Skip to main content
Archive (2006-2007)

BYU alters systems to safeguard student identities

By Jordan Burke

With a student body the size of a small city, are students really immune to data breaches while enrolled, especially regarding their all-important Social Security number?

To understand the issue, jump back a few years to 2000. At the time, BYU would openly print student Social Security numbers on every test form and result issued from the on-campus Testing Center. After The Daily Universe ran an in-depth report on types of fraud that can occur with that information, the university stopped its practice by replacing the Social Security number with the BYU Net ID.

Since then the university has installed other safeguards to protect student information and identities.

Up until 2002, BYU referred to each student by his or her Social Security number. That nine-digit number provided a simple way of uniquely identifying each former, current and prospective student.

In lieu of a proprietary system, the university relied on the U.S. Government''s numbering method. Most finance companies, including banks and credit card providers, also followed the same method.

Now, BYU refers to students with a proprietary nine-digit student identification number. The process was phased in during 2002 and 2003. Yet just changing numbers isn''t enough to thwart identity theft.

The university doesn''t require students to produce their Social Security numbers except for those seeking financial aid and employment. Some department do use the number for convenience, said Dennis Heggem, assistant director of student financial services. When students call his department, they can use their Social Security number, along with their Net ID or BYU ID, to access their personal records. Roughly 130 employees in his department have access to the system storing the Social Security number in order to process tax forms.

To help secure the system, Heggen said all computer session are logged where records are kept of what information employees access and when.