GENEVA, SWITZERLAND – News just in from Utah: the 25,000 security breaches of US social security numbers at the state health department’s Medicaid servers turns out to be 280,000, reports Computerworld/CNN.
A month ago I wrote the sentence below, then didn’t get around to finishing the story. Now I wish I had.
You don’t have to be conspiracy theorist to be more than a little concerned about stories cropping up that people are asking for information you don’t need to give them, notably social networking log-ins and US social security numbers.
Worse are illegitimate requests for American social security numbers because many of the requests are borderline legitimate. Employers need them in the US, and some government offices need them – the case in Utah, where hackers managed to get in through a back door and steal the numbers.
So, any point in protecting them? If you believe there is some point in trying to protect your identity, then yes, definitely. If you’re throwing in the towel over privacy protection, read no further and start posting your bank pin codes on lamp posts and the Internet.
For the rest of us: a US social security number doesn’t need to be given out until a contract is signed. Credit companies and insurance companies don’t always need them although some employees are convinced, wrongly, that they do. But the numbers are printed on some health insurance cards, for example, making them less than private. The US Coalition for Sensible Public Records Access, in a 2008 paper on public documents, points out that you can’t have it both ways: data cannot be both public and private. The group has some helpful reflections on the bigger picture and what states in the US, for example, should be doing.
Here’s what the US Social Security Administration says, the official poop on the SS numbers and your rights:
“You should treat your Social Security number as confidential information and avoid giving it out unnecessarily. You should keep your Social Security card in a safe place with your other important papers. Do not carry it with you unless you need to show it to an employer or service provider.
“We do several things to protect your number from misuse. For example, we require and carefully inspect proof of identity from people who apply to replace lost or stolen Social Security cards, or for corrected cards. One reason we do this is to prevent people from fraudulently obtaining Social Security numbers to establish false identities. We maintain the privacy of Social Security records unless:
- The law requires us to disclose information to another government agency; or
- Your information is needed to conduct Social Security or other government health or welfare program business.
“You should be very careful about sharing your number and card to protect against misuse of your number. Giving your number is voluntary even when you are asked for the number directly. If requested, you should ask:
- Why your number is needed;
- How your number will be used;
- What happens if you refuse; and
- What law requires you to give your number.
“The answers to these questions can help you decide if you want to give your Social Security number. The decision is yours.”