Nashville’s public school district will no longer identify students by their Social Security numbers, officials say. Instead, starting this school year, kids will be identified in data systems by randomly assigned numbers.
On the surface, the move seems to be a response to a well-reported data breach that occurred earlier this year, but Lance Lott, the current technology chief for Metro Nashville Public Schools, said this transition was initiated before the breach that compromised the personal information of more than 18,000 Metro students.
Lott explained that it simply took a long time to make the switch from Social Security number identifiers, which have been used for years.
“It was a big project to undo it, and that’s why it has been a long time unfolding,” Lott said. “Student Social Security numbers have to be stored in the central database. But it will not be the way we tag kids. It won’t be the way we identify them as we move data back and forth between systems.”
School systems across the country are making the shift away from Social Security number identifiers for students, Lott said. MNPS has hired a private contractor to complete work on the project, at a fee Lott said was “not significant” when compared to regular district technology costs.
The data breach discovered in late March occurred when Public Consulting Group, a contractor with the Tennessee Department of Education, made an error when transferring a database of information corresponding to all Metro students.
For more than 18,000 Metro students, personal identifying information was released. Contact information — including phone numbers and house and email addresses — was released for about 6,00 Metro parents.
The file with the information — which was available for accessing through Google searches for three months — was accessed only four times, and there are still no indications that anyone tried to deliberately access the data, officials have said.
PCG provided for affected families free access to identity theft and online credit monitoring, in addition to a $2 million insurance policy protecting enrollees from certain identity theft-related losses.