How To Stop Businesses Storing SSNs Indefinitely?

The Angry Mick writes "My wife and I recently moved, and during the course of providing change-of-address information to the many companies we do business with, I asked each if they were storing a full Social Security number in their databases, and if so, could they remove it or replace it with an alternate identifier. Neither the experience nor the results were particularly enjoyable. On the positive end of the spectrum, some companies were more than willing to make a change, even offering suggestions for a suitable alternate such as a driver's license number. In the middle were companies that made things a little more difficult, requiring several steps up the management tree before speaking to someone with some actual authority to address the issue. Then there was DirectTV. This company not only flatly refused to consider the suggestion, but also informed me that even if I were to discontinue service with them, they still intended to keep my full SSN on file indefinitely. There is no logical reason for them to do this, and I'm not keen on the idea of being left vulnerable to identity theft should they have experience any security breaches at any future point in my life. So, my questions to the Slashdot community are: Has anyone else tried getting your SSN replaced or removed in corporate databases, and what were your experiences? And short of Armageddon, is there any way to force a company to erase your SSNs after you cease doing business with them, or is this a job for a lawyer or regulatory body?"

Re:Ugh, DirecTV should just go away

[Reece400]

If you provide your SSN to Comcast, they also store it indefinatly.
They use it for internal credit checks to make sure you don't owe them any money on previous accounts (and likely for other things as well).

That said you can usually setup an account without your SSN, but you'll need to set it up directly with your local office instead of by phone or internet.

Re:Something I've considered...

[jDeepbeep]

is it possible to do identity theft with only the SSN alone?

Unfortunately, yes. It provides enough of a building block (used both as an identifier and as an authenticator) to allow a moderately-clever person to build up the rest of the identity.

Re:Bad news. XD

[NickGnome]

"There must be a way for an individual to prevent information about him that was obtained for one purpose from being used or made available for other purposes without his consent."--- Elliot Richardson 1973 summarizing _Records, Computers, & the Rights of Citizens_ (quoted in Legislative History PL 93-579, Privacy Act of 1974, _Congressional Record_ vol 120, Senate Report #93-1183 pg 6924)

In practice, as you say, even the weak constitutional and statutory protections of privacy are most often ignored.

http://www4.law.cornell.edu/uscode/42/408.html

http://www.usdoj.gov/04foia/privstat.htm

http://www.cavebear.com/nsf-dns/pa_history.htm

http://www.cavebear.com/nsf-dns/5usc552a.htm

http://www.cms.hhs.gov/privacyact/patraining.asp

http://www.cms.hhs.gov/privacyact/pa.pdf

http://www.so.doe.gov/documents/privactof1974.pdf

http://www.epic.org/privacy/laws/privacy_act.html

https://www.cnet.navy.mil/privacyact1974.pdf

http://library.lp.findlaw.com/articles/file/00007/004477/title/subject/topic/constitutional%20law_freedom%20of%20information/filename/constitutionallaw_1_88

http://library.lp.findlaw.com/articles/file/00007/004477/title/subject/topic/constitutional%20law_freedom%20of%20information/filename/constitutionallaw_1_88

http://www.cpsr.org/cpsr/privacy/ssn/ssn.faq.html

http://www.cpsr.org/program/natlID/natlIDfaq.html