By Anupama Reddy
Daily Staff Reporter
The investigation of the alleged fraudulent use of an alum's social security number may further fuel the University's recent decision to eliminate the use of the numbers for student identification.
Associate Vice President for University Relations Lisa Baker said yesterday that the University has already planned to stop using a student's social security number for identification purposes.
"The University did recently make the decision to discontinue them for identification purposes," Baker said. "Steps have been taken for this process, and it'll take a few years."
On Wednesday, Stacy Latocha, who graduated from the University in August, said she was notified by the Department of Public Safety that her social security number and other personal information were obtained by a former student employee of the Office of the Registrar and used to apply for an Ameritech calling card.
Officials from the Department of Public Safety and the FBI confirmed they knew of an ongoing investigation into the matter but would not comment on its details Wednesday.
Baker said in a statement yesterday that the University could not "comment on the specifics of the investigation because it is ongoing," but that the University believed the incident was isolated.
Baker said the University has a three-tiered security system in the Office of the Registrar, which includes a password-protected user ID and secure ID card.
Baker said the password for the user ID is changed every month, and the secure ID card is changed every minute, which goes beyond the requirements of the Family, Education, Rights, and Privacy Act.
Ann Arbor lawyer Joan Lowenstein said yesterday that FERPA does not specify any requirements, but the act does mandate that institutions must provide adequate security for confidential records.
"FERPA doesn't really say what it is you have do," said Lowenstein, a former communication lecturer. "You have to keep the confidentiality. It's up to the institution to decide how the security is done.
"I'm not saying the University is negligent in all of this," Lowenstein said. "Their obligation is to maintain the security in all this."
Baker said the University does not conduct background checks on part-time student employees.
"It's never been something that's been done for whatever reason," Baker said. "I don't necessarily think it's FERPA - it hasn't been done."
Baker said there may be instances in which a student has access to the records of other students, but the access is limited. It occurs only after the student has been trained, and then only with supervision.
Sara Snyder, spokesperson for Ameritech Headquarters for Michigan, said that if a calling card is illegally obtained and used, the company would find out in the billing process and handle the matter immediately.
"We have security departments who work with the customers and appropriate law enforcement agencies to get to the bottom of the issue," Snyder said.
Snyder said she is not aware of Latocha's specific case.