What is the law regarding your employer’s use of your social security number?

My employer switched payroll companies. Previous to this, I recieved a live check every 2 weeks having declined the offer of direct deposit at the time of my hiring three years ago. Two days ago, when I expected to get my paycheck, I was handed a notice stating that they no longer issue checks and instead I’d been issued a paycard. The paycard was issued by a third party company that is neither affiliated with my employer or their payroll company. My employer offered me no notice of this change, nor did the seek my permission before doing this. They gave this company that I am unfamiliar with my social security number, DOB, address, and full name. Included in the packet I recieved with the paycard was a page detailing what they could do with my personal data, which was extensive, and the fact that after my termination of service with them they could continue using my information. Is my employer permitted to give my personal information to a third party without my consent and is this company allowed to accept it again without my consent? Further, if this company’s database were to be breached and my information used for the purpose of identity fraud, who would be responsible, myself or my employer? If I were given the option beforehand, I would have opted for direct deposit which I now done. However given my employer’s unethical use of my personal information I don’t feel especially comfortable with them knowing my banking details.

Asked on July 14, 2017 under Employment Labor Law, Ohio

Answers:

SJZ, Member, New York Bar / FreeAdvice Contributing Attorney

Answered 3 years ago | Contributor

There is nothing illegal or unethical about an employer using a third party vendor to process their payroll or issue payments to employees--in fact, it is so common that if anything, it is surprising that they did not do this earlier. They are allowed to hand over your SSN or other information to that company without your consent, since that company is functioning as their agent or representative in this, a legitimate business purpose and the reason for which you gave the company your SSN, etc. in the first place--it's no different than giving your information to a new internal payroll manager. (That is, *someone* has to be given access to your information to process payroll.) If there is a data breach, then IF the payroll company were negligent, or careless, in their security precautions, you could hold them liable; IF they had a bad record for security before your company hired them but your company failed to "vet" or review them properly before giving them the contract, your company could possibly be liable for that carelessness; but since you can only hold people (or businesses) liable when they are "at fault," if the breach happened without anyone being careless or otherwise at fault, no one would be liable (other than the actual data thieves or hackers, who if caught, could be sued). Note that even if your company and/or the payroll company were at fault in a data breach, you can only sue if you suffer a loss due to that: i.e. if nothing bad actually happens to you, there is no viable lawsuit.


IMPORTANT NOTICE: The Answer(s) provided above are for general information only. The attorney providing the answer was not serving as the attorney for the person submitting the question or in any attorney-client relationship with such person. Laws may vary from state to state, and sometimes change. Tiny variations in the facts, or a fact not set forth in a question, often can change a legal outcome or an attorney's conclusion. Although AttorneyPages.com has verified the attorney was admitted to practice law in at least one jurisdiction, he or she may not be authorized to practice law in the jurisdiction referred to in the question, nor is he or she necessarily experienced in the area of the law involved. Unlike the information in the Answer(s) above, upon which you should NOT rely, for personal advice you can rely upon we suggest you retain an attorney to represent you.