Social Security Numbers: Governments Could Do More to Reduce Display in Public Records and on Identity Cards
Highlights
While the use of Social Security numbers (SSN) can be very beneficial to the public sector, SSNs are also a key piece of information used for committing identity crimes. The widespread use of SSNs by both the public and private sectors and their display in public records have raised concern over how SSNs might be misused and how they should be protected. In light of this concern, GAO was asked to examine (1) the extent to which SSNs are visible in records made available to the public, (2) the reasons for which governments collect SSNs in records that display them to the public, and (3) the formats in which these records are stored and ways that the public gains access to them. As well as looking at public records, GAO also examined the practices of several federal agencies regarding the display of entire nine-digit SSNs on health insurance and other identification cards issued under their authority.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Office of Management and Budget | To address this potential vulnerability, the Director, Office of Management and Budget, should identify all those federal activities that require or engage in the display of nine-digit SSNs on health insurance, identification, or any other cards issued to federal government personnel or program beneficiaries, and devise a governmentwide policy to ensure a consistent approach to this type of display. |
Closed – Implemented
On May 22, 2007, OMB issued a memorandum directing the heads of executive departments and agencies to take a number of actions to safeguard against and respond to the breach of personally identifiable information. These actions included (1) reviewing current holdings of all personally identifiable information and ensure, to the maximum extent practicable, such holdings are accurate, relevant, timely, and complete, and reduce them to the minimum necessary for the proper performance of a documented agency function, and (2) reviewing the use of social security numbers in agency systems and programs to identify instances in which collection or use of the social security number is superfluous. Also, within 120 days from the date of the memo, agencies were required to establish a plan to eliminate the unnecessary collection and use of social security numbers within eighteen months. In addition, the memo required that agencies participate in government-wide efforts to explore alternatives to use of Social Security Numbers as a personal identifier for both Federal employees and in Federal programs.
|