Skip to content
DWT logo
People Services Insights
About Offices Careers
Search
People
Services
Insights
About
Offices
Careers
Search
Advisories
Healthcare

FTC Recommendations on Identity Theft and SSNs for Private Sector

By Megan Vogel, Rebecca L. Williams, R.N., J.D., and Brent R. Eller
01.06.09
Share
Print this page

In response to a mandate from the President's Identity Theft Task Force, the Federal Trade Commission (FTC) issued its report, “Security in Numbers: SSNs and Identity Theft,” on Dec. 17, 2008. The report examines the role that Social Security numbers (SSNs) play in the problem of identity theft and contains five recommendations for Congress, the FTC, and private sector organizations that collect and use SSNs.

The FTC emphasizes the need for an approach designed to reduce the supply of and demand for SSNs while avoiding unreasonable impediments to the beneficial uses of SSNs. The recommendations in the report call on Congress, the FTC, and private sector organizations to:

  1. Improve consumer authentication: All private sector organizations that maintain consumer accounts should establish appropriate, risk-based consumer authentication programs. Congress should adopt the proper incentives for improving authentication through carefully tailored legislation.

  2. Restrict the public display and transmission of SSNs: Congress should require private sector organizations to restrict the display of SSNs on publicly available documents and identification cards and to limit the circumstances and means by which SSNs can be transmitted.

  3. Establish national standards for data protection and breach notification: All private sector organizations that collect and store sensitive consumer information should safeguard such information against unauthorized use. Congress should adopt national standards that require private sector organizations to provide notice when a breach of consumers' personal information occurs that creates a significant risk of identity theft or other harm.

  4. Conduct outreach to business and consumers: The FTC should continue outreach to private sector organizations and consumers in the area of identity theft prevention. The FTC should communicate to private sector organizations the importance of collecting SSNs only when necessary, reducing the use of SSNs as internal identifiers, limiting employee access to SSNs, and properly storing and disposing records that contain SSNs.

  5. Promote coordination and information sharing on use of SSNs: The FTC should help private sector organizations share information about their experiences and approaches to consumer authentication, SSN usage, and identity theft prevention.

The FTC emphasizes that any legislation resulting from its recommendations should both be consistent with existing identity theft prevention laws and “provide flexibility to private sector entities to implement a program that is compatible with their size, the nature of their business, and the specific authentication risks they face.”

The FTC's report, “Security in Numbers SSNs and ID Theft” may be found at: http://www.ftc.gov/os/2008/12/P075414ssnreport.pdf

Related Articles

DWT logo
©1996-2025 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Not intended as legal advice. Prior results do not guarantee a similar outcome.
Media Kit Affiliations Legal notices
Privacy policy Employees DWT Collaborate EEO

SUBSCRIBE
©1996-2025 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Not intended as legal advice. Prior results do not guarantee a similar outcome.
Close
Close

CAUTION - Before you proceed, please note: By clicking "accept" you agree that our review of the information contained in your e-mail and any attachments will not create an attorney-client relationship, and will not prevent any lawyer in our firm from representing a party in any matter where that information is relevant, even if you submitted the information in good faith to retain us.