We have been asked this question more frequently lately, and, yes, collecting individual’s social security numbers poses a huge financial risk to the organization. There are various levels of information that an organization can collect about its members, volunteers, clients, etc. Names and addresses make up the lowest tier of information. Social security numbers rank highest and must be properly secured. Most states have statutes in cases of data breach that obligate the organization responsible for collecting individual’s information to pay for notification costs and, often, credit monitoring for the individuals affected. We are finding that the average cost per individual in cases of data breach is around $217; multiply that by your number of members, and you can see why we are concerned about our clients collecting social security numbers.