(With apologies to Eric Meyer.)
At Case (as with most Universities), many of our information systems are migrating away from using SSNs (internally or otherwise) to uniquely identify individuals. This is a good thing, most certainly.
Plan for transitioning to using the EmployeeID/StudentID (emplid) as the primary identifier.
I would actually recommend against that. Not everyone associated with the University has an EmployeeID/StudentID (only employees – i.e. faculty and staff – and students have them). That doesn't include:
- Adjunct Faculty
- Contractors, consultants, some temporary workers
- UHHS individuals
- CIA faculty, staff, and students
- CIM faculty, staff, and students
- Possibly some other groups I am forgetting
Instead of using the EmployeeID/StudentID as the unique permanent identifier, I would recommend using email addresses i.e. firstname.lastname@example.org. Everyone associated with the University has an email address that can be used to uniquely and permanently identify them. (I would not recommend using the email@example.com format as the unique identifier because when name changes occur (marriage, maybe other reasons, too), those email addresses do change while the firstname.lastname@example.org format does not.)
Email addresses (a.k.a. usernames) are much better for uniquely and permanently identifying individuals than EmployeeID/StudentID.
In addition, using email addresses gives another benefit. If you need to key some information on me, for example, and you ask me what my EmployeeID is… well… I have no idea what it is. It's just another number that I guess I was supposed to memorize, but I have enough numbers (Bank PINs, SSN, Account #'s, phone numbers, etc.) to memorize. Ask me for my email address, yea, I can tell you that. So, in addition to being unique and permanent and universal (which EmployeeID/StudentID is not), it's easier for people to communicate and remember.
A couple of people I've told this to have retorted that email addresses were not appropriate because they are publicly known. That is, they were wanting to use EmployeeID/StudentID in a "shared secret" or secure fashion. That's not appropriate as the EmployeeID/StudentID is not a random number (it's an auto-increment deal in a database table). As such, it is guessable. In situations where you need to securely identify a person, I would recommend using the tried-and-true method of having them enter their credentials. If it's a face-to-face meeting, use the Case Card. If it is an over-the-phone, IM, or email centered process, I would recommend changing the process to a web-based one where persons' credentials can be used.