Many colleges and other institutions have dumped Social Security numbers to identify people because of the ongoing security risk. Finally, the federal government is jumping on the bandwagon. The Office of Management and Budget recently issued a memo giving federal agencies 120 days to come up with a plan to eliminate the use of SSNs, reports the Washington Post
"Safeguarding personally identifiable information in the possession of the government and preventing its breach are essential to ensure the government retains the trust of the American public," wrote Clay Johnson III, a deputy director at the OMB.
Announcements of government security breaches are seemingly commonplace, putting employee and former employee personal data at risk for identity theft. But federal agencies have a legal obligation, under the Privacy Act of 1974 and the 2004 Federal Information Security Management Act, to protect personal data.
The OMB announcement also includes a directive to implement identity breach notification polices and a mandate to take steps to protect federal information on laptops and other mobile devices through encryption, time-out functions and other controls.
"The OMB needs to do a much better job of enforcing the Privacy Act across the federal government than it has done so far," said Marc Rotenberg, executive director at the Electronic Privacy Information Center, which monitors civil liberties issues.
"People are tired of reading about security breaches and being told to sign up for credit monitoring services. If the federal government can't protect the information, then it shouldn't collect it," he said.