New Law Restricts Social Security Numbers on Mailed Government Documents

Beyond the Numbers

Friday, October 27, 2017
Posted by: 
The Communications Division

Each year, millions of people are victims of Social Security number (SSN) misuse and identity theft, losing money, property, and countless hours in damage repair. One cause is the theft of mailed government documents that display SSNs and other personal information.

To combat this issue, the President recently signed into law the Social Security Number Fraud Prevention Act of 2017 (SSNFPA). This new law restricts the inclusion of SSNs on documents mailed by the Federal government.

According to the law, five years from now, Federal agencies cannot include a full SSN on any mailed item, unless the head of the agency deems it necessary and approves it.

Provisions of the SSN Fraud Prevention Act  

Within 30 days of the law’s September 15, 2017 enactment date, the Social Security Administration (SSA) and the 23 other Federal agencies in the Chief Financial Officer (CFO) Council were to submit to Congress an initial report on complying with the SSNFPA.

The first report would document all correspondence used by the agency in the prior year that included a full SSN. Additionally, the agency would include its implementation plan for removing the SSN from mailed correspondence.   

SSA and the other CFO agencies must issue regulations no later than 2022 specifying why the inclusion of the SSN is necessary. Agencies must also outline instructions for partial redaction where possible and require that the SSN not be visible on the outside of any mailed item. 

Further, beginning in September 2018, each agency must identify annually the documents mailed in the previous year with full SSNs, as well as report on its progress in implementing their removal plan.   

Ongoing Call to Limit Display of SSN

The White House and Congress for years have called for agencies to reduce their use and display of the SSN in official correspondence. For instance, in 2007, OMB issued a memorandum directing Federal agencies to review its practices in an effort to curtail the unnecessary collection and use of SSNs to protect personally identifiable information (PII). 

Last year, in SSA Correspondence Containing Full Social Security Numbers, our auditors reported that in 2015, SSA included full SSNs on about 233 million public notices it sent out, accounting for about 66 percent of 352 million notices mailed. After we issued this report, the Social Security Subcommittee proposed the Social Security Must Avert Identity Loss (MAIL) Act in May 2016. The law would require SSA to remove the full SSN from its correspondence, protecting beneficiaries and others who receive mail from SSA.  

Reducing SSN Misuse, Identity Theft

Although the SSN has become a basic requirement in Federal, State and local government records, and for numerous services such as health care, that was not the intent of the number when created in 1936. The SSN is for employers to identify and report an individual’s earnings accurately for purposes of Social Security and to allow SSA to administer retirement, survivors and disability benefits. 

Our audit and investigative work has found that when SSNs are unnecessarily used, the probability of inappropriate use increases significantly. Removing SSNs in non-essential situations, per the SSNFPA, is a step toward protecting PII and preventing identity theft and SSN-related fraud.