Tuesday, March 15, 2005

Not For Sale - U.S. Social Security Numbers

From my weekly "Legal Minute" radio segment, delivered in 2005

After the ChoicePoint debacle, involving the inadvertent sale of 145,000 U.S. Social Security numbers to crooks, lawmakers are taking a closer look at regulating the business of selling personal information. Social Security ("SS") numbers are used to verify sensitive personal information in a variety of contexts, from banking and credit reports to hospital records. Obtaining valid SS numbers is a prime objective for identity thieves. Now, the Federal Trade Commission (FTC) and US legislators are investigating the ChoicePoint security breach(es) in reference to a proposed ban on activities of data brokers; in particular, on the sale of SS numbers without first obtaining approval from the affected persons.

The proposed law sounds attractive but is it really?

Are lawmakers going after the right parties? Shouldn’t the thieves be the focus and, if so, shouldn’t legislators look at increasing penalties for identity thieves as well as imposing heightened security requirements upon data brokers?

If such a law is passed, I’m not so sure that it would actually protect consumers. For instance, could such a law contravene its intent by forcing consumers to divulge their SS numbers more frequently every time they wish to obtain a home loan quote, an insurance quote, open another bank account, or visit the doctor? Without ready access to SS data, will services organizations such as banks, insurers, medical institutions and private investigators be forced to increase their fees to consumers for the added trouble of verifying identities of its customers? Will prospective customers of these institutions be subjected to long, invasive and tedious identity verification practices? And, we are all users of the internet. How will this affect our user experience when we want to quickly investigate a quote on a property loan before making an offer, for instance?

I am concerned that the proposed law could do more harm than good and still not solve the problem. The problem is not the collection of our personal data and the brokers who hold that data because we all have an interest in that process (e.g., reduced fees, convenience, etc.).

The problem is that there is an incentive for thieves to obtain that data. Legislators need to address that incentive and seek to eliminate it.

This blog is for general information only and is not intended to serve as legal advice. Any liability or attorney-client relationship that might arise from your use of or reliance upon any content (including links) on this blog or from any email sent to me via this site or the web is expressly disclaimed. The content of this blog contains views of the author and shall not be attributed to Zent Law Group, PC.