Fact Sheet 10:
My Social Security Number - How Secure Is It?
Send to Printer
Privacy Rights Clearinghouse
- How do government agencies use my Social Security number?
- Am I required to give my Social Security number to government agencies?
- Must I give my Social Security number to private businesses?
- Should I disclose my Social Security number over the Internet?
- Can my employer use my Social Security number as an employee identification number?
- Why do financial transactions require my Social Security number?
- Can a school or college use my Social Security number as an ID number?
- Can a state use my Social Security number as my drivers’ license number?
- How can I obtain my Social Security Statement?
- Can I change my Social Security number?
- What information is contained in the Social Security Death Master File?
- How can I protect my Social Security number?
History of Social Security Number use. When Social Security numbers were first issued in 1936, the federal government assured the public that use of their use would be limited to Social Security programs such as calculating retirement benefits.
Today, however, the Social Security number (SSN) has become the de facto national identifier. SSNs are often used both an identifier and an authenticator. As an identifier, the SSN is provided by individuals to answer the question, “Who are you?” As an authenticator, the SSN is provided by individuals in response to a challenge: “Prove who you are.”
Government agencies and private businesses continue to use SSNs for a wide range of non-Social Security purposes — such as employee files, medical records, health insurance accounts, credit and banking accounts, university ID cards, utility accounts, and many more.
Threat of data breaches. Your SSN is frequently used as your identification number in many computer files, giving access to information you may want kept private and allowing an easy way of linking databases. The files of utility companies are just one example of such usage. In recent years, news stories of data breaches in which SSNs are compromised are a daily occurrence.
Identity theft. Identity thieves seek SSNs so they can use these numbers to assume the identity of another person and commit fraud. It’s relatively easy for someone to fraudulently use your SSN to assume your identity and gain access to your bank account, credit accounts, utilities records, and other sources of personal information. Identity thieves also can establish new credit and bank accounts in your name, or use your SSN for employment purposes or to obtain medical care.
it’s wise to limit access to your SSN whenever possible. While the
potential sources of SSNs are vast and accessible, you can take steps to
keep your SSN out of the hands of potential thieves.
SSNs in state and local government agency records. The
U.S. Government Accounting Office (GAO), the investigative arm of
Congress, first reported on the potential for identity theft posed by
SSNs included in public records in 2006.
GAO estimated that 85 percent of the largest, most populated counties
surveyed make records that may contain SSNs available in bulk sales or
online. Most often SSNs appear in state and local court files and local
property ownership records.
Agencies generally place no restrictions on the reuse of data included in public records, meaning information can change hands many times and even be outsourced to foreign service providers. Since the GAO’s report, many states are working to limit SSNs in public records. Such belated efforts, however, do nothing to retrieve the millions of SSNs already available through public records. Some jurisdictions are beginning the process of redacting SSNs from old public records. However, this can be a costly and time-consuming process.
Federal agency use. The GAO’s 2006 report found that SSNs are displayed on millions of cards issued by federal agencies, including 42 million Medicare cards, 8 million Department of Defense identification cards and insurance cards, and 7 million Veteran Affairs identification cards. Because the connection between identity theft and widespread use of the SSNs is now indisputable, the federal government has acted to curtail its use.
The federal Office of Management and Budget (OMB) issued a memorandum to all executive departments and agencies titled “Safeguarding Against and Responding to the Breach of Personally Identifiable Information” (OMB Memorandum M-07-6) (May 22, 2007) The OMB memorandum required agencies to review their use of SSNs and, among other things, identify instances in which collection or use is unnecessary. Since issuance of the OMB memorandum, agencies have taken steps to reduce unnecessary SSN use.
Military. SSNs began to disappear from military identification cards in 2011. As cards expire, they are replaced with new cards having a Department of Defense (DoD) identification number. The DoD identification number is a unique 10-digit number. An 11-digit DoD benefits number will appear on cards of dependents eligible for DoD benefits. SSNs embedded in the bar codes on the back of identification cards are currently being phased out.
Internal Revenue Service (IRS). The IRS implemented a Social Security Number Elimination and Reduction (SSN ER) Plan in response to concerns over the protection of personal data. An audit report released by the Treasury Inspector General for Tax Administration (TIGTA) on August 13, 2010, notes that no date has been set by which to eliminate or reduce the use of SSNs on outgoing correspondence, and that the SSN ER plan lacks milestones for progress.
Veterans. Veteran Health Identification Cards (VHIC) are issued for use by veterans at VA Medical Facilities. The VHIC replaces the Veteran Identification Card (VIC) which contained the veteran's SSN in the bar code on the card. VHICs do not contain your SSN.
Government checks. The Social Security Number Protection Act of 2010 (S. 3789) prohibits federal, state, or local agencies from displaying the Social Security account number of any individual, or any derivative of such number, on any check issued for any payment by the agency.
Medicare cards. Legislation signed in April 2015 requires that SSNs be removed from Medicare cards. Medicare will replace SSNs with randomly generated Medicare beneficiary identifiers. The process will take up to 8 years, beginning with Medicare cards for new Medicare beneficiaries.
The answer depends upon the agency. Some government agencies, including tax authorities, welfare offices, and state Departments of Motor Vehicles, can require your SSN number as mandated by federal law (42 USC 405 (c)(2)(C)(v) and (i)). Others may request the SSN, leading you to believe you must provide it.
The Privacy Act of 1974 requires all government agencies — federal, state and local — that request SSNs to provide a "disclosure" statement on the form. The statement explains whether you are required to provide your SSN or if it’s optional, how the SSN will be used, and under what statutory or other authority the number is requested (5 USC 552a, note). The U.S. Office of Management and Budget, Office of Information and Regulatory Affairs (OIRA) provides guidance and oversight regarding the Privacy Act of 1974.
The Privacy Act states that you cannot be denied a government benefit or service if you refuse to disclose your SSN unless the disclosure is required by federal law, or the disclosure is to an agency that has been using SSNs before January 1975, when the Privacy Act went into effect. There are other exceptions as well.
If you are asked to give your SSN to a government agency and no disclosure statement is included on the form, you should complain to the agency and cite the Privacy Act of 1974. Unfortunately, there appear to be no penalties when a government agency fails to provide a disclosure statement.
General. Usually you are not legally compelled to provide your SSN to private businesses. There is no law, however, that prevents businesses from requesting your SSN, and there are few restrictions on what businesses can do with it. But even though you are not legally required to disclose your SSN, the business does not have to provide you with service if you refuse to release it. So in a sense, you are strong-armed into giving your SSN.
But don't give up. Be sure to ask if there is an alternate number that you can provide to the company, such as your driver's license number. Also ask if you can provide a deposit rather than giving your SSN to the company.
If a business insists on knowing your SSN when you do not see a reason for it, we encourage you to speak to a manager who may be authorized to make an exception or who may know whether company policy requires it. If the company will not allow you to use an alternate number such as your driver’s license number, you may want to take your business elsewhere. Read 5 Places Where You Should Never Give Your Social Security Number for advice on how to avoid giving up your SSN and Why you shouldn't give your doctor your Social Security number.
SSN required by federal law. Federal law requires private businesses to collect your SSN when (1) you are involved in a transaction in which the Internal Revenue Service requires notification, or (2) you are engaged in a financial transaction subject to federal Customer Identification Program rules.
MediCal and Medicare are government health plans and can require an SSN.
Commercial insurance companies can ask for your SSN, if you are covered by group insurance through your employer or if you bought an Affordable Care Act plan through a state or federal marketplace.
A Mandatory Insurer Reporting Law (Section 111 of Public Law 110-173) requires group health plan insurers to report SSNs to the Centers for Medicare and Medicaid Services for both subscribers and covered dependents. This information is used to coordinate Medicare payments with other insurance benefits. However, there is no language in Section 111 itself that mandates collection or reporting of all SSNs to Medicare. Medicare requires only that insurers send the Medicare ID numbers of Medicare beneficiaries, and that they take appropriate steps to ensure that they tell Medicare about all the Medicare beneficiaries they also provide coverage for.
Similarly, individuals who receive ongoing reimbursement for medical care through no-fault insurance or workers’ compensation or who receive a settlement, judgment or award from liability insurance (including self-insurance), no-fault insurance, or workers’ compensation may be asked to furnish information concerning their SSN.
Beginning with the 2015 tax year, your health insurance company will be required to provide Form 1095-B to you and to the Internal Revenue Service (IRS). The law requires SSNs to be reported on Form 1095-B. You will use the form to prepare your income tax return. The information will be used to verify information on your individual income tax return under the Affordable Care Act (ACA). If the information you provide on your tax return cannot be verified, you may receive a notice from th IRS indicating that you are liable for a shared responsibility payment under the ACA.
Credit applications. Credit card applications usually request SSNs. Your number is used primarily to verify your identity in situations where you have the same or a similar name to others. Most credit grantors will insist on having your SSN. But in rare cases, you may be able to find a credit grantor who will provide you credit without knowing your SSN, especially if you are persistent and can provide other forms of identification.
Credit reporting agencies. If you are dealing with a credit reporting agency, such as Experian, Equifax, or TransUnion, you will generally need to give your SSN. They claim that’s how the agency will find your file from among the hundreds of millions of records they maintain. These agencies already have your SSN. When ordering your free annual credit report from the credit bureaus, you can request that the SSN be left off the document when sent to you via postal mail.
Pre-approved credit applications. You need to give out your SSN over the telephone to stop receiving pre-approved credit card offers when calling (888) 5 OPT-OUT or (888) 567-8688. This is the toll-free line shared by the three credit bureaus whose mailing lists are often used to generate credit card solicitations. You can use the agencies’ online form instead. While it doesn’t require the SSN, the credit reporting agencies say that including it will help to ensure your request will be successful.
State laws. In California, state law restricts how certain businesses can display their customers’ Social Security numbers. It does not restrict the collection of SSNs, however, and it doesn’t affect government agencies. California Civil Code §1798.85 prohibits, for example, insurance companies from printing the SSN on identification cards that are carried in the wallet. Similarly, customers of banks and investment companies cannot be required to transmit the SSN over the Internet when conducting business online, unless the number is encrypted. SSNs cannot be printed on documents sent through the mail, with some exceptions.
Other state legislatures and Congress have considered similar laws since passage of California’s landmark law. The New York state legislature passed a similar law in 2007.
New York lawmakers, in amendments to the state's labor law, further restricted private businesses' use of Social Security Numbers as well as employees' "personal identifying information." Personal identifying information includes not only the SSN but, among other things, an employee's home address and phone number, personal e-mail address, Internet access information, and the employee's parents' names. Effective January 2010, New York state government offices along with city and county agencies had to follow the same standards as apply to private businesses.
Another New York law limits the ability of entities to collect individuals’ SSNs. The law's provisions are subject to multiple exceptions, including use of SSNs for government requirements, use for internal verification or fraud investigation, use related to banking and credit-related activities, use in connection with employment, insurance or tax purposes, and other instances.
Visit the Web site of the National Conference of State Legislatures to obtain information on SSN-related legislation in other states. Use the site’s search engine for the term “social security number legislation” to obtain state-by-state results. The Data Quality Campaign has has a summary table of state SSN protection laws.
When you use the Internet, you may find Web sites that require your SSN when, for example, you apply for a credit card online or seek an insurance quote. We advise that you take extra precautions to determine that your personal data is transmitted securely and that it’s stored safely by the online business. Make sure you have a firewall the latest anti-virus and spyware software installed on your computer.
Only conduct business transactions with well-known, reputable companies. Look for the closed padlock symbol on the bottom of the page that indicates it is a secure connection. Click on the padlock to determine if the security certificate is up-to-date.
Beware of spam (unsolicited e-mail messages) that asks for your SSN or other personal information. Many people receive e-mail messages that appear to be from a government agency like the Internal Revenue Service, from a bank, Amazon, eBay, or PayPal. The message typically says that the company or agency is updating its records or has detected fraudulent activity with your account and needs personal information from you, such as your Social Security number, account number, password, mother’s maiden name, and so on. It may direct you to an official-looking Web site through a link contained in the message.
Do not respond to such messages! These are called “phishing” scams. Although they appear to be legitimate, these messages and Web sites are scams to get your personal information. No reputable company or government agency sends e-mail messages asking for sensitive personal data.
Yes, in most states. However, the Social Security Administration discourages employers from displaying SSNs on documents that are viewed by other people — such as badges, parking permits, or on lists distributed to employees. Employers do, however, need each employee’s SSN to report earnings and payroll taxes.
In California and New York, as explained above, employers cannot display the employee’s SSN in certain situations.
In 1961 the Internal Revenue Service began using SSNs as taxpayer ID numbers (TIN). Therefore, SSNs are required on transactions in which the IRS may be interested. That includes most banking, stock market and other investments, real estate purchases, automobile purchases over $10,000, many insurance documents, and other financial transactions as well as employment records.
Financial institutions are required by federal law to participate in Customer Identification Programs (CIPs). Banks must keep records of identifying information and check customer names against terrorist lists. This applies to anyone who opens a new account.
The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, (USA PATRIOT Act), Pub.L. 107-56, includes measures to undercut terrorist financing and combat money laundering. Customer identification programs (CIPs) for financial institutions are required by §326 of the PATRIOT Act, with the details spelled out in regulations published by multiple federal agencies. For additional information about CIPs, read PRC Fact Sheet 31.
Because your SSN must be included on all of these sensitive financial documents, it’s important to limit other uses of the number.
Publicly-funded schools and those that receive federal funding must comply with the Family Educational Rights and Privacy Act in order to retain their funding. FERPA is also known as the "Buckley Amendment," enacted in 1974, 20 USC 1232g.
One of FERPA's provisions requires written consent for the release of “educational records” or personally identifiable information, with some exceptions. The courts have stated that SSNs fall within this provision. (See Krebs v. Rutgers, 797 F. Supp. 1246 (D.N.J. 1992)).
FERPA applies to state colleges, universities, and technical schools that receive federal funding. An argument can be made that if such a school displays students' SSNs on identification cards or distributes class rosters or grades listings containing SSNs, it would be a violation of FERPA. However, some schools and universities have not interpreted the law this way and continue to use SSNs as a student identifier. To succeed in obtaining an alternate number to the SSN, you will probably need to be persistent and cite the law.
Public schools, colleges, and universities fall within the provisions of another federal law, the Privacy Act of 1974. This act requires such schools to provide a disclosure statement telling students how the SSN is used. If you are required to provide your SSN, be sure to look for the school's disclosure statement.
When the school is a private institution, your only recourse is to work with the administration to change the policy or at least to let you use an alternate identification number as your student ID.
The U.S. Department of Education and Department of Justice interpret the Privacy Act as prohibiting a public school district from requiring a pupil or parent to provide an SSN or denying admittance because a pupil does not provide an SSN.
Many colleges and universities are looking for ways to eliminate the SSN as primary identifiers for not only students but facility and staff as well. The California College and University Social Security Task Force published a report on the use of Social Security numbers in California colleges and universities in July, 2010.
The Intelligence Reform and Terrorism Prevention Act of 2004 prohibits states from displaying your SSN on drivers' licenses, state ID cards, or motor-vehicle registrations. The law went into effect December 17, 2005, and applies to all licenses, registrations, and identification cards issued after that date.
If your license still uses your SSN as the ID number, you can request this be changed. You don’t need to wait until it expires to get one with a different number, though you may be charged a fee for the new issuance.
Although your SSN may not be used as your ID number on your license, under the Real ID Act of 2005 states must require proof of a person’s SSN (or verification that the person is not eligible for an SSN) when issuing a license.
You can obtain your Social Security statement online by creating a My Social Security account. Your Social Security statement provides:
- A list of your lifetime earnings according to Social Security’s records
- The estimated Social Security and Medicare taxes you’ve paid
- Estimates of the benefits you or your family may receive
- General information about Social Security
You can also choose to block electronic access to your Social Security record. When you do this, no one, including you, will be able to see or change your personal information online. You may want to block your information if you:
- have been the victim of domestic violence;
- have been the victim of identify theft; or
- have any reason you do not want your record to be available.
Alternatively, you can opt for extra security to provide your account with an extra level of protection. With this option, you need a cell phone with text messaging each time you sign in.
Periodically checking your Social Security statement online can help you discover whether you might be a victim of a type of identity theft where someone uses your SSN to obtain employment. For example, an undocumented worker might use your SSN to obtain employment.
The Social Security Administration (SSA) mails statements to workers attaining ages 25, 30, 35, 40, 45, 50, 55, and 60 who are not receiving Social Security benefits and do not yet have a my Social Security account. After age 60, SSA mails annual statements. SSA mails the statements three months prior to the workers’ birthday.
The Social Security Administration (SSA) will issue a new number only in certain very extreme cases. A new SSN may be issued if you can prove that someone has stolen your number and is using it illegally. You must provide evidence that the number is actually being misused, and that the misuse is causing you significant harm on an ongoing basis. If your card has been lost or your number has fallen into the wrong hands, that's not enough. Further, SSA will not give you a new SSN to aid in avoiding legal responsibility, or in hiding bad credit or a criminal record.
SSA may also assign a different number if:
- Sequential numbers assigned to members of the same family are causing problems
- More than one person is assigned or using the same number
- There is a situation of harassment, abuse or life endangerment
To get a new Social Security number, you must visit your local Social Security field office and provide the required documentation.
The Social Security Administration’s (SSA) Death Master File (DMF) contains records of deaths that have been reported to SSA. SSA receives death reports from various sources, including family members, funeral homes, hospitals, and financial institutions. The DMF was created under a 1980 consent judgment from a lawsuit brought by a citizen under the Freedom of Information Act. The consent judgment requires that identifying information of decedents, including their Social Security numbers (SSN) be divulged.
The DMF is used by government, financial, investigative, credit reporting organizations, medical research and other industries to verify deaths and to prevent fraud and comply With the USA Patriot Act.
The DMF includes the following information on each decedent, if the data are available to the SSA: SSN, name, date of birth, date of death, state or country of residence (February 1988 and prior), ZIP code of last residence, and ZIP code of any lump sum payment. The SSA does not have a death record for all persons. Therefore, SSA does not guarantee the accuracy of the file. The absence of a particular person from the DMF is not proof that a person is alive.
For years, the DMF included death records provided by the states. In 2011, the SSA determined that state death records were exempt from public disclosure. They could, however, be made available to other federal agencies, such as the Internal Revenue Service and the Centers for Medicare and Medicaid Services, in order that they could determine whether to pay or discontinue benefits. In November 2011, four million deaths were deleted from the publicly available DMF. This was motivated in part by the desire to reduce identity theft.
Although the DMF is not available online, the DMF Extract is available for a fee from the United States Department of Commerce’s National Technical Information Service (NTIS).
The DMF is used to prevent fraud to help prevent stealing the identity of a dead person. The DMF is used by credit reporting agencies (CRA), as well as government, financial, investigative, medical research organizations to verify death and to prevent fraud. NTIS and SSA are working together to offer the DMF updates more frequently and in alternative formats. By running credit and other applications against the DMF, CRAs and other organizations are better able to identify and prevent identity fraud.
Conversely, the DMF can be used by identity thieves to obtain tax refunds for deceased persons or to apply for credit cards or obtain cell phones. Approximately 2.4 million deceased Americans have their identities stolen each year.
As of March 27, 2014, access to decedent information during the three-calendar-year period following that individual’s death is limited to certified subscribers with a legitimate fraud prevention interest or a legitimate business purpose pursuant to a law, governmental rule, regulation, or fiduciary duty.
A July 2012 SSA Inspector General's report found that SSA did not record death information in its Numident database for approximately 1.2 million deceased beneficiaries. SSA uses the Numident database to update the DMF. A March 2015 SSA Inspector General's report found that at least 6.5 million active Social Security numbers belong to people who are at least 112 years old and likely deceased.
Of the approximately 2.8 million death reports SSA receives annually, about 14,000 are incorrectly entered into its DMF. The DMF contained 36,657 death entries between May 2007 and April 2010 for people who were in fact alive.
Erroneous death entries can lead to benefit termination and closing or freezing of bank accounts, causing financial hardship. They also result in the publication of living individuals' personal identifying information in the DMF. While those who are declared dead generally lose their ability to apply for credit, they may be at risk for other types of identity theft now that their personally-identifying information has been made public.
If you find out that your name is on the DMF, your first priority is to find out who reported your death, when, and why. You must take appropriate steps to correct the information at the originating source. You will need to take steps to locate and amend the death certificate and then remove your name from the DMF.
- Adopt a policy of not giving out your SSN unless you are convinced it’s required or is to your benefit. Ask any requestor to explain why it is needed. Never give out your SSN in response to a phone call that you did not initiate.
- Never print or write your Social Security number on your checks, business cards, address labels or other identifying information.
- Do not carry your SSN card in your wallet
except for situations when it is required, such as the first day of a
new job. If possible, do not carry any items in your wallet that include
your SSN, such as insurance cards, except when they are needed to
receive healthcare services. Your wallet could be lost or stolen,
resulting in your SSN being vulnerable to fraudulent use.
A California law places restrictions on the display and transmission of SSNs by companies. For more information, read the California Department of Justice’s Privacy Enforcement and Protection Unit's guide on SSN “recommended practices,” at http://www.oag.ca.gov/sites/all/files/pdfs/privacy/protecting_ssns.pdf?. If you feel that you must carry a health insurance card that includes your SSN or a Medicare card with you at all times, photocopy the original card and cut it down to wallet size. Then blacken out or cut out the last four digits of the SSN on the copy. Carry the copy with you rather than the actual card. However, the first time that you visit your healthcare provider, bring the original Medicare card with you. The office is likely to want to photocopy or scan it for its files.
- Order a copy of your free credit reports
each year. If you are a victim of identity theft, the credit report
will likely contain evidence of credit or banking fraud committed using
your name and SSN. It will also show other SSNs or names associated with
- If a private business requests your SSN:
- Leave the space for the SSN on the form blank or write "refused" or “N/A” in that space.
- Speak to someone in management or write to the business and explain why you do not want your SSN used to identify you. If you don’t receive satisfaction from the first person you contact, go to someone in the organization with more authority.
- Insist that the company document its policy of why they are requiring a SSN. If a written policy cannot be found or too much time is taken looking for one, maybe the business will allow you to use an alternate number.
- Ask why your SSN is requested and suggest alternatives like using your driver’s license number.
- If the company insists on having your SSN, explain that you will take your business elsewhere. If the company persists, follow through on your promise.
- If your employer releases or displays your SSN, explain why you disapprove of this practice. Some employers do not treat SSNs as confidential information. They may be willing to change their policy when they understand the twin dangers of invasion of privacy and potential for fraud. As explained above, laws in California and New York place restrictions on the display and transmission of SSNs by companies.
- If your bank, credit union or other financial service provider uses your Social Security number as a personal identification number (PIN) or as the identifier for banking by phone or the Internet, write a letter of complaint. Demand to have a different PIN and/or identification number assigned. Explain why the SSN is an extremely poor choice for a password or security code. If you voluntarily use the last four digits of your SSN as your PIN for ATM and other banking or credit transactions, change it to something else, but not to a common number such as your birthdate, telephone number, or ZIP code.
- If you fear your SSN has gotten into the wrong
hands, take the following steps to reduce the risk of new accounts being
opened in your name:
- Place a 90-day fraud alert on your credit reports by calling one of the three credit bureaus: TransUnion (800) 680-7289; Equifax (888) 766-0008; Experian (888) 397-3742. Then renew the fraud alert every 90 days.
- Monitor your credit reports very closely. Placing the fraud alert allows you to order a free credit report within 90 days.
- Consider "freezing" your credit reports with Equifax, Experian, and TransUnion. By freezing your credit reports, you can prevent credit issuers from accessing your credit files except when you give permission. This effectively prevents thieves from opening up new credit card and loan accounts. See http://www.consumer-action.org/english/articles/freeze_your_credit_file#Topic_04 for more information.
- If you have evidence of actual or attempted identity theft, additional steps are needed, such as notifying the police and the Federal Trade Commission and establishing a seven-year fraud alert. See our Fact Sheet 17(a) “Identity Theft: What to Do if It Happens to You”.
- Avoid sharing your birthday, age, or place of birth on the Internet. A research study by Carnegie Mellon University found that Social Security numbers can be predicted based on publicly-available information, including your birthday, age and place of birth. The Social Security Administration began assigning randomized number series on June 25, 2011. Unfortunately, the more predictable Social Security numbers will remain in effect for individuals born before June 25, 2011.
- Congressional Research Service, "The Social Security Number: Legal Developments Affecting Its Collection, Disclosure, and Confidentiality" (February 2014). This report provides a comprehensive list of federal developments affecting use of the social security number, from 1935 to the present. This list includes federal statutes regulating the collection and disclosure of SSNs, as well as specific authorizations for the use of SSNs, confidentiality provisions, and criminal provisions relating to SSN misuse.
- California Department of Justice’s Privacy Enforcement and Protection Unit, “Recommended Practices for Protecting the Confidentiality of Social Security Numbers,
- California College and University Social Security Task Force, "The Use of Social Security Numbers in California Colleges and Universities: A Report to the California State Senate and Assembly Judiciary Committees and to the California Office of Privacy Protection" (July 2010)
- Social Security Administration, “Historical Information: Social Security Numbers”
- Federal Trade Commission. "Security in Numbers -- SSNs and ID Theft" (December 2008). An FTC report recommending five measures to help prevent SSNs from being used for identity theft.
- Many universities have established SSN usage policies and have adopted ID numbers other than the SSN.
- U.S. General Accounting Office, "Social Security Numbers: Federal and State Laws Restrict Use of SSNs, Yet Gaps Remain"
Browse Privacy Topics
Background Checks & Workplace
Banking & Finance
Credit & Credit Reports
Harassment & Stalking
Identity Theft & Data Breaches
Online Privacy & Technology
Privacy When You Shop
Public Records & Info Brokers
Social Security Numbers
Who We Are
We are a nationally recognized consumer education and advocacy nonprofit dedicated to protecting the privacy of American consumers.