MICHIGAN'S SOCIAL SECURITY NUMBER PRIVACY ACT

Michigan's "Social Security Number Privacy Act" generally effective as of March 1, 2005, prohibits a person from knowingly doing any of the following with all or more than four sequential digits of an employee's, student's, or other individual's Social Security number:

(a) Publicly display all or more than 4 sequential digits of the social security number.

(b) Subject to certain exceptions, use all or more than 4 sequential digits of the social security number as the primary account number for an individual.

(c) Visibly print all or more than 4 sequential digits of the social security number on any identification badge or card, membership card, or permit or license. However, if a person has implemented or implements a plan or schedule that establishes a specific date by which it will comply with this subdivision, this subdivision does not apply to that person until January 1, 2006, or the completion date specified in that plan or schedule, whichever is earlier.

(d) Require an individual to use or transmit all or more than 4 sequential digits of his or her social security number over the internet or a computer system or network unless the connection is secure or the transmission is encrypted.

(e) Require an individual to use or transmit all or more than 4 sequential digits of his or her social security number to gain access to an internet website or a computer system or network unless the connection is secure, the transmission is encrypted, or a password or other unique personal identification number or other authentication device is also required to gain access to the internet website or computer system or network.

(f) Include all or more than 4 sequential digits of the social security number in or on any document or information mailed or otherwise sent to an individual if it is visible on or, without manipulation, from outside of the envelope or packaging.

(g) Subject to subsection (3), beginning January 1, 2006, include all or more than 4 sequential digits of the social security number in any document or information mailed to a person, unless any of the following apply:

(i) State or federal law, rule, regulation, or court order or rule authorizes, permits, or requires that a social security number appear in the document.

(ii) The document is sent as part of an application or enrollment process initiated by the individual.

(iii) The document is sent to establish, confirm the status of, service, amend, or terminate an account, contract, policy, or employee or health insurance benefit or to confirm the accuracy of a social security number of an individual who has an account, contract, policy, or employee or health insurance benefit.

(iv) The document or information is mailed by a public body under any of the following circumstances:

(A) The document or information is a public record and is mailed in compliance with the freedom of information act, 1976 PA 442, MCL 15.23 1 to 15.246.

(B) The document or information is a copy of a public record filed or recorded with a county clerk or register of deeds office and is mailed by that office to a person entitled to receive that record.

(C) The document or information is a copy of a vital record recorded as provided by law and is mailed to a person entitled to receive that record.

(v) The document or information is mailed by or at the request of an individual whose social security number appears in the document or information or his or her parent or legal guardian.

(vi) The document or information is mailed in a manner or for a purpose consistent with subtitle A of title V of the Gramm-Leach-Bliley act, 15 USC 6801 to 6809; with the health insurance portability and accountability act of 1996, Public Law 104-191; or with section 537 or 539 of the insurance code of 1956,



Certain provisions of the act become effective as of January 1, 2006. For example, beginning January 1, 2006, a person who obtains 1 or more social security numbers in the ordinary course of business shall create a privacy policy that complies with the guidelines established by the Act. In fact, according to the Act, "a person that creates a privacy policy . . . shall publish the privacy policy in an employee handbook, in a procedures manual, or in 1 or more similar documents, which may be made available electronically.