Last month we introduced you to Connecticut’s new “Act Concerning the Confidentiality of Social Security Numbers” which became effective October 1, 2008. In addition to requiring various safeguards when handling certain personal information, the Act requires “any person who collects Social Security numbers in the course of business” to create a written privacy protection policy which must be published or publicly displayed. The privacy protection policy must (1) protect the confidentiality of Social Security numbers, (2) prohibit unlawful disclosure of the numbers, and (3) limit access to them. The penalty for failing to have a complying policy in place is a civil penalty of $500.00 for each violation, up to a maximum of $500,000.00 for each event. Because all employers are required by federal law to collect Social Security numbers from employees, all Connecticut employers are subject to the Act’s privacy protection policy requirement. While the written policy has to address the protection of Social Security numbers, we advise that the policy address the handling of other personal information as well (e.g. account numbers, driver’s license numbers, etc.) to facilitate compliance with the other sections of the Act. Once your privacy protection policy is drafted, we recommend publishing it in your employee handbook, posting it on your bulletin board, or posting it electronically on the company intranet. If you have not yet complied with the Act, Brody and Associates is prepared to design a privacy protection policy that will meet the specific needs of your workplace and bring you into compliance. This service is offered at an affordable flat rate. Brody and Associates regularly advises management on complying with state and federal employment laws including privacy laws. If we can be of assistance in this area, please contact us at info@brodyandassociates.com or (203) 965-0560. |