New York Law Aimed to Reduce Identity Theft in Workplace Takes Affect

Nick Fishman

This just in from our friends at Seyfarth Shaw: New York Employers Face Penalties if The Fail To Secure Employee Social Security Numbers. This law new law affects New York employers who collect Social Security Numbers on their job applicants and employees; in other words, every New York employer. Employers obviously need this information for a variety of reasons including its importance when conducting background checks. This article references a rather shocking stat: “In a 2006 survey conducted by the Identity Theft Resource Center (ITRC), a not-for-profit organization which provides information and support to identity theft victims, 12% of those surveyed reported that their personal information had been stolen at the workplace.”

We took this off the State of New York’s website:

Confidentiality of Social Security Numbers – General Business Law §399-DD
Places limits on the use and dissemination of Social Security Numbers (SSN) beginning January 1,
2008. The law prohibits the intentional communication of an individual’s SSN to the general public;
restricts businesses’ ability to print a SSN on mailings or on any card or tag required to access
products, services or benefits; prohibits businesses from requiring an individual to transmit his or her
unencrypted SSN over the Internet; and requires businesses possessing SSN to implement safeguards
and limit unnecessary employee access to the data.

According to Seyfarth Shaw, the New York Social Security New York Protection Law (NY Gen. Bus. § 399-dd) prohibits the following:

  • Intentionally communicating an employee’s social security number to “the general public or otherwise make [it] available to the general public”;
  • Printing an employee’s social security number on any card or tag required to access services or benefits provided by the employer;
  • Requiring an employee to transmit his or her social security number over the Internet unless “the connection is secure or the social security account number is encrypted”;
  • Requiring an employee to use his or her social security number to access an Internet web site unless “a password or unique personal identification number or other authentication device is also required to access the Internet website”;
  • Printing an employee’s social security number on any materials to be mailed unless state or federal law requires that this information be on the document.

Seyfarth offers the following compliance tips:

  • Have a written privacy policy (that includes disposal procedures that are consistent with accepted industry practice and satisfy legal requirements);
  • Lock up and limit access to employee personal information;
  • Conduct background checks on employees who will have access to personal information;
  • Limit retention of personal information to only that which is essential;
  • Train employees on privacy and document disposal policies;
  • Encourage employees to report any possible security breaches;
  • Avoid using or disclosing an employee’s social security number for any purpose other than that required by law or legitimate and necessary business purpose; and
  • Take proper security precautions when terminating employees who have access to personal information (e.g., changing computer access codes).

Read the full article here . . .

I definitely can’t and won’t argue that this is a bad law. In fact, it’s probably good for both employers to have some direction on how to comply and for consumers to have this protection. However, those performing background checks in New York have had a lot on their plate lately with the increase in the OCA fee.

Nick Fishman
Follow Me

Nick Fishman

Nick Fishman is the co-founder of EmployeeScreenIQ, a leading, global employment background screening provider, and serves as the company’s executive vice president and chief marketing officer. He pioneered the creation of EmployeeScreen University, the #1 educational resource on employment background checks for human resources, security and risk management professionals. A recognized industry expert, Nick is a frequent author, presenter and contributor to the news media. Nick is also a licensed private investigator in the states of Ohio and Texas.
Nick Fishman
Follow Me
Tweet
Share
Email
Share
  • “Beyond this Complaints that the life lock is lose “ID theft protection service” ,Life lock always improve protection quality, improve protection services each and every time, if you getting more knowledge visit this site it is updated and information site I hope you getting good knowledge.