|Received:||8/6/2007 9:34:11 AM|
|Agency:||Federal Trade Commission|
|Rule:||Private Sector Use of SSNs|
Comments:I am disappointed with the number of companies that have requested and maintained my social security number. For instance, my cellular phone provider keeps it on file and uses it as part of my authentication process when I want to make changes to my account. To me, this is an inappropriate use of key identification information. I would appreciate if companies were not allowed to keep my SSN, except in particular instances. The Credit Card industry has rules about the CVV number on credit cards not being stored by anyone but the actual card companies themselves. When a CVV number is utilized for a credit card transaction, the value is sent as confirmation back to the credit card company who uses it to authenticate the credit card only. The merchant is not allowed to store the CVV. I would like to see SSN's used in the same way. Allowing a company to query the SSN database to verify that yes, 111-11-1111 belongs to Mr. John Q. Smith, via a secured transmission, and then have to immediately purge that SSN from their systems. Restrictions on what kinds of transactions an SSN can be "requested" for would also be valuable. For instance, I do not believe that a company with whom I have a credit limit of under $10,000 (or some other appropriate value) needs my SSN as verification of my identity. This would limit credit card companies, utilities, and other service providers from having a legitimate reason to ask for my SSN. This would still allow for the use of SSN for evaluating my credit for car, home, and other large loans, or for credit lines of significant size. I would also request that it be made illegal for me to be required to provide my SSN on a written document, with certain exceptions. Again, while my cell-phone provider might LIKE to have my SSN, I am not comfortable with them having it. If their written form asks for it, people are likely to provide it, even if they shouldn't. I also feel that I should be apprised of anybody who tries to verify my SSN. For example, whenever a check is made against my credit report, that check is logged, and I have access to view that information. However, whenever my SSN is validated to ensure that I am using the correct one, I have no such evidence trail. I believe that this would assist us in better tracking identity theft, because we would be more able to identify likely leaks of this sensitive information. I would also like to see my SSN disassociated from my medical records. Again, my insurance company should not be allowed to keep my SSN, if they ever see it at all. At most, they should be able to use it temporarily to verify my ID before issuing me a UNIQUE ID within their system for tracking and billing purposes. I further believe that using SSN as an account number, or as an ID for any commercial use should be prohibited. Providing my SSN--or even the last 4 digits--to employees working in a call center in some unknown location is not a particularly safe use of my identification information. While this may lead to more PIN numbers that I need to manage, at least when one of these accounts is compromised I will not have given out the key to my identity or to any of my other accounts.