The other day I received a letter from my HMO, informing me that they may have disclosed my Social Security number. Here's my open letter to those bozos.
Dear Mr. [xxxxxxx]:
Thank you for alerting me to the possibility of identity theft that your company caused by putting all or part of my Social Security number on the address sticker of a postcard that you mailed to me. In your letter, you assert that "[HMO's name] is bringing this matter to your attention because we take the privacy and security of your information very seriously."
If you really cared about privacy and security, you would not use the Social Security number as an identification number for your clients. The Social Security number was never intended to be used as a national ID code. Its use as such by many businesses such as yours adds immeasurably to the likelihood of identity theft. If you really wanted to reduce identity theft, you would find some way of issuing me a unique identifier number. I suspect that the real reason you use Social Security number is to avoid the expense of dealing with clients who misplace their identifier number. So, rather than bear this cost, you pass on to us the costs of possible identity theft.