§487J-2 Social security number protection. (a) Except as otherwise provided in subsection (b), a business or government agency may not do any of the following:
(1) Intentionally communicate or otherwise make available to the general public an individual's entire social security number;
(2) Intentionally print or imbed an individual's entire social security number on any card required for the individual to access products or services provided by the business or government agency;
(3) Require an individual to transmit the individual's entire social security number over the Internet, unless the connection is secure or the social security number is encrypted. For purposes of this paragraph, "encrypted" means that an algorithmic process has been used to transform data into a form in which the data is rendered unreadable or unusable without the use of a confidential process or key;
(4) Require an individual to use the individual's entire social security number to access an internet website, unless a password or unique personal identification number or other authentication device is also required to access the internet website; or
(5) Print an individual's entire social security number on any materials that are mailed to the individual, unless the materials are employer-to-employee communications, or where specifically requested by the individual.
(b) Subsection (a) shall not apply to:
(1) The inclusion of a social security number in documents that are mailed and:
(A) Are specifically requested by the individual identified by the social security number;
(B) Required by state or federal law to be on the document to be mailed;
(C) Required as part of an application or enrollment process;
(D) Used to establish, amend, or terminate an account, contract, or policy; or
(E) Used to confirm the accuracy of the social security number for the purpose of obtaining a credit report pursuant to 15 U.S.C. section 1681(b).
A social security number that is permitted to be mailed under this paragraph may not be printed, in whole or in part, on a postcard or other mailer not requiring an envelope, or visible on the envelope or without the envelope having been opened;
(2) The opening of an account or the provision of or payment for a product or service authorized by an individual;
(3) The collection, use, or release of a social security number to investigate or prevent fraud; conduct background checks; conduct social or scientific research; collect a debt; obtain a credit report from or furnish data to a consumer reporting agency pursuant to the Fair Credit Reporting Act, 15 U.S.C. sections 1681 to 1681x, as amended; undertake a permissible purpose enumerated under the federal Gramm Leach Bliley Act, 15 U.S.C. sections 6801 to 6809, as amended; locate an individual who is missing or due a benefit, such as a pension, insurance, or unclaimed property benefit; or locate a lost relative;
(4) A business or government agency acting pursuant to a court order, warrant, subpoena, or when otherwise required by law;
(5) A business or government agency providing the social security number to a federal, state, or local government entity including a law enforcement agency or court, or their agents or assigns;
(6) The collection, use, or release of a social security number in the course of administering a claim, benefit, or procedure relating to an individual's employment, including an individual's termination from employment, retirement from employment, injuries suffered during the course of employment, and other related claims, benefits, or procedures;
(7) The collection, use, or release of a social security number as required by state or federal law;
(8) The sharing of the social security number by business affiliates;
(9) The use of a social security number for internal verification or administrative purposes;
(10) A social security number that has been redacted; and
(11) Documents or records that are recorded or required to be open to the public pursuant to the constitution or laws of the State or court rule or order.
(c) A business or government agency covered by this section shall make reasonable efforts to cooperate, through systems testing and other means, to ensure that the requirements of this chapter are complied with. [L 2006, c 137, pt of §2; am L 2008, c 19, §68]
Structure Hawaii Revised Statutes
Title 26. Trade Regulation and Practice
487J. Personal Information Protection
487J-2 Social security number protection.
487J-3 Penalties; civil action.
487J-4 Reporting requirements.
487J-5 Policy and oversight responsibility.
487J-6 Unlawful use of identification card or driver's license.
487J-7 Pharmacy benefit managers; health information; prohibited marketing practices.