OPM Rule Prohibits Social Security Numbers in Most Mailings

To guard against identity theft and boost user privacy, the Office of Personnel Management (OPM) issued a new rule forbidding the publication of Social Security Numbers (SSNs) in mailings, unless there is an exceptional circumstance.

Under the rule, Social Security Numbers must not be visible on the outside of any package sent by OPM, or displayed on any correspondence that is “visible through the window of an envelope or package.”

 Documents sent by OPM may only include an SSN if OPM leadership determines that the inclusion is “necessary and appropriate to meet legal and mission requirements.”

SSNs must also be redacted whenever feasible.

OPM mailings typically go to agencies, federal employees, contractors, annuitants, and others.

“The theft and fraudulent use of SSNs can result in significant repercussions for the SSN holder, as well as the entities from which SSNs were stolen,” OPM wrote. “This direct final rule formalizes in regulation OPM's current practice of safeguarding SSNs in mailed documents and will support efforts to protect individual privacy.”

The policy change is required under the Social Security Number Fraud Prevention Act of 2017, which prohibits federal agencies from using SSNs in any mailed document unless deemed necessary by agency leaders.

This rule will take effect on June 26, 2024, unless significant adverse comments are received by the comment deadline of June 11, 2024. If significant adverse comments are received, OPM will withdraw this direct final rule and publish a proposed rule.