|Received:||8/28/2007 1:11:00 PM|
|Organization:||Corporate Security Services Inc|
|Agency:||Federal Trade Commission|
|Rule:||Private Sector Use of SSNs|
Comments:SSNs In The Private Sector - Comment, Project No. P075414 ***CURRENT PRIVATE SECTOR COLLECTION AND USES OF THE SSN*** What businesses and organizations collect and use the SSN? We are a Private Investigation Firms For what specific purposes are they used? Pre employment screening investigations, verification of identity, What is the life cycle (collection, use, transfer, storage and disposal) of the SSN within the businesses and organizations that use it? - All SSN data is Stored electronically in encrypted format , all hard copy documents are shredded. Are governmental mandates driving the private sectors use of the SSN? - Homeland Security , FCRA and legal liability Are there alternatives to these uses of the SSN? - other National Identifier? ***THE ROLE OF THE SSN AS AN AUTHENTICATOR*** The use of the SSN as an authenticator as proof that consumers are who they say they are is widely viewed as exacerbating the risk of identity theft. What are the circumstances in which the SSN is used as an authenticator? For pre-employment background screening to verify that applicant is using correct name, & SSN Are SSNs so widely available that they should never be used as an authenticator? Employers and Employment background screening firms need a government source to validate that the Persons name and ssn are a match, and valid What are the costs or other challenges associated with eliminating the use of the SSN as an authenticator? Employment background screening would not be possible, unless the government implemented a replacement identifier system ***THE ROLE OF THE SSN IN FRAUD PREVENTION*** Are alternatives to the SSN available for this purpose? Are those alternatives as effective as using the SSN? 1) Too many businesses and other organizations are routinely collecting ssn data from consumers , when there is no need to know, i.e consumer transactions that do not require credit reports, organizations should be limited to obtaining ssn data for permissible purposes Only which can be defined and administered via the FCRA 2) Stringent requirements should be implemented for organizations that have a permissible purpose, personal identifiers SSN etc should be required to be stored in encrypted format, hard copy Ssn & other identifiers should be controlled by stringent document security and shredding processes. 3) Businesses should be subjected to inspection, compliance auditing with SSN & Identity information. If the use of the SSN by other sectors of the economy were limited or restricted, what would the ramifications be for fraud prevention? Fraud protection would be improved, The FCRA has successfully improved abuses of consumer investigation and reports, similar restrictions need to be in place for protection of ssn and other consumer identity information. Restricting who can access, must have a permissible purpose, must meet data security protection requirements, i.e encryption, shredding, distribution of copies etc.