S T A T E   O F   N E W   Y O R K
      ________________________________________________________________________

                                       6909--C
          Cal. No. 443

                                  I N  S E N A T E

                                    March 6, 2006
                                     ___________

      Introduced  by  Sen. MORAHAN -- read twice and ordered printed, and when
        printed to be committed to the Committee  on  Consumer  Protection  --
        reported  favorably  from  said committee, ordered to first and second
        report, ordered to a third reading,  amended  and  ordered  reprinted,
        retaining its place in the order of third reading -- again amended and
        ordered  reprinted,  retaining its place in the order of third reading
        -- again amended and ordered reprinted, retaining  its  place  in  the
        order of third reading

      AN  ACT  to amend the general business law, in relation to the confiden-
        tiality of social security account numbers

        THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
      BLY, DO ENACT AS FOLLOWS:

   1    Section 1. The general business law is amended by adding a new section
   2  399-dd to read as follows:
   3    S 399-DD. CONFIDENTIALITY OF SOCIAL SECURITY ACCOUNT NUMBER. BEGINNING
   4  ON AND AFTER JANUARY FIRST, TWO THOUSAND EIGHT:
   5    1.  AS  USED  IN  THIS  SECTION "SOCIAL SECURITY ACCOUNT NUMBER" SHALL
   6  INCLUDE THE NUMBER ISSUED BY THE FEDERAL SOCIAL SECURITY  ADMINISTRATION
   7  AND ANY NUMBER DERIVED FROM SUCH NUMBER. SUCH TERM SHALL NOT INCLUDE ANY
   8  NUMBER THAT HAS BEEN ENCRYPTED.
   9    2.  NO  PERSON,  FIRM,  PARTNERSHIP,  ASSOCIATION  OR CORPORATION, NOT
  10  INCLUDING THE STATE OR ITS POLITICAL SUBDIVISIONS, SHALL DO ANY  OF  THE
  11  FOLLOWING:
  12    (A)  INTENTIONALLY COMMUNICATE TO THE GENERAL PUBLIC OR OTHERWISE MAKE
  13  AVAILABLE TO THE GENERAL PUBLIC IN ANY  MANNER  AN  INDIVIDUAL`S  SOCIAL
  14  SECURITY ACCOUNT NUMBER.  THIS PARAGRAPH SHALL NOT APPLY TO ANY INDIVID-
  15  UAL  INTENTIONALLY  COMMUNICATING  TO  THE  GENERAL  PUBLIC OR OTHERWISE
  16  MAKING AVAILABLE TO THE  GENERAL  PUBLIC  HIS  OR  HER  SOCIAL  SECURITY
  17  ACCOUNT NUMBER.
  18    (B)  PRINT  AN INDIVIDUAL`S SOCIAL SECURITY ACCOUNT NUMBER ON ANY CARD
  19  OR TAG REQUIRED FOR THE INDIVIDUAL TO ACCESS PRODUCTS, SERVICES OR BENE-
  20  FITS PROVIDED BY THE PERSON, FIRM, PARTNERSHIP,  ASSOCIATION  OR  CORPO-
  21  RATION.

       EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                            { } is old law to be omitted.
                                                                 LBD14687-12-6

      S. 6909--C                          2

   1    (C)  REQUIRE  AN  INDIVIDUAL  TO  TRANSMIT  HIS OR HER SOCIAL SECURITY
   2  ACCOUNT NUMBER OVER THE INTERNET, UNLESS THE CONNECTION IS SECURE OR THE
   3  SOCIAL SECURITY ACCOUNT NUMBER IS ENCRYPTED.
   4    (D)  REQUIRE  AN  INDIVIDUAL TO USE HIS OR HER SOCIAL SECURITY ACCOUNT
   5  NUMBER TO ACCESS AN INTERNET WEB  SITE,  UNLESS  A  PASSWORD  OR  UNIQUE
   6  PERSONAL  IDENTIFICATION  NUMBER  OR OTHER AUTHENTICATION DEVICE IS ALSO
   7  REQUIRED TO ACCESS THE INTERNET WEBSITE.
   8    (E) PRINT AN INDIVIDUAL`S SOCIAL SECURITY ACCOUNT NUMBER ON ANY  MATE-
   9  RIALS  THAT  ARE  MAILED  TO THE INDIVIDUAL, UNLESS STATE OR FEDERAL LAW
  10  REQUIRES THE SOCIAL SECURITY ACCOUNT NUMBER TO BE ON THE DOCUMENT TO  BE
  11  MAILED.  NOTWITHSTANDING THIS PARAGRAPH, SOCIAL SECURITY ACCOUNT NUMBERS
  12  MAY BE INCLUDED IN APPLICATIONS AND FORMS SENT BY MAIL, INCLUDING  DOCU-
  13  MENTS SENT AS PART OF AN APPLICATION OR ENROLLMENT PROCESS, OR TO ESTAB-
  14  LISH,  AMEND  OR TERMINATE AN ACCOUNT, CONTRACT OR POLICY, OR TO CONFIRM
  15  THE ACCURACY OF THE SOCIAL SECURITY ACCOUNT NUMBER.  A  SOCIAL  SECURITY
  16  ACCOUNT NUMBER THAT IS PERMITTED TO BE MAILED UNDER THIS SECTION MAY NOT
  17  BE  PRINTED, IN WHOLE OR PART, ON A POSTCARD OR OTHER MAILER NOT REQUIR-
  18  ING AN ENVELOPE, OR VISIBLE ON THE  ENVELOPE  OR  WITHOUT  THE  ENVELOPE
  19  HAVING BEEN OPENED.
  20    3.  THIS SECTION DOES NOT PREVENT THE COLLECTION, USE, OR RELEASE OF A
  21  SOCIAL SECURITY ACCOUNT NUMBER AS REQUIRED BY STATE OR FEDERAL LAW,  THE
  22  USE OF A SOCIAL SECURITY ACCOUNT NUMBER FOR INTERNAL VERIFICATION, FRAUD
  23  INVESTIGATION  OR  ADMINISTRATIVE  PURPOSES OR FOR ANY BUSINESS FUNCTION
  24  SPECIFICALLY AUTHORIZED BY 15 U.S.C. 6802.
  25    4. ANY PERSON, FIRM, PARTNERSHIP, ASSOCIATION  OR  CORPORATION  HAVING
  26  POSSESSION  OF  THE  SOCIAL  SECURITY  ACCOUNT  NUMBER OF ANY INDIVIDUAL
  27  SHALL, TO THE EXTENT THAT SUCH NUMBER IS MAINTAINED FOR THE  CONDUCT  OF
  28  BUSINESS OR TRADE, TAKE REASONABLE MEASURES TO ENSURE THAT NO OFFICER OR
  29  EMPLOYEE  HAS  ACCESS  TO  SUCH  NUMBER FOR ANY PURPOSE OTHER THAN FOR A
  30  LEGITIMATE OR NECESSARY PURPOSE RELATED TO THE CONDUCT OF SUCH  BUSINESS
  31  OR  TRADE  AND  PROVIDE  SAFEGUARDS NECESSARY OR APPROPRIATE TO PRECLUDE
  32  UNAUTHORIZED ACCESS TO THE SOCIAL SECURITY ACCOUNT NUMBER AND TO PROTECT
  33  THE CONFIDENTIALITY OF SUCH NUMBER.
  34    5. ANY WAIVER OF THE PROVISIONS OF THIS SECTION IS CONTRARY TO  PUBLIC
  35  POLICY, AND IS VOID AND UNENFORCEABLE.
  36    6.  WHENEVER  THERE  SHALL BE A VIOLATION OF THIS SECTION, APPLICATION
  37  MAY BE MADE BY THE ATTORNEY GENERAL IN THE NAME OF  THE  PEOPLE  OF  THE
  38  STATE OF NEW YORK TO A COURT OR JUSTICE HAVING JURISDICTION BY A SPECIAL
  39  PROCEEDING  TO  ISSUE AN INJUNCTION, AND UPON NOTICE TO THE DEFENDANT OF
  40  NOT LESS THAN FIVE DAYS, TO ENJOIN AND RESTRAIN THE CONTINUANCE OF  SUCH
  41  VIOLATIONS;  AND  IF IT SHALL APPEAR TO THE SATISFACTION OF THE COURT OR
  42  JUSTICE THAT THE DEFENDANT HAS,  IN  FACT,  VIOLATED  THIS  SECTION,  AN
  43  INJUNCTION  MAY  BE  ISSUED  BY  SUCH  COURT  OR  JUSTICE, ENJOINING AND
  44  RESTRAINING ANY FURTHER VIOLATION,  WITHOUT  REQUIRING  PROOF  THAT  ANY
  45  PERSON  HAS,  IN  FACT,  BEEN  INJURED  OR  DAMAGED THEREBY. IN ANY SUCH
  46  PROCEEDING, THE COURT MAY MAKE ALLOWANCES TO  THE  ATTORNEY  GENERAL  AS
  47  PROVIDED  IN  PARAGRAPH  SIX  OF SUBDIVISION (A) OF SECTION EIGHTY-THREE
  48  HUNDRED THREE OF THE CIVIL PRACTICE LAW AND RULES, AND  DIRECT  RESTITU-
  49  TION.  IN  CONNECTION  WITH  ANY SUCH PROPOSED APPLICATION, THE ATTORNEY
  50  GENERAL IS AUTHORIZED TO TAKE PROOF AND  MAKE  A  DETERMINATION  OF  THE
  51  RELEVANT FACTS AND TO ISSUE SUBPOENAS IN ACCORDANCE WITH THE CIVIL PRAC-
  52  TICE  LAW AND RULES. WHENEVER THE COURT SHALL DETERMINE THAT A VIOLATION
  53  OF SUBDIVISION TWO OF THIS SECTION HAS OCCURRED, THE COURT MAY IMPOSE  A
  54  CIVIL  PENALTY  OF  NOT  MORE  THAN  ONE  THOUSAND  DOLLARS FOR A SINGLE
  55  VIOLATION AND NOT MORE THAN ONE HUNDRED THOUSAND  DOLLARS  FOR  MULTIPLE
  56  VIOLATIONS RESULTING FROM A SINGLE ACT OR INCIDENT. THE SECOND VIOLATION

      S. 6909--C                          3

   1  AND  ANY  VIOLATION  COMMITTED THEREAFTER SHALL BE PUNISHABLE BY A CIVIL
   2  PENALTY OF NOT MORE THAN FIVE THOUSAND DOLLARS FOR  A  SINGLE  VIOLATION
   3  AND  NOT  MORE  THAN  TWO  HUNDRED  FIFTY  THOUSAND DOLLARS FOR MULTIPLE
   4  VIOLATIONS  RESULTING  FROM  A  SINGLE ACT OR INCIDENT. NO PERSON, FIRM,
   5  PARTNERSHIP, ASSOCIATION OR CORPORATION SHALL BE DEEMED TO HAVE VIOLATED
   6  THE PROVISIONS OF THIS SECTION IF SUCH PERSON, FIRM, PARTNERSHIP,  ASSO-
   7  CIATION  OR  CORPORATION SHOWS, BY A PREPONDERANCE OF THE EVIDENCE, THAT
   8  THE VIOLATION WAS NOT INTENTIONAL AND RESULTED FROM A  BONA  FIDE  ERROR
   9  MADE NOTWITHSTANDING THE MAINTENANCE OF PROCEDURES REASONABLY ADOPTED TO
  10  AVOID SUCH ERROR.
  11    S 2. This act shall take effect immediately.