Strengthening Controls to Ensure Identity Protection
Over the last several years, identity theft and the need to protect personal information have received heightened national attention. The aggregation of personal information and Social Security numbers (SSN) in large corporate databases and the display of SSNs in public records have provided opportunities for identity thieves.
- Thus, SSNs are a valuable commodity for persons seeking to assume another individual’s identity or to commit financial crimes.
- Fraudulent and stolen SSNs can be used by noncitizens to work illegally in the United States.
- Although Congress and the states have passed a number of laws to address this issue, the continued reliance on SSNs by private- and public-sector entities underscores the need to identify additional protections.
^ Back to topWhat Needs to Be Done
Both public- and private-sector entities have taken some steps to ensure the integrity of SSNs, though several vulnerabilities remain in both sectors.
- Several federal agencies have begun removing SSNs from individual identification
cards. For example, the Department of Veterans Affairs (VA) is replacing
VA identification cards with ones that no longer display the SSN. However,
as we reported in 2004, the full SSN is still visible on millions of Medicare
cards.
Highlights of GAO-05-59 (PDF) - Although some federal, state, and local agencies have taken steps to remove
SSNs from public records, including those available on the Internet (such
as tax liens filed by the Internal Revenue Service with state and county
public record keepers), there is no uniform practice or policy among federal,
state, or local governments to protect SSNs that are displayed in such records.
Without such practices or policies, SSNs remain vulnerable to identity thieves.
Highlights of GAO-05-59 (PDF), Highlights of GAO-07-752 (PDF) - Federal law and oversight of how various private-sector industries use
SSNs and other personal information also vary. Certain industries, such as
financial services, are subject to federal laws restricting their ability
to sell personal information or share it with their contractors, while others,
such as Internet information resellers and telecommunications firms, may
face fewer restrictions.
Highlights of GAO-06-238 (PDF) - GAO concluded that truncating SSNs to display fewer than all nine digits
could reduce their vulnerability. However, even these remain vulnerable because
there is not a standardized approach concerning which digits to truncate.
GAO suggested that Congress consider enacting such standards, and legislation
has been introduced in both houses to do so.
Highlights of GAO-06-495 (PDF)
^ Back to topKey Reports
Social Security Numbers
Federal Actions Could Further Decrease Availability in Public Records, though Other Vulnerabilities Remain
GAO-07-752, Jun 15, 2007
GAO-07-752, Jun 15, 2007
Social Security Numbers
Governments Could Do More to Reduce Display in Public Records and on Identity Cards
GAO-05-59, Nov 9, 2004
GAO-05-59, Nov 9, 2004
Social Security Numbers
Private Sector Entities Routinely Obtain and Use SSNs, and Laws Limit the Disclosure of This Information
GAO-04-11, Jan 22, 2004
GAO-04-11, Jan 22, 2004
Social Security Numbers
More Reports
