Social Security Numbers, Public Records and Privacy
2006 – A Wisconsin Department of Revenue contractor mailed Wisconsin tax booklets to 170,000 residents with their social security numbers printed on the address label;
2007 – The University of Wisconsin-Madison published the names, e-mail addresses, and social security numbers for two hundred faculty and staff of the UW-Madison’s Division of Information Technology in an online database; and,
2008 – The Wisconsin Department of Health and Family Services sent a mailing to 260,000 Medicaid participants with their social security numbers printed above their names on the address labels.
Social Security Numbers and Public Property Records
Unauthorized access to social security numbers also is an issue for the geospatial community as public property records are published over the Internet, often in combination with searchable online mapping applications. In 2006, the Public Records Industry Association (PRIA) developed model legislation and a set of best practices for the handling of social security numbers on property records.
Will Proposed Wisconsin Legislation “Fix” the Problem of Unwanted Disclosure of SSNs?
In Data Privacy Fix Broader Than Social Security Number, published in Wiscconsin Technology Network (WTN) on May 3, 2008, attorney Mark Foley provides an important critique of proposed Wisconsin Assembly bill AB 771, which is intended to protect our privacy against unauthorized disclosure of our social security numbers by the government; a quick snapshot of his article follows:
On March 5, the Wisconsin Assembly passed Bill AB 771, which prohibits any state agency from using a Social Security number as an identifier unless such use is required by state or federal laws or regulations, or is otherwise authorized by law. If enacted by the Senate and signed by the Governor, this bill will join many other laws in Wisconsin and elsewhere that limit the use of SSNs, but the issue involved is broader than SSNs alone. The passage of this bill should remind everyone of the need to apply the “Use Limitation Principle” to all information technology activities. … If the purpose of AB 771 is to prevent similar disclosures of SSNs in the future, it is not likely to succeed. This is because both state agencies involved are authorized or required by law to collect and use SSNs for their activities. These agencies will still have the SSNs and the data will still be at risk. The problem, and the solution, lie elsewhere.
Unauthorized uses or disclosures of SSNs often result from violation of the “Use Limitation Principle.” That is, to best protect privacy interests, data should be collected only for a specified limited purpose and not used for any other purposes. … The “Use Limitation Principle” would bar the use of a SSN for anything but its original purpose. Although you might still need the SSN somewhere in your payroll database to report earnings and tax withholding to the government, you would not use the SSN as your primary employee ID and would not use it to link various subcategories of data. Rather, you would develop one or more unique employee identifiers that do not include and are not based on the SSNs. Then, if data containing your identifiers are lost or stolen, the risks of data compromise are limited to your own database, and the risks of identify theft or other misuse are much reduced. And you would not allow, much less encourage, use of a SSN as a user ID or password. …
Source: Wisconsin Technology Network
Tags: AB 771, Identify Theft, Information Privacy, Mark Foley, Personally Identifiable Informaiton, PRIA, Privacy and Security, Property Records, Property Records Industry, Social Security Number, SSNs, Wisconsin
Dr. Lea Shanley is the founder and former co-Chair of the Federal Community of Practice on Crowdsourcing and Citizen Science, a vibrant community of 200 federal employees from more than 35 agencies. She is also a co-founding member of the Citizen Science Association. Dr. Shanley recently served as a Presidential Innovation Fellow at NASA, where she helped to foster a culture of open innovation. Prior to this, she founded and directed the Commons Lab at the Wilson Center, served in the US Senate as a Congressional Science Fellow, and worked with local and tribal communities to develop GIS-based decision support systems for city planning, natural resource management, coastal management, and disaster response through the University of Wisconsin-Madison.
Disclaimer: This is a personal blog of links to relevant news, events, and reports, provided for educational purposes only. The opinions and views contained therein are those only of the authors of the original articles. These opinions do not necessarily reflect those of the editor of this blog or or associated organizations.
Error: Twitter did not respond. Please wait a few minutes and refresh this page.
- RT @BioCollectives: .@WIRED @m_e_rhodes Great Read on #SidewaysDictionary by #Google tech incubator - The price of using analogies? @TheWil… 3 months ago
- RT @BioCollectives: Don’t know what a honeypot is? This plug-in uses analogies to make security terms totally understandable https://t.co/4… 3 months ago
- 125,615 hits