Social Insecurity Numbers

It's a classic case of unintended consequences.

Back in the '30s, our Uncle Sam decided it would be easier to tax his nieces and nephews if we all had numbers instead of names. And so the Social Security Number was born. No one suspected the SSN would become the beeper collar that tracks us like wildebeasts all through life. (Or did they? the conspiracy theorist in me muses.)

Anyway, SSNs were soon adopted by business as a convenient proof of identity. As a result, your unique SSN is the coveted master key that identity thieves use to breach your financial world.

And now, according to a recent article in the New York Times, thieves don't even have to steal your number. They can guess it.

Researchers at Carnegie Mellon suggest that the basic information needed to crack a Social Security Number is the owner's home state and date of birth - which you can find proudly displayed on countless Facebook pages. Even more alarming, they point out that the last four digits of the SSN are the only component unique to the owner. So collecting only this information, as many businesses do, is not really a safeguard.

In light of this, what steps can you take to protect your and your customer's identities?

• Find another way to identify customers. Legislation now before Congress may soon prohibit businesses from collecting SSNs, so you might as well get ahead of the curve.
• Be over-cautious about the personal information you choose to publish online. Everything is useful to skilled identity thief.
• If you store any sensitive customer information, be aware of your state's data breach laws.

I've started a directory of state data breach laws which you can use to begin your research. If you don't see your state listed, check back soon.