| Comment Number: | 531096-00054 |
| Received: | 8/4/2007 2:09:17 AM |
| Organization: | |
| Commenter: | Smythe |
| State: | WI |
| Agency: | Federal Trade Commission |
| Rule: | Private Sector Use of SSNs |
| No Attachments |
Comments:
1. Old paper records including SSN were uploaded onto the webserver of a top-ranking liberal arts college and the webserver was subsequently hacked. They don't believe the information was accessed but they don't have the means to know for certain. 2. My health insurance card including SSN was photocopied by eyecare company and kept in paper files that are accessible to everyone including the cleaning staff 3. My SSN was disclosed by a consulting firm without my permission to a major banking and mortgage company to whom I was hired out. They put it in their help desk ticketing system where there was no audit trail over who accessed it, and it was regularly used for identification purposes. That system is backed up unencrypted to tapes that are then rotated offsite. However their ability to track tape location was severely compromised as demonstrated by the number of times the tape storage company had to tell them that the tape requested was not at the storage company. 3. My fingerprints were taken for the OPM on a card that included all PII about me and was subsequently lost as far as I can ascertain. Ditto for papers including SSN that were sent via internal mail for a required clearance. 4. I worked for a major company involved in health care payments. They copied their production databases including PII to test and development without disclosing it to the auditors. I also found PII information that was printed by remote and local users on a regular basis on our printers. 5. I worked for a second consulting company who also disclosed my SSN to the company to whom I was hired out. When you work for a consulting company the background checks and pay are handled by the consulting company so I see no reason that it should be disclosed at all. 6. Both consulting companies used my SSN as the login ID for third-party services without my permission. 7. My SSN is routinely available to all manner of people when I call utility companies, savings plans, and banks. Many times these are call centers, where the information could be harvested. These are not high-paying positions, and I doubt that controls or background checks are adequate. 8. My insurance company said this year that 25% of individuals will suffer a case of identity theft. What is shocking to me about this is that ALL of this occurred in the past five years. I cannot imagine how many other places my SSN and other PII information has ended up without my knowledge or permission. Irresponsible, irrational, and highly dangerous.