There is a newer version of the New York Consolidated Laws
2022
2021
2020
2019
2018
Other previous versions
View our newest version here

2013 New York Consolidated Laws
GBS - General Business
Article 26 - (390 - 399-ZZZ) MISCELLANEOUS
399-DDD - Cofidentiality of social security account number.


NY Gen Bus L § 399-DDD (2012) What's This?
 
    * §  399-ddd.  Confidentiality  of  social  security  account  number.
  Beginning on and after January first, two thousand eight:
    1. (a) As used in this section "social security account number"  shall
  include  the number issued by the federal social security administration
  and any number derived from such number. Such term shall not include any
  number that has been encrypted.
    (b) For purposes of this section, the term  "inmate"  means  a  person
  confined  in  any  local correctional facility as defined in subdivision
  sixteen of section two of the correction  law  or  in  any  correctional
  facility  as defined in paragraph (a) of subdivision four of section two
  of the correction law pursuant to such person's conviction of a criminal
  offense.
    2. No person,  firm,  partnership,  association  or  corporation,  not
  including  the  state or its political subdivisions, shall do any of the
  following:
    (a) Intentionally communicate to the general public or otherwise  make
  available  to  the  general  public in any manner an individual's social
  security  account  number.  This  paragraph  shall  not  apply  to   any
  individual   intentionally   communicating  to  the  general  public  or
  otherwise making available to the  general  public  his  or  her  social
  security account number.
    (b)  Print  an individual's social security account number on any card
  or tag required for the  individual  to  access  products,  services  or
  benefits  provided  by  the  person,  firm,  partnership, association or
  corporation.
    (c) Require an individual to  transmit  his  or  her  social  security
  account number over the internet, unless the connection is secure or the
  social security account number is encrypted.
    (d)  Require  an  individual to use his or her social security account
  number to access an internet web  site,  unless  a  password  or  unique
  personal  identification  number  or other authentication device is also
  required to access the internet website.
    (e) Print an  individual's  social  security  account  number  on  any
  materials that are mailed to the individual, unless state or federal law
  requires  the social security account number to be on the document to be
  mailed. Notwithstanding this paragraph, social security account  numbers
  may  be  included  in  applications  and  forms  sent by mail, including
  documents sent as part of an application or enrollment  process,  or  to
  establish,  amend  or  terminate  an  account, contract or policy, or to
  confirm the accuracy of the social security  account  number.  A  social
  security  account  number  that  is  permitted  to  be mailed under this
  section may not be printed, in whole or part, on  a  postcard  or  other
  mailer  not requiring an envelope, or visible on the envelope or without
  the envelope having been opened.
    (f) Encode or embed a social security  number  in  or  on  a  card  or
  document,  including,  but  not  limited  to,  using  a  bar code, chip,
  magnetic strip, or other technology, in place  of  removing  the  social
  security number as required by this section.
    (g)  Knowingly  use  the labor or time of or employ any inmate in this
  state, or in any other  jurisdiction,  in  any  capacity  that  involves
  obtaining  access  to,  collecting or processing social security account
  numbers of other individuals.
    3. This section does not prevent the collection, use, or release of  a
  social  security account number as required by state or federal law, the
  use of a social security account number for internal verification, fraud
  investigation or administrative purposes or for  any  business  function
  specifically authorized by 15 U.S.C. 6802.


    4.  Any  person,  firm, partnership, association or corporation having
  possession of the social  security  account  number  of  any  individual
  shall,  to  the extent that such number is maintained for the conduct of
  business or trade, take reasonable measures to ensure that no officer or
  employee  has  access  to  such  number for any purpose other than for a
  legitimate or necessary purpose related to the conduct of such  business
  or  trade  and  provide  safeguards necessary or appropriate to preclude
  unauthorized access to the social security account number and to protect
  the confidentiality of such number.
    5. Any waiver of the provisions of this section is contrary to  public
  policy, and is void and unenforceable.
    6.  No  person  may  file any document available for public inspection
  with any state agency, political subdivision, or in any  court  of  this
  state  that  contains  a  social  security  account  number of any other
  person, unless such other person is a dependent child, or has  consented
  to  such  filing,  except  as  required  by  federal  or  state  law  or
  regulation, or by court rule.
    7. Whenever there shall be a violation of  this  section,  application
  may  be  made  by  the attorney general in the name of the people of the
  state of New York to a court or justice having jurisdiction by a special
  proceeding to issue an injunction, and upon notice to the  defendant  of
  not  less than five days, to enjoin and restrain the continuance of such
  violations; and if it shall appear to the satisfaction of the  court  or
  justice  that  the  defendant  has,  in  fact, violated this section, an
  injunction may be  issued  by  such  court  or  justice,  enjoining  and
  restraining  any  further  violation,  without  requiring proof that any
  person has, in fact, been  injured  or  damaged  thereby.  In  any  such
  proceeding,  the  court  may  make allowances to the attorney general as
  provided in paragraph six of subdivision  (a)  of  section  eighty-three
  hundred   three  of  the  civil  practice  law  and  rules,  and  direct
  restitution. In connection  with  any  such  proposed  application,  the
  attorney general is authorized to take proof and make a determination of
  the  relevant  facts and to issue subpoenas in accordance with the civil
  practice law and rules.  Whenever  the  court  shall  determine  that  a
  violation of subdivision two of this section has occurred, the court may
  impose  a  civil  penalty  of  not  more than one thousand dollars for a
  single violation and not more than  one  hundred  thousand  dollars  for
  multiple  violations resulting from a single act or incident. The second
  violation and any violation committed thereafter shall be punishable  by
  a  civil  penalty  of  not  more than five thousand dollars for a single
  violation and not more than  two  hundred  fifty  thousand  dollars  for
  multiple  violations resulting from a single act or incident. No person,
  firm, partnership, association or corporation shall be  deemed  to  have
  violated   the   provisions  of  this  section  if  such  person,  firm,
  partnership, association or corporation shows, by a preponderance of the
  evidence, that the violation was not intentional  and  resulted  from  a
  bona  fide  error  made  notwithstanding  the  maintenance of procedures
  reasonably adopted to avoid such error.
    * NB There are 2 § 399-ddd's

Disclaimer: These codes may not be the most recent version. New York may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.