Effective January 2009, the State of New York has amended their state law regarding protecting personally identifiable information (PII). On July 9, 2009, Governor David Patterson signed Bill No. A11752 / S8376A regulating employers’ internal use of PII, including social security numbers, home address or telephone number, personal electronic email address, internet identification name or password, parent’s surname prior to marriage, or drivers license number.

So what does this mean for employers? Employers cannot, unless required by law:
• publicly post or display an employee’s PII;
• visibly print any PII on any employee identification badge or card, including any time card;
• place PII in any file with unrestricted access; or
• otherwise communicate an employee’s PII to the general public.

Restrictions have also been placed on using social security numbers for any occupational licensing.

Punitive measures for employers include fines of $500 per violation for any “knowing” violation of the provisions. A violation is considered “knowing” if the employer has not put in place policies or procedures to safeguard against the violation, including procedures to notify relevant employees of the procedures. The amendment presumes that an employer’s failure to safeguard its workforce’s PII is the equivalent of a knowing public disclosure, even if the information was inadvertently released or stolen.

Click here for text of this amendment and full text of the bill.
(link to http://assembly.state.ny.us/leg/?bn=A11752&sh=t )

New York joins many other states, most recently Connecticut, in trying to combat identity theft. Other states are sure to join, so it’s a good idea to review your company’s policies and procedures to make sure you are doing everything you can to protect your employees’ information.