Sec. 4.
(1) Beginning January 1, 2006, a person who obtains 1 or more social security numbers in the ordinary course of business shall create a privacy policy that does at least all of the following concerning the social security numbers the person possesses or obtains:
(a) Ensures to the extent practicable the confidentiality of the social security numbers.
(b) Prohibits unlawful disclosure of the social security numbers.
(c) Limits who has access to information or documents that contain the social security numbers.
(d) Describes how to properly dispose of documents that contain the social security numbers.
(e) Establishes penalties for violation of the privacy policy.
(2) A person that creates a privacy policy under subsection (1) shall publish the privacy policy in an employee handbook, in a procedures manual, or in 1 or more similar documents, which may be made available electronically.
(3) This section does not apply to a person who possesses social security numbers in the ordinary course of business and in compliance with the fair credit reporting act, 15 USC 1681 to 1681v, or subtitle A of title V of the Gramm-Leach-Bliley act, 15 USC 6801 to 6809.
History: 2004, Act 454, Eff. Mar. 1, 2005