Friday, January 14, 2011

ERM-BC-COOP and beyond
 We MUST stop using SSNs as IDs


The following from Advisen FPN: Professional Edition for Friday, January 14 2011:

"The Growing Risk of Data Breaches, Sponsored by Swett & Crawford

"As many as 85 percent of US organizations had at least one data breach in 2009, elevating data security issues from the IT Department to the executive suite and the boardroom. Companies such as TJX and Heartland, which together had millions of sensitive records poached by hackers, made national headlines, but a great many other organizations experienced less publicized data breaches that nonetheless were costly to remedy and which potentially damaged brands and tarnished corporate reputations.

"Data Security Issues Escalate as Risk Management Evolves, a new Advisen Special Report sponsored by Swett & Crawford, examines the growing threat to data security for companies of all sizes. This comprehensive report reveals the explosive costs of data security breaches, reviews recent changes to consumer privacy laws, outlines recommended changes to IT security and risk management procedures, and discusses specialized insurance coverages available for when companies experience data security events. It also includes an appendix containing a review of the largest and most alarming data security breaches over the past decade."

The complete article, including links to the Data Security Issues Escalate as Risk Management Evolves, can be read at

Data theft is a fact of life.

Social Security numbers are, in the US, the "key" to an individual's identity.

Social Security numbers should be limited, by law, to use by the Social Security Administration and, perhaps, the Internal Revenue Service and tax-related accounts.

Social Security numbers should be prohibited, by law, from being used on employment applications, credit card applications, and any other organizations that use the number solely for client identification.

Social Security numbers should NOT be used for background checks - of any type. There are alternatives.

There is, as far as I can see, no reason to give my Social Security number to a prospective employer, particularly now that some states are outlawing some parts of pre-employment checks. It should be sufficient to provide proof of my identity with government-issued IDs; I offer a driver's license and passport. It should not be necessary for anyone to record the numbers of either for an application of any type. IF I am employed by an organization, then it is proper to ask for my Social Security information.

Thanks largely to illegal immigrants, many states now require a birth certificate or other federal government-issued ID before the state will issue a driver's license (or non-driver ID)./

Of course on the flip side of that, we have forced states to allow anyone who can claim an address - no one checks - to vote in our elections, regardless of the person's citizenship.

I'm willing to reluctantly compromise a little. I'll share the last four digits of my Social Security number only to financial institutions where I have an account. Those institutions can match those four digits with other unique information I provide (what was my first pet's name; where did I go to elementary school,. etc.). All other organizations can provide me with an ID generated by the organization; that again matched by my unique supplemental information should be enough to identify this John Glenn from other John Glenns - and I know there are many of us.

Social Security numbers never were intended to be used as identifiers for anything other than Social Security and IRS. They were not intended to be service numbers for the military. They were not intended to be drivers' license numbers. In fact, when Social Security was first introduced in 1935, it was a voluntary tax!

I'm writing my federal senators and congressperson asking them to please introduce a bill that prevents organizations from using Social Security numbers with there is neither (a) payment into or from the Social Security fund or (b) tax liability. I encourage others to do the same.

No comments: