Testimony of Representative Brian Flaherty Submitted for the Record
Social Security Subcommittee Hearing on May 22, 2001
"Protecting Privacy & Preventing Misuse of Social Security Numbers"
Click here for a printer-friendly (letterhead format) of this letter (Adobe Acrobat Reader Required)
May 21, 2001
The Honorable E. Clay Shaw, Jr.
Chairman, Social Security Subcommittee
Room B316, Rayburn Building
Washington, DC 20515
Dear Chairman Shaw:
It is with regret that I must inform you that I will be unable to testify before you and the Subcommittee on Social Security on Protecting Privacy and Preventing Misuse of Social Security Numbers. The Connecticut House of Representatives will be in session with scheduled votes throughout the day. As Deputy Minority Leader, I must be present. The National Conference of State Legislatures (NCSL) has represented the states' interest in all aspects of social security, including the issue of use of social security numbers. I currently serve on the NCSL Executive Committee Task Force on Social Security. If there are additional hearings on this important issue, I would be pleased to participate and hope that you will include me or another state legislator on behalf of the National Conference of State Legislatures (NCSL).
The National Conference of State Legislatures (NCSL) supports efforts by the federal government to protect personal identifying information, particularly efforts to protect individuals from identity theft, fraud and misuse of personal information. We applaud your efforts to address privacy protection and prevent the misuse of social security numbers. It is critical that the states and federal government work collaboratively and cooperatively together on this issue.
As you are well aware, state legislatures and agencies have been examining this issue and changing how we use social security numbers and how they are protected. However, NCSL must oppose efforts that would likely impose administratively burdensome and costly unfunded mandates on the states, as well as preempt state government activities. It is our hope that as we work together, responsive solutions can be crafted that will examine the costs to state and local governments as well as the transition time needed to accomplish our shared goals.
State governments, like Connecticut have examined their policies in this area and agree that the federal government should do so as well. Two years ago, I testified before the House Judiciary Committee urging Congress to rescind its 1996 mandate that states require social security numbers on the face of state driver's licenses. NCSL opposed this mandate as an unfunded mandate and preemption of state authority. States prior to passage of the act had already moved away from using social security numbers as an identifier on the Driver's License or had begun to offer individuals the option to use another number. While we were successful in eliminating this federal requirement, it illustrates that the federal government has been inconsistent in its position on the usage of social security numbers. This indecision has increased costs to state and local governments, especially costs to reprogram computers.
Before mandating changes on the state, the federal government should examine its own role in the proliferation of social security number usage. For example, Child Support Enforcement law requires states to use social security numbers in databases, to match financial aid and employment records and, even require social security numbers on applications for state drivers licenses.
NCSL wholeheartedly agrees that government must act to protect personal identifiers, including the Social Security account number (SSN), which has come to be the primary identifier of individuals in the United States. Yet, NCSL is concerned that without a thorough review of how various sectors of government use the SSN in day-to-day operations it will be difficult to determine how best to protect individuals from improper use of the SSN. States have used the SSN as a unique identifier for some time, especially after some federal programs required their usage. State entities internally use SSNs in a variety of ways. SSNs are used to administer health and human services benefits for low-income families as well as employee benefits and retiree benefits. SSNs are used internally for public health programs, criminal justice systems, and state universities. SSNs are essential to tax administration and procurement systems. The costs of changing these databases to disallow the use of SSNs can be enormous.
We appreciate that you and your staff have clarified that the intent of any legislative effort on your part is to restrict display and sale of SSNs. We remain concerned however, that without a more comprehensive definition of what constitutes display, lawful and necessary use by state governments, political subdivisions and instrumentalities will be restricted. States also use SSNs as a crosscheck for fraud reduction. Due to constituent demand and recent Supreme Court decisions, states have moved to restrict and in many cases prohibit the sale of personal identifying information including the SSNs.
It is essential that federal policymakers get an accurate accounting of governmental and nongovernmental usage of social security numbers. NCSL staff has met with the U.S. Government Accounting Office (GAO) to provide information requested so that you will have the background necessary to draft comprehensive legislation that will adequately address the scope, effect and cost of the legislative changes you propose on all levels of government and on the private sector.
In Connecticut, we have examined our usage of social security numbers and made many changes to our laws and practices. This is not unusual. In many cases, state privacy statutes are stronger than protections provided under federal law. NCSL is especially concerned about efforts to preempt state authority to ensure privacy which merely mask attempts to weaken strong state privacy statutes. NCSL maintains that federal privacy efforts should strengthen existing protections not undermine them. Recent Connecticut privacy initiatives included:
- Repealed a requirement that municipal tax collectors collect every taxpayer's SSN. Removed a provision that was to have taken effect on December 1, 2000, requiring the Department of Motor Vehicles to give local tax assessors vehicle owners' SSNs (PA 98-261).
- Removed the SSN from the information that people who register to vote or respond to the voter canvass can voluntarily provide to registrars of voters, prohibited any voter registration official from disclosing to another government agency, as well as the public, the SSN of a voter who provided it under prior law, and removed a requirement that registrars of voters or the secretary of the state include registered voters' SSNs on the lists they must give to the jury administrator (PA 99-268).
- Made identification theft a class D felony for anyone to intentionally get another person's personal identifying information and use it for an unlawful purpose, including to get or attempt to get credit, goods, services, or medical information. The act defines "personal identifying information" as motor vehicle operator's license, Social Security Number, employee identification, demand deposit, savings account, or credit card numbers or someone's mother's maiden name (PA 99-99).
- Made sure that Registrars of Voters, and the Secretary of the State, cannot disclose SSNs to the public, nor can they use it as the voter identification number on the registry list (CGS ยง 9-35).
- And changed policies related to certain town officials who collect Social Security numbers (SSNs) in connection with their duties. The town clerk, as the town's registrar of vital statistics, records the SSN on marriage and death certificates, which are open records. But as a matter of practice, the clerk (1) covers the SSN when someone asks to inspect the record or (2) refers to the town's record index which shows only the names, dates, and events. The father's SSN can be included on the birth certificate of a child born out of wedlock but disclosure is restricted.
If federal law changes state government usage of SSNs, it is critical that the law defines what constitutes "use", "public display", "public access" and "derivatives of" Social Security Account Numbers. Without a clearer understanding of these concepts we are concerned that implementation of the legislation with be mired with legislative, administrative and judicial pitfalls. We are very concerned about the cost and administrative impact of prohibitions on the display of SSNs and derivatives for the purposes of identification of employees. State government and its political subdivisions, agencies and instrumentalities are large employers with multiple security and related concerns that may require the use and display of SSNs by employees, including student employees at higher education institutions. Without a more thorough definition of what constitutes prohibited display; government will be left with little direction in this area. We understand that one of the intentions of the provision is to prohibit the display of the SSN on badges worn by employees for both identification and security purposes. The costs to government to remove the SSN number from identification cards issued to employees is likely to be very high, while the bill remains silent on how these costs are to be offset.
It is critical that we ensure adequate transition time for policy changes. We understand that a multitude of activities would be prohibited including the use of SSNs to post grades at institutions of higher learning, even when other identifying information is not provided. Given the breadth of this provision we are concerned that two years may not be sufficient time for all sectors of government to cease prohibited display. Further, we believe full implementation of this provision will be very cost prohibitive on all levels of government. We are also concerned that the cost and administrative burden associated with the removal of SSN from Commercial Driver's Licenses remains high. We suspect that state may need more time to remove SSNs from these licenses.
Additionally, it is important that the federal government pay attention to the importance of SSNs in preventing fraud. We are concerned that removal of SSNs from checks/warrants issued by government may provide increased opportunities for fraud and theft, particularly upon those who share common sur- and proper names.
Finally, states can not be liable for the actions of third party administrators or processors. States and political subdivisions should not be held liable for the actions of third party administrators and processors should these contractors engage in activities prohibited by the legislation. We would appreciate additional detail in this area.
Again, we thank you for soliciting our input on this important measure. We look forward to working with you on this legislation. Should you or your staff have questions about our concerns or require additional information, please contact Sheri Steisel, Federal Affairs Counsel and staff to our Human Services Committee or Gerri Madrid, staff to our Federal Budget and Taxation Committee at NCSL at (202) 624-5400.
Sincerely,
Representative Brian Flaherty
Deputy Minority Leader
Connecticut House of Representatives
Cc: The Honorable Nancy L. Johnson
|
