Congress recently introduced legislation to prevent Social Security numbers (SSNs) from inadvertently falling into the wrong hands.
Social Security Subcommittee Chairman Sam Johnson and Subcommittee Member Jim Renacci in May proposed the Social Security Must Avert Identity Loss (MAIL) Act, to help protect Social Security beneficiaries, and anyone else who receives correspondence from SSA, from identity theft.
If enacted, the Social Security MAIL Act would require SSA to remove the full SSN as soon as practical from mailings when the number is not required. SSA would also have to report biannually to Congress on the progress of this removal and justify instances when the SSN remains on mailed documents.
The proposed legislation follows a recent OIG report, SSA Correspondence Containing Full Social Security Numbers, which examined how often SSA uses full SSNs on letters mailed to beneficiaries and the public.
The SSN was created in 1936 so SSA could record beneficiary earnings and accurately administer benefits, but the SSN has since become a critical identifier in records used by government entities and private organizations. In fact, to guard against identity theft, the Intelligence Reform and Terrorism Prevention Act of 2004 prohibits the display of the SSN, in part or whole, from driver’s licenses and other critical identifying documents.
Further, in 2007, the Office of Management and Budget (OMB) requested Federal agencies to review the unnecessary collection and use of the SSN, to protect personal information.
Nearly a decade after the OMB request, our auditors found that SSA is still using full SSNs on two-thirds of its correspondence. Specifically, in 2015, SSA mailed about 352 million notices, of which 233 million (or 66 percent) contained the individual’s full SSN.
Our auditors reported, “While it is unknown how many of the intended addresses received these notices, our audit and investigative work have shown that the more SSNs are unnecessarily used, the higher the probability they may be used to commit crimes.” However, OIG auditors added that they were not aware of any SSN misuse based on the prevalence of SSA notices with full SSNs.
We noted in the report that, in 2001, SSA began removing the SSN from its annual notices, such as Social Security statements and cost-of-living-adjustment notices. These two high-volume notices represented about 30 percent of SSA’s yearly correspondence.
SSA considered removing SSNs from other notices, but the agency said, in some instances, removal would affect SSA’s ability to respond effectively and efficiently to beneficiaries. SSA added that the inclusion of the SSN is integral to its business process, it helps avoid confusion, and it is required on some notices, such as earnings statements.
We recommended that SSA make SSN removal from correspondence a priority, and that the agency evaluate removal cost estimates. The full OIG report is available here.
SSN misuse and identity theft can affect anyone, as U.S. Rep. Renacci knows. The Ohio Congressman last year learned that someone used his personal information, including his SSN, to file for a tax return in 2014 in his name.
“As a personal victim of identity theft, I am concerned with the fact that SSA placed full SSNs on more than 233 million documents in 2015,” Renacci said. “In response, I am pleased to join Chairman Johnson … to reduce the risk of Americans having their identity stolen, by removing unnecessary SSNs from mailed documents.”