Legislative and Compliance
About Us News & Events Contact Us  
March 9, 2009

STATE UPDATES

Note: GIS strongly recommends that our clients review the state statutes further and consult with their legal counsel on the impact these statues may have on them.

New State Requiring Social Security Number Protection Policy

Massachusetts
Effective January 1, 2010, Massachusetts requires businesses that store or use information about Massachusetts residents, to implement procedures that protect Social Security numbers. The procedures are:

  1. ensure the security and confidentiality of this information in a manner consistent with industry standards,
  2. protect against anticipated threats or hazards to the security or integrity of such information; and
  3. protect against in such a manner consistent with industry standards.

 

Five Previous States that Require Social Security Number Protection Policy

Connecticut
Effective October 1, 2008, new Connecticut privacy law imposes $500,000 in civil penalties for misuse of personal information. Any person in possession of personal information must safeguard the information from misuse by third parties. Any person who collects Social Security numbers must create a privacy protection policy that must be published. The policy must:

  1. protect confidentiality of Social Security numbers,
  2. prohibit unlawful disclosure of Social Security numbers; and
  3. limit access to Social Security numbers

Michigan
Effective October 1, 2008, new Connecticut privacy law imposes $500,000 in civil penalties for misuse of personal information. Any person in possession of personal information must safeguard the information from misuse by third parties. Any person who collects Social Security numbers must create a privacy protection policy that must be published. The policy must:

  1. protect confidentiality of Social Security numbers,
  2. prohibit unlawful disclosure of Social Security numbers; and
  3. limit access to Social Security numbers

New Mexico
Effective 2008, New Mexico implemented new laws concerning disclosure of Social Security numbers, specifically providing for the following:

  1. A business may not require a consumer's Social Security number as a condition to lease, purchase products, goods or services from the business.
  2. A business may require a consumer to provide a Social Security number in connection with an application for credit or in connection with annuity or insurance transactions so long as the Social Security number is used consistant with state or federal laws.
  3. A business may acquire or use a consumer's Social Security number only upon consent of the consumer.
  4. Companies acquiring or using Social Security numbers of consumers must adopt internal policies that:
    • limit access to the Social Security number; and
    • hold employees responsible if the Social Security numbers are released to unauthorized parties.

New York
Effective January 3, 2009, New York limits use and dissemination of Social Security numbers. This new law requires businesses that possess Social Security numbers to implement safeguards. The new law prohibits employers from:

  1. publicly posting or displaying an employee's Social Security number,
  2. visibly printing a Social Security number on any identification badge or card, including any time card,
  3. placing a Social Security number in files with unrestricted access; or
  4. communicating an employee's personal indentifying information to the general public.

A civil penalty of up to $500 may be imposed on any employer for any knowing violation.

Texas
Effective October 1, 2008, Texas law requires a privacy policy for a business to require disclosure of Social Security number. A person may not require an individual to disclose the individual's Social Security number unless the person:

  1. adopts a privacy policy,
  2. makes the privacy policy available to the individual;
  3. maintains under the privacy policy the confidentiality and security number disclosed to the person.
  4. ensures that the privacy policy includes:
    • how personal information is collected
    • how and when personal information is used
    • how the personal information is protected,
    • who has access to the personal information; and
    • how the personal information is disposed

If you decide that your business is subject to any or all of these state laws regarding SSN protection, your business should first implement internal policies and procedures to protect Social Security Numbers. Here are some suggestions to help you get started:

  • Determine if your organization maintains or collects SSNs
  • Review your policies and procedures to decide if these policies align with the new state statues
  • Update your policies and procedures to reflect the new state statues
  • Train employees on the newly established policies and procedures
  • Audit your employees to ensure that they comply with the organizations' policies

Some suggestions to safeguard your SSN protection policy:

  • Describe the SSN protection policy to all employees, make sure the policy describes how the organization collects SSNs and how and when the organization utilizes the SSNs
  • Prohibit and restrict the unlawful disclosure of all Social Security Numbers
  • Protect the security and confidentiality of SSNs
  • Limit access to SSNs to just those employees who need access to perform their job
  • Maintain documentation of when employees access, keep, and transport SSNs outside of the business premises
  • Instruct and provide employees with the proper disposal method for SSNs

 

 

FEDERAL UPDATES

New Form I-9 Delayed
U.S. Citizenship and Immigration Services has delayed the effective date of an interim final rule that would create a new edition of the Form I-9 and revise the list of acceptable work authorization documents for I-9 purposes. The effective date is now April 3.

The rule originally was scheduled to go into effect Feb. 2. Because the effective date has been pushed back, employers should continue to use the current edition of the form.

The Form I-9 is the form employers must use to verify the identity and employment eligibility of newly hired employees. The rule would require all documents used to verify employees' identity and employment eligibility to be unexpired. In addition, the rule proposes changes to List A, the list of documents that verify both identity and employment authorization. Employers may submit comments on the rule until March 4.

The Form I-9 delay comes on the heels of Secretary of Homeland Security Janet Napolitano's issuance of an action directive on immigration. The directive calls for a review of a number of current programs, including E-Verify, the U.S. Department of Homeland Security's electronic employment eligibility verification system.

 

 

E-VERIFY UPDATES

E-Verify Federal Contractor Rule Now on Hold Until May 21, 2009
The implementation of an amendment to the Federal Acquisition Rule (FAR) requiring that certain federal contractors and subcontractors use the federal government's E-Verify program has been put on hold until May 21, 2009, announced Robin Conrad, executive vice president of the US Chamber of Commerce's National Chamber of Litigation Center. The Bush Administration had already agreed to delay until February 20, implementation of the amendment pending litigation filed by the Chamber, among other plaintiffs. This time the amendment has been placed on hold so that the Obama Administration has time to review it, longer then the 60 day request made by the Administration in a recent Executive Order. The amendment was scheduled to take effect on January 15, 2009. According to Conrad, the Department of Justice will file papers with the court notifying it of its intention to stay the proceedings pending the Obama Administration's review of the rule.

 

 
GIS One Source. So Many Options.
BACKGROUND
SCREENING		 WORKFORCE
MANAGEMENT		 TAX CREDIT
& INCENTIVES		 INSURANCE INDUSTRY SOLUTIONS ELECTRONIC I-9
SOLUTIONS