Tracks federal privacy act of 1974 with respect to the obligation of a person to disclose their social security number to another person, partnership, association or corporation; provides where there is no legal basis for request that a person may refuse to provide his or her social security number; provides for enforcement by attorney general.
TITLE OF BILL: An act to amend the general business law, in relation to the disclosure of social security numbers
PURPOSE OR GENERAL IDEA OF BILL: To restrict the unnecessary dissemination and collection of social Security Numbers thereby protecting the personal privacy of New Yorkers. To extend the privacy protection of the federal Privacy Act of 1974.
SUMMARY OF SPECIFIC PROVISIONS: This bill tracks the intent of the federal Privacy Act of 1974 by stipulating that every person, firm, partnership or corporation which requests a social security number from an individual must reveal in writing or orally when the request is made orally of the authority for the solicitation of the information, whether disclosure is mandatory pursuant to federal law or regulation and the purpose of the information. Where there is no legal basis for the request, a person may refuse to provide his/her social security number. In such cases, the person shall not be denied any service. The bill further provides for enforcement by the Attorney General. Whenever the court shall determine that a violation involving disclosure has occurred, the court may impose a civil penalty of not more than five hundred dollars. The second or subsequent violation shall be punishable by a civil penalty of not more than one thousand dollars. Moreover, as provided in other statutes, the bill provides for damages, where appropriate.
EFFECTS OF PRESENT LAW WHICH THIS BILL WOULD ALTER: The General Business Law is amended by adding a new section 399-ddd.
JUSTIFICATION: Increasing demands are being placed on individuals to furnish a Social security Number in circumstances when the use of the SSN is neither required by the federal government for federal programmatic purposes nor necessary. For example, some stores and supermarkets demand social Security Numbers for check cashing and other unknown purposes and utilities and cable companies request Social Security Numbers to grant service. Finally, some companies request Social Security Numbers on contest entry forms. Consumers are frequently given the impression that such information is required. In some instances, the disclosure of one's SSN has been made a condition for obtaining services.
The SSN is increasingly being used as a password or an authenticator of identity. The Social Security Number is becoming a de facto identification number. credit records are indexed by SSN; some banks and credit unions even use it as an individual's account number. Several universities use the number for both student and faculty ID numbers and many health plans use the SSN to identify their subscribers. such use is not necessary, just convenient and can be risky, since the widespread circulation of SSNS makes them increasingly ascertainable by anyone wishing to impersonate another
and invade personal privacy. In application fraud, for example, someone simply files bogus credit card applications using the person's name and SSN. The thief then runs up large pills on someone else's account and, of course, does not pay them. Most consumers who have been victims of this form of fraud are not aware of the problem until months later, frequently when they begin receiving dunning letters from creditors. By that time, their credit history has been damaged. It has also become common for illegal aliens to provide false Social Security Numbers when they seek employment.
The scrambled earnings records create a nightmare for the rightful owner. Unemployment compensation claims have been rejected because other individuals were already collecting unemployment benefits on the rightful owners' numbers. The proliferation of the use of the SSN makes it easier for large organizations and institutions to compare their databases. While government is prohibited from computer matching, private organizations are not. Thus, by providing a social Security Number for a non_governmental or non-mandated purpose, individuals are providing organizations with the means to access other data about them in disparate data banks without the knowledge or consent of the data subject to manipulate personal information and create detailed profiles and dossiers.
In addition to data matching by large institutions, the SSN allows curious individuals, people you might not want, to snoop into private records, hopping from database to database consisting of various insurance, business and medical records to draw out a profile. As stated by a computer security expert, once someone has a person's Social Security Number, he or she can get somebody's life history. The SSN in its present form is not a satisfactory identifier. There is no real security for institutions in relying on the SSN. SSNs are too often transposed to create accidental inaccuracies. Moreover, individuals often secure or create multiple SSNs.
Furthermore, the Social Security Administration adheres to a policy of responding to requests for the verification of numbers from only those institutions that are authorized to maintain and record such data. Finally, the federal privacy Act of 1974 requires federal, state and local governmental agencies requesting SSNs to cite its formal legal authority, reveal whether disclosure is mandatory or voluntary and explain how the number will be used. Enactment of the proposed law would extend this needed protection to the private sector. In addition, the bill is consistent with the recommendations of the 1973 report, RECORDS, COMPUTERS AND THE RIGHTS OF CITIZENS, issued by the U.S. Department of Health, Education and Welfare.
FISCAL IMPLICATIONS FOR STATE AND LOCAL GOVERNMENTS: None.
EFFECTIVE DATE: This act shall take effect on the one hundred twentieth day after it shall have become law.
STATE OF NEW YORK ________________________________________________________________________ 3002 2011-2012 Regular Sessions IN SENATE February 7, 2011 ___________Introduced by Sen. KRUGER -- read twice and ordered printed, and when printed to be committed to the Committee on Consumer Protection AN ACT to amend the general business law, in relation to the disclosure of social security numbers THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: Section 1. The general business law is amended by adding a new section 399-ddd to read as follows: S 399-DDD. DISCLOSURE OF SOCIAL SECURITY NUMBER. 1. AS USED IN THIS SECTION, "SOCIAL SECURITY ACCOUNT NUMBER" SHALL INCLUDE THE NUMBER ISSUED BY THE FEDERAL SOCIAL SECURITY ADMINISTRATION AND ANY NUMBER DERIVED FROM SUCH NUMBER. SUCH TERM SHALL NOT INCLUDE ANY NUMBER THAT HAS BEEN ENCRYPTED. 2. NO PERSON, FIRM, PARTNERSHIP, ASSOCIATION OR CORPORATION, NOT INCLUDING THE STATE OR ITS POLITICAL SUBDIVISIONS, SHALL REQUIRE AN INDIVIDUAL TO DISCLOSE OR FURNISH HIS OR HER SOCIAL SECURITY ACCOUNT NUMBER, FOR ANY PURPOSE IN CONNECTION WITH ANY ACTIVITY, OR TO REFUSE ANY SERVICE, PRIVILEGE OR RIGHT TO AN INDIVIDUAL WHOLLY OR PARTLY BECAUSE SUCH INDIVIDUAL REFUSES TO DISCLOSE OR FURNISH SUCH NUMBER, UNLESS ONE OF THE EXCEPTIONS ENUMERATED IN SUBDIVISION THREE OF THIS SECTION APPLIES. 3. THE PROVISIONS OF THIS SECTION SHALL NOT APPLY IN THE FOLLOWING INSTANCES: (A) THE INDIVIDUAL CONSENTS TO THE ACQUISITION OR USE OF HIS OR HER SOCIAL SECURITY ACCOUNT NUMBER. (B) THE SOCIAL SECURITY ACCOUNT NUMBER IS EXPRESSLY REQUIRED BY FEDER- AL, STATE, OR LOCAL LAW OR REGULATION. (C) THE SOCIAL SECURITY ACCOUNT NUMBER IS TO BE USED FOR INTERNAL VERIFICATION OR FRAUD INVESTIGATION.EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets [ ] is old law to be omitted. LBD01061-01-1 S. 3002 2
(D) THE SOCIAL SECURITY ACCOUNT NUMBER IS TO BE USED FOR ANY BUSINESS FUNCTION PERMITTED OR ALLOWED UNDER THE GRAMM LEACH BLILEY ACT, P.L. 106-102 (1999). (E) THE SOCIAL SECURITY ACCOUNT NUMBER IS REQUESTED IN CONNECTION WITH A REQUEST FOR CREDIT OR A CREDIT TRANSACTION INITIATED BY THE CONSUMER OR IN CONNECTION WITH A LAWFUL REQUEST FOR A CONSUMER REPORT OR INVESTI- GATIVE CONSUMER REPORT, AS SUCH TERMS ARE DEFINED IN SECTION THREE HUNDRED EIGHTY-A OF THIS CHAPTER. (F) THE SOCIAL SECURITY ACCOUNT NUMBER IS REQUESTED IN CONNECTION WITH A DEPOSIT ACCOUNT OR AN INVESTMENT. (G) THE SOCIAL SECURITY ACCOUNT NUMBER IS REQUESTED FOR PURPOSES OF EMPLOYMENT, INCLUDING IN THE COURSE OF THE ADMINISTRATION OF A CLAIM, BENEFIT, OR PROCEDURE RELATED TO THE INDIVIDUAL'S EMPLOYMENT BY THE PERSON, INCLUDING THE INDIVIDUAL'S TERMINATION FROM EMPLOYMENT, RETIRE- MENT FROM EMPLOYMENT, INJURY SUFFERED DURING THE COURSE OF EMPLOYMENT, OR TO CHECK ON AN UNEMPLOYMENT INSURANCE CLAIM OF THE INDIVIDUAL. (H) THE SOCIAL SECURITY ACCOUNT NUMBER IS REQUESTED FOR PURPOSES OF TAX COMPLIANCE. (I) THE SOCIAL SECURITY ACCOUNT NUMBER IS REQUESTED FOR THE PURPOSE OF: I. THE COLLECTION OF CHILD OR SPOUSAL SUPPORT; II. DETERMINING WHETHER AN INDIVIDUAL HAS A CRIMINAL RECORD; OR III. BLOOD OR ORGAN DONATION. (J) THE SOCIAL SECURITY ACCOUNT NUMBER IS REQUESTED IN CONNECTION WITH ANY INTERACTION WITH A GOVERNMENTAL LAW ENFORCEMENT AGENCY OR IS USED IN CONJUNCTION WITH THE ENFORCEMENT OF A JUDGMENT OF A COURT OF COMPETENT JURISDICTION BY A SHERIFF OR MARSHAL. (K) THE SOCIAL SECURITY ACCOUNT NUMBER IS REQUESTED FOR THE PURPOSE OF VERIFYING AN INDIVIDUAL'S IDENTITY OR AGE IN ORDER TO ALLOW SUCH INDI- VIDUAL TO OBTAIN ACCESS TO, OR ENROLL IN, A MARKETING PROGRAM THAT IS RESTRICTED TO INDIVIDUALS OF A CERTAIN AGE. (L) I. THE SOCIAL SECURITY ACCOUNT NUMBER IS REQUESTED BY AN INDIVID- UAL, FIRM, CORPORATION, OR OTHER ENTITY DOING BUSINESS PURSUANT TO A FRANCHISE ISSUED BY A POLITICAL SUBDIVISION OF THE STATE OR A LICENSE, FRANCHISE, CERTIFICATE OR OTHER AUTHORIZATION ISSUED BY THE NEW YORK STATE PUBLIC SERVICE COMMISSION. II. THE SOCIAL SECURITY ACCOUNT NUMBER IS REQUESTED BY AN INDIVIDUAL, FIRM, CORPORATION, OR OTHER ENTITY REGULATED BY THE NEW YORK STATE PUBLIC SERVICE COMMISSION, THE FEDERAL COMMUNICATIONS COMMISSION, OR THE FEDERAL ENERGY REGULATORY COMMISSION. III. THE SOCIAL SECURITY ACCOUNT NUMBER IS REQUESTED BY A BANKING INSTITUTION, AS DEFINED IN SECTION NINE-F OF THE BANKING LAW, OR ONE OF ITS AFFILIATES. 4. WHENEVER THERE SHALL BE A VIOLATION OF THIS SECTION, APPLICATION MAY BE MADE BY THE ATTORNEY GENERAL IN THE NAME OF THE PEOPLE OF THE STATE OF NEW YORK TO A COURT OR JUSTICE HAVING JURISDICTION BY A SPECIAL PROCEEDING TO ISSUE AN INJUNCTION, AND UPON NOTICE TO THE DEFENDANT OF NOT LESS THAN FIVE DAYS, TO ENJOIN AND RESTRAIN THE CONTINUANCE OF SUCH VIOLATION; AND IF IT SHALL APPEAR TO THE SATISFACTION OF THE COURT OR JUSTICE THAT THE DEFENDANT HAS, IN FACT, VIOLATED THIS SECTION, AN INJUNCTION MAY BE ISSUED BY SUCH COURT OR JUSTICE, ENJOINING AND RESTRAINING ANY FURTHER VIOLATION, WITHOUT REQUIRING PROOF THAT ANY PERSON HAS, IN FACT, BEEN INJURED OR DAMAGED THEREBY. IN ANY SUCH PROCEEDING, THE COURT MAY MAKE ALLOWANCES TO THE ATTORNEY GENERAL AS PROVIDED IN PARAGRAPH SIX OF SUBDIVISION (A) OF SECTION EIGHTY-THREE HUNDRED THREE OF THE CIVIL PRACTICE LAW AND RULES, AND DIRECT RESTITU-S. 3002 3
TION. IN CONNECTION WITH ANY SUCH PROPOSED APPLICATION, THE ATTORNEY GENERAL IS AUTHORIZED TO TAKE PROOF AND MAKE A DETERMINATION OF THE RELEVANT FACTS AND TO ISSUE SUBPOENAS IN ACCORDANCE WITH THE CIVIL PRAC- TICE LAW AND RULES. WHENEVER THE COURT SHALL DETERMINE THAT A VIOLATION OF SUBDIVISION TWO OF THIS SECTION HAS OCCURRED, THE COURT SHALL IMPOSE A CIVIL PENALTY OF NOT MORE THAN FIVE HUNDRED DOLLARS. THE SECOND OFFENSE AND ANY OFFENSE COMMITTED THEREAFTER SHALL BE PUNISHABLE BY A CIVIL PENALTY OF NOT MORE THAN ONE THOUSAND DOLLARS. 5. ANY PERSON WHO HAS BEEN INJURED BY REASON OF ANY VIOLATION OF THIS SECTION MAY BRING AN ACTION IN HIS OR HER OWN NAME TO ENJOIN SUCH UNLAW- FUL ACT OR PRACTICE, AN ACTION TO RECOVER HIS OR HER ACTUAL DAMAGES OR FIFTY DOLLARS, WHICHEVER IS GREATER, OR BOTH SUCH ACTIONS. THE COURT MAY, IN ITS DISCRETION, INCREASE THE AWARD OF DAMAGES TO AN AMOUNT NOT TO EXCEED THREE TIMES THE ACTUAL DAMAGES UP TO ONE THOUSAND DOLLARS, IF THE COURT FINDS THE DEFENDANT WILLFULLY OR KNOWINGLY VIOLATED THIS SECTION. THE COURT MAY AWARD REASONABLE ATTORNEY'S FEES TO A PREVAILING PLAINTIFF. 6. NO PERSON, FIRM, PARTNERSHIP, ASSOCIATION OR CORPORATION SHALL BE DEEMED TO HAVE VIOLATED THE PROVISIONS OF THIS SECTION IF SUCH PERSON, FIRM, PARTNERSHIP, ASSOCIATION OR CORPORATION SHOWS, BY A PREPONDERANCE OF THE EVIDENCE, THAT THE VIOLATION WAS NOT INTENTIONAL AND RESULTED FROM A BONA FIDE ERROR MADE NOTWITHSTANDING THE MAINTENANCE OF PROCE- DURES REASONABLY ADOPTED TO AVOID SUCH ERROR. S 2. This act shall take effect on the one hundred twentieth day after it shall have become a law.