<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.0 Transitional//EN'>

<html><head><title>531096-00037.htm</title>

<meta name='vs_defaultClientScript' content='JavaScript'>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name='vs_targetSchema' content='http://schemas.microsoft.com/intellisense/ie3-2nav3-0'>

<meta name='Originator' content='CommentWorks'></head><body><Table>

<tr><td><b>Comment Number: </b></td><td>531096-00037</td></tr>

<tr><td><b>Received: </b></td><td>8/3/2007 5:33:16 PM</td></tr>

<tr><td><b>Organization: </b></td><td></td></tr>

<tr><td><b>Commenter: </b></td><td>Smith</td></tr>

<tr><td><b>State: </b></td><td>IA</td></tr>

<tr><td><b>Agency: </b></td><td>Federal Trade Commission</td></tr>

<tr><td><b>Rule: </b></td><td>Private Sector Use of SSNs</td></tr>

<tr><td>No Attachments</td></tr></Table>

<hr><P><b>Comments:</b></p>I've had my SSN exposed to compromise from both the government and the private sector in the very recent past. First with theft of a laptop by the VA and then by theft of a laptop from a health insurance company. The one thing I don't understand is why this ever so important number is not required, by law, to be stored in an encrypted format. Most major credit card companies require the storage of credit card numbers to be encrypted, yet there is no such mandate to do so with a number that is far more significant. Unfortunately, no matter what the strength of such an encryption, nor the laws the would enforce such a standard, the weakest factor will always be the "human factor". But why not at least try to enforce some type of security standard?</body></html>