Article Categories Advertising, Marketing & Trademark Antitrust and Trade Regulation Bank & Finance China Construction Corporate & Securities Employment Energy Family Law Government Relations Health Law Immigration Intellectual Property International Internet, Technology &
E–Commerce Life Sciences Litigation Real Estate Shareholder Disputes Tax Planning & Business Organization Trusts & Estates White Collar & Regulatory Defense
 
Article Search

Anne M. Radolinski

Anne M. Radolinski Employment & Labor

aradolinski@fredlaw.com
612.492.7104
Printable Version

Privacy Update – A New Twist

By: ANNE M. RADOLINSKI

September 2006

The Governor signed into law this summer an amendment to the consumer protection laws that deals specifically with the security of social security numbers. The new section applies to all persons and entities, excluding governmental agencies, and is effective July 1, 2007. See Minn. Stat. § 325E.59. It prohibits all persons and entities, excluding government agencies, from:

  • Making available or communicating social security numbers (“SSNs”) to the general public.
  • Printing SSNs on cards necessary to access products or services.
  • Requiring an individual to transmit his or her social security number over the internet unless the connection is secure or the social security number is encrypted.
  • Requiring a SSN to access a website without also requiring a password, personal identification number, or other authentication device.
  • Printing a number the person or entity knows to be an individual’s SSN on any materials that are mailed to the individual unless federal or state law requires the SSN to be on the document to be mailed.

The provisions, which apply to the use of social security numbers on or after July 1, 2007, contain certain limited exceptions. For example, social security numbers may be used in applications and forms sent by mail, such as documents that are part of a benefits enrollment process.

If an entity wishes to use social security numbers in a manner inconsistent with the new Section 325E.59 after July 1, 2007, it must comply with a number of specific procedures and notice requirements.

In light of the new Section 325E.59, employers should:

  • Review their security practices and policies to ensure that social security numbers of employees are closely protected.
  • Ensure that only a select group of employees have access to payroll and social security information--specifically, those employees who need such information to perform their jobs.
  • Ensure that employees who do handle social security and other confidential information receive written instruction (signing a written policy or agreement if possible) regarding the handling of SSNs, payroll, and other confidential information.
  • Ensure that personnel records, such as benefit records, that contain SSNs are kept in a confidential benefits or other section of personnel files to which only a select group of employees have access.
  • Allow SSNs to be used to access information and accounts only when accompanied by a personal password, personal identification number, or authentication device.

We expect that legislatures and courts will continue to develop protections for confidential consumer and employee information as identify theft and related concerns intensify. We will continue to keep you posted regarding developments.