This is a Public Service Announcement regarding information that I recently learned about various state laws that have been mandated in order to provide safeguards that an employer, prospective employer or other business MUST use when requesting, storing and transmitting an individual's Social Security Number (SSN) and other Sensitive Personal Information (SPI) in order to help protect the SSN' s confidentiality and security. Disclaimer: this post serves as no legal advice. If additional clarification is needed regarding the information posted here, please contact the office of the Attorney General in your particular state or a licensed attorney in your particular state.
There have been various posts on the subject of (prospective) employee's SSN's being requested by recruiters or other organizations for IT access, candidate tracking or other recruiting/on boarding functions that are NOT related payroll, taxes, background checks, etc. It may be helpful to know that there are about 30 different states in the USA that have enacted various laws that specifically regulate the use, transmittal, storage and privacy of a person's Social Security Numbers (SSN's) or other Sensitive Personal Information (SPI) such as an individual's Date of Birth.
In addition, The various states' Privacy Laws were created in order to require companies take the appropriate measures in order to protect the confidentiality and security of the SSN's that they seek to possess or possess regarding (prospective) employees and consumers that they conduct business with. Some of the state laws specifically prohibit the use of person's SSN (or even a partial use of the SSN) to be used as a Unique Identifier such as using the SSN for IT access or as an ID number for a candidate tracking system such as a Vendor Management Systems (VMS). A wise recommendation is to check to see if there is a particular SSN Privacy law that is in effect for the state in which you either reside in or where your organization conducts business in order to see how it may apply to you or your organization.
It is my understanding that some of the penalties for violation of the state's SSN Privacy Laws can range from $500 to $500,000 per violation. In essence, just because a recruiter, organization and/or their client ask for a (prospective) employee's SSN or other SPI so that the information can be used for IT access, candidate tracking purposes, or other on recruiting/on boarding processes (that is not related to payroll, I-9 forms, taxes, background check, etc.) does not mean they have a legal right to do so in the manner that information is being requested and/or used.
There have been various posts on the subject of (prospective) employee's SSN's being requested by recruiters or other organizations for IT access, candidate tracking or other recruiting/on boarding functions that are NOT related payroll, taxes, background checks, etc. It may be helpful to know that there are about 30 different states in the USA that have enacted various laws that specifically regulate the use, transmittal, storage and privacy of a person's Social Security Numbers (SSN's) or other Sensitive Personal Information (SPI) such as an individual's Date of Birth.
In addition, The various states' Privacy Laws were created in order to require companies take the appropriate measures in order to protect the confidentiality and security of the SSN's that they seek to possess or possess regarding (prospective) employees and consumers that they conduct business with. Some of the state laws specifically prohibit the use of person's SSN (or even a partial use of the SSN) to be used as a Unique Identifier such as using the SSN for IT access or as an ID number for a candidate tracking system such as a Vendor Management Systems (VMS). A wise recommendation is to check to see if there is a particular SSN Privacy law that is in effect for the state in which you either reside in or where your organization conducts business in order to see how it may apply to you or your organization.
It is my understanding that some of the penalties for violation of the state's SSN Privacy Laws can range from $500 to $500,000 per violation. In essence, just because a recruiter, organization and/or their client ask for a (prospective) employee's SSN or other SPI so that the information can be used for IT access, candidate tracking purposes, or other on recruiting/on boarding processes (that is not related to payroll, I-9 forms, taxes, background check, etc.) does not mean they have a legal right to do so in the manner that information is being requested and/or used.