Trending

BROWSE ALL TOPICS

Acceptable Use Criteria for Systems Collecting SSNs

By DON CIO Privacy Team - Published, July 12, 2010

The following is a list of 12 acceptable use criteria for systems requesting the use of Social Security numbers.

  • Geneva Conventions Serial Number: As of the late 1960s, the Social Security number (SSN) has served as the Geneva Conventions serial number for Armed Forces of the United States. Many of the systems, processes and forms used by the Department of Defense categorize individuals by their SSNs. In many cases, it is essential to be able to identify individuals for the purpose of the Geneva Conventions. In addition, it may be necessary to access this number on short notice.
  • Law Enforcement, National Security and Credentialing: Almost every law enforcement application must be able to report and track individuals through the use of the SSN. This includes, but is not limited to, checks of the National Crime Information Center, state criminal histories and Federal Bureau of Investigation records checks.
  • Security Clearance Investigation or Verification: The initiation, conduct or verification of security clearances requires the use of the SSN. The SSN is the single identifier that links all the aspects of these investigations. This use case is also linked to other Federal agencies that continue to use the SSN as a primary identifier.
  • Interactions With Financial Institutions: Federal law requires that individuals who hold accounts with financial institutions must provide the SSN as part of the process to open accounts. It may, therefore, be required for systems, processes or forms that interface with or act on behalf of individuals or organizations in transactions with financial institutions to provide the SSN.
  • Confirmation of Employment Eligibility: Federal statute requires that all persons employed within the United States must provide an SSN or comparable identifier to prove that he or she is eligible to work for or with the U.S. government. Any system that deals with employment eligibility must contain the SSN.
  • Administration of Federal Worker's Compensation: The Federal Worker's Compensation Program continues to track individuals through the use of the SSN. As such, systems, processes or forms that interact with or provide information for the administration of this system or associated systems may be required to retain the SSN.
  • Federal Taxpayer Identification Number: The application of Federal and state income tax programs rely on the use of the SSN. As such, systems that have any function that pertains to the collection, payment or record keeping of this use case must contain the SSN. Additionally, individuals who operate business vehicles under their own name may use their SSN as the tax number for that business function.
  • Computer Matching: Systems, processes or forms that interact with other government agencies may require the continued use of the SSN as a primary identifier until such time as the applications to which they are linked move to some other identifier as a primary means for transferring, matching or checking information. These applications should be rigorously scrutinized to determine the availability of some other means of conducting these transactions.
  • Foreign Travel: DoD personnel are often required to travel beyond U.S. borders, which may require official clearance prior to travel. Currently, the SSN is used as the identifier for these purposes.
  • Noncombatant Evacuation Operations (NEOs): The Department of State requires that all persons repatriated to the United States as part of an NEO present their SSN as part of this process. Any systems, forms or processes supporting NEOs may be required to process individuals using the SSN as the primary identifier.
  • Legacy System Interface: Many systems, processes or forms that do not meet the criteria listed above for the continued use of the SSN may not be able to transition to another identifier in a timely manner due to the excessive cost associated with the change. In these cases, the continued use of the SSN may be acceptable for a specified period of time, provided that plans are in place for the migration from the SSN in the future. Plans to alter these use cases must take into account interactions with other applications as well as all methods for entry, processing or transfer of information from said application. It is critical that moving away from SSN use does not cause unacceptably long interruptions to continued operations.
  • Other Cases: The previous categories may not include all uses of the SSN delineated by law. If an application owner can show sufficient grounds that a use case not specified in this list is required by law, then that use case may continue to use the SSN. Any application that seeks to use this clause as justification must provide specific documentation to continue use under this justification.

TAGS: IA, IDManagement, Privacy, RM

Related Policy
Processing of Electronic Storage Media for Disposal
Reduction of SSN Use Within DoD
DITPR-DON Process Guidance v1.0
Department of the Navy Social Security Number Reduction Plan for Forms Phase One
DoD and DON Privacy Impact Assessment Guidance
Related News
DON IT West and East 2017 Conference Registration Now Open
Navy Mobile Apps Bring Information and Training to Your Smartphone and Tablet
DON IT Conference Presentations Available
PII Breach Articles from CHIPS Magazine
DON Digital Signature and Encryption Policy for Emails Containing PII
Related CHIPS Magazine
Factsheet: National Background Investigations Bureau
DISA Announces Video Series for the National Background Investigation System
Senior Officials: DoD Supports Strong Encryption for Defense, Commercial Security
Transparency Has Place in Intelligence World, DoD Official Says
DoD CIO Issues Information Technology Environment Way Forward
Related Resources
Personally Identifiable Information Posters
2014 PII Brief
Privacy Act System of Records Notices
Inventory of DON Systems With Completed Privacy Impact Assessments
2012 Social Security Number Reduction Brief

DON CIO Information

Online Services & Community