Employee Personal Identifying Information Law

New York Labor Law amendments regarding employer use and dissemination of employees’ personal identifying information took effect January 3, 2009. Employers are now prohibited from:

  • Visibly printing an employee’s social security number (SSN) on any identifi cation badge, including timecards;
  • Publicly posting an employee’s SSN;
  • Placing an employee’s SSN in fi les with unrestricted access; and
  • Communicating to the general public an employee’s SSN, home address, home telephone number, personal email address, internet identifi cation name or password, parent’s maiden name, or drivers license number.

Additionally, SSNs may not be used as identifi cation numbers for purposes of occupational licensing. Employers face a civil penalty of up to $500 for any “knowing violations” of the law. Failure to advise employees of this law and failure to establish procedures or policies to safeguard against violations provide “presumptive evidence” of a “knowing violation” of the law.

Social Security Number Protection Law

The Employee Personal Identifying Information Law supplements protections in place under New York’s Social Security Number Protection Law (SSNPL), which was enacted in January 2008 and amended effective January 3, 2009. Under the SSNPL, employers are further prohibited from:

  • Making employees’ SSNs available to the general public;
  • Printing SSNs on any identifi cation pass or card;
  • Requiring the employee to use his/her SSN over an Internet exchange that is not secure or that is not encrypted;
  • Requiring the employee to use his/her SSN to access an Internet Web site without also requiring a PIN or other authenticating device;
  • Printing SSNs on any correspondence mailed to the employee, unless otherwise required by federal or state law;
  • Encoding or embedding a SSN in a record or document by using a bar code, magnetic strip or other technology; and
  • Filing publicly a document with any state agency or political subdivision, or in any court, that contains a SSN, unless by consent or as required by other federal or state law.

Conclusion

Given the Employee Personal Identifying Information Law’s mandate that employers actively safeguard against violations of the law, it is advisable to review your policies and procedures and make certain that all required notices are appropriately posted and that policies are disseminated to employees effectively.