Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

Social Security Number FAQ


[ Usenet FAQs | Web FAQs | Documents | RFC Index | Neighborhoods ]
Archive-name: privacy/ssn-faq
Last-modified: March 24, 2001
URL1: http://www.cpsr.org/cpsr/privacy/ssn/ssn.faq.html

See reader questions & answers on this topic! - Help others by sharing your knowledge
-----BEGIN PGP SIGNED MESSAGE-----


If you have comments on the following, please send them to me at
hibbert@cpsr.org.  A description of how to retrieve the most recent
version of this and related documents appears at the end.



          What to do when they ask for your Social Security Number

                              by Chris Hibbert

                           Computer Professionals
                         for Social Responsibility


Many people are concerned about the number of organizations asking for
their Social Security Numbers.  They worry about invasions of privacy and
the oppressive feeling of being treated as just a number.  Unfortunately,
I can't offer any hope about the dehumanizing effects of identifying you
with your numbers.  I *can* try to help you keep your Social Security
Number from being used as a tool in the invasion of your privacy.

The advice in this FAQ deals primarily with the Social Security Number
used in the US, though the privacy considerations are equally applicable
in many other countries.  The laws explained here are US laws.  The advice
about dealing with bureaucrats and clerks is universal.

    The Privacy Act of 1974

The Privacy Act of 1974 (Pub. L. 93-579, in section 7), which is the
primary law affecting the use of SSNs, requires that any federal, state,
or local government agency that requests your Social Security Number has
to tell you four things:



1: The authority (whether granted by statute, or by executive order of
the 
   President) which authorizes the solicitation of the information and 
   whether disclosure of such information is mandatory or voluntary;

2: The principal purposes for which the information is intended to be used;

3: The routine uses which may be made of the information, as published 
   annually in the Federal Register, and

4: The effects on you, if any, of not providing all or any part of the 
   requested information.

The Act requires state and local agencies which request the SSN to
inform the 
individual of only three things:

1: Whether the disclosure is mandatory or voluntary, 
2: By what statutory or other authority the SSN is solicited, and 
3: What uses will be made of the number.


In addition, that section makes it illegal for Federal, state, and local
government agencies to deny any rights, privileges or benefits to
individuals who refuse to provide their SSNs unless the disclosure is
required by Federal statute.  (The other exception is if the disclosure
is for use in a record system which required the SSN before 1975.  (5
USC 552a note).  So anytime you're dealing with a government institution
and you're asked for your Social Security Number, look for a Privacy Act
Statement.  If there isn't one, complain and don't give your number.  If
the statement is present, read it.  Once you've read the explanation of
whether the number is optional or required, and what will be done with
your number if you provide it, you'll be able to decide for yourself
whether to fill in the number.

There are several kinds of governmental organizations that usually have
authority to request your number, but they are all required to provide the
Privacy Act Statement described above.  (see the list in the "Short History"
section of the website
http://www.cpsr.org/cpsr/privacy/ssn/SSN-History.html#history) The only time
you should be willing to give your number without reading that notice is when
the organization you are dealing with is not a part of the government.


             Why You May Want to Resist Requests for Your SSN

When you give out your number, you are providing access to information
about yourself.  You're providing access to information that you don't
have the ability or the legal right to correct or rebut.  You provide
access to data that is irrelevant to most transactions but that will
occasionally trigger prejudice.  Worst of all, since you provided the
key, (and did so "voluntarily") all the information discovered under
your number will be presumed to be true, about you, and relevant.

A major problem with the use of SSNs as identifiers is that it makes it
hard to control access to personal information.  Even assuming you want
someone to be able to find out some things about you, there's no reason
to believe that you want to make all records concerning yourself
available.  When multiple record systems are all keyed by the same
identifier, and all are intended to be easily accessible to some users,
it becomes difficult to allow someone access to some of the information
about a person while restricting them to specific topics.

Unfortunately, far too many organizations assume that anyone who
presents an
SSN must be the owner.  When more than one person uses the same number, it
clouds up the records.  If someone intended to hide their activities by using
someone else's number, it's likely that it'll look bad on whichever
record it
shows up on.  When it happens accidentally, it can be unexpected,
embarrassing, or worse.  How do you prove that you weren't the one using your
number when the record was made?

Simson Garfinkel put it very well in an article for CACM's "Inside Risks"
column in October, 1995.  His article started with the paragraph

    The problem with Social Security Numbers today is that some
    organizations are using these ubiquitous numbers for
    identification, others are using them for authentication, and
    still others are using them for both.

Simson went on to explain how the two uses are incompatible.  I recommend
the article.


                What You Can Do to Protect Your Number

It's not a good idea to carry your SSN card with you (or other documents
that contain your SSN).  If you should lose your wallet or purse, your SSN
would make it easier for a thief to apply for credit in your name or
otherwise fraudulently use your number.  Some states that normally use
SSNs as the drivers license number will give you a different number if you
ask.  If your health insurance plan uses your SSN for an ID number, it's
probably on your insurance card.  If you are unable to get the insurance
plan to change your number, you may want to photocopy your card with your
SSN covered and carry the copy.  You can then give a health care provider
your number separately.

Here are some suggestions for negotiating with people who don't want to
give you what you want.  They work whether the problem has to do with SSNs
(your number is added to a database without your consent, someone refuses
to give you service without getting your number, etc.) or is any other
problem with a clerk or bureaucrat who doesn't want to do things any way
other than what works for 99% of the people they see.  Start politely,
explaining your position and expecting them to understand and cooperate.
If that doesn't work, there are several more things to try:

1: Talk to people higher up in the organization.  This often works
        simply because the organization has a standard way of dealing
        with requests not to use the SSN, and the first person you deal
        with just hasn't been around long enough to know what it is.

2: Enlist the aid of your employer.  You have to decide whether talking
        to someone in personnel, and possibly trying to change
        corporate policy is going to get back to your supervisor and
        affect your job.  The people in the personnel and benefits
        departments often carry a lot of weight when dealing with health
        insurance companies.

3: Threaten to complain to a consumer affairs bureau.  Most newspapers
        can get a quick response.  Ask for their "Action Line" or
        equivalent.  If you're dealing with a local government agency,
        look in the state or local government section of the phone book
        under "consumer affairs."  If it's a federal agency, your
        congress member may be able to help.

4: Insist that they document a corporate policy requiring the number.
        When someone can't find a written policy or doesn't want to
        push hard enough to get it, they'll often realize that they
        don't know what the policy is, and they've just been following
        tradition.

5: Ask what they need it for and suggest alternatives.  If you're
        talking to someone who has some independence, and they'd like
        to help, they will sometimes admit that they know the reason
        the company wants it, and you can satisfy that requirement a
        different way.

6: Tell them you'll take your business elsewhere (and follow through if
        they don't cooperate.)

7: If it's a case where you've gotten service already, but someone
        insists that you have to provide your number in order to have a
        continuing relationship, you can choose to ignore the request
        in hopes that they'll forget or find another solution before
        you get tired of the interruption.


        How To Find Out If Someone Is Using Your Number

There are two good places to look to find out if someone else is using
your number: the Social Security Administration's (SSA) database, and your
credit report.  If anyone else used your number when applying for a job,
their earnings will appear under your name in the SSA's files.  If someone
uses your SSN (or name and address) to apply for credit, it will show up
in the files of the big three credit reporting agencies.

The Social Security Administration recommends that you request a copy of
your file from them every few years to make sure that your records are
correct (your income and "contributions" are being recorded for you, and
no one else's are.)  As a result of a recent court case, the SSA has
agreed to accept corrections of errors when there isn't any contradictory
evidence, SSA has records for the year before or after the error, and the
claimed earnings are consistent with earlier and later wages.  (San Jose
Mercury News, 5/14, 1992 p 6A) Call the Social Security Administration at
(800) 772-1213 and ask for Form 7004, (Request for Earnings and Benefit
Estimate Statement.)  The forms are available online at the SSA's website:
http://www.ssa.gov/online/forms.html.  You can also pick up a copy at any
office of the SSA.

Information about the credit reporting agencies is available in the Junk
Mail FAQ, and various other privacy-related FAQs.  Try looking at
http://www.cpsr.org/dox/program/privacy/privacy.html




    Retrieving the SSN FAQ and related documents

The SSN FAQ is available from two places: rtfm.mit.edu (by FTP or EMail),
or cpsr.org (by FTP or http).  The html version is at cpsr.org, and
includes links to SSN-related info which has been omitted from the text
version.  The text version is at MIT.

The URLs are:
    http://cpsr.org/cpsr/privacy/ssn/ssn.faq.html
    ftp://cpsr.org/ftp/cpsr/privacy/
    ftp://rtfm.mit.edu/pub/usenet-by-hierarchy/news/answers/privacy/

    Web
There is a more comprehensive privacy page at CPSR (which points at
both the SSN and junk mail FAQs).  It's at:
   http://www.cpsr.org/cpsr/privacy/privacy.html.

    EMail
You can get the latest version of the SSN FAQ (the text version) by
sending mail to mail-server@rtfm.mit.edu with
    send usenet-by-hierarchy/news/answers/privacy/ssn-faq
as the sole contents of the body.  Send a message containing "help" to get
general information about the mail server.

cpsr.org has other resources on privacy, SSNs, and related subjects.
Other directories contain information on pending legislation, the 1st
amendment, computer security, cryptography, FOIA, NII, and CPSR.

other Privacy-related Resources
    http://www.cpsr.org/privacy/privacy.html
    http://www.epic.org/privacy/ssn
    http://www.epic.org/privacy/

If you have suggestions for improving this document please send them to me:
Chris Hibbert
1195 Andre Ave.               or         hibbert@cpsr.org
Mountain View, CA 94040


-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBOrzdJKMpMwZ0adT9AQGCBgP/b2G8LcC4zULodJHx4sZupYgGSPsaH55M
fGExOoZ+kbnbkGbyGdQFiXCYbhoBN8p4lyFwiHQawlGPXQW/UbG201XpeE8mzDma
3wSmVFWtmPonqTlFt+IFHRAl2T7ol1i44oNlnsj9URs5jj3lVR2UT2R5kff9Uy//
dlioJLevV3U=
=Vnd2
-----END PGP SIGNATURE-----

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA


[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
hibbert@netcom.com





Last Update March 27 2014 @ 02:12 PM