Best Practices

Assign Another Primary Identifier

Students, faculty and staff use a university assigned number for most university transactions. The student SSN remains in the university database as a secondary identifier. The institution exercises limited use of the student SSN, for example, when it is necessary to verify student identities, process financial aid applications, and report wages of student employees. Using another identifier reduces the risk of unauthorized disclosure of SSNs.

Example: One university recently redesigned its student information system with the capability to assign and use non-SSN student identification numbers. With the redesigned system, the university began issuing randomly generated student identification numbers to all new students registering for the fall 2003 semester. Students enrolled before fall 2003 were issued a non-SSN student identifier system starting with the spring 2006 semester.

Comply with State Regulations

Many states have enacted laws that place certain restrictions on universities’ use of SSNs.

  • Arkansas has a law that makes it a crime for an individual without consent, to obtain or record identifying information of another person that would assist in accessing the financial resources of that person. The law includes SSNs in its definition of “identifying information.” (A.C.A. § 5-37-227).
  • Arizona passed legislation that prohibits those universities under the jurisdiction of the Arizona Board of Regents from assigning an identification number to faculty, staff, or students at a university that is identical to the individual’s SSN. The law also prohibits the display of the SSN (or any four or more consecutive numbers of the SSN) on any Internet site maintained by the university or other publicly accessible document. Arizona also passed legislation that prohibits certain disclosures of SSNs to the public and the printing of SSNs on any card required for the individual to receive products or services. The law also establishes technical protection requirements for the on-line transmission of SSNs. In addition, the law prohibits, in certain circumstances, the printing of SSNs on mailed materials to residents of Arizona unless required by State or Federal law.
  • California passed legislation that prohibits
    1. publicly posting or displaying an SSN;
    2. printing an SSN on any card required to access products or services;
    3. requiring that an individual transmit his or her SSN over the Internet unless the connection is secure or the SSN is encrypted;
    4. requiring that an individual use his or her SSN to access an Internet website, unless a password or unique personal identification number or other authentication device is also required; and
    5. printing an SSN on any item mailed to an individual unless State or Federal law requires that the SSN be on the mailed document.
  • Connecticut passed legislation that prohibits an entity that purchases a housing project from disclosing to the public the tenants’ SSNs from the tenants’ lease agreements. Additionally, this legislation prohibits housing authorities from disclosing the SSNs of tenants to anyone except a purchaser of a housing project without the tenant’s permission.
  • Illinois passed legislation that directs a task force to “…examine the procedures used by the State to protect an individual against the unauthorized disclosure of his or her social security number when the State requires the individual to provide his or her social security number to an officer or agency of the State.”
  • Indiana passed legislation that prohibits State agencies from compelling an individual to provide their SSN to a State agency against the individual’s will, absent Federal requirements to the contrary. Any forms that request the SSN must state the reason the SSN is requested and notification either that the State is required by Federal law to obtain the SSN and the form cannot be processed without it or that the individual has the right to refuse to provide the SSN and will not be penalized for doing so. In addition, an individual may request that his or her SSN be removed from a State agency’s record and the State agency must substitute a new identification number to be used by the individual.
  • Kansas passed legislation that prohibits post-secondary educational institutions from printing or encoding a person’s SSN on or into the person’s identification card. In addition, any distinguishing identifier assigned to a person shall be unique to that person and shall not be based on the person’s SSN.
  • Louisiana has a law that prohibits the use of SSNs as personal identifiers for school employees. ( La. R.S. 17:440).
  • Michigan passed legislation that includes a provision prohibiting the use of “…all or more than 4 sequential digits of the social security number as the primary account number…” for an employee, student or other individual.
  • Minnesota passed legislation that requires that an individual asked to provide private or confidential data be informed of the purpose and intended use of the requested data within the State agency, whether the individual may refuse to provide the requested information, any known consequences for not providing the requested information, and the identity of those authorized by State or Federal law to receive the information. State agencies cannot collect, store, use, or disseminate private or confidential data of an individual for any other purpose than those stated to the individual at the time of collection. This act identifies the SSN and educational data as private.
  • Missouri passed legislation that prohibits any person or entity from publicly displaying a person’s SSN and from requiring that a person send their SSN over the Internet without appropriate encryption or other security measures.
  • New Hampshire passed legislation that increased the penalty for identity fraud.
  • New Mexico has legislation pending that increases the penalty for identity theft for “…willfully obtaining, recording or transferring personal identifying information of another person without the authorization or consent of that person and with the intent to defraud that person or another.” (2005 Bill Text NM S.B. 260).
  • New York has enacted a law that regulates universities’ SSN use. The New York State Education Law 5 prohibits the display of a student’s SSN on “…public listing[s] of grades, on class rosters or other lists provided to teachers, student identification cards, [and] in student directories or similar listings…unless specifically authorized or required by law....”
  • Oklahoma has a law that makes it a crime “…for any person to willfully and with fraudulent intent obtain the name, address, social security number, date of birth…or any other personal identifying information of another person living or dead, with intent to use, sell, or allow any other person to use or sell such personal information to obtain or attempt to obtain money, credit, goods, property, or service in the name of the other person without the consent of that person.” ( 21 Okla. St. § 15331.1).
  • Texas has a law that prohibits the printing of “…an individual’s social security number on a card or other device required to access a product or service…unless the individual has requested in writing such printing.” The law does not apply to “...the collection, use, or release of a social security number that is required by state or federal law…or the use of a social security number for internal verification or administrative purposes.” ( Tex. Bus. & Com. Code § 35.58).
  • Vermont passed legislation that makes it a crime to obtain, produce, possess, use, sell, give, or transfer personal identifying information (including SSNs) belonging or pertaining to another person with intent to use the information to commit a misdemeanor or a felony. Additionally, this legislation requires that a study be completed related to the use of SSNs by both public and private entities and that proposals be developed to reduce such use wherever possible and protect privacy and security when the numbers must be used.
  • Washington requires that institutions of higher education use personal identifiers that are not SSNs.
  • Wisconsin passed legislation that prohibits an institution of higher education from assigning any student an “identification number that is identical to or incorporates the student’s Social Security number.” The act defines an institution of higher education as either a State or private educational institution located in Wisconsin that awards a bachelor’s or higher degree or provides programs that are acceptable toward such a degree.

Establish Staff Responsibility

Universities have taken the very progressive action of creating a Chief Privacy Officer position for oversight of all issues involving record security, including protection of SSNs maintained in institutional files.

Universities require all staff members to complete online FERPA training prior to receiving access to any of or student information systems and report they must renew their training yearly.

Universities require faculty to review FERPA at semester in-service sessions and the information is also available in faculty/advisor handbooks.

Inform Students

Universities give students the option of using another number as a personal identifier.

Universities address privacy of student records via FERPA, through discussion in university catalogs, handbooks, or on websites. Publications such as “A Student’s Right to Know,” are shared with students.

Universities include statements on the admission application regarding the state’s Public Information Act.

Universities include information on the website explaining the new student identification numbering system, where applicable.

One university indicates on the admissions application that provision is voluntary and also removes the SSN from their database upon request, after consultation with the student to explain what services will be impacted.

There are articles in student publications outlining concerns and possible solutions to identity theft. One university cited an article entitled Old ID Cards hold SSN, new card effective mid – March. This is just one example of a university taking action and informing students, faculty and staff about their new student identifier system.

Removal of Social Security Numbers

One university instituted the removal of social security numbers on student documents including class schedules, transcripts, etc., and the inclusion of information about FERPA and confidentiality in their Catalog and Student Handbook. They also plan to post information on their web site and send an email to our students with this information, and include information about how to avoid identity theft.

Another university performed a Student ID conversion process last summer which was targeted to protect their student's privacy by replacing the SSN with a generic ID number for routine identification. The SSN is requested from students as a secure part of their Admissions application and stored for use to eliminate duplicate IDs for that student plus to identify the student positively for Financial Aid and other Government reporting processes that require the use of the SSN. All standard reports of student information have been redesigned so the SSN is not included and faculty and staff have been presented with information stressing the importance of protecting the privacy of student information including the SSN.

News Article: Temple University Eliminates Social Security Numbers as Primary ID Method

Updating the Computer System

In recent years a university has masked the first five digits of the SSN to all but a few users of their system. The few people that see the full SSN are those who have a legitimate need (for example those who need to review potential data entry errors for 1098-T submission to the federal government).

Another university has masked the entire SSN in the student information system for most of their users. Only users with a legitimate need to know can see the SSN. Also, their information technology department has implemented a policy that SSNs can only be stored in central administrative systems. Departments are not allowed to store SSN in a separate electronic files or database systems.

In recent years a university has masked the first five digits of the SSN to all but a few users of their system. The few people that see the full SSN are those who have a legitimate need (for example those who need to review potential data entry errors for 1098-T submission to the federal government).

Use Employee Disclosure Statement

Universities took action to decrease the risk of improper SSN disclosure by staff and employees. These universities required that personnel handling documents containing confidential information sign a disclosure statement. Some of the documents we reviewed contained references to the Family Educational Rights and Privacy Act and the fact that the handler of such documents may be subject to criminal prosecution and civil penalties, as well as disciplinary action by their employer, if they improperly disclose confidential information.

Using an Alternate Identification

One university has been using an identification number that was different than the social security number since their system was converted to electronic format, sometime in the late 60s or early 70s, pioneering the efforts in not using SSN as the primary student identifier.

Universities report using a randomly generated student identification number.

One university collects the SSN up front, but from that point forward assigns the student an alternate number. This alternate number is the number that shows on any student information. The student uses this number to access their online account and there is no need to use the social security number. This same process is used across campus in the Human Resources office for employees, housing, alumni, etc. For continuing education courses, a social security number is not required up front.