The Social Security number (SSN) was established in 1936 to track the wages of workers covered under the Social Security system. Because of its use as a unique identifier, the SSN is one of the most sensitive pieces of personal information in our records. It is the key to identifying and retrieving most of the highly personal and sensitive information we maintain about individuals. Over the decades, the use of the SSN has expanded greatly beyond the original purpose for its establishment. In fact, it has become the identifier of choice by all levels of government and the private and commercial sectors, as a numerical key to their recordkeeping systems. In some cases, Federal (and State) laws have been enacted that authorize the use of the SSN for a specific purpose(s). In the vast majority of cases, however, there are no Federal laws that either prohibit or authorize the use of the SSN. Consequently, governmental and nongovernmental entities use the SSN as a personal identifier for lawful purposes because of its availability as a unique identifier. Some government agencies use the SSN for identification and administrative purposes. The private sector uses the SSN for similar purposes, generally, without restraint. For example, the private sector may refuse service or credit, or may deny admission or membership, etc., to anyone unwilling to furnish their SSN. Generally, Federal law does not control private sectors’ use of SSNs disclosed to them directly from a number holder, other than criminal actions. We have no authority over other entities’ collection and use of the SSN. Although the SSN is widely used, it is our policy to verify SSNs, and SSN information, under limited circumstances as allowed or required by Federal laws, such as the Privacy Act (5 U.S.C. § 552a(b)), the Freedom of Information Act (5 U.S.C. § 552), the Social Security Act (e.g., 42 U.S.C. §§ 405(a); 405(c); and 1320b-7), and our disclosure regulations (20 C.F.R. §§ 401 and 402). We only disclose an SSN in narrow circumstances in which we have legal authority and where we are able to identify the true number holder. All Federal, State, or local government agencies that collect and use the SSN for identification purposes must adhere to the requirements in section 7 of the Privacy Act (5 U.S.C. § 552a, Note). For a discussion of the Privacy Act’s section 7 requirements, see GN 03325.005B.1. We do not have any enforcement or other authority for Section 7 of the Privacy Act. Such authority rests with the Office of Management and Budget.
a Federal law authorizes the collection of SSNs to administer an income/health maintenance program, allowing us to verify SSNs to the agency administering the program; or
one or more of the Privacy Act’s disclosure exceptions allows us to verify SSNs.When a Federal law requires SSA to verify SSNs, we will comply with the statutory mandate regardless of the purpose for the verifications in the law.
NOTE: A Federal law that authorizes another government agency to collect and use the SSN is not the same as a Federal law requiring SSA to verify an SSN. However, refer to section 2 below. Similarly, a Federal law that authorizes another government agency to collect and use the SSN is not the same as a Federal law requiring SSA to disclose an SSN. In order for us to disclose the SSN, the statute must specifically mandate that SSA disclose SSNs.
The Privacy Act (5 U.S.C. § 552a(b)) contains 12 exceptions that allow Federal agencies to disclose information without the written consent of the individual to whom the information pertains. For a discussion of these disclosure exceptions, see GN 03301.020B.4. We apply the Privacy Act disclosure exceptions to requests for SSNs on a case-by-case basis.
One of the Privacy Act’s 12 disclosure exceptions is the routine use exception (5 U.S.C. § 552a(b)(3)). The routine use exception allows SSA to verify SSNs to third parties without the consent of the individual, to whom the information pertains, for a purpose that is compatible with the purpose for which we collected the information.
We established a number of routine uses in the Master Files of SSN Holders and SSN Applications system of records notice that allow the verification of SSNs to third parties. You can view this system of records notice and its routine uses at https://www.ssa.gov/privacy/sorn.html.
NOTE: We only disclose an SSN under a Privacy Act routine use in rare circumstances. Direct such requests to the Office of Privacy and Disclosure.
When a Federal law authorizes a Federal, State, or local government agency to collect and use the SSN to determine eligibility for benefits, benefit amounts, or other matters of benefit status in an income-maintenance or health-maintenance program that it administers, we may verify the SSN for the administration of that income-maintenance or health-maintenance program.
Examples of Federal laws that authorize use of the SSN in income-maintenance or health-maintenance program are:
42 U.S.C. § 1320b-7 (Section 1137 of the Social Security Act (Act) requires the States to collect the SSN of applicants for certain programs (e.g., Medicaid, Supplemental Nutrition Assistance Program (SNAP), and unemployment compensation);
42 U.S.C. § 405(c)(2)(C)(i) (Section 205(c)(2)(C)(i) of the Act) provides that States may require applicants for general public assistance to furnish their SSNs; and
42 U.S.C. § 405(c)(2)(C)(iii) (Section 205(c)(2)(C)(iii) of the Act) allows the Secretary of Agriculture to require participants in SNAP to furnish their SSNs and to use the SSN for other administrative purposes or enforcement of the Food Stamp Act of 1977.
NOTE: The Federal law must specifically authorize the agency’s use of the SSN. Questions concerning whether a Federal law authorizes the use of the SSN in an income-maintenance program or health-maintenance program should be referred to the Office of Privacy and Disclosure, Office of the General Counsel, through the Regional or Central Office Privacy Act Coordinator.
Verification for a law enforcement purpose is one of the Privacy Act disclosure exceptions (5 U.S.C. § 552a(b)(7)). We make decisions to verify SSNs on a case-by-case basis for criminal law enforcement activity. The law enforcement agency must present a valid written request for information concerning:
an individual who has been indicted for or convicted of a serious crime (e.g., murder, rape, kidnapping, drug trafficking) or
criminal activity involving Social Security programs (including SSN misuse) or another agency’s health/income maintenance program.
We discuss our policy and criteria for disclosure of information for law enforcement activities in GN 03312.000.
We may verify an SSN in response to a court order from a court of competent jurisdiction under the following circumstances: