New York Confidentiality of Social Security Account Number
NY Gen. Bus. Law § 399-DDD, § 399-DDD-2
GBS - General Business
Article 26 - MISCELLANEOUS
399-DDD - Cofidentiality of social security account number.
399-DDD*2 - Disclosure of social security number.
§ 399-ddd. Confidentiality of social security account number.
Beginning on and after January first, two thousand eight:
1. (a) As used in this section "social security account number" shall include the number issued by the federal social security administration and any number derived from such number. Such term shall not include any number that has been encrypted.
(b) For purposes of this section, the term "incarcerated individual" means a person confined in any local correctional facility as defined in subdivision sixteen of section two of the correction law or in any correctional facility as defined in paragraph (a) of subdivision four of section two of the correction law pursuant to such person's conviction of a criminal offense.
2. No person, firm, partnership, association or corporation, not including the state or its political subdivisions, shall do any of the following:
(a) Intentionally communicate to the general public or otherwise make available to the general public in any manner an individual's social security account number. This paragraph shall not apply to any individual intentionally communicating to the general public or otherwise making available to the general public his or her social security account number.
(b) Print an individual's social security account number on any card or tag required for the individual to access products, services or benefits provided by the person, firm, partnership, association or corporation.
(c) Require an individual to transmit his or her social security account number over the internet, unless the connection is secure or the social security account number is encrypted.
(d) Require an individual to use his or her social security account number to access an internet web site, unless a password or unique personal identification number or other authentication device is also required to access the internet website.
(e) Print an individual's social security account number on any materials that are mailed to the individual, unless state or federal law requires the social security account number to be on the document to be mailed. Notwithstanding this paragraph, social security account numbers may be included in applications and forms sent by mail, including documents sent as part of an application or enrollment process, or to establish, amend or terminate an account, contract or policy, or to confirm the accuracy of the social security account number. A social security account number that is permitted to be mailed under this section may not be printed, in whole or part, on a postcard or other mailer not requiring an envelope, or visible on the envelope or without the envelope having been opened.
(f) Encode or embed a social security number in or on a card or document, including, but not limited to, using a bar code, chip, magnetic strip, or other technology, in place of removing the social security number as required by this section.
(g) Knowingly use the labor or time of or employ any incarcerated individual in this state, or in any other jurisdiction, in any capacity that involves obtaining access to, collecting or processing social security account numbers of other individuals.
3. This section does not prevent the collection, use, or release of a social security account number as required by state or federal law, the use of a social security account number for internal verification, fraud investigation or administrative purposes or for any business function specifically authorized by 15 U.S.C. 6802.
4. Any person, firm, partnership, association or corporation having possession of the social security account number of any individual shall, to the extent that such number is maintained for the conduct of business or trade, take reasonable measures to ensure that no officer or employee has access to such number for any purpose other than for a legitimate or necessary purpose related to the conduct of such business or trade and provide safeguards necessary or appropriate to preclude unauthorized access to the social security account number and to protect the confidentiality of such number.
5. Any waiver of the provisions of this section is contrary to public policy, and is void and unenforceable.
6. No person may file any document available for public inspection with any state agency, political subdivision, or in any court of this state that contains a social security account number of any other person, unless such other person is a dependent child, or has consented to such filing, except as required by federal or state law or regulation, or by court rule.
7. Whenever there shall be a violation of this section, application may be made by the attorney general in the name of the people of the state of New York to a court or justice having jurisdiction by a special proceeding to issue an injunction, and upon notice to the defendant of not less than five days, to enjoin and restrain the continuance of such violations; and if it shall appear to the satisfaction of the court or justice that the defendant has, in fact, violated this section, an injunction may be issued by such court or justice, enjoining and restraining any further violation, without requiring proof that any person has, in fact, been injured or damaged thereby. In any such proceeding, the court may make allowances to the attorney general as provided in paragraph six of subdivision (a) of section eighty-three hundred three of the civil practice law and rules, and direct restitution. In connection with any such proposed application, the attorney general is authorized to take proof and make a determination of the relevant facts and to issue subpoenas in accordance with the civil practice law and rules. Whenever the court shall determine that a violation of subdivision two of this section has occurred, the court may impose a civil penalty of not more than one thousand dollars for a single violation and not more than one hundred thousand dollars for multiple violations resulting from a single act or incident. The second violation and any violation committed thereafter shall be punishable by a civil penalty of not more than five thousand dollars for a single violation and not more than two hundred fifty thousand dollars for multiple violations resulting from a single act or incident. No person, firm, partnership, association or corporation shall be deemed to have violated the provisions of this section if such person, firm, partnership, association or corporation shows, by a preponderance of the evidence, that the violation was not intentional and resulted from a bona fide error made notwithstanding the maintenance of procedures reasonably adopted to avoid such error.
* NB There are 2 § 399-ddd's
§ 399-ddd. Disclosure of social security number. 1. As used in this section, "social security account number" shall include the number issued by the federal social security administration and any number derived from such number. Such term shall not include any number that has been encrypted.
2. No person, firm, partnership, association or corporation, not including the state or its political subdivisions, shall require an individual to disclose or furnish his or her social security account number, for any purpose in connection with any activity, or to refuse any service, privilege or right to an individual wholly or partly because such individual refuses to disclose or furnish such number, unless one of the exceptions enumerated in subdivision three of this section applies.
3. The provisions of this section shall not apply in the following instances:
(a) The individual consents to the acquisition or use of his or her social security account number.
(b) The social security account number is expressly required by federal, state, or local law or regulation.
(c) The social security account number is to be used for internal verification or fraud investigation.
(d) The social security account number is to be used for any business function permitted or allowed under the Gramm Leach Bliley Act, P.L. 106-102 (1999).
(e) The social security account number is requested in connection with a request for credit or a credit transaction initiated by the consumer or in connection with a lawful request for a consumer report or investigative consumer report, as such terms are defined in section three hundred eighty-a of this chapter.
(f) The social security account number is requested in connection with a deposit account or an investment.
(g) The social security account number is requested for purposes of employment, including in the course of the administration of a claim, benefit, or procedure related to the individual's employment by the person, including the individual's termination from employment, retirement from employment, injury suffered during the course of employment, or to check on an unemployment insurance claim of the individual.
(h) The social security account number is requested for purposes of tax compliance.
(i) The social security account number is requested for the purpose of:
i. the collection of child or spousal support;
ii. determining whether an individual has a criminal record; or
iii. blood or organ donation.
(j) The social security account number is requested in connection with any interaction with a governmental law enforcement agency or is used in conjunction with the enforcement of a judgment of a court of competent jurisdiction by a sheriff or marshal.
(k) The social security account number is requested for the purpose of verifying an individual's identity or age in order to allow such individual to obtain access to, or enroll in, a marketing program that is restricted to individuals of a certain age.
(l) i. The social security account number is requested by an individual, firm, corporation, or other entity doing business pursuant to a franchise issued by a political subdivision of the state or a license, franchise, certificate or other authorization issued by the New York state public service commission.
ii. The social security account number is requested by an individual, firm, corporation, or other entity regulated by the New York state public service commission, the federal communications commission, or the federal energy regulatory commission.
iii. The social security account number is requested by a banking institution, as defined in section nine-f of the banking law, or one of its affiliates.
(m) The social security account number is requested by an authorized insurer, as defined in section one hundred seven of the insurance law, for the purpose of furnishing information to the Centers for Medicare and Medicaid Services within the United States Department of Health and Human Services.
4. Whenever there shall be a violation of this section, application may be made by the attorney general in the name of the people of the state of New York to a court or justice having jurisdiction by a special proceeding to issue an injunction, and upon notice to the defendant of not less than five days, to enjoin and restrain the continuance of such violation; and if it shall appear to the satisfaction of the court or justice that the defendant has, in fact, violated this section, an injunction may be issued by such court or justice, enjoining and restraining any further violation, without requiring proof that any person has, in fact, been injured or damaged thereby. In any such proceeding, the court may make allowances to the attorney general as provided in paragraph six of subdivision (a) of section eighty-three hundred three of the civil practice law and rules, and direct restitution. In connection with any such proposed application, the attorney general is authorized to take proof and make a determination of the relevant facts and to issue subpoenas in accordance with the civil practice law and rules. Whenever the court shall determine that a violation of subdivision two of this section has occurred, the court shall impose a civil penalty of not more than five hundred dollars. The second offense and any offense committed thereafter shall be punishable by a civil penalty of not more than one thousand dollars.
5. No person, firm, partnership, association or corporation shall be deemed to have violated the provisions of this section if such person, firm, partnership, association or corporation shows, by a preponderance of the evidence, that the violation was not intentional and resulted from a bona fide error made notwithstanding the maintenance of procedures reasonably adopted to avoid such error.
* NB There are 2 § 399-ddd's
Confidentiality of Social Security Account Number (New York General Business Law Sec. 399-dd, as added by Laws of 2006, Chapter 676, Sec. 1, effective September 13, 2006.)
For more information, see here: http://public.leginfo.state.ny.us/lawssrch.cgi?NVLWO:
These materials were obtained directly from the State Legislative websites and are posted here for your review and reference only. No Claim to Original State Government Works. This may not be the most recent version. The State may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to. Please check the linked sources directly.