Progressive collects highly sensitive personal data including your Social Security number, driver's license, and banking or credit card details as part of the insurance application and policy management process.
This analysis describes what Progressive's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Social Security numbers and financial account details are among the most sensitive categories of personal data; their collection by an insurer creates material data breach and identity theft risk, and consumers should understand the scope of what they are providing.
By applying for or managing a Progressive policy, you are providing the company with your most sensitive personal identifiers, including your Social Security number and financial account data, which if improperly secured or disclosed could create serious identity theft risk. Progressive asserts that it uses security measures to protect this data, but the policy does not detail specific breach notification procedures.
Cross-platform context
See how other platforms handle Collection of Sensitive Personal Identifiers and similar clauses.
Compare across platforms →Monitoring
Progressive has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We collect information you provide to us such as your name, address, email address, phone number, Social Security number, driver's license number, date of birth, and financial information such as your bank account or credit card information.— Excerpt from Progressive's Progressive Privacy Policy
REGULATORY LANDSCAPE: Collection of Social Security numbers and financial account data implicates the FTC's Safeguards Rule under GLBA, which requires financial institutions including insurers to implement a comprehensive information security program. State data breach notification laws in all 50 states require timely notification to consumers if sensitive personal information is compromised. Some states, including California and New York, have enacted specific restrictions on the collection and storage of Social Security numbers. GOVERNANCE EXPOSURE: High. The breadth of sensitive data collected, including SSNs, financial account numbers, and driver's license numbers, places Progressive within the highest tier of data sensitivity for breach notification and security program requirements. Inadequate security program documentation or delayed breach notification could trigger FTC enforcement and multi-state regulatory action. JURISDICTION FLAGS: California's Consumer Privacy Act grants residents rights to know and delete personal information including SSNs and financial data. New York's SHIELD Act imposes specific security requirements for businesses handling New York residents' private information. Illinois and other states have enacted specific SSN protection laws that restrict how Social Security numbers may be transmitted or stored. CONTRACT AND VENDOR IMPLICATIONS: Any vendor with access to SSNs or financial account data must be subject to written data processing agreements that include security standards, breach notification obligations, and audit rights. Procurement teams should confirm that vendor agreements are aligned with the FTC Safeguards Rule requirements and applicable state security standards. COMPLIANCE CONSIDERATIONS: Compliance teams should confirm that Progressive's information security program meets FTC Safeguards Rule requirements as updated in 2023, including encryption standards, access controls, and incident response procedures. Data minimization practices should be reviewed to confirm that SSNs are collected only where operationally necessary and are not retained beyond required periods.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Social Security numbers and financial account details are among the most sensitive categories of personal data; their collection by an insurer creates material data breach and identity theft risk, and consumers should understand the scope of what they are providing.
By applying for or managing a Progressive policy, you are providing the company with your most sensitive personal identifiers, including your Social Security number and financial account data, which if improperly secured or disclosed could create serious identity theft risk. Progressive asserts that it uses security measures to protect this data, but the policy does not detail specific breach notification …
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Progressive.