[Congressional Record Volume 147, Number 21 (Wednesday, February 14, 2001)]
[Senate]
[Pages S1395-S1396]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. SHELBY:
  S. 324. A bill to amend the Gramm-Leach-Bliley Act, to prohibit the 
sale and purchase of the social security number of an individual by 
financial institutions, to include social security numbers in the 
definition of nonpublic personal information, and for other purposes; 
to the Committee on Banking, Housing, and Urban Affairs.
  Mr. SHELBY. Mr. President, I rise today to introduce the Social 
Security Privacy Act of 2001. This legislation would prohibit the sale 
and purchase of an individual's Social Security number by financial 
institutions and include Social Security numbers as ``nonpublic 
personal information'' thereby subjecting the sharing of Social 
Security

[[Page S1396]]

numbers to the privacy protections of the Gramm-Leach-Bliley Act.
  I believe Congress has a duty to stop Social Security numbers from 
being bought and sold like some common commodity. While the Social 
Security number was created by the federal government to track workers' 
earnings and eligibility for Social Security benefits, we all recognize 
that it has become something much more than that. The number is now the 
key to just about all the personal information concerning an 
individual.
  There was never any intention or consideration for financial 
institutions to use a person's social security number as a universal 
access number. Such easy access and extreme availability of personal 
information leads to adverse consequences including fraud, abuse, 
identity theft and in the most extreme cases--staking and death.
  While Congress waits to act, the number of incidents involving 
identity theft are rapidly increasing. In fact, last year the 
Washington Post, reported that ``ID Theft Becoming Public Fear No. 1.'' 
The New York Times noted that, ``Law enforcement authorities are 
becoming increasingly worried about a sudden, sharp rise in the 
incidence of identity theft, the outright pilfering of peoples personal 
information for use in obtaining credit cards, loans and other goods.''
  Not only is identity theft happening more often, recent events 
confirm that no one is immune from this problem. Just last month, a 
California man was convicted of using Tiger Woods' Social Security 
number to obtain credit cards that he used to run up more than $17,000 
in charges in Mr. Woods' name.
  Identity theft can affect anyone. It is extremely serious. It costs 
our economy hundreds of millions of dollars each year. Once it occurs, 
it is very difficult for the victim to restore his or her good name and 
credit rating. The incidences of identity theft are growing at an ever 
increasing pace.
  Now, how does identity theft relate to the average financial 
institution? In 1999, a reputable Fortune 500 company, U.S. Bancorp, 
legally sold account information--including Social Security numbers--of 
one million of its customers to MemberWorks, a telemarketer 
of membership programs that offer discounts on such things as travel to 
health care services. Now some may believe we stopped such activity by 
including a provision, Section 502 (d), in the Gramm-Leach-Bliley Act 
limiting the ability of institutions to share account information with 
telemarketers.

  That provision, however, does not stop a financial institution from 
buying and selling individual Social Security numbers. Indeed, it is 
even legal to sell individual's birth date, and mother's maiden name. 
If you have those three things, you have the keys to the kingdom--not 
to mention any and every account that individual has.
  The evolution of technology is making the collection, aggregation, 
and dissemination of vast amounts of personal information easier and 
cheaper. The longer we wait to act on this very important issue--an 
issue that is supported by a vast majority of Americans--the more the 
American people lose confidence in the U.S. Congress and out ability to 
lead.
  This legislation would basically prohibit the sale and purchase of an 
individual's Social Security number. I do not know anyone in this 
country that believes financial institutions should be making a profit 
by trafficking individual's Social Security numbers. While financial 
institutions have used the Social Security number as an identifier, the 
sale and purchase of these numbers facilitates criminal activity and 
can result in significant invasions of individual privacy.
  In addition, my legislation would include Social Security numbers as 
``nonpublic personal information'' for the purpose of the Gramm-Leach-
Bliley Act, thereby subjecting the sharing of Social Security numbers 
to the privacy protections in that Act. Current regulations say that 
Social Security numbers are not considered nonpublic personal 
information if the number is ``publicly available,'' as in bankruptcy 
filings, etc.
  I just cannot find a reason as to why Congress should aid and abet 
criminals in attaining individual Social Security numbers by having a 
law on the books that treats Social Security numbers as ``public 
information.'' Indeed, no American would agree the public good is being 
served by making their personal Social Security number available for 
anyone who wants to see it.
  For those of you who are concerned that this legislation would hinder 
a financial holding company from sharing information among its 
affiliates, fear not. This legislation does not limit a financial 
institution's ability to share an individual's Social Security number 
among affiliates in any way.
  I hope my colleagues will join me in protecting the Social Security 
numbers.
                                 ______