Generally, SSA cannot conduct business without exchanging PII and other sensitive information with the public. PII can be used to distinguish or trace that individual’s identity, such as name, Social Security number (SSN), or date of birth.
Safeguarding sensitive information has been a priority for SSA since its creation in 1935. The first regulation the Social Security Board adopted addressed privacy and the disclosure of Social Security records. Subsequent regulations and laws, including the Privacy Act of 1974, further defined the Agency’s responsibilities to protect sensitive information. Accordingly, the Agency requires that employees protect PII, has established guidance and resources for employees, and annually reminds all employees of that requirement and the availability of those resources.
Our objective was to determine whether sensitive information, such as PII, in SSA offices was at risk for disclosure to the public.