If your gym asked you for your email password, would you give it to them? I would wager that you would tell them, “No,” and then ask why they would even need it.
The idea that you need to provide something so sensitive to lift weights should seem laughable. However, were they to say they required your SSN in order to move forward with your registration, you probably wouldn’t think twice. From gym memberships to job applications, we treat this nine-digit number as a standard piece of information to hand out willingly. No matter who you are or how much you have in the bank, your Social Security Number (SSN) is worth stealing and the odds are that you are trusting too many people with it. A simple shift in your mindset can save you from massive headaches down the road.
SSNs were created in 1936 to help the government track your earnings to see if you qualified for certain Social Security benefits and your benefit levels. The physical piece of paper on which Social Security Cards are printed states the following: “Detach the card below and sign it in ink immediately. Do not laminate your card. Carry it in your purse or wallet.” When these cards first went into circulation, the thinking was that you may need to provide yours to government officials if prompted. It was essentially tantamount to what a driver’s license is in the world today. We all needed to get a new license at some point. It can be a nuisance where we lose a day to the DMV. Losing your SSN is not going to cost you a day, it can cost you your future. If you know somebody that carries their Social Security Card on their person, you need to shake them. While this original view of carrying a Social Security Card seems quaint, we as a society still possess an antiquated mindset when it comes to SSNs.
The repetitive use of one’s SSN is especially familiar to those on Medicare and Medicaid, people accessing retirement accounts, and individuals with gig jobs such as traveling nurses. The gig economy has exploded over the past few years. More and more people are asked to engage in this practice on a daily basis. What was a $204 billion industry in 2018, is expected to be a $455 billion one this year. It is ingrained in us that institutions providing us with something of value will need to see our SSNs. But what are they actually doing with this number? In almost every single case, the organizations asking for this are simply confirming your identity. That is it. They take your SSN, send it off to a third party, and then agree that you are who you say you are. And then what happens to that number? In most instances, it is stored on a server. Stored in a server, not by a cyber security company, but by the company you just applied to or the gym you just joined.
Your personal identifiable information (PII) is a commodity. To hackers, your SSN and DOB carry a literal price that they can cash in on today. Here’s the sad thing, the breaches are so massive that it’s an industry driven by volume. On the dark web, somebody could pay as little as $4 for your SSN. Too many of us treat data breaches as background noise, accepting that they happen and assuming they happen to other people. The fact of the matter is that a data breach doesn’t happen to careless people sending routing numbers to Nigerian princes. When you put your SSN into a company’s hands, you are trusting them to be good stewards of your identity. Your gym was founded to help people get in shape, not to be a digital fortress guarding against the incessant attacks by individuals and rogue states.
So, who can you trust? Ultimately, your SSN should only be used for your earnings, taxes, and opening a bank account. That is the sum total of its required usage. If your employer, bank, or lender asks for it, you can at least trust that is the core purpose of your SSN. For literally everyone else, I want you to ask them what the purpose is. Ask them who they will share it with. Ask them how long it will be stored on their servers. Ask them if there is another way. I’m not promising you that you will be able to avoid sharing your SSN, nor am I promising you that you will make a ton of friends in this process, but you will become a better advocate for yourself. You will have participated in the first step of the Consumer Data Emancipation movement. We’ve become compliant and raised generations of people who believe that it is best to be compliant with our data. This needs to stop.
Before you blame businesses, understand that they pay the price for these breaches. Employment Practices Liability Insurance (EPL) comes at a premium and the rates companies pay are linked to their levels of risk. A large corporation housing terabytes of PII can expect to pay around $25 million. For a smaller business, even spending around $100,000 can be an immense expense. The way the system is set up and the prevailing mindset around using SSNs creates a lose-lose for companies and the people they serve. At the moment, there are two options: we can stop devaluing our PII by submitting our SSNs and DOBs more sparingly, asking more questions, and demanding to know exactly how it will be used; or we can create a better safeguard around the information itself.
It’s time to take a stand against the rampant misuse of our personal information. We must refuse to be complicit in the devaluation of our data. We need a better safeguard for ourselves and for the institutions we trust with our information, that’s why I created Trua. Trua has created a way to work within established systems and mindsets. Going through Trua, you would be asked only once for your Government issued ID or SSN. Trua would then become the guardian of your personal information as it is stored in a secure vault akin to a bank vault.
When someone asks for your PII, they can easily verify your DL, SSN, DOB, etc. with Trua without ever requiring you to share such information with them. Trua will merely confirm that you are indeed who you say you are without exposing the actual information. Much, in the same way, you wouldn’t put an offer on a house with a sack full of money but instead show approval from a bank, Trua would be able to ensure to people that you have the prerequisite information without exposing your actual data to another point of failure. Through a solution like this, people would be able to engage with the world as they already do without the risk. EPL rates would shrink for businesses. Businesses would be able to provide the services they were designed to do without branching out into cyber security. The only people that benefit from the way things are currently managed are the hackers who prey on the weak security your gym likely provides and all the third-party data providers who are repeatedly monetizing the information that belongs to you in the first place!