Supporting Statement--0626

Supporting Statement for

Single Sign-On (SSO) & Integrated Registration Services (IRES)

20 CFR 401.45

OMB No. 0960-0626

A. Justification

1. The Social Security Administration (SSA) collects this information by authority of Section 5 USC 552a, (e)(10) of the Privacy Act of 1974 which requires agencies to establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of records. Also, Section 5 USC 552a, (f)(2)&(3) requires agencies to establish requirements for identifying an individual who requests a record or information pertaining to that individual and to establish procedures for disclosure of personal information. SSA promulgated Privacy Act rules in the Code of Federal Regulations, Subpart B. Procedures for verifying identity are at 20 CFR 401.45.

2. SSA has a process for verifying the identity of individuals, businesses, organizations, entities and government agencies to use the eService Internet and telephone applications for requesting and exchanging business data with SSA. Since it is redundant to use a paper-based signature process in addition to an electronic Internet process, SSA has an Internet-based authentication process to replace the handwritten paper-based signature with a User Identification Number (User ID) and a Password. This process, the Integrated Registration Services (IRES) will verify the identity of individuals who use the Internet or telephone applications to enroll for business services, including, but not limited to:

• Electronic Wage Reporting (EWR),

• Verification of Social Security Numbers (SSNVS),

• Claimant Representative Services,

• Office of Child Support Enforcement (OCSE) Services,

• Third party Bulk Filing,

• Representative Payee Services, and

• Secure exchange of information between SSA and third parties in support of SSA and other federal government-supported programs.

Currently employers and third party submitters must send a signed copy of a Form W-3 or Form 6559 with all of their W-2 information to SSA. Attorney firms and appointed representatives must send a signed copy of Form SSA-1694 (0960‑0731), and Form SSA‑1699 (0960-0732) for Business Entity Taxpayer Information. IRES will replace the handwritten signature with a User ID and Password allowing respondents to file these forms electronically.

The requestor goes online to a screen at www.ssa.gov/bso/bsowelcome.htm to provide registration information such as their name, Social Security number (SSN), Date of Birth (DOB) and address, phone and e-mail information. The electronic request screens allow the public to establish their identity with SSA prior to allowing them access to business and/or personal information through screens over the Internet or telephone. Once SSA verifies this data then we will issue the requestor a User ID and password.

SSA obtains additional information collected during the authorization process (includes but not limited to: EIN, additional address and organization information) to communicate with the requestor, as needed. We also request further information for Appointed Representatives using the new Single Sign-On functionality (see Addendum).

Finally, we are adding the Customer Support Application (CSA) for telephone users who are either not able to use IRES via the Internet, or who fail to successfully complete the registration process online. CSA allows those users to complete the registration process via a telephone interview with a customer service representative (see Addendum). Respondents are employers and third party submitters of wage data, business entities providing tax payer identification information and data exchange partners conducting business in support of SSA program.

3. This is an automated information collection. The requester keys and transmits to SSA over the Internet or by telephone identifying information, which SSA compares in real time to existing electronic records. If the information keyed and transmitted matches with that in SSA records, we provide the requester with a User ID and Password.

4. The information collected through these screens has already been collected and posted to SSA’s master electronic records, but SSA asks it again for comparison and verification. There currently is no existing alternative means of SSA’s verifying identity electronically through use of a User ID and Password when the request for secured information is user-initiated over the Internet or by telephone.

5. There is no significant impact on small businesses or entities. We anticipate that the requestor will take approximately 2-5 minutes once every year to fill out the IRES screens and approximately 11 minutes to use the CSA telephone application. This compares favorably to the time it takes to fill out paper Forms, e.g., W-3 and 6559. In addition, the use of the IRES User ID and Password will provide additional labor saving features that are not currently available, or that we usually provide at a fee to businesses.

6. Failure to verify the requester’s identity would result in SSA’s not being able to respond to these Internet or telephone requests. Making this service available electronically saves the requester the effort of mailing their forms to SSA or phoning a SSA TeleService Center or visiting an SSA field office to obtain name/SSN information. It also saves SSA staff time. Since SSA only requests this information on an as needed basis, we cannot collect the information less frequently. There are no technical or legal obstacles that prevent burden reduction.

7. There are no special circumstances that would cause SSA to conduct this information collection in a manner that is not consistent with 5 CFR 1320.5.

8. The 60-day advance Federal Register Notice published on April 28, 2009, at 74 FR 19261, and SSA has received no public comments. The second Notice published on July 20, 2009 at 74 FR 35225, and SSA has received no public comments. There have been no outside consultations with members of the public.

9. SSA provides no payments or gifts to the respondents.

10. The information provided on this form is protected and held confidential in accordance with 42 U.S.C. 1306, 20 CFR 401 and 402, 5 U.S.C. 552 (Freedom of Information Act), 5 U.S.C. 552a (Privacy Act of 1974) and OMB Circular No. A130. In addition, our Privacy Policy protects information collected by SSA for Internet Services that ensures the confidentiality of all information provided by the requester. Our Internet privacy policy is:

• You do not need to give us personal information to visit our site.

• We collect personally identifiable information (name, SSN, DOB or E-mail) only if specifically and knowingly provided by you.

• We will use personally identifying information you provide only in conjunction with services you request as described at the point of collection.

• We sometimes perform statistical analyses of user behavior in order to measure customer interest in the various areas of our site. We will disclose this information to third parties only in aggregate form.

• We do not give, sell, or transfer any personal information to a third party.

• We do not enable “cookies.” (A “cookie” is a file placed on your hard drive by a Web site that allows it to monitor your use of the site, usually without your knowledge.)

Additionally, SSA will ensure the confidentiality of the requester’s personal information in several ways:

• The Secure Socket Layer (SSL) security protocol will encrypt all electronic requests. SSL encryption prevents a third party from reading the transmitted data even if intercepted. This protocol is an industry standard, and is used by banks such as Wells Fargo and Bank of America for Internet banking.

• IRES will give the requester adequate warnings that the Internet is an open system and there is no absolute guarantee that others will not intercept and decrypt the personal information they have entered. SSA will advise them of alternative methods of requesting personal information, i.e., personal visit to a field office or a call to the 800 number.

• Only upon verification of identity will IRES allow the requester access to additional screens which allow requests for personal information from SSA. (see Addendum)

11. The information collection does not contain any questions of a sensitive nature.

11. The requester will supply basic information, e.g., name, SSN, DOB, and address information (the EIN will be collected during the employer registration if appropriate). Those Appointed Representatives using IRES in support of beneficiaries will submit additional information. We estimate that 200,000 Appointed Representatives will register, obtain a credential, and authenticate with SSA using these screens on SSA’s Internet site within the first year of implementation. It will take 5 minutes to answer the questions, for an annual reporting burden of 16,667 hours. All other Online Business Services respondents will total approximately 1,300,000. It takes 2 minutes to answer the questions, for an annual reporting burden of 43,333 hours. In order to take in account the range of 2-5 minutes, SSA is using an average of 3 minutes for the IRES Paperwork Reduction Act Statement.

We estimate that 88,000 Appointed Representatives will register using the Customer Support Application (CSA) through SSA’s Customer Support 800# within the first year of implementation. It will take 11 minutes to answer the questions, for an annual reporting burden of 16,133 hours. All other Online Business Services respondents who register using CSA total 120,794. It will take 11 minutes to answer the questions, for an annual reporting burden of 22,146 hours.

Respondent Types	Number of Respondents	Average Burden Per Response (minutes)	Estimated Annual Burden (hours)
Appointed Representatives Registering via Internet	200,000	5	16,667
All Other Business Services Online (BSO) Respondents Registering via Internet	1,300,000	2	43,333
Appointed Representatives Registering via CSA	88,000	11	16,133
All Other BSO Respondents Registering via CSA	120,794	11	22,146
TOTAL:	1,708,794		98,279

11. There is no cost burden to the basic BSO respondents. However, for those Appointed Representatives using the new Single Sign-On functionality, there may be some cost:

SMS cost -- code sent via text message from SSA to individual user.

• For the user who receives the SMS code and does not have a text plan: the cost could range from 10 cents to 20 cents per message.

• For the user who has a limited text plan: the cost would just be included as part of the plan. We have no way to estimate this cost.

• For the user who has an unlimited text plan, there would be no charge. The user would have paid for this service as part of the plan. We have no way to estimate cost.

14. The estimated cost to the Federal Government to collect the information is negligible. Because the cost of maintaining the system which collects this information is accounted for within the cost of maintaining all of SSA’s automated systems, it is not possible to calculate the cost associated with just one Internet application.

15. The increase in the annual reporting burden is due to the addition of the CSA telephone application, and the new Appointed Representative users for IRES conducting business in support of SSA programs and other government agencies and due to new functionality resulting in additional screens needed for completion. These changes have also increased the amount of time needed to complete the process.

16. SSA will not publish the results of the information collection.

17. SSA is not requesting an exception to the requirement to display an expiration date.

18. SSA is not requesting an exception to the certification requirements at 5 CFR 1320.9 and related provisions at 5 CFR 1320.8(b)(3).

B. Collection of Information Employing Statistical Methods

SSA does not use statistical methods for this information collection.