Credit unions that mail statements to members in California may find themselves in violation of a new law designed to stop identity theft.
The law, which became effective July 1, prohibits any person or entity from using an individual's Social Security number in several ways -including posting it publicly, printing it on a statement, or requiring it for access to products or services.
In an effort to help credit unions comply with the new law, the California Credit Union League released a bulletin addressed to all CUs in the Golden State. Legislators said criminals were using Social Security numbers to access products and services at financial institutions in the victims' names.
Senate Bill 168, which was authored by California state senator Debra Bowen, D-Redondo Beach, prohibits the public posting or display of an individual's social security number, including printing the number on any card required to access products or services. In addition, no individual may be required to transmit his or her social security number over the Internet unless the connection is secure or the SSN is encrypted.
Institutions are not allowed to print an individual's Social Security number on any mailed materials, unless required by state or federal law. Exceptions include applications, as well as documents that are recorded or required to be open to the public under the California Public Records Act, state tax liens or the Brown Act. Court records required to be made available to the public likewise are exempted.
The new law does not prohibit the collection, use or release of a social security number for internal verification or administrative purposes.
Another exception applies to credit unions that used an individual's SSN in one of the newly prohibited ways before July 1. If so, the CU may continue to do so, as long as such use in continuous. The CU must send an annual disclosure statement to all individuals whose social security numbers are used in a prohibited way.
If a member sends a written request to the credit union or other institution requesting to "opt out" of the use of his or her social security number, the request must be honored within 30 days of receipt without fee. Further, the law provides that institutions may not deny services to any individual who opts out.
Credit unions also should be aware that they no longer will be able to identify their employees by their social security numbers- other than on mailed payroll checks. The continuous use exception will apply to current employees.
According to the CCUL, a bill is pending in the California state assembly that would delay implementation of the new law for financial institutions. Assembly Bill 1068, written by Roderick Wright, D-Los Angeles, is in the state senate judiciary committee, and a hearing is scheduled for Aug. 6.
