Some of you have raised concerns about the use of the Social Security
Number (SSN) in online systems at MSU. As you might expect, I've had
numerous conversations over the past several days with Dave Gift and
others around this topic.
We agree that the SSN should be protected and used as an identifier in as
few instances as possible. In fact, MSU has been actively moving away
from using the SSN as an identifier for the past decade. For example:
- In the mid-1990s, MSU began issuing ID cards with Personal Identifiers
(ZPIDs) to faculty and staff.
- In 1998, Libraries, Computing & Technology (LCT) made a commitment to
minimize use of the SSN and, since that time, new systems built by LCT
units have avoided using the SSN as an external identifier.
- Since 1998, as existing systems have been modified or replaced, LCT units
have looked for opportunities to reduce usage of the SSN on forms, web
pages, reports, and similar paper or electronic transactions.
Despite these efforts, which have greatly reduced the instances where the
SSN is the primary external identifier, the SSN is buried deeply in the
fabric of many of MSU's computing systems and eradicating its use remains
a multi-year effort. Think about it - the SSN was the employee ID just a
few years ago.
My apologies if this sounds overly defensive. I deeply regret the incident
that led to the current situation. (Realize that my personal information
was on the Magic system, too!) I appreciate all the ideas that have been
batted around on this thread thus far; we clearly have much work yet to do.
I anticipate that we will continue to make good progress on this issue in
the months and years ahead.
Tom Davis, Director
Academic Computing and Network Services