Ways and Means Introduces Bipartisan Social Security Number- Identity Theft Prevention Bill

Jul 16, 2007
Press Release

 

WASHINGTON, D.C. - Social Security Subcommittee Chairman Michael R. McNulty (D-NY) and Subcommittee Ranking Member Sam Johnson (R-TX) will join Chairman Charles B. Rangel (D-NY), and Ranking Member Jim McCrery (R-LA) today to introduce a bipartisan bill designed to address the growing problem of identity theft.

During the course of the 16 hearings conducted by the Subcommittee, numerous experts testified that the easy availability of Social Security numbers (SSNs) in the public and private sectors, combined with the number’s widespread use as an individual identifier, greatly facilitates the crime of identity theft. The bill would restrict the use of the SSN by government and business, to make it less accessible to identity thieves, while providing exceptions for legitimate and necessary uses of the number.

 

"Identity theft ruins individuals’ good names and destroys their credit ratings," said Chairman McNulty. "Identity thieves have stolen the homes of elderly retirees, and have caused innocent persons to be arrested when crimes are committed under a falsified identity. It is time to place some common-sense limits on the use of Social Security numbers by government and businesses in order to reduce their easy availability and ensure the privacy of this sensitive information. I look forward to working with my colleagues to move this legislation forward."

 

"By some counts, more than 150 million Americans’ private information may have been compromised in some way over the past two years alone," said Ranking Member Johnson. "The best way to stop Social Security numbers from being compromised is to limit their availability in the first place, and that is what this bill does."

Click here to view a list of co-sponsors

Click here to view the signed text of the bill

 

 

A summary of the bill:

 

Social Security Number Privacy and Identity Theft Prevention Act of 2007

 

Provisions related to Social Security numbers (SSNs) in the public and private sectors

 

Federal, State, and local governments would be prohibited from:

 

• Selling SSNs (limited exceptions would be allowed, such as to facilitate law enforcement and national security, to ensure the accuracy of credit and insurance underwriting information and certain other Fair Credit Reporting Act purposes, for tax purposes, for research purposes, and to the extent authorized by the Social Security Act). Further exceptions may be made for other purposes by regulation.

• Displaying SSNs to the general public, including on the Internet.

• Displaying SSNs on checks issued for payment and accompanying documents.

 

• Displaying SSNs on identification cards and tags issued to employees or their families; patients and students at public institutions; and Medicare cards.

• Employing prisoners in jobs that provide them with access to SSNs.

 

• Requiring the transmission of SSNs over the Internet without encryption or other security measures.

 

 

 

The private sector would be prohibited from:

 

• Selling or purchasing SSNs (limited exceptions would be made for law enforcement (including child support enforcement); national security; public health; health or safety emergency situations; tax purposes; to ensure the accuracy of credit and insurance underwriting information and certain other Fair Credit Reporting Act purposes; if incidental to the sale, lease or merger of a business; to administer employee or government benefits; for some research; or with the individual’s affirmative, written consent). Further exceptions may be made for other purposes by regulation.

• Displaying SSNs to the general public, including on the Internet.

• Displaying SSNs on checks.

 

• Requiring the transmission of SSNs over the Internet without encryption or other security measures.

• Making unnecessary disclosures of another individual’s SSN to government agencies.

 

• Displaying the SSN on cards or tags issued to employees, their family members, or other individuals.

• Displaying the SSN on cards or tags issued to access goods, services, or benefits.

 

• Public and private sectors would be required to safeguard SSNs they have in their possession from unauthorized access by employees or others.

• Sale, purchase, or display of SSNs in the public or private sector would be permitted by regulation in other circumstances, when appropriate. In making this determination, regulators would consider whether the authorization would serve a compelling public interest and would consider the costs and burdens to the public, government, and businesses. If sale, purchase, or display were to be authorized, the regulation would provide for restrictions to prevent identity theft, fraud, deception, crime, and risk of bodily, emotional, or financial harm.

• A person would be prohibited from obtaining another person`s SSN to locate or identify the individual with the intent to harass, harm, physically injure or use the individual`s identity for an illegal purpose.

• Would specify that, wherever a truncated SSN is used, it must be limited to the last 4 digits of the number. (This truncation standard does not change the permissible uses of the SSN.)

• State law governing use of SSNs would not be preempted where state law is stronger.

 

• The National Research Council would be required to conduct a study to evaluate the feasibility of banning the use of the SSN as an authenticator.

 

Enforcement

 

New criminal penalties (up to 5 years imprisonment and fine up to $250,000) and civil penalties (up to $5,000 per incident) would be created for violations of the law relating to the display, sale, purchase, or misuse of the SSN, offering to acquire an additional SSN for a fee, and for selling or transferring one’s own SSN.

• Prison sentences would be enhanced for SSN misuse associated with repeat offenders (up to 10 years), drug trafficking or crimes of violence (up to 20 years), or terrorism (up to 25 years).

• New criminal penalties (as much as 20 years in prison and fine up to $250,000) and civil penalties (up to $5,000 per incident) would be created for Social Security Administration employees who fraudulently sell or transfer SSNs or Social Security cards.

• The bill permits enforcement by the Social Security Administration (which would have civil monetary penalty authority); the Department of Justice (which enforces criminal violations of federal law); and state attorneys general (who would be granted civil enforcement authority over private-sector users and state and local government). In addition, individual victims affected by violations of this bill by federal agencies would be provided with limited legal recourse to stop an agency’s violation and recover any actual damages they may have suffered.

###