PRIVATE SECTOR USE OF SOCIAL SECURITY NUMBERS: TOPICS FOR COMMENT
The Identity Theft Task Force (“Task Force”) crafted a strategic plan to make the federal government’s efforts more effective and efficient in the areas of identity theft awareness, prevention, detection, and prosecution. As part of its strategic plan, the Task Force recommended that the participating agencies that have direct experience with the private sector’s use of Social Security numbers (“SSNs”) develop a comprehensive record on those uses and evaluate their necessity. The Task Force recommended that the participating agencies gather information from all stakeholders, including the financial services industry, law enforcement agencies, consumer reporting companies, academics, and consumer advocates.
In order to develop this comprehensive record on the private sector’s use of the SSN, the FTC invites interested parties to submit written comments. Comments should be as specific as possible, and include, where possible, studies, surveys, research, and cost estimates. Comments must be received on or before September 5, 2007. Below you will find specific topics the FTC is interested in learning more about, as well as directions on how to submit comments.
Topics for Comment:
- Current Private Sector Collection and Uses of the SSN
- What businesses and organizations collect and use the SSN? For what specific purposes are they used?
- What is the life cycle (collection, use, transfer, storage and disposal) of the SSN within the businesses and organizations that use it?
- Are governmental mandates driving the private sector’s use of the SSN?
- Are there alternatives to these uses of the SSN?
- What has been the impact of state laws restricting the use of the SSN on the private sector’s use of the SSN?
- The Role of the SSN as an Authenticator
- The use of the SSN as an authenticator – as proof that consumers are who they say they are – is widely viewed as exacerbating the risk of identity theft. What are the circumstances in which the SSN is used as an authenticator?
- Are SSNs so widely available that they should never be used as an authenticator?
- What are the costs or other challenges associated with eliminating the use of the SSN as an authenticator?
- The SSN as an Internal Identifier
- Some members of the private sector use the SSN as an internal identifer (e.g. employee or customer number), but others no longer use the SSN for that purpose. What have been the costs for private sector entities that have moved away from using the SSN as an internal identifier? What challenges have these entities faced in substituting another identifier for the SSN? How long have such transitions taken? Do those entities still use the SSN to communicate with other private sector entities and government about their customers or members?
- For entities that have not moved away from using the SSN as an internal identifier, what are the barriers to doing so?
- The Role of the SSN in Fraud Prevention
- Many segments of the private sector use the SSN for fraud prevention, or, in other words, to prevent identity theft. How is the SSN used in fraud prevention?
- Are alternatives to the SSN available for this purpose? Are those alternatives as effective as using the SSN?
- If the use of the SSN by other sectors of the economy were limited or restricted, what would the ramifications be for fraud prevention?
- The Role of the SSN in Identity Theft
- How do identity thieves obtain SSNs?
- Which private sector uses of the SSN do thieves exploit to obtain SSNs, i.e, SSN as identifier or SSN as an authenticator? Which of those uses are most vulnerable to identity thieves?
- Once thieves obtain SSNs, how do they use them to commit identity theft? What types of identity theft are thieves able to commit with the SSN? Do thieves need other information in conjunction with the SSN to commit identity theft? If so, what other kinds of information must they have?
- Where alternatives to the SSN are available, what kind of identity theft risks do they present, if any?
How to Submit Comments:
Written comments may be submitted electronically by clicking on the following Web link: https://secure.commentworks.com/ftc-SSNPrivateSector and following the instructions on the Web-based form. Comments should refer to “SSNs In The Private Sector - Comment, Project No. P075414” to facilitate the organization of comments. A comment filed in paper form should include this reference both in the text and on the envelope, and should be mailed or delivered to the following address: Federal Trade Commission/Office of the Secretary, Room H-135 (Annex K), 600 Pennsylvania Avenue, NW, Washington, DC 20580. If the comment contains any material for which confidential treatment is requested, it must be filed in paper form, and the first page of the document must be clearly labeled “Confidential” and must comply with Commission Rule 4.9(c). The FTC is requesting that any comment filed in paper form be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.