Person Identifiers Data Standard

Intended Audience and Contact Information

Contact	Chief Data Officer, Office of the CIO
UDM Domain	Person
Intended Audience	Internal UBC

Purpose

This standard aims to achieve consistency around common UBC internal and external Person Identifiers that may be collected (external IDs), or generated (internal IDs) for UBC community members, as an affiliation is initiated with the University.

Person Identifiers constitute personal information under British Columbia's Freedom of Information and Protection of Privacy Act, RSBC 1996, c 165, Schedule 1. As such, they need to be protected and guarded against misuse in accordance with their purpose.

Person Identifiers may be 'visible' to persons and used for human consumption, or 'invisible' to persons and used for system consumption for integration and authentication purposes. Systems may use identifiers to permit correlation of identity between systems, or they may use tokens to obscure identity by being system-specific and requiring traversal of UBC controlled and protected crosswalks to correlate identity.

While this Standard does not provide an exhaustive list of Person Identifiers at this time, enumerations are expected to be reviewed, updated, and increased as required.

This standard is to be adhered to at all times. Exceptions are listed in the Dispensation section.

Standard

Person Identifiers are defined as a unique number or alphanumeric code assigned to a person by an organization, state, or other agency or entity.

UBC Internal Person Identifier Types

The following are common UBC internal Person Identifier types for human and system level identification.

Person Identifier Type	Employee Identifier (Employee ID)
Definition	A unique number issued to a person hired to a position and has an agreement to provide work.
Use	For human consumption. Used for employees and independent contractors. Also used for pay master identification. Note: In Workday HCM, Employee ID is used for both the Worker and Contingent Worker objects. Misuse - Inappropriately but frequently used for system consumption.
System of Record	Person Hub
Format	7-digit number
Generation Rule	ID issued from pre-generated pool, and selected at random 7-th digit is a LUHN checksum.
Validation Rule	Compute LUHN checksum of the first six digits and compare with 7-th digit.
Person Identifier Type	Student Identifier (Student ID)
Definition	A unique number issued to a person whom applies to attend or is eligible to register in courses, programs, and student services offered by UBC. Note: 'Student ID' does not refer strictly to the British Columbia University Act's definition of a 'Student', as UBC's application and use of this ID is more expansive.
Use	For human consumption. Used for Applicants, Students, External Students, and a subset of Extended Learners eligible to access UBC services (e.g. library services and U-Pass BC). Applications with the use of additional attributes interpret the Student ID as a designated student type ID, e.g. Affiliate Student ID. Misuse - Inappropriately but frequently used for system consumption.
System of Record	Student Information System (SIS)
Format	8-digit number Note: IDs issued prior to 2016 may be less than 8 digits, using a different generation and validation rule.
Generation Rule	ID issued from pre-generated pool, and selected at random 8-th digit is a LUHN checksum for IDs except those having digits 6-7 equal to 14 or 15 which use a UBC-custom checksum algorithm (CHOWARD).
Validation Rule	Compute CHOWARD checksum of the first 7 digits and compare with the 8-th digit.
Person Identifier Type	Campus Wide Login (CWL)
Definition	Username that, when combined with password, forms the credential by which UBC community members authenticate themselves to various UBC authentication services. See IT Services – Campus Wide Login for more information.
Use	For human consumption. Used only for authentication purposes, to access UBC online Systems. Misuse – Use in systems to identify users in those systems (because it is mutable), rather than use of the immutable PUID or SP-PUID.
System of Record	IAM
Format	2 - 8 alphanumeric character string
Generation Rule	Person's first name initial, and first seven values of last name; unless a duplicate is found, then five values of last name with incrementing 2-digit numeric characters. Newly generated CWL usernames shall be: 8 alphanumeric characters in length with the first two characters being alpha Unique within the set of existing CWL usernames
Validation Rule	Must be between 2 to 8 alphanumeric characters, no checksum.
Person Identifier Type	Service Provider Person Universal Identifier (SP-PUID)
Definition	A persistent, UBC-managed system-level token in the context of the person, the identity provider, the service provider, and the role. Note: It is persistent in that context.
Use	For broad system consumption to prevent correlation between bad actors and or a compromised system. Used for integration and authentication with SaaS vendors. It may be expired and replaced as needed for information security purposes.
System of Record	Person Hub
Format	UUUID Type 4, typically. May include other values as necessary – see Generation Rule.
Generation Rule	Randomly generated UUID Type 4; in textual representation, with hyphens removed. May be other values as necessary to meet service provider constraints.
Validation Rule	None.
Person Identifier Type	Person Universal Identifier (PUID)
Definition	A persistent, immutable, UBC-managed system-level unique alphanumeric code assigned to a person.
Use	For limited system consumption. To be kept confidential and not shared outside of core identity systems.
System of Record	Person Hub
Format	12-character alphanumeric string
Generation Rule	Generate 10 random alphanumeric characters from the set [0-9A-Z] (case matters). Compute the checksum value using the UBC-created 'alphanumeric-LUHN' algorithm, with the value converted to two HEX [0-9A-F] digits. Append the two HEX digits to the 10 random alphanumeric characters to obtain the 12-character PUID.
Validation Rule	Using the first 10 characters of the PUID (uppercase), compute the checksum value using the UBC-created 'alphanumeric-LUHN' algorithm, with the value represented as two HEX [0-9A-F] digits. Compare the just-computed checksum value, represented as two HEX digits, to the last two characters of the PUID. If matching, then valid PUID.
Person Identifier Type	UBC Identifier (UBC ID)
Definition	A unique number assigned to a person whom is a UBC community member.
Use	For human consumption. Used to identify all UBC community members (future state). Currently only used in Workday for Employees. It is intended for this ID to replace Employee and Student ID over time.
System of Record	Person Hub
Format	9-digit number
Generation Rule	Randomly generated 8-digit number + LUHN checksum digit. ID issued from pre-generated pool, selected at random.
Validation Rule	Compute LUHN checksum of the first seven digits and compare with 8-th digit.

UBC External Person Identifier Types

The following are common UBC external Person Identifier types collected for human identification, for a specific use, consistent with the identifier's purpose.

Person Identifier Type	Description
Social Insurance Number (SIN)	A nine-digit number issued to a resident by the Government of Canada that is required to work in Canada or to have access to government programs and benefits. See Social Insurance Number – Overview on the Government of Canada website for more information.
Individual Tax Number (ITN)	A nine-digit number issued to a non-resident by the Government of Canada who needs a taxpayer identification number, but who is not eligible to obtain a Social Insurance Number (SIN).
Provincial Health Number	A unique lifetime identifier issued by a Canadian provincial or territorial government in which a person is residing, indicating their enrolment in the provincial health care services. For example, see Personal Health Identification on the Government of British Columbia website.
Personal Education Number (PEN)	A nine-digit number assigned by the Government of British Columbia to a student entering the BC school system for services from Kindergarten to Grade 12. See Personal Education Number - Overview on the Government of British Columbia website for more information.
Passport Number	A unique identifier on an official travel document issued by a country to its citizen. The document shows the identity and nationality of a person for the purpose of facilitating travel by that person outside of the issuing country. See Canadian Passport number example on the Government of Canada website.
Open Researcher and Contributor Identifier (ORCID)	A persistent digital identifier managed by a global not-for-profit organization, used by the research community to distinguish oneself from others. See ORCID website for more information.
Driver's License Number	A unique identifier on an official document issued by the government jurisdiction in which the motor vehicle operator is residing, permitting the qualified holder to operate a specific class of motor vehicle under specified conditions or restrictions.

Compliance

Compliance is required through every stage of the data lifecycle with the exception of any dispensations (see Dispensation section).

Dispensation

None