Threat Level passes along news seen in Federal Computer Week that the federal Office of Management and Budget is requiring federal agencies to develop a plan to the collection and storage of unnecessary SSN’s from their databases.
Quoting FCW:
Complying with that policy to enhance data security will be difficult, said Dave Combs, chief information officer at the Agriculture Department. SSNs are embedded in countless government records as unique identifiers. In its most recent Federal Information Security Management Act report, OMB said federal agencies have identified 10,595 systems that need to be searched, and possibly scrubbed, of personal information, including SSNs, to minimize the risk of exposure.
“Every personnel folder in the federal government is chock full of SSNs,” Combs said. Time and attendance reports have SSNs, often unnecessarily.
SSN’s are used far, far too much as a defacto identification key, and it doesn’t surprise me to hear that the feds have a problem with overcollecting information.
In many of the data collection systems I’ve helped design, there’s always been a battle between collecting information that one day might be useful versus having a system that is easy to use / minimizes data entry. Given the inefficiency rampant in government bureaucracies, it’s easy to imagine the collect-information-that-might-someday-be-useful side winning easily.
Of course, with the inefficiency of the federal bureaucracy, I’m not going to hold my breath on these changes happening too quickly. Still a step in the right direction is better than nothing.