Skip to main content

Request By:

Hon. Nathan Goldman
General Counsel
Kentucky Board of Nursing
312 Whittington Parkway, Suite 300
Louisville, Kentucky 40222-5172

Opinion

Opinion By: Chris Gorman, Attorney General; Amye B. Majors, Assistant Attorney General

You have requested an opinion from this Office on issues arising under the Kentucky Open Records Act. Specifically, you ask whether the Board of Nursing may release the social security numbers of its licensees. In addition, you ask whether the Board may release information of a personal nature, within the meaning of KRS 61.878(1)(a), to the National Council of State Boards of Nursing, a nonprofit corporation, if the council agrees by contract to maintain the confidentiality of that information.

You note that this Office has traditionally taken the position that the exceptions to the Open Records Act are permissive, and that an agency may, in its discretion, allow inspection of otherwise excepted documents. You question whether this position is correct, at least insofar as it relates to social security numbers, in view of 42 U.S.C. § 405(c)(2)(c), the provision of the Social Security Act which delineates the purposes for which a state, or political subdivision thereof, may require disclosure of those numbers. You suggest that this provision may have a direct bearing on the question of whether an agency may elect to release social security numbers.

We have analyzed the cited statute, as well as relevant case law, and conclude that neither KRS 61.878(1)(a) nor KRS 61.878(1)(j), which incorporates 42 U.S.C. § 405(c)(2)(C) by reference, prohibit the Board from releasing its licensees' social security numbers to the National Council of State Boards of Nursing. It is our opinion that 42 U.S.C. § 405(c)(2)(C), operating in tandem with Section 7(b) of the Privacy Act of 1974, 5 U.S.C. § 552a note, enlarges the circumstances in which state and local governments may require disclosure of social security numbers, and prohibits further disclosure of numbers acquired under its authority, but does not prohibit their disclosure when the numbers are not acquired under its authority. Since the federal statute does not prohibit disclosure in this case, and since the exemptions from the Open Records Act, with the exception of KRS 61.878(1)(j) and (k), have been deemed permissive, the Board may release the requested information to the Council.

We begin by noting that this Office has generally recognized that the records custodian of a public agency may allow inspection of all of the records in his custody, any applicable exemption notwithstanding, unless the records fall within the exemption codified at KRS 61.878(1)(j) and (k). Those exemptions exclude from public inspection public records or information the disclosure of which is prohibited by federal law or regulation or by enactment of the General Assembly. In OAG 79-275, at p. 3, we observed:

We believe that when KRS 61.878(1) says 'the following public records are excluded . . . and shall be subject to inspection only upon order of a court . . .,' that the legislative intent was permissive and not mandatory. The exemptions are convenient shields which public officials may use when they desire to do so, not restraints to keep them from opening up any records in their custody. An official does not have to be concerned with whether he may justifiably withhold a record from public examination.

* * *

The safest course for a public official who has public records in his custody is always to allow inspection of the records unless some statute, other than the Open Records statute, makes the records confidential and orders that they not be released. Public officials and employees have enough to do without scrutinizing records to see if they are exempt under the Open Records Law. They should only have to consider the exemptions in KRS 61.878 when for some reason they desire to withhold the inspection of a record.

Because Kentucky has no statute protecting the rights of individuals in public records, and the privacy exception codified at KRS 61.878(1)(a) is permissive, an agency may release records containing information of a personal nature. Although Section 7(b) of the Privacy Act of 1974 and 42 U.S.C. § 405(c)(2)(C) are incorporated into the Open Records Act by operation of KRS 61.878(1)(j), which is a mandatory exception, we do not believe these statutes prohibit the release of Social Security numbers under the facts presented.

Section 7 of the Privacy Act of 1974 broadly prohibits a federal, state, or local government from penalizing an individual because of his refusal to disclose his social security number upon request, except in certain narrowly defined circumstances. That statute provides:

(a)(1) It shall be unlawful for any Federal, State or local government agency to deny to any individual any right, benefit, or privilege provided by law because of such individual's refusal to disclose his social security account number.

(2) [T]he provisions of paragraph (1) of this subsection shall not apply with respect to --

(A) any disclosure which is required by Federal statute, or

(B) the disclosure of a social security number to any Federal, State, or local agency maintaining a system of records in existence and operating before January 1, 1975, if such disclosure was required under statute or regulation adopted prior to such date to verify the identity of an individual.

(b) Any Federal, State, or local government agency which requests an individual to disclose his social security account number shall inform that individual whether that disclosure is mandatory or voluntary, by what statutory or other authority such number is solicited, and what uses will be made of it.

5 U.S.C. § 552a note.

The legislative history of this provision suggests that Congress' efforts in enacting Section 7 were directed at curtailing the expanding use of social security numbers by federal and local agencies, and thereby eliminating the threat to individual privacy and confidentiality of information posed by common numerical identifiers. Congress thus recognized the need for federal legislation "to restore to the individual the option to refuse to disclose his social security number without repercussion, except in the specifically delineated circumstances outlined in section 7(a)(2)."

Doyle v. Wilson, 529 F.Supp. 1343, 1348 (D.Del. 1982).

As noted, 42 U.S.C. § 405(c)(2)(C), the 1976 amendment to the Social Security Act, was adopted after the passage of the Privacy Act, and provides an additional exception to the statutory protection generally accorded to individuals who refuse to disclose their social security numbers. The amendment provides:

(i) It is the policy of the United States that any State (or political subdivision thereof) may, in the administration of any tax, general public assistance, driver's license, or motor vehicle registration law within its jurisdiction, utilize the social security account numbers issued by the Secretary for the purpose of establishing the identification of individuals affected by such law, and may require any individual who is or appears to be so affected to furnish to such State (or political subdivision thereof) or any agency thereof having administrative responsibility for the law involved, the social security account number (or numbers, if he has more than one such number) issued to him by the Secretary.

(ii) If and to the extent that any provision of Federal law heretofore enacted is inconsistent with the policy set forth in clause (i) of this subparagraph, such provision shall, on and after the date of the enactment of this subparagraph [enacted October 4, 1976], be null, void, and of no effect.

(iii) For purposes of clause (i) of this subparagraph, an agency of a State (or political subdivision thereof) charged with the administration of any general public assistance, driver's license, or motor vehicle registration law which did not use the social security account number for identification under a law or regulation adopted before January 1, 1975, may require an individual to disclose his or her social security number to such agency solely for the purpose of administering the laws referred to in clause (i) above and for the purpose of responding to requests for information from an agency operating pursuant to the provisions of part A or D of title IV of the Social Security Act [42 USCS §§ 601 et seq., 651 et seq.].

Under this statute, state and local governments may require disclosure of social security numbers "solely for the purpose of administering the laws referred to in clause (i)" of that statute. 42 U.S.C. § 405(c)(2)(C)(iii). The statute prohibits further disclosure of social security numbers acquired under its authority, but it does not appear to prohibit their disclosure when they have been acquired under other circumstances.

There is scant authority on the issue you raise, i.e., whether an agency is barred from releasing social security numbers acquired under circumstances other than those described in the Privacy Act and the Social Security Act. 1 However, in

AFSCME v. City of Albany, Or.App., 725 P.2d 381 (1986), the Oregon Court of Appeals addressed a similar question. In AFSCME, a union requested the social security numbers of city employees, and the city declined to release them arguing that Oregon's Public Records Act forbade disclosure. Citing Section 7(b) of the Privacy Act, 5 U.S.C. § 552 a note, and 42 U.S.C. § 405(c)(2)(C), the city maintained that the numbers were exempt from inspection under a provision which is identical to KRS 61.878(1)(j). The court concluded:

The county did not obtain the numbers in question for the purposes . . . [described in 45 U.S.C. § 405(c)(2)(C)(iii)]; it obtained them as an employer. Defendants have directed us to no statute prohibiting an employer's disclosure of an employe's number, and we have found none.


* * *

So far as we can discern from the statute and the legislative history, Congress' concern has been with governmental use of Social Security numbers in administering programs which affect large segments of the population. That is where Congress has perceived the threat that the numbers may become universal identifiers and where it has restricted governmental acquisition and, possibly, disclosure of them. Congress simply has not regulated the uses which a state or local government may make of the numbers which government employes provide for Social Security and tax purposes.

AFSCME, at p. 384. Although we have been unable to locate any cases which are directly on point, we believe that the court's reasoning in AFSCME may be extended to the question you present.

In a conversation with the undersigned on September 23, 1992, Ms. Debbie Sullivan, a Program Analyst attached to the Atlanta Regional Office of the Social Security Administration, confirmed this conclusion. She stated that although as a matter of policy, the Administration discourages the use of social security numbers as "identifiers, " that policy is not generally observed, and no statute or regulation governs a third party's release of the numbers. She noted that her office receives numerous complaints from individuals whose social security numbers have been disclosed without authorization, but that at present federal law does not prohibit such release.

We therefore conclude that social security numbers, like other information of a personal nature, may be withheld from public inspection, if an agency in its discretion elects to do so, under KRS 61.878(1)(a). The cited federal statutes, which are incorporated into the Open Records Act by KRS 61.878(1)(j), have no bearing on this question. As we noted in OAG 79-275, at p. 4:

It is not for the Attorney General to tell the custodian of records what documents they may not release, but to tell them what documents they must release. When an official claims a document is exempt from the Open Records requirement and the requester appeals to the Attorney General under KRS 61.780, it is for the Attorney General to give an opinion as to whether the exemption applies to the particular record.

There we recognized that although the home address, social security number, and marital status of a public employee is not of public concern, and is of such a personal nature that the information could be withheld from public disclosure, KRS 61.878(1)(a) does not forbid the release of such information.

Turning to your second question, you ask whether the Board of Nursing may release information of a personal nature to a non-profit corporation if the corporation agrees by contract to maintain the confidentiality of the information. In OAG 83-256 and OAG 88-1, we answered similar questions in the affirmative. In OAG 83-256, at p. 4, we held that an agency can promise confidentiality as far as the permissive exemptions permit and such a promise should be honored. Similarly, in OAG 88-1, at p. 5, we held that a promise of confidentiality could be honored as long as it was not inconsistent with the provisions of the Open Records Act. KRS 61.878(1)(a) authorizes the nondisclosure of information of a personal nature. This is consistent with the confidentiality provision of the contract which the Board intends to enter into with the National Council of State Boards of Nursing, and it too would be honored. We therefore conclude that the Board may release the social security numbers, and other personal information, of its licensees to the National Council, and that the proposed contract to maintain the confidentiality of the information is not inconsistent with the Open Records Act.

Footnotes

Footnotes

1 The majority of cases located deal with the question of whether an agency properly required disclosure of social security numbers under the cited provisions, whether the agency informed the applicant that the disclosure was mandatory or voluntary, by what statutory or other authority such number was solicited, what uses would be made of it, and whether the statutes provide a right of action to redress violations. Doyle v. Wilson, 529 F.Supp. 1343 (D.Del. 1982); Greater Cleveland Welfare Rights Organization v. Bauer, 462 F.Supp. 1313 (N.D. Ohio 1978); Doe v. Sharp, 491 F.Supp. 346 (D. Mass. 1980); Yeager v. Hackensack Water Co., 615 F.Supp. 1087 (D.C. N.J. 1985); Freeman v. Keorner Ford of Scranton, Inc., Pa.Super., 536 A.2d 340 (1988). With the exception of AFSCME v. City of Albany, supra, none of the cases deal with a third party organization's release of social security numbers.

LLM Summary
The decision concludes that the Kentucky Board of Nursing may release the social security numbers and other personal information of its licensees to the National Council of State Boards of Nursing under a confidentiality agreement. It affirms that the exemptions in the Open Records Act are permissive, allowing the release of information unless explicitly prohibited by other laws. The decision follows previous Attorney General opinions that support the permissiveness of exemptions and the honoring of confidentiality agreements under the Open Records Act.
Disclaimer:
The Sunshine Law Library is not exhaustive and may contain errors from source documents or the import process. Nothing on this website should be taken as legal advice. It is always best to consult with primary sources and appropriate counsel before taking any action.
Type:
Open Records Decision
Lexis Citation:
1992 Ky. AG LEXIS 252
Forward Citations:
Neighbors

Support Our Work

The Coalition needs your help in safeguarding Kentuckian's right to know about their government.