The University Record, June 25, 1996

Use of Social Security #s by U databases to be phased out by 2002

In a recent memo to more than 190 U-M deans, directors and department chairs, J. Bernard Machen, provost and executive vice president for academic affairs; Farris W. Womack, executive vice president and chief financial officer; and Homer A. Neal, vice president for research, announced plans to discontinue use of Social Security numbers (SSNs) as common identifiers in U-M information databases. The executive officers called the plans "a step in the direction of greater protection of individual rights to privacy and responsible management of information."

Many of the major systems at U-M are keyed to the use of SSNs as common identifiers. Approximately one year ago, following recommendations from a campus committee and the Information Technology Policy Committee, the Executive Computing Committee (ECC) approved a policy to discontinue this use of SSNs. Since attempting to convert these systems in a short period of time would be extremely disruptive and costly, the ECC recommended that systems move toward the use of unique numeric identifiers over a four- to six-year period. The extended period allows the change to take place not only by the design and purchase of new systems but also by the natural process of upgrading existing systems. The move is expected to be complete by 2002.

A limited number of employment and other business transactions require SSNs primarily for tax and reporting purposes. But because SSNs are tied to financial and credit information, extensive use of the numbers---particularly their visual display---may pose a risk to individual privacy. The U-M seeks to minimize that risk by:

 

Using SSNs as identifiers only when required by law or business necessity.

 

Eliminating visual display of SSNs.

 

Using SSNs as data elements only, not as database keys.

Virginia Rezmierski, assistant to the vice provost for information technology and chair of the campus committee that drafted the policy, calls it "a tremendous win for U-M. We have taken a stand to protect the privacy rights of individuals in the University community and have done so even in the face of years of momentum in another direction."

Initiatives are already under way to move most of the major administrative systems to the use of a unique number as the primary database key. Implementing PeopleSoft software for most of the major systems currently on the Data Systems Center administrative mainframe will facilitate the transition. PeopleSoft uses a unique number instead of an SSN as the primary key to the database but still provides the SSN where necessary.

All system and data administrators are encouraged to work with the Information Technology Division to plan the change in their systems and to think of ways they can change operational procedures to meet the intent of this policy. These might include using names or secondary information other than the SSN for identification, avoiding display of or requests for SSNs unnecessarily and seeking other ways to protect the privacy of personal information.

For questions about moving to new or modified systems, call Amy Brooks, systems development coordinator at 647-3167, or send e-mail to akbrooks@umich.edu. The policy itself, number 601.14, will soon be available in the Standard Practice Guide ONLINE on the WorldWide Web at http://www.umich.edu/~spgonlin/. For specific questions about the policy, call Virginia Rezmierski at 647-4274 or send e-mail to ver@umich.edu.