Privacy and data security are hot topics when it comes to government because Washington is an easy target for hackers, yet the government does a poor job of data security.

It hasn't been until recently that federal agencies such as the IRS have started making concerted efforts to protect the information it collects on millions of Americans, but they still neglect simple recommendations on how to keep the private information of citizens secure.

The Social Security Administration (SSA) is case in point. Two out of three letters it mailed out included enough personal information that the recipient's identity could be stolen. The agency included full Social Security numbers (SSN) in 233 of the 352 million notices (66 percent) it sent out in 2015, according to SSA’s Inspector General. After auditing and investigating the SSA, more Social Security number have been unnecessarily used and there’s a high probability that they may be used inappropriately in the future.

Other government agencies that frequently use SSNs have scaled back or eliminated their use in correspondence, except the very agency that grants and tracks them. SSA claimed using Social Security numbers is central to their business practices. They had a litany of excuses for why Social Security numbers should be printed on mailed correspondence and they questioned the effectiveness and cost of removing the private info. Yet, they couldn't guarantee if they had the correct addresses for the intended recipients or whether the names, address, and full Social Security numbers fell into the wrong hands.

The report finds:

In the past, SSA stated that it did not believe the effort to remove SSNs from many of its notices was time- or cost-effective.  Further, SSA stated that several SSA policies require that the SSN be included on most notices. Moreover, SSA stated that including the SSN on many notices is necessary to avoid confusion.  For example, SSA indicated that beneficiaries use award and denial notices as official documents of eligibility or ineligibility.  Individuals often submit denial notices to attorneys to appeal the denial.  SSA believes that removing the SSN could cause confusion in some situations, particularly when there is an issue of eligibility on multiple Social Security records, such as disabled widows and disability applicants.  In another example, SSA stated that notices sent to third parties who are representing individuals with the same name could be complicated because the third party may have difficulty determining the correct individual he/she represents.  Finally, SSA stated that the SSN is the main source of identification for employer pay records and for wage reporting.  According to SSA, the SSN was developed solely to allow employers to uniquely identify and accurately report an individual’s earnings covered under the Social Security program.  Therefore, SSA maintains that an alternative number is not needed nor would it help the employer identify an employee and could make the employer less likely to complete SSA’s requests for information required to administer Agency programs… The total estimated cost is 107 work years, or approximately $14 million.  However, SSA did not provide us documentation to support the assumptions used to develop the cost estimate.  

If the SSA wants to talk about numbers, what about the cost of identity theft to Americans?

The recommendations to SSA are simple but would go far in protecting personal information: set a time line to remove Social Security numbers from mail correspondence and re-evaluate the costs attached to doing so. The inspector general thinks the SSA is inflating the projected costs as an excuse to get out of doing what they should be doing. However, as he rightly noted, “… it is important to address any known risk, especially if that risk is under the Agency’s control… SSA, as a Federal agency and public servant, has a duty to reduce opportunities for individuals who may have malicious intent to improperly obtain and use another’s SSN.”