Add Field for Social Security Number¶
Here's how to customize a field for social security numbers if you decide you must keep them in your account.
- Choose Setup from the menu.
- Choose Field Options.
- Select Profile Tab (for Volunteers).
- Select any of the Spare fields that are currently hidden.
Make the following changes to the field properties window for the Spare field you selected:
For Field format choose Social security number
- For Field name enter Social security number (or whatever you want the field name to be)
- Set Hidden to No
Set any special System Operator rights you want for this field.
Click the Save button to save your changes.
Your volunteer Profile tabs will now include a field for a social security number. Most volunteer tabs support a number of custom fields that you can configure through the same steps.
Is storing the information in Volgistics necessary?
While Volgistics is a secure system, a simple way to limit your risk even further is to decide if potentially sensitive information must be stored in Volgistics. In the United States, most state and federal laws governing the protection of privacy define protected personal information as first and last name, plus any one of these: Social security number (SSN); Driver's license number; Financial account or credit card number.
While tracking a volunteer's first and last name is naturally important, it is often possible to operate a volunteer program successfully without asking volunteers to provide their social security number or driver's license number. Volgistics does not require that you store any sensitive information about your volunteers in the system. Account holders customize any fields needed for additional information so organizations have complete control over what information is stored in their account.
In many cases, if the information is only needed once, it does not need to be stored in Volgistics. For example, if the volunteer's driver's license number or social security number is only needed for background checks, using Verified First (Volgistics' integrated background screening service) eliminates the need to store the information in Volgistics. The volunteer submits the information directly to Verified First so your organization is not responsible for maintaining the information's security. If you can operate this way, and make it a policy to do so, you will have substantially reduced your vulnerability from the very start.
If you decide sensitive information such as driver's licenses and social security numbers must be stored in Volgistics, we recommend using specific strategies with the information. For example, it's a good practice on volunteer application forms to let applicants know why you are collecting the information. Applicants are not required by law to give a social security or driver's license number, but if you require a background check you can let applicants know they will not be approved to volunteer without submitting the information. If you have an alternate way for volunteers to get you the information, you could let them know this.
Whether or not you choose to store sensitive information in the system, it is always a good idea to require strong passwords for the System Operators who access your account. This is especially true if your account includes sensitive information. Experts feel the human tendency to use easy-to-guess passwords often poses the biggest security threat for online accounts.
Volgistics allows you to customize the password strength rules for your account on the System Operators Ground Rules page. Options include case sensitivity, password length requirements from 6 to 30 characters, password expirations in 30 day increments from 30 to 300 days, and mandatory inclusion of numeric characters and symbols.
Please keep in mind that Volgistics was designed to track volunteer records, not patient information. Therefore, the system does not include Protected Health Information (PHI) unless an account holder is using the system in a way it was not intended to be used. Because of this, Volgistics should not be considered a Covered Entity for HIPAA purposes.