Concerns over student data security and identity theft were raised at the University of Southern Mississippi following a Feb. 15 writeup in the university's student publication, Student Printz. The story highlighted a policy at USM that enables individuals to acquire a student ID card by providing only their student ID number and basic information, rather than requiring a secondary form of identification at the time of issuance.
According to the Student Printz report, the ID issuance process has been a longstanding policy at the university. In response to the article, USM’s associate director of procurement and contract services stated that work was underway with university administration and the university police department to develop a new policy that would require students to provide state-issued IDs before being issued a USM student ID.
In addition to the ID policy, the story also alluded to a larger concern over identity theft and student data protection. In response to the story, USM officials have penned a letter to the editors to clarify the facts of the old ID policy and provide information regarding the new policy going forward.
University officials stated first that the potential fraudulent acquisition of a university photo ID should not be confused with the protection of individual student data and records, which are protected by the university’s information security measures.
The letter does acknowledge that a first-time student’s ID card could potentially be claimed by another individual, should that individual provide basic details of the student’s information. The functionality of a wrongfully issued card, as the letter goes on to clarify, would be disabled once the legitimate student claims the ID.
To correct the loophole, USM's Photo Services developed an internal procedure in late January that now requires photo identification at the time of new issuance of USM ID cards. The revised procedure implemented by Photo Services is as follows:
USM Photo Services also states that current USM ID cards have not been compromised, nor has there been any evidence of ID fraud as a result of the old process.