Archive-name: privacy/ssn-faq
Last-modified: March 24, 2001 URL1: http://www.cpsr.org/cpsr/privacy/ssn/ssn.faq.html See reader questions & answers on this topic! - Help others by sharing your knowledge -----BEGIN PGP SIGNED MESSAGE----- If you have comments on the following, please send them to me at hibbert@cpsr.org. A description of how to retrieve the most recent version of this and related documents appears at the end. What to do when they ask for your Social Security Number by Chris Hibbert Computer Professionals for Social Responsibility Many people are concerned about the number of organizations asking for their Social Security Numbers. They worry about invasions of privacy and the oppressive feeling of being treated as just a number. Unfortunately, I can't offer any hope about the dehumanizing effects of identifying you with your numbers. I *can* try to help you keep your Social Security Number from being used as a tool in the invasion of your privacy. The advice in this FAQ deals primarily with the Social Security Number used in the US, though the privacy considerations are equally applicable in many other countries. The laws explained here are US laws. The advice about dealing with bureaucrats and clerks is universal. The Privacy Act of 1974 The Privacy Act of 1974 (Pub. L. 93-579, in section 7), which is the primary law affecting the use of SSNs, requires that any federal, state, or local government agency that requests your Social Security Number has to tell you four things: 1: The authority (whether granted by statute, or by executive order of the President) which authorizes the solicitation of the information and whether disclosure of such information is mandatory or voluntary; 2: The principal purposes for which the information is intended to be used; 3: The routine uses which may be made of the information, as published annually in the Federal Register, and 4: The effects on you, if any, of not providing all or any part of the requested information. The Act requires state and local agencies which request the SSN to inform the individual of only three things: 1: Whether the disclosure is mandatory or voluntary, 2: By what statutory or other authority the SSN is solicited, and 3: What uses will be made of the number. In addition, that section makes it illegal for Federal, state, and local government agencies to deny any rights, privileges or benefits to individuals who refuse to provide their SSNs unless the disclosure is required by Federal statute. (The other exception is if the disclosure is for use in a record system which required the SSN before 1975. (5 USC 552a note). So anytime you're dealing with a government institution and you're asked for your Social Security Number, look for a Privacy Act Statement. If there isn't one, complain and don't give your number. If the statement is present, read it. Once you've read the explanation of whether the number is optional or required, and what will be done with your number if you provide it, you'll be able to decide for yourself whether to fill in the number. There are several kinds of governmental organizations that usually have authority to request your number, but they are all required to provide the Privacy Act Statement described above. (see the list in the "Short History" section of the website http://www.cpsr.org/cpsr/privacy/ssn/SSN-History.html#history) The only time you should be willing to give your number without reading that notice is when the organization you are dealing with is not a part of the government. Why You May Want to Resist Requests for Your SSN When you give out your number, you are providing access to information about yourself. You're providing access to information that you don't have the ability or the legal right to correct or rebut. You provide access to data that is irrelevant to most transactions but that will occasionally trigger prejudice. Worst of all, since you provided the key, (and did so "voluntarily") all the information discovered under your number will be presumed to be true, about you, and relevant. A major problem with the use of SSNs as identifiers is that it makes it hard to control access to personal information. Even assuming you want someone to be able to find out some things about you, there's no reason to believe that you want to make all records concerning yourself available. When multiple record systems are all keyed by the same identifier, and all are intended to be easily accessible to some users, it becomes difficult to allow someone access to some of the information about a person while restricting them to specific topics. Unfortunately, far too many organizations assume that anyone who presents an SSN must be the owner. When more than one person uses the same number, it clouds up the records. If someone intended to hide their activities by using someone else's number, it's likely that it'll look bad on whichever record it shows up on. When it happens accidentally, it can be unexpected, embarrassing, or worse. How do you prove that you weren't the one using your number when the record was made? Simson Garfinkel put it very well in an article for CACM's "Inside Risks" column in October, 1995. His article started with the paragraph The problem with Social Security Numbers today is that some organizations are using these ubiquitous numbers for identification, others are using them for authentication, and still others are using them for both. Simson went on to explain how the two uses are incompatible. I recommend the article. What You Can Do to Protect Your Number It's not a good idea to carry your SSN card with you (or other documents that contain your SSN). If you should lose your wallet or purse, your SSN would make it easier for a thief to apply for credit in your name or otherwise fraudulently use your number. Some states that normally use SSNs as the drivers license number will give you a different number if you ask. If your health insurance plan uses your SSN for an ID number, it's probably on your insurance card. If you are unable to get the insurance plan to change your number, you may want to photocopy your card with your SSN covered and carry the copy. You can then give a health care provider your number separately. Here are some suggestions for negotiating with people who don't want to give you what you want. They work whether the problem has to do with SSNs (your number is added to a database without your consent, someone refuses to give you service without getting your number, etc.) or is any other problem with a clerk or bureaucrat who doesn't want to do things any way other than what works for 99% of the people they see. Start politely, explaining your position and expecting them to understand and cooperate. If that doesn't work, there are several more things to try: 1: Talk to people higher up in the organization. This often works simply because the organization has a standard way of dealing with requests not to use the SSN, and the first person you deal with just hasn't been around long enough to know what it is. 2: Enlist the aid of your employer. You have to decide whether talking to someone in personnel, and possibly trying to change corporate policy is going to get back to your supervisor and affect your job. The people in the personnel and benefits departments often carry a lot of weight when dealing with health insurance companies. 3: Threaten to complain to a consumer affairs bureau. Most newspapers can get a quick response. Ask for their "Action Line" or equivalent. If you're dealing with a local government agency, look in the state or local government section of the phone book under "consumer affairs." If it's a federal agency, your congress member may be able to help. 4: Insist that they document a corporate policy requiring the number. When someone can't find a written policy or doesn't want to push hard enough to get it, they'll often realize that they don't know what the policy is, and they've just been following tradition. 5: Ask what they need it for and suggest alternatives. If you're talking to someone who has some independence, and they'd like to help, they will sometimes admit that they know the reason the company wants it, and you can satisfy that requirement a different way. 6: Tell them you'll take your business elsewhere (and follow through if they don't cooperate.) 7: If it's a case where you've gotten service already, but someone insists that you have to provide your number in order to have a continuing relationship, you can choose to ignore the request in hopes that they'll forget or find another solution before you get tired of the interruption. How To Find Out If Someone Is Using Your Number There are two good places to look to find out if someone else is using your number: the Social Security Administration's (SSA) database, and your credit report. If anyone else used your number when applying for a job, their earnings will appear under your name in the SSA's files. If someone uses your SSN (or name and address) to apply for credit, it will show up in the files of the big three credit reporting agencies. The Social Security Administration recommends that you request a copy of your file from them every few years to make sure that your records are correct (your income and "contributions" are being recorded for you, and no one else's are.) As a result of a recent court case, the SSA has agreed to accept corrections of errors when there isn't any contradictory evidence, SSA has records for the year before or after the error, and the claimed earnings are consistent with earlier and later wages. (San Jose Mercury News, 5/14, 1992 p 6A) Call the Social Security Administration at (800) 772-1213 and ask for Form 7004, (Request for Earnings and Benefit Estimate Statement.) The forms are available online at the SSA's website: http://www.ssa.gov/online/forms.html. You can also pick up a copy at any office of the SSA. Information about the credit reporting agencies is available in the Junk Mail FAQ, and various other privacy-related FAQs. Try looking at http://www.cpsr.org/dox/program/privacy/privacy.html Retrieving the SSN FAQ and related documents The SSN FAQ is available from two places: rtfm.mit.edu (by FTP or EMail), or cpsr.org (by FTP or http). The html version is at cpsr.org, and includes links to SSN-related info which has been omitted from the text version. The text version is at MIT. The URLs are: http://cpsr.org/cpsr/privacy/ssn/ssn.faq.html ftp://cpsr.org/ftp/cpsr/privacy/ ftp://rtfm.mit.edu/pub/usenet-by-hierarchy/news/answers/privacy/ Web There is a more comprehensive privacy page at CPSR (which points at both the SSN and junk mail FAQs). It's at: http://www.cpsr.org/cpsr/privacy/privacy.html. EMail You can get the latest version of the SSN FAQ (the text version) by sending mail to mail-server@rtfm.mit.edu with send usenet-by-hierarchy/news/answers/privacy/ssn-faq as the sole contents of the body. Send a message containing "help" to get general information about the mail server. cpsr.org has other resources on privacy, SSNs, and related subjects. Other directories contain information on pending legislation, the 1st amendment, computer security, cryptography, FOIA, NII, and CPSR. other Privacy-related Resources http://www.cpsr.org/privacy/privacy.html http://www.epic.org/privacy/ssn http://www.epic.org/privacy/ If you have suggestions for improving this document please send them to me: Chris Hibbert 1195 Andre Ave. or hibbert@cpsr.org Mountain View, CA 94040 -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBOrzdJKMpMwZ0adT9AQGCBgP/b2G8LcC4zULodJHx4sZupYgGSPsaH55M fGExOoZ+kbnbkGbyGdQFiXCYbhoBN8p4lyFwiHQawlGPXQW/UbG201XpeE8mzDma 3wSmVFWtmPonqTlFt+IFHRAl2T7ol1i44oNlnsj9URs5jj3lVR2UT2R5kff9Uy// dlioJLevV3U= =Vnd2 -----END PGP SIGNATURE----- User Contributions:
[ Usenet FAQs | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer: hibbert@netcom.com
Last Update March 27 2014 @ 02:12 PM
|
Comment about this article, ask questions, or add new information about this topic: