|
 |
Announcements
| Articles | The
Counselor
WINTER 2008 • Vol. XLVII
- Understanding the Costs When Your
Insurance Company Pays For Your Legal Defense
- The Importance of Zoning Due Diligence
- Identity Theft Protection - The
Things You Should Know
- The Firm Highlights
- The Firm News, Appearances and
Articles
Identity Theft Protection - The Things You Should Know
By Russell G. Tisman
Under the New York Social Security Number Protection
Law, which takes effect on January 1, 2008, New York employers
are prohibited from using employee social security numbers
for identification or record keeping purposes, and face
new requirements to safeguard the confidentiality of such
information. The law’s requirements, as a matter of
New York’s public policy, may not be waived, and empower
the Attorney General to impose civil penalties against violations.
This statute applies to businesses, but not to state or
local government entities. It does not regulate an individual’s
disclosure of his or her own number, but regulates disclosures
by other individuals, and applies to both partial and full
social security numbers. As of January 1st, covered individuals
and entities will face a number of restrictions prohibiting
the use of social security numbers as it relates to the
disclosure, transmission and storage of information.
Individuals and businesses that maintain social security
numbers are required to “take reasonable measures”
to ensure that social security numbers are only used for
legitimate business purposes by providing safeguards to
prevent unauthorized access to information and protect the
confidentiality of the number.
To comply with this new law, we recommend that employers
take precautionary steps to protect their employee and customer
records, and implement safeguard procedures to determine
why and how a social security number is being used. Policies
should be implemented to restrict access to sensitive information,
and training should be provided to educate the appropriate
employees about the law’s requirements and the consequences
of violations. Finally, measures should be taken to safeguard
the storage and transmission of information, including setting
appropriate internet encryption standards and password protection
methods to prevent unauthorized access. The Firm is available
to assist clients in conducting audits, and implementing
policies and safeguards to insure compliance with this law.
|
|
|
