Since created in 1936 to keep track of workers’ earning histories, the social security number has grown to become the de facto national identifier. Now, in addition to the Social Security Administration and IRS, banks, insurance companies, utilities, educational institutions and other businesses also use social security numbers to identify consumers. A recent article posted on NJ.com notes that customers should not simply turn over Social Security numbers when requested. Instead, customers should ensure that companies have a valid and necessary reason to request and store their Social Security number.
Simply, the more businesses that possess an individual’s Social Security number, the greater the likelihood that the Social Security number will be at some point subject to a data breach. Breaches of Social Security numbers have real and potentially harmful consequences. As the NJ.com article notes,
Thieves who have your Social Security number can cause a host of troubles. They might file a false tax return in your name and snatch your refund. They may open credit accounts and even mortgages using your information. . . The nightmares can go beyond financial ones. If they use your number to get medical care, your medical records – your blood type, conditions you have and more – could be intermingled with the crook. They when you need care, your own health could be at risk.
To key to minimizing the damage that the breach of a Social Security number can cause is to limit the places where the number can be used in the first place. Presently, too many businesses utilize individual’s Social Security numbers. In fact, 60 minutes recently produced a segment that highlighted how businesses rely on the Social Security number and the problems that such reliance can cause consumers. The segment discussed the Social Security Administration’s Master Death List. When someone dies, Social Security is typically notified so that payments to the deceased individual will stop. Problems arise when individuals who are alive are placed on the Master Death List. Individuals faced with such a predicament have experienced job loss, reputation problems and credit issues.
Problems stemming from a data breach or the Death Master File would be minimized if laws were enacted to limit how and when Social Security numbers can be used. Businesses should be required to create alternate identifiers for consumers and be prohibited from requesting Social Security numbers unless specifically allowed to by law. Additionally, the Social Security Administration should be applying the Fair Information Practice Principles which provides consumers the ability to review and correct information about themselves to ensure accuracy.
Social Security numbers were never intended to be the American national identifier. While not a sexy issue, it is time to reexamine how Social Security numbers are used to ensure that the harm caused by data breaches and mistakes by the Social Security Administration are minimized.