Social Security Numbers: Federal Actions Could Further Decrease Availability in Public Records, though Other Vulnerabilities Remain

GAO-07-752 Published: Jun 15, 2007. Publicly Released: Jun 21, 2007.
Jump To:
Skip to Highlights
Highlights

Various public records in the United States, including some generated by the federal government, contain Social Security numbers (SSN) and other personal identifying information that could be used to commit fraud and identity theft. Public records are generally defined as government agency-held records made available to the public in their entirety for inspection, such as property records and court records. Although public records were traditionally accessed locally in county courthouses and government record centers, in recent years, some state and local public record keepers have begun to make these records available to the public through the Internet. While it is important for the public to have access to these records, concerns about the use of information in these records for criminal purposes have been raised. In 2006, these concerns were heightened when an Ohio woman pled guilty to conspiracy, bank fraud, and aggravated identity theft as the leader of a group that stole citizens' personal identifying information from a local public record keeper's Web site and other sources, resulting in over $450,000 in losses to individuals, financial institutions, and other businesses. Although we previously reported on the types of public records that contain SSNs and access to those records, less is known about the federal government's direct provision of records with SSNs to state and local public record keepers. Because of Congress's interest in information on these issues, we agreed to answer the following questions: (1) Which federal agencies commonly provide records containing SSNs to state and local public record keepers, and what actions have been taken to protect SSNs in these records? (2) What significant vulnerabilities, if any, remain to protecting SSNs in public records?

Skip to Recommendations

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Internal Revenue Service To the extent that truncation provides an added level of protection from identity theft, the Commissioner of IRS should implement a policy requiring the truncation of all SSNs in lien releases the agency generates.
Closed - Implemented
In January 2008, the Internal Revenue Service implemented a new policy to partially redact Social Security numbers (SSNs) on all lien documents it generates. This policy includes the partial redaction of SSNs on all lien releases.
Office of the Attorney General To the extent that truncation provides an added level of protection from identity theft, the Attorney General should implement a policy requiring, at a minimum, SSN truncation in all lien records generated by its judicial districts. Truncation should be in the same format as is currently used by IRS on lien notices.
Closed - Implemented
In June 2007, DOJ issued a memo directing all of its districts to immediately truncate or completely redact SSNs on all documents filed with state and local recording offices. This memo noted that GAO recently made this recommendation and that with this memo, the agency is implementing the recommendation immediately.

Full Report