ameri resources

Need an office in metro Detroit, Alabama or Toronto? Office suites, meeting rooms, virtual offices, network access

free downloads
USA: "“Make.” An American Manufacturing Movement" report

USA: "“Make.” An American Manufacturing Movement" report. 88-page report by

proceed to download

back to index backAMERItalk February,  2005

Employers take note of the new Michigan Social Security Number Privacy Act

Employers in Michigan should be aware of a new Michigan law, known as the Social Security Number Privacy Act, which restricts certain uses of social security numbers and imposes certain obligations on entities that collect those numbers.  The "SSN" Privacy Act, part of a comprehensive package of legislation signed by Governor Granholm in the final days of 2004, is designed to combat identity theft in Michigan.    The new law takes effect March 1, 2005.

The SSN Privacy Act's primary purpose is to prohibit the use of all or more than four sequential digits of social security numbers by persons, partnerships, corporations, government agencies, public and private educational institutions, and other legal entities. An entity is restricted from using the SSN of an "employee, student, or other individual" in the following ways:

•  Publicly displaying all or more than 4 sequential digits of the social security number. The term "publicly display" is broadly defined to mean exhibit, hold up, post or make visible such as on a computer screen, network, or other electronic medium.

•  Using a person's social security number as an individual account number,

•  Printing a SSN on any identification badge or card, membership card, permit or license,

•  Printing a SSN on the outside of an envelope or package mailed or sent to an individual,

•  Requiring use or transmission of more than 4 sequential digits of a social security number over the internet or a computer system or network, unless the connection is secure or the transmission is encrypted, or

•  Requiring use or transmission of more than 4 sequential digits of a social security number to gain access to a website or computer system or network, unless the connection is secure and the transmission is encrypted, or protected by a password or other unique personal ID number or authentication device.

Beginning January 1, 2006, the statute also prohibits including all or more than 4 sequential digits of a SSN in any document or information mailed to a person, unless certain conditions, including the following, apply: 

•  A state or federal law or rule or court order authorizes, permits or requires the SSN's use,

•  The document sent is part of an application or enrollment initiated by the individual,

•  The document is sent to establish, confirm service, amend or terminate an account, contract, policy, or employee or health insurance benefit; or

•  The document is mailed by a public body in certain circumstances.

The SSN Privacy Act does contain a number of significant exceptions.  The restrictions do not apply to use of a SSN that is "authorized or required by state or federal statute,…by court order…or pursuant to legal discovery or process."  Further, various provisions do not take effect under certain circumstances until January 1, 2006.

Significantly for employers, it is not a violation of the Act to use a SSN to verify an individual's identity, identify an individual, or do another similar administrative purpose related to," proposed employment or employment.  Similarly, an employer may use a full SSN to investigate an individual's credit, criminal, or driving history.  It is also permissible to use SSNs used to provide or administer health insurance, membership benefits, or retirement programs.  

Another exception provides that a law enforcement agency, court, or prosecutor may use a SSN as part of a criminal investigation and a covered entity may provide a SSN for purposes of a criminal investigation or prosecution.  An entity may also use all or part of a SSN to "lawfully pursue or enforce a person's legal rights," which may include "audit, collection, investigation, or transfer of a tax, employee benefit, debt, claim," or account.

The SSN Privacy Act also requires covered entities that obtain SSNs in the "ordinary course of business" to create a "Privacy Policy" by January 1, 2006.  The Privacy Policy must do each of the following:

•  Ensure to the extent practicable the confidentiality of the social security number,

•  Prohibit unlawful disclosure of social security numbers,

•  Limit who has access to information or documents that contain the social security numbers,

•  Describe how to properly dispose of documents that contain social security numbers,  and

•  Establish penalties for its violation.

The Privacy Policy must be published in an employee handbook or manual or at least one similar document and may be available electronically. In another exception, the Act provides that the Privacy Policy requirement does not apply to an entity that collects SSNs in the "ordinary course of business" and in compliance with the Fair Credit Reporting Act or the Gramm-Leach-Bliley Act, Title V(A).

A SSN Privacy Act violation is a misdemeanor punishable by not more than 93 days in jail or a fine of $1,000 or both.  The Act does, however, provide an exception from those penalties if an employee or agent of a covered entity violates the Privacy Policy when the entity has taken reasonable measures to enforce the Privacy Policy and correct known violations.

What does this mean for employers?  Employers should carefully consider the circumstances under which SSN information is used and disclosed in the course of business operations.  Compliance with the Act may mean changing procedures to ensure that SSNs are not used as ID numbers, restricting disclosure of personnel file information, and controlling access to benefit information. However, the SSN Privacy Act does contain many exceptions that cover some of the most frequent employer uses of SSNs, such as performing background checks and administering employee benefits. Employers are also advised to consider how the Act affects non-employment aspects of their operations. Understanding the law and its exceptions, developing a compliant Privacy Policy, and careful management of confidential SSN information will ensure that employers can operate efficiently while protecting SSN information.

Obtain a copy of the Social Security Number Privacy Act, by clicking here.

Source: Butzel Long -

previous page

go top
search our site



Other articles from the same issue (February,  2005).

Attacking health care cost inflation: Beyond cost shifting
play read on

Hybrid vehicle market share expected to peak at 3 percent in the U.S.
play read on

Tax incentives: An endangered species?
play read on

Bullseye! Tools to help you target the right (distribution center) site
play read on

10 essential tips to ensure your press release makes the news
play read on

Another H-1B visa battle coming?
play read on

Employers take note of the new Michigan Social Security Number Privacy Act
play read on

Our Free eJournals

To visit GlobalAutoExperts Directory, click here.

©2008 | HCI Group, Ltd.
101 West Big Beaver Road, Suite 1400 | Troy, MI 48084 USA
USA Tel: +1.248.687.1060 | USA Fax: +1.248.927.0347
Fax UK: +44.(0)845.127.4765 | Fax Europe: +31.20.524.1659 | Fax Asia: +852.3015.8120