California Attorney General Kamala D. Harris recently announced a settlement with Anthem Blue Cross, part of WellPoint Inc., regarding allegations that the health insurer unlawfully disclosed the Social Security numbers of about 33,000 Medicare subscribers between April 2011 and March 2012. According to the state’s complaint (filed simultaneously with the settlement), Anthem printed the Social Security numbers on letters to policyholders that could be seen through the envelope window. The state alleged this action violated California Business and Professions Code § 1798.85, which restricts disclosure of the numbers. Anthem has agreed to pay $150,000 and implement additional security safeguards in its existing data management system, including restricted employee access and enhanced data security training. Anthem had already suspended mailing payment letters after discovering they contained Social Security numbers, notified all affected members by mail, and offered each member one year of free credit monitoring services.
Tip: This case serves as a reminder that companies should take particular care when handling consumer personally identifiable information that includes Social Security numbers. When sending mailings or emails, doing a test or seeing how something will look “in final form” is always a good step as part of a compliance review.