Main Nav

FTC's SSN Report Recommends Stronger Authentication Practices Among Other Measures

The Federal Trade Commission has issued its final report on "Security in Numbers: SSNs and ID Theft". The report, based upon extensive fact-finding by the FTC that included a workshop with remarks from three experts from higher education, focuses on the use of SSNs in the private sector. The report was developed pursuant to a recommendation of the President's Identity Theft Task Force, which was established in May 2006 to develop a coordinated plan to prevent identity theft, prosecute identity thieves, and help victims recover from the crime.

Below is a summary of the final recommendations:

Recommendation 1: Improve Consumer Authentication (to make it more difficult to use SSNs to commit identity theft) - "the Commission recommends that Congress consider establishing national consumer authentication standards covering all private sector entities that maintain consumer accounts."

Recommendation 2: Restrict the Public Display and the Transmission of SSNs (to curtain the supply of SSNs to wrongdoers) - "the Commission recommends that Congress consider creating national standards for the public display and the transmission of SSNs."

Recommendation 3: Establish National Standards for Data Protection and Breach Notification (to curtain the supply of SSNs to wrongdoers) - "the Commission reiterates its prior recommendation that Congress consider establishing national data breach notification standards requiring private sector entitites to provide public notice when the entity suffers a breach of consumers' personal information and the breach creates a significant risk of identity theft or other harms."

Recommendation 4: Conduct Outreach to Businesses and Consumers (to curtain the supply of SSNs to wrongdoers) - "the Commission recommends increasing education and guidance efforts as additional steps to help reduce the role of SSNs in facilitating identity theft". Such a campaign would include the following messages:

  • the importance of collecting SSNs only when necessary and storing them only as long as necessary;
  • steps businesses can take to reduce the use of SSNs as internal identifiers;
  • proper displosal of SSNs;
  • the importance of securing SSNs (such as by encrypting them) during their tranmission; and
  • limiting employee access to SSNs and conducting employee screening and training.

Recommendation 5: Promote Coordination and Information Sharing on Use of SSNs - "the Commission recommends that appropriate governmental entities explore helping private sector organizations establish a clearinghouse of best practices, enabling those organizations to share approaches and technologies on SSN usage and protection, fraud prevention, and consumer authentication."