Congress to ban sale of SSNs for commercial purposes?

75 pts.
Business/IT alignment
California Security Breach Information Act
Information risk management
ISO 17799
Sarbanes-Oxley Act
Security management
According to articles in today's Washington Post and Wall Street Journal, Congress is considering legislation to ban the sale of Social Security Numbers for commercial purposes, unless individuals give their permission. The Post article went on to opine that there appears to be a growing bipartisan consensus among key House and Senate members to enact such legislation. Data brokers and their customers oppose any sort of regulation. Those who have seen my earlier posts know that I am in favor of an ownership/permission model, i.e., people own their personal information and their permission must be obtained before it is released for commercial purposes. What do you think should be done? Craig Herberg

Answer Wiki

Thanks. We'll let you know when a new response is added.

Concur. Absolutely/categorically one’s SSN should be private and secured since it relates to retirement, investments, bank accounts, income taxes, etc. However, it seems reasonable that a second/different/unrelated identity number be established for credit performance tracking, and the myriad of other identification requirements, not to mention anti-terrorist measures.

Discuss This Question: 7  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Dvord2569
    There should be no "one identity" for purposes other than SS (and I have reservations about that). Another reply mentioned an alternative for credit history. I think the credit bureaus should be eliminated entirely. Put the ownership of proper background checks on those who are granting the credit. There was a time you would fill out a form with past creditors and the prospective creditor would do the footwork and talk to the previous creditors to determine if someone deserved credit. This is what we should return to. This would make the creditors much more interested in properly checking out a prospective debtor, greatly reduce one's identity to theft (since a database would no longer exist), and more pressure on the debtor to maintain a good credit history so there's fewer bankruptcys.
    195 pointsBadges:
  • Howard2nd
    It is not the sale of personal information that troubles me. It is the lack of effective punishment for the abusers of that information. If you steal my identity by acquiring SSN or DL or Banking #'s then you forfeit your identity and deserve a bullet in the head when caught. And catching would be very easy if the info gets widely distributed and used. To use my SSN you put your hand in a box to check fingerprints. If their mine fine, if not rip the hand off. I realize that this is a bit extreme, but as long a white collar crime is not sufficiently punished it will not stop. Putting a band-aid on the symptom, 'Sale of SSNs', won't protect any of us from Identity theft.
    30 pointsBadges:
  • Marcjacquard
    This is just another band-aid fix that does not address the problem as a whole. So, we stop the sale of our SS# to a data broker. Does that stop illegal aliens from using a fake one? Absolutley not! There are billions of dollars paid to Social Security every year that go no where because the Government does not know who it belongs to; the illegal or the real person. Now if you are one of these unfortunates, try to get it resolved...yeah right. What a joke that process is! There is no valid cross reference checking in the Government to match SS# with name. We need a real solution. Let's modify everything. We have a two factor authentication process for everyone. Go ahead and sell my SS# then Without the other piece, it is useless. You can have my number and still not be able to use it. We could even use three factor authentication. Anything is better than what we have and this piece of legislation is not enough.
    0 pointsBadges:
  • Thepete
    Take a look at the problem as a business issue: You have an inherited infrastructure issue where the needs are to administrate actively nearly a billion people safely and accurately to untrained users while data-handlers and administrators making lower-than-industry wages with little to no specialized privacy training need to assure legislation is followed which has been proposed by a management team where the CEO and most of the board and executive management who are expected to propose new solutions or ratify the CEO's decisons are not required to have specific credentials other than being liked, popular, and saying the right things while merit for their inactions is justifiably based on their ability to not make publicly acknowledgable mistakes rather than on success. On top of that you have insubordination issues between department managers, some level of corruption at some levels of every department, serious employee satisfaction issues, and a desire to throw money at most problems which may not be money issues at all. Finally, the solution must be built by the provider who meets requirements established by the best paying lobbying groups, who have an office in the same region as the company, is popular with the current management team, and is the lowest bidder. So assuming you are the hired contractor to solve this problem, ask yourself what you would do? What would you recommend?
    0 pointsBadges:
  • InfoSafety
    In response to ThePete, given those unfortunately realistic criteria, I would deal with it as a user authorization and data management issue. To begin with, I would only allow an appropriate number needed to get the job done access to confidential data. In order for a person to gain access, their manager would have to sign an authorization request with evidence of job-related need to know (i.e., position description). Each data user would be required to satisfactorily complete training, and sign an agreement that their access is for job required use only, and any inappropriate use or disclosure, including accessing data out of curiosity, sharing accounts, etc., would result in access termination. All usage would be carefully monitored and needs constantly reviewed. Regular reauthorization would be required. There's that old saying about an ounce of prevention. I believe that is the primary purpose of Sarbanes-Oxley, and hope it will also become fundamental to new privacy legislation. Craig Herberg
    75 pointsBadges:
  • MadMaxB
    To illegalize or ban the sell of the SSN, will not fix the problem! First my interruption of the ownership of the SSN: 1. The United States ?issue a SSN?, they preserve ownership and is there for the use of the SSA only. (It should have never been allowed to be used by the IRS) 2. Employers are given the use of the SSN only to transmit payment to the SSA. 3. We do not own our SSN; it is the property of the US. ?We the People? three words that are the most forgotten and unused. It is our responsibility to insure that our government stays our government. The political opinions aside, ?We the People? need to take control of our personal information. The way we do that is to say no to the special interest that blast big money to keep the statuesque. We allow this, we buy products, use services, are employed by and give charitable donations too. We would need to reengineer the whole system, reissue a new ID for just SSN, One for the IRS, One for the Armed forces, one for private finance ID, one for ?? in today?s world it would be never ending. Oh, you say lets use a biometric ID. Even a biometric ID is a data set and could be hacked and sold. I have been studying user interface for years and the only solution I see is enforcement of laws we have and to punish those who break the law. Here is a like to Social Security Reform Center: Sincerely, Mad MaxB
    0 pointsBadges:
  • Longshanks
    In responce to InfoSafety's responce to ThePete. (managerial responsibility for workers)... Ahemm... Here in Britain we had a whole raft of security tightening after 9/11 including far more detailed checks on new employees etc. Some months later a British news paper supplied one of their reporters with some very dodgy ID and a fake employment history with references to companies that had never exixsted. He got a job as a baggage handler at Heathrow airport...ooh dear! Some months later a TV company got their reporter a job as a footman to the Queen. My point? Making an over worked, under resources manager do more paperwork may not solve the problem...! Back to ThePete's phrasing the problem as a corpotate one. Phrasing the answer as an IT one, I'd say "Got a problem with your existing vendor? Use Linux!" - only kidding, my tongue is firmly in my cheek.!
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: