Social Security Numbers:

Government Benefits from SSN Use but Could Provide Better Safeguards

GAO-02-352: Published: May 31, 2002. Publicly Released: May 31, 2002.

Additional Materials:

Contact:

Barbara D. Bovbjerg
(202) 512-5491
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Social Security number (SSN) was created in 1936 to track workers' earnings and eligibility for Social Security benefits. Because SSNs are unique identifiers and do not change, the numbers provide a convenient and efficient way to manage records. Government agencies are taking some steps to safeguard the number, but some protections are not uniformly in place at any level of government. Many of the state and county agencies responding to GAO's survey maintain records that contain SSNs; federal agencies maintain public records less frequently. At the state and county levels, some offices, such as state professional licensing agencies and county recorders' offices, have traditionally been repositories for public records that may contain SSNs. Some government agencies are trying to better safeguard the SSN by trying innovative approaches to protect them from public display. For example, some agencies and courts are modifying their processes or their forms so that they can collect SSNs but prevent the number from becoming part of the publicly available record. The most far-reaching efforts took place in states with a statewide initiative that established a policy and procedures designed to protect individuals' personal information, including SSNs, in all circumstances where they collect, store, and use it.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Matter for Congressional Consideration

    Matter: To address SSN security and display issues in state and local government and in public records, including those maintained by the judicial branch of government at all levels, Congress may wish to convene, in consultation with the president, a representative group of federal, state and local officials including, for example, state attorneys general, county recorders, and state and local chief information officers, selected members of Congress, and state or local elected officials, to develop a unified approach to safeguarding SSNs used in all levels of government and particularly those displayed in public records. This approach could include recommendations for congressional consideration. GAO could assist in identifying representative participants in convening the group.

    Status: Closed - Not Implemented

    Comments: Congress has not taken action on this recommendation to date.

    Recommendations for Executive Action

    Recommendation: The Privacy Act and other federal laws prescribe actions federal departments and agencies must take to assure the security of SSNs and other personal information. Because these requirements may not be uniformly observed, the administrator, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB), should direct federal agencies to review their practices for securing SSNs and providing required information. As part of this effort, agencies should also review their practices for displaying SSNs.

    Agency Affected: Executive Office of the President: Office of Management and Budget: Office of Information and Regulatory Affairs

    Status: Closed - Implemented

    Comments: In response to GAO's recommendation, in early 2004 at a meeting whose attendees included federal privacy officials, OMB discussed federal agencies' practices for safeguarding individuals' personal information and providing the information required under Section 7 of the Privacy Act. Based on the feedback it received, OMB officials decided that, beyond this discussion, they could best assist federal agencies on an ad hoc basis at their request rather than disseminate additional guidance to all federal agencies.

    Recommendation: To better inform state and local governments of their responsibility under section 7 of the Privacy Act, the Administrator, Office of Information and Regulatory Affairs, OMB, should direct his staff to augment the Privacy Act guidance by specifically noting that section 7 applies to all federal, state and local government agencies that request SSNs, or take other appropriate steps.

    Agency Affected: Congress

    Status: Closed - Implemented

    Comments: In consideration of GAO's recommendation, in June 2004 OMB officials discussed requirements under Section 7 of the Privacy Act with officials representing the National Association of Attorney Generals, National Conference of State Legislatures, States CIOs, and federal and state privacy offices. Based on input from these groups, OMB officials said they believe this discussion was sufficient; however, they will continue to provide additional guidance on an ad hoc basis as requested by state and local governments.

    Mar 26, 2014

    Jan 13, 2014

    Dec 9, 2013

    Dec 6, 2013

    Nov 20, 2013

    Oct 29, 2013

    Sep 25, 2013

    Sep 12, 2013

    Sep 10, 2013

    Jul 31, 2013

    Looking for more? Browse all our products here