IT System SSN Reduction Review Process

By DON CIO Privacy Team - Published, July 18, 2011

The following process should be followed when reviewing information technology systems that collect Social Security numbers (both full and truncated).

  1. For IT systems in the Department of Defense IT Portfolio Repository (DITPR)-DON that indicate they collect SSNs, verify that this answer is correct. If not, update the SSN question to "NO."
  2. New questions have been added to the "PIA/PA" tab in DITPR-DON. These questions are mandatory if the SSN question response is "YES." Answer all of these questions.
  3. If the continued collection of the SSN is determined to be required, justification is required. Complete the justification memo found in the "Reference Documents" section of DITPR-DON under the "References" tab (and on the DON CIO website), have it signed by a Flag/SES or individual with by direction signature authority and upload it to DITPR-DON under the "Documents" tab.
  4. Once all questions have been answered, use this opportunity to verify the accuracy of all information on the "PIA/PA" tab.
  5. Complete the consolidated response matrix and forward to and
  6. If you have any questions regarding this process, please contact Steve Daughety or Steve Muck at the above email addresses.