New Bill Seeks to Eliminate Social Security Numbers as Uniform Identifiers

January 27, 2011October 22, 2014 by Christina Frangiosa

On January 7, 2011, Representative Ron Paul (R-TX) introduced a bill entitled the “Identity Theft Prevention Act of 2011” (H.R. 220). The Bill seeks to address the pervasive use of Social Security Numbers by various federal, state and local government agencies and to prevent identity theft by eliminating any use of those numbers in connection with government services. It prohibits governmental agencies from requiring mandatory or even voluntary disclosure of an individual’s Social Security Number in connection with documents filed by individuals.

The Bill includes amendments to the Social Security Act (42 U.S.C. 405(c)(2)), the Internal Revenue Code (26 U.S.C. §§ 6109(d)), and the Privacy Act of 1974 (5 U.S.C. 552a note, 88 Stat. 1909) in the following notable ways:

Social Security Act – H.R. 220 §§ 2(b) and (d)(2):
- Requires that Social Security Account Numbers be randomly generated instead of confirming to a specific numbering system (the Social Security Numbering Scheme is described in detail on the Social Security Administration’s archive);
- Provides that the Social Security Account Number be owned by the individual;
- Prohibits the Social Security Administration from divulging that number to anyone (other than the account holder himself/herself); and
- Requires that any pre-existing Social Security Numbers be declared null and void and reissued within 5 years of enactment of the Bill in accordance with the new “random generation” rules. Certain cross-references to the old numbers may be made, but these are limited.
Internal Revenue Code – § 2(c)(1):
- The section to be modified, 26 U.S.C. § 6109(d) currently states:
  - “(d) Use of social security account number. The social security account number issued to an individual for purposes of section 205(c)(2)(A) of the Social Security Act shall, except as shall otherwise be specified under regulations of the Secretary, be used as the identifying number for such individual for purposes of this title.”
- This section would be amended to read as follows:
  - “(d) Use of social security account number for Social Security and Related Purposes. The social security account number issued to an individual for purposes of section 205(c)(2)(A) of the Social Security Act shall, except as shall otherwise be specified under regulations of the Secretary, be used as the identifying number for such individual for purposes of section 86, chapter 2, and subtitle C of this title.”
Privacy Act – H.R. 220 § 3:
- Section 7 of the Privacy Act (5 U.S.C. § 552a (note)) currently reads as follows:
  
  Sec. 7(a) (1) It shall be unlawful for any Federal, State or local government agency to deny to any individual any right, benefit, or privilege provided by law because of such individual’s refusal to disclose his social security account number.
  
  (2) the provisions of paragraph (1) of this subsection shall not apply with respect to—
  
  (A) any disclosure which is required by Federal statute, or
  
  (B) any disclosure of a social security number to any Federal, State, or local agency maintaining a system of records in existence and operating before January 1, 1975, if such disclosure was required under statute or regulation adopted prior to such date to verify the identity of an individual.
  
  (b) Any Federal, State or local government agency which requests an individual to disclose his social security account number shall inform that individual whether that disclosure is mandatory or voluntary, by what statutory or other authority such number is solicited, and what uses will be made of it.
- Pursuant to H.R. 220, these provisions would be amended to read as follows:
  Sec. 7(a) (1) It shall be unlawful for any Federal, State or local government agency to deny to any individual any right, benefit, or privilege provided by law because of such individual’s refusal to disclose his social security account number.
  
  (2) The provisions of paragraph (1) of this subsection shall not apply with respect to any disclosure which is required under regulations of the Commissioner of Social Security pursuant to section 205(c)(2) of the Social Security Act or under regulations of the Secretary of the Treasury pursuant to section 6109(d) of the Internal Revenue Code of 1986.
  
  (b) Except with respect to disclosures described in subsection (a)(2), no agency or instrumentality of the Federal Government, a State, a political subdivision of a State, or any combination of the foregoing may request an individual to disclose his social security account number, on either a mandatory or voluntary basis.

The Bill also prohibits “Government Wide Uniform Identifying Numbers” (Section 4) and “Government Established Identifiers” (Section 5). These two prohibitions would go into effect on January 1, 2012.

Under Section 4, the Bill provides that “any two agencies or instrumentalities of the Federal Government may not implement the same identifying number with respect to any individual” except where authorized by 42 U.S.C. 405(c)(2) [the Social Security Act sections described above]. Id. § 4(a).

Under Section 5, the Bill prohibits any two federal agencies from implementing the same numbering system to assign individual identification numbers to any individual and from conditioning the receipt of any federal grant, contract, or funding on the adoption of a uniform numbering system by a state or local government entity or agency. The Bill makes it clear that “administrative simplification” cannot be the stated purpose in establishing or mandating a uniform standard for identification purposes. Id. § 5(b)(2).

Initial Purpose of Social Security Numbers

As initially implemented, the Social Security Numbering system was not intended as a universal numbering system, and indeed, was not adopted by other agencies as such until at least 1943, when an Executive Order mandated that if a numbering system was required to keep records on individuals, that the Social Security Numbering system be used. Executive Order 9397 (3 CFR (1943-1948 Comp.) 283-284). An interesting chronology of the history of policy changes to the Social Security Numbering System can be found at the Social Security Administration’s web site and the explanation of the meaning of each section of the Social Security Number can be found here.

Status of Legislation
Following its introduction on January 7, 2011, the Bill was referred to the House Ways and Means Committee and the House Oversight and Government Reform Committee.

Basic information about the Bill (except for the actual text) can be found through Thomas (Congress’s legislative portal) at this specific link. The actual text can be found here in a variety of formats, including text, XML and PDF.

Mandatory Restitution to Victims of Identity Theft in Pennsylvania Required

December 4, 2009October 22, 2014 by Christina Frangiosa

The Pennsylvania General Assembly recently amended its sentencing requirements to be imposed upon convicted identity thieves. On September 18, 2009, House Bill 222 was approved by Governor Rendell and became effective on November 17, 2009.

House Bill 222 amended the PA Crimes Code to mandate restitution by a convicted identity thief to “for all reasonable expenses incurred by the victim or on the victim’s behalf” to investigate the theft, bring civil and/or criminal actions in response, or to correct the victim’s credit record or negative credit reports. 18 Pa. Cons. Stat. Ann. § 1107.1(a). These expenses include: 1) attorneys’ and accountant’s fees for professional services; 2) fees or costs imposed by the credit bureaus to correct the credit reports, to undertake private investigations, or to contest “unwarranted debt collections;” and 3) court costs and filing fees. Id. § 1107.1(b).

This restitution sentence would be imposed in addition to any other restitution sentence or other order. See id. § 1107.1(a).

(Note that you can find the statutory sections cited above through West’s Unofficial Purdon’s Pennsylvania Statutes – I tried linking each separate section, but the individual links would not work. You will have to navigate through West’s table of contents and expand the listings under Title 18 to find the relevant sections discussed here.)

Prior Version of Restitution Requirement

The prior version of this restitution requirement had been codified in 42 Pa. Cons. Stat. Ann. § 9720.1 and took effect July 21, 2000. Section 9720.1 has been repealed, now that the provisions have been moved to the Crimes Code.

Amendments Recently Enacted

Section 1107.1 provides several important amendments beyond the provisions previously codified in 42 Pa. Cons. Stat. Ann. § 9720.1. Specifically, the current provision permits an identity theft victim to recover professional fees charged by an accountant as well as any costs that they incurred in connection with disputing debt collections that were undertaken without justification.

Identity Theft in PA (Generally)

Identity theft is considered an “offense against property” in Pennsylvania. A person commits identity theft if “he possesses or uses, through any means, identifying information of another person without the consent of that other person to further any unlawful purpose.” 18 Pa. Cons. Stat. Ann. § 4120(a).

Identifying information includes “documents [separately defined], photographic, pictorial or computer image of another person, or any fact used to establish identity, including, but not limited to, a name, birth date, Social Security number, driver’s license number, nondriver governmental identification number, telephone number, checking account number, savings account number, student identification number, employee or payroll number or electronic signature.” Id. § 4120(f).

The term “document” is defined to include broadly “any writing,” with certain non-exclusive examples provided: “birth certificate, Social Security card, driver’s license, nondriver government-issued identification card, baptismal certificate, access device card, employee identification card, school identification card or other identifying information recorded by any other method, including, but not limited to, information stored on any computer, computer disc, computer printout, computer system, or part thereof, or by any other mechanical or electronic means.” Id.

The determination of the severity of the offense will vary, depending on the total dollar value involved, the number of times the offender has committed this offense in the past and the age of the victim. Specifically, the offense is deemed to be a misdemeanor of the first degree if the total value involved is less than $2,000. Id. § 4120(c)(1)(i). The offense will be upgraded to a felony (of the third degree) when the amount exceeds $2,000 or when the offense is committed “in furtherance of a criminal conspiracy.” Id. § 4120(c)(1)(ii) and (iii). The degree is further upgraded for recidivists – for third or subsequent offenses, the offense is deemed to be a felony of the second degree. Id. § 4120(c)(1)(iv).

Finally, if the offense is committed against a person “60 years of age or older” or against a person who is “care-dependent” under 18 Pa. Cons. Stat. Ann. § 2713, the severity of the offense will be upgraded a degree. Id. § 4120(c)(2).

As a result, the severity of the offense can range from misdemeanor of the first degree through a felony in the first degree. 204 Pa. Code § 303.15. Under Pennsylvania law, the actual penalties imposed for these offenses will be established by reference to the Sentencing Code (42 Pa. Cons. Stat. Ann. § 9701 et seq.) and Sentencing Guidelines (204 Pa. Code §§ 303.1 – 303.18), but can include imprisonment of varying terms in addition to the restitution required by 18 Pa. Cons. Stat. Ann. § 1107.1 and 42 Pa. Cons. Stat. Ann. § 9721(c).

Resources to Combat Identity Theft

If you need further information about identity theft, there are numerous resources you can use. For instance:

Government & Consumer Advocate Links
* Better Business Bureau’s Information for Consumers about Identity Theft
* Credit Reporting Companies: Equifax, Experian, and Transunion.
* Federal Trade Commission’s Identity Theft Site
* Pennsylvania Attorney General Tom Corbett’s Identity Theft Toolkit
* Pennsylvania State Police – Identity Theft Prevention Guidelines (PDF document)
* US Postal Service – Report ID Theft by Mail

Commercial Providers or Evaluation Tools
* IDTheft.com – has some information about police reports and dealing with governmental agencies to start correcting their records.
* Comparison of the “Top 5” Identity Theft Protection Companies on the market
* Identity Theft Labs – also provides a comparison of the most popular ID Theft Protection sites
* Identity Theft Protection and Survival – offers books and other educational materials for sale

This is a non-exhaustive list, but should get you started. In addition to these resources, you may also want to consider checking resources offered by your bank, credit union or credit card companies; many of them offer tools to assist you in avoiding or recovering from identity theft.

(Please note that I have not thoroughly researched companies providing ID theft protection services – so what appears above are suggestions only of some of the third-parties that provide these services. Their listing here should not be taken to be an endorsement or any other support for the products or services that they offer.)

Privacy Resources on the Internet

April 30, 2009October 4, 2014 by Christina Frangiosa

Welcome to the Privacy and IP Law blog. As an initial matter, below are several resources on the Internet where you can find detailed information about privacy law. It’s by no means exhaustive, but it should give you a start to understanding some of the recent debate on privacy issues in the U.S.:

ACLU’s Current Privacy Initiatives

BBBOnLine, Inc. – provides tools to consumers and businesses alike in operating safely in the online environment.

Center for Democracy and Technology – Policy Posts re Privacy and Security Principles for Health Information Technology

Electronic Frontier Foundation – Provides current updates on various privacy initiatives.

Electronic Privacy Information Center, and specifically its report on Privacy of Social Security Numbers

FTC Identity Theft Page

Government Accountability Office – subscribe to e-mail updates at: http://www.gao.gov/subscribe/index.php. Some of the more relevant (and recent) reports are the following:

HEALTH INFORMATION TECHNOLOGY: HHS Has Taken Important Steps to Address Privacy Principles and Challenges, Although More Work Remains

(GAO Report, Sept. 2008)

PRIVACY: Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information

(Testimony before Senate Committee on Homeland Security and Governmental Affairs, June 18, 2008)

PRIVACY: Alternatives Exist for Enhancing Protection of Personally Identifiable Information

(GAO Report, May 19, 2008)

INFORMATION SECURITY: Protecting Personally Identifiable Information

(GAO Report, Jan. 25, 2008)

SOCIAL SECURITY NUMBERS: Use is Widespread and Protection Could Be Improved

(Testimony before House Committee on Ways and Means, Subcommittee on Social Security, June 21, 2007)

PRIVACY: Lessons Learned About Data Breach Notification

(GAO Report, April 2007)

PRIVACY: Domestic and Offshore Outsourcing of Personal Information in Medicare, Medicaid, and TRICARE

(GAO Report, Sept. 2006)

PERSONAL INFORMATION: Key Federal Privacy Laws Do Not Require Information Resellers to Safeguard All Sensitive Data

(GAO Report to Senate Committee on Banking, Housing and Urban Affairs, June 2006)

PRIVACY: Preventing and Responding to Improper Disclosures of Personal Information

(Testimony before House Committee on Government Reform, June 8, 2006)

SOCIAL SECURITY NUMBERS: Internet Resellers Provide Few Full SSNs, but Congress Should Consider Enacting Standards for Truncating SSNs

(GAO Report, May 2006)

SOCIAL SECURITY NUMBERS: More Could be Done to Protect SSNs

(Testimony before House Committee on Ways and Means, Subcommittee on Social Security, May 30, 2006)

SOCIAL SECURITY NUMBERS: Federal and State Laws Restrict Use of SSNs, Yet Gaps Remain

(Testimony before New York State Assembly, Committee on Consumer Affairs and Protection and Committee on Governmental Operations, Sept. 15, 2005)

Junkbusters – links to numerous privacy resources.

National Conference of State Legislatures – provides chart of current proposals for protection of Health Information, as well as specific resources to address Privacy Concerns. Specifically:
* E-Commerce Page – pending legislation on Digital Signatures and Uniform Electronic Transactions Act information can be found here.
* Electronic/Internet Privacy
* Enacted Social Security Number Legislation (2007 session, but updated in 4/08). See also Enacted Legislation in 2008.
* Health Information Technology Champions – provides a Health Information Technology Tracking Database (no separate link available), which permits you to search for legislation by state, or other filters.
* Identity Theft Legislation Page – Statutes are summarized separately: http://www.ncsl.org/programs/lis/privacy/idt-statutes.htm.
* Phishing / E-mail Fraud Legislation (as of January 2, 2009) – the list of laws enacted in 2007 addressing phishing are identified separately: http://www.ncsl.org/programs/lis/phishing07.htm.
* State Security Breach Disclosure Laws – a December 2008 article in State Legislatures separately addresses how effective certain of these laws have been to address identity theft concerns.

OnGuard Online – Numerous sources provided by various government agencies relating to Internet fraud schemes and identity theft. Sponsored by the FTC, Department of Commerce, the Department of Homeland Security, the IRS, NCIS, Office of Justice Programs, SEC, and the US Postal Inspection Service.

Privacy Rights Clearinghouse – fact sheets on numerous issues, including “Employment Background Checks: A Jobseeker’s Guide.”

TRUSTe

World Privacy Forum – co-hosted the first International Privacy and Security Conference in Tokyo, Japan, beginning on November 11, 2008. They also published a recent article outlining a Patient’s Guide to HIPAA, which explains key provisions of an otherwise complicated statute.

Some of these links also appeared in the inaugural issue of “International Data Protection and Online Security,” a joint newsletter of the ABA’s Section on International Law and the Online Security and E-Privacy Committee of the ABA’s Intellectual Property Law Section, of which I am a member of the editorial board.

Share this:

Share this:

Share this: