Lots of great comments about not collecting/retaining sensitive data in the first place.
Yes, we need to move away from SSN as a { unique-ID + secret } combo. But that's a non-trivial task.
I'm starting to think we need something like PCI for SSN: want to use a SSN? Bam! You are now subject to intense audits that will evaluate all your data practices (and for which you will be billed). Orrrr… use a third-party vendor and never touch this data.
That being said, it's still not a perfect option because Credit Card numbers can be rotated whereas SSN seems to be engraved in stone. Still following the Credit Card analogy, having multiple numbers would greatly help. Just the same as you don't go around (anymore) showing everybody your bank routing information and have multiple cards for various purposes, have multiple identity numbers:
- tax ID number
- driver's license number
- passport number
- medical record number (yes, MRNs are a thing, just prefix it with the org ID)
- medicare number
- actual social security number for only social security (and at this point, a new one + rebranding is in order)
Yes, we need to move away from SSN as a { unique-ID + secret } combo. But that's a non-trivial task.
I'm starting to think we need something like PCI for SSN: want to use a SSN? Bam! You are now subject to intense audits that will evaluate all your data practices (and for which you will be billed). Orrrr… use a third-party vendor and never touch this data.
That being said, it's still not a perfect option because Credit Card numbers can be rotated whereas SSN seems to be engraved in stone. Still following the Credit Card analogy, having multiple numbers would greatly help. Just the same as you don't go around (anymore) showing everybody your bank routing information and have multiple cards for various purposes, have multiple identity numbers:
- tax ID number
- driver's license number
- passport number
- medical record number (yes, MRNs are a thing, just prefix it with the org ID)
- medicare number
- actual social security number for only social security (and at this point, a new one + rebranding is in order)
- credit-worthiness number
- etc.