The University has made a good start, but Social Security numbers must be taken out of circulation on campus.

Bank of America announced last week it had lost data tapes containing the personal information of 1.2 million federal employees, including some U.S. senators. Names, addresses and Social Security numbers were among the data lost.

This announcement came on the heels of the revelation of a security breach at ChoicePoint, an information brokerage company that gathers personal data and sells it to companies to facilitate verification of identities and credit. The breach put at least 145,000 people at risk of identity theft.

At Virginia’s George Mason University, hackers breached a server containing the Social Security numbers of more than 30,000 students, faculty and employees. Virginia now has a state law requiring Universities to discontinue use of Social Security numbers for student identification.

These incidents underscore the vital importance of protecting students from identity theft by taking their Social Security numbers out of circulation on this campus. The University made a good start by discontinuing the use of Social Security numbers in class rosters and in reporting grades, and also by agreeing to provide students with new student ID cards, free of charge, that don’t bear the Social Security number.

Unfortunately, the efficacy of these measures is undermined by some of the University’s common practices. Some instructors still require students in large lectures to write their names and student ID numbers on tests and quizzes, perpetuating the risk of identity theft. This must stop.

ChoicePoint’s response to the security breach is a strong argument for Congressional regulation of such businesses. California is currently the only state with a law requiring disclosure of security breaches to people whose identities are put at risk of theft. Initially, ChoicePoint insisted the breach affected only California residents, but when it was revealed that the information of more than 110,000 people nationwide had been compromised, ChoicePoint then refused to notify anyone outside of California, since the law did not require it.

When 38 attorneys general, including Illinois Attorney General Lisa Madigan, strongly registered their objections, ChoicePoint sent out notifications to 145,000 people nationwide. Law enforcement officials estimate as many as 500,000 people may be affected by the breach, and say 750 cases of identity theft have resulted from it. The Illinois General Assembly is now considering a disclosure law like California’s, and the Senate Judiciary Committee is ramping up hearings to investigate the safety of personal information.

In the meantime, we must all be more vigilant about protecting our personal information, and insist that organizations that gather and control it – such as this University – are taking every conceivable precaution to avoid disaster.