With the State of Connecticut reeling from a series of massive security breaches that have exposed the personal information of hundreds of thousands of state residents, Connecticut's Governor and General Assembly joined forces in mid-June to make Connecticut only the second state (after Michigan) to mandate that private employers publish a policy on the protection of employee Social Security numbers (SSNs). The new Connecticut law  entitled, "An Act Concerning the Confidentiality of Social Security Numbers (the "Act), and effective October 1, 2008  also imposes on private employers a statutory duty to safeguard, and properly dispose of, personal information more broadly defined.


Employers Must Create and Post a Social Security Number Policy. The Act requires the creation of a "a privacy protection policy by any entity that collects SSNs in the course of its business. The Act does not limit this requirement to the collection of SSNs from any particular category of individuals, such as customers, patients, or insureds. The Act, therefore, necessarily encompasses the collection of SSNs from employees. Consequently, the Act requires employers to promulgate a policy that, at a minimum, (1) protects the confidentiality of SSNs; (2) prohibits unlawful disclosure of SSNs; and (3) limits access to SSNs.


Click here to read the entire article.