WHEN SOMEONE hacks into a computer database, the initial questions are usually the same as with any other kind of theft: What was stolen? How did it happen? What are the thieves planning to do with what they got? But this new kind of robbery also raises a new kind of question: Why was the institution keeping the data in the first place?
This week, UCLA revealed that a hacker may have gained access to the records of about 800,000 students, faculty, alumni and staff. University officials are addressing the initial questions as well as they can. The bigger question is why UCLA -- and many other businesses and agencies -- need everyone's Social Security numbers, the golden key to identity theft. The answer is that they don't, at least not in their databases.
The UC system is in the midst of a two-year effort to move from Social Security numbers to student identification codes in its computer records. But UCLA still puts the Social Security numbers of new students into its computer system, a practice it is now reevaluating.
Social Security numbers are commonly required for employment, bank and credit checks and by some government agencies. But they're also routinely requested by doctors, schools, phone companies, even health clubs. Consumers too readily assume they have to provide the information instead of asking why it's needed.