A Legal Guide to PRIVACY AND DATA SECURITY 2024

confidentiality of social security numbers. Federal legislation specifically focused on restricting the use and disclosure of social security numbers has been introduced but no comprehensive law exists today at the federal level. The GLBA and HIPAA protect the confidentiality of personally identifiable information, including social security numbers. FCRA limits access to credit data (including social security numbers) to those with a permissible purpose. FACTA (which amended FCRA) allows consumers who request a copy of their credit report to ask that the first five digits of their social security number not be included in the file. The FTC may be able to exercise its authority under GLBA or Section 5 of the FTC Act to pursue claims of unreasonable data security practices if it finds that social security numbers were being used as passwords for consumers to authenticate their identity. [See Solove and Hartzog, FTC and the New Common Law of Privacy, 114 Columb. L. Rev. 583 (2014)]. Many states, including Minnesota, have passed laws that restrict the use and dissemination of social security numbers. There is much variety in what the various state laws provide. Some states prohibit the request of a social security number to complete a transaction. Other states mandate a formal privacy policy for any entity that collects social security numbers.

The Driver’s Privacy Protection Act (DPPA) [18 U.S.C. §§ 2721-2725]

The DPPA was enacted in 1994 and amended in 2000 to protect the privacy of personal information gathered by state departments or bureaus of motor vehicles. The DPPA was passed in reaction to the murder of an actress, Rebecca Schaeffer, who had been stalked by someone who had freely obtained her personal address from a publicly available state database that held drivers’ records. The DPPA allows plaintiffs to recover damages for each time the DPPA is violated.

52

Made with FlippingBook - Online Brochure Maker