Stop Emailing Social Security Numbers

Recently we implemented a product to do content control on email. One of the main uses I have is looking for Social Security Numbers (SSN) in outgoing email. I did not like what I found.
I expected to just find the occasional person emailing their SSN to a spouse for benefits enrollment. I’ve talked with people who said expect to find business processes that are mailing around SSNs like mad. I guess the result is somewhere in the middle.
It looks like part of having a government clearance is having your SSN emailed around in the clear. The Director of physical security says that when setting up a cleared visit at a Army base it is mandatory to email SSNs in clear text. I find this hard to believe.
People dont get what a social security number is. It a (generally) unique identifier but people use it as an authenticator.
The Social Security Administration Reports (http://www.ssa.gov/pubs/10064.html) that:

Identity theft is one of the fastest growing crimes in America. A dishonest person who has your Social Security number can use it to get other personal information about you. Identity thieves can use your number and your good credit to apply for more credit in your name. Then, they use the credit cards and do not pay the bills. You may not find out that someone is using your number until you are turned down for credit or you begin to get calls from unknown creditors demanding payment for items you never bought.
Someone illegally using your Social Security number and assuming your identity can cause a lot of problems
The Social Security Administration protects your Social Security number and keeps your records confidential. We do not give your number to anyone, except when authorized by law. You should be careful about sharing your number, even when you are asked for it. You should ask why your number is needed, how it will be used and what will happen if you refuse. The answers to these questions can help you decide if you want to give out your Social Security number.

Seems like the kind of thing you’d want kept secret. I know some people have given up. With the amount of people that you legitimately (or not) give your SSN to, is it really just a lost cause. I’d say given the trouble that identity theft can cause I’d take caution.
But that’s the problem, even if you knew enough not to email your SSN to your buddy so he can get you into the White House Christmas tour, your manager is emailing your SSN and everyone elses so that access to a cleared facility can be arranged. Your Tax preparer is emailing your 1040. Your dentist didn’t wipe the hard drive before selling old equipment on ebay.
Ultimately you can only control what you control. Make sure surrendering your SSN is necessary. At thie point I might even ask how it is stored/transported. Only provide the number over a secure medium.

One Comment

Comments are closed.