Is it legal for an employer to use our SSNs for passwords on their computer system?

My new employer does this. I don't like it at all, and there is no option to change out the PW. I think way too many people have access to our SSNs period.

I would appreciate any constructive comments or direction to legal info on this.

I always feel uneasy about using my SSN for any more than I absolutely have to use it.

I'm interested in knowing the answer to your question too.

K&R

SS says:

Must I provide a Social Security number (SSN) to any business or government agency that asks?

The SSN was originally devised to keep an accurate record of each individual’s earnings, and to subsequently monitor benefits paid under the Social Security program. However, use of the Social Security number as a general identifier has grown to the point where it is the most commonly used and convenient identifier for all types of record-keeping systems in the United States.

Specific laws require a person to provide his or her SSN for certain purposes. While we cannot give you a comprehensive list of all situations where an SSN might be required or requested, an SSN is required or requested by the following organizations:

* Internal Revenue Service for tax returns and federal loans;
* Employers for wage and tax reporting purposes;
* Employers enrolled in E-Verify;
* States for the school lunch program;
* Banks for monetary transactions;
* Veterans Administration as a hospital admission number;
* Department of Labor for workers’ compensation;
* Department of Education for Student Loans;
* States to administer any tax, general public assistance, motor vehicle or drivers license law within its jurisdiction;
* States for child support enforcement;
* States for commercial drivers’ licenses;
* States for Food Stamps;
* States for Medicaid;
* States for Unemployment Compensation;
* States for Temporary Assistance to Needy Families; or
* U.S. Treasury for U.S. Savings Bonds

The Privacy Act regulates the use of SSNs by government agencies. When a federal, state, or local government agency asks an individual to disclose his or her SSN, the Privacy Act requires the agency to inform the person of the following: the statutory or other authority for requesting the information; whether disclosure is mandatory or voluntary; what uses will be made of the information; and the consequences, if any, of failure to provide the information.

If a business or other enterprise asks you for your SSN, you can refuse to give it. However, that may mean doing without the purchase or service for which your number was requested. For example, utility companies and other services ask for an SSN, but do not need it; they can do a credit check or identify the person in their records by alternative means.

Giving your SSN is voluntary, even when you are asked for the number directly. If requested, you should ask why your SSN is needed, how your number will be used, what law requires you to give your number and what the consequences are if you refuse. The answers to these questions can help you decide if you want to give your Social Security number. The decision is yours.

For more detailed information, we recommend the publication Your Social Security Number And Card .

And they usually say something like "you are not required to share your SSN with us, but if you do not we will be unable to..."

to change your password.

hated it with a passion, especially at first because the IT "geniuses" didn't understand why we'd want the screen to show asterisks instead of our SSNs. :eyes:

These same IT "geniuses" couldn't understand why I'd want them to FAX instead of emailing the instructions for getting onto the new server, with its new IP address, even when I told them at least 5 times that we had no internet access at the office. Convo went something like this "We can't get on the internet because you guys sua sponte decided we needed a new server & IP address. Please fax us the new instructions." "Okay, I'll email them to you." "What part of 'we have no internet access' do you not understand?" "Oh, well, you can't get on the internet because we have a new server & IP address." (my internal dialogue: no shit sherlock) "Great, so you'll fax us the new instructions?" "Well, I don't have time for that, can't I just send you an email?" "DO.YOU.SPEAK.ENGLISH? I can't get to my email because we have no internet access because you decided to change servers & IPs today WITHOUT TELLING ANYONE AHEAD OF TIME." "OK, I'll send you an email."

:banghead: :nuke: :banghead:

Sounds like some of our IP "geniuses" now work for your employer. Good luck trying to reason with them.

dg

But never as a password.

university, we made up our own passwords and no supervisors or other co-workers were privy to them except one co-worker, which we were allowed to choose. We also held another co-worker's password, who chose us, just in case something happened to any of us workers. When we left the job we turned our files over to the supervisor and were allowed to delete the password ourselves. I wouldn't want them to use any numbers or names associated with me, whether SS, Passport, bank information or whatever is exclusively mine.

depending on encryption policies, may not be accessible by staff with network/database access.

Those departments normally have big security roadblocks.

But passwords in the IT dept? Almost anyone in that dept could access it, and I'm concerned about hackers grabbing that information like they did at the Pentagon a few years ago.

I've run very large networks in which I've never known any user's password. I shouldn't be able to know it (I can change it if need be, but I don't have to know it to do that).