PRINTER'S NO. 226
No. 149 Session of 2007
INTRODUCED BY TOMLINSON, KITCHEN, FONTANA, TARTAGLIONE, ERICKSON, STOUT, RAFFERTY, CORMAN, D. WHITE, C. WILLIAMS, FERLO, COSTA, REGOLA, RHOADES AND BAKER, MARCH 7, 2007
REFERRED TO COMMUNICATIONS AND TECHNOLOGY, MARCH 7, 2007
AN ACT 1 Amending the act of June 29, 2006 (P.L.281, No.60), entitled "An 2 act relating to confidentiality of Social Security numbers; 3 and making a related repeal," further providing for title of 4 act; extending privacy provisions to certain confidential 5 individual information; and further providing for 6 applicability. 7 The General Assembly of the Commonwealth of Pennsylvania 8 hereby enacts as follows: 9 Section 1. The title of the act of June 29, 2006 (P.L.281, 10 No.60), entitled "An act relating to confidentiality of Social 11 Security numbers; and making a related repeal," is amended to 12 read: 13 AN ACT 14 Relating to confidentiality of Social Security numbers and other 15 individual information; and making a related repeal. 16 Section 2. Sections 1 and 4 of the act are amended to read: 17 Section 1. Privacy of [Social Security numbers] confidential 18 individual information. 19 (a) General rule.--A person or entity or State agency or
1 political subdivision shall not do any of the following: 2 (1) Publicly post or publicly display in any manner [an 3 individual's Social Security number] confidential individual 4 information. "Publicly post" or "publicly display" means to 5 intentionally communicate or otherwise make available to the 6 general public. 7 (2) Print [an individual's Social Security number] 8 confidential individual information on any card required for 9 the individual to access products or services provided by the 10 person, entity or State agency or political subdivision. 11 (3) Require an individual to transmit [his or her Social 12 Security number] confidential individual information over the 13 Internet unless the connection is secure or the [Social 14 Security number] confidential individual information is 15 encrypted. 16 (4) Require an individual to use [his or her Social 17 Security number] confidential individual information to 18 access an Internet website unless a password or unique 19 personal identification number or other authentication device 20 is also required to access the website. 21 (5) (i) Print [an individual's Social Security number] 22 confidential individual information on any materials that 23 are mailed to the individual unless Federal or State law 24 requires the [Social Security number] confidential 25 individual information to be on the document to be 26 mailed. 27 (ii) Notwithstanding [this provision, Social 28 Security numbers] subparagraph (i), confidential 29 individual information may be included in applications 30 and forms sent by mail, including documents sent as part 20070S0149B0226 - 2 -
1 of an application or enrollment process or to establish, 2 amend or terminate an account, contract or policy or to 3 confirm the accuracy of the [Social Security number. A 4 Social Security number] confidential individual 5 information. Confidential individual information that is 6 permitted to be mailed under this section may not be 7 printed, in whole or in part, on a postcard or other 8 mailer not requiring an envelope, or visible on the 9 envelope or without the envelope having been opened. 10 (6) Disclose in any manner, except to the agency issuing 11 the license, [the Social Security number] confidential 12 individual information of an individual who applies for a 13 recreational license. For the purposes of this paragraph, a 14 "recreational license" means a license issued pursuant to 30 15 Pa.C.S. (relating to fish) or 34 Pa.C.S. (relating to game). 16 (b) Applicability.--Except as provided in subsection (c), 17 subsection (a) applies only to the use of [Social Security 18 numbers] confidential individual information on or after the 19 effective date of this section. 20 (c) Exception.-- 21 (1) A person or entity, not including a State agency or 22 political subdivision, that has used, prior to the effective 23 date of this section, [an individual's Social Security 24 number] confidential individual information in a manner 25 inconsistent with subsection (a) may continue using that 26 [individual's Social Security number] confidential individual 27 information in that manner on or after the effective date of 28 this section, if all of the following conditions are met: 29 (i) The use of the [Social Security number] 30 confidential individual information is continuous. If the 20070S0149B0226 - 3 -
1 use is stopped for any reason, subsection (a) shall 2 apply. 3 (ii) The individual is provided an annual 4 disclosure, commencing in the year after the effective 5 date of this section, that informs the individual that he 6 or she has the right to stop the use of his or her 7 [Social Security number] confidential individual 8 information in a manner prohibited by subsection (a). 9 (2) An individual who receives an annual disclosure 10 under paragraph (1) has the right to stop the use of his or 11 her [Social Security number] confidential individual 12 information in a manner prohibited by subsection (a) and must 13 exercise that right by submitting a written request to the 14 person or entity. The person or entity shall discontinue use 15 of the [individual's Social Security number] confidential 16 individual information within 30 days of the receipt of the 17 request. There shall be no fee or charge for complying with 18 the request. A person or entity shall not deny services to an 19 individual because the individual makes a written request 20 pursuant to this subsection. 21 (d) Construction.--This section shall not be construed to 22 prevent the collection, use or release of [a Social Security 23 number] confidential individual information as required by 24 Federal or State law or the use of [a Social Security number] 25 confidential individual information for internal verification, 26 administrative purposes or for law enforcement investigations. 27 (e) Unified judicial system documents.--This section does 28 not apply to a document that originated with, or is filed with, 29 recorded in or is maintained by any court component or part of 30 the unified judicial system. 20070S0149B0226 - 4 -
1 (f) Government documents.--This section does not apply to 2 any document that: 3 (1) is required by law to be open to the public; and 4 (2) originates with, or is filed, recorded or maintained 5 by any government agency, instrumentality or taxing 6 authority. 7 (g) Penalty.--Actions in violation of this act shall be 8 deemed a summary offense and shall be punishable by a fine of 9 not less than $50 and not more than $500 and, for every second 10 or subsequent violation, by a fine of not less than $500 and not 11 more than $5,000. Fines under this section shall be distributed 12 equally between the Crime Victim's Compensation Fund 13 administered by the Pennsylvania Commission on Crime and 14 Delinquency and the Office of Attorney General for future 15 identity theft prevention. 16 (h) Definition.--For purposes of this act, "confidential 17 individual information" means the Social Security number, date 18 of birth, driver's license number and financial institution 19 account number of an individual. 20 Section 4. Applicability. 21 The provisions of this act shall not apply, to the extent 22 preempted by Federal law, to: 23 (1) A financial institution, as defined by section 24 509(3) of the Gramm-Leach-Bliley Act (Public Law 106-102, 15 25 U.S.C. § 6809(3)) or regulations adopted by agencies as 26 designated by section 504(a) of the Gramm-Leach-Bliley Act, 27 subject to Title V of the Gramm-Leach-Bliley Act or a 28 "licensee" as defined by 31 Pa. Code § 146a.2 (relating to 29 definitions). 30 (2) A covered entity, as defined by regulations 20070S0149B0226 - 5 -
1 promulgated at 45 CFR Pts. 160 (relating to general 2 administrative requirements) and 164 (relating to security 3 and privacy) pursuant to Subtitle F of the Health Insurance 4 Portability and Accountability Act of 1996 (Public Law 104- 5 191, 110 Stat. 1936). 6 (3) An entity subject to the Fair Credit Reporting Act 7 (Public Law 91-508, 15 U.S.C. § 1681 et seq.). 8 Section 3. This act shall take effect in 60 days. L13L23DMS/20070S0149B0226 - 6 -