FTC Testimony Stresses Importance of Government Agencies Protecting Social Security Numbers
Posted by Ronald London
Recently, the Federal Trade Commission offered testimony before the Ohio state legislature’s Privacy and Public Records Access Study Committee regarding the part government agencies play in identity theft. The FTC told the Committee that public agencies can “play a key role in reducing the incidence and impact of identity theft.” They can do so, said Betsy Broder, Assistant Director of the FTC’s Division of Privacy and Identity Protection, by limiting the amount of personally identifiable information they collect, restricting access to the information, and implementing procedures to respond to data breaches.
The FTC testimony focused at length on the “Critical Role of Social Security Numbers,” noting that they are widely available in federal, state, and local government public records and are often a critical data point for identity thieves. According to the testimony, 41 states, the District of Columbia, and 75 percent of U.S. counties include social security numbers in public records among the personal information they collect for a variety of purposes, including determining who is eligible for government programs and delivering government services. The FTC recommended that “governments, together with the private sector, must make it more difficult for thieves to obtain the information they need to steal identities and respond appropriately to data breaches if they occur,” in order to reduce the incidence and impact of identity theft.
According to the FTC, both private-sector and government entities should not only take steps to avoid data breaches, but also should have response plans in place should a breach occur. Such plans should establish criteria for determining whether to notify consumers of the breach, what the notification should say, which third parties if any should be notified, and whether to offer credit monitoring to those whose records may have been compromised.
The FTC testimony heavily leveraged a recent report by the President’s Identity Theft Task Force a body made up of 17 federal agencies and co-chaired by Attorney General Alberto Gonzales and FTC Chairman Deborah Platt Majoras, which has the mission of developing a comprehensive national strategy to combat identity theft. The Task Force recommended that federal agencies “take steps to eliminate, restrict, or conceal the use of SSNs wherever possible, including assigning employee identification numbers where practicable.” It will be interesting to see how the FTC testimony and Task Force recommendations intersect with plans under the REAL ID Act for what, government’s denials aside, would constitute a national ID card (based, among other things, on linking the databases of the state DMVs), insofar as the Act has been criticized as likely to be ineffectual in preventing identity theft while presenting a far more attractive target for identity thieves.