Search form

New York Tightens Protections on Social Security Numbers

By Joseph J. Lazzarotti
  • August 20, 2012

A person may not be required to disclose or furnish his or her Social Security Number (SSN) for any purpose under a new law signed by New York Governor Andrew Cuomo.  The new law safeguarding SSNs (A.8992-A/S.6608-A) applies to employers and certain other entities in the state.   It adds new section 399-ddd to the General Business Law of the Empire State and becomes effective December 12, 2012 (120 days from enactment). Businesses must review their practices with employees, customers and other individuals in situations where all or a part of the Social Security Number is involved.

Under the new law, SSN includes not only the nine-digit number issued by the Social Security Administration, but also "any number derived from such number," unless the number is encrypted. 

Unless one of the exceptions below applies, requiring employees or customers to use the last four digits of their SSN as part of an identification number, for example, will be unlawful. 

Exceptions include: 

  • The individual consents to the acquisition or use of his or her SSN (this likely means a voluntary consent);
  • The SSN is expressly required by federal, state or local law or regulation;
  • The SSN is used for internal verification or fraud investigation;
  • The SSN is requested for credit or credit card transaction initiated by the consumer or in connection with a lawful request for a consumer report or investigating consumer report (in addition to permissible background checks under the Fair Credit Reporting Act and New York law, this provision also may cover corporate credit card programs, frequently used by companies to better manage business expense reimbursement);
  • The SSN is requested for purposes of employment, including in the course of administration of a claim, benefits, or procedure related to employment, such as termination from employment, retirement, workplace injury, or unemployment claims;
  • The SSN is requested for tax compliance, collecting child or spousal support, or determining whether a person has a criminal record; and
  • The SSN is requested by an authorized insurance company for purposes of furnishing information to the Centers for Medicare and Medicaid Services (this likely captures the reporting requirements under Section 111 of the Medicare, Medicaid and SCHIP Extension Act of 2007).

The law does not provide for a private right of action; it is enforced by the State Attorney General.  A civil penalty of not more the $500 per violation may be imposed for a first offense, $1,000 for a second offense. However, the law suggests that so long as reasonable measures have been adopted to avoid a violation, unintentional, bona fide errors will not result in penalties.

This is a general summary of the changes included in the new law.  Jackson Lewis attorneys are available to answer inquiries regarding this and other workplace developments.

©2012 Jackson Lewis P.C. This Update is provided for informational purposes only. It is not intended as legal advice nor does it create an attorney/client relationship between Jackson Lewis and any readers or recipients. Readers should consult counsel of their own choosing to discuss how these matters relate to their individual circumstances. Reproduction in whole or in part is prohibited without the express written consent of Jackson Lewis.

This Update may be considered attorney advertising in some states. Furthermore, prior results do not guarantee a similar outcome.

Jackson Lewis P.C. represents management exclusively in workplace law and related litigation. Our attorneys are available to assist employers in their compliance efforts and to represent employers in matters before state and federal courts and administrative agencies. For more information, please contact the attorney(s) listed or the Jackson Lewis attorney with whom you regularly work.

See AllRelated Articles You May Like

May 20, 2016

Supreme Court: ‘Actual Injury’ Needed to Establish Standing to Sue for Violations of Fair Credit Reporting Act

May 20, 2016

Plaintiffs must show they suffered from an actual injury, not just a “bare procedural violation,” in order to sue in federal court, the U.S. Supreme Court has ruled in its long-awaited decision in Spokeo, Inc. v. Robins, No. 13-1339 (May 16, 2016). By a 6-2 vote, the Court vacated the decision of the U.S. Court of Appeals... Read More

May 17, 2016

What Employers Need to Know About the New York City Pregnancy Accommodation Enforcement Guidance

May 17, 2016

The New York City Commission on Human Rights has released enforcement guidance on the New York City Pregnant Workers Fairness Act identifying five categories of potential violations and emphasizing the need to engage in cooperative dialogue to reach accommodation. The Act, passed in 2013 and codified in the New York City Human Rights Law... Read More

May 5, 2016

Department of Justice Warns Governor that North Carolina LGBT Law is Unlawful

May 5, 2016

North Carolina’s law restricting access to restrooms based on an individual’s sex assigned at birth and not based on an individual’s consistent gender identity violates both Title VII of the Civil Rights Act and Title IX of the Education Amendments of 1972, the United States Department of Justice has said in a letter to... Read More