Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Many, Many Methods Of Cyberattacks | Main | Company Uses Negotiated Checks For Packing Material! »

Despite 45+ U.S. Federal Laws, SSNs Still Widely Misused & Breached...Why?

It amazes me how many news articles are frequently reported that are related to the misuse or breach of social security numbers (SSN). Today just a few the stories that popped up included:

* "Children are appealing targets for ID theft; parents can guard them"

Points out how children's SSNs are widely used for identity theft.

* "Fla. student test scores online in security breach"

SSNs were among the infomation items posted.

* "Inseparable in life, twins still united by Social Security error"

Interesting story that points out how SSN mistakes happen, and some of the consequences of those mistakes.

Do you know the laws that address how SSNs can, and cannot, be used?

Does your employer know?

If you are a business owner or business leader, do you know?

If you are an information security, privacy or compliance professional do you know?

Here is the final part of the first article, "(Mis)Using Social Security Numbers in Business," within my August issue of IT Compliance in Realtime Journal, which discusses the use of SSNs (get the nicest version of the full journal here)...

_______________________________


Laws Covering SSN Use

There are numerous existing and proposed U.S. federal and state laws and regulations that include directives for how SSNs must be handled, used, or protected. There are dozens of state-level laws; most of the states have laws that cover SSN use in one way or another.

It is out of the scope of this article to provide a listing of them, but if enough interest exists, I will plan to provide a listing in a future article.

Table 1 contains some of the existing federal laws that address SSN use in one way or another. I started compiling this list back in 2003, and I recently added several more entries from a very useful report the FTC put out in November 2007 entitled "Staff Summary of Comment and Information Received Regarding the Private Sector's Use of Social Security Numbers."

This list is not comprehensive but should provide you with a very good starting point for looking into how you use SSNs within your organization as they are in compliance with the requirements of these laws.

Note that laws and regulations often do not use the term "Social Security Number" but instead use "taxpayer identification numbers" within which SSNs are a subset. The brief descriptions are provided to give you an idea of what the law or regulation covers but should not be viewed as representing the full details of the document or as legal advice. Always check with your legal counsel to discuss and interpret how the law may impact you and/or your organization.

[Table 1: Lists 45 Federal laws and regulations covering different types of SSN use. See it within the full PDF version of this article.]

_______________________________

Tags:                      
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on August 20, 2008 4:23 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/790

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.