PRINTER'S NO. 226
No. 149 Session of 2007
INTRODUCED BY TOMLINSON, KITCHEN, FONTANA, TARTAGLIONE,
ERICKSON, STOUT, RAFFERTY, CORMAN, D. WHITE, C. WILLIAMS,
FERLO, COSTA, REGOLA, RHOADES AND BAKER, MARCH 7, 2007
REFERRED TO COMMUNICATIONS AND TECHNOLOGY, MARCH 7, 2007
AN ACT
1 Amending the act of June 29, 2006 (P.L.281, No.60), entitled "An
2 act relating to confidentiality of Social Security numbers;
3 and making a related repeal," further providing for title of
4 act; extending privacy provisions to certain confidential
5 individual information; and further providing for
6 applicability.
7 The General Assembly of the Commonwealth of Pennsylvania
8 hereby enacts as follows:
9 Section 1. The title of the act of June 29, 2006 (P.L.281,
10 No.60), entitled "An act relating to confidentiality of Social
11 Security numbers; and making a related repeal," is amended to
12 read:
13 AN ACT
14 Relating to confidentiality of Social Security numbers and other
15 individual information; and making a related repeal.
16 Section 2. Sections 1 and 4 of the act are amended to read:
17 Section 1. Privacy of [Social Security numbers] confidential
18 individual information.
19 (a) General rule.--A person or entity or State agency or
1 political subdivision shall not do any of the following:
2 (1) Publicly post or publicly display in any manner [an
3 individual's Social Security number] confidential individual
4 information. "Publicly post" or "publicly display" means to
5 intentionally communicate or otherwise make available to the
6 general public.
7 (2) Print [an individual's Social Security number]
8 confidential individual information on any card required for
9 the individual to access products or services provided by the
10 person, entity or State agency or political subdivision.
11 (3) Require an individual to transmit [his or her Social
12 Security number] confidential individual information over the
13 Internet unless the connection is secure or the [Social
14 Security number] confidential individual information is
15 encrypted.
16 (4) Require an individual to use [his or her Social
17 Security number] confidential individual information to
18 access an Internet website unless a password or unique
19 personal identification number or other authentication device
20 is also required to access the website.
21 (5) (i) Print [an individual's Social Security number]
22 confidential individual information on any materials that
23 are mailed to the individual unless Federal or State law
24 requires the [Social Security number] confidential
25 individual information to be on the document to be
26 mailed.
27 (ii) Notwithstanding [this provision, Social
28 Security numbers] subparagraph (i), confidential
29 individual information may be included in applications
30 and forms sent by mail, including documents sent as part
20070S0149B0226 - 2 -
1 of an application or enrollment process or to establish,
2 amend or terminate an account, contract or policy or to
3 confirm the accuracy of the [Social Security number. A
4 Social Security number] confidential individual
5 information. Confidential individual information that is
6 permitted to be mailed under this section may not be
7 printed, in whole or in part, on a postcard or other
8 mailer not requiring an envelope, or visible on the
9 envelope or without the envelope having been opened.
10 (6) Disclose in any manner, except to the agency issuing
11 the license, [the Social Security number] confidential
12 individual information of an individual who applies for a
13 recreational license. For the purposes of this paragraph, a
14 "recreational license" means a license issued pursuant to 30
15 Pa.C.S. (relating to fish) or 34 Pa.C.S. (relating to game).
16 (b) Applicability.--Except as provided in subsection (c),
17 subsection (a) applies only to the use of [Social Security
18 numbers] confidential individual information on or after the
19 effective date of this section.
20 (c) Exception.--
21 (1) A person or entity, not including a State agency or
22 political subdivision, that has used, prior to the effective
23 date of this section, [an individual's Social Security
24 number] confidential individual information in a manner
25 inconsistent with subsection (a) may continue using that
26 [individual's Social Security number] confidential individual
27 information in that manner on or after the effective date of
28 this section, if all of the following conditions are met:
29 (i) The use of the [Social Security number]
30 confidential individual information is continuous. If the
20070S0149B0226 - 3 -
1 use is stopped for any reason, subsection (a) shall
2 apply.
3 (ii) The individual is provided an annual
4 disclosure, commencing in the year after the effective
5 date of this section, that informs the individual that he
6 or she has the right to stop the use of his or her
7 [Social Security number] confidential individual
8 information in a manner prohibited by subsection (a).
9 (2) An individual who receives an annual disclosure
10 under paragraph (1) has the right to stop the use of his or
11 her [Social Security number] confidential individual
12 information in a manner prohibited by subsection (a) and must
13 exercise that right by submitting a written request to the
14 person or entity. The person or entity shall discontinue use
15 of the [individual's Social Security number] confidential
16 individual information within 30 days of the receipt of the
17 request. There shall be no fee or charge for complying with
18 the request. A person or entity shall not deny services to an
19 individual because the individual makes a written request
20 pursuant to this subsection.
21 (d) Construction.--This section shall not be construed to
22 prevent the collection, use or release of [a Social Security
23 number] confidential individual information as required by
24 Federal or State law or the use of [a Social Security number]
25 confidential individual information for internal verification,
26 administrative purposes or for law enforcement investigations.
27 (e) Unified judicial system documents.--This section does
28 not apply to a document that originated with, or is filed with,
29 recorded in or is maintained by any court component or part of
30 the unified judicial system.
20070S0149B0226 - 4 -
1 (f) Government documents.--This section does not apply to
2 any document that:
3 (1) is required by law to be open to the public; and
4 (2) originates with, or is filed, recorded or maintained
5 by any government agency, instrumentality or taxing
6 authority.
7 (g) Penalty.--Actions in violation of this act shall be
8 deemed a summary offense and shall be punishable by a fine of
9 not less than $50 and not more than $500 and, for every second
10 or subsequent violation, by a fine of not less than $500 and not
11 more than $5,000. Fines under this section shall be distributed
12 equally between the Crime Victim's Compensation Fund
13 administered by the Pennsylvania Commission on Crime and
14 Delinquency and the Office of Attorney General for future
15 identity theft prevention.
16 (h) Definition.--For purposes of this act, "confidential
17 individual information" means the Social Security number, date
18 of birth, driver's license number and financial institution
19 account number of an individual.
20 Section 4. Applicability.
21 The provisions of this act shall not apply, to the extent
22 preempted by Federal law, to:
23 (1) A financial institution, as defined by section
24 509(3) of the Gramm-Leach-Bliley Act (Public Law 106-102, 15
25 U.S.C. § 6809(3)) or regulations adopted by agencies as
26 designated by section 504(a) of the Gramm-Leach-Bliley Act,
27 subject to Title V of the Gramm-Leach-Bliley Act or a
28 "licensee" as defined by 31 Pa. Code § 146a.2 (relating to
29 definitions).
30 (2) A covered entity, as defined by regulations
20070S0149B0226 - 5 -
1 promulgated at 45 CFR Pts. 160 (relating to general
2 administrative requirements) and 164 (relating to security
3 and privacy) pursuant to Subtitle F of the Health Insurance
4 Portability and Accountability Act of 1996 (Public Law 104-
5 191, 110 Stat. 1936).
6 (3) An entity subject to the Fair Credit Reporting Act
7 (Public Law 91-508, 15 U.S.C. § 1681 et seq.).
8 Section 3. This act shall take effect in 60 days.
L13L23DMS/20070S0149B0226 - 6 -