The damage from incidents such as this would be at least somewhat limited if organizations did not collect SS numbers when they have no legal purpose for doing so, and if people did not automatically comply when asked to supply these numbers. Whenever I go to the doctor and am asked to fill out the usual form while waiting the usual 90 minutes past my scheduled appointment time, I leave the ubiquitous space for my SS number blank. They are not paying me a salary, so have no legitimate need for this number. I know why they want it, and that purpose does not benefit me. Not once has this led to a problem: they know that there is no legal basis for demanding the number, but ask for it anyway, as they have nothing to lose by doing so.
I am routinely asked for my Social Security number by doctors and dentists, although they don't need it and really shouldn't be using it. I decline in a probably vain attempt to limit my ID theft/privacy risk, but I always feel like a loony when I do.
I never give out my SSN to anybody who isn’t a bank, current employer, or government agency, except in really special circumstances.
Doctors tend to be major offenders here - their forms always ask for SSN. I never fill it in and they often don’t even ask a follow-up. But when they do, I’ve almost always been able to still get out of it by telling them that I don’t give it out to anyone ever. Or I don’t remember it.
> Social Security numbers are the keys to the kingdom. In this country, people get a unique number when they’re born, and the Social Security Administration tells them it’s secret and valuable. Then we use that number to pay taxes, to get government benefits, to apply to college, to get a mortgage, to apply for a car loan, to open a bank account, to track our credit. We’re asked to hand over this number again and again to institutions that have failed to guard it.
This is the problem right here.
To that sorry list, I would add medical providers' offices (doctors and dentists), all of which seem to request social security numbers for some reason on their patient intake forms, when all they should need is the patients' insurance information as printed on their insurance card.
I think that we need to somehow make it harder for companies to request SSN if that continues to be a "secret". I cannot tell you how many times a Doctor's office casually asks for an SSN on a sheet of paper in plain text and I am like Why. I always fight that and found out that in a lot of cases, they just have it there and they didn't care when I didn't fill it. Some of them do force me (probably for credit/billing reasons) but I always try not to fill it out.
Also why are these phone companies persisting SSNs in database ? Why can't they run the credit check initially and discard the SSN. There should be laws around this and enforced. It is time to hold these companies accountable. We are so tired of being worried that our ID may get stolen.
> To that sorry list, I would add medical providers' offices (doctors and dentists), all of which seem to request social security numbers for some reason on their patient intake forms, when all they should need is the patients' insurance information as printed on their insurance card.
Insurance information changes over time though so it's simpler to just request the government issued GUID and use that to make sure you're associating the patient files correctly.
I think the only real solution would be for smart cards to come back into vogue and assign everyone a unique key along with their SSN. Proofs of identity for things that matter ie loans and other financial work could then be secured without significantly interfering with it's use as a unique identifier in cases where it doesn't need to be secure. (As wrong as it is to use SSNs that way it's ingrained enough in interactions and systems that trying to cut that off would be a big pain.)
(it's great if we get organizations not to hold onto personal information too, but at the level of society, the harm due to identity fraud is largely self-inflicted, we choose to allow organizations that fail to do reasonable diligence to push consequences onto individuals)
IMHO, these companies (and a lot of people) are pretending that social security numbers will be treating with extra care. Clearly, this is not the case.
> We’re asked to hand over this number again and again to institutions that have failed to guard it.
You’re asked to hand over the number, but you don’t always have to provide it. Really only the government needs to identify you with this number, and only for purposes related to the social security system. You don’t have to give it to your doctor’s office or bank. Often, a simple “I’d prefer not to disclose this because of identity theft” is fine. They may press you for it, and most people are too timid to resist. If they are insistent I’ll just make up a random string of digits and that’s always been ok. All they are looking for is nine digits so the computer form they are filling out lets them move on to the next page.
Tip: I leave the social security number blank for medical providers, and have never been asked for it verbally except once. I told them I don't feel comfortable with it, and the person said that was fine and moved on.
I usually don't give medical providers my social security number. It's on all their forms, but I just skip that section and no one has ever come back to clarify that it's required.
I have no idea if they can require it or not, but I always assumed it was optional because they wouldn't turn away foreigners without SSNs.
SSN should be just an unique number per person, nothing more, nothing less, never used for identification, only for having an unique number per person. It's impossible to ensure such a number doesn't leak so there also must be 0 consequences in that happening. That would require major legislative change.
Employers, like your phone company and gas company, use your SSN to identify you in their databases because it’s a unique number. It’s the lazy vendor’s way to track customers, and the lazy HR department’s way to track job applicants. And it’s frankly irresponsible. > http://www.asktheheadhunter.com/7696/wanted-hr-exec-with-the...
The USA should just bite the bullet and publish everyone's Social Security numbers. That way we can stop pretending they're some kind of secret password and finally force companies who don't want to be defrauded to stop using them. They should not be used for authentication in any way! It's crazy that non-secret information about me, like my SSN, birthday, home address, and mother's maiden name, can be used by anyone to prove that they are me.
SSNs were expressly intended not to be used as identification or authentication. Thing is, there was not alternative that people were guaranteed to have. I get it on principle, we don't like government giving us tracking numbers. It just seems totally impractical not to have this though.
We need to stop treating SSNs as if they are a secret. A SSN receives little more protection than a credit card number, and yet the consequences of having it stolen are far greater and much more difficult to remedy.
reply