Miriam Wugmeister, Nathan D. Taylor of Morrison & Foerester wrote the December Privacy and Data Security Update: Six States Now Require Social Security Number Protection Policies.
- Connecticut – Ct. H.B. 5658.
- Massachusetts – 201 Mass. Code Regs. §§ 17.01 – 17.04.
- Michigan – Mich. Comp. Laws § 445.84.
- New Mexico – N.M. Stat. §§ 57-12B-2 – 57-12B-3.
- New York – N.Y. Gen. Bus. Law § 3990dd(4).
- Texas – Tex. Bus. & Com. Code § 35.581 (effective through March 31, 2009); Tex. Bus. & Com. Code § 501.051 – 501.053 (effective April 1, 2009).
These state SSN protection policy requirements highlight the importance of maintaining up-to-date privacy policies that comply with the evolving requirements under applicable state laws. To get started, an organization should consider taking the following steps:
- determine if you collect or maintain SSNs;
- review your policies and procedures that are employee-facing to determine if you have sufficient policies to meet the obligations under the various state laws;
- update your policies and procedures as needed;
- train employees on the new policies and procedures; and
- audit your employees to ensure that they are complying with your policies and procedures.