GAO Says SSNs Need Greater Protection
WASHINGTON-The Government Accountability Office recently examined how certain industries, including financial services, share, protect and use Social Security numbers. Congress had called for the study in light of recent security breaches that may occur when businesses share personal information. "Because private sector entities are more likely to share consumers' personal information via contractors, members of Congress raised concerns about the protection of this information in contractual relationships," according to the GAO report. What the GAO found after studying banks, securities firms, telecommunication companies, and tax preparation companies was that they share SSNs "for limited purposes" with contractors "when it is necessary or unavoidable." Most contracts included auditing and monitoring for contract compliance. Financial services companies must comply with the safeguarding of personal information provisions in the Gramm-Leach-Bliley Act, but the IRS does not monitor for compliance with its regulations and guidance to restrict SSN disclosure. The Federal Communications Commission told the GAO that it lacks the statutory authority to regulate SSN sharing and does not review telecommunications companies' activities.