From Government Executive:
Office of Personnel Management issued a final rule Friday that would cull Social Security numbers any mailed document in an effort to prevent fraud.
The rule, which was published in the Federal Register, is part of the implementation of the 2017 Social Security Number Fraud Prevention Act and is designed to help protect the identifiers, which can be used in various forms of identity theft. …
8 comments:
I thought SSA did this years ago with letters. Would this mean only printing the last 4 numbers of SSNs on applications?
SSA does it on the vast majority of its correspondence via what is called a beneficiary notice control (BNC) number generated for each SSN. SSA still has SSNs on a lot of stuff, though, mainly due to the fact that many of its systems are so primitive and updating them to use BNCs is both very difficult and expensive. Easier to re-engineer the systems to use them as they modernize things.
Now, whether or not this works long term will depend upon how SSA is generating the numbers. If (and I strongly suspect this to be the case, based upon input and output of the system that manually creates them) the BNC numbers are generated by a cryptographic hash algorithm from the actual SSN, someone outside SSA will eventually derive their own way to decode the BCNs and render SSA's whole solution moot.
The only way to truly protect SSNs is to use letter identifiers totally separated from and not connected to SSNs. As this would be very expensive and resource intensive solution (plus, raising political issues of "national ID numbers" for the snowflake wingnut brigades), I don't see it happening anytime soon across the board. Each agency will just meander along and kinda do its own thing.
lots of medical records have the SS# in them; wonder how they will handle those?
I don’t understand why medical offices ask for a ssn. I always refuse to give it. Someone at a doctors office said they ask for it to make it easier to go to collections if needed. Don’t know if that is true. Never had anyone insist I give it when left blank on any intake forms.
This only applies to OPM correspondence to federal employees.
@8:54 - They just tell you that they're not responsible for data breeches. But yes, there have been a LOT of data leaks (3 separate for me, one doctor and 2 hospitals). Pretty sure my SSA number is out there. Hospitals/doctors need to go back to paper records if you ask me. It's a pain, but nobody's gonna hold them ransom or steal the information.
@12:16pm,
That is exactly what it is. They want your SSN so they can more easily sic the collection agencies on you or to sue you when you don't pay.
I gave the doctor's office an SSN very similar to mine with just two numbers transposed. Then it looks like I just made a mistake if later found out. So far, so good and it's been 30 years.
Post a Comment