Minimizing the Use of Social Security Numbers in Government Programs

You are here

June 08, 2015

As government agencies and businesses increasingly rely on electronic communications, benefits and commerce, there is an ever-greater opportunity for data breaches and identity theft. Recently, we have witnessed cyberattacks on well-known retailers and service providers that have resulted in data breaches affecting millions of consumers. It is likely that each of us knows someone affected by these breaches – perhaps it has even happened to you.

As criminals become ever more sophisticated in obtaining personal information, government and private industry must take all appropriate measures to safeguard the information of the citizens we serve.

Social Security numbers are one of the most common means of identifying individuals in the United States. There are many purposes that legally require a Social Security number, including collection and use by employers for tax reporting purposes. Many government programs also use Social Security numbers to identify participants, both electronically and on mailed print materials.

Although a Social Security number may be a valuable piece of information to identify and authenticate individuals, some uses may be more for convenience or out of habit.

As a result of greater awareness and concern about protecting personal information, most private health insurance companies have abandoned the use of Social Security numbers to identify individuals. In April 2015, President Obama signed a bill that will end the use of Social Security numbers on Medicare cards and replace them with a randomly generated identifier. We applaud these efforts to protect the identities of consumers and minimize their risk for financial loss.

At MAXIMUS, our corporate policies limit the use of Social Security numbers, unless required by law, contract, or explicit client directive. We encourage all of our government clients, vendors and business partners to eliminate the collection of unnecessary personal information, particularly Social Security numbers, and to tightly control and limit their use when absolutely necessary.

We have developed an issue brief on this important issue. This document provides considerations for “don’t collect what you don’t need” and best practices to guide decisions for protecting this sensitive information.