Login | Register
September 05, 2008
Back to: articles
 

 New Forum Posts
  
Start New Discussion

 Featured Blog - CareerHub
  
More Blog Posts
Click Here


email email | del.icio.us del.icio.us | digg digg | technorati technorati | reddit reddit | stumbleupon stumbleupon | facebook facebook | newsvine newsvine | google bookmarks google bookmarks | ask ask | live live | twitter twitter

Click Here to View Original


 
Connecticut Employer Obligations Under New Statute Governing Social Security Numbers Confidentiality
 
Jackson Lewis
 
 

Employers in Connecticut soon will have additional obligations to protect personal information and social security numbers in their possession.  According to “An Act Concerning the Confidentiality of Social Security Numbers” (Public Act No. 08-167), effective October 1, 2008, employers must safeguard the personal information of another person in its possession from misuse by a third party and “destroy, erase, or make unreadable” personal information on computer files and documents prior to the disposal of such files.

The statute defines personal information as “information capable of being associated with a particular individual through one or more identifiers, including, but not limited to a social security number, a driver’s license number, a state identification card number, an account number, a credit or debit card number, a passport number, an alien registration number or a health insurance identification number.”  According to the statute, personal information does not include public information that is lawfully made available to the general public.

Employers who collect social security numbers in the course of their business must create ­and display publicly a privacy protection policy. An employer may meet the publication requirement by posting the policy on its Internet website.  The privacy protection policy must:

  • Protect the confidentiality of social security numbers;
  • Prohibit unlawful disclosure of social security numbers; and
  • Limit access to social security numbers.

An employer’s obligation under this new legislation is not limited to its employees – it applies broadly to the personal information or social security numbers of any person.  Although the statute does not provide aggrieved persons with a private right of action, it subjects an employer that violates its provisions to a $500 civil penalty for each violation, up to a maximum of $500,000 for each event.  (“Event” is not defined.)  The civil penalties apply only to intentional violations of the statute.

Employers should institute a privacy protection policy immediately that meets the requirements of the Act.  Employers should also take additional measures to safeguard the identities associated with the personal information in its possession.  Such actions may include, among others:

  • Training employees on how to secure, handle, and destroy files containing personal information;
  • Installing encryption software on computers containing personal information; and
  • Screening all employees who have access to personal information.
 
Disclaimer
This article is designed to give general and timely information on the subjects covered. It is not intended as advice or assistance with respect to individual problems. This article is provided with the understanding that the publisher, editor or authors are not engaged in rendering legal or other professional services. Members and others should consult competent counsel or other professional services of their own choosing as to how the matters discussed relate to their own affairs or to resolve specific problems or questions.
108

Comments
There are currently no comments. Please add a comment below.
 

Add a Comment
  Name (required - will be displayed)
  Email (required - will not  be displayed)
Comment Text:

Copyright © 2007-2008 by hrNsight