From human resources departments to doctors' offices, requests for a Social Security number are a frequent occurrence. Many consumers rattle off their digits without a second thought out of habit and assume a company or medical office will keep their information secure. But a recent incident in which Gap Inc. inadvertently mailed employee files containing Social Security numbers to a customer in Massachusetts proves how easy it is for your number to be mishandled.
"It's hard to tell whether a business is going to follow best practices," says Aaron Messing, an information privacy attorney at OlenderFeldman LLP in New Jersey. "The best way to protect private information including Social Security numbers is to limit who has access to it."
Data breaches, stolen laptops or identity theft rings with ties inside a company are just a few ways your Social Security number can fall into the wrong hands. Armed with your number, an identity thief could use it to file a fraudulent tax return or apply for a mortgage in your name. The risk also extends beyond your finances. If another person uses your name and Social Security number to obtain medical care, his or her records could get intermingled with yours and lead to errors based on information about your allergies, medical conditions or blood type.
To make sure this doesn't happen to you, here's a look at strategies for safeguarding your Social Security number:
Ask why it's necessary and how it will be used. "There is no reason to give out your Social Security number unless there is a legitimate business purpose, and most instances it is requested there is not a legitimate need," says Denis Kelly, president of IDCuffs.com, an identity theft prevention company. "Little Johnny's registration for a baseball league certainly does not meet this threshold." The Social Security Administration website lists 16 situations, in which your Social Security number is legally required, such as filing your taxes or applying for food stamps.
Banks, utility companies and doctors' offices ask for your number because they're extending credit to you and want to verify that you are who you say you are. But Robert Ellis Smith, publisher of the Privacy Journal, says this is partly an intimidation tactic. "They want to lead the consumer to believe that they have a method of tracking you down if you don't pay your bills," he says. If the case for your Social Security number seems suspect, ask why the person needs it and how it will be used and protected. When filling out a form that includes a field for your Social Security number, you can simply leave it blank, and only furnish it if asked and if given a logical reason.
Offer an alternate identifier. In some cases, alternate identifiers such as your driver's license number or the last four digits of your Social Security number may suffice. If you own a business and have an employer identification number associated with your business, you may be able to use that in lieu of your Social Security number on certain forms. If a phone representative is adamant about needing your Social Security number, you might call back later and see if you can reach someone else who's willing to use a different identifier or find another option that makes you more comfortable. "Never use your Social Security number unless you absolutely have to," Kelly says.
Be skeptical of emails and incoming phone calls. Giving out your Social Security number on the phone to a representative of a company you've contacted is one thing. But if you didn't initiate the call, it's possible that you're talking to a scammer. As Kelly explains, don't feel like you have to provide your information "if someone does call you and says, 'This is so and so from your bank, I'm just calling to verify a few things. For security reasons, can you please confirm your Social Security number?'" Instead, he recommends saying you'll call back once you've looked up the phone number. Don't respond to email requests for your Social Security number either because it could be a phishing scam, even if it appears to come from your bank or other legitimate organization.