IT System SSN Reduction Review Process
By DON CIO Privacy Team - Published, July 18, 2011
The following process should be followed when reviewing information technology systems that collect Social Security numbers (both full and truncated).
- For IT systems in the Department of Defense IT Portfolio Repository (DITPR)-DON that indicate they collect SSNs, verify that this answer is correct. If not, update the SSN question to "NO."
- New questions have been added to the "PIA/PA" tab in DITPR-DON. These questions are mandatory if the SSN question response is "YES." Answer all of these questions.
- If the continued collection of the SSN is determined to be required, justification is required. Complete the justification memo found in the "Reference Documents" section of DITPR-DON under the "References" tab (and on the DON CIO website), have it signed by a Flag/SES or individual with by direction signature authority and upload it to DITPR-DON under the "Documents" tab.
- Once all questions have been answered, use this opportunity to verify the accuracy of all information on the "PIA/PA" tab.
- Complete the consolidated response matrix and forward to email@example.com and firstname.lastname@example.org.
- If you have any questions regarding this process, please contact Steve Daughety or Steve Muck at the above email addresses.