Skip to content

Social Security Numbers on campus cards: Many programs are eliminating them to curb identity theft

With identity theft becoming an increasingly common and well-publicized crime, more and more campuses are opting to remove the Social Security Number (SSN) from the student ID card. A great deal of controversy has long surrounded the use of the nine-digit number for uses other than its original intent, the identification of an individual’s account within the Social Security Administration.

But this controversy came only after the number became the de facto identifier for a myriad of uses–from other government agency ID to local video rental accounts. During this process, many campuses began to utilize the SSN as the student ID number in the administrative systems and on the student ID cards.

Though many dissenting opinions can be heard at conferences and in publications, it seems that there is no federal law prohibiting the use of the SSN for any of these purposes. In fact, federal law states that, “it shall be unlawful for any Federal, State, or local government agency to deny any individual any right, benefit, or privilege provided by law because of such individual’s refusal to disclose his Social Security account number.”

This suggests that it is not unlawful to use the number but it would be unlawful to deny service to individual refusing to provide the number. Campuses, it would seem, can legally utilize the SSN but should be prepared to offer an alternative should a student object.

But are there other regulations that would prevent the SSN’s use? Many point to FERPA, the Family Educational Rights and Privacy Act also known as the Buckley Amendment, as the restricting document. According to the Department of Education’s Family Policy Compliance Office, the agency charged with oversight of FERPA, “the use of the SSN as the ID number would not violate FERPA because the student has the option of whether or not to use the card for nonessential university business.”

It seems that there is no legal reason to eliminate the Social Security Number from use as the student identifier or on the student ID card under federal law. But that may be changing. Last month, Senator Diane Feinstien of California and Judd Gregg of New Hampshire introduced a bill called the Social Security Number Misuse Prevention Act. If it passes into law it would outlaw the use of SSNs from many government applications. It is not known how these restrictions might impact colleges and universities.

While there is no federal mandate against SSN use by campus card programs, there are some state restrictions. At a FERPA review conference sponsored by the National Center for Higher Education in 1999, it was reported that already more than 15 states had provisions restricting the use of SSNs. Others have followed.

Just this year, a law went into effect in California that—among other privacy protections—made it illegal for businesses to print SSNs on ID cards. Senator Debra Bowen has introducedanother bill that would extend this restriction from businesses to public agencies and colleges.

Even without legal restrictions, many campus administrators have found reasons to eliminate the SSN. Many others are still coming to this conclusion. Already this year, a number of major institutions have embarked on an effort to reissue cards to the entire cardholder population—each with a primary goal being the elimination the SSN.

On the West Coast, the University of Oregon is replacing all campus cards and is reissuing a new, unique nine-digit number to replace SSN. Each number will begin with 950 a prefix–a prefix that has never been assigned by the Social Security Administration. Students are encouraged to come to the card office to get the new ID while all new students are issued under the new numbering scheme. According to the university’s Project Manager Jim Bohle, “we have designed an orderly process to attempt to reissue the more than 20,000 UO cards beginning with faculty, staff, first-time students, and replacement cards” The remainder of the students can come in any time to request a new card and Mr. Bohle adds that a proactive campaign to encourage all students to get recarded will begin in the Fall. (Read more about the University of Oregon’s recarding effort in the accompanying story.)

When asked the primary motivator behind the change, Mr. Bohle does not hesitate, “certainly the protection of individual privacy and the prevention of identity theft. We want to very sensitive to the privacy and the identity theft issues.”

Similar changes are underway at both Georgia Tech and the University of Florida. The BuzzCard office at Georgia Tech will begin the transition on March 1, 2003. The university’s SCT Banner system will generate the new random 9-digit numbers and assign them to cardholders. The University of Florida is moving to an 8-digit identifier in all campus systems, so the Gator 1 Card office had no choice but to remove the SSN from the card in favor of the new number. According to Dave Looney, Senior Systems Programmer for the University, “we are averaging 2000 cards per day and expect to be complete with the reissuance by April 1, 2003.”

So the question remains somewhat unanswered. If you use the SSN on your campus ID card should you remove it? That is a question not for CR80News or for your card office to answer, but rather for your registrar, admissions office, and university attorneys. It seems clear that with the rising problem of identity theft and the increasing pace of legislation aimed at its prevention, it is likely not a question of “if” but “when.” And even without legal pressure, it seems that many schools like Oregon, Georgia Tech, and Florida will conclude that a proactive approach is the right approach to serve our students and protect our faculty and staff.

Recent posts you might like

EVENTS AND WEBINARS

Receive the latest news

Subscribe to our weekly newsletter

The latest campus ID and security insight sent directly to your inbox.
Receive the latest news

Subscribe to our weekly newsletter

The latest campus ID and security insight sent directly to your inbox.