March 19, 2008
The SEC require additional safeguards be implemented and audited is essential to our efforts to reduce security concerns industry wide. I would suggest that the SEC consider provisions to reduce the "value" of certain data types such as "Social Security" numbers or "Home Address" by restricting its use as a unique identifier in databases for customers. Also, I would also comment that the use of the last four digits of the social security number being obscured in most billing/reporting requirements for customer accounts does not prevent fraud if the company only asks for the last four digits of your social security number, so however reducing the use to the last four helps credit theft, it does not however reduce the likelyhood that someone sifting through a trash can can't just utilize the last four to "validate" a current account holder and issue a transaction by "social engineering" in this manner. I suggest consideration of this fact when changing provisions of the safeguards rule.