§ 2440. Social Security number protection
(a) This section shall be known as the Social Security Number Protection Act.
(b) Except as provided in subsection (c) of this section, a business may not do any of
the following:
(1) intentionally communicate or otherwise make available to the general public an individual’s
Social Security number;
(2) intentionally print or imbed an individual’s Social Security number on any card required
for the individual to access products or services provided by the person or entity;
(3) require an individual to transmit his or her Social Security number over the Internet
unless the connection is secure or the Social Security number is encrypted;
(4) require an individual to use his or her Social Security number to access an Internet
website, unless a password or unique personal identification number or other authentication
device is also required to access the internet website;
(5) print an individual’s Social Security number on any materials that are mailed to the
individual, unless State or federal law requires the Social Security number to be
on the document to be mailed;
(6) sell, lease, lend, trade, rent, or otherwise intentionally disclose an individual’s
Social Security number to a third party without written consent to the disclosure
from the individual, when the party making the disclosure knows or in the exercise
of reasonable diligence would have reason to believe that the third party lacks a
legitimate purpose for obtaining the individual’s Social Security number.
(c) Subsection (b) of this section shall not apply:
(1) When a Social Security number is included in an application or in documents related
to an enrollment process, or to establish, amend, or terminate an account, contract,
or policy; or to confirm the accuracy of the Social Security number for the purpose
of obtaining a credit report pursuant to 15 U.S.C. § 1681(b)(2). A Social Security number that is permitted to be mailed under this section may not
be printed, in whole or in part, on a postcard or other mailer not requiring an envelope,
or visible on an envelope without the envelope having been opened.
(2) To the collection, use, or release of a Social Security number reasonably necessary
for administrative purposes or internal verification.
(3) To the opening of an account or the provision of or payment for a product or service
authorized by an individual.
(4) To the collection, use, or release of a Social Security number to investigate or prevent
fraud; conduct background checks; conduct social or scientific research; collect a
debt; obtain a credit report from or furnish data to a consumer reporting agency pursuant
to the Fair Credit Reporting Act, 15 U.S.C. § 1681, et seq.; undertake a permissible purpose enumerated under Gramm Leach Bliley, 12 C.F.R. § 216.13-15; or locate an individual who is missing, is a lost relative, or is due a benefit,
such as a pension, insurance, or unclaimed property benefit.
(5) To a business acting pursuant to a court order, warrant, subpoena, or when otherwise
required by law, or in response to a facially valid discovery request pursuant to
rules applicable to a court or administrative body that has jurisdiction over the
disclosing entity.
(6) To a business providing the Social Security number to a federal, State, or local government
entity, including a law enforcement agency, the Department of Public Safety, and a
court, or their agents or assigns.
(7) To a Social Security number that has been redacted.
(8)(A) To a business that has used, prior to January 1, 2007, an individual’s Social Security
number in a manner inconsistent with subsection (b) of this section, which may continue
using that individual’s Social Security number in that manner on or after January
1, 2007, if all of the following conditions are met:
(i) The use of the Social Security number is continuous. If the use is stopped for any
reason, subsection (b) of this section shall apply.
(ii) The individual is provided an annual disclosure that informs the individual that he
or she has the right to stop the use of his or her Social Security number in a manner
prohibited by subsection (b) of this section.
(iii) A written request by an individual to stop the use of his or her Social Security number
in a manner prohibited by subsection (b) of this section is implemented within 30
days of the receipt of the request. There shall not be a fee or charge for implementing
the request.
(iv) The person or entity does not deny services to an individual because the individual
makes a written request pursuant to this subsection.
(B) Nothing in this subdivision (8) is intended to apply to the collection, use, or dissemination
of Social Security numbers collected prior to January 1, 2007 and exempted from the
provisions of subsection (b) of this section pursuant to subdivisions (1) through
(7) or (9) and (10) of this subsection.
(9) To information obtained from a recorded document in the official records of the town
clerk or municipality.
(10) To information obtained from a document filed in the official records of the courts.
(d) Except as provided in subsection (e) of this section, the State and any State agency,
political subdivision of the State, or an agent or employee of the State, may not
do any of the following:
(1) Collect a Social Security number from an individual unless authorized or required
by law, State or federal regulation, or grant agreement to do so or unless the collection
of the Social Security number or records containing the Social Security number is
related to the performance of that agency’s duties and responsibilities as prescribed
by law.
(2) Fail, when collecting a Social Security number from an individual in a hard copy format,
to segregate that number on a separate page from the rest of the record, or as otherwise
appropriate, in order that the Social Security number can be more easily redacted
pursuant to a valid public records request.
(3) Fail, when collecting a Social Security number from an individual, to provide, at
the time of or prior to the actual collection of the Social Security number by that
agency, that individual, upon request, with a statement of the purpose or purposes
for which the Social Security number is being collected and used.
(4) Use the Social Security number for any purpose other than the purpose set forth in
the statement required under subdivision (3) of this subsection.
(5) Intentionally communicate or otherwise make available to the general public a person’s
Social Security number.
(6) Intentionally print or imbed an individual’s Social Security number on any card required
for the individual to access government services.
(7) Require an individual to transmit the individual’s Social Security number over the
Internet, unless the connection is secure or the Social Security number is encrypted.
(8) Require an individual to use the individual’s Social Security number to access an
Internet website, unless a password or unique personal identification number or other
authentication device is also required to access the Internet website.
(9) Print an individual’s Social Security number on any materials that are mailed to the
individual, unless a State or federal law, regulation, or grant agreement requires
that the Social Security number be on the document to be mailed. A Social Security
number that is permitted to be mailed under this subdivision may not be printed, in
whole or in part, on a postcard or other mailer not requiring an envelope, or visible
on an envelope, without the envelope having been opened.
(e) Subsection (d) of this section does not apply to:
(1) Social Security numbers disclosed to another governmental entity or its agents, employees,
contractors, grantees, or grantors of a governmental entity if disclosure is necessary
for the receiving entity to perform its duties and responsibilities. The receiving
governmental entity and its agents, employees, and contractors shall maintain the
confidential and exempt status of such numbers. As used in this subsection, “necessary”
means reasonably needed to promote the efficient, accurate, or economical conduct
of an entity’s duties and responsibilities.
(2) Social Security numbers disclosed pursuant to a court order, warrant, or subpoena,
or in response to a facially valid discovery request pursuant to rules applicable
to a court or administrative body that has jurisdiction over the disclosing entity.
(3) Social Security numbers disclosed for public health purposes pursuant to and in compliance
with requirements of the Department of Health under Title 18.
(4) The collection, use, or release of a Social Security number reasonably necessary for
administrative purposes or internal verification. Internal verification includes the
sharing of information for internal verification between and among governmental entities
and their agents, employees, contractors, grantees, and grantors.
(5) Social Security numbers that have been redacted.
(6)(A) A State agency or State political subdivision that has used, prior to January 1, 2007,
an individual’s Social Security number in a manner inconsistent with subsection (d)
of this section, which may continue using that individual’s Social Security number
in that manner on or after January 1, 2007, if all of the following conditions are
met:
(i) The use of the Social Security number is continuous. If the use is stopped for any
reason, subsection (d) of this section shall apply.
(ii) The individual is provided an annual disclosure that informs the individual that he
or she has the right to stop the use of his or her Social Security number in a manner
prohibited by subsection (d) of this section.
(iii) A written request by an individual to stop the use of his or her Social Security number
in a manner prohibited by subsection (d) of this section is implemented within 30
days of the receipt of the request. There shall not be a fee or charge for implementing
the request.
(iv) The State agency or State political subdivision does not deny services to an individual
because the individual makes a written request pursuant to this subdivision.
(B) Nothing in this subdivision (e)(6) is intended to apply to the collection, use, or
dissemination of Social Security numbers collected prior to January 1, 2007 and exempted
from the provisions of subsection (d) of this section pursuant to subdivisions (1)
through (5) or (7) through (11) of this subsection.
(7) Certified copies of vital records issued by the Department of Health and other authorized
officials pursuant to 18 V.S.A. part 6.
(8) A recorded document in the official records of the town clerk or municipality.
(9) A document filed in the official records of the courts.
(10) The collection, use, or dissemination of Social Security numbers by law enforcement
agencies and the Department of Public Safety in the execution of their duties and
responsibilities.
(11) The collection, use, or release of a Social Security number to investigate or prevent
fraud; conduct background checks; conduct social or scientific research; collect a
debt; obtain a credit report from or furnish data to a consumer reporting agency pursuant
to the Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq.; undertake a permissible purpose enumerated under Gramm Leach Bliley, 12 C.F.R. § 216.13-15; or locate an individual who is missing, is a lost relative, or is due a benefit,
such as a pension, insurance, or unclaimed property benefit.
(f) Any person has the right to request that a town clerk or clerk of court remove from
an image or copy of an official record placed on a town’s or court’s Internet website
available to the general public or an Internet website available to the general public
to display public records by the town clerk or clerk of court, the person’s Social
Security number, employer taxpayer identification number, driver’s license number,
State identification number, passport number, checking account number, savings account
number, credit card or debit card number, or personal identification number (PIN)
code or passwords contained in that official record. A town clerk or clerk of court
is authorized to redact the personal information identified in a request submitted
under this section. The request must be made in writing, legibly signed by the requester,
and delivered by mail, facsimile, or electronic transmission, or delivered in person
to the town clerk or clerk of court. The request must specify the personal information
to be redacted, information that identifies the document that contains the personal
information and unique information that identifies the location within the document
that contains the Social Security number, employer taxpayer identification number,
driver’s license number, State identification number, passport number, checking account
number, savings account number, credit card number, or debit card number, or personal
identification number (PIN) code or passwords to be redacted. The request for redaction
shall be considered a public record with access restricted to the town clerk, the
clerk of court, their staff, or upon order of the court. The town clerk or clerk of
court shall have no duty to inquire beyond the written request to verify the identity
of a person requesting redaction and shall have no duty to remove redaction for any
reason upon subsequent request by an individual or by order of the court, if impossible
to do so. No fee will be charged for the redaction pursuant to such request. Any person
who requests a redaction without proper authority to do so shall be guilty of an infraction,
punishable by a fine not to exceed $500.00 for each violation.
(g) Enforcement.
(1) With respect to businesses, the State, State agencies, political subdivisions of the
State, and agents or employees of the State, a State agency, or a political subdivision
of the State, subject to this subchapter, other than a person or entity licensed or
registered with the Department of Financial Regulation under Title 8 or this title,
the Attorney General and State’s Attorney shall have sole and full authority to investigate
potential violations of this subchapter, to enforce, prosecute, obtain, and impose
remedies for a violation of this subchapter, or any rules made pursuant to this subchapter,
and to adopt rules under this subchapter, as the Attorney General and State’s Attorney
have under chapter 63 of this title. The Attorney General may refer the matter to
the State’s Attorney in an appropriate case. The Superior Courts shall have jurisdiction
over any enforcement matter brought by the Attorney General or a State’s Attorney
under this subsection.
(2) With respect to a person or entity licensed or registered with the Department of Financial
Regulation under Title 8 or this title, the Department shall have full authority to
investigate potential violations of this subchapter, and to prosecute, obtain, and
impose remedies for a violation of this subchapter or any rules adopted pursuant to
this subchapter as the Department has under Title 8 or this title, or any other applicable
law or regulation.
(3) With respect to the information provided by the Vermont Department of Public Safety
and law enforcement agencies, and any agent or employee thereof, to the Vermont Attorney
General or State’s Attorney pursuant to subdivision (1) of this subsection, the information
provided or made available by the agency or Department to the Attorney General may
be designated by the agency or Department as confidential, and shall not be released
under the provisions of 1 V.S.A. § 317. (Added 2005, No. 162 (Adj. Sess.), § 1, eff. July 1, 2007.)