Equifax Ex-CEO: The Social Security Number Shouldn’t Be ‘Touchstone’ of Identity
During a Senate hearing on protecting consumers after data breaches this week, CEOs say the social security number outlived its usefulness.
PHOTO CREDIT: Getty Images
It's time for the Social Security number to go.
That was the recurring sentiment expressed by executives and former executives of companies that have suffered major hacks, including Equifax and Yahoo, as they testified Wednesday during a Senate committee hearing on "Protecting Consumers in the Era of Major Data Breaches" in Washington, D.C.
Richard Smith, former CEO of Equifax, which suffered a massive data breach in September that exposed the personal information of 145.5 million U.S. consumers, said the social security number has "outlived" its usefulness as a way to authenticate identity.
"We should consider the creation of a public-private partnership to begin a dialogue on replacing the Social Security number as the touchstone for identity verification in this country," Smith said in his testimony. "It is time to have identity verification procedures that match the technological age in which we live."
Todd Wilkinson, the CEO of Entrust Datacard, which makes technology that helps businesses, financial institutions, and governments verify user identity, says the era of the social security number is over as it is a "weak security framework."
"Social Security numbers should not serve as the core of our identities," Wilkinson said. "Our Social Security number worked for the U.S. for 50 years, but it's no longer secure."
Wilkinson noted that many countries are using digital identity systems. Brazil, for instance, has a digital ID authentication system that lasts for three years before it needs to be renewed.
There also should be data breach laws that companies can follow, said Karen Zacharia, the deputy counsel and chief privacy officer of Verizon. She added that any data breach legislation should have two things: a national framework with one standard for companies to comply with, and a set protocol of when and how to alert customers during a breach.
Marissa Mayer, the former CEO of Yahoo, apologized for the data breach that exposed all 3 billion users' personal information. Mayer said the stakes are high for companies that store value data and added that there is an "arms race" between companies that are shoring up security protocols and hackers.
But companies shouldn't be off the hook, said ranking committee member Senator Bill Nelson (D-Florida). He suggested strict penalties would incentivize companies to better protect customer data and information.
"The parade of high-profile data breaches seems to have no end," said Nelson, Tech Crunch reports. "We can either take action with common sense rules or we can start planning for our next hearing on the issue."