GAO: Governments Could Do More to Reduce Identity Theft
While the use of Social Security numbers (SSN) can be very beneficial to the public sector, SSNs are also a key piece of information used for committing identity crimes. The widespread use of SSNs by both the public and private sectors and their display in public records have raised concern over how SSNs might be misused and how they should be protected.
In light of this concern, the Government Accountability Office (GAO) was asked to examine the extent to which SSNs are visible in records made available to the public, the reasons for which governments collect SSNs in records that display them to the public, and the formats in which these records are stored and ways that the public gains access to them.
As well as looking at public records, GAO also examined the practices of several federal agencies regarding the display of entire nine-digit SSNs on health insurance and other identification cards issued under their authority.
Social Security numbers appear in any number of records exposed to public view almost everywhere in the nation, primarily at the state and local levels of government. State agencies in 41 states and the District of Columbia reported visible SSNs in at least one type of record and a few states have them in as many as 10 or more different records.
SSNs are most often to be found in state and local court records and in local property ownership records, but they are also scattered throughout a variety of other government records. In general, federal agency display of SSNs in public records is prohibited under the Privacy Act of 1974. While the act does not apply to the federal courts, they have taken action in recent years to prevent public access.
With regard to the SSNs maintained in public records, various state and local officials commonly reported needing them for identity verification. A few, however, said they had no use for the SSN, but that documents submitted to their offices often contained them. States also commonly reported using the SSN to facilitate the matching of information from one record to another. The federal courts largely collect SSNs when required by law to do so; however, due to privacy concerns, SSNs are not in documents that are available electronically to the public.
Public records with SSNs are stored in a multiplicity of formats, but public access to them is most often limited to the inspection of individual paper copies on site or via mail by request. Few state agencies make records with SSNs available on the Internet; however, 15 to 28 percent of the nation’s 3,141 counties do place them on the Internet and this could affect millions of people. Overall, GAO found that the risk of exposure for SSNs in public records at the state and local levels is highly variable and difficult for any one individual to anticipate or prevent.
Another form of SSN exposure results from a government practice that does not involve public records per se. GAO found that SSNs are displayed on cards issued to millions of individuals under the authority of federal agencies for identity purposes and health benefits. This involves approximately 42 million Medicare cards, 8 million Department of Defense identification cards, as well as some insurance cards, and 7 million Veterans Affairs identification cards, which display the full nine-digit SSN. While some of these agencies are taking steps to remove the SSNs, there is no government wide federal policy that prohibits their display. Although we did not examine this phenomenon across all federal programs, it is clear that the lack of a broad, uniform policy allows for unnecessary exposure of personal Social Security numbers.
The GAO recommends that the Office of Management and Budget identify those federal activities that require or engage in the display of SSNs on health insurance, identification, or any other cards issued to federal government personnel or program beneficiaries, and devise a government wide policy to ensure a consistent approach to this type of display. All agencies that reviewed a draft of this report generally agreed with our findings and recommendation.
Source: Government Accountability Office (GAO)