DoD ID Number Authorized as Substitute for SSN

Published, December 3, 2012

Fast Fact IconThe Department of the Navy Chief Information Officer Privacy Office reports that 80 percent of all "high-risk" personally identifiable information (PII) breaches involve the Social Security Number (SSN). Recent DON and Department of Defense policy guidance outlines steps that reduce or eliminate the collection, use, display and maintenance of the SSN in DON business practices. As a result, commands are now authorized to use the Electronic Data Interchange Personal Identifier, more commonly referred to as the DoD ID number, as a substitute for the SSN.

The DoD ID number originated in the Defense Enrollment Eligibility Reporting System and is used exclusively in the DoD. For many years, it was a unique identifier for personnel affiliated with DoD. Until recently, it was used only by DoD information systems to facilitate machine-to-machine communications and appeared in digital signatures. It is now intended to be known by the individual to whom it belongs, and it is used for personal access to systems, on forms, in digital signatures and for other uses typical of physical and technical identification processes. The expanded use of the DoD ID number has led to questions regarding its status as PII.

To ensure that the DoD ID number maintains its low-risk category as PII and does not become a vulnerability like the use of an individual's SSN, the DoD ID number will only be used as one factor in a multifactor authentication process. In this way, knowledge of the DoD ID number alone does not grant access to records unless accompanied by another factor such as a personal identification number or biometric. Because it has no value or application outside the DoD, there is little risk of harm to affected individuals if their DoD ID number is lost, stolen or compromised. "The DoD ID number, DoD benefits number, or any other internal number associated by the DON to an individual – by itself or with the associated name – shall be considered internal government operations-related PII. Loss, compromise or theft of the DoD ID number is low risk with regard to harm and/or identity theft," according to a February policy message released by DON CIO.

For more details, view DON CIO message: "DON SSN Reduction Plan Phase Three."

View more Fast Facts.

TAGS: Cybersecurity, Privacy

Related News
Related CHIPS Magazine