Comment Number: | 531096-00024 |
Received: | 8/2/2007 12:01:19 AM |
Organization: | Verizon Business Services powered by Cybertrust |
Commenter: | Gerard Onorato |
State: | NY |
Agency: | Federal Trade Commission |
Rule: | Private Sector Use of SSNs |
No Attachments |
Comments:
The use of SSN for various unique identifiers is so ingrained within the system that it would be difficult to totally remove the need for it in data exchange. Individual organizations are using the SSN as unique keys, data points for joins, searches and sorts. While most of this data can and should be remediated out, it would be difficult to remove it all. I believe the government should consider the PCI Data Security Standards in looking into organizational consumption of SSN data. A strong, prescriptive, approach combined with stiff penalties for non-compliance will be the most effective measure of controlling SSN abuse.