Bill aims at information privacy

The Privacy Act of 2003

To stem the growing tide of identity theft and fraud, Sen. Dianne Feinstein (D-Calif.) introduced a bill March 31 that would establish a comprehensive national system for privacy protection.

The Privacy Act of 2003, as S. 745 is called, would create a federal standard regulating the use of sensitive information such as financial and health data, driver's license records and Social Security numbers. It would supersede a "jumbled patchwork" of state privacy laws, she said in introducing the bill.

Although usage of the Social Security number is a component within this bill, Feinstein and several co-sponsors had introduced it under separate cover earlier in the year as S. 228, the Social Security Number Misuse Prevention Act.

The Privacy Act would seemingly close loopholes in existing laws such as the 1999 Gramm-Leach-Bliley Act, which regulates how banks can share a customer's personal information with other companies. Similarly, it would strengthen federal regulations concerning the use of personal health information and driver's license data.

In her remarks, Feinstein said the measure would bar the public sale or display of Social Security numbers unless the holders consent or there is a compelling public safety need. Reports of misuse have increased from about 8,000 in 1997 to more than 73,000 last year, according to the Social Security Administration.

Among its provisions, government entities would have to redact such Social Security numbers from electronic records available to the public on the Internet or any electronic medium.

While he couldn't comment on the Privacy Act of 2003, Chris Hoofnagle, deputy counsel at the Electronic Privacy Information Center, said the federal government and some states are working toward eliminating "the presence of Social Security numbers in public records," calling it a significant undertaking.

"It's a real problem," he said. "The government is supposed to be a steward of personal information and part of that stewardship includes being responsible with personal data. And simply posting individual Social Security numbers, like you'll find in the federal. . .bankruptcy files for instance, is not a responsible stewardship."

However, Feinstein's bill lists exceptions to use of Social Security numbers, such as for national security, public safety or public health purposes, facilitation of credit checks, retrieval of other information from businesses, commercial enterprises, government entities or private nonprofit organizations, or transfer of such numbers as part of a data matching program involving federal, state or local agencies.

Under the bill, the attorney general would develop regulations allowing for the sale or purchase of Social Security numbers to assist business-to-business or business-to-government transactions as long as appropriate safeguards are in place and public access is denied.

"It is a measure that will not likely empower individuals to have greater control of their SSN," said Hoofnagle, speaking specifically about the Social Security Number Misuse Prevention Act, which was introduced Jan. 29.

"That act has numerous exemptions and it essentially legitimizes business-to-business use of the Social Security number," he said.


  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

  • innovation (Sergey Nivens/

    VA embraces procurement challenges at scale

    Steve Kelman applauds the Department of Veterans Affairs' ambitious attempt to move beyond one-off prize-based contests to combat veteran suicides more effectively.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.