The University is not living up to its responsibility to protect students from identity theft. Many professors still require students to put their names and Social Security numbers on exam forms and sign-in sheets, which invites disaster.
A list of names and corresponding Social Security numbers is a potential gold mine for an enterprising criminal. With your name and Social Security number, someone can gain access to vital information such as your birth certificate. A person could apply for credit under your name, file a fraudulent tax return under your name or even file for bankruptcy under your name. If arrested, the identity thief could furnish your information to the police - which could result in a warrant being issued for your arrest.
Identity theft is a hellish waking nightmare, and it takes years to resolve. Leaving us at risk is indefensible.
Last spring, the University announced it would no longer print Social Security numbers on student identification cards. Students whose IDs had already been issued with Social Security numbers printed on them can obtain a replacement, free of charge, that does not bear the number.
It was the right thing to do, but it was only a superficial change. The underlying system still uses the Social Security number to identify students, and accordingly, students are often asked to provide their Social Security numbers.
Students, in addition to being left at risk by the University, are given the burden of mitigating it. The University will replace the Social Security number with a randomly generated number, but only if the student requests this.
Meanwhile, many professors, especially those teaching large classes, still require students to put their names and student ID numbers (most of which are Social Security numbers) on Scantron exam forms. To gain access to some student services, students must recite their student ID number aloud. Some computer labs on campus create accounts for students in which the default password is the last four digits of the Social Security number, something the Federal Trade Commission specifically cautions against in its advice on how to avoid identity theft.
After last year's announcement regarding student IDs, the University assumed its familiar foot-dragging posture when pressed to change the system. The technical support contract on the current system doesn't expire until 2009, and University officials gave this as a reason to wait. It will take time and cost money to switch the system over. It will require the reorganization of tens of thousands of records.
Such protests pale in comparison to the suffering of identity theft victims. If just one SIU student meets such a fate and is able to show that the University's misuse and mishandling of Social Security numbers facilitated the identity theft, there will be little sympathy for the University's budgetary woes.
The policy switch last spring allowing Social Security numbers to be removed from student IDs makes it clear the University has been aware of the risk for at least a year. And yet the University continues to allow students' names and Social Security numbers to circulate together.
Can this be seen as anything other than negligence?
If the University will not take simple steps to protect students while awaiting a new system, students must fend for themselves. First, all students should request a randomly generated ID number. Students must also pressure professors to stop requiring any portion of the student ID number to be printed on an exam form or sign-in sheet.
Remind them of the risks of identity theft. Ask what steps will be taken to protect the information from misuse. As the FTC points out, the decision to share your information is your own.
