Transcript: Audit Report on Prisoners' Access to SSNs

Jeff Pounds: Hello, I’m Jeff Pounds, an audit manager in the OIG’s Birmingham Office of Audit.  During the past several years, I’ve helped lead an effort to assess the extent to which prisoners have access to Social Security numbers—or SSNs--when participating in prison work programs.

Our office first looked at this issue in 2006 and found that prisons in 13 States allowed inmates access to SSNs through various work programs.  For example, prisoners had access to SSNs by performing such duties as data processing, optical imaging, scanning, and records conversion of documents for State agencies, universities, hospitals, and private businesses.  The types of documents inmates viewed included marriage, birth and death certificates; vehicle accident reports; and medical claims, all of which generally contained personal identifying information (including SSNs).  Given the prisoners’ previous criminal histories, we did not believe allowing access to this personal information—which could be used to commit further crimes—was prudent. 

In talking with several prison officials, we learned they implemented controls intended to help safeguard the SSNs.  For example, some prisons told us they monitored inmate activity through security cameras and guard searches.  Some even required the prisoners to sign confidentiality agreements promising that they would not improperly disclose or use SSNs.  Some prisons did not allow any prisoners with a history of financial-related crimes or identity theft to work in these programs.  In fact, one prison warden stated that he’d rather have violent offenders, such as those convicted of murder, to work in these programs because even though they were violent, they weren’t dishonest—and, for obvious reasons, there was less attrition. 

Despite these controls, we were concerned that prisoners intent on criminal activity may easily circumvent them.  For example, prisoners could memorize an SSN obtained through their job duties and use it to create a false identity.  And, we questioned the effectiveness of confidentiality agreements for prisoners. 

In our first report, we recommended that SSA coordinate with Department of Corrections and correctional industry work programs to educate them about the potential risk associated with allowing prisoners access to SSNs, encourage prisons to limit such access, and promote the best practices of prisons that were taking steps to limit prisoners’ access to SSNs. 

SSA agreed with our recommendations.  In fact, SSA’s Commissioner and the Inspector General, under joint signature, wrote a letter to several correctional associations and asked them to encourage their members to limit inmate access to SSNs because they believed that allowing prisoners access to private citizens’ SSNs represented a serious risk of identity theft.

Because of the potential risks associated with prisoners’ access to SSNs, we conducted a follow-up review to determine what progress had been made.  We learned that because of identity theft concerns and recognition that SSNs are linked to vast amounts of personal information, some States discontinued this practice.  However, despite SSA’s efforts to educate correctional institutions about these potential risk, we determined that 8 of the 13 States identified in our 2006 report continued this practice.  

Although there may be benefits in allowing prisoners to work while incarcerated—such as the low cost to the States and the training provided to the prisoners—we still questioned whether prisoners should have access to other individuals’ SSNs.  And again recommended that SSA continue its educational efforts with these States

Over the past few years, several bills were introduced in Congress to address this issue, but none became law.  However , in December 2010, President Obama signed the Social Security Number Protection Act of 2010, which stops prison work programs from granting prisoners access to SSNs.  We are proud that the work of the OIG played a role in helping bring this matter to the attention of Congress.  It is our hope that all government entities will fully comply with this law and help shut down a dangerous and unnecessary threat to the privacy of SSNs.