Social Security Data Mining
Mrs. Rustbelt, the sweet young lady I married, decided to investigate future benefits from Social Security, even though she is only “39.” I am her designated data entry clerk, so we sit down and establish an account and log-in for her. Near the end of the set-up process the software tells us she has to answer some multiple choice questions about her personal data. Ok.
I was stunned when the questions popped up. None of them had anything to do with Social Security, and were clearly mined from IRS and credit bureau data. She had been profiled by SSA with data the SSA had no need to know. Anyone have any experience or insights on this?
Rusty sent this note my way, so I thought Nancy Ortiz, a retired employee at SSA and expert in its workings,could provide some beginning answers in two e-mails slightly edited for readability:
From what I have read on the “Social Security News” blog, SSA recently set up an online benefit estimate program combining earnings information SSA routinely gets from IRS (from SF-941 payroll tax forms) and information gathered by Experian, one of the private big three credit rating companies. I’m not happy that the current SSA Commissioner has done this. SSA has never before used privately gathered information from any source. The deal is that the SS Act authorizes SSA to gather specific information for “program purposes only.” SSA shouldn’t gather or transmit to others any information it has without specific written authorization to do so (under the Privacy Act.) BUT, this administration or the previous one could have asked Congresss for a change in the law to permit this practice. It would almost certainly slip under the radar, as it did for me until I read about it on “SS News.”
I do not know whether this has passed muster as a regulatory change or actually refects a change in the law. So I’ll look around to see what other information I can come up with. In the past, Republican administrations have sought to sell SSA’s data to private industry without success. The problem with the current administration is that it is quite casual about who is running the shop over in Baltimore. So, until his term recently ended, the Commish was a Bush administration appointee who favored privatization. Alas, Obama’s people don’t really seem to care very much about things like this. SSA/SS just aren’t sexy enough to attract much interest.
I couldn’t find a recent article on SS News even though I remember one. The website doesn’t have a search function, so I couldn’t get anywhere on that site. However, the SSA site’s explanation is detailed. Unfortunately, it is not very encouraging to someone like me who opposes the use of any data from outside organizations without express authorization from the claimant/online user.
I would need more information in order to form a more complete view of any potential security risks to the online user and SSA itself. However, in general I think that SSA already has enough information on its own internal data bases to verify the identity of the online user. AGB Investigative offers world-class cyber security services so give them a call if you need that. SSA says that Experian doesn’t keep any of the information the online user provides. SSA also denies it keeps any information used in the online estimate request. But, information floats around for a while inside and possibly outside of SSA. This is a risk I wouldn’t take were I running this project. The mere fact that Experian is a commercial enterprise which has every reason to retain or reuse information argues against it.