This is a reminder that companies with operations or substantial business in the State of Michigan must implement a policy to protect the confidentiality of Social Security numbers (SSN) by January 1, 2006.
Michigan’s Social Security Number Privacy Act, Mich. Comp. Laws Ann. 445.81 et seq., which took effect earlier this year, limits employers’ and others’ use of SSNs for identification purposes and imposes affirmative obligations to protect against disclosure of SSNs. These limitations and obligations apply not only to the employer-employee relationship, but also apply to customers, vendors and others. The Act prohibits practices such as: publicly displaying SSNs; using SSNs as primary account numbers for individuals; printing more than four sequential digits of the SSN on identification badges and cards; and listing the SSN on any documents mailed to an individual if the numbers are visible on or from the outside of the envelope. Beginning January 1, 2006, the Act prohibits companies from including more than four sequential digits of the SSN in any document or information mailed to a person, without regard to whether it can be viewed from outside the envelope (except in specified circumstances).
The Act further requires that, no later than January 1, 2006, all entities must implement a privacy policy to protect SSNs that, at a minimum, covers the following:
- Ensures, to the extent practicable, that the confidentiality of SSNs is maintained;
- Prohibits unlawful disclosure of SSNs;
- Limits the number of people who have access to documents or data that contain SSNs;
- Describes how to properly dispose of documents or data that contain SSNs; and
- Establishes penalties for violation of the policy.
The privacy policy must be published in an employee handbook, procedures manual, or similar document, which may be made available electronically.
January 1 is right around the corner and if your company has not already implemented such a policy, you need to do so promptly. If you need assistance in developing a privacy policy, or in implementing procedures to ensure you are in compliance, please contact the Ogletree Deakins attorney with whom you normally work or the Client Services Department at 866-287-2576 or via e-mail at clientservices@ogletreedeakins.com.
Note: This article was published in the December 5, 2005 issue of the Michigan eAuthority.