This is Part 5 in a 6-part series on Connecticut Employment Laws You Didn’t Know Existed.
While not an “employment law” per se, Connecticut requires any private individual or company to take certain precautions to safeguard Social Security numbers and other private information. Violations of these laws are punishable by fines, civil penalties, and even imprisonment. Of course, a data breach also can also subject your company to a loss of consumer confidence, which can create a devastating impact. Therefore, data protection is something every business must take seriously.
The law states that anyone who collects Social Security numbers in the course of business must create a privacy protection policy that must be published or publicly displayed. Since all employers must collect employees’ Social Security numbers for various administrative purposes, such as withholding taxes, every private employer is covered by this law.
The policy must (1) protect the confidentiality of Social Security numbers, (2) prohibit unlawful disclosure of Social Security numbers, and (3) limit access to Social Security numbers. The policy must be available to the public, even if the only Social Security numbers collected belong to employees. The law states that this can be accomplished by posting the policy on a company website, but other methods could also be appropriate. It is not necessary to draw attention to the policy, so even placing the policy in an area that is not heavily trafficked by the public should be sufficient, as long as the public can actually view the document if desired.