New York Joins 26 Other States in Restricting Employers' Ability to Use Employees' Social Security Numbers

As of January 3, 2009, a new law enacted in New York will limit employers' use of employees' Social Security Numbers (SSNs).  Specifically, the new law (S. 8376A) prohibits employers from publicly displaying an employee's SSN, printing an employee's SSN on identification badges or time cards, maintaining an employee's SSN in files with unrestricted access or using an employee's SSN as an identification number for occupational licensing purposes.

The law also places restrictions on an employer's ability to communicate personal information about employees to the general public.  Employers may not communicate to the general public an employee's SSN, home address or telephone number, personal e-mail address, Internet identification name or password, parent's surname prior to marriage or driver's license number to the general public.

Employers violating the new law may face fines of up to $500 for each "knowing" violation of the statute.  Employers who fail to create or implement policies to prevent prohibited uses of employees' SSNs or disclosure of employees' personal information are presumed to have knowingly violated the new law.

New York joins 26 other states that have laws limiting the ways that a SSN can be used or disclosed, including Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Hawaii, Idaho, Illinois, Maryland, Michigan, Minnesota, Missouri, Nebraska, New Jersey, New Mexico, North Carolina, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, Texas, Utah, Vermont and Virginia.  While these laws vary widely by state, many have prohibitions on:

(1) intentionally communicating or otherwise making available to the general public an individual's SSN;

(2) printing an individual's SSN on a card required for the individual to access products or be provided with services;

(3) requiring an individual to transmit his or her SSN over the Internet unless the Internet connection is secure or the SSN is encrypted;

(4) requiring an individual to use his or her SSN to access an Internet Web site unless a password, a unique personal identification number or another authentication device is also required to access the Web site; or

(5) printing an individual's SSN on material that is mailed to the individual.

Employers should create and implement consistent policies for safeguarding and preventing the disclosure of employees' personal information, including SSNs.