OLR Bill Analysis

sSB 315



With various exceptions, this bill prohibits anyone doing business in Connecticut from requesting or collecting an individual's Social Security number (SSN).

This prohibition does not apply to the state, its political subdivisions, or any of their agencies. The prohibition also does not apply to:

1. collecting SSNs as required to comply with state or federal law;

2. collecting SSNs by entities subject to the Gramm-Leach-Bliley Financial Modernization Act;

3. credit transactions or an entity regulated by the Fair Credit Reporting Act for purposes authorized by that act;

4. reports prepared by consumer credit reporting agencies in response to an individual's request;

5. background checks, identity verification, fraud prevention, medical treatment, law enforcement purposes, or the individual's employment, including employment benefits; or

6. collecting SSNs to verify an individual's identity or age or to allow the individual to access or enroll in an age-restricted marketing program.

Violators are subject to a fine of up to $ 500 for a first offense and up to $ 1,000 for each subsequent offense. Any willful violators are subject to a civil penalty of $ 1,000 for each violation, which is deposited into the privacy protection guaranty and enforcement account, which is an account used to reimburse losses sustained by those injured by violations of the SSN protection statutes.

EFFECTIVE DATE: July 1, 2012


Federal Law

Gramm-Leach-Bliley Financial Modernization Act. The Act applies to "financial institutions" that offer financial products or services to individuals, such as loans, financial or investment advice, or insurance. Among other things, it requires these companies to give consumers privacy notices that explain the institutions' information-sharing practices. In turn, consumers have the right to limit some, but not all, sharing of their information.

Fair Credit Reporting Act. The Act regulates the collection, dissemination, and use of consumer information, including consumer credit information for companies such as credit reporting agencies. Credit reporting agencies are companies that collect and disseminate information about consumers for credit evaluation and other purposes, including employment.

State Protections of SSNs

Existing law includes various provisions restricting the use or disclosure of SSNs. For example, the law requires anyone possessing personal information about another person to safeguard it, including the computer files and documents that contain it. “Personal information” is information that can be associated with an individual through an identifier like a Social Security number. The law also requires a business that collects Social Security numbers to create a privacy protection policy that must ensure confidentiality of Social Security numbers. These requirements do not apply to the state or its political subdivisions (CGS 42-471).


General Law Committee

Joint Favorable Substitute