The Social Security Number was designed for one purpose in 1936 (tracking earnings for benefits) and has since become the de facto national identifier used for tax filing, credit applications, healthcare enrollment, and countless private-sector uses. The SSA and federal privacy advocates have long opposed this sprawl, but it's now the environment every HR and payroll team operates in. For employers, the SSN is both a required piece of payroll data and a high-value target for identity theft. The obligations around it have expanded across federal law and nearly every state law, and a payroll team that treats SSNs casually exposes the employer to costs that can quickly run into seven figures if something leaks.
Why Employers Need the SSN at All Three core payroll and compliance reasons. Tax reporting: the SSN appears on the W-2 and Form 941, and the IRS uses it to match employer wage reports to the employee's return. Social Security earnings record: the SSA uses the SSN to credit the employee's lifetime earnings, which determines future benefit amounts. Employment verification: the SSN appears on Form I-9 (for E-Verify employers and in most cases for I-9 completion) to verify work authorization.
Outside those uses, employers generally don't need the SSN. Requesting it on job applications is common and increasingly disfavored. Several states now prohibit collecting SSNs before a conditional offer.
Data Protection Obligations Employers Actually Face Federal law through Privacy Act provisions, IRS Publication 1075 (for employers handling federal tax information), and state laws that include California's CCPA, New York's SHIELD Act, and similar statutes in most other states impose specific protection requirements: access controls, encryption for data at rest and in transit, breach notification timelines (as short as 30 days in some states), and documented incident response.
State breach notification laws apply when an SSN is exposed alongside the person's name. Notification costs alone can reach millions for a large breach, before litigation exposure.
What Counts as an SSN Breach? Any unauthorized access to or acquisition of the SSN combined with the individual's name. This includes lost laptops, misdirected emails, stolen paper records, and access by contractors beyond the scope of their contract. Intent doesn't matter; the exposure itself triggers the notification obligation.
Common SSN Handling Mistakes Collecting SSNs before they're needed. A job application that asks for an SSN creates a data set the employer may never use but still has to protect. Storing SSNs in shared locations (email, shared drives) rather than access-controlled systems. Printing SSNs on benefit statements, pay stubs, or other routine documents, which creates physical exposure on top of digital exposure.
Giving vendors unredacted employee lists when the vendor doesn't actually need the SSN. Many vendors can work from an employee ID number instead; the SSN isn't part of their workflow.
Building an SSN Handling Practice That Protects Employees and the Employer Collect SSNs only at the point they're actually needed (after hire, for tax and I-9 purposes). Store them only in access-controlled systems with encryption. Mask SSNs on documents wherever possible (many systems show only the last four digits).
Pair SSN handling with broader payroll data practices, onboarding workflows, and W-2 form generation processes. Reference the SSA Social Security Number Verification Service and the IRS Publication 1075 for federal data protection requirements. The legal baseline for SSN protection has tightened every year, and it's not slowing down in 2026.
.svg)
.svg)
