Prohibits prison inmates from accessing, collecting or performing data processing of personal identifying information pertaining to New York State residents.
TITLE OF BILL: An act to amend the general business law and the correction law, in relation to the processing of personal identifying information
PURPOSE: The purpose of this bill is to prohibit prison inmates from accessing, collecting or performing data processing of Social Security account numbers pertaining to New York State residents.
SUMMARY OF PROVISIONS: Section 1 of the bill would prohibit any person from knowingly using the labor or time of or employ any inmate in any capacity that involves obtaining access to, collecting or processing social security account numbers of other individuals.
Section 2 would amend section 170 of the Correction Law to clarify that the existing prohibition on contracting out any labor or time of any inmate in any State or local correctional facility shall apply to inmates employed or assigned to engage in any activity that involves obtaining access to, collecting or processing social security account numbers of other individuals.
JUSTIFICATION: Advancements in computer science are having revolutionary impacts on our lives. The information revolution has created exciting opportunities for all of us. However, while instant access to more information can have positive effects, this technology can also be manipulated by those who want to take advantage of the unsuspecting. Individuals are losing control over sensitive personal identifying information.
Most people are unaware of the fact that information concerning their private lives and public records may pass through the fingers of inmates. Some data companies, information brokers and others have used prison inmates to compile and enter sensitive identifying information into databases. Prisoner access to Social Security account numbers posses potentially dangerous consequences, including the promotion of identity theft and other criminal activities.
The public is making it increasingly clear that they are worried about the wide distribution of personal information and what, ultimately, others may do with this information. Several studies and surveys have revealed that consumers are very concerned about privacy and the security of their Social Security account numbers.
LEGISLATIVE HISTORY: New Bill.
FISCAL IMPLICATIONS: None.
EFFECTIVE DATE: 90 days following enactment.
STATE OF NEW YORK ________________________________________________________________________ 7594 IN SENATE June 6, 2012 ___________Introduced by Sens. FUSCHILLO, NOZZOLIO -- read twice and ordered print- ed, and when printed to be committed to the Committee on Consumer Protection AN ACT to amend the general business law and the correction law, in relation to the processing of personal identifying information THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: Section 1. Section 399-dd of the general business law, as added by chapter 676 of the laws of 2006, paragraph (f) of subdivision 2 and subdivision 6 as added and subdivision 7 as renumbered by chapter 279 of the laws of 2008, is amended to read as follows: S
[399-dd]399-DDD. Confidentiality of social security account number. Beginning on and after January first, two thousand eight: 1. (A) As used in this section "social security account number" shall include the number issued by the federal social security administration and any number derived from such number. Such term shall not include any number that has been encrypted. (B) FOR PURPOSES OF THIS SECTION, THE TERM "INMATE" MEANS A PERSON CONFINED IN ANY LOCAL CORRECTIONAL FACILITY AS DEFINED IN SUBDIVISION SIXTEEN OF SECTION TWO OF THE CORRECTION LAW OR IN ANY CORRECTIONAL FACILITY AS DEFINED IN PARAGRAPH (A) OF SUBDIVISION FOUR OF SECTION TWO OF THE CORRECTION LAW PURSUANT TO SUCH PERSON'S CONVICTION OF A CRIMINAL OFFENSE. 2. No person, firm, partnership, association or corporation, not including the state or its political subdivisions, shall do any of the following: (a) Intentionally communicate to the general public or otherwise make available to the general public in any manner an individual's social security account number. This paragraph shall not apply to any individ- ual intentionally communicating to the general public or otherwise making available to the general public his or her social security account number. (b) Print an individual's social security account number on any card or tag required for the individual to access products, services or bene-EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets [ ] is old law to be omitted. LBD13110-04-2 S. 7594 2
fits provided by the person, firm, partnership, association or corpo- ration. (c) Require an individual to transmit his or her social security account number over the internet, unless the connection is secure or the social security account number is encrypted. (d) Require an individual to use his or her social security account number to access an internet web site, unless a password or unique personal identification number or other authentication device is also required to access the internet website. (e) Print an individual's social security account number on any mate- rials that are mailed to the individual, unless state or federal law requires the social security account number to be on the document to be mailed. Notwithstanding this paragraph, social security account numbers may be included in applications and forms sent by mail, including docu- ments sent as part of an application or enrollment process, or to estab- lish, amend or terminate an account, contract or policy, or to confirm the accuracy of the social security account number. A social security account number that is permitted to be mailed under this section may not be printed, in whole or part, on a postcard or other mailer not requir- ing an envelope, or visible on the envelope or without the envelope having been opened. (f) Encode or embed a social security number in or on a card or docu- ment, including, but not limited to, using a bar code, chip, magnetic strip, or other technology, in place of removing the social security number as required by this section. (G) KNOWINGLY USE THE LABOR OR TIME OF OR EMPLOY ANY INMATE IN THIS STATE, OR IN ANY OTHER JURISDICTION, IN ANY CAPACITY THAT INVOLVES OBTAINING ACCESS TO, COLLECTING OR PROCESSING SOCIAL SECURITY ACCOUNT NUMBERS OF OTHER INDIVIDUALS. 3. This section does not prevent the collection, use, or release of a social security account number as required by state or federal law, the use of a social security account number for internal verification, fraud investigation or administrative purposes or for any business function specifically authorized by 15 U.S.C. 6802. 4. Any person, firm, partnership, association or corporation having possession of the social security account number of any individual shall, to the extent that such number is maintained for the conduct of business or trade, take reasonable measures to ensure that no officer or employee has access to such number for any purpose other than for a legitimate or necessary purpose related to the conduct of such business or trade and provide safeguards necessary or appropriate to preclude unauthorized access to the social security account number and to protect the confidentiality of such number. 5. Any waiver of the provisions of this section is contrary to public policy, and is void and unenforceable. 6. No person may file any document available for public inspection with any state agency, political subdivision, or in any court of this state that contains a social security account number of any other person, unless such other person is a dependent child, or has consented to such filing, except as required by federal or state law or regu- lation, or by court rule. 7. Whenever there shall be a violation of this section, application may be made by the attorney general in the name of the people of the state of New York to a court or justice having jurisdiction by a special proceeding to issue an injunction, and upon notice to the defendant of not less than five days, to enjoin and restrain the continuance of suchS. 7594 3
violations; and if it shall appear to the satisfaction of the court or justice that the defendant has, in fact, violated this section, an injunction may be issued by such court or justice, enjoining and restraining any further violation, without requiring proof that any person has, in fact, been injured or damaged thereby. In any such proceeding, the court may make allowances to the attorney general as provided in paragraph six of subdivision (a) of section eighty-three hundred three of the civil practice law and rules, and direct restitu- tion. In connection with any such proposed application, the attorney general is authorized to take proof and make a determination of the relevant facts and to issue subpoenas in accordance with the civil prac- tice law and rules. Whenever the court shall determine that a violation of subdivision two of this section has occurred, the court may impose a civil penalty of not more than one thousand dollars for a single violation and not more than one hundred thousand dollars for multiple violations resulting from a single act or incident. The second violation and any violation committed thereafter shall be punishable by a civil penalty of not more than five thousand dollars for a single violation and not more than two hundred fifty thousand dollars for multiple violations resulting from a single act or incident. No person, firm, partnership, association or corporation shall be deemed to have violated the provisions of this section if such person, firm, partnership, asso- ciation or corporation shows, by a preponderance of the evidence, that the violation was not intentional and resulted from a bona fide error made notwithstanding the maintenance of procedures reasonably adopted to avoid such error. S 2. Subdivision 1 of section 170 of the correction law, as amended by section 23 of subpart A of part C of chapter 62 of the laws of 2011, is amended to read as follows: 1. The commissioner shall not, nor shall any other authority whatsoev- er, make any contract by which the labor or time of any inmate in any state or local correctional facility in this state, or the product or profit of his work, shall be contracted, let, farmed out, given or sold to any person, firm, association or corporation; except that the inmates in said correctional institutions may work for, and the products of their labor may be disposed of to, the state or any political subdivi- sion thereof, any public institution owned or managed and controlled by the state, or any political subdivision thereof, PROVIDED THAT NO INMATE SHALL BE EMPLOYED OR ASSIGNED TO ENGAGE IN ANY ACTIVITY THAT INVOLVES OBTAINING ACCESS TO, COLLECTING OR PROCESSING SOCIAL SECURITY ACCOUNT NUMBERS OF OTHER INDIVIDUALS. S 3. This act shall take effect on the ninetieth day after it shall have become a law.