SOCIAL SECURITY
MEMORANDUM

Date:

March 12, 2010

To:

The Commissioner

From:

Inspector General

Refer To:

Subject: Prisoners’ Access to Social Security Numbers (A-08-10-11042)

The attached final report presents the results of our review. Our objectives were to
determine the status of corrective actions the Social Security Administration had taken
to address recommendations in our August 2006 report, Prisoners’ Access to Social
Security Numbers (A-08-06-16082), and assess the extent to which prisoners had
access to Social Security numbers.
If you wish to discuss the final report, please call me or have your staff contact
Steven L. Schaeffer, Assistant Inspector General for Audit, at (410) 965-9700.

Patrick P. O’Carroll, Jr.
Attachment

QUICK RESPONSE
EVALUATION
Prisoners’ Access to
Social Security Numbers
A-08-10-11042

March 2010

Mission
By conducting independent and objective audits, evaluations and investigations,
we inspire public confidence in the integrity and security of SSA’s programs and
operations and protect them against fraud, waste and abuse. We provide timely,
useful and reliable information and advice to Administration officials, Congress
and the public.

Authority
The Inspector General Act created independent audit and investigative units,
called the Office of Inspector General (OIG). The mission of the OIG, as spelled
out in the Act, is to:
 Conduct and supervise independent and objective audits and
investigations relating to agency programs and operations.
 Promote economy, effectiveness, and efficiency within the agency.
 Prevent and detect fraud, waste, and abuse in agency programs and
operations.
 Review and make recommendations regarding existing and proposed
legislation and regulations relating to agency programs and operations.
 Keep the agency head and the Congress fully and currently informed of
problems in agency programs and operations.
To ensure objectivity, the IG Act empowers the IG with:
 Independence to determine what reviews to perform.
 Access to all information necessary for the reviews.
 Authority to publish findings and recommendations based on the reviews.

Vision
We strive for continual improvement in SSA’s programs, operations and
management by proactively seeking new ways to prevent and deter fraud, waste
and abuse. We commit to integrity and excellence by supporting an environment
that provides a valuable public service while encouraging employee development
and retention and fostering diversity and innovation.

Background
OBJECTIVE
Our objectives were to determine the status of corrective actions the Social Security
Administration (SSA) had taken to address recommendations in our August 2006 report,
Prisoners’ Access to Social Security Numbers (A-08-06-16082), and assess the extent
to which prisoners had access to Social Security numbers (SSN).

BACKGROUND
Some prisons allow inmates to work while incarcerated. While performing some of
these duties, inmates may have access to other individuals’ SSNs. For example, some
inmates perform such duties as data entry and digital imaging, which allow them to view
SSNs on student transcripts and employee wage statements for Federal, State, and/or
local governments. Based on our previous audit and investigative findings, we know
that unnecessary access to, and disclosure of, SSNs increases the potential for
dishonest individuals to obtain and misuse these numbers, thus creating SSN integrity
issues. Pending Federal legislation, if enacted, would prohibit executive, legislative,
and judicial agencies, among others, from employing or entering into a contract for the
use or employment of prisoners in any capacity that would allow them access to SSNs
of other individuals. 1
Our August 2006 audit determined that prisons in 13 States allowed inmates access to
SSNs through various work programs. We concluded that, given the potential threats to
SSN integrity, SSA should take steps to safeguard SSNs. Accordingly, we
recommended that SSA (1) coordinate with Department of Corrections and correctional
industry work programs to educate them about the potential risks associated with
allowing prisoners access to SSNs; (2) encourage prisons to limit prisoners’ access to
SSNs; and (3) promote the best practices of prisons that are taking steps to limit
prisoners’ access to SSNs. SSA agreed with our recommendations.

1

Social Security Number Privacy and Identity Theft Prevention Act of 2009, H.R. 3306, 111th Cong. § 5,
introduced July 23, 2009.

Prisoners’ Access to SSNs (A-08-10-11042)

1

To determine the status of corrective actions SSA had taken since our August 2006
report, we interviewed officials from SSA’s Office of the Deputy Commissioner for
Operations. To assess the extent to which prisoners have access to SSNs, we
contacted the Departments of Corrections and correctional industry work programs in
the 13 States identified in our 2006 report. The entity reviewed was SSA’s Office of the
Deputy Commissioner for Operations. Our review of internal controls was limited to
information provided by the State Departments of Corrections and/or State correctional
industries’ work programs. We conducted our evaluation in November and
December 2009 in accordance with the Quality Standards for Inspections issued by the
President’s Council on Integrity and Efficiency. 2

2

In January 2009, the President’s Council on Integrity and Efficiency was superseded by the Council of
the Inspectors General on Integrity and Efficiency. The Inspector General Reform Act of 2008, Public
Law Number 110-409 § 7, 5 U.S.C. App. 3 § 11.

Prisoners’ Access to SSNs (A-08-10-11042)

2

Results of Review
Although SSA had taken some steps to educate the correctional institutions about the
potential risks associated with allowing prisoners access to SSNs, we determined that
8 (62 percent) of the 13 States identified in our August 2006 report continued this
practice. While prisons generally had some controls in place to safeguard SSNs,
vulnerabilities still existed. Because of identity theft concerns and the recognition that
SSNs are linked to vast amounts of personal information, some States no longer
allowed prisoners access to SSNs.
STEPS TAKEN TO REDUCE PRISONER ACCESS TO SSNs
In response to our August 2006 report, the Commissioner wrote a letter to the National
Correctional Industries Association, National Sheriff’s Association, American
Correctional Association, and American Jail Association. The Commissioner stated that
allowing prisoners access to private citizens’ SSNs represented a serious risk of identity
theft and asked these organizations to encourage their members to take actions to limit
inmate access to SSNs. In addition, SSA responded, “. . . the Agency continues to
disseminate information on this subject by coordinating educational outreach programs
and public information programs with correctional officials on a local, regional, and
national basis, and by having SSA public information specialists conduct workshops and
seminars with prison officials regarding the potential risks.” However, as of
December 2009, SSA Regional Offices could not document any specific outreach
activities they had performed.
PRISONS IN SOME STATES CONTINUED TO ALLOW INMATES ACCESS TO SSNs
We determined that 8 (62 percent) of the 13 States we identified in our August 2006
report continued to allow prisoners access to SSNs through prison work programs (see
Table 1). Most prisoners had access to SSNs while performing work for Federal, State,
and/or local governments. Specifically, prisoners performed such duties as data entry,
encoding, digital imaging, and records conversion. The types of documents prisoners
viewed included student transcripts, criminal background checks, crime reports, health
records, employee wage statements, Internal Revenue Service forms, and Department
of Labor forms, all of which generally contained personally identifiable information (PII)
(including SSNs).
Although we recognize there may be benefits in allowing prisoners to work while
incarcerated, we question whether prisoners have a need to know other individuals’
SSNs. We continue to believe allowing prisoners access to SSNs increases the risk
that individuals may improperly obtain and misuse SSNs. We believe government
entities can reduce such risk by employing prisoners in jobs that do not involve SSN
access.

Prisoners’ Access to SSNs (A-08-10-11042)

3

Table 1: States That Continue to Allow Prisoners Access
to Social Security Numbers
State
1
2
3
4
5
6
7
8

Alabama
Arkansas
Kansas*
Nebraska
Oklahoma
South Dakota
Tennessee*
West Virginia*

Number of
Facilities
Allowing
Access
1
1
5
1
2
1
4
Unknown

Type of Work
Data Entry
Digital Imaging
Work release, data entry, microfilm and digital imaging
Data entry
Data entry and optical imaging
Data entry and scanning
Test distribution center, call center and work release
Type of service depends on the work release program

*Kansas, Tennessee, and West Virginia stated that some inmates have access to SSNs through
employment in work release programs.

PRISONS PLACED CONTROLS OVER PRISONER ACCESS TO SSNs, BUT
VULNERABILITIES REMAINED
Prisons had some controls in place to safeguard SSNs. For example, some prisons
(1) prevented inmates from viewing names associated with SSNs, (2) prohibited writing
material and copy instruments in the work area, (3) checked inmates for contraband
before entering and exiting the worksite, and (4) required that inmates sign a
confidentiality agreement stating they would not improperly discuss or disclose PII to
another person. In addition, some prisons prohibited inmates who were convicted of
specific crimes or had disciplinary problems from working in jobs with SSN access.
According to one prison official, the illicit use of PII (including SSNs) is severely
restricted because of the pace of work, direct supervision, and short time period that
forms are available. In addition, prison officials told us they monitored job training
programs to ensure that disclosure risks were minimal and were no greater than those
in the private sector.
Although prisons have some controls to safeguard SSNs, individuals intent on criminal
activity may attempt to circumvent these controls. For example, prisoners could
memorize an SSN obtained through their job duties and use it to create a false identity.
In addition, we question whether requiring that prisoners sign a confidentiality
agreement is an effective control to prevent SSN misuse and ensure SSN integrity. The
following examples illustrate how prisoners can gain access to PII when prisons do not
have adequate controls in place.
•

In May 2009, an inmate at a Kansas prison gained access to PII, including names,
birth dates, and SSNs while performing microfilm and document imaging services.
Prison officials discovered the personal information during a routine strip search and
mail search. According to a Kansas Correctional Industries official, prison officials
removed the inmate from the program and took disciplinary action.

Prisoners’ Access to SSNs (A-08-10-11042)

4

•

In December 2006, an inmate at a correctional facility in Connecticut smuggled a file
containing PII back to her cell. Prison officials discovered the file was missing during
a routine audit. Because each file identifies the inmate who scanned the data,
prison officials searched the inmate’s cell and found the missing file. According to a
Connecticut Department of Correction official, prison officials removed the inmate
from the work program.

SOME STATES NO LONGER ALLOW PRISONERS ACCESS TO SSNs
We determined that 5 of the 13 States identified in our August 2006 report no longer
allowed prisoners access to SSNs through prison work programs. Correctional officials
in three of the five States (Montana, North Carolina, and Utah) told us they stopped
allowing prisoners to access SSNs through work programs because of the potential for
inmates to share PII, which could result in identity theft. Connecticut correctional
officials told us they changed Department of Correction policy to prohibit prisoners’
access to SSNs 3 after an inmate attempted to smuggle PII back to her cell. New
Mexico correctional officials told us they no longer allowed prisoners access to SSNs
because they discontinued jobs that allowed such access.

3

Correctional Enterprises of Connecticut, Administrative Directive 10.20.

Prisoners’ Access to SSNs (A-08-10-11042)

5

Matters for Consideration
Despite the risks associated with prisoners’ access to SSNs, some prisons continue this
practice. While we recognize SSA cannot prohibit prisons from allowing prisoners
access to SSNs, we continue to believe it can help reduce potential threats to SSN
integrity by encouraging States to limit SSN access. As such, we encourage SSA to
contact correctional officials in the eight States that continue to allow prisoners access
to SSNs. We also encourage SSA to support legislation that would prohibit executive,
legislative, and judicial agencies from employing prisoners in any capacity that would
allow prisoners access to SSNs of other individuals.
In response to our draft report, SSA stated it will consider possible options, such as
sending letters or contacting the correctional officials in the eight states that continue to
allow prisoners’ access to SSNs. In addition, SSA stated it will develop a legislative
proposal that would prohibit Federal, State, or local governments, and private
contractors from employing prisoners in any capacity that would allow access to full or
partial SSNs. Once developed, the Agency will submit the proposal through the SSA
and Office of Management and Budget clearance process.

Prisoners’ Access to SSNs (A-08-10-11042)

6

Appendix
APPENDIX A – OIG Contacts and Staff Acknowledgments

Prisoners’ Access to SSNs (A-08-10-11042)

Appendix A

OIG Contacts and Staff Acknowledgments
OIG Contacts
Kimberly Byrd, Director, Atlanta Audit Division
Jeff Pounds, Audit Manager, Birmingham Office of Audit

Acknowledgments
In addition to those named above:
Kozette Todd, Senior Auditor
For additional copies of this report, please visit our web site at
www.socialsecurity.gov/oig or contact the Office of the Inspector General’s Public
Affairs Staff Assistant at (410) 965-4518. Refer to Common Identification Number
A-08-10-11042

Prisoners’ Access to SSNs (A-08-10-11042)

DISTRIBUTION SCHEDULE
Commissioner of Social Security
Office of Management and Budget, Income Maintenance Branch
Chairman and Ranking Member, Committee on Ways and Means
Chief of Staff, Committee on Ways and Means
Chairman and Ranking Minority Member, Subcommittee on Social Security
Majority and Minority Staff Director, Subcommittee on Social Security
Chairman and Ranking Minority Member, Committee on the Budget, House of
Representatives
Chairman and Ranking Minority Member, Committee on Oversight and Government
Reform
Chairman and Ranking Minority Member, Committee on Appropriations, House of
Representatives
Chairman and Ranking Minority, Subcommittee on Labor, Health and Human Services,
Education and Related Agencies, Committee on Appropriations,
House of Representatives
Chairman and Ranking Minority Member, Committee on Appropriations, U.S. Senate
Chairman and Ranking Minority Member, Subcommittee on Labor, Health and Human
Services, Education and Related Agencies, Committee on Appropriations, U.S. Senate
Chairman and Ranking Minority Member, Committee on Finance
Chairman and Ranking Minority Member, Subcommittee on Social Security Pensions
and Family Policy
Chairman and Ranking Minority Member, Senate Special Committee on Aging
Social Security Advisory Board

Overview of the Office of the Inspector General
The Office of the Inspector General (OIG) is comprised of an Office of Audit (OA), Office of Investigations
(OI), Office of the Counsel to the Inspector General (OCIG), Office of External Relations (OER), and Office of
Technology and Resource Management (OTRM). To ensure compliance with policies and procedures, internal
controls, and professional standards, the OIG also has a comprehensive Professional Responsibility and Quality
Assurance program.

Office of Audit
OA conducts financial and performance audits of the Social Security Administration’s (SSA) programs and
operations and makes recommendations to ensure program objectives are achieved effectively and efficiently.
Financial audits assess whether SSA’s financial statements fairly present SSA’s financial position, results of
operations, and cash flow. Performance audits review the economy, efficiency, and effectiveness of SSA’s
programs and operations. OA also conducts short-term management reviews and program evaluations on issues
of concern to SSA, Congress, and the general public.

Office of Investigations
OI conducts investigations related to fraud, waste, abuse, and mismanagement in SSA programs and operations.
This includes wrongdoing by applicants, beneficiaries, contractors, third parties, or SSA employees performing
their official duties. This office serves as liaison to the Department of Justice on all matters relating to the
investigation of SSA programs and personnel. OI also conducts joint investigations with other Federal, State,
and local law enforcement agencies.

Office of the Counsel to the Inspector General
OCIG provides independent legal advice and counsel to the IG on various matters, including statutes,
regulations, legislation, and policy directives. OCIG also advises the IG on investigative procedures and
techniques, as well as on legal implications and conclusions to be drawn from audit and investigative material.
Also, OCIG administers the Civil Monetary Penalty program.

Office of External Relations
OER manages OIG’s external and public affairs programs, and serves as the principal advisor on news releases
and in providing information to the various news reporting services. OER develops OIG’s media and public
information policies, directs OIG’s external and public affairs programs, and serves as the primary contact for
those seeking information about OIG. OER prepares OIG publications, speeches, and presentations to internal
and external organizations, and responds to Congressional correspondence.

Office of Technology and Resource Management
OTRM supports OIG by providing information management and systems security. OTRM also coordinates
OIG’s budget, procurement, telecommunications, facilities, and human resources. In addition, OTRM is the
focal point for OIG’s strategic planning function, and the development and monitoring of performance
measures. In addition, OTRM receives and assigns for action allegations of criminal and administrative
violations of Social Security laws, identifies fugitives receiving benefit payments from SSA, and provides
technological assistance to investigations.