About the Blog Meet the Bloggers Archive Practice Areas
Follow our News Feed
Search the Blog
 


05.12.08
Day Pitney Alert: New York Enacts Law to Protect Social Security Numbers
Wendy Johnson Lario, Elliot D. Ostrove, James W. Boyan
New York’s Social Security Number Protection Law became effective on January 1, 2008. (N.Y. Gen. Bus. Law 399-dd). This law requires companies to implement safeguards preventing unauthorized access to social security numbers and limiting the publication and dissemination of social security numbers. The law requires companies to take reasonable measures to ensure that no officer or employee has access to social security numbers that are maintained in the ordinary course of business unless the access is necessary for a legitimate business purpose.

The law also prohibits companies from:

1. making an individual’s social security number available to the general public;

2. printing an individual’s social security number on any card or tag required for an individual to access products, services or benefits provided by the company;

3. requiring an individual to transmit his or her social security number over the Internet, unless the connection is secure or the number is encrypted;

4. requiring an individual to transmit his or her social security number to access an Internet website, unless a password, PIN number, or other type of authenticating device is also required for the individual to access the website;

5. printing an individual’s social security number on anything that is mailed to the individual, unless a state or federal law requires the number to be on the document being mailed. (There are a few exceptions to this prohibition, including printing an individual’s social security number on an application or enrollment form.)

There are serious penalties for non-compliance with this law. A company may be fined up to $100,000 for its first violation and up to $250,000 for additional violations.

This law must be read in tandem with the New York Data Breach and Notification Law (NY Gen. Bus. Law § 899-aa), which requires companies to notify individuals if their personal information (including their social security numbers) has been compromised. Accordingly, companies must notify the affected individuals if their efforts to safeguard social security numbers have been unsuccessful.

TAGS:



News, Events & Publications

Make-up Webinar: 2010 Annual Labor and Employment Conference

New Massachusetts Law Overhauls Employer Access to Criminal Records

New Guidance Regarding PPACA Preventive Health Care Requirements


© 2010 Day Pitney LLP. All rights reserved.
Day Pitney LLP publishes content on this website (the "Site") for educational and general informational purposes, only. Nothing displayed on the Site is intended to constitute legal advice. The Site is not an offer to represent You, and you should not act, or refrain from acting, based on any information contained on the Site. Use of the information from the Site is at your own risk, and the Site is provided without warranty of any kind. Neither Day Pitney LLP or the authors of any materials published on the Site make any warranties of any kind regarding the accuracy or completeness of any information on the Site, and we make no representations regarding whether such information is reliable, up-to-date, or applicable to any particular situation. Day Pitney LLP expressly disclaims all liability for actions taken or not taken based on any or all of the contents of this Site, or for any damages resulting from your viewing and use of the Site. Your use of the Site constitutes your full legal acceptance of all of Day Pitney’s Terms of Use and Privacy Policy. IF YOU DO NOT AGREE TO THESE TERMS DO NOT USE THE SITE. A copy of Day Pitney's IRS Circular can also be found here