You may have seen the news stories: hackers have attacked computer systems at universities all over the country, compromising the personal data, such as names and Social Security Numbers, of thousands of students, staff, faculty, and applicants within the past two years. For decades, the Social Security Number (SSN) has been used as an identification number for individuals associated with many major schools and universities across the country, including people in the University of Maryland community. However, in the days of prevalent cyber crime, the university is actively restricting the use of SSNs.

In May 2005, President Mote approved the “Policy on the Collection, Use and Protection of ID Numbers,” developed by the university’s Registrar and the Data Policy Advisory Committee, chaired by Barbara Hope, OIT Director of Data Administration. The policy has the ultimate goals of converting university systems to using alternative identifiers and protecting the privacy of individuals. In all cases except those required by law, the university will replace current student, faculty, and employee Social Security information with alternative “person identifiers.” You have two main “person identifiers” that will be used at the university.

Your University ID (U ID) Number is a random, nine-digit number that is never reused, and will stay with you for life. This U ID Number is the main identifier used for university record keeping and links your database records.

Your Directory ID is an alphanumeric ID usually related to your name, which is used in combination with a password to log into university systems like Electronic Timesheets and Mail@umd.

These changes are a part of a multi-year effort to protect members of the university community’s personal information. For example, the university is now printing U ID Numbers on identification cards rather than SSNs, performing ongoing security assessments of systems with sensitive information, and eliminating methods of accessing sensitive information that are not encrypted. Another move away from using SSNs was the change to the university’s Common Login page, which is used to log in to many university computer systems like University of Maryland Electronic Grades (UMEG), Financial Records System Web site (FRS Web), and Payroll and Human Resources (PHR). The UMID (SSN) and PIN login option was removed on September 21 to improve personal security. You must use either your Directory ID or U ID Number and Directory password to log into systems that use the Common Login page.

The university will still be required to obtain and store your SSN because it is used for such purposes as generating tax forms and complying with state and federal reporting requirements. However, this information will be used in limited cases and in more secure, behind-the-scenes environments.

All faculty, staff, and administrators play a role in protecting sensitive data. Using U ID Numbers in lieu of SSNs in local databases and files, shielding databases from intrusion, and storing paper forms containing sensitive data in a secure manner are steps everyone can take to defend fellow university community members’ privacy. You can review the new policy and get more information about person identifiers at www.oit.umd.edu/dataadmin/personalidentification/faq.html.