The Social Security number (SSN) was established in 1936 to track the wages of workers
covered under the Social Security system. Because of its use as a unique identifier,
the SSN is one of the most sensitive pieces of personal information in our records.
It is the key to identifying and retrieving most of the highly personal and sensitive
information we maintain about individuals.
Over the decades, the use of the SSN has expanded greatly beyond the original purpose
for its establishment. In fact, it has become the identifier of choice by all levels
of government and the private and commercial sectors, as a numerical key to their
recordkeeping systems. In some cases, Federal (and State) laws have been enacted that
authorize the use of the SSN for a specific purpose(s). In the vast majority of cases,
however, there are no Federal laws that either prohibit or authorize the use of the
SSN. Consequently, governmental and nongovernmental entities use the SSN as a personal
identifier for lawful purposes because of its availability as a unique identifier.
Some government agencies use the SSN for identification and administrative purposes.
The private sector uses the SSN for similar purposes, generally, without restraint.
For example, the private sector may refuse service or credit, or may deny admission
or membership, etc., to anyone unwilling to furnish his or her SSN. Generally, Federal
law does not control private sectors’ use of SSNs disclosed to them directly from
a number holder, other than criminal actions.
We have no authority over other entities’ collection and use of the SSN. Although
the SSN is widely used, it is our policy to verify SSNs, and SSN information, under
limited circumstances as allowed or required by Federal laws, such as the Privacy
Act (5 U.S.C. § 552a(b)), the Freedom of Information Act (5 U.S.C. § 552), the Social Security Act (e.g., 42 U.S.C. §§ 405(a); 405(c); and 1320b-7), and our disclosure regulations (20 C.F.R. §§ 401 and 402). We only disclose an SSN in narrow circumstances in which we have legal authority
and where we are able to identify the true number holder.
All Federal, State, or local government agencies that collect and use the SSN for
identification purposes must adhere to the requirements in section 7 of the Privacy
Act (5 U.S.C. § 552a, Note). For a discussion of the Privacy Act’s section 7 requirements,
see GN 03325.005B.1. We do not have any enforcement or other authority for Section 7 of the Privacy Act.
Such authority rests with the Office of Management and Budget.