2007 Campus Technology Innovators: Protecting Personal Data

• 08/01/07

TECHNOLOGY AREA: PROTECTING PERSONAL DATA
Innovator: Louisiana State University

By offering free credit monitoring through Equifax, LSU hopes to inoculate its campus community against the ravages of identity theft

Like most of us, CIO Brian Voss and his colleagues at Louisiana State University have become more and more concerned as they've heard the growing reports of data breaches suffered on college and university campuses. Thousands of individuals have had their personal information placed at risk in the course of campus breaches. These incidents have contributed to the growing problem of identity theft, which of course can have a severe impact on an individual's credit and life. The affected universities not only bear the costs of notifying individuals whose data may have been exposed (a process that sometimes runs in the tens or hundreds of thousands of dollars), but they also suffer from the resulting negative publicity, which threatens their administrative stability and can even cause problems for development efforts such as capital campaigns.

After watching other institutions struggle with the aftermath of data breaches, Voss and several IT leaders at LSU decided it was time to "inoculate" their campus community members and try to shift the focus away from reacting to breaches, toward a proactive approach to guarding community members from the effects of a breach.

Addressing data security up front. In the fall of 2006, LSU began offering free credit monitoring to its faculty, staff, and students. Voss and his team worked with Equifax to develop a program to provide Equifax credit-monitoring coverage campuswide, much like a campus software licensing agreement. LSU students, faculty, and staff now have the option to enroll in a customized version of Equifax credit monitoring for LSU community members, which provides daily alerts on key changes to Equifax credit files, and up to $2,500 in identity fraud expense coverage (with a $250 deductible).

To ensure that the service is only delivered to members of the LSU community, students, faculty, and staff are authenticated via an existing tool called PAWS (personal access web services), that is built into the campus portal. Once authenticated, users are connected to a customized interface at the Equifax website and given a choice of enrollment options. Additional identity verification by Equifax is required before users are actually enrolled in the service, but the overall process has been dramatically streamlined by authenticating through the campus portal.

The service lasts 12 months from the time of enrollment, if sign-up takes place within the year-long timeframe of the current LSU-Equifax contract. But based upon the initial success of the free credit-monitoring program (more than 4,000 students, faculty, and staff members have signed up so far), the university anticipates continuing and/or enhancing the service over the next year, and will continue to do so as long as the need exists.

Education is key. Voss admits that more education is necessary to grow interest in the program. Many of LSU's 18- to 20- year-old students do not have credit files yet; others do, but don't realize it. The university is trying to overcome the sense of "it can't happen to me." One campaign called "Don't Be a Tad" chronicles how a fictional character, Tad Ramey, loses his identity through a phishing scam and stolen laptop.

While the problem of identity/credit fraud due to data breaches continues to grow—with no solution visible on the horizon—national laws and other approaches may yet arise in the near future. So, says Voss, other solutions could emerge to make LSU's coverage unnecessary. But in the meantime, the university will continue to inoculate its population against the ravages of identity theft.