--- Date: Fri, 14 Mar 2003 16:57:39 -0500 From: J Plummer <jplummerat_private> Subject: NCP: Privacy Villain of the Week: Federal Agencies Lax with SSNs Privacy Villain of the Week: Federal Agencies Lax with SSNs A report out this month reveals something shocking but sadly not altogether unexpected - federal agencies are incredibly lax when it comes to protecting the integrity of your Social Security numbers. <http://govt-aff.senate.gov/031103prescouncilrpt.pdf> The report was requested by the Senate Governmental Affairs Committee <http://govt-aff.senate.gov/031103presssc2.htm> and issued by the Social Security Administration Office of the Inspector General(OIG), after being compiled by the OIGs of 15 different federal agencies. The findings were shocking: · All but one of the 15 agencies participating in the study lacked adequate security controls over private contractors' access to and use of SSNs. · One agency had allowed contractor employees access to its database, including SSNs, before their background checks were completed. · Another didn't ensure contractors couldn't access databases after they stopped working for the agency. · Private contractors keeping personal identification information in unlocked cabinets, in storage rooms, and on desktops after working hours. · One agency didn't even know exactly which contractors had access to SSNs. · Nine agencies had inadequate controls over SSNs stored on computers. · Two federal agencies even had poor controls over non-Government and/or non-contractor access to SSNs. The lessons to be drawn from this debacle are eveident. Federal agencies have no financial incentive to respect the privacy of citizens -- their continued existence and growing budgets are virtually assured. At least when a business treats sensitive consumer data so shoddily, they face the prospect of consumer backlash and attendant financial hurt or ruin. Efforts should be made to bar the federal government from using the SSN as an identifier for anything but Social Security accounts. (At least one such effort is underway in the Congress right now. <http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.00220:"> ) And perhaps even more importantly, efforts such as those by the American Association of Motor Vehicle Administrators to create mandatory government databases of fingerprints or other biometric identifiers should be resisted. <http://www.nccprivacy.org/handv/011206villain.htm> Such databases would retain all the problems we see now with loss of privacy and identity fraud, with the potential for even more ruinous consequences, such as faked fingerprints planted at a crime scene. The revealing report of the IG shows that trusting the government to protect your privacy is a fool's game. And the negligent agencies have revealed themselves as Privacy Villains. By James Plummer The Privacy Villain of the Week and Privacy Hero of the Month are projects of the National Consumer Coalition's Privacy Group. Privacy Villain audio features now available from FCF News on Demand. For more information on the NCC Privacy Group, see www.nccprivacy.org or contact James Plummer at 202-467-5809 or via email. ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ ------------------------------------------------------------------------- Declan McCullagh's photographs are at http://www.mccullagh.org/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sun Mar 16 2003 - 23:09:28 PST