More modern IT could keep SSA from mailing out Social Security numbers

Shutterstock image: digital records overlay.

If you have ever received a notice in the mail from the Social Security Administration, odds are your Social Security number was on it. Of the 352 million notices the agency mailed last year, about 233 million included the recipients' full SSNs, potentially putting people at risk of identity theft, according to an inspector general report released on April 27.

The government has long advocated that agencies stop using the numbers as personal identifiers, and many large agencies have already done so. The IG recommends that SSA follow suit and prioritize removing SSNs from their mailed notices and re-evaluate how much it would cost to do so.

SSA officials agreed with both recommendations but said making the change in fiscal 2016 would mean postponing other critical IT projects. Meanwhile, the agency plans to use existing IT projects to replace SSNs with Beneficiary Notice Control Numbers on a case-by-case basis and as resources permit.

Right now, the agency's operational and systems infrastructure is still designed for SSNs. Employees cannot communicate personal information to callers without the numbers, even if they have their BNCs. And if they don't remember their SSNs, callers have to go to a field office, where an employee searches for their numbers. That could create confusion, longer call times and more field office visits.

Also, SSA employees cannot use BNCs to query the Online Retrieval System where they store electronic copies of mailed notices. Instead, they must must cross-check the BNC with the SSN, adding a step to the process.

An SSA workgroup formed in June 2015 recommended delaying the removal of SSNs from all notices until the agency has enough resources. The workgroup estimated it would cost about $14 million to replace SSNs with BNCs on mailed notices, but the IG said the group did not provide documentation to support that estimate.

Ultimately, the IG stressed the importance of protecting people from the risk of identity theft associated with sending personally identifiable information through the mail.

"Convenience should not come before the security of individuals' private and sensitive information," the report states.

About the Author

Bianca Spinosa is an Editorial Fellow at FCW.

Spinosa covers a variety of federal technology news for FCW including workforce development, women in tech, and the intersection of start-ups and agencies. Prior to joining FCW, she was a TV journalist for more than six years, reporting local news in Virginia, Kentucky, and North Carolina. Spinosa is currently pursuing her Master’s degree in Writing at George Mason University, where she also teaches composition. She earned her B.A. from the University of Virginia.

Click here for previous articles by Spinosa, or connect with her on Twitter: @BSpinosa.


  • Image: Shutterstock

    COVID, black swans and gray rhinos

    Steven Kelman suggests we should spend more time planning for the known risks on the horizon.

  • IT Modernization
    businessman dragging old computer monitor (Ollyy/

    Pro-bono technologists look to help cash-strapped states struggling with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help.

Stay Connected