Compliance Alert

 

I.D. Theft Prevention Law Awaits N.C. Governor’s Signature

North Carolina Senate Bill 1048, which aims to prevent the display of Social Security numbers and requires companies to destroy information prior to disposal, took one final step toward passage.

The bill, sponsored by Sen. Daniel Clodfelter, unanimously passed the state Senate. Gov. Mike Easley must now sign the bill into law.

Once signed into law, the bill will prevent businesses in the state from intentionally communicating or making available to the general public an individual’s Social Security number; printing an individual’s Social Security number on any card required for the individual to access products or services within the state; requiring individuals to transmit their Social Security numbers over the Internet, unless the connection is secure or the Social Security number is encrypted; requiring an individual to use his or her Social Security number to access an Internet Web site, unless a password or unique personal identification number or other authentication device is also required to access the Internet Web site; printing an individual’s Social Security number on any materials that are mailed to the individual, unless state or federal law requires the Social Security number to be on the document; and selling, leasing, loaning, trading or renting an individual’s Social Security number to a third party for any purpose without written consent to the disclosure from the individual.

As for destroying the documents, the North Carolina Senate noted that reasonable measures must include, but may not be limited to:

Implementing and monitoring compliance with policies and procedures that require the burning, pulverizing or shredding of papers containing personal information so that information cannot be practicably read or reconstructed;

Implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media and other non-paper media containing personal information so that the information cannot practicably be read or reconstructed;

Implementing and monitoring compliance with policies and procedures that require reasonable steps to be taken to ensure that no unauthorized person will have access to the personal information for the period between the discarding of the record and the record’s destruction; and

Comprehensively describing and classifying procedures relating to the adequate destruction or proper disposal of personal records as official policy in the writings of the business entity, including corporate and employee handbooks and similar corporate documents.

The North Carolina House passed a similar bill Aug. 22

Read Next

Newer and Better

October 2005
Explore the October 2005 Issue

Check out more from this issue and find your next story to read.