GAO previously reported on how large information resellers like consumer reporting agencies obtain and use Social Security numbers (SSNs). Less is known about information resellers that offer services to the general public over the Internet. Because these resellers provide access to personal information, SSNs could be obtained over the Internet. GAO was asked to examine (1) the types of readily identifiable Internet resellers that have SSN-related services and characteristics of their businesses, (2) the extent to which these resellers sell SSNs, and (3) the applicability of federal privacy laws to Internet resellers.
Matter for Congressional Consideration
|Since there is no consistently practiced method for truncating SSNs, and no federal agency has the authority to regulate how SSNs should be truncated, Congress may wish to consider enacting standards for truncating SSNs or delegating authority to SSA or some other governmental entity to issue standards for truncating SSNs.||
Closed – Implemented
|In July 2009, Representative Tanner introduced H.R.3306, which included a provision that any truncation of SSN used by a government entity would be not more than the last four digits of the number. The bill delegates authority to the Commissioner of Social Security to enforce the measure and was referred to the House Committee on Ways and Means for discussion. In August 2009, Senator Schumer introduced S. 1618, which includes a provision requiring the Commissioner of Social Security to issue uniform standards for truncation of SSNs to apply to federal, state and local governments as well as private entities. This provision was included based on multiple recommendations GAO has made since 2005 to establish uniform standards for truncation of SSNs. GAO findings from this report were specifically mentioned in this legislation.|