Social Security Numbers

California Limits Use of Social Security Numbers in the Workplace
In an effort to prevent identity theft, California is leading the way in enacting laws to limit the use of social security numbers for public display or as an individual’s identifier. Social security numbers are commonly used as identification numbers by health care providers, colleges and other types of businesses. When these uses result in social security numbers being printed on ID cards and checks that people carry in their wallets or on statements mailed to consumers, the risk of identity theft increases.
California Law Restricts Use of Social Security Numbers
Businesses in California are now barred from publicly displaying social security numbers. California Civil Code § 1798.85 prevents the use of social security numbers in ways that are deemed most likely to lead to identity theft. Section 1798.85, which took effect on July 1, 2002, was passed to help control many of the common uses of social security numbers that can expose people to identity theft.
Prohibited Uses of Social Security Numbers as of July 1, 2002
Pursuant to Civil Code § 1798.85, businesses, health care providers and schools are barred from:
    · Publicly posting or displaying (intentionally communicating or otherwise making available to the general public) social security numbers or requiring them for access to products or services;
    · Printing social security numbers on cards required for accessing products or services;
    · Requiring an individual to transmit his or her social security number over the internet, unless through an encryption process;
    · Requiring an individual to use his or her social security number to access a website unless a password is also required to access the site;
    · Printing an individual’s social security number on any materials that are mailed to the individual unless inclusion of the social security number is required by law. However, applications and forms sent by mail may include social security numbers.
Effect on Past Use of Social Security Numbers
If a business, health care provider or school has used an individual’s social security number in any of these ways prior to July 1, 2002, it may continue to use that individual’s social security number after July 1, 2002 if all the following conditions are met:
· The use of the social security number must be continuous. If use is stopped for any reason, it cannot be resumed without adherence to the prohibitions enumerated in § 1798.85.
· The individual is provided with an annual disclosure beginning immediately informing the individual that he or she has the right to make a written request to stop the use of his or her social security number in a prohibited manner. The individual’s request must be implemented within 30 days of receipt. There can be no fee or charge for implementing the request.
· Services to the individual cannot be denied because the individual makes a request to stop use of his or her social security number.
Exceptions to the Restrictions of Civil Code § 1798.85
Civil Code § 1798.85 specifically states that it does not prevent the collection, use or release of a social security number in two ways.
First, Civil Code § 1798.85 does not affect the collection, use or release of social security numbers as required by state or federal law. For example, California Labor Code § 226(a)(7) requires that social security numbers be placed on paycheck stubs. Labor Code § 226(a)(7) would not be affected by the new prohibitions in Civil Code § 1798.85. Similarly, Civil Code § 1798.85’s restrictions would not apply to certain IRS reporting forms that also require the use of social security numbers.
Second, Civil Code § 1798.85 does not apply to the use of social security numbers for internal verification or administrative purposes. While no formal guidance is provided in the statute, it is safe to assume that employers may continue using social security numbers for internal personnel records and other human resource purposes. However, if an employer uses social security numbers for human resources, great care should be taken to ensure such information is neither disclosed to the public nor easily accessible to unauthorized individuals. Even for internal purposes, employers should not allow social security numbers to be publicly posted, printed, mailed, required to be used on the internet, etc.
Health-Related Entities
Civil Code § 1798.85 provides an extended time period within which health-related entities must comply. Specifically, "health care service plans, health care providers, insurers, pharmacy benefits managers, or a contractor"[1] are subject to staggered implementation timetables beginning in January 1, 2002 and extending until January 1, 2005.
Recommendations for Compliance with Civil Code § 1798.85
Companies are encouraged to seek alternatives to the use of social security numbers for individual identification. Companies are urged to conduct immediate audits of any employment and/or client policies that may involve the collection, use and disclosure of social security numbers. As part of the audit process, companies should analyze use of social security numbers in payroll practices, benefits administration and on documents mailed to employees and clients. 
If employers wish to continue with their pre-July 1,2002 use of social security numbers, they must make certain they meet the conditions set forth under the provisions which authorize continued use. If new policies and procedures are implemented or new employees are hired after July 1, 2002, it is essential that companies devise alternative and substitute forms of identification to comply with Civil Code § 1798.85.
As always, if companies have any concerns regarding meeting the requirements of Civil Code § 1798.85, they should consult legal counsel.

[1] "Contractor" means "any person or entity that is a medical group, independent practice association, pharmaceutical benefits manager, or a medical service organization and is not a health care service plan or provider of health care." Cal. Civ. Code § 56.05(c).
* * * * * * * * *
This Memo was prepared by Stacey L. Fell. For more information, contact: