A new OPM regulation would implement provisions of a 2017 rule designed to reduce the unnecessary exposure of Social Security numbers on mailed federal documents.

A new OPM regulation would implement provisions of a 2017 rule designed to reduce the unnecessary exposure of Social Security numbers on mailed federal documents. Douglas Sacha / Getty Images

OPM rule removes Social Security numbers from mailed documents

The federal HR agency finalized a rule Friday that would help prevent potential identity theft by restricting the inclusion of Social Security numbers in mailed documents and establishing criteria for protecting the information. 

The Office of Personnel Management issued a final rule Friday that would cull Social Security numbers from any mailed document in an effort to prevent fraud. 

The rule, which was published in the Federal Register, is part of the implementation of the 2017 Social Security Number Fraud Prevention Act and is designed to help protect the identifiers, which can be used in various forms of identity theft. 

“The theft and fraudulent use of SSNs can result in significant repercussions for the SSN holder, as well as the entities from which SSNs were stolen,” OPM officials said in the Federal Register notice. “This direct final rule formalizes in regulation OPM's current practice of safeguarding SSNs in mailed documents and will support efforts to protect individual privacy.”

The federal government has been working on reducing the use of SSNs as identifiers since at least 2006, when the Identity Theft Task Force, created by a George W. Bush executive order, called for the Office of Management and Budget and OPM to find ways to eliminate, restrict or conceal SSN use. 

But the Government Accountability Office found in 2017 that existing regulations, technology and cross-agency requirements were hampering some agencies’ ability to reduce the use of SSNs in official documentation and recommended OMB develop comprehensive plans reducing unnecessary use.

The report noted that OPM had previously tried to establish a governmentwide regulation to limit SSN use in 2008 by requiring an alternative identifier, but withdrew the rule two years later after determining that without another identifier in place, systems using SSNs, both inside and outside government, would be impacted. 

OPM began working on another system in 2015 that would collect a federal employee’s SSN once and use multiple alternate identifiers for different programs that were all linked to the number. The agency suspended the program a year later due to a lack of funding.    

After becoming law in September 2017, the Social Security Number Fraud Prevention Act prohibited federal agencies from using SSNs in any mailed document unless deemed necessary by agency leaders.  

As such, OPM’s final rule amends its privacy procedures to incorporate the law for all records it maintains and “uses to identify, track and correspond with agencies, federal employees, contractors and annuitants, among others.” 

The rule also partially redacts the numbers where feasible and ensures their removal from the outside of any package, envelope, or any envelope window. 

The rule will go into effect on June 26 unless OPM receives significant adverse comments in the interim outlining why the current rule will be ineffective or unacceptable.