Social Security numbers

Published May 17, 2011
By Base Records/Privacy Act Office
319th Communications Squadron

GRAND FORKS AIR FORCE BASE, N.D. -- It seems like stories of identity theft and information breaches are in the news every day. According to the Open Security Foundation, DataLossdb.org, SSNs are involved in 30 percent of the breaches they have tracked over time involving the loss, theft or exposure of personally identifiable information (or PII). Given that the SSN is a key piece of the puzzle to steal someone's identity, these stories make us wonder: Where is my SSN? Whether it is out of the need to responsibly handle the SSNs of others, or concern for your own SSN, it is important to keep yourself informed on both the rules for SSN use at your place of duty and the resources available for learning how to protect your own SSN in the larger world.

How did one number get to be such a big concern?
Originally, the SSN was simply an identifier established to manage the Social Security Act of 1935 -- a retirement program for workers. In the 1990's, the country began to realize that the widespread use of SSNs was an enabler to the increase in identity theft. In 2006, President George W. Bush established the President's Identity Theft Task Force that submitted its report to the President, titled "Combating Identity Theft: A Strategic Plan". (This report is available at (www.idtheft.gov.) The very first recommendation out of that report was to decrease the unnecessary use of SSNs in the public sector.

Today's Direction: Reduce Risk through Reduced Use
Based on the Identity Theft Task Force's recommendations, the Office of Management and Budget issued memorandum M-07-16 which, among other things, directs all agencies to review their use of SSNs and identify instances to eliminate unnecessary collection and use. Since that memo was issued, every agency has provided annual updates to OMB on their progress in meeting this goal.

For Department of Defense components, the direction for reducing SSN use is currently set out in Directive Type Memorandum (DTM) 07-015-USD (P&R) - "DoD Social Security Number (SSN) Reduction Plan" issued in March 2008. This document spells out DoD policy to reduce or eliminate the use of SSNs wherever possible. The Directive doesn't distinguish between how or where an SSN is stored, whether it is on paper or stored electronically. The Directive also makes it clear that the Department is to reduce even the use of partial SSNs, such as the last numbers of an SSN.

Your Role in Reducing Risk
So, how can you help support the government's effort to reduce the use of SSNs?

If your job responsibilities include making decisions about how business processes or computer systems will work and what information they need to process, make sure you are familiar with DTM 07-015-USD. For processes or systems that already use SSNs, start now to think through how to reduce the use of SSNs or even eliminate its use completely.

If your job responsibilities require you to have access to SSNs as part of the execution of your assignments, then think about when you really need to use them and when you really don't. Many times, use of SSN can be out of habit and, with a fresh look at a business process; you may find that another identifier works equally well. Additionally, it is your responsibility to appropriately protect those SSNs from loss, theft, or inappropriate exposure. Remember that SSNs are considered For Official Use Only (FOUO) and are to be treated as such. Some simple precautions to take when dealing with SSNs are:

- Avoid taking SSNs out of their official system of record. Downloading extracts to spreadsheets or SharePoint environments removes the number from the protections built in to the production system.

- Encrypt any SSNs that are on portable storage media (laptops, CDs, etc.) or sent through email.

- Don't leave print outs with full or partial SSNs unsecured.

- Immediately report any suspected or known compromise of SSN to your base Privacy Officer.

Even if your job doesn't require you to deal with SSNs, there is plenty that you can do to support the efforts to reduce SSN risk. As the business processes and computer systems change over time to reduce the use of SSNs, you will be asked to make changes as well. Be an active supporter of those changes and remember that they are not occurring to make processes more difficult, but to reduce the risk of the possible loss of your information. Also, be on the lookout for situations where SSNs or any PII may have been compromised, and be sure to report any suspected or known compromises to your base Privacy Officer and the US-CERT.

Looking to the Future
Achieving the goal of reduced use of SSNs will require change over time to many business processes and many computer systems. It took over 60 years to build up the widespread use of the SSN that is in place today, and the reduction in its use won't happen overnight. However, the course is set and progress is being made. Each reduced instance of an SSN is one less opportunity for that information to be lost or mishandled, and that is risk reduction that we can all celebrate.

Resources for protecting yourself from ID Theft

The government has established wonderful resources for everyone to learn more about the crime of identity theft and the steps to take to reduce the likelihood of it occurring to each of us.

http://www.idtheft.gov - resources for preventing identity theft

http://www.ftc.gov/idtheft - one-stop national resource to learn about the crime of identity theft. It provides detailed information to help you deter, detect, and defend against identity theft

http://www.ftc.gov/idtheft/military - this section of the site is focused on military personnel and their families

http://www.onguardonline.gov - provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer and protect your personal information

http://www.ssa.gov/oig/hotline/ssnmisuse.htm - Identity Theft/Social Security Number Misuse

http://www.ssa.gov/pubs/10064.html - Identity Theft and Your Social Security Number

http://www.ncpw.gov/consumer-topics/ - 2011 National Consumer Protection Week website

*Source of SSN historical information is http://www.ssa.gov/history/ssn/ssnchron.html

The Grand Forks AFB Privacy Act Officer can answer your questions: Staff Sgt. Sherry Alfieri, 701-747-6143 and Senior Airman Stephan Shannon, 701-747-3008