Social Security Numbers: The case against storing them.

April 23, 2007 at 8:46 am | Posted in News | 1 Comment

Once again, a government-run database has leaked thousands of social security numbers onto the Internet, and no one is being held accountable for it. This database was housed at the Census Bureau, and shared with the Department of Agriculture’s web site, where you and I could browse the social security numbers of thousands of farmers using any standard web browser. In a New York Times article, White House OMB spokesperson Sean Kevelighan said: “We take the loss or exposure of personal identifiable information very serious, but we are confident that this is an isolated incident.”

Let’s ignore, for the moment, that Sean doesn’t use the proper ‘-ly’ ending on his adverb. The problem with Sean’s statement is that this is not an isolated incident by any stretch of the imagination. The Department of Agriculture reported to the House Government Reform Committee on July 25, 2006 that it had confirmed eight incidents involving the loss or compromise of any sensitive personal information since January 1, 2003. The Department of Agriculture is not alone, and is not even the scariest example. This February the  Department of Veterans’ Affairs leaked 1.5 million people’s SSNs and medical data. In a separate incident, the VA reported in May 2006 that they lost 26.5 million people’s SSNs.  You can see a frightening report by the House Committee on Government Reform here: http://oversight.house.gov/documents/20061013145352-82231.pdf .

The Federal Privacy Act stumbles timorously into the world of data protection, prohibits the use of SSN’s as identifiers in federal agencies, and doesn’t include any requirements for audits to ensure compliance.

The problem is not limited to federal agencies, either. Here in Michigan, both Michigan State and U of M have suffered breaches in which student and faculty social security information was leaked. Lansing Community College, where social security numbers also served as student ID numbers until a just a few years ago, has also had trouble hanging on to SSNs. In the first quarter of 2007, a few of the organizations who lost data including personal identification and social security numbers included: University of Idaho, Chicago Public Schools, MoneyGram International, & Fruit of the Loom.

Most of the data is not lost to hackers; most of it is physically stolen, when laptop computers, hard drives, or tape media are stolen. My question is, why is it necessary for so many of these organizations to retain my SSN? It might take some extra steps in the process of checking credit, arranging financial transactions, or handling loan data, but I don’t think it’s necessary for most of these agencies to store social security  numbers for any extended period of time at all, and certainly not in a mobile or net-accessible locale. Once you’ve applied for your farm loan and been approved, why does the Department of Agriculture need to store that information? Once you are a student at the University of Michigan and your financial aid has been processed, why do they need to keep your social security number in their file?

In short, I think too many of our systems are designed to hang on to large quantities of data they don’t really need, and consumers don’t have any option to withdraw that data once it has been given.  At a bare minimum, I think the Federal Privacy Act should be expanded to require personal identifying data to be purged when certain criteria have been met; for example, when a student graduates from college, certainly the college should get rid of their SSN. When a farmer has paid off his farm loan, his SSN should be removed from the system. My bank should not keep my SSN on file after my initial citizenship status check is complete, or after my loan has been processed.

Further, it should be absolutely illegal to store other people’s personally identifiable information on anyone’s laptop computer. This is ridiculous in the way that Bozo the Clown was ridiculous.

Identity theft is still on the rise, but almost half of identity theft victims are under the age of 40. This means, unfortunately, that it is not a heavily emphasized political issue, since baby boomers still drive politics in the US. I believe, however, that it is an ethical issue that organizations should not ignore. If you can’t absolutely guarantee the safety of an SSN (which you most likely can’t) I think you should remove it from your systems. 

Advertisements

1 Comment

TrackBack URI

  1. Malawach

    Large set (Ramsey theory) Sergei Zinovjev Antas England (disambiguation) Roberto Regazzi Darren Bailey The Oddly Shaped Waltz Forward Township, Allegheny County, Pennsylvania HMS St Brides Bay (K600) Danny O’Donnell


Sorry, the comment form is closed at this time.

Create a free website or blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: