Supporting Statement--0626

Supporting Statement for

Integrated Registration Services (IRES)

20 CFR 401.45

OMB No. 0960-0626

A. Justification

1. The Social Security Administration (SSA) collects this information by authority of Section 5 USC 552a, (e)(10) of the Privacy Act of 1974, which requires agencies to establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of records. Additionally, Section (f)(2)&(3) requires agencies to establish requirements for identifying an individual who requests a record or information pertaining to that individual and to establish procedures for disclosure of personal information. SSA promulgated Privacy Act rules in the Code of Federal Regulations, Subpart B. Procedures for verifying identity are at 20 CFR 401.45.

2. SSA has a process for verifying the identity of individuals, businesses, organizations, entities and government agencies to use the eService Internet and telephone applications for requesting and exchanging business data with SSA. Since it is redundant to use a paper-based signature process in addition to an electronic Internet process, SSA has an Internet-based authentication process to replace the handwritten paper based signature with a User Identification Number (User ID) and a Password. This process, the Integrated Registration Services (IRES), will verify the identity of individuals who use the Internet or telephone applications to enroll for business services, including, but not limited to:

• Electronic Wage Reporting (EWR),

• Verification of Social Security Numbers (SSNVS),

• Claimant Representative Services,

• Office of Child Support Enforcement (OCSE) Services,

• Third party Bulk Filing,

• Representative Payee Services, and

• Secure exchange of information between SSA and third parties in support of SSA and other federal government supported programs.

Currently, employers and third party submitters must send a signed copy of a Form W-3 or Form 6559 with all of their W-2 information to SSA. Attorney firms and appointed representatives must send a signed copy of Form SSA-1694, and Form SSA-1699 for Business Entity Taxpayer Information. IRES will replace the handwritten signature with a User ID and Password allowing these forms to be filed electronically.

The requestor will go online to a screen at www.ssa.gov/bso/bsowelcome.htm to provide registration information such as their name, Social Security number (SSN), Date of Birth (DOB) and address, phone and e-mail information. The electronic request screens allow the public to establish their identity with SSA prior to allowing them access to business and/or personal information through screens over the Internet or telephone. Once SSA verifies this data then the requestor will be issued a User ID and password.

Additional information collected during the authorization process which includes the following but is not limited to: EIN, additional address and organization information which is obtained in case SSA needs to communicate with the requestor. Respondents are employers and third party submitters of wage data, business entities providing tax payer identification information and data exchange partners conducting business in support of SSA programs.

3. This information collection is automated. The requester keys and transmits to SSA over the Internet or by telephone identifying information, which is compared in real time to existing electronic records. If the information keyed and transmitted matches with that in SSA records, the requester is provided with a User ID and Password.

4. The information collected through these screens has already been collected and posted to SSA’s master electronic records, but is being asked again for comparison and verification. There currently is no existing alternative means of SSA’s verifying identity electronically through use of a User ID and Password when the request for secured information is user-initiated over the Internet or by telephone.

5. There is no significant impact on small businesses or entities. We anticipate that the requestor will take approximately 2 minutes once every year to fill out the IRES screens. This compares favorably to the time it takes to fill out paper Forms, e.g., W-3 and 6559. In addition, the use of the IRES User ID and Password will provide additional labor saving features that are not currently available or are provided at a fee to businesses.

6. Failure to be able to verify the requester’s identity would result in SSA’s not being able to respond to these Internet or telephone requests. Making this service available electronically saves the requester the effort of mailing their forms to SSA or phoning a SSA TeleService Center or visiting an SSA field office to obtain name/SSN information. It also saves SSA staff time. Since this information is only requested on an as needed basis, the information cannot be collected less frequently. There are no technical or legal obstacles that prevent burden reduction.

7. There are no special circumstances that would cause this information collection to be conducted in a manner that is not consistent with 5 CFR 1320.5.

8. The 60-day advance Federal Register Notice was published on February 27, 2008, at 73 FR 10505, and SSA has received no public comments. The 30-day Federal Register Notice was published on June 11, 2008, at 73 FR 33138. If SSA receives any public comments in response to this Notice, we will forward them to OMB. There have been no outside consultations with members of the public.

9. SSA provides no payments or gifts to the respondents.

10. The information provided on this form is protected and held confidential in accordance with 42 U.S.C. 1306, 20 CFR 401 and 402, 5 U.S.C. 552 (Freedom of Information Act), 5 U.S.C. 552a (Privacy Act of 1974) and OMB Circular No. A130. In addition, information collected by SSA is protected by our Privacy Policy for Internet Services that ensures the confidentiality of all information provided by the requester. Our Internet privacy policy is:

• You do not need to give us personal information to visit our site.

• We collect personally identifiable information (name, SSN, DOB or E-mail) only if specifically and knowingly provided by you.

• Personally identifying information you provide will be used only in conjunction with services you request as described at the point of collection.

• We sometimes perform statistical analyses of user behavior in order to measure customer interest in the various areas of our site. We will disclose this information to third parties only in aggregate form.

• We do not give, sell, or transfer any personal information to a third party.

• We do not enable “cookies.” (A “cookie” is a file placed on your hard drive by a Web site that allows it to monitor your use of the site, usually without your knowledge.)

Additionally, SSA will ensure the confidentiality of the requester’s personal information in several ways:

• All electronic requests will be encrypted using the Secure Socket Layer (SSL) security protocol. SSL encryption prevents a third party from reading the transmitted data even if intercepted. This protocol is an industry standard, and is used by banks such as Wells Fargo and Bank of America for Internet banking.

• The requester will be given adequate warnings that the Internet is an open system and there is no absolute guarantee that others will not intercept and decrypt the personal information they have entered. They will be advised of alternative methods of requesting personal information, i.e., personal visit to a field office or a call to the 800 number.

• Only upon verification of identity will the requester be allowed access to additional screens which allow requests for personal information from SSA.

11. The information collection does not contain any questions of a sensitive nature.

11. The requester will supply the information, e.g., name, SSN, DOB, and address information (the EIN will be collected during the employer registration if appropriate). However, with the addition of representative payees using IRES in support of beneficiaries the approximate numbers are as follows: there are 5.4 million representative payees, including 39,000 organization representative payees, serving 7.2 million beneficiaries. We project 15% of representative payees to use IRES for registration. Therefore we estimate that the current 460,000 requesters will more than almost triple to approximately 1.3 million requesters who will use these screens each year to submit identification verification information, and it will take 2 minutes to answer the questions, for an annual reporting burden of 42,333 hours.

13. There is no cost burden to the respondents.

14. A cost per transaction to the Federal Government for each authentication has not been calculated since this is an entirely electronic authentication system with relatively low ongoing costs.

15. The increase in the Annual Reporting Burden from 15,333 to 42,333 is due to the addition of new users for IRES conducting business in support of SSA programs and other government agencies.

16. The results of the information collection will not be published.

17. SSA is not requesting an exception to the requirement to display an expiration date.

18. SSA is not requesting an exception to the certification requirements at 5 CFR 1320.9 and related provisions at 5 CFR 1320.8(b)(3).

B. Collection of Information Employing Statistical Methods

Statistical methods are not used for this information collection.