Good Privacy Move by the U.S. Treasury Department
My business credit card has a great benefit; it gives U.S. Savings Bonds for reaching certain, comparatively low, accumulated charge amounts. Over the past 7 years I've obtained dozens of Bonds that I plan to use for my sons' college. Unfortunately the credit card company is discontinuing this at the end of October...guess I'll have to shop for another card that provides the same type of benefit!
I have always looked forward to getting the Bonds, directly from the U.S. Treasury Department. The last set of Bonds I received were different, though. All the previous Bonds had my social security number printed on the bond. The most recent ones now, instead, have asterisks for the first 5 digits of my SSN, and just show my last 4 digits. What a nice surprise! I love to see when government agencies make changes to improve the privacy of our personally identifiable information (PII). Too many of the agencies are still much too careless with their practices of making PII too easily available, electronically and in printed hard copy documents, for way too many people to see.
Curious to see if they provided any additional privacy enhancements to their practices, I visited their site. I found their privacy impact assessment (PIA) from last year, required annually of all U.S. government agencies posted.
The table they used on pages 3 - 7 within their PIA is a nice summary format that organizations should consider using as a way to document each type of PII collected.
I would have liked to have seen more analysis of the security practices for the physical copies of PII and also PII that may be located outside their network (perhaps they don't allow this?); the PIA seemed to focus primarily upon the network computer systems. I saw nothing about the security of PII on the printed documents, such as Savings Bonds, themselves.
Well, although the change does not appear to be a result of their PIA, it is GOOD to see that now the SSN is no longer printed on the Bond itself. They did provide a webpage discussing the change to SSNs on the Bonds.
"7/28/2006
Treasury Protects Investor Privacy
To help protect savings bond owners' privacy and guard against identity theft, the first five digits of the Taxpayer Identification Number (TIN)-the Social Security Number (SSN) or Employer Identification Number (EIN)-will be masked on all paper Treasury savings bonds issued or replaced, starting August 1, 2006. Asterisks will replace the masked digits. For example, an SSN previously shown as 123 45 6789 will be inscribed as *** ** 6789, and an EIN previously shown as 12 3456789 will be inscribed as ** ***6789.Treasury is taking this action to eliminate the possibility, however remote, that the TIN could be seen by an unauthorized individual and used for identity theft.
This change applies to purchases of Series EE and I paper savings bonds. It also applies to Series E, EE, H, HH and I savings bonds issued in other authorized transactions, such as those involving reissues and replacements for paper bonds not received.
Customers must provide the full TIN with all purchase applications and transactions. Taxpayer Identification Numbers will continue to be used as identifiers in Treasury's record-keeping system. Bond owners must provide their full TIN when redeeming savings bonds.
Customers receiving paper savings bonds from the Federal Reserve Bank will receive an explanation of this change with their printed bonds."
Limiting where SSNs, and other PII, are printed on government documents is a good step toward better privacy practices.
Technorati Tags
information security
IT compliance
policies and procedures
social security numbers
government security
savings bonds
privacy impact analysis
awareness and training
privacy
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine