John Monahan, a partner at Jaeckle Fleischmann & Mugel LLP, says employers should be aware of a new state law that requires companies to protect and limit access to Social Security numbers in their possession. JIM COURTNEY/BUSINESS FIRST

Companies in New York state have only a few days left to make sure they’re in compliance with the Social Security Number Protection Law, which goes into effect Jan. 1.

“I’m not convinced that a majority of employers out there know about this law yet,” said John Monahan, a partner at Jaeckle Fleischmann & Mugel LLP.

State legislators passed the law in September 2006 to restrict the way companies use and display their employees’ and clients’ Social Security numbers.

Companies use the numbers in the workplace for various reasons, such as as employee identification numbers on time cards or badges and as passwords for computer or office access. They did so, Monahan said, “for convenience.”

“Employers had a record of it, and employees would know (the numbers) off the top of their heads,” he said.

While federal laws require confidentiality of Social Security numbers in specific situations, this state law is broader, Monahan explained.

The law restricts employers from using employee Social Security numbers, or even a portion of those numbers, for the purposes of record keeping, time keeping or as employee identification numbers. While the law allows companies to keep those numbers on file for administrative reasons, it calls upon employers to take “reasonable measures” to ensure confidentiality.

Ginger Schröder, a partner at Schröder Joseph & Associates, said she simply keeps her law firm’s personnel files in a locked cabinet for which she holds the only key.

Monahan said that’s adequate, but employers should be sure to have only a few copies of such a key and restrict access to them.

“A locked filing cabinet is only as good as who has the keys,” he said.

If employers don’t comply by Jan. 1, they could face significant civil penalties. If a violation involves only one person’s Social Security number, the maximum penalty is $1,000.

However, if the disclosure of several numbers is involved — for example, for each employee who has a Social Security number on his or her identification badge at a 40-person company — the maximum penalty is $100,000.

A second violation within an organization increases the potential penalties to $5,000 and $250,000, respectively.

“If it’s a company-wide practice with multiple violations, that could be dangerous,” Monahan said.

Nevertheless, the law protects employees from unintentional harm and won’t cost employers much, if at all, to