| |
|
| |
| THE GENERAL ASSEMBLY OF PENNSYLVANIA |
| |
| SENATE BILL |
|
| |
| |
| INTRODUCED BY TOMLINSON, BROWNE, ALLOWAY, KITCHEN, ORIE, BOSCOLA, FONTANA, SOLOBAY, TARTAGLIONE, M. WHITE, MENSCH, WAUGH, D. WHITE, RAFFERTY, ERICKSON, WARD, EICHELBERGER, FERLO, COSTA, BREWSTER, KASUNIC AND BRUBAKER, JANUARY 28, 2011 |
| |
| |
| REFERRED TO COMMUNICATIONS AND TECHNOLOGY, JANUARY 28, 2011 |
| |
| |
| |
| AN ACT |
| |
1 | Amending the act of June 29, 2006 (P.L.281, No.60), entitled "An |
2 | act relating to confidentiality of Social Security numbers; |
3 | and making a related repeal," further providing for title of |
4 | act; extending privacy provisions to certain confidential |
5 | individual information; and further providing for |
6 | applicability. |
7 | The General Assembly of the Commonwealth of Pennsylvania |
8 | hereby enacts as follows: |
9 | Section 1. The title of the act of June 29, 2006 (P.L.281, |
10 | No.60), entitled "An act relating to confidentiality of Social |
11 | Security numbers; and making a related repeal," is amended to |
12 | read: |
13 | AN ACT |
14 | Relating to confidentiality of Social Security numbers and other |
15 | individual information; and making a related repeal. |
16 | Section 2. Sections 1 and 4 of the act are amended to read: |
17 | Section 1. Privacy of [Social Security numbers] confidential |
18 | individual information. |
|
1 | (a) General rule.--A person or entity or State agency or |
2 | political subdivision shall not do any of the following: |
3 | (1) Publicly post or publicly display in any manner [an |
4 | individual's Social Security number] confidential individual |
5 | information. "Publicly post" or "publicly display" means to |
6 | intentionally communicate or otherwise make available to the |
7 | general public. |
8 | (2) Print [an individual's Social Security number] |
9 | confidential individual information on any card required for |
10 | the individual to access products or services provided by the |
11 | person, entity or State agency or political subdivision. |
12 | (3) Require an individual to transmit [his or her Social |
13 | Security number] confidential individual information over the |
14 | Internet unless the connection is secure or the [Social |
15 | Security number] confidential individual information is |
16 | encrypted. |
17 | (4) Require an individual to use [his or her Social |
18 | Security number] confidential individual information to |
19 | access an Internet website unless a password or unique |
20 | personal identification number or other authentication device |
21 | is also required to access the website. |
22 | (5) (i) Print [an individual's Social Security number] |
23 | confidential individual information on any materials that |
24 | are mailed to the individual unless Federal or State law |
25 | requires the [Social Security number] confidential |
26 | individual information to be on the document to be |
27 | mailed. |
28 | (ii) Notwithstanding [this provision, Social |
29 | Security numbers] subparagraph (i), confidential |
30 | individual information may be included in applications |
|
1 | and forms sent by mail, including documents sent as part |
2 | of an application or enrollment process or to establish, |
3 | amend or terminate an account, contract or policy or to |
4 | confirm the accuracy of the [Social Security number. A |
5 | Social Security number] confidential individual |
6 | information. Confidential individual information that is |
7 | permitted to be mailed under this section may not be |
8 | printed, in whole or in part, on a postcard or other |
9 | mailer not requiring an envelope, or visible on the |
10 | envelope or without the envelope having been opened. |
11 | (6) Disclose in any manner, except to the agency issuing |
12 | the license, [the Social Security number] confidential |
13 | individual information of an individual who applies for a |
14 | recreational license. For the purposes of this paragraph, a |
15 | "recreational license" means a license issued pursuant to 30 |
16 | Pa.C.S. (relating to fish) or 34 Pa.C.S. (relating to game). |
17 | (b) Applicability.--Except as provided in subsection (c), |
18 | subsection (a) applies only to the use of [Social Security |
19 | numbers] confidential individual information on or after the |
20 | effective date of this section. |
21 | (c) Exception.-- |
22 | (1) A person or entity, not including a State agency or |
23 | political subdivision, that has used, prior to the effective |
24 | date of this section, [an individual's Social Security |
25 | number] confidential individual information in a manner |
26 | inconsistent with subsection (a) may continue using that |
27 | [individual's Social Security number] confidential individual |
28 | information in that manner on or after the effective date of |
29 | this section, if all of the following conditions are met: |
30 | (i) The use of the [Social Security number] |
|
1 | confidential individual information is continuous. If the |
2 | use is stopped for any reason, subsection (a) shall |
3 | apply. |
4 | (ii) The individual is provided an annual |
5 | disclosure, commencing in the year after the effective |
6 | date of this section, that informs the individual that he |
7 | or she has the right to stop the use of his or her |
8 | [Social Security number] confidential individual |
9 | information in a manner prohibited by subsection (a). |
10 | (2) An individual who receives an annual disclosure |
11 | under paragraph (1) has the right to stop the use of his or |
12 | her [Social Security number] confidential individual |
13 | information in a manner prohibited by subsection (a) and must |
14 | exercise that right by submitting a written request to the |
15 | person or entity. The person or entity shall discontinue use |
16 | of the [individual's Social Security number] confidential |
17 | individual information within 30 days of the receipt of the |
18 | request. There shall be no fee or charge for complying with |
19 | the request. A person or entity shall not deny services to an |
20 | individual because the individual makes a written request |
21 | pursuant to this subsection. |
22 | (d) Construction.--This section shall not be construed to |
23 | prevent the collection, use or release of [a Social Security |
24 | number] confidential individual information as required by |
25 | Federal or State law or the use of [a Social Security number] |
26 | confidential individual information for internal verification, |
27 | administrative purposes or for law enforcement investigations. |
28 | (e) Unified judicial system documents.--This section does |
29 | not apply to a document that originated with, or is filed with, |
30 | recorded in or is maintained by any court component or part of |
|
1 | the unified judicial system. |
2 | (f) Government documents.--This section does not apply to |
3 | any document that: |
4 | (1) is required by law to be open to the public; and |
5 | (2) originates with, or is filed, recorded or maintained |
6 | by any government agency, instrumentality or taxing |
7 | authority. |
8 | (g) Penalty.--Actions in violation of this act shall be |
9 | deemed a summary offense and shall be punishable by a fine of |
10 | not less than $50 and not more than $500 and, for every second |
11 | or subsequent violation, by a fine of not less than $500 and not |
12 | more than $5,000. Fines under this section shall be distributed |
13 | equally between the Crime Victim's Compensation Fund |
14 | administered by the Pennsylvania Commission on Crime and |
15 | Delinquency and the Office of Attorney General for future |
16 | identity theft prevention. |
17 | (h) Definition.--For purposes of this act, "confidential |
18 | individual information" means the Social Security number, date |
19 | of birth, driver's license number and financial institution |
20 | account number of an individual. |
21 | Section 4. Applicability. |
22 | The provisions of this act shall not apply, to the extent |
23 | preempted by Federal law, to: |
24 | (1) A financial institution, as defined by section |
25 | 509(3) of the Gramm-Leach-Bliley Act (Public Law 106-102, 15 |
26 | U.S.C. § 6809(3)) or regulations adopted by agencies as |
27 | designated by section 504(a) of the Gramm-Leach-Bliley Act, |
28 | subject to Title V of the Gramm-Leach-Bliley Act or a |
29 | "licensee" as defined by 31 Pa. Code § 146a.2 (relating to |
30 | definitions). |
|
1 | (2) A covered entity, as defined by regulations |
2 | promulgated at 45 CFR Pts. 160 (relating to general |
3 | administrative requirements) and 164 (relating to security |
4 | and privacy) pursuant to Subtitle F of the Health Insurance |
5 | Portability and Accountability Act of 1996 (Public Law |
6 | 104-191, 110 Stat. 1936). |
7 | (3) An entity subject to the Fair Credit Reporting Act |
8 | (Public Law 91-508, 15 U.S.C. § 1681 et seq.). |
9 | Section 3. This act shall take effect in 60 days. |
|