Nothing’s Certain, Even Death

December 8, 2008

Sooner or later, it happens to everyone. Some computer system somewhere scrambles your personal information, melding your identity, credit or some other detail of modern life with those of a stranger.

No one can explain it. But even the smallest snafus can take hours, days or weeks to sort out.

Now, imagine what would happen if the United States government declared you dead.

More than 20,000 live Americans don’t have to conjure up a vision of bureaucratic purgatory. They’ve lived through it, some for years, thanks to the Social Security Administration, according to a report by the agency’s inspector general.

Social Security – the agency that warns us all to protect our identity from thieves by keeping our SSN confidential – every year publicly reports more than 9,000 live Americans as dead in an electronic file called, the Death Master File (DMF), largely due to typing mistakes.

Once Social Security creates the DMF file, a second government agency sells it to credit bureaus, financial institutions, data aggregators, genealogy groups and anyone else that pays $1,725 for the complete file, including internet sites that provide free access.

It contains the social security number; first, middle and last names; dates of birth and death; and, the state and zip code of the last known address of the “deceased.”

Corporate America uses it to verify identity and prevent fraud. Genealogists use it to build family trees. Auditors worry thieves will steal the identity of live Americans once mistakenly labeled as dead.

“The accuracy of death data is a highly sensitive matter for SSA,” said Inspector General Patrick P. O’Carroll, Jr. in a June 2008 report. “Erroneous death entries can lead to benefit termination, cause severe financial hardship and distress to affected individuals, and result in the publication of living individuals’ PII (personally identifiable information) in the DMF (Death Master File).”

A Social Security number is the key to receiving government benefits, completing many financial transactions and getting and holding a job.

Though Social Security was aware of “errors” in its files it didn’t tell living Americans their personal information had been made public until questioned by the inspector general.

From January 2004 through April 2007, Social Security deleted more than 44,000 individuals from the master death file, the auditors said.  While auditors didn’t check who was dead or alive, they reported 20,623 of those originally marked deceased were receiving benefits from Social Security in May 2007, indicating that “SSA determined the individuals were alive.”

Social Security deletes the living from the list of the dead once it becomes aware of an error. About 90 percent are cured in less than a year. The deletions, auditors said, set the record straight in the current list, but have little effect on previous listings sold to credit agencies, financial institutions, data aggregators and internet sites.

Auditors selected at random 250 instances where the entries of living individuals were deleted. In May 2007 – from four to 43 months after the names of live Americans were deleted by Social Security – auditors found more than one in four still listed as deceased on three genealogical websites.

Why wasn’t the information cleaned up?

Neither Social Security nor the National Technical Information Service, which sells the list, bothers to check whether buyers apply the required updates.

Auditors described it this way:

Social Security staff believed “this oversight activity” was National Technical Information Service’s job, since it’s collects fees for each sale. The National Technical Information Service “provided no oversight” because the DMF list is “exclusively” a Social Security product.

What of the living Americans declared dead by Social Security?

“SSA recognizes the undue hardship individuals may experience when their personal information is erroneously compromised and is fully committed to finding ways to reduce any risk of [personally identifiable information] exposure,” the agency told auditors.

Still, Social Security wasn’t committed enough to tell the living that it had published their names, social security numbers and dates of birth and “dates of death” until auditors raised questions, despite guidelines requiring notification to anyone whose personal information has been compromised so they can “take steps to help protect themselves from the consequences of the breach.”

Social Security was quick to respond.

First, it told auditors that its report covered information released through April 2007 and the federal guidelines weren’t put in place until May 2007. Then, it pointed out that the death file contains a disclaimer that in “rare instances” a live individual’s information was erroneously included in the death index.

In April 2008, it set up a task force to improve the death reporting process and evaluate whether they comply with federal notification rules. Finally, the agency said that in a May 6, 2008 it “currently” notifies individuals when they correct the death index.

“This is a unique and complex issue. While we recognize the small percentage of error in the DMF, we are concerned with the characterization of those errors as [personally identifiable information] breaches,” the agency said. “Nonetheless, we will take a cautious approach and initiate breach notification evaluation procedures.”

The agency added: “To the best of our knowledge, no case of fraud or abuse has occurred as a result of errors in the DMF. This may be largely due to the fact that living persons erroneously placed in the DMF are reported as being deceased. Therefore, it is difficult for identity thieves to distinguish these records from other deceased individuals in the DMF.”

Identity thieves would have a difficult time abusing the information because banks and credit bureaus would block activity, assuming the individual was dead, Social Security administrators said.  They also pointed out less than 0.4 percent of the data contains errors.

Yet, agency executives argued the Inspector General should keep his report secret, lest it encourage “misuse.”

“As we assess this issue, we strongly caution the (Office of Inspector General) against releasing this report publicly. We believe limited distribution would be more responsible,” Social Security said. “We recognize that this information may already be known to some, but this report highlights the issue and could encourage misuse.”