Then, depending onn how the SSN's are stored, you may have a much larger problem than you think. From the sounds of it, the SSN's are stored as clear text. In other words, not encrypted and, if it's not against the law, it should be. I know for sure that it violates PCI and would never pass such an audit. My recommendation would be to alert management to the problem of having SSNs stored as clear text.

As for matchinng SSNs by name and DOB, it's nearly impossible to do such a thing with 100% accuracy even if a human gets involved because there are so many permutations as to how a name may appear not to mention the fact that people with the same name can also have the same DOB. That, notwithstanding, the first place to start would simply be to join the new table with the existing table based on the first name, last name, and DOB and use that join to update the new table.

Going back to the SSN problem, it would be far better to assign a "customer number" or some such instead of perpetuating the problem of having SSNs in clear text.