Social Security Numbers
- IRS Issues Final Rule on Truncated SSNs: The IRS has issued a final rule to encourage employers to truncate employees' social security numbers (SSNs) on copies of W-2s and other forms furnished to employees. The new rule is intended to aid employers' efforts to protect employees from identity theft. EPIC submitted comments to the IRS in support of the rule, but argued that the rule should require employers to truncate SSNs rather than only allowing them to do so. EPIC said: "W-2 forms have been the target of several high-profile breaches" and recommended that the IRS require truncated SSNs "to protect employees from future breaches." EPIC has participated in the leading cases involving the privacy of the SSN and has frequently testified in Congress about the need to establish privacy safeguards for the SSN to prevent identity theft and financial fraud. (Jul. 15, 2019)
- Equifax Breach "Entirely Preventable": House Oversight Committee: In a report released today, the House Committee on Oversight declared that the Equifax breach, which affected 148 million U.S. consumers, was "entirely preventable." The breach, one of the largest in U.S. history, compromised the authenticating details, including dates of birth and social security numbers, of more than half of American consumers. The House report concluded that Equifax "failed to fully appreciate and mitigate" the cybersecurity risks and placed corporate growth over data security. Despite several agencies, such as the CFPB and the FTC, pledging to take action against Equifax, none have done so. The House Committee recommended that Equifax "provide more transparency to consumers" about data use and security practices and reduce the use of social security numbers as identifiers, longstanding priorities of EPIC. Following the Equifax data breach in 2017, EPIC President Marc Rotenberg testified before the Senate Banking Committee and recommended free credit freezes and other consumer safeguards to mitigate the risk of identity theft. (Dec. 10, 2018) More top news »
The Social Security Number (SSN) was created in 1936 as a nine-digit account number assigned by the Secretary of Health and Human Services for the purpose of administering the Social Security laws. SSNs were first intended for use exclusively by the federal government as a means of tracking earnings to determine the amount of Social Security taxes to credit to each worker's account. Over time, however, SSNs were permitted to be used for purposes unrelated to the administration of the Social Security system. For example, in 1961 Congress authorized the Internal Revenue Service to use SSNs as taxpayer identification numbers.
In response to growing concerns over the accumulation of massive amounts of personal information, Congress passed the Privacy Act of 1974. Among other things, this Act makes it unlawful for a governmental agency to deny a right, benefit, or privilege merely because the individual refuses to disclose his SSN.
Section 7 of the Privacy Act further provides that any agency requesting an individual to disclose his SSN must "inform that individual whether that disclosure is mandatory or voluntary, by what statutory authority such number is solicited, and what uses will be made of it." At the time of its enactment, Congress recognized the dangers of widespread use of SSNs as universal identifiers. In its report supporting the adoption of this provision, the Senate Committee stated that the widespread use of SSNs as universal identifiers in the public and private sectors is "one of the most serious manifestations of privacy concerns in the Nation." Short of prohibiting the use of the SSN outright, the provision in the Privacy Act attempts to limit the use of the number to only those purposes where there is clear legal authority to collect the SSN. It was hoped that citizens, fully informed where the disclosure was not required by law and facing no loss of opportunity in failing to provide the SSN, would be unlikely to provide an SSN and institutions would not pursue the SSN as a form of identification.
Large amounts of personal information, including tax information, credit information, school records, and medical records, is keyed to your Social Security Number. Because this data is often sensitive, you should keep it private.
- My Social Security Number: How Secure Is It?, Privacy Rights Clearinghouse, revised Apr. 2017)
- Your Social Security Number and Card, SSA Publication No. 05-10002, July 2004.
- Chris Hibbert, Frequently Asked Questions on SSNs and Privacy, CPSR, January 2004.
- EPIC Privacy Act of 1974 Page.
- Department of Health, Education, and Welfare, Records, Computers, and the Rights of Citizens 108-35 (MIT 1973) (Social Security Number as a Standard Universal Identifier and Recommendations Regarding Use of Social Security Number).
The Structure of the SSN
The SSN is not entirely randomly-generated. Although the procedures for issuing SSNs have changed over the years, a SSN can reveal an individual's relative age and place of origin. The first three numbers (area number) are keyed to the state in which the number was issued. The next two (group numbers) indicate the order in which the SSN was issued in each area. The last four (serial numbers) are randomly generated.
The SSN and Privacy
Today, the Social Security Number plays an unparalleled role in identification, authentication, and tracking of Americans. Because the identifier is used for many purposes, it is valuable to those who wish to acquire credit, commit crimes, or masquerade as another person.
The SSN has been increasingly used in the private sector. The SSN is the record locator for many private-sector profilers, credit bureaus, and credit card companies. It is also used extensively outside the financial services sector. And, while some businesses use the SSN to identify individuals, others use the SSN as a password. This means that the SSN is widely used both as an identifier and as an authenticator. Serious security problems are raised in any system where a single number is used both as identifier and authenticator. It is not unlike using a password identical to a user name for signing into e-mail. Or like using the SSN as a bank account number and the last four of the SSN as a PIN for automated teller machines.
The SSN as National Identifier
The issuance of a single, unique number to Americans raises the risk that the SSN will become a de jure or de facto national identifier. This risk is not new; it was voiced at the creation of the SSN and has since been raised repeatedly. The SSN was created in 1936 for the sole purpose of accurately recording individual worker's contributions to the social security fund. The public and legislators were immediately suspicious and distrustful of this tracking system fearing that the SSN would quickly become a system containing vast amounts of personal information, such as race, religion and family history, that could be used by the government to track down and control the action of citizens. Public concern over the potential for abuse inherent in the SSN tracking system was so high, that in an effort to dispel public concern the first regulation issued by the Social Security Board declared that the SSN was for the exclusive use of the Social Security system.
In passing the Privacy Act of 1974, Congress was specifically reacting to and rejecting calls for the creation of a single entity for the reference and storage of personal information. A 1977 report issued as a result of the Privacy Act highlighted the dangers and transfer of powers from individuals to the government that occur with centralization of personal information:
In a larger context, Americans must also be concerned about the long-term effect record-keeping practices can have not only on relationships between individuals and organizations, but also on the balance of power between government and the rest of society. Accumulations of information about individuals tend to enhance authority by making it easier for authority to reach individuals directly. Thus, growth in society's record-keeping capability poses the risk that existing power balances will be upset.
Many medical providers are using the SSN as a patient identifier, thus hardening the number as a de facto national identifier. As David Miller noted in testimony before the National Committee on Vital Health Statistics:
"It should be noted that the 1993 WEDI [Workgroup for Electronic Data Interchange] Report, Appendix 4, Unique Identifiers for the Health Care Industry, Addendum 4 indicated 71% of the payers responding to the survey based the individual identifier on the Member's Social Security Number. However 89% requested the insured's Social Security Number for application of insurance. Clearly the Social Security Number is the current de facto identifier..."
But individuals and companies are resisting such use of the SSN. Acting on employees' suggestions, I.B.M. has requested that health companies stop using the SSN on insurance cards. According to IBM, fifteen insurers, which cover about 30,000 of the company's 500,000 employees worldwide have either not responded or indicated that they will not comply with the request.
- Testimony of David S. Miller, Director, Health System Services, UHC, on the Unique Patient Identification Number at the National Committee on Vital Health Statistics hearing in Chicago, Jul. 21, 1998.
- Marc Ferris, IBM asks providers to drop SSNs, New York Times, Feb. 23, 2003, p. 3.
The SSN and Identity Theft
The widespread use of the SSN as an identifier and authenticator has lead to an increase in identity theft. According to the Privacy Rights Clearinghouse, identity theft now affects between 500,000 and 700,000 people annually. Victims often do not discover the crime until many months after its occurrence. Victims spend hundreds of hours and substantial amounts of money attempting to fix ruined credit or expunge a criminal record that another committed in their name.
Identity theft litigation also shows that the SSN is central to committing fraud. In fact, the SSN plays such a central role in identification that there are numerous cases where impostors were able to obtain credit with their own name but a victim's SSN, and as a result, only the victim's credit was affected. In June 2004, the Salt Lake Tribune reported: "Making purchases on credit using your own name and someone else's Social Security number may sound difficult -- even impossible -- given the level of sophistication of the nation's financial services industry…But investigators say it is happening with alarming frequency because businesses granting credit do little to ensure names and Social Security numbers match and credit bureaus allow perpetrators to establish credit files using other people's Social Security numbers." The same article reports that Ron Ingleby, resident agent in charge of Utah, Montana and Wyoming for the Social Security Administration's Office of Inspector General, as stating that SSN-only fraud makes up the majority of cases of identity theft.
Because creditors will open new accounts based only on a SSN match, California has passed legislation requiring certain credit grantors to comply with heightened authentication procedures. California Civil Code § 1785.14 requires credit grantors to actually match identifying information on the credit application to the report held at the credit reporting agency. Credit cannot be granted unless three identifiers from the application match those on file at the credit bureau.
- Lesley Mitchell, New wrinkle in ID theft; Thieves pair your SS number with their name, buy with credit, never get caught; Social Security numbers a new tool for thieves, The Salt Lake Tribune, June 6, 2004, at E1.
The Social Security Administration SSN Death Master File
The Death Master File is publicly available from the Social Security Administration (SSA) for a little under $1,800 for a single issue ($6,900 for a quarterly subscription with monthly updates). Anyone can buy 60 million electronic records from the SSA on all Americans (and others with SSNs) that have died. These records contain important personal identifiable information, including the name, social security number, date of birth, date of death, state or country of residence, ZIP code of last residence, and ZIP code of lump sum payment to the decedent's beneficiary. These records are also accessible for free on the web at places like Ancestry.com. The records have over a 3% error rate, and provide information chiefly on those who died after 1960.
Unscrupulous users of this database for instance might be able to exploit the recently bereaved or take advantage of their changed financial circumstances. Separate from what residual privacy concerns might be there for the recently departed, it is important to appreciate the effect such disclosure has on the survivor's privacy where their spouse's or parent's name, SSN and location is made freely available. The database might arguably be of some help for those engaged in historical research, but the terms and conditions of such use can be regulated to protect the privacy of survivors.
The Individual References Service Group Privacy Principles
In the 1990s, significant public concern was raised about information brokers that routinely buy and sell detailed personal information, including Social Security Numbers. The Individual Reference Services Group (IRSG) was established to manage calls for SSN and privacy legislation.
IRSG companies gather and sell Social Security numbers. Social Security numbers are collected from a variety of public and non-public sources. Public documents such as bankruptcy filings and other types of court records often contain Social Security numbers of the parties to a proceeding. In response to this, a number of states shield SSNs from disclosure in public records. For instance, marriage licenses have been a source for SSNs and a number of states, including Arizona, California, Indiana, Iowa, Kentucky, Louisiana, Maine, Montana, Ohio, and Michigan, have enacted legislative protections to prevent their disclosure. Birth and death records are rich in personal information, and states have acted to shield SSNs collected in these life events against disclosures. Arizona, California, Illinois, Kansas, Maine, Maryland, Massachusetts, Minnesota, Mississippi, Missouri, New Hampshire, and other states limit the appearance of the parents' SSN on birth records. Similarly, several states restrict disclosure of the SSN in records associated with death.
Non-public documents such as credit headers, the identifying information at the top of credit reports (including names, addresses, ages and SSNs), are also culled for information. IRSG companies use both public and non-public sources of personal information to compile data on individuals.
During 1997, the IRSG worked with the Federal Trade Commission, absent public input, to develop a set of self-regulatory principles. These self-regulatory principles allow the sale of Social Security numbers without the knowledge and permission of the data subject.
Under the IRSG Principles, companies can freely sell and distribute SSNs gathered from public records. The IRSG Principles treat the same data, Social Security numbers, differently if it comes from a non-public source such as credit headers. However, the guidelines for the sale of Social Security numbers from non-public sources are completely subjective and largely ignore the privacy interests of the data subject.
The IRSG Principles create a three-tier system for the sale of information gathered from non-public sources. The first tier for the sale of Social Security numbers applies to "qualified subscribers." Complete Social Security numbers can be sold to those deemed to fall into this category. There is no definition of what makes someone whom wishes to purchase a social security number a "qualified subscriber." Moreover, the conditions that qualified subscribers must meet under the IRSG Principles rely entirely on the determination of the data seller and the data purchaser on what is an "appropriate" use of such information. The data subject, the person whose Social Security number is being collected and sold, has no input into whether such use is in fact "appropriate." The balancing process for deciding whether such uses are appropriate is carried out by the parties selling and purchasing the data; that is, the ones that have a strong interest in letting a transaction proceed. In addition, IRSG companies do not have a strong incentive to establish whether information being sold to a responsible entity that will use data in a strictly appropriate manner.
The IRSG dissolved shortly after the passage of the Gramm-Leach-Bliley Act, but some data brokers still conform to the group's principles.
- Individual Reference Services: A Report to Congress, Federal Trade Commission, December 1997.
- EPIC Gramm-Leach-Bliley Page.
The SSN and Student Privacy
Students are especially vulnerable to identity theft for many reasons. Some of these reasons pertain to the type of lifestyle that many students maintain-they are, in effect, transients for four years. Students may not actually receive their mail regularly. Often, parents are the ones who maintain their permanent mailboxes, and in many cases, parents actually receive the credit bills. Students are not likely to request their credit reports, or even know that checking their credit records is a good idea. Also, credit card companies target students heavily for new lines of credit, and in some cases, issue credit without the consent of the student.
Students are at particular risk because use of the SSN is rampant at some institutions. In some cases, the SSN is used as a student identifier, and is actually printed on the face of the student identity card. Many schools use the SSN as the login for computer systems. The Chronicle of Higher Education reported in August 2002 that: "Nearly half of colleges nationwide still use Social Security numbers as the primary means to track students in academic databases, according to a March survey by the American Association of Collegiate Registrars and Admissions Officers. The survey also shows that 79 percent of colleges display students' Social Security number on official transcripts."
Some professors continue to post grades with the SSN as an identifier. Aside from the identity theft risk of this practice, posting grades with the SSN endangers confidentiality. Because the SSN is not randomly generated, it is easy to identify certain students based on their SSN. For instance, at a state school, one only need to look for SSNs with a different "area numbers" (first three digits) to identify possible out-of-state students. Additionally, group numbers (middle two digits) may indicate age, so even within a state, it may be possible to separate older students from younger ones.
In Arizona, major universities can no longer use the SSN as the student identifier. In Colorado, as of July 2003, public and private post secondary institutions were required to establish protections for the SSN and discontinue its use as the primary student identifier. New York and West Virginia prohibit all public and private schools from using the SSN as a primary identifier. Kentucky law allows students to opt-out of use of the SSN as student identifier.
- Andrea L. Foster, ID Theft Turns Students Into Privacy Activists, Colleges respond by reducing reliance on Social Security numbers in databases, Chronicle of Higher Education, Aug. 2, 2002.
- Privacy and the Handling of Student Information in the Electronic Networked Environments of Colleges and Universities, EDUCAUSE White Paper, Apr. 1997.
- EPIC Student Privacy Page.
Effective SSN Legislation
Effective SSN Legislation would:
- Limit the use of the SSN to those circumstances where use is explicitly authorized by law. For example, an employer should be permitted to ask an employee for an SSN for tax-reporting purposes (as long as the SSN remains the Taxpayer Identification Number), but a health club should not be permitted to ask a customer for an SSN as a condition of membership.
- Prohibit the sale and limit the display of the SSN by government agencies. It is simply inconsistent with Section 7 of the Privacy Act to allow the federal government to disseminate the SSN.
- Prevent companies from compelling consumers to disclose their SSN as a condition of service or sale unless there is a statutory basis for the request
- Penalize the fraudulent use of another person's SSN but not the use of an SSN that is not associated with an actual individual. This would permit, for example, a person to provide a number such as "123-00-6789" where there is no intent to commit fraud.
- Encourage the development of alternative, less intrusive means of identification. We believe that the National Research Council should be funded to undertake research on new techniques that enable records management while minimizing privacy risks.
- Don't give out your SSN. Try to bargain with businesses that request it by giving an alternative identifier, such as a driver's license number.
- Robert Ellis Smith, editor of the Privacy Journal, has written an article on SSN alternatives that large organizations can use.
- The Social Security Administration recommends that you should ask the following questions before releasing the SSN:
- Why your number is needed;
- How your number will be used;
- What happens if you refuse; and
- What law requires you to give your number.
Many states have enacted legislative protections for the Social Security Number. They vary from comprehensive frameworks of protection for the SSN to highly-specific laws that shield the SSN from disclosure in specific contexts.
For a comprehensive listing of state SSN laws, see Robert Ellis Smith, Compilation of State and Federal Privacy Laws, Privacy Journal.
A law taking effect in January 2005 in Arizona prohibits the disclosure of the SSN to the general public, the printing of the identifier on government and private-sector identification cards, and establishes technical protection requirements for online transmission of SSNs. The new law also prohibits printing the SSN on materials mailed to residents of Arizona. Exceptions to the new protections are limitedcompanies that wish to continue to use the SSN must do so continuously, must disclose the use of the SSN annually to consumers, and must afford consumers a right to opt-out of continued employment of the SSN.
In California, Senate Bill 168 was signed into law in October 2001. The bill gives individuals the ability to request that a "security alert" be placed on their credit record via a toll-free phone number.?The bill also enables Californians to request a "security freeze" that prevents credit agencies from releasing personal information from an individual's credit report.?The bill places important restrictions on use of the SSN-public posting of a SSN and printing the SSN on an identity card or document used to obtain a product or service is prohibited.?Businesses that use the SSN to identify customers, such as utility companies, will no longer be permitted to print the SSN on invoices or bills sent through the mail.
California's Senate Bill 1386 went into effect on July 1, 2003. That legislation requires companies that maintain SSNs and other personal information to notify individuals when they experience a security breach. The bill came in response to an April 2002 incident in which the records of over 200,000 state employees were accessed by a computer cracker. The California legislation exceeds federal protections, as there is no national requirement for notice to individuals when personal information is accessed without authorization.
In June 2004, Colorado Governor Bill Owens signed H.B. 1311, legislation that creates important new protections for the SSN that will take effect later this summer. The new law will limit the collection of the SSN and its incorporation in licenses, permits, passes, or certificates issued by the state. The law requires the establishment of policies for safe destruction of documents containing the SSN. Insurance companies operating in the state must remove the SSN from consumers' identification cards. Finally, the legislation creates new penalties for individuals who use others' personal information to injure or defraud another person.
In Georgia, businesses are now required to safely dispose of records that contain personal identifiers. Georgia Senate Bill 475 requires that business records-including data stored on computer hard drives-must be shredded or in the case of electronic records, completely wiped clean where they contain SSNs, driver's license numbers, dates of birth, medical information, account balances, or credit limit information. The Georgia law carries penalties up to $10,000.
- Social Security wrongly declares 14,000 people dead each year, Blake Ellis, CNN Money, August 22,2011
- Alessandro Acquisti and Ralph Gross: Predicting Social Security Numbers from Public Data, Carnegie Mellon University (July 2009)
- Congressional Research Service: The Social Security Number: Legal Developments Affecting Its Collection, Disclosure, and Confidentiality (February 2008)
- Social Security Numbers: Stronger Protections Needed When Contractors Have Access to SSNs, GAO-06-238, January 2006.
- Social Security Reform: Other Countries' Experiences Provide Lessons for the United States, GAO-06-126, October 2005.
- Testimony Before the Committee on Consumer Affairs and Protection and Committee on Governmental Operations, New York State Assembly, GAO-05-1016T, September 15, 2005.
- Report on Options for Social Security Reform, GAO-05-649R, May 6, 2005.
- Social Security Reform: Answers to Key Questions, GAO-05-193SP, May 2005.
- Social Security: Long-Term Challenges Warrant Early Action, GAO-05-303T, February 3, 2005.
- Report to the Chairman, Committee on Finance, U.S. Senate, SOCIAL SECURITY ADMINISTRATION: Actions Needed to Strengthen Processes for Issuing Social Security Numbers to Children, GAO-05-115, January 2005.
- Social Security Numbers Testimony, Use Is Widespread and Protections Vary, GAO 04-768T, June 2004.
- Social Security Numbers, Private Sector Entities Routinely Obtain and Use SSNs, and Laws Limit the Disclosure of This Information, GAO-04-11, January 2004.
- Social Security Numbers Testimony, Ensuring the Integrity of the SSN, GAO 03-941T, July 2003.
- Identity Theft in Florida, Final Report of the Sixteenth Statewide Grand Jury, SC 01-1095 (Fla. Nov. 2002).
- Identity Theft in Florida, Second Interim Report of the Sixteenth Statewide Grand Jury, SC 01-1095 (Fla. Nov. 2002).
- Social Security Numbers, Government Benefits from SSN Use but Could Provide Better Safeguards, GAO 02-352, May 2002.
- Social Security Number Testimony, SSNs Are Widely Used by Government and Could Be Better Protected, GAO 02-691T, April 2002.
- Identity Theft in Florida, First Interim Report of the Sixteenth Statewide Grand Jury, SC 01-1095 (Fla. Jan. 2002).
- Social Security Numbers: Subcommittee Questions Concerning the Use of the Number for Purposes Not Related to Social Security, GAO/HEHS/AIMD-00-253R SSN Use Questions, July 7, 2000.
- Social Security Numbers, Government and Commercial Use of the Social Security Number Is Widespread, GAO 99-28, February 1999.
- Comments on S. 214, a Bill to Enhance the Integrity of the Social Security Card, GAO 141167, April 18, 1990.
In Ostergren v. Cuccinelli, No. 09-723 (4th. Cir. July 26, 2010), the Fourth Circuit Court of Appeals decided in favor of privacy advocate Betty Ostergren’s challenge to a Virginia state law designed to prosecute her for drawing attention to the state’s online publication of Social Security Numbers (SSNs). Virginia provides “secure remote access” to certain public records, including court records with millions of SSNs. Even though, by statute, clerks are required to redact SSNs, this provision did not go into effect due to lack of funding.
The plaintiff in this case, Betty Ostergren, is a privacy advocate who maintains a website calling for improved privacy rights and the removal of private information from public records. Ostergren obtained unredacted public documents through Virginia's secure remote access system and posted the documents on her website. Ostergren argued that posting the records informs the public about the online availability of personal information, and increases transparency and oversight.
The publication of the SSNs exposed Ostergren to liability under a revised provision of Virginia’s Personal Information Privacy Act (PIPA) that states that “a person shall not . . . [i]ntentionally communicate another individual’s social security number to the general public.” The previous version of the statute provided an exception for "records required by law to be open to the public." Before the revised provision went into effect, Ostergren filed a complaint in the United States District Court for the Eastern District of Virginia, alleging that the revised provision was unconstitutional under the First Amendment and applicable Supreme Court precedent.
The court agreed that the provision was unconstitutional as applied to her website. The court found that Ostergren's website addressed a matter of public concern, and that Virginia did not appear to regard the protection of SSNs as an "interest of the highest order" because it made some records available online and did not fund the redaction of the records. The court found that it was not an interest of the highest order even though the SSNs on Ostergren's website have been used at least twice for criminal activity. One individual has admitted to using the SSNs to fraudulently obtain credit cards, and another confessed to using the SSNs to attempt to blackmail people.
The court entered a permanent injunction against enforcement of the provision against “any iteration of [plaintiff]’s website that simply republished publicly obtainable documents containing unredacted SSNs of Virginia [state officials].” The Virginia Attorney General filed a notice of appeal on June 30, 2008, and filed its Opening Brief before the Fourth Circuit on September 8, 2009.
In Greidinger v. Davis, a Federal Appeals court was asked to consider whether the state of Virginia could compel a voter to disclose an SSN that would subsequently be published in the public voting rolls, the Court noted the growing concern about the use and misuse of the SSN, particularly with regard to financial services. The Fourth Circuit said:
Since the passage of the Privacy Act, an individual's concern over his SSN's confidentiality and misuse has become significantly more compelling. For example, armed with one's SSN, an unscrupulous individual could obtain a person's welfare benefits or Social Security benefits, order new checks at a new address on that person's checking account, obtain credit cards, or even obtain the person's paycheck. . . . . Succinctly stated, the harm that can be inflicted from the disclosure of a SSN to an unscrupulous individual is alarming and potentially financially ruinous.
The Court said that:
The statutes at issue compel a would-be voter in Virginia to consent to the possibility of a profound invasion of privacy when exercising the fundamental right to vote. As illustrated by the examples of the potential harm that the dissemination of an individual's SSN can inflict, Greidinger's decision not to provide his SSN is eminently reasonable. In other words, Greidinger's fundamental right to vote is substantially burdened to the extent the statutes at issue permit the public disclosure of his SSN.
The Court concluded that to the extent the Virginia voting laws, "permit the public disclosure of Greidinger's SSN as a condition of his right to vote, it creates an intolerable burden on that right as protected by the First and Fourteenth Amendments."
In a second case, Beacon Journal v. City of Akron, testing whether a state could be required to disclose the SSNs of state employees under a state open record law where there was a strong presumption in favor of disclosure, the Ohio Supreme Court held that there were privacy limitations in the federal Constitution that weighed against disclosure of the SSN. The court concluded that:
We find today that the high potential for fraud and victimization caused by the unchecked release of city employee SSNs outweighs the minimal information about governmental processes gained through the release of the SSNs. Our holding is not intended to interfere with meritorious investigations conducted by the press, but instead is intended to preserve one of the fundamental principles of American constitutional law -- ours is a government of limited power. We conclude that the United States Constitution forbids disclosure under the circumstances of this case. Therefore, reconciling federal constitutional law with Ohio's Public Records Act, we conclude that [the provision] does not mandate that the city of Akron discloses the SSNs of all of its employees upon demand.
While it is true that many companies and government agencies today use the Social Security Number indiscriminately as a form of identification, it is also clear from the 1936 Act, the 1974 provision, and these cases that there is plenty of legislative and judicial support for limitations on the collection and use of the SSN. The question is therefore squarely presented whether the Congress will at this point in time follow in this tradition, respond to growing public concern, and establish the safeguards that are necessary to ensure that the problems associated with the use of the SSN do not increase.
- Greidinger v. Davis (1993). The U.S. Court of Appeals for the Fourth Circuit held unconstitutional Virginia's practice of requiring SSNs for voter registration purposes. Amicus brief prepared by EPIC staff.
- The State ex rel. Beacon Journal Pub. Co. et al. v. City of Akron (1994). The Ohio Supreme Court ruled that the Social Security numbers of public employees are not public records.
Share this page:
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.