You asked what state and federal law say about an insurance company requiring customers, or potential customers, to provide their social security numbers and if there are any pending bills on this topic.

SUMMARY

We found no federal or state provision or case prohibiting an insurance company from requiring a consumer or applicant to provide his Social Security number (SSN). It appears that commercial entities may require their customers to furnish SSNs (See OLR Report 96-R-0091, copy attached). We believe that insurance companies request an SSN to request information from a credit bureau, which is allowed under the Fair Credit Reporting Act.

We also found no federal or state legislation pending that would prohibit companies from requiring individuals from providing SSNs. There are numerous federal bills pending that relate to this issue, but each continue to permit the collection of SSNs in the normal course of business to obtain a credit report (e. g. , Comprehensive Identity Theft Prevention Act, S. 768, and Social Security Number Misuse Prevention Act, S. 29).

USE OF SOCIAL SECURITY NUMBERS

Businesses ask for SSNs when individuals apply for benefits or services, such as credit, checking accounts, insurance, apartment rentals, and public utilities. SSNs are one of the principal identifiers credit bureaus use to update individuals’ credit records with monthly reports of credit and payment activity.

Businesses, including insurance companies, use SSNs to request information from credit bureaus. But, credit bureaus can only release credit information to people with a legitimate business need, as required under the federal Fair Credit Reporting Act.

We could not identify any federal or state law that prohibits insurers from requesting insurance applicants to supply their SSN for credit checks or from using it for identification purposes. In fact, under the Fair Credit Reporting Act, an insurer’s use of an applicant’s credit report is permissible for making underwriting decisions.

The federal Gramm-Leach-Bliley Act requires financial institutions, including insurance companies to (1) provide notice to customers about their privacy policies and practices, (2) describe the conditions under which a financial institution may disclose nonpublic personal information about consumers to nonaffiliated third parties, and (3) provide a method for consumers to prevent such disclosures by “opting out” (Public Law 106-102). It does not prohibit insurers from requesting SSNs to access credit report information but does limit them from further disclosing such information.

RECENT LEGISLATION

In an attempt to reduce incidents of identity theft, the Connecticut legislature recently enacted legislation (PA 03-156) prohibiting most individuals and businesses from publicly disclosing SSNs. The prohibition does not prevent the numbers from being (1) collected, used, or released as required by state or federal law or (2) used for internal verification or administrative purposes.

As of January 1, 2005, no person, firm, corporation, or other entity, other than the state or its political subdivisions, can:

1. intentionally communicate or otherwise make available to the general public an individual’s SSN;

2. print anyone’s SSN on any card that the person must use to access the person or entity’s products or services;

3. require anyone to transmit his SSN over the Internet, unless the Pconnection is secure or the number is encrypted; or

4. require anyone to use his SSN to access an Internet web site, unless a password or unique personal identification number or other authentication is also required to access it.

EP: ro