Facts and Procedural History:

On June 7, 2004, IPAD received a letter from Howard A. Vomhof, in which he asked the Commissioner to issue an advisory opinion regarding a determination by the Minnesota Department of Revenue about a data practices issue. The issue involves the collection of private data from Mr. Vomhof. In his request, he specifically stated that he wished to be identified in this opinion, and gave his consent for same.

In response to Mr. Vomhof's request, IPAD, on behalf of the Commissioner, wrote to Daniel A. Salomone, Commissioner of Revenue. The purposes of this letter, dated June 14, 2004, were to inform him of Mr. Vomhof's request and to ask him to provide information or support for the Department's position. On June 21, 2004, IPAD received a response from Commissioner Salomone. A summary of the facts of this matter follows.

Mr. Vomhof questions whether the Department provided him with complete proper notice, under state and federal law, in connection with the collection of his Social Security number on the Department's 2003 Minnesota Individual Income Tax form.

In his comments to the Commissioner, Commissioner Salomone wrote:

Minn. Stat. section 289A.08, subd. 11, regarding information required to be included on an income tax return, specifically says that the return 'must state the social security number of the taxpayer'. The instruction booklet advises individuals that all information on their return (other than the information listed in the instructions as not being required) is required by Minnesota law in order to determine their correct tax liability. Part of determining their correct tax liability is having enough information from them to properly identify who they are, so that their income tax payment or income tax refund can be credited or sent to the right person. . . . . The instruction booklet has a comprehensive explanation of all the persons or entities authorized by law to share information from an individual's income tax return with the Department of Revenue. This list is derived from the list that appears in Minn. Stat. section 270B.14. . . . .

The Department of Revenue has always taken great care in preparing the income tax instruction booklet every year, to ensure that the use of information portion is accurate, complete, and up to date with the most current law changes included. . . . .

One final point I would like to address. The [opinion notice from IPAD] indicates that the advisory opinion is going to discuss federal law pertaining to the notice to individuals of the need for and use of their social security numbers, as well as state law. The authority under Minn. Stat. section 13.072 to issue advisory opinions appears to be limited to Minnesota law. Therefore, I request that your opinion be limited only to the application of Minnesota law.

Issue:

In his request for an opinion, Mr. Vomhof asked the Commissioner to address the following issue:

Did the Minnesota Department of Revenue provide proper notice, pursuant to Minnesota Statutes, Chapter 13, and federal law, when it asked an individual to supply his Social Security number in connection with filing his 2003 Minnesota Individual Tax form?

---

Discussion:

At the outset, the Commissioner (of Administration) wishes to address Commissioner Salomone's statement that, under Minnesota Statutes, section 13.072, the Commissioner's authority to issue advisory opinions appears to be limited to Minnesota law. Pursuant to section 13.03, subdivision 1, federal laws can and do classify data maintained by Minnesota government entities, as defined at section 13.02, subdivision 7a. Historically, the Commissioner has taken the position that when federal and state laws intersect and affect an individual's rights as a subject of data or right to gain access to data, he may issue an advisory opinion. The Commissioner continues to take that position.

A government entity's collection, use, and dissemination of an individual's Social Security number are subject to requirements of both state and federal law. Pursuant to Minnesota Statutes, section 13.355, subdivision 1, Social Security numbers are private data. According to section 13.04, subdivision 2, when a government entity asks an individual to supply private and/or confidential data about him/herself, such as a Social Security number, the entity is required to give the individual a notice, commonly referred to as the Tennessen warning, which must contain the following components: (a) the purpose and intended use of the requested data within the collecting government entity; (b) whether the individual may refuse or is legally required to supply the requested data; (c) any known consequence arising from supplying or refusing to supply private or confidential data; and (d) the identity of other persons or entities authorized by state or federal law to receive the data.

In addition, the federal Privacy Act of 1974 requires federal, state, and local government entities requesting Social Security numbers to provide individuals with a notice, as follows: [a]ny Federal, State, or local government agency which requests an individual to disclose his Social Security account number shall inform that individual whether that disclosure is mandatory or voluntary, by what statutory or other authority such number is solicited, and what uses will be made of it. (See Section 7(b) of Public Law 93-579, the Privacy Act of 1974. Public Law 93-579 was codified at 5 U.S.C. section 552a. Section 7 was contained in a note, and not incorporated into the U.S. Code.)

Further, federal law provides that federal, state, and local government agencies cannot deny any rights, privileges or benefits to individuals who refuse to provide their Social Security numbers unless the disclosure is required or authorized by federal statute, or the disclosure is for use in a record system which required the Social Security number before 1975. Federal law does allow an agency to deny rights, privileges or benefits to individuals who refuse to provide their Social Security numbers to the extent that Social Security numbers are used in the administration of any tax, general public assistance, driver's license, or motor vehicle registration law within its jurisdiction. (See Tax Reform Act of 1976, 42 U.S.C. section 405(c)(2)(C)(i) and (iv).)

The Commissioner has opined that, in situations like this one, where both a Tennessen warning and federal Privacy Act notice are required, it is acceptable for a government entity to provide a combined notice that contains all the elements of both the state and federal requirements. (See Advisory Opinion 04-020.) However, the potential for confusion exists because the notice requirements, while similar, are not identical.

For example, federal law requires that the notice contain the statutory or other authority that governs the collection of the Social Security number; state law does not. Furthermore, state law requires that an individual be informed of uses of data within the requesting government entity. The rationale for this requirement is that, particularly in those situations where an entity is authorized or required to provide data to other entities, the collecting entity cannot be responsible for knowing all of the uses outside its own organization. By contrast, the language of the federal Privacy Act seems to indicate that government entities are responsible for communicating all uses that will be made of the Social Security number. The Commissioner is of the opinion that a reasonable reading of the state and federal law requirements leads to a conclusion that entities are required to communicate only those uses of the data being collected that are reasonably known to the entity at the time of collection.

With respect to the specific content of the notice contained in the 2003 Minnesota Individual Income Tax form, the Commissioner has the following comments. Missing from the Tennessen warning requirement is a statement of the possible consequences, known to the Department, of an individual supplying his/her Social Security number.

It is the Commissioner's opinion that the notice also lacks a component of the federal requirement, namely, the statutory or other authority under which the Department is requesting the Social Security number. According to Commissioner Salomone, that authority is provided at Minnesota Statutes, section 289A.08, subdivision 11. The notice should contain that specific statutory reference. The Commissioner notes that the rules of the Department of Administration provide a methodology to assist government entities in gathering the information and making the determinations that will assist them to provide adequate Tennessen warnings. (See Minnesota Rules, Part 1205.1300.)

---

Opinion:

Based on the facts and information provided, my opinion on the issue raised by Mr. Vomhof is as follows:

The Minnesota Department of Revenue did not provide proper notice under Minnesota Statutes, section 13.04, subdivision 2, when it asked an individual to supply his Social Security number in connection with filing his 2003 Minnesota Individual Tax form, because the notice does not inform him of any known consequence arising from supplying his Social Security number. The notice also does not meet the requirements of federal law, because it did not specify the statutory or other authority under which the Department was collecting his Social Security number.

Signed:

Brian J. Lamb
Commissioner

Dated: July 29, 2004

---