New York Strengthens Law Protecting Social Security Numbers

more+
less-

Executive Summary:  Two new amendments to New York General Business Law Section 399-dd, commonly known as the Social Security Number Protection Law, have been passed for the purpose of further safeguarding employees' social security numbers.  Signed into law by Governor Andrew Cuomo on August 14, 2012, the first change becomes effective on November 12, 2012, while the effective date for the second change is December 12, 2012.  The two amendments will be codified as Section 399-ddd.

The first change to the law prohibits the hiring of inmates for any position that would give them access to other individuals' social security numbers.  The language of this provision has been incorporated into the existing Section 399-ddd.

The second change to the law aims to strengthen the existing privacy protections for social security numbers in the workplace generally.  Employers will, with certain delineated exceptions, no longer be allowed to require employees to disclose their social security numbers or to deny them access to any service or privilege as a result of their refusal to disclose.  These protections apply not only to the individual's complete social security number, but any combination or set of numbers therein, including the classic "Last Four Digits" disclosures.

While the provision prohibiting access by inmates is inviolate and cannot be circumvented, the second change to the law contains several exceptions.  Specifically, if the social security number is "required by law" or sufficiently encrypted by the employer (for instance, if it is needed for benefits information or a fraud investigation), the new rule is inapplicable.  Moreover, the new rule is waived if the employee gives express consent to provide his or her social security number to a prospective or current employer, effectively rendering the statute moot unless the employee is particularly well-informed as to developments in the law.

Even if the employee consents and discloses his or her social security number, all the current rules safeguarding the privacy of social security numbers will still apply, and the employer is prohibited from including the number (or any combination or set therein) on any card or tag designed to allow the employee access to facilities or privileges.

Failure to comply with these safeguards generally results in a fine of up to $500 for the first violation and $1000 for any further violation.  However, to the extent that an employer's practices result in company-wide violations and each individual's social security number is improperly obtained, the potential exposure can be significant.  There is no private right of action for these breaches; only the Attorney General may enforce Section 399-ddd.

Employers' Bottom Line:

Employers should be prepared to comply with the amendments when they take effect.  If you have any questions regarding this issue or other labor or employment law issues, please contact the author of this Alert, Philip Davidoff, pdavidoff@fordharrison.com, who is a partner in our New York City office, or the FordHarrison attorney with whom you usually work.

 

Published In: Administrative Agency Updates, Labor & Employment Updates, Privacy Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© FordHarrison | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »