TexLawThursday

TexLawThursday: SS # data and your privacy policy

If you capture your customers social security numbers during the course of your business you need to make sure that your privacy policy conforms to Texas Business and Commerce Code section 501.o52.

In a nutshell, chapter 501 is designed to protect “personal identity information” and section 501.052 details how that goal relates to SS #’s and your privacy policy.  Unless you are exempt—generally unless your covered by another more stringent privacy regulation such as is found in accounting, insurance, banking, or collecting information covered by HIPPA, you are a government body, or the transaction involves a loan and loaning money isn’t part of your core business you’re not exempt–you may not require a social security number from your customers unless:

(1) your privacy policy includes:

  • how you collect personal information;
  • how & when you use personal information;
  • how you protect personal information;
  • who has access to personal information; and
  • how you dispose of personal information.

(2) you make the privacy policy available to the individual that you are collecting the information from;

and

(3) you maintain the confidentiality of the SS number disclosed.

This and related privacy statutes are enforced by the Attorney General and its important that you take care in disposing of any sensitive data that you collect . . . infractions can be costly!  Related Texas Laws for Safeguarding Customer Records and Identity theft can be found in Business and Commerce Code Chapter 521 (I’ll cover record retention and destruction issues in a future post).  It is also important to note that the Texas Deceptive Trade Practices Act requires companies to operate in accordance with their published policies.  And that Texas recognizes a common-law action for invasion of privacy, which includes “an intentional intrusion, physically or otherwise, upon the solitude, seclusion, or private affairs of another, which would be highly offensive to an [sic] reasonable person.” See Valenzuela v. Aquino, 853 S.W.2d 512, 513 (Tex. 1993).

You can find other states’ privacy policies through a simple web search.  For example, check out California’s approach to regulating privacy matters here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s