June 8, 2007
Colleges Hide Social Security Numbers From Identity Thieves
Social Security numbers have become all too common at colleges and universities as identifiers of personal information. Unfortunately, hacking into systems that store these numbers has become all too common as well. As a result, faculty, staff, and students are at great risk for identity theft.
Enough is enough, according to the University of Pennsylvania. Campus Technology reports this week that the institution wants to initiate a multipart policy to get Social Security numbers out of harm's way. Everyone associated with the university is supposed to inventory their online and offline storage of the numbers. And then they have four options:
1. Purge them from the data.
2. Convert them to the university's own numerical ID system.
3. If the numbers are essential, display only the last four digits.
4. If there is no way to avoid using the complete Social Security numbers, enforce strict security controls on access and use. That means, among other things, that storage on desktops and laptops is prohibited.
Robin H. Beck, the vice president for information systems and computing, noted in a statement that people have until June 21 to comment on this proposal. After that, presumably, the policy will start to be enforced and identities at Pennsylvania will be somewhat more secure. --Josh Fischman
Posted on Friday June 8, 2007 | Permalink |Comments
Commenting is closed for this article.
Previous: A Library Makes Its Debut, in Second Life
Next: Tips for Teachers
Every bank and financial institution has my social security number. My regular dentist, all of my doctors and medical specialists, my hospital and even Quest Diagnostics (for routine bloodwork) insist on having my social security number before they provide their services. My optometrist asked me for my social security number as the very first question when I got my most recent pair of eyeglasses. My car insurance and my home insurance companies demanded to have it. All of my credit card issuers have it. All four of my previous colleges and universities have it. The New York State Motor Vehicle Department has it; they require it for car registration and drivers’ licenses. I just bought a used car. The dealer required my social security number. And so on, and so on. My point is this: hundreds — nay, THOUSANDS — of agencies and offices, public and private, have access to my social security number. The myth of “secure” social security numbers is a joke; in fact, it is just plain silly. We should abandon the folly of “securing” our social security numbers — it absolutely cannot be done — and instead, move towards massive punishments for the abuse of these numbers. Victims of social security number abuse should not only be compensated for financial losses and inconvenience, but also handsomely rewarded at the expense of the abuser. Yes, the only logical approach is massive negative consequences to the abusers. Asking people to withhold their social security numbers from a dentists when they have a toothache, or hospitals when they have medical emergencies is absolutely worthless advice. Comments?
— Richard Jun 8, 05:37 PM #
Richard, I would argue that the most important abusers are not those who steal an identity using a SSN. Rather, companies whose representatives are free to authenticate calling customers using a SSN are at least as important to punish. I.e., the problem is not that people steal a not-very-private identifier. The problem is that a not-very-private identifier is used to authenticate identity. Some will argue that a free (and informed) market will eliminate (or minimize the impact of) these companies. But with all of us paying the cost of fraud, maybe the government should step in. Am I underinformed on this topic? Has the government tried to regulate the use of SSNs in the past?
— Amon Jun 11, 08:57 AM #
The Social Security statute itself provides the number is not to be used for identification purposes except by the Social Security Administration. Many of those who ask for the number are not entitled to it. Those who are entitled to it, must tell you under what authority and why and how they will use the number. Consumers owe it to themselves to guard that information. I regularly refuse to provide the number to healthcare providers, insurance providers, etc. who are required to have an alternative means of identification and they always begrudingly oblige.
— C. Mary Jun 11, 02:15 PM #