Policy on Person Identification (PID) Creation, Modification and Authentication

Policy Statement

The Affiliated Persons Policy Committee (APPC) authorizes the use of Person ID numbers (PIDs) for systems and applications that rely on the PID for identification, access and security. This policy outlines the processes and requirements for creation and modification of PID records and the systems that use them. PID creators and modifiers should take care to maintain accuracy and avoid duplication.

The APPC will work with those creating new systems to enable access and determine creation/modification processes.

Definitions

  • PID: Person Identification number
  • Guest ID: An ID generated for a person who needs limited access to non-sensitive systems
  • Home Address: A place of permanent residence, where bills, grades, 1098-Ts, and W-2 tax forms will be sent.
  • ConnectCarolina: a PeopleSoft Enterprise Resource System used by the University to house and process University services and data
  • APPC: Affiliated Persons Policy Committee
  • Employee: A person who is working for The University of North Carolina at Chapel Hill (the "University") in a permanent or temporary SPA or EPA position
  • Student: Anyone who has been matriculated at the University
  • Student Applicant: Anyone who has submitted a complete application to the University for admission to the University
  • Affiliate: A person who is not an employee, student and/or student applicant as defined above but is otherwise associated or affiliated with the University and requires University resources to work in conjunction with the University, such as third-party vendors, independent contractors, retirees, and visiting scholars.
  • School/Division Person Update Users: Users who are authorized to make person bio- demographic data changes in ConnectCarolina.

Audience

Those involved in the PID creation/modification process and/or who create systems that rely on the PID for authentication.

Reason for Policy

Duplicate identities are costly to resolve, disrupt University operations, and negatively impact student applicants, employees, students and affiliates who access University systems. In addition, there can be legal ramification for the University if unauthorized access to sensitive data is gained through the improper creation or modification of bio- demographic records. For these reasons, this policy establishes criteria to maintain accurate records for all persons affiliated with the University and to eliminate duplicate identity creation.

Procedures

PID Creation Requirements

PID creators/modifiers must gather the minimum bio-demographic data listed below and use this data to complete a comprehensive person search before proceeding with a new PID creation. These same requirements should be used to identify a person when modifying or adding data to a record.

Required

  1. Legal name
  2. Date of birth
  3. Gender
  4. Home address
  5. Phone number (optional if Social Security Number is collected)

Recommended

  1. Email address
  2. Social Security Number

New System Requirements

The University, UNC Health Care System, and other affiliated University entities may create new systems that use the PID for identification, access and security. The APPC will work with those creating new systems to enable access and determine creation/modification processes.

The process to generate or modify the PID depends upon the status of the individual, as described below.

1. Employee

  • Creation: An employee PID is created when the background check has been completed through the Office of Human Resources (OHR) Background Check Unit.
  • Modification: Employee bio-demographic data can be updated via OHR, the PID Office or the School/Division Person Update User.
  • Employee applicants do not receive PIDs.

2. Student or Student Applicant

  • Creation: A student PID is created when the student's application is submitted and posted in ConnectCarolina.
  • Modification:
    • Pre-matriculated student or applicant bio-demographic data can be updated by the PID Office.
    • Matriculated students bio-demographic data can be updated via Registrar's Office and the PID Office.

3. Third Party Proxy for Students

  • Creation: A Proxy PID is created after a student requests access and the Guest ID process is completed.
  • Modification: Third party Proxies bio-demographic data can be updated via the PID Office.

4. Participant in University-Sponsored Noncredit Course through the William and Ida Friday Center for Continuing Education

  • Creation: A participant in a university-sponsored noncredit course receives a PID when they are entered into one of the Friday Center systems.
  • Modification: A participant in a university-sponsored noncredit course's bio-demographic data can be updated via the PID Office.

5. Anyone Else

  • Creation: A PID is created by the OHR Background Check Unit or PID Office when applying for an affiliation in ConnectCarolina.
  • Modification: Anyone else's bio-demographic data can be updated via the PID Office.

*Any creation or modification exceptions can be verified with the PID Office.

Compliance

Monitoring

  • Weekly: A report is generated. The University's PID Administrator reviews the report and determines whether duplicate PIDs were created unnecessarily. The creator of any duplicate PID will receive an email from the PID Office and then a follow up training phone call.
  • Monthly: A report is generated from the weekly reports and is sent to the chair of the APPC. This information is also shared with the APPC committee.
  • Quarterly: A customized report for each school, department, division, or center is generated and sent to the appropriate PID Creators, Deans, Directors, and/or Vice Chancellors. The report provides an overview of individuals who created more than three (3) duplicate PIDs in a year and describes the retraining steps that have taken place.

Communication and Training to Reduce Preventable Duplicate PID Creation

First occurrence

An email is sent to the individual about duplicate PIDs, the consequences of creating a duplicate PID, how the preventable duplicate PID occurred, and ways to prevent creating one in the future. A phone call follows to see if there are any questions.

Second occurrence in one year

An email is sent to the individual and their supervisor about duplicate PIDs, the consequences of a duplicate PID, how the second preventable duplicate PID occurred and ways to prevent creating one in the future. A phone call follows to see if there are any questions.

Third occurrence in one year

An email is sent to the individual and their supervisor about the third preventable duplicate PID and a mandatory training session is scheduled. A phone call follows to set up the meeting.

Fourth or subsequent occurrence in one year

APPC chair is notified for further action, which may include the removal of PID Creation Access.

The repeated creation of duplicate PIDs, or other violations of these procedures, could result in further administrative action, including but not limited to disciplinary action, at any stage of the corrective process described above.

Roles and Responsibilities

APPC

Will work with those creating new systems to enable access.

PID Creator/Modifier

The person responsible for gathering and protecting data, as well as following the procedures above relating to the creation of PIDs.

Related Statutes and Policies

Contacts

Questions about this policy should be directed to the PID Office7 at pid@unc.edu or 919-962-6568.

References

  1. https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
  2. https://policies.unc.edu/TDClient/2833/Portal/KB/ArticleDet?ID=132164
  3. https://www.ncleg.net/EnactedLegislation/Statutes/HTML/BySection/Chapter_132/GS_132-1.1.html
  4. https://www.ncleg.net/EnactedLegislation/Statutes/HTML/ByArticle/Chapter_126/Article_7.html
  5. https://hr.unc.edu/employees/policies/shra-policies/ee-relations/confidentiality/
  6. https://policies.unc.edu/TDClient/2833/Portal/KB/ArticleDet?ID=131258
  7. https://aux-services.unc.edu/pid/

Document History

  • Effective Date: November 10, 2014
  • Last Revised Date: October 30, 2015