Privacy

More modern IT could keep SSA from mailing out Social Security numbers

Shutterstock image: digital records overlay.

If you have ever received a notice in the mail from the Social Security Administration, odds are your Social Security number was on it. Of the 352 million notices the agency mailed last year, about 233 million included the recipients' full SSNs, potentially putting people at risk of identity theft, according to an inspector general report released on April 27.

The government has long advocated that agencies stop using the numbers as personal identifiers, and many large agencies have already done so. The IG recommends that SSA follow suit and prioritize removing SSNs from their mailed notices and re-evaluate how much it would cost to do so.

SSA officials agreed with both recommendations but said making the change in fiscal 2016 would mean postponing other critical IT projects. Meanwhile, the agency plans to use existing IT projects to replace SSNs with Beneficiary Notice Control Numbers on a case-by-case basis and as resources permit.

Right now, the agency's operational and systems infrastructure is still designed for SSNs. Employees cannot communicate personal information to callers without the numbers, even if they have their BNCs. And if they don't remember their SSNs, callers have to go to a field office, where an employee searches for their numbers. That could create confusion, longer call times and more field office visits.

Also, SSA employees cannot use BNCs to query the Online Retrieval System where they store electronic copies of mailed notices. Instead, they must must cross-check the BNC with the SSN, adding a step to the process.

An SSA workgroup formed in June 2015 recommended delaying the removal of SSNs from all notices until the agency has enough resources. The workgroup estimated it would cost about $14 million to replace SSNs with BNCs on mailed notices, but the IG said the group did not provide documentation to support that estimate.

Ultimately, the IG stressed the importance of protecting people from the risk of identity theft associated with sending personally identifiable information through the mail.

"Convenience should not come before the security of individuals' private and sensitive information," the report states.

About the Author

Bianca Spinosa is an Editorial Fellow at FCW.

Spinosa covers a variety of federal technology news for FCW including workforce development, women in tech, and the intersection of start-ups and agencies. Prior to joining FCW, she was a TV journalist for more than six years, reporting local news in Virginia, Kentucky, and North Carolina. Spinosa is currently pursuing her Master’s degree in Writing at George Mason University, where she also teaches composition. She earned her B.A. from the University of Virginia.

Click here for previous articles by Spinosa, or connect with her on Twitter: @BSpinosa.


Featured

  • Cybersecurity
    malware detection (Alexander Yakimov/Shutterstock.com)

    Microsoft targets copycat influence websites

    Microsoft went to court to take down websites it believes to be part of a foreign intelligence operation targeting conservative think tanks and the U.S. Senate.

  • Cybersecurity
    secure network

    FAA explores shifting its network to FISMA high

    The Federal Aviation Administration is exploring an upgrade to the information security categorization of IT systems as part of air traffic control modernization.

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.