California SSN and Encryption

[Jeremy Barker]

Donald ramsbottom wrote:

> Below is a snippet from E Commerce Law Week.
>
> The problem of identity theft is via Social Security Numbers is getting so
> bad new laws mandating encryption of transmission of neumbers.
>
> "California Law Curbs Release of Social Security Numbers, Mandates Encryption
> Aiming to curb the fast-rising rate of identity theft, a new California
> law, effective July 1, requires Internet transmission of Social Security
> numbers (SSNs) to be encrypted and bans private companies from disclosing
> SSNs.   The law does not apply to state or local agencies.  Under the new
> law, an individual may not be asked to transmit his or her SSN over the
> Internet unless the connection is secure or the SSN is encrypted.
> Moreover, individuals cannot be required to use their SSNs to access
> Internet Web sites unless additional authentication (e.g., a password or
> unique personal identification number) is also required for access.  The
> California law also (i) bans the public posting or display of an
> individual's SSN in any manner; (ii) bans printing an individual's SSN on
> any identification card required to access products or services; and (iii)
> bans printing an individual's SSN on any materials that are mailed to the
> individual, unless otherwise required by law.  The California law can be
> found at
> http://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&
> file=1798.85."

That summary missed out 2 things.  First, "applications and forms" sent by mail
can include a SSN and second, use before 1 July 2002 that is now illicit can
continue subject to some conditions - principally that the use is continuous and
the holder of the SSN can give notice that the use is to be stopped.  An amended
version that will further restrict the inclusion of SSNs in stuff sent by mail is
currently in the legislature.

jb