While employed at IMRF, employees may have access to personal information, such as compensation, addresses, birth dates, family status, social security numbers, pertaining to other employees, members and employers. IMRF employees are required to maintain the confidential nature of this information.
However, disclosure of certain personal information to internal or external parties may be allowed under the Freedom of Information Act. Regardless of the legality of obtaining this information, IMRF employees are strictly forbidden to use such information for personal and/or professional purposes. Any violation of this prohibition will result in a performance management procedure which may include termination of employment. For more information on FOIA, please contact Human Resources or General Counsel.
Identity Protection Policy
Extracted from Board Resolution 2011-06-05
WHEREAS, the Identity Protection Act (5 ILCS 179/1 et seq.) was effective on June 1, 2010 (P.A. 96-0874) and sets forth certain prohibitions and requirements relative to local government agencies with the goal of providing additional protection to, and preventing the unauthorized use of, Social Security numbers; and
WHEREAS, the Identity Protection Act requires that all local government agencies draft and approve an identity protection policy by June 1, 2011 (the policy must be implemented by June 1, 2012); and
WHEREAS, to comply with the requirements of the Identity Protection Act, the following identity protection policy has been developed; and
THEREFORE, it is hereby RESOLVED that the Board of Trustees adopts the following policy as required by the Identity Protection Act to assure the confidentiality and integrity of Social Security Numbers that the Fund may collect, maintain and use, and to safeguard such Social Security Numbers against unauthorized access:
I. Generally
It is the policy of the Illinois Municipal Retirement Fund ("Fund") to take all measures necessary to protect the identity and privacy of all Fund officials, officers, members, agents and members of the public. The Fund shall comply with the Illinois Identity Protection Act ("IPA") through implementation of this policy. (5 ILCS 179/35)
Except when necessary in order for the Fund to perform its duties and responsibilities, or authorized by law or regulation, the Fund, its Board of Trustees, officers, employees and agents shall not collect, use, or disclose a person's Social Security Number ("SSN"). The Fund, its Board of Trustees, officers, employees and agents shall not request SSNs except under a delineated exception permitted under the IPA. If any law, rule, or regulation regarding the collection, use or disclosure of SSNs is more restrictive than this policy, then that law, rule or regulation shall govern. (5 ILCS 179/55)
II. Prohibited Activities and Exceptions
- An officer, employee or agent of the Fund shall not do any of the following:
- Publicly post or publicly display in any manner an individual's SSN.
- Print an individual's SSN on any card required for the individual to access products or services provided by the Fund, unless otherwise required by law. This limitation includes encoding and embedding a SSN in any identification scheme, including, but not limited to, using a bar code, chip, magnetic strip, RFID technology, or other technology, in place of the SSN.
- Require an individual to transmit his or her SSN over the internet, unless the connection is secure or the SSN is encrypted.
- Print an individual's SSN on any materials that are mailed to the individual through the U.S. Postal Service, any private mail service, electronic mail, or any similar method of delivery, unless state and federal law requires the SSN to be on the document to be mailed.
The limitation of this sub-paragraph 4 shall not apply to applications and forms sent by mail, including but not limited to:- Material mailed in connection with the administration of the Unemployment Insurance Act;
- Material mailed in connection with any tax administered by the Illinois Department of Revenue; and
- Documents sent as part of an application or enrollment process or to establish, amend, or terminate an account, contract, or policy or to confirm the accuracy of the SSN;
- When sending applications and forms by mail as allowed under this sub-paragraph, the SSN shall never be printed, in whole or in part, on a postcard or other mailer that does not require an envelope, or that is visible without opening the envelope.
- In addition, and except as otherwise provided in this policy, no officer, employee or agent of the Fund shall do any of the following:
- Collect, use or disclose a SSN from an individual unless:
- Required by federal or state law, rules or regulations, or the collection, use, or disclosure of the Social Security number is otherwise necessary for the performance of the Fund's duties and responsibilities;
- The need and purpose is documented prior to the collection, use or disclosure; and
- The collection, use or disclosure is relevant to the documented need and purpose.
- Require an individual to use his or her SSN to access an internet website.
- Use an SSN for any purpose other than for which it was collected.
- Collect, use or disclose a SSN from an individual unless:
- Prohibitions set forth in Section B, above, do not apply in the following circumstances:
- The disclosure of Social Security numbers to agents, employees, contractors, or subcontractors of the Fund or disclosure by the Fund to another governmental entity or its agents, employees, contractors or subcontractors if disclosure is necessary in order for the Fund to perform its duties and responsibilities; and, if disclosing to a contractor or subcontractor, prior to such disclosure, the Fund must first receive from the contractor or subcontractor a copy of the contractor or subcontractor's policy that sets forth how the requirements imposed under the IPA will be achieved.
- The disclosure of SSNs pursuant to court order, warrant, or subpoena.
- The collection, use, or disclosure of SSNs, in order to ensure the safety of: State and local government employees; persons committed to correctional facilities; local jails, and other law enforcement facilities or retention centers; wards of the State and all persons working in or visiting a State or local government agency facility.
- The collection, use or disclosure of SSNs for internal verification or administrative process.
- The disclosure of SSNs by a State agency to any entity for the collection of delinquent child support or of any State debt or to a government agency to assist with an investigation or the prevention of fraud.
- The collection or use of SSNs to investigate or prevent fraud, to conduct background checks, to collect a debt, to obtain a credit report from a consumer reporting agency under the federal Fair Credit Reporting Act, to undertake any permissible purpose that is enumerated under the federal Gramm Leach Bliley Act, or to locate a missing person, a lost relative, or a person who is due a benefit, such as a pension benefit or an unclaimed property benefit.
III. Access to SSNs
Only Fund officers, employees and agents who are required to use or handle information or documents that contain SSNs shall have access to such information or documents.
IV. Statement of Purpose
When collecting a SSN, or upon request by the individual a statement of purpose or purpose for which the Fund is collecting and using the SSN must be provided. A template Statement of Purpose is attached hereto as Exhibit A.
V. FOIA Requests
Pursuant to the IPA, the Fund's Freedom of Information Officer(s) or designee shall redact SSNs and private information from documents, including all or any portion of the individual's SSN requested for public inspection and copying of information pursuant to federal or state law, such as the Freedom of Information Act. [(5 ILCS 179/15; 5 ILCS 140/2(c-5)] SSNs requested from an individual shall be provided in a manner that makes the SSN easily redacted if required to be released as part of a public records request.
VI. Violations
Penalties for a violation of this policy include disciplinary action up to and including termination and/or criminal prosecution as provided by the IPA. (5 ILCS 179/45)
VII. Training
All Fund employees who have access to SSNs in the course of performing their duties with the Fund shall undergo approved training on the confidentiality of SSNs. Training shall include instructions on the proper handling of information that contains SSNs from the time of collection through the destruction of the information.
VIII. Distribution of Policy
All employees of the Fund shall be advised of the existence of this policy and this policy shall be made available to each employee of the Fund and any member of the public, upon request.
Statement of Purpose for Collection of Social Security Numbers by IMRF
What is a Statement of Purpose?
The Identity Protection Act, 5 ILCS 179/1 et seq., requires IMRF ("Fund") to draft, approve, and implement an Identity Protection Policy that includes a Statement of Purposes or Purposes for which the Fund is collecting and using an individual’s Social Security Number ("SSN"). You are being provided this Statement of Purpose because you have been asked by the Fund to provide your Social Security Number or because you requested a copy of this Statement of Purpose.
Why does the Fund request your SSN?
You are being asked for your SSN for one or more of the following reasons:
- Internal verification;
- Administrative services relating to the Fund;
- Collection, use and/or disclosure of your SSN is required by Federal or State law, rules, or regulations, or is otherwise necessary for the performance of the Fund’s duties and responsibilities;
- Prevention of fraud to your membership in the Fund;
- To investigate or prevent fraud relative to potential employment with the Fund;
- To conduct a background check relative to potential employment with the Fund;
- To undertake any permissible purpose that is enumerated under the Federal Gramm Leach Bliley Act, or to locate a missing person, lost relative or a person who is due a benefit from the Fund.
What does the Fund do with your SSN?
The Fund will only use your SSN for purposes for which it was collected. The Fund will not:
- Sell, lease, loan, trade, or rent your SSN to a third party for any purpose;
- Publicly post or publicly display your SSN;
- Print your SSN on any card required for you to access Fund services;
- Require you to transmit your SSN unless the connection is secure or your SSN is encrypted; or
Print your SSN on any materials that are mailed to you, unless State or Federal law requires that number to be on documents mailed to you, or unless we are confirming the accuracy of that number. If your SSN is on a document that is mailed to you, that document will be in a sealed envelope and your SSN will not be visible without the envelope having been opened.