WASHINGTON, D.C. – The loss of personally identifiable information, such as social security numbers, is a concern throughout the Defense Department, the director of the Defense Privacy and Civil Liberties Office said.
“When people lose control of the social security number and other personally identifiable information, they really are susceptible to identity theft,” Michael E. Reheuser said during an April 19 interview with American Forces, Press Service and the Pentagon Channel.
The department’s social security number reduction program is intended to help protect the privacy of DOD employees, he said.
“We’re asking every component to look at the way they use social security numbers and see if they can voluntarily reduce [that],” Reheuser said.
As that effort goes on within DOD’s components, Reheuser said, his office will be working in the coming years to help in reducing the use of social security numbers in systems that work across multiple components. One way that reduction will occur is with DOD identification numbers, he said.
Similar to the service numbers issued to military personnel until 1969, 10-digit Electronic Data Interchange Personal Identifier numbers will be used to replace Social Security numbers in record tracking systems whenever possible.
“There are certain times where we have to use the Social Security number — for example, when we’re dealing with the Internal Revenue Service and other tax issues,” Reheuser said. “But,” he continued, “there are plenty of times when we need an identifier, but we don’t need that social security number and that’s where the new EDIPI will come in.”
Everyone entitled to a common access card will get an EDIPI, Reheuser said.
As CACs expire, they will be replaced with cards containing the EDIPI, he said. “The idea is that we keep it limited to uses within the Department of Defense, so we don’t create a new social Security number and have the same issues with identity theft in the future.”
Developed by the Defense Manpower Data Center, EDIPI numbers are assigned for life and have numerous uses. For example, medical activities use them to track patients and patient records and to comply with the Health Insurance Portability and Accountability Act. They also are part of DOD’s public-key infrastructure certificates, which are encoded into the Common Access Card and, in combination with a password , grant access to DOD information systems.
The department intends to implement technology to prevent social security and credit card numbers from leaving DOD networks via email, Reheuser said. A blocking tool would identify those numbers and let senders know they need to encrypt the email or take out the numbers, he added.