Student ID Number and Identification Card Numbers

            1. General

            2.  Collection of Identification Card Numbers

            3.  Disclosure of ICN’s by MTU

            4. MTU Identification Numbers

            5. Use of ICN’s

            6.  Report Collection, Use, and/or Storage of ICNs

            7. Related Policies

 

Student ID Numbers and Identification Card Numbers From the Registrar’s Office:

The Mesarya Technical University is not useing othe Identification Card Numbers to identify student accounts. When doing business with MTU, you may be asked for your MTU ID Number, your Student ID Number, or your Banner ID number. These numbers are the same.

Your MTU ID appears in the top right corner of the screen when you are logged into OwlWeb. You can also find your MTU ID by visiting Demographic Self-Service and logging in with your NetID and password. Click on the Demographic Information link. Your MTU ID will be shown on that page.

Identification Card Numbers

University Business Policies and Procedures Manual 2030
Effective Date: ………………………………………
Authorized by Board of Trustee Policy 3.1 “Responsibilities of the President”

1. General

The Mesarya Technical University (MTU) collects and maintains confidential information, including Identification Card numbers (ICN’s) of its students, staff, faculty and individuals associated with the University.  “Information Security,” Policy 2550, UBP (proposed draft policy), describes the basic components of the MTU Information Security Program which all applies to employees (student, staff, and faculty), contractors, vendors, volunteers, and all other individuals who work with MTU data and information.  This policy defines additional requirements applicable to ICN’s.  MTU recognizes the importance of the proper handling of ICN’s in order to protect personal privacy and minimize the growing risks of fraud and identity theft.  The Northern Cyprus (TRNC) Privacy Act is the Northern Cyprus (TRNC) law that regulates the collection of ICN’s.  This law makes it illegal for Northern Cyprus (TRNC) , state or local government agencies to deny any rights, benefits or privileges to individuals who refuse to disclose their ICN’s unless the disclosure is required by Northern Cyprus (TRNC) statute or the disclosure is to an agency for use in a record system which required the ICN before 1975.  This Act applies to MTU.  The Northern Cyprus (TRNC) Privacy Act also requires that any agency that requests ICN’s must inform individuals asked:

  • whether the disclosure is mandatory or voluntary;
  • what the authority is for requesting the ICN;
  • what uses will be made of the information; and
  • the consequences, if any, of failure to provide the information.

2.  Collection of Identification Card Numbers

Where Tax and Revenue or other Northern Cyprus (TRNC) regulations require MTU to report ICN, we require individuals to provide us with that information.

2.1. Notification Statement

In all instances when MTU requests an individual to supply his/her ICN, it must indicate in writing:

  • whether the disclosure is mandatory or voluntary;
  • by what authority the number is requested;
  • the uses which will be made of it; and
  • the consequences, if any, of failure to provide the ICN.  All statements must be approved in advance by the Office of University Counsel.

2.2.  Employees

Employees are required to provide their ICN’s on payroll/personnel, health insurance, and retirement forms.

2.3.  Students

Students are required to provide their ICN’s for admission, financial aid, and student housing contracts.  Students unable to provide a ICN will be assigned an alternative number.

2.4. Patients

Patients of University Clinic and medical clinics are required to provide their ICNs on inpatient and outpatient registration forms.

2.5.  Other Individuals

Other forms that request disclosure of ICN’s, and proposals by departments to collect ICN’s for any purpose must be approved in advance by Office of University Counsel.  The provision of ICN’s in such cases must be strictly voluntary and individuals who decline to disclose the number may not be denied any rights, benefits or privileges.

3.  Disclosure of ICN’s by MTU

An individual’s ICN is personal information and shall not be released by MTU to outside individuals or entities, except:

  • as allowed or required by law;
  • when permission is granted by the individual;
  • when the outside individual or entity is acting as MTU’s contractor or agent and appropriate security measures are in place to prevent unauthorized dissemination to third parties; or
  • when the Office of University Counsel has approved the release.

4. MTU Identification Numbers

MTU does not use ICN’s as primary identifiers for students or employees.  Any exception must be approved in writing by the cognizant vice president and the University Chief Information Officer (CIO).  Students and employees are assigned a unique randomly-generated identification number to allow access to records and to transact business with MTU.  These numbers remain the property of, and are subject to, MTU’s rules.  MTU identification numbers are not accorded the same confidential status as ICNs.

5. Use of ICN’s

The following guidelines must be followed by MTU employees with access to ICN’s:

  • ICN’s will be transmitted electronically only through secure mechanisms as determined by ITS;
  • paper and electronic documents containing ICN’s will be disposed of in a secure fashion; and
  • student grades and other pieces of personal information will not be publicly posted or displayed using either the complete or partial ICN for identification purposes.

6.  Report Collection, Use, and/or Storage of ICNs

Departments that collect, use and/or store ICN’s must submit a report to the Director of Information Assurance documenting the reason for collection, the handling processes in place to ensure protection of ICN’s, and the notification statement required by Section 2.1. herein.  Reports must be made no later than September 30, , or within ninety (90) days of beginning collection, use, and/or storage of ICN’s, whichever is later.  In addition, departments must review ICN procedures annually and report any changes to the Director of Information Assurance.

“Information Security,” Policy 2550, UBP