Search form

New York Adds New Personal Information Protections and Responsibilities

  • July 10, 2008

In an effort to protect New York residents from the fraudulent use of their personal information, on July 8, 2008, New York Governor David A. Paterson signed into law a number of measures that strengthen New York State’s identity theft laws. The new laws, to take effect on January 4, 2009, create additional responsibilities for employers in how they handle personal information. Some key provisions of the new identity theft laws are summarized below.

Labor law amendments.

The most significant aspects of the new laws affecting employers are the amendments to the state labor law adding restrictions on employers’ use of employees’ Social Security numbers and other personal identifying information. The restrictions on Social Security numbers apparently intend to build on the amendments to the New York General Business Law that became effective January 1, 2008, which created specific protections and obligations related to Social Security numbers (we previously posted information about this law; see links below).  These new restrictions include prohibiting employers from:

  1. posting or displaying an employee’s Social Security number,
  2. visibly printing a Social Security number on any identification badge or card (including a time card), and
  3. placing Social Security numbers in files with open access.

The new laws also prohibit employers from communicating an employee’s “personal identifying information” to the general public. For purposes of this prohibition, “personal identifying information” means an employee’s Social Security number, home address or telephone number, personal e-mail address, Internet identification name or password, last name prior to marriage, and drivers’ license number.

Knowing violations of these restrictions can subject employers to civil penalties of up to $500. The penalty provision highlights the importance of adopting policies and procedures to safeguard employees’ personal identifying information: a violation will be presumed to be a “knowing” violation if no policies and procedures are in place, including informing or training appropriate employees about these restrictions.

Extension of Social Security number protections to public sector employers.

Currently, New York law prohibits private businesses from making certain uses and disclosures of Social Security numbers. For example, New York businesses generally are prohibited from intentionally communicating or otherwise making available Social Security numbers to the general public; printing Social Security numbers on any card or tag required for an individual to access products, services or benefits provided by a business; requiring an individual to transmit his or her Social Security numbers over the Internet, unless the connection is secure or the numbers are encrypted; and so on. The new laws extend to public entities similar prohibitions.

Limitations in filing of documents open to public inspection.

Under the new laws, it will be unlawful for any person to file documents that are available for public inspection that contain Social Security numbers of other persons. This includes filing documents with a state agency or state court. This prohibition will not apply where the Social Security number is otherwise required by federal or state law or regulation, or court rule, or if the other person is a dependent child or has consented to the filing.

Encoding or embedding Social Security numbers prohibited.

The new laws preclude encoding or embedding Social Security numbers in or on a card or document, such as through the use of a bar code, chip, or magnetic strip, in lieu of removing the Social Security number.

Assistance for identity theft victims.

The new laws establish a process for identity theft victims to receive information and assistance from the Consumer Protection Board (CPB). New York State residents who become victims of identity theft may seek assistance from the CPB’s Identity Theft Prevention and Mitigation Program. The program will assist victims to undo the damage that identity theft has done to their financial and credit history, including functioning as a liaison between the victim and any entity to resolve the problems resulting from identity theft.

Compliance with new personal information protection requirements in New York and other states is a growing concern for all businesses, particularly those with operations in more than one state. Violations of data privacy and security laws expose businesses to a loss of consumer confidence, class action claims, negative publicity, and civil penalties and damages. Accordingly, safeguarding personal information should be at the top of any chief executive’s corporate compliance agenda.

The Workplace Privacy Practice at Jackson Lewis can help businesses evaluate their needs in this area and provide policy analysis and drafting, as well as executive and employee training.

©2008 Jackson Lewis P.C. This material is provided for informational purposes only. It is not intended to constitute legal advice nor does it create a client-lawyer relationship between Jackson Lewis and any recipient. Recipients should consult with counsel before taking any actions based on the information contained within this material. This material may be considered attorney advertising in some jurisdictions. Prior results do not guarantee a similar outcome.

Focused on labor and employment law since 1958, Jackson Lewis P.C.'s 950+ attorneys located in major cities nationwide consistently identify and respond to new ways workplace law intersects business. We help employers develop proactive strategies, strong policies and business-oriented solutions to cultivate high-functioning workforces that are engaged, stable and diverse, and share our clients' goals to emphasize inclusivity and respect for the contribution of every employee. For more information, visit