You’re told over and over again to keep your Social Security number safe. Don’t give it out unnecessarily. Don’t keep it in your wallet.
That’s sound advice, but all it does is keep a bad situation from getting worse. Social Security numbers are in wide circulation today. The Internet speeds up access, but your privacy was cracked even before the Web.
“The horse has been out of the barn for a long time now, but we’ve only just noticed,” says David Medine, the Federal Trade Commission’s associate director for financial practice.
Believe it or not, it’s legal for private firms to sell, or reveal, Social Security numbers. When Congress passed the Privacy Act of 1974, it restricted the government’s use of Social Security numbers but left the private sector free to use them at will.
Until two years ago, anyone could buy numbers over the Web. Finally, Congress and the FTC prodded the database industry into limiting access.
The limitation agreement covers the 14 members of the Individual Reference Services Group, which includes the three major credit bureaus as well as the largest compilers of public records and other databases.
But although they cut out general public access, these companies still can sell your number (or part of it) to private detectives, lawyers, banks and insurers, among others.
Inevitably, some of the people with access will be dishonest or malicious–taking Social Security numbers and other personal data for illegal purposes.
Public records are one of the ways commercial databases get your number. The other way is from credit bureaus.
In the early 1990s, the FTC went after the three credit bureaus, for selling your credit information for “non-permissible purposes,” such as direct marketing. The FTC said that violated the Fair Credit Reporting Act.
Equifax quit voluntarily. Experian (then TRW) negotiated a written agreement on what it could and couldn’t sell.
The deal allows bureaus to sell your name, address, date of birth and Social Security number, but no other credit information that can be tied to you.
The third credit bureau, Trans Union, refused a deal, and has been fighting the FTC since 1992. Recently, the FTC ordered it to stop selling personal credit information, including your age, for marketing purposes. Trans Union will appeal.
The FTC staff had hoped the commission would limit the sale of Social Security numbers, too, but that didn’t happen. “The issue is getting hotter because it’s the key to identity theft,” Medine told my associate.
Armed with your name and Social Security number, someone can pretend to be you and apply for a credit card, using a different address. By the time you find out, your record will be tarred with unpaid bills.
It can take years of frustration and expense to get your good name back.
Attorney and reader Francis J. Menton Jr., of Willkie Farr & Gallagher in New York, got interested in safeguarding his number own SSN after three acquaintances had their identities stolen. As it turns out, there’s no way to maintain your privacy.
Credit bureaus say that you can’t opt out of databases used by organizations with a legitimate need for the information. The databases themselves won’t expunge your number or any other information. The Social Security Administration won’t change your number, except in extraordinary circumstances.
Menton checked my file for me, at a database service called Database Technologies, in Boca Raton, Fla. It contained not only my Social Security number but those of two of my kids, my son-in-law and the people who bought our old house. All can be legally disclosed, if it comes from public records, Medine says. And there’s nothing you can do.
