Trending

BROWSE ALL TOPICS

DON SSN Reduction Plan

By Steve Muck - Published, January 21, 2011

The Social Security number (SSN) has evolved beyond its intended purpose to become the identifier of choice for many of the business processes within the Department of the Navy. While use of the SSN has become the enabler to identify and authenticate individuals, it is one of the key elements used for identity theft and fraud. Widespread use of the SSN has reached unacceptable levels and requires a department-wide effort to eliminate or reduce the collection, use, display and storage of this sensitive data element.

The SSN reduction plan will consist of two phases. Phase One is currently in progress. Phase Two will be implemented when Department of Defense guidance has been released. Details are provided below.

Phase One – Currently in Progress:

  • Justify continued use and collection of SSNs in all official Navy and Marine Corps forms.
  • Catalog all official DON forms using Naval Forms Online: https://navalforms.daps.dla.mil.
  • Eliminate all unofficial forms in use; either stop using or validate for official use. DON forms management officers, consulting with the Privacy Official, draft justifications using Secretary of the Navy Forms Management Manual (SECNAV M-5213.1) of January 2010 for all forms that fall within their area of responsibility. This includes: DD/SD forms, component-wide forms, command forms and installation forms. All reviews must include:
    • Copy of Privacy Act Statement;
    • Copy of official form;
    • Acceptable use (from list of 12). If you use "Other Cases," you must describe;
    • Actions taken to truncate, hide or mask SSN;
    • Statement regarding impact to business process if SSN were to be eliminated;
    • Potential for SSN to be replaced with another unique identifier;
    • Justify continued use and collection of SSNs in all information technology (IT) systems registered in the DoD Information Technology Portfolio Repository (DITPR)-DON;
    • DON Chief Information Officer will submit changes to the program manager that mirror the forms review process in April 2011 to eliminate the need for a data call; and
    • Data fields in DITPR-DON for IT systems with personally identifiable information (PII) must be verified for accuracy.
Phase Two – Awaiting Department of Defense Guidance:

  • Where continued use of SSNs is required, substitute another unique identifier for the SSN.
Challenges:
  • Without controls in place, the substitute for the SSN could become sensitive PII.
  • Despite the current SSN Reduction Plan, human error will still result in the loss and compromise of the SSN.
  • The DON does not control many of the forms requiring use of the SSN.
  • Elimination of the SSN or substituting the SSN for another identifier will incur unfunded program costs especially with IT systems.
Steve Muck is the DON CIO privacy team lead.

TAGS: Forms/Reports, IDManagement, Privacy

Related Policy
Processing of Electronic Storage Media for Disposal
Reduction of SSN Use Within DoD
Updated Plan to Remove Social Security Numbers from DoD Identification Cards
DON Social Security Number Reduction Plan for Forms Phase One
Safeguarding Personally Identifiable Information (PII)
Related News
PII Breach Articles from CHIPS Magazine
SSN Reduction Plan Phase 1 and 2 Results
Steps For Military Personnel to Take to Defend Against ID Theft
Privacy Tips
Rules for Handling PII by DON Contractor Support Personnel
Related CHIPS Magazine
Factsheet: National Background Investigations Bureau
Download CHIPS Magazine Mobile App!
Privacy Awareness Tips
Safeguarding Your Common Access Cards and Military Identification Cards
Strengthening Privacy Awareness and Protection
Related Resources
DoD and DON Issuances and Forms
Personally Identifiable Information Posters
2014 PII Brief
Privacy Act System of Records Notices
Inventory of DON Systems With Completed Privacy Impact Assessments

DON CIO Information

Online Services & Community