on internal web sites or in paper documents posted on employee bulletin boards;
SSNs should not be printed on cards, such as insurance identification cards, that must be presented for an employee to obtain goods or services;
SSNs generally should not be printed on paper documents that are mailed to an employee unless the document, by law, is required to include an SSN (such as a W-2 Form) or in certain other limited circumstances. Employees should consult with the Legal Department before including SSNs in a mailing;
Employees authorized to access SSNs should take steps to prevent casual viewing of SSNs by unauthorized persons, such as activating a password-protected screen saver when leaving an assigned computer unattended;
Employees authorized to access SSNs should not download SSNs or documents containing SSNs to any portable storage medium unless it is encrypted or remotely access files containing SSNs other than through an encrypted connection.
SSNs should not be transmitted over the internet unless encrypted pursuant to the Company’s Information Security Policy.
Enforcement
Any employee who becomes aware of, or suspects, a violation of this policy should inform the Director of Human Resources or the Legal Department immediately, so that the Company may conduct an investigation where appropriate. No employee may retaliate against an employee who reports a violation of this policy. Violation of this policy will result in disciplinary action up to and including termination of employment.