Six States Now Require Social Security Number Protection Policies

Miriam Wugmeister, Nathan D. Taylor of Morrison & Foerester wrote the December Privacy and Data Security Update: Six States Now Require Social Security Number Protection Policies.

  • Connecticut – Ct. H.B. 5658.
  • Massachusetts – 201 Mass. Code Regs. §§ 17.01 – 17.04.
  • Michigan – Mich. Comp. Laws § 445.84.
  • New Mexico – N.M. Stat. §§ 57-12B-2 – 57-12B-3.
  • New York – N.Y. Gen. Bus. Law § 3990dd(4).
  • Texas – Tex. Bus. & Com. Code § 35.581 (effective through March 31, 2009); Tex. Bus. & Com. Code § 501.051 – 501.053 (effective April 1, 2009).

These state SSN protection policy requirements highlight the importance of maintaining up-to-date privacy policies that comply with the evolving requirements under applicable state laws.  To get started, an organization should consider taking the following steps:

  • determine if you collect or maintain SSNs;
  • review your policies and procedures that are employee-facing to determine if you have sufficient policies to meet the obligations under the various state laws;
  • update your policies and procedures as needed;
  • train employees on the new policies and procedures; and
  • audit your employees to ensure that they are complying with your policies and procedures.