The new U.S. Social Security number (SSN) No Match Rule was published August 15 in the Federal Register. You can also see it here.
This new regulation provides directives for the letters the U.S. Social Security Administration (SSA) issues to employers when the SSA discovers that an SSN does not match the information provided by the employer.
Before this rule was issued the SSA indicated that the “no-match letter” was only meant to be informational to the employer. However, the Department of Homeland Security (DHS) issued opinions that the letters were evidence of potential violation of immigration law.
Currently the DHS cannot legally access information about who received the no-match letters.
The No Match Rule decribes the “constructive knowledge” that indicates an employee has provided a false SSN to his/her employer. It also outlines the process the DHS wants employers to use to respond to the SSA no-match letters.
While the new No Match Rule does not give the DHS access to the list of employers that received the no-match letters, the DHS will send general notices to employers telling them what their obligations are to follow immigration laws, and how they must be able to prove they are in compliance.
If an employer does not comply with the No Match Rule, the DHS can use that non-compliance as evidence that the employer had “constructive knowledge” of immigration problems, and the failure of employers to respond to no-match letters can be used as evidence in civil and criminal actions brought by DHS.
As you can imagine, this new law is highly controversial. A big concern is that employers may use the no-match letters as an excuse to fire employees who are participating in union activities, or that employers may fire employees based on national origin or race. This controversy is widely discussed in many news reports, such as here and here, and blogs, such as here and here.
However, the No Match Rule is a law for which your organization needs to be aware.
Are your lawyers aware of this new rule? Here are a couple of things your organization, and most particularly your lawyers, will need to consider.
Be sure the information security and IT folks are involved in discussions since compliance will require providing access to employee and job applicant information and data, some of which will be personally identifiable information (PII).
* Establish procedures to consistently respond to no-match letters in order to comply with the No Match Rule
* Establish procedures to correct errors discovered within the no-match letter your organization receives from the SSA. If you discover an error, the No Match Rule gives your organization the opportunity to correct the error, contact the employee to correct the error, and/or submit new/corrected information to the SSA. If your organization acts to correct the error, you can be protected from potential liability.
The DHS has made a document about compliance and safe-harbor actions available.
Check it out, or send it to your lawyer for his/her review.
Tags: awareness and training, Department of Homeland Security, DHS, Information Security, IT compliance, no match letter, no match rule, PII, policies and procedures, privacy, risk management, social security administration, social security number, SSA, SSN