Be Careful With Your Customers’ Social Security Numbers.

If you run a business, there may be times when you may need a customer’s social security number.  If your business is in Illinois, the Illinois Consumer Fraud and Deceptive Business Practices Act (CFA) imposes strict rules on how your business treats customers’ social security numbers.  Here is a brief summary of those rules:

  • Do not post or publicly display a SSN in any manner;
  • Do not not print a SSN on any card required for the individual to access products or services;
  • Do not print a SSN on the outside of any file;
  • Do not require an individual to transmit his or her SSN over the Internet, unless the connection is secure or the SSN is encrypted;
  • Do not require an individual to use his or her SSN to access an Internet web site, unless a password or unique personal identification number or other authentication device is also required to access the site;
  • Do not print a SSN on any materials that are mailed to the individual, unless State or federal law requires the social security number to be on the document; and
  • Do not encode or embed a SSN in or on a card or document, including, but not limited to, using a bar code, chip, magnetic strip, or other technology.

Notwithstanding these rules, a SSN may be included in applications and forms sent by mail as long as the SSN is inside an envelope and not visible without the envelope having been opened.

A violation of these rules may subject you to civil liability and you may even have to pay the victim’s attorneys’ fees.

To view the relevant section of the CFA, click here: http://www.ilga.gov/legislation/ilcs/fulltext.asp?DocName=081505050K2RR