OLR Bill Analysis

sSB 315 (File 241, as amended by Senate “A”)*

AN ACT PROHIBITING THE UNNECESSARY COLLECTION OF SOCIAL SECURITY NUMBERS.

SUMMARY:

With various exceptions, this bill prohibits anyone doing business in Connecticut from requesting or collecting an individual's Social Security number (SSN).

The bill exempts among others, financial institutions, health care providers, insurers, and credit agencies from this prohibition.

*Senate Amendment “A” (1) adds an exemption for HIPAA, (2) requires an individual's authorization for consumer reports, (3) clarifies the age restriction provision, and (4) limits SSN collection for background checks and related uses where alternative identification is unavailable.

EFFECTIVE DATE: July 1, 2012

EXEMPTIONS

This prohibition does not apply to the state, its political subdivisions, or any of their agencies. The prohibition also does not apply to:

1. collecting SSNs as required to comply with state or federal law;

2. collecting SSNs by a person subject to the Gramm-Leach-Bliley Financial Modernization Act or the Health Insurance Portability and Accountability Act of 1996 (HIPAA);

3. credit transactions or an entity regulated by the Fair Credit Reporting Act for purposes authorized by that act;

4. a request for reports prepared by consumer credit reporting agencies in response to an authorization by the individual;

5. background checks, identity verification, fraud prevention, medical treatment, law enforcement purposes, or the individual's employment, including employment benefits, only if no other valid proof of identification, including a birth certificate, government issued identity card, or driver's license is available; or

6. collecting SSNs to verify an individual's age with respect to age restrictions under federal or state law in compliance with such laws.

Violators are subject to a fine of up to $ 500 for a first offense and up to $ 1,000 for each subsequent offense. Any willful violators are subject to a civil penalty of $ 1,000 for each violation, which is deposited into the privacy protection guaranty and enforcement account, which is used to reimburse losses sustained by those injured by violations of the SSN protection statutes.

BACKGROUND

Federal Law

Gramm-Leach-Bliley Financial Modernization Act. This act applies to "financial institutions" that offer financial products or services to individuals, such as loans, financial or investment advice, or insurance. Among other things, it requires these companies to give consumers privacy notices that explain the institutions' information-sharing practices. In turn, consumers have the right to limit some, but not all, sharing of their information.

HIPAA. Among other things, HIPAA's privacy rule limits the circumstances when health care providers, insurers, and other covered entities may release protected health information (PHI). PHI includes medical information that contains information that could identify a person, including name, SSN, telephone number, medical record number, and ZIP code. Federal regulation protects this information regardless of how it is stored or transmitted.

Fair Credit Reporting Act. This act regulates the collection, dissemination, and use of consumer information, including consumer credit information for companies such as credit reporting agencies. Credit reporting agencies are companies that collect and disseminate information about consumers for credit evaluation and other purposes, including employment.

Connecticut SSN Protections

Existing law includes various provisions restricting the use or disclosure of SSNs. For example, the law requires anyone possessing personal information about another person to safeguard it, including the computer files and documents that contain it. “Personal information” is information that can be associated with an individual through an identifier like a SSN. The law also requires a business that collects SSNs to create a privacy protection policy that must ensure confidentiality of SSNs. These requirements do not apply to the state or its political subdivisions (CGS 42-471).

COMMITTEE ACTION

General Law Committee

Joint Favorable Substitute

Yea

13

Nay

5

(03/20/2012)

Judiciary Committee

Joint Favorable

Yea

24

Nay

17

(05/01/2012)