Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Facebook, and Other Social Networking Sites, Will Always be Risky to Use | Main | Speaking of Social Networking Sites... »

Social Security Number No Match Rule: Employers Will Need to Prove Compliance

The new U.S. Social Security number (SSN) No Match Rule was published August 15 in the Federal Register. You can also see it here.

This new regulation provides directives for the letters the U.S. Social Security Administration (SSA) issues to employers when the SSA discovers that an SSN does not match the information provided by the employer.

Before this rule was issued the SSA indicated that the "no-match letter" was only meant to be informational to the employer. However, the Department of Homeland Security (DHS) issued opinions that the letters were evidence of potential violation of immigration law.

Currently the DHS cannot legally access information about who received the no-match letters.

The No Match Rule decribes the "constructive knowledge" that indicates an employee has provided a false SSN to his/her employer. It also outlines the process the DHS wants employers to use to respond to the SSA no-match letters.

While the new No Match Rule does not give the DHS access to the list of employers that received the no-match letters, the DHS will send general notices to employers telling them what their obligations are to follow immigration laws, and how they must be able to prove they are in compliance.

If an employer does not comply with the No Match Rule, the DHS can use that non-compliance as evidence that the employer had "constructive knowledge" of immigration problems, and the failure of employers to respond to no-match letters can be used as evidence in civil and criminal actions brought by DHS.

As you can imagine, this new law is highly controversial. A big concern is that employers may use the no-match letters as an excuse to fire employees who are participating in union activities, or that employers may fire employees based on national origin or race. This controversy is widely discussed in many news reports, such as here and here, and blogs, such as here and here.

However, the No Match Rule is a law for which your organization needs to be aware.

Are your lawyers aware of this new rule? Here are a couple of things your organization, and most particularly your lawyers, will need to consider.

Be sure the information security and IT folks are involved in discussions since compliance will require providing access to employee and job applicant information and data, some of which will be personally identifiable information (PII).

* Establish procedures to consistently respond to no-match letters in order to comply with the No Match Rule

* Establish procedures to correct errors discovered within the no-match letter your organization receives from the SSA. If you discover an error, the No Match Rule gives your organization the opportunity to correct the error, contact the employee to correct the error, and/or submit new/corrected information to the SSA. If your organization acts to correct the error, you can be protected from potential liability.

The DHS has made a document about compliance and safe-harbor actions available.

Check it out, or send it to your lawyer for his/her review.

Tags:                              
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on August 20, 2007 10:10 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/492

Comments

My visa was just used to purchase 4 worth of something in Czechoslovakia, then 1500 worth of diamonds in Spain. Holy crap. She said it's nothing that I've done wrong, that the Evil Thieves are able to get credit card numbers from literally anywhere (like, for instance, the huge database theft that hit the parent company of HomeSense, where hundreds of thousands of visa billing records were stolen, likely a few of mine in there as well).

Posted by: lifelock reviews by consumers | April 23, 2008 7:11 PM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.