On April 13, 2011, Maneesha Mithal, Associate Director of the Division of Privacy and Identity Protection at the Federal Trade Commission (FTC), offered testimony before the House Ways and Means Committee's Social Security Subcommittee regarding how social security numbers (SSNs) are used in identity theft. The prepared comments began by noting that SSNs are used widely by numerous institutions to ensure accurate matching of consumers with the information. The comments also note that all levels of government rely on SSNs in administering programs and providing services to consumers. Such widespread use of SSNs, however, makes them readily available and valuable to identity thieves.
In addition to discussing the FTC's activities to combat identity theft, the FTC also outlined a four-pronged approach to preventing misuse of SSNs. First, the FTC recommended businesses adopt appropriate, risk-based consumer authentication programs that do not rely on SSNs alone to authenticate consumers. Second, the FTC urged Congress to consider creating national standards to reduce the public display and transmission of SSNs. Third, the FTC expressed support for national data security standards that would cover SSNs in the possession of any private sector entity. Fourth and finally, the FTC supported national data breach notification standards requiring private sector entities to provide public notice when they suffer a breach of consumers' personal information.