Despite 45+ U.S. Federal and State Laws, SSNs Still Widely Misused & Breached…Why?

It amazes me how many news articles are frequently reported that are related to the misuse or breach of social security numbers (SSN). Today just a few the stories that popped up included:

* “Children are appealing targets for ID theft; parents can guard them
Points out how children’s SSNs are widely used for identity theft.
* “Fla. student test scores online in security breach
SSNs were among the infomation items posted.
* “Inseparable in life, twins still united by Social Security error
Interesting story that points out how SSN mistakes happen, and some of the consequences of those mistakes.
Do you know the laws that address how SSNs can, and cannot, be used?
Does your employer know?
If you are a business owner or business leader, do you know?
If you are an information security, privacy or compliance professional do you know?
Here is the final part of the first article, “(Mis)Using Social Security Numbers in Business,” within my August issue of IT Compliance in Realtime Journal, which discusses the use of SSNs (get the nicest version of the full journal here)…

Laws Covering SSN Use
There are numerous existing and proposed U.S. federal and state laws and regulations that include directives for how SSNs must be handled, used, or protected. There are dozens of state-level laws; most of the states have laws that cover SSN use in one way or another.
It is out of the scope of this article to provide a listing of them, but if enough interest exists, I will plan to provide a listing in a future article.
Table 1 contains some of the existing federal laws that address SSN use in one way or another. I started compiling this list back in 2003, and I recently added several more entries from a very useful report the FTC put out in November 2007 entitled “Staff Summary of Comment and Information Received Regarding the Private Sector’s Use of Social Security Numbers.”
This list is not comprehensive but should provide you with a very good starting point for looking into how you use SSNs within your organization as they are in compliance with the requirements of these laws.
Note that laws and regulations often do not use the term “Social Security Number” but instead use “taxpayer identification numbers” within which SSNs are a subset. The brief descriptions are provided to give you an idea of what the law or regulation covers but should not be viewed as representing the full details of the document or as legal advice. Always check with your legal counsel to discuss and interpret how the law may impact you and/or your organization.
[Table 1: Lists 45 Federal laws and regulations covering different types of SSN use. See it within the full PDF version of this article.]


Tags: , , , , , , , , , ,

Leave a Reply