Contact an Expert | About Us
Social Security Number Protection

Summary
Model Law: Private Collection, Mailing and Certain Uses of Social Security Numbers:

  1. Limits the circumstances under which a business may obtain or use a person’s Social Security number. Enumerates exceptions to the general proscription on such usage.
  2. Exceptions include: legal requirements, pursuant to a credit request, when opening a bank or securities account; for employment or employment benefit purposes; tax compliance; child support; determination of criminal record.
  3. Enumerates specific ways Social Security numbers may not be used including as identification or as a password.
  4. Forbids requiring the transmission of an unencrypted Social Security number over the Internet, the mailing of a Social Security number where the number is visible, or the public disclosure or sale of a Social Security number.
  5. Prescribes penalties for violation of the act.

Frequently Asked Questions

  • Q1: What is the idea behind this bill?
    A1: Reducing the frequency of the use of Social Security numbers (SSNs) is a key element in reducing identity theft. Thus the bill seeks to reduce the collection, printing, mailing, and display of SSNs by reducing the instances in which SSNs can be requested, collected, mailed, printed on wallet cards, used as passwords, and solicited over the Internet without encryption

  • Q2: What are some examples of where SSNs are used unnecessarily?
    A2: Companies or governments place the SSN on identification cards and cards used to access goods or services, print the SSN on documents such as pay stubs, mail documents containing the SSN, or require individuals to transmit an SSN over the Internet.

  • Q3: What value is an SSN to a person who wants to misuse it?
    A3: A thief who gets a consumer’s name and SSN can open new accounts unless the consumer has placed a security freeze to bar access to his or her credit reporting files. According to a U.S. Government Accountability Office report released June 2007, “SSNs are a key piece of information used to create false identities for financial misuse or to assume another individual’s identity.”

  • Q4: How prevalent is identity theft?
    A4: A Federal Trade Commission survey from 2003 found that approximately 10 million Americans were victims of some form of ID theft within the prior year. Consumers Union estimates that this is 27,000 new U.S. victims of identity theft every day. Consumers who experienced new account ID theft in 2006 spent an average of 40 hours resolving the problem. Identity theft costs U.S. businesses and consumers about $50 billion a year.

  • Q5: What does the bill do?
    A5: Stops collection of the SSN by private businesses for purposes beyond credit, taxes, employment, investment, new bank accounts, child support and criminal record checks unless the SSN is required by law. Stops the following practices unless required by law: Placing SSNs on identification and membership cards; posting, displaying, or making SSNs available to the general public; using the SSN as a password or access code for goods and services; inviting input of the SSN on the web for unencrypted transmission.

  • Q6: What further work remains to be done with regard to this issue?
    A6: Reducing the appearance of SSNs in public records, reducing government use of SSNs, requiring all types of companies holding SSNs to safeguard that data, restricting the practices of database companies that sell information about individuals including or using SSNs, and restricting the internal uses and sharing of SSNs by private companies.

More Resources

Model law
(Word Doc, 11.3kb)

Laws in other states
(Word Doc, 32.5kb)