In terms of fleet management, SSNs are used by some fleet managers to ID company vehicles assigned to employee drivers. In certain instances, some fleet managers even use the SSN of a spouse or employee’s child with a valid driver’s license as part of the vehicle record if they are eligible for personal use of the company vehicle. All of these practices are risky since unauthorized individuals may view these records. This may violate state or federal privacy laws. In a worst-case situation, if identity theft occurs due to misuse of fleet records containing an individual’s SSN, it may set you up for a privacy violation lawsuit.
Laws Governing Social Security Number Usage
Employers are allowed to use an employee’s SSN as an employee identification number. However, the Social Security Administration discourages employers from displaying SSNs on documents that are viewed by unauthorized people. But many employers do not treat SSNs as confidential information, which is why legislatures are implementing laws to curb misuse.
For instance, in the state of Georgia, businesses are required to safely dispose of records that contain personal identifiers. Georgia Senate Bill 475 requires that business records – including data stored on computer hard drives – must be shredded or in the case of electronic records, completely wiped clean when they contain SSNs, driver’s license numbers, dates of birth, medical information, account balances, or credit limitation. The Georgia law carries penalties up to $10,000.
A federal law – the Social Security Number Privacy Act of 2004 – prohibits the printing on any identification card all or more than four sequential digits of an employee’s or other individual’s Social Security number.
California is another state that has enacted legislation to protect the confidentiality of SSNs. Since July 1, 2003, California state law (www.privacy.ca.gov) requires any company that maintains personal information in electronic data files, such as Social Security numbers, to notify any California resident whose information may have been accessed by unauthorized persons. The law was in response to an April 2002 incident in which the records of more than 200,000 state employees were accessed by a computer hacker. The California law exceeds federal protections, as there is no national requirement to notify individuals when personal information is accessed without authorization. In addition, the California state law prohibits SSNs from being printed on documents that are sent through the mail, with some exceptions.
Identity Theft is a Growth Industry
The SSN is not entirely random-generated. Although the procedures for issuing SSNs have changed over the years, a SSN can reveal an individual’s relative age and place of origin. The first three numbers (area number) are keyed to the state or area in which the number was issued. The next two digits (group numbers) indicate the order in which the SSN was issued in each area. The last four digits (serial numbers) are randomly generated.
With Social Security numbers accessible to many people, it facilitates identity theft. It is relatively easy for someone to fraudulently use your SSN to assume your identity and gain access to your bank account, credit accounts, and utilities record. In addition, large amounts of other personal information, including tax information, credit history, school records, and medical records, are also keyed to your Social Security number. This was never the intent of the original 1936 legislation that created the SSN. It took decades before use of SSNs was permitted for purposes unrelated to the administration of the Social Security System. It was as late as 1961 before Congress authorized the Internal Revenue Service to use SSNs as taxpayer identification numbers.
Why Take the Risk?
If you are using employees’ Social Security numbers as identifiers for the company vehicles assigned to them, discontinue the practice ASAP. There are too many opportunities for unscrupulous use of the data. If your company provides you access to this data, it is your responsibility to ensure its confidentiality.
There are many alternative vehicle identification methodologies you can easily implement. Why take the risk?
Let me know what you think.
Originally posted on Automotive Fleet