Hacker News new | past | comments | ask | show | jobs | submit login

Fines or threat of jail time is just trying treating the symptoms. Bigger issue is that companies use SSN as a way to authenticate a user. Government should mandate only allowing SSN for tax identification purposes. Passwords need to go away and with webauth, we are almost there. The average person is re-using the same password across sites so it’s pointless protection.

An e-commerce store hack shouldn’t give hackers the data needed to access customers financial accounts.




> Government should mandate only allowing SSN for tax identification purposes.

CafePress was presumably collecting SSNs precisely for tax identification purposes.


It's not them who are the problem. Its financial institutions and other services that use SSN as way to verify a person. You should not be able to setup a cell phone plan by providing a name and a SSN. And credit reporting should not be tied to a SSN. It should just be used to submit tax information to the government and have no value beyond that.


And when a company doesn't comply?

A law without a penalty isn't a law you need to follow.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: