If the trend gains momentum, state agencies may not be able to release consumer information because information such as a driver's license often is accessed by inputting a Social Security number, Mr. Alldredge adds. This is the "next phase" in the privacy issue, he said. The Social Security number is a "national identity tool" that business has come to rely on, Mr. Alldredge said.

The issue should be determined by looking back to the intent of the Social Security Act, according to Kevin Hennosy, chairman and founder of SpreadtheRisk.org in Kansas City, Mo. A Social Security number should not be used for purposes other than Social Security, he added.

"It is a dangerous number to have floating around," said Robert Hunter, a consumer advocate with the Consumer Federation of America in Washington. It is a critical number to all kinds of a consumer's personal accounts, he noted.

Indiana is one state where this new issue is being advanced. Indiana Attorney General Steve Carter is supporting a privacy bill, Indiana SB 376, that has passed out of the state Senate and is moving through the Assembly. The bill could be voted into law by March 14, when the session ends.

The measure would bar release of a social security number to insurers and others in the public sector unless a court order is obtained or a federal statute requires its dissemination.

Attorneys general's interest in privacy regulation currently has them tracking how privacy standards are being implemented to conform with GLBA. A letter sent in mid-February by 46 attorneys general to the Federal Trade Commission made recommendations on how privacy notices should be implemented in the future.

The attorneys general are recommending short, standard forms. They wrote that "it is clear that millions of consumers did not read or understand the dense text and long discussion contained in thousands of privacy notices developed by financial institutions prior to the initial July 1, 2001, deadline."

They cite the low opt-out rate, less than 5 percent, to forms sent out to meet a July 1, 2001, deadline. An opt-out is a request by a consumer that nonpublic personal information not be used.

Icons or a format similar to a food label developed by the Food and Drug Administration to signify different consumer preferences on privacy are being advocated by the attorneys general.

Indeed, the attorneys general argued in their letter that consistency will cut down on compliance costs and enhance competition by making comparisons easier.