Stop Storing Social Security Numbers
It seems that you can’t go a day without reading about an organization that has had sensitive data about their customers comprised via an insecure network or stolen computer equipment. In almost all cases, these companies, government agencies and non-profit organizations had policies in place to prevent this data theft. However, the weak link, as always, was poorly trained or reckless staff who exposed the data to theft.
One thing associations can do is to stop asking for Social Security Numbers from their members. Many groups have used this ID number as a way to track applicants for certification and other programs. In the pre-Internet days, this created little risk. However in today’s world the risk of this data being stolen is much higher and the potential backlash from members if you lose their data is huge.
Associations should come up with some other way of uniquely identifying their members and abandon SSNs. Purge them from your database if you already have them. The risk is too great and earning back the trust of your members after a data incident will take too long. Protect yourselves and your members by getting rid of SSNs in your databases.
I agree. Too much ID theft these days! The associations could easily create their own ABC123 unique identification systems that would be less useful to cyber criminals.