Download: doc | pdf

Supporting Statement for

Consent Based Social Security Number Verification (CBSV)

20 CFR 401.100

OMB No. 0960-NEW

A. Justification

1. Authorizing Laws and Regulations –

Third party requesters, such as private businesses, present the Social Security Administration (SSA, or the Agency) with high volume requests for SSN (Social Security Number) verifications.  To facilitate processing these requests, SSA is developing a business process and the associated technical requirements that will provide a more efficient means to respond as well as reduce the burden to the Agency.  To provide an SSN verification, the requester must first obtain valid consent from the number holder, i.e., the individual who is the subject of the record.  Legal authority for SSN verification is found in the Privacy Act at 5 U.S.C. § 552a(b), Section 1106 of the Social Security Act (codified at 42 U.S.C. § 1306) and section 20 C.F.R. § 401.100 of the Code of Federal Regulations.  Additionally, Section 205(a) of the Social Security Act, as codified at 42 U.S.C. § 405, authorizes the Commissioner to set forth such rules, regulations, and procedures that are necessary to carry out the Agency's programs and related responsibilities.

2. How, by Whom and for What Purpose the Information is to be Used –

The Consent Based Social Security Number Verification Process (CBSV) is a fee based SSN verification service that can be used by private businesses and other requesting parties that have obtained valid consent from number holders. The purpose of the information collection is to verify for the requesting party that the submitted name and SSN matches or does not match the data contained in SSA’s records. After signing a User Agreement and completing a registration process, the requesting party shall submit a file containing names of number holders that have given valid consent, along with each number holder’s accompanying SSN through the CBSV Internet or web service application. The information is matched against SSA’s Master File, using SSN, name, date of birth and gender code (if available). The system includes limited name and date of birth tolerances. The results file that SSA returns over the Internet or web service will only show a match/no match indicator (and an indicator if our records show that the individual issued the SSN is deceased). SSA will not provide specific information on what data elements did not match. SSA will not provide any SSNs. The verification does not authenticate the identity of the individual or conclusively prove that the individual submitting the information is who he or she claims to be. The requesting party will obtain a results file over the Internet or web service.

CBSV is a new system that will replace a process that has been performed manually called the Interim Verification Process (IVP). CBSV is intended to automate the current process, and provide safeguards to further protect the verification information. See Addendum A for a description of the current IVP process and an explanation of the Agency’s long-term strategy.

Under the CBSV process, the requesting party does not submit the consent forms to SSA. SSA requires each requesting party to retain a valid consent form for each SSN verification request (Form SSA-89, Authorization for SSA to Release SSN Verification) for a period of seven years. The requesting party is permitted to retain the Form SSA-89 in either electronic or paper format.

So SSA may ensure that the requesting parties have obtained valid consent from number holders, each requesting party will be required to contract for an independent certified public accountant (CPA) to conduct compliance reviews. The reviews also ensure that all terms and conditions of the User Agreement are being met. The CPA will conduct these reviews at the Agency’s request. All compliance review costs are borne by the requesting party. In general, the Agency anticipates annual reviews with additional reviews as determined necessary by SSA. The CPA will follow standards established by the American Institute of Certified Public Accountants.

The results of the review are sent directly to SSA. If SSA determines that the reported findings of the compliance review are unsatisfactory, under the User Agreement, SSA may elect to:

• Perform its own onsite inspection (see Article VI, Compliance Reviews, of the User Agreement); and/or

• Refer the report to its Office of the Inspector General for appropriate action, including referral to the Department of Justice for criminal prosecution; and/or

• Cancel the User Agreement; and/or

• Take any other action the Agency deems necessary.

In addition, at any time, SSA may make onsite inspections of the requester’s site including a systems review to ensure required precautions have been taken to protect the Forms SSA-89 and to assess system security overall.

Any third party who presents a valid consent form from the number holder (i.e., the subject of the record) may request and receive SSN verifications in local SSA Field Offices. Prior to the development of CBSV, SSA was experiencing an increasing demand from the business community for SSN verifications in high volume. As the number of such requests grew, SSA identified the need for a centralized, automated way to verify SSNs with valid consent. To minimize the operational burden and provide benefits to the Agency and the business community, SSA has decided to provide SSN verifications to the respondents through CBSV. The business community will benefit because they will get fast, centralized service without having to visit one of the Agency’s Field Offices. SSA will also benefit because this will allow our Field Office personnel to focus on program-related work. Finally, the CBSV service will offer benefits to the number holders since, based on consent, the SSN verification will be processed more efficiently [e.g., for mortgage applications]. See Addendum B: Description of Business Process for CBSV Automated Process

3. Use of Information Technology to Collect the Information –

Most of the IC activities for this ICR, such as storage and maintenance of forms, compliance activities, etc., are not electronic due to their nature. However, the actual SSN verification process is electronic.

4. Why Duplicate Information Cannot Be Used -

The nature of the information being collected and the manner in which it is collected preclude duplication. There is no other collection instrument used by SSA that collects data similar to that collected here.

5. How Burden on Small Respondents is Minimized -

This is a fee based application and businesses that elect to enroll in this service incur costs at start up ($5,000 registration fee) and as they utilize the system (i.e., transaction fee). To the extent feasible SSA has tried to mitigate users’ costs. There is extensive interest among the small business community for this type of service because they believe it will save them time and improve efficiency in verifying Social Security Numbers. The use of CBSV is purely voluntary.

6. Consequence of Not Collecting Information or Collecting Less Frequently -

If this information were not collected, many businesses would not have the ability to obtain the SSN verification they need for business purposes and which they have asked for. Since the information is only collected once per person, it cannot be collected less frequently.

There are no technical or legal obstacles that prevent burden reduction.

7. Special Circumstances that Need to be Explained -

Consent Form Retention Requirement

SSA will require third parties that participate in its CBSV process to retain the signed consent form of the individual who is the subject of the verification request (Form SSA-89, Authorization for SSA to Release SSN Verification) for seven years. The consent form is not submitted to SSA. The Agency’s primary purpose for requiring third parties to retain consent forms for seven years is based on SSA’s need to ensure that it can obtain a copy of the consent form (Form SSA-89) to defend against or prosecute alleged violations of civil and criminal law. The Agency will permit the third parties to retain copies of the consent forms (Form SSA-89) in either paper or electronic format.

Because the Privacy Act establishes a two-year statute of limitations that begins when the individual discovers a potential violation of the Act (5 U.S.C. § 552a(g)(5)), SSA must require no less than a three-year consent retention period to ensure that it can obtain a copy of the consent form (Form SSA-89) from the third party to defend against any alleged Privacy Act cause of action.

In addition, other statutes of limitations applicable to criminal actions that might arise from consent based disclosures to third parties counsel in favor of a seven-year retention period. For example, in the event an employee of a third party provides fraudulent consent forms to the Agency or a third party misrepresents the validity of a consent, several federal statutes could be used to investigate and prosecute fraud against the Government, including 18 U.S.C. § 371 (conspiracy to defraud the Government) and 18 U.S.C. § 1001 (false statements).

Accordingly, the Agency is requiring a seven-year consent retention period in order to prosecute alleged violations of criminal law. A seven-year retention period will also serve to reinforce the need for third parties to provide SSA with accurate and valid consent forms (Form SSA-89) as a critical requirement.

8. Solicitation of Public Comment and Other Consultations with the Public –

The 60-day advance Federal Register Notice was published on December 30, 2005, at 70 FR 77439. Numerous public comments were submitted to SSA in response to this Notice over the past year and a half. See Addendum C, Consent Based SSN Verification (CBSV) System, Office of Management and Budget Clearance Package, Response to Public Comments, for SSA’s response to these public comments. The 30-day Federal Register Notice was published on August 10, 2007, at 72 FR 45079. We will forward any public comments we receive in response to this Notice.

SSA had a brief one-time consultation with three independently contracted privacy experts. The privacy experts were provided with some background material on the CBSV process. They were asked to comment on specific options being considered to enhance the process.

9. Payment or Gifts to Respondents -

SSA provides no payment or gifts to the respondents.

10. Assurances of Confidentiality -

The information requested is protected and held confidential in accordance with 42 U.S.C. § 1306, 20 CFR §401.100, 5 U.S.C. § 552a (Privacy Act of 1974) and OMB Circular No. A-130.

11. Justification for Sensitive Questions -

The information collection does not contain any questions of a sensitive nature.

12. Estimates of Public Reporting Burden –

NOTE:

For the first IC, the registration process, the registration form itself will only take several minutes. The rest of the time accounts for reading through the User Guide and other registration requirements. See Section 2 of the User Guide for details.

The burden is based on a preliminary estimate of 90 requesting parties participating in the first year.

The number of Federal work days is 251 days per year. This excludes Saturdays, Sundays, and Federal Holidays. Based on the current SSN Interim Verification Process, it is anticipated that most companies will submit at least one file daily. Agency program related workloads will take priority over these requests.

13. Annual Cost to the Respondents (Other)

SSA must be compensated for non program-related work it does for others so that the Social Security Trust Funds do not bear the costs of such activities. Advance payment is required before work begins on reimbursable projects requested by non-Federal organizations. OMB Circular A-11 (Preparation, Submission, and Execution of the Budget) stipulates that budgetary resources for reimbursable work with non-Federal organizations, including state and local governments, are not available for obligation until advance payments are received. This policy is designed to prevent unintentional violations of the Anti-Deficiency Act. Also, advance payment covers start-up costs if a User Agreement is cancelled, protects SSA against any uncollectible debts, and prevents SSA components’ regular administrative allowance from having to absorb the cost. Accordingly, non-Federal requesters must pay 100 percent of SSA’s estimated transaction costs in advance.

At least quarterly, SSA prepares a bill (Form SSA-1036) that illustrates exactly how much work was actually performed for the requesting party during the period and submits this to its Office of Finance. The Office of Finance applies the amount listed on the Form SSA-1036 from the requesting party’s advance payment to the SSA component's budget account. The Office of Finance prepares a quarterly statement for each requesting party illustrating how much of its advance payment has been applied and how much is currently available. Thus, SSA is compensated for reimbursable work.

The public burden cost is dependent upon the number of companies and transactions. The first year cost estimates below are based upon 90 participating companies submitting a total of 10 million transactions. The total cost for developing the system is $5.6 million. SSA has already expended $3.0 million that will be recouped over the depreciable life of the system based on the fee per transaction model.

CBSV Cost Burdens

Total CBSV Cost Burden (With Web Service Building Option)

One-Time Per Company Registration Fee - $5,000 x 90 companies = $450,000

Estimated Per SSN Transaction Fee - $0.27 x 10,000,000* SSN requests = $2,700,000

Cost To Build the Company’s Own Web Service - $200,000** x 90 companies = $18,000,000

To Store Consent Forms - $300*** x 90 companies = $27,000

Cost To Contract with CPA for Audit - $8,000 x 90 companies = $720,000

_________________________________________________________________________

Total CBSV Cost Burden - $21,897,000

*The number of SSN requests submitted will vary greatly per company. The 10,000,000 estimate represents the total estimated number of verifications that SSA anticipates receiving on an annual basis

** Note that companies are not required to have SSA create an individualized web service for them. A company may choose to submit batch files via the SSA website or submit real-time individual requests via the SSA website. There is no public burden cost with either of these methods of using the CBSV system.

***In the Federal Register Notice published on 8/10/07 at 72 FR 45079, we inadvertently gave this cost as being $20,000 per participating company. Our most recent data reveal that the true cost is $300 per company, which is what we are reporting here.

Total CBSV Cost Burden (Without Web Service Building Option)

One-Time Per Company Registration Fee - $5,000 x 90 companies = $450,000

Estimated Per SSN Transaction Fee - $0.27 x 10,000,000* SSN requests = $2,700,000

To Store Consent Forms - $300** x 90 companies = $27,000

Cost To Contract with CPA for Audit - $8,000 x 90 companies = $720,000

_________________________________________________________________________

Total CBSV Cost Burden - $3,897,000

*The number of SSN requests submitted will vary greatly per company. The 10,000,000 estimate represents the total estimated number of verifications that SSA anticipates receiving on an annual basis

**In the Federal Register Notice published on 8/10/07 at 72 FR 45079, we inadvertently gave this cost as being $20,000 per participating company. Our most recent data reveal that the true cost is $300 per company, which is what we are reporting here.

SSA will hold an “open enrollment” season. If more than the estimated number of companies enrolls, the transaction fee costs cited above could be less. In addition, SSA will periodically recalculate its costs to provide CBSV services and adjust the fee charged as needed. Companies will be notified in writing of any change and will have the opportunity to cancel the agreement or continue service using the new transaction fee.

13. Annual Cost To Federal Government –

This is a fee-based service that is designated to recover the full costs to SSA.

13. Program Changes or Adjustments to the Information Collection Budget

This is a new information collection that will increase the public reporting burden.

16. Plans for Publication of Results of Information Collection -

The results of the information collection will not be published.

17. Request not to Display OMB Expiration Date –

SSA is requesting an exemption from displaying the expiration date on the web pages associated with this process.  The reason for this request is that it will cost SSA staff significant hours and cost to perform an additional software release solely to change the OMB expiration date.

18. Exceptions to Certification Statement:

SSA is not requesting an exception to the certification requirements at 5 CFR 1320.9 and related provisions at 5 CFR 1320.8(b)(3).

2. Collections of Information Employing Statistical Methods

Statistical methods are not used for this information collection.

File Type	application/msword
File Title	Supporting Statement
Author	496860
Last Modified By	Faye I. Lipsky
File Modified	2007-08-15
File Created	2007-08-15