I agree completely with items 1 and 3, but 2 isn't really practical. A person's employer doesn't just need the SSN for verification, they need it to send tax-related data to the IRS, and if your student has loans the SSN is needed for sending data about loans to the Department of Education. It would be impractical for them to ask the employee or student for this information every time it was needed, so they store it. It would be better to purge this data when it is no longer needed, though.
The solution is single-user tax/benefit-account identifiers: someone gives you their authorized-user identifier, you go to the issuer of your private id (SSA, IRS, whoever) with it and get a single-use identifier for you to use for that user, and you give them that, not your main identifier.
Ideally, the identifier they give you would be not be the one that they use to government either, but one tired to it
reply