Privacy & Cybersecurity Law Blog

New York State recently enacted legislation restricting the use of Social Security numbers (“SSNs”) by employers. The legislation takes effect on January 3, 2009.

New York State recently enacted legislation restricting the use of Social Security numbers (“SSNs”) by employers. The legislation takes effect on January 3, 2009.

Restrictions on the Use of SSNs
At present, the New York Social Security Number Protection Law prohibits a business from (i) intentionally communicating an SSN to the general public; (ii) printing an SSN on any card or tag required for the individual to access products, services or benefits provided by the business; (iii) requiring an individual to transmit his or her SSN over the Internet, unless the connection is secure or the SSN is encrypted; or (iv) requiring an individual to use his or her SSN to access an Internet website, unless a password or unique personal ID number or authentication device is also required.

This law defines an SSN very broadly as any number derived from an SSN. Accordingly, even the last four digits of an SSN are subject to the above-mentioned prohibitions. The newly-enacted New York legislation amends existing law by including an additional prohibition on the use of SSNs. Specifically, businesses must refrain from encoding or embedding an SSN in a card or document (such as in a bar code, chip or magnetic strip).

Restrictions on Employers’ Use of SSNs
The new legislation also amends New York’s labor law by restricting employers’ use of employee SSNs. Notably, employers are prohibited, except as required by federal or state law, from (i) publicly posting or displaying an SSN; (ii) visibly printing an SSN on any identification badge or card, including a time card; or (iii) placing an SSN in files with unrestricted access. As a result of the new law, businesses must verify that employee SSNs are being stored in a secure manner so as to prevent unauthorized access.

We Can Help
In addition to New York, a majority of states have enacted laws aimed at protecting personal information such as SSNs. Hunton & Williams’ Privacy and Information Management practice assists clients in complying with the myriad federal and state privacy and information security laws. If you would like assistance in reviewing how your organization handles and secures personal information, please contact us.