How can I determine if my Social Security number or other sensitive information is secure?
Even if you are careful with personal information like your Social Security number (SSN), it is possible that such data is publicly available without your knowledge: The policy of many institutions (including Indiana University) to avoid using SSNs has not fully caught up with old practices, and cases of inadvertently released data are becoming more frequent.
One way you can protect your SSN is to determine if it is publicly available; if your SSN or any personal sensitive data is on a web site, you can contact the web site owner to request removal. However, although typing your SSN into a search engine can be a very effective way to find indexed web content that includes your SSN, this method both creates security risks and does not guarantee your finding all relevant results.
The University Information Security Office (UISO) does not recommend using a search engine to search for your SSN. The potential security risks include placing a copy of your SSN in your local browser cache, sending your SSN across the network unencrypted, and in the case of some desktop search programs placing an easily retrievable copy of your SSN in a local file. Further, many search engines store searches along with means of identifying the source of the search, leaving your sensitive information in others' hands with no guarantees of security or scrupulousness.
No identity thief should be able to do anything with your SSN alone; it would be much more useful if it were associated with your full name. Therefore, UISO recommends that you search for your name in search engines. If you happen to see your SSN (or other sensitive data like credit card numbers, grades, or health information) in the results, you should contact the web site owner to have the content removed. The web site owner will also have to follow any applicable laws in notifying affected individuals whose sensitive data were present.
Last modified on January 05, 2009.