A post in today’s Red Tape Chronicles puts the odds of someone else having your social security number at 1 in seven.  According to the article, this is something of an open secret among government agencies: “The IRS often knows when this happens, when the imposter pays taxes. The Social Security Administration knows, too, for the same reason. And the nation’s credit bureaus usually know, because the imposter often ends up applying for some form of credit.  Plenty of financial institutions also have access to this information.” In August, San Diego company ID Analytics reported that more than 20 million Americans have more than one social security number.  That article indicates that:

• 6.1 percent of Americans have at least two SSNs
• More than 100,000 Americans have five or more SSNs
• More than 15 percent of SSNs are associated with two or more people
• More than 140,000 SSNs are associated with five or more people
• More than 27,000 SSNs are associated with 10 or more people

These statistics likely come as  a shock to many people, who naturally assumed that social security numbers are  used to uniquely identify a particular individual.  These statistics, coupled with the court cases referenced in an earlier post seem to paint a picture in which the social security number is not nearly as “private” or as “protected” as had been widely believed.

In our industry, we tend to focus on the responsibility of the company or organization to protect personally identifiable information.  In that discussion, the individual tends to be exonerated of any culpability in the protection of data.  Certainly, the argument can and has been made that organizations that collect data have a fiduciary responsibility to protect that data.  The individual, though, has an increasing role in ensuring the protection of their own information, as well.  This is not to suggest that if someone’s SSN is misappropriated or misused that the individual is at fault.  What I mean to say is that, in the current climate in which SSNs are commonly misused and the courts have suggested that this is not always in contravention of the law, individuals must become hyper-vigilant in the protection of their own information.  A simple example – If I am filling out an application or dealing with a service provider that requests my social security number, I always ask why it is needed.  Sometimes companies request information because it is “nice to have,” not necessary.  One shouldn’t provide “nice to have” information.

The fact of the matter is that social security numbers currently serve a number of purposes for which it was never intended.  The SSN was intended merely to track an individual’s account within the Social Security Administration.  Over the years, this number has morphed into an all-encompassing identifier for almost every aspect of American life.  Since it was never intended to be as widespread as it is now, there were never any authentication measures built into the 75 year old system.  The fact of the matter remains that attempting to retro-fit privacy controls into an outmoded system is rarely successful.  Unless and until a new system is implemented, consumers will have to take measures to ensure that their SSN is not being misused.

Dr. Heather Mark, PhD. SVP of Market Strategy