Temple University eliminates Social Security numbers as primary ID method

Computerworld - College and university systems can be prime targets for identity thieves and hackers  think open computing environments in which students freely download files, interact on social networking sites and use peer-to-peer applications.

To reduce the risk of personal data being exposed, Temple University in Philadelphia launched an initiative three years ago to eliminate the use of Social Security numbers as a primary means of identifying students and staff.

People arent expecting to see their Social Security numbers anywhere today, says Barbara Dolhansky, associate vice president of computer systems at the university.

But in a sprawling environment such as Temples, identifying every point at which that information was being collected and stored was no easy task.

The public research university has 17 schools and colleges spread over four city campuses and several suburban campuses and education centers. It also includes the Temple University Health System, international campuses in Tokyo and Rome, and programs in other overseas locales.

Over a million records in Temples mainframe had to be converted to new unique identifying numbers, called TUids. On top of that, dozens of ancillary systems and hundreds of programs, forms and interfaces had to be modified.

Although it required thousands of hours of systems conversion work and testing, the 18-month effort had more to do with changing business processes than with technology, Dolhansky notes. Close collaboration between IT and business unit leaders and a high-profile campaign to educate students and staffers on data security were key to the projects success, she says.



Heres a look at Temples ID conversion plan.

Step 1: Set Policy
The projects steering committee first had to nail down policies on the proper use of Social Security numbers. Although the committee was led by IT, the majority of its members were heads of the departments that would be most affected by the change, Dolhansky notes.

At the time, there was a lot in the media about identity theft, so no one was resistant, says Nancy Hinchcliff, Temples assistant vice president of human resources payroll management.

The committee determined which departments could or couldnt ask for Social Security numbers and developed a process for handling the numbers in cases where they would still be required, such as for student financial aid, employee benefits and tax purposes.

Departments had to come forward and explain whether they needed to collect and store Social Security numbers  and explain why, Dolhansky says. We had to make sure that information was being handled consistently universitywide.