People are missing the point a bit. Most schools HAVE switched over to new numbering systems. Most student ID's have school-specific ID numbers. The problems are: 1) Older student records are indexed by SSN and they must be retained. 2) Some information is still indexed by SSN out of necessity - student financial aid for example That means you have a translation database somewhere, with all those SSNs and the new student index numbers. SSNs are already forbidden going forward at pretty much all school. For example, they can't be used to post grades. However, the need to retain them for backwards compatibility remains. Education institutions need a clear set of guidelines for handling sensitive data like that. A good start would be that such data can only be stored in an encrypted format in a physically secure facility. Yes, that seems obvious, but it doesn't happen. Considering the sort of free wheeling environment prevalent in University networks, you would think they would be a bastion of high security. Sadly, this isn't the case. - Dan On 5/26/05 6:10 AM, "Michael.Dillon@radianz.com" <Michael.Dillon@radianz.com> wrote:
Around about whenever the US Federal Government gets the hint and passes a bill which makes it illegal to use social security numbers for any purpose other than the administration of social security.
Wrong answer. Federal laws do not stop people from doing stupid things and they do not stop people from doing illegal things.
What we need is a Hollywood blockbuster in which some highschool hackers wreak havoc by aquiring SSNs from gradesheets and using mother's maiden names to steal lots of money and identities. Then, pointy-haired bosses will ask their sysadmins to make sure that it can't happen in their department.
Hollywood movies change people's behavior. Federal laws do not.
--Michael Dillon
-- Daniel Golding Network and Telecommunications Strategies Burton Group