[Congressional Record Volume 155, Number 113 (Friday, July 24, 2009)]
[Extensions of Remarks]
[Pages E1916-E1917]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




 INTRODUCTION AND SUMMARY OF THE ``SOCIAL SECURITY NUMBER PRIVACY AND 
                IDENTITY THEFT PREVENTION ACT OF 2009''

                                 ______
                                 

                          HON. JOHN S. TANNER

                              of tennessee

                    in the house of representatives

                        Thursday, July 23, 2009

  Mr. TANNER. Madam Speaker, today I rise along with my colleague, the 
Ranking Member of the Subcommittee on Social Security Sam Johnson, to 
introduce the ``Social Security Number Privacy and Identity Theft 
Prevention Act of 2009.'' This legislation is intended to enhance the 
privacy of Social Security numbers (SSNs) and combat identity theft. 
The bill we introduce today is identical to legislation reported 
unanimously by the Committee on Ways and Means in the 110th Congress. 
The legislation benefits from a long history of bipartisan support, and 
earlier versions also were sponsored in prior congresses by the 
Chairmen and Ranking Members of the Subcommittee since the 106th 
Congress.
  The Federal Trade Commission (FTC) tells us that identity theft is 
the fastest growing type of fraud in the United States with an 
estimated cost to consumers of about $50 billion annually. The FTC's 
most recent survey on identity theft found that 8.3 percent of the 
nation's adult population have been victims of this fraud. According to 
the private consulting firm Javelin Research and Strategy, nearly 10 
million Americans were victims of this fraud in 2008, which is an 
increase of 22 percent over the number of victims in 2007.
  Identity theft is facilitated by the easy availability of SSNs in 
many public and private sector records. SSNs are valuable to criminals 
because they are relied upon by business to authenticate identity. They 
are the skeleton key that unlocks many other sources of private, 
personal information.
  The legislation we introduce today would restrict the sale, purchase, 
and public display of SSNs in the public and private sector, while 
providing for appropriate exceptions for certain legitimate business 
purposes, as well as for law enforcement and statistical research. 
While there are many legitimate business and government uses for SSNs, 
the unrestricted flow of private personal information that includes 
SSNs often makes it too easy for identity thieves and other criminals 
to obtain SSNs for their own purposes. The bill received strong support 
from privacy and consumer groups, as well as from the AARP, when it was 
adopted by the Committee last Congress.
  The bill strikes a balance between legitimate uses and the need for 
better protections for privacy of the SSN, in order to fight the 
scourge of identity theft. We invite our colleagues to examine and 
cosponsor the legislation and will also welcome your questions and 
comments as the bill moves forward in the legislative process.
  A brief summary of the legislation follows:

   Summary of the Social Security Number Privacy and Identity Theft 
                         Prevention Act of 2009

       This legislation is identical to a bill reported by 
     unanimous vote of the Committee on Ways and Means in the 
     110th Congress (HR. 3046).


provisions related to social security numbers (ssns) in the public and 
                            private sectors

       Federal, State, and local governments would be prohibited 
     from:
       Selling SSNs (limited exceptions would be allowed, such as 
     to facilitate law enforcement and national security, to 
     ensure the accuracy of credit and insurance underwriting 
     information and certain other Fair Credit Reporting Act 
     purposes, for tax purposes, for research purposes, and to the 
     extent authorized by the Social Security Act). Further 
     exceptions may be made for other purposes by regulation.
       Displaying SSNs to the general public, including on the 
     Internet.
       Displaying SSNs on checks issued for payment and 
     accompanying documents.
       Displaying SSNs on identification cards and tags issued to 
     employees or their families, e.g., Defense Department IDs; to 
     patients and students at public institutions; and on Medicare 
     insurance cards.
       Employing prisoners in jobs that provide them with access 
     to SSNs.
       Requiring the transmission of SSNs over the Internet 
     without encryption or other security measures.
       The private sector would be prohibited from:
       Selling or purchasing SSNs (limited exceptions would be 
     made for law enforcement (including child support 
     enforcement); national security; public health; health or 
     safety emergency situations; tax purposes; to ensure the 
     accuracy of credit and insurance underwriting information and 
     certain other Fair Credit Reporting Act purposes; if 
     incidental to the sale, lease or merger of a business; to 
     administer employee or government benefits; for some 
     research; or with the individual's affirmative, written 
     consent). Further exceptions may be made for other purposes 
     by regulation.
       Displaying SSNs to the general public, including on the 
     Internet.
       Displaying SSNs on checks.
       Requiring the transmission of SSNs over the Internet 
     without encryption or other security measures.
       Making unnecessary disclosures of another individual's SSN 
     to government agencies.
       Displaying the SSN on cards or tags issued to employees, 
     their family members, or other individuals.
       Displaying the SSN on cards or tags issued to access goods, 
     services, or benefits.
       Public and private sectors would be required to safeguard 
     SSNs they have in their possession from unauthorized access 
     by employees or others.
       Sale, purchase, or display of SSNs in the public or private 
     sector would be permitted by regulation in other 
     circumstances, when appropriate. In making this 
     determination, regulators would consider whether the 
     authorization would serve a compelling public interest and 
     would consider the costs and burdens to the public, 
     government, and businesses. If sale, purchase, or display 
     were to be authorized, the regulation would provide for 
     restrictions to prevent identity theft, fraud, deception, 
     crime, and risk of bodily, emotional, or financial harm.
       For a limited time, the public sector would be allowed to 
     sell or display to the general public, and the private sector 
     would be allowed to sell, purchase or display to the general 
     public, the last four digits of SSNs. This temporary 
     exception to the bill's general prohibition on such sale, 
     purchase and public display would end two years after the 
     effective date of the final regulations.
       A person would be prohibited from obtaining another 
     person's SSN to locate or identify the individual with the 
     intent to harass, harm, physically injure or use the 
     individual's identity for an illegal purpose.
       Wherever a truncated SSN is used, it must be limited to the 
     last 4 digits of the number. (This truncation standard does 
     not change the permissible uses of the SSN.)
       State law governing use of SSNs would not be preempted 
     where state law is stronger.
       The National Research Council would be commissioned to 
     conduct a study to evaluate the feasibility of banning the 
     use of the SSN as an authenticator of identity.


                              enforcement

       New criminal penalties (up to 5 years imprisonment and a 
     fine up to $250,000) and civil penalties (up to $5,000 per 
     incident) would be created for violations of the law relating 
     to the display, sale, purchase, or misuse of the SSN, 
     offering to acquire an additional SSN for a fee, and for 
     selling or transferring one's own SSN.
       Prison sentences would be enhanced for SSN misuse 
     associated with repeat offenders

[[Page E1917]]

     (up to 10 years), drug trafficking or crimes of violence (up 
     to 20 years), or terrorism (up to 25 years).
       New criminal penalties (as much as 20 years in prison and 
     fine up to $250,000) and civil penalties (up to $5,000 per 
     incident) would be created for Social Security Administration 
     employees who fraudulently sell or transfer SSNs or Social 
     Security cards.
       The bill permits enforcement by the Social Security 
     Administration (which would have civil monetary penalty 
     authority); the Department of Justice (which enforces 
     criminal violations of federal law); and state attorneys 
     general (who would be granted civil enforcement authority 
     over private-sector users and state and local government). In 
     addition, individual victims affected by violations of this 
     bill by federal agencies would be provided with limited legal 
     recourse to stop an agency's violation and recover any actual 
     damages they may have suffered.

                          ____________________