The University of Mississippi recently joined the ranks of several universities that have inadvertently leaked students’ information, such as names and Social Security numbers. Mississippi State University is working to avoid a similar occurrence.
Jeffrey Alford, the vice chancellor of university relations and communications at Ole Miss, received a call last week notifying him of an information leak on the Ole Miss Web site.
“I received a call early Wednesday morning from a reporter from MSNBC,” Alford said.
A university staff member had backed up information listing about 700 names and Social Security numbers of sorority and fraternity members in August 2003. The employee did not erase the file when he finished working with it, which was a mistake, Alford said.
“The person who backed up this information had legitimate access to it,” Alford said. “He had no malicious intent.”
There are federal policies that govern the use of student information, such as the Federal Education Rights and Privacy Act, which set laws relating to student privacy. One component of this act states that student Social Security numbers may not be disclosed publicly. However, the act does allow for the information to be used in the course of internal university business, said Mike Rackley, head of MSU’s Information Technology Services.
Ole Miss had been unaware of the display of information. Alford was surprised to hear about it, but responded soon after the phone call.
“We were very upset and shut down the site within minutes,” he said.
UM has policies in place to prevent this from happening again. The university now uses ID numbers that are not related to students’ Social Security numbers.
Ole Miss also discovered a number of cases where students had posted their own Social Security numbers in the course of completing class projects or rsums. Ole Miss staff members contacted the students, notified them of the information display and encouraged them to remove it, Alford said.
MSU has also moved away from using Social Security numbers as a way to identify students, because these information leaks have happened at several universities throughout the country, Dean of Students Mike White said.
“It could happen at any university,” White said.
The university now uses Net IDs, which consist of a student’s initials followed by a number, in an effort to remove the threat of identity theft. Even though the Social Security number is encoded into the magnetic strip on university ID cards, the information is protected and not readily displayed during transactions, Rackley said.
All someone needs is a name and a Social Security number to do damage. It’s a scenario all too familiar for Alford.
“About ten years ago, I was the victim of identity theft,” he said.
Someone opened charge and credit accounts in his name. He even found out about a charge account that had been opened in a department store in Detroit. It took two years to clear up the mess caused by the incident, Alford said.
The Internet has made identity theft easier, Rackley said.
“It’s ultimately up to people to use good judgment,” he added.
All the policies in the world will not prevent human error, like in the Ole Miss case, though. University employees must follow all policies for the total protection of this information, Rackley said.
“The university has a responsibility to do all we can not to release any identifying relation to a student that would cause harm to a student,” White said.