GAO: Federal efforts to curb use of SSNs see 'limited success'

Jessica Kim Cohen - Print  | 

The U.S. Office of Management and Budget must strengthen federal efforts to reduce the use of Social Security numbers, according to a U.S. Government Accountability Office report.

Here are five things to know.

1. The federal government uses SSNs as unique identifiers for benefits, employment and taxation, among other services. However, in 2007 the Identity Theft Task Force recommended the OMB, Office of Personnel Management and Social Security Administration reduce unnecessary collection and use of SSNs, since they are key pieces of identifying information.

2. For its report, GAO sought to examine existing government efforts and plans agencies developed to eliminate unnecessary use of SSNs. The investigators analyzed guidance on protecting SSNs, evaluated SSN reduction plans and administered a questionnaire to 24 agencies covered by the Chief Financial Officers Act.

3. GAO found the 24 agencies developed and executed SSN reduction plans. However, all of the agencies continued to use SSNs for various purposes, most notably for federal employment and benefits. "These initiatives have had limited success," the report reads. "In 2008, OPM proposed a regulation requiring the use of an alternate federal employee identifier but withdrew it in 2010 because no such identifier was available."

4. The 24 agencies noted barriers to further SSN reductions, including regulations mandating SSN collection and technological constraints of agency systems. GAO said agencies lacked appropriate direction and monitoring from OMB, and often did not include time frames and performance indicators, among other elements, in their SSN reduction plans. OMB also did not define "unnecessary" use of SSNs.

5. GAO recommended OMB require agencies to develop complete plans to reduce collection, use and display of SSNs. It also recommended OMB require agencies to inventory systems containing SSNs, to update progress in annual reports and monitor progress based on defined performance measures.

"Until OMB requires agencies to adopt better practices for managing their SSN reduction processes, overall governmentwide reduction efforts will likely remain limited and difficult to measure," the report reads.

Click here to view the full report.

More articles on cybersecurity:
Third-party security flaw exposes information of nearly 9k Silver Cross patients
Microsoft: New email spam sends users to tech support scam websites
Uber enters settlement after FTC alleges deceptive data privacy claims: 6 things to know

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.