Loopholes in federal laws and lack of proper oversight of information brokers leaves Americans' Social Security numbers (SSN) being exposed to potential identity theft and misuse, according to a new report from the Government Accountability Office (GAO).
The GAO report found that while many laws exist to govern the use of SSNs by federal and state agencies, "[v]ulnerabilities persist in federal laws addressing SSN collection and use by private sector entities."
"For example, although federal laws place restrictions on reselling some personal information, these laws apply only to certain types of private sector entities, such as financial institutions," GAO director Daniel Bertoni wrote in the report introduction.
Consequently, information resellers are not covered by these laws, and there are few restrictions placed on these entities’ ability to obtain, use, and resell SSNs for their businesses,"
Among the GAO's findings: • The tax preparation and telecommunications industries are not as heavily regulated as others when it comes to sharing and collecting Social Security numbers. The GAO had previously found that the IRS was lax in protecting personal information in its own offices, and that tax preparers were frequently prone to error and resulted in additional costs for their clients. • Lack of standards for truncating SSNs in written documents or e-mails has made it difficult to prevent their misuse. Some information resellers truncate or cross out the first five digits of a subject's SSN, while others truncated the last four. The differing rules make it relatively easy for identity thieves to piece together a potential victim's SSN from different public record documents hawked by information resellers. • Although many federal agencies and departments have improved their protection of SSNs or placed restrictions on their collection and use, the lack of uniform guidelines across the board has led to inconsistencies, such as certain agencies continuing to display SSNs in publicly available records.
The GAO commended the government's Identity Theft Task Force for advocating the decrease in use of SSNs at every level of government, and the recent guidelines issued by the Office of Management and Budget (OMB) for crafting data breach notification plans at every federal agency.
But the consensus was that there was more to be done.
At a House committee meeting discussing the protection of the SSN, Social Security Administration Inspector General Patrick O' Carroll said that his agency has tried to educate private-sector businesses to limit their use of SSNs, but the cost of the transition would be too much.
“Any legislative provisions that reduce the display of SSNs or limit or eliminate trafficking in SSNs by information brokers and others would be of great help to our efforts," O'Carroll said.
The House has several competing pieces of legislation on the docket that would reduce or restrict the usage of SSNs, including Rep. Ed Markey's (D-MA) "Social Security Number Protection Act." The Markey bill, co-sponsored by Rep. Joe Barton (R-TX), would criminalize the sale of SSNs outside specific guidelines set by the Federal Trade Commission (FTC) and restrict their display online or on ID cards.
And Rep. Charles Schumer (D-NY) has proposed legislation that would achieve the GAO's request of setting truncation standards for the display of SSNs, to be overseen by the Social Security Administration.
In the GAO report's conclusion, Bertoni expressed hope that the public and private sector could coordinate their efforts to create laws that would better protect SSNs in their daily usage.
"Given the significance of the SSN in committing fraud or stealing an individual’s identity, it would be helpful to take additional steps to protect this number," he wrote. "As the Congress moves forward in pursuing legislation to address SSN protection and identity theft, focusing the debate on vulnerabilities that have already been documented may help target efforts and policy directly toward immediate improvements in SSN protection."
The GAO report is available as a PDF file.
Source: consumeraffairs.com
