Supporting Statement for Social Security Administration’s
Integrated Registration Services (IRES) System
20 CFR 401.45
OMB No. 0960-0626
A. Justification
Introduction/Authoring Laws and Regulations
The Integrated Registration Services (IRES) system is an electronic authentication process by which the Social Security Administration (SSA) registers and authenticates users of our online business services. IRES will eventually become part of the SSA’s Public Credentialing and Authentication Process (OMB No. 0960-0789).
SSA collects this information by authority of Section 5 USC 552a, (e)(10) of the Privacy Act of 1974, which requires agencies to establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of records. Section 5 USC 552a, (f)(2)&(3) requires agencies to establish requirements for identifying an individual who requests a record or information pertaining to that individual and to establish procedures for disclosure of personal information. SSA promulgated Privacy Act rules in the Code of Federal Regulations, Subpart B. Procedures for verifying identity are at 20 CFR 401.45.
Description of Collection
The IRES System verifies the identity of individuals, businesses, organizations, entities, and government agencies seeking to uses SA’s eService Internet and telephone applications. Individuals need this verification to electronically request and exchange business data with SSA. Requestors provide SSA the information needed to establish their identities. Once SSA verifies identity, the IRES system issues the requestor a user identification number (User ID) and a password to conduct business with SSA. Respondents are employers and third party submitters of wage data, business entities providing taxpayer identification information, and data exchange partners conducting business in support of SSA programs.
Use of Information Technology to Collect the Information
IRES authenticate users who access our Internet business services, including, but not limited to:
Business Services Online (BSO)
Electronic Wage Reporting (EWR)
Third party Bulk Filing
Verification of Social Security Numbers (SSNVS)
Claimant Representative Services
Representative Payee Services
Government Services Online (GSO) (OMB#0960-0757)
Office of Child Support Enforcement (OCSE) Services
Secure exchange of information between SSA and third parties in support of SSA and other federal government-supported programs
Customer Support Application (CSA)
CSA provides customer support service for IRES. CSA allows users to complete the registration process via a telephone interview with a Social Security customer service representative.
To register people and provide a User ID, we first need to verify the user’s identity. We will ask the user to give us some personal information, such as:
Name
Date of birth
Social Security Number
Home address
Home telephone number
email address
The requester keys and transmits to SSA over the Internet or by telephone identifying information, which SSA compares in real time to existing electronic records. Once we verify this information, we issue a User ID, ask the user to create a password and select security questions and answers for password reset.
In accordance with the agency’s Government Paperwork Elimination Act plan, SSA created IRES, which is an electronic information collection. Based on our data, we estimate approximately 100% of respondents under this OMB number use the electronic version.
Why We Cannot Use Duplicate Information
SSA collects and posts the information through these screens to SSA’s master electronic records, but SSA asks it again for comparison and verification. There currently is no existing alternative means for the agency to verify identity, electronically, through use of a User ID and Password when the request to access our business services online is user-initiated over the Internet or by telephone.
Minimizing Burden on Small Respondents
This collection does not significant affect small businesses or other small entities.
6. Consequence of Not Collecting Information or Collecting it Less Frequently
If we did not use IRES, we would not be able to verify the requester’s identity, which would result in SSA not being able to respond to Internet or telephone requests. Since SSA only requests this information on an as needed basis, we cannot collect the information less frequently.
There are no technical or legal obstacles to burden reduction.
7. Special Circumstances
There are no special circumstances that would cause SSA to conduct this information collection in a manner inconsistent with 5 CFR 1320.5.
Solicitation of Public Comment and Other Consultations with the Public
The 60-day advance Federal Register Notice published on June 06, 2012, at
77 FR 33547, and we received no public comments. The 30-day FRN published on August 20, 2012 at 77 FR 50204. If we receive any comments in response to this Notice, we will forward them to OMB. We did not consult with the public in the maintenance of this electronic system.
Payment or Gifts to Respondents
SSA does not provide payments or gifts to the respondents.
Assurances of Confidentiality
The information provided on this form is protected and held confidential in accordance with 42 U.S.C. 1306, 20 CFR 401 and 402, 5 U.S.C. 552 (Freedom of Information Act), 5 U.S.C. 552a (Privacy Act of 1974) and OMB Circular No. A130. In addition, our Privacy Policy protects information collected by SSA for Internet Services that ensures the confidentiality of all information provided by the requester. Our Internet privacy policy is:
You do not need to give us personal information to visit our site.
We collect personally identifiable information (name, SSN, DOB or E-mail) only if specifically and knowingly provided by you.
We will use personally identifying information you provide only in conjunction with services you request as described at the point of collection.
We sometimes perform statistical analyses of user behavior in order to measure customer interest in the various areas of our site. We will disclose this information to third parties only in aggregate form.
We do not give, sell, or transfer any personal information to a third party.
We do not enable “cookies.” (A “cookie” is a file placed on your hard drive by a Web site that allows it to monitor your use of the site, usually without your knowledge.)
Additionally, SSA will ensure the confidentiality of the requester’s personal information in several ways:
The Secure Socket Layer (SSL) security protocol will encrypt all electronic requests. SSL encryption prevents a third party from reading the transmitted data even if intercepted. This protocol is an industry standard, and is used by banks such as Wells Fargo and Bank of America for Internet banking.
IRES will give the requester adequate warnings that the Internet is an open system and there is no absolute guarantee that others will not intercept and decrypt the personal information they have entered. SSA will advise them of alternative methods of requesting personal information, i.e., personal visit to a field office or a call to the 800 number.
Only upon verification of identity will IRES allow the requester access to additional screens, which allow requests for personal information from SSA.
Justification for Sensitive Questions
We are asking questions of a sensitive nature in this Information Collection. The requester will supply basic information, for example, name, SSN, DOB, and address information. For authorization purposes, we will collect the employer identification number during the employer registration and we will ask appointed representatives using IRES in support of beneficiaries to submit additional information. We will ask the responder some “shared secret” questions. Before we ask for any information, the responder has to read and agree to our “User Registration Attestation,” which will serve to acknowledge and indicate their consent to provide us with sensitive information. The “User Registration Attestation” explains SSA’s legal authority for collecting the information.
We will collect shared secrets from the individual to use as password reset questions in order to improve customer service and reduce workloads and costs. We will ask the individual to select and answer five password reset questions. If the individuals lose or forget their password, we will ask three questions randomly selected from the five we established with the individuals during account setup when they originally created the User ID. The individual has to provide correct answers, consistent with the answers on record, to all three questions.
Estimates of Public Reporting Burden
Modality of Completion
|
Number of Respondents
|
Frequency of Response |
Average Burden Per Response (minutes) |
Estimated Total Annual Burden (hours) |
IRES Internet Registrations |
724,581 |
1 |
5 |
60,382 |
IRES Internet Requestors |
7,987,763 |
1 |
2 |
266,259 |
IRES CS (CSA) Registrations |
25,221 |
1 |
11 |
4624 |
Totals: |
8,737,565 |
|
|
331,265 |
The total burden for this ICR is 331,265 hours. This figure represents burden hours, and we did not calculate a separate cost burden.
*Note: In 2009 we broke out the Appointed Representative registrations, because they were new, we are now just grouping them under Internet and Intranet applications*
Annual Cost to the Respondents
There is no cost burden to the basic IRES or CSA respondents. However, there may be some cost to Appointed Representatives who access services, which require extra security. Each time the responders log in to access SSA’s secured online services that require the extra security feature, we will send a text message to their cell phone, which they have to enter on the web page.
Storage Management Subsystem (SMS) cost -- code sent via text message from SMS to the individual user.
For the user who receives the SMS code and does not have a text plan: the current cost could range from 10 cents to 20 cents per message.
For the user who has a limited text plan: the cost would just be included as part of the plan. We have no way to estimate this cost.
For the user who has an unlimited text plan, there would be no charge. The user would have paid for this service as part of the plan. We have no way to estimate cost.
Annual Cost to Federal Government
The estimated cost to the Federal Government to collect the information is negligible. Because the cost of maintaining the system which collects this information is accounted for within the cost of maintaining all of SSA’s automated systems, it is not possible to calculate the cost associated with just one Internet application.
15. Program Changes or Adjustments to the Information Collection Request
There has been an increase in burden hours. The increase stems from an increase in the number of respondents using our online business services.
16. Plans for Publication Information Collection Results
SSA will not publish the results of the information collection.
17. Displaying the OMB Approval Expiration Date
SSA is not requesting an exception to the requirement to display an expiration date.
Exceptions to Certification Statement
SSA is not requesting an exception to the certification requirements at 5 CFR 1320.9 and related provisions at 5 CFR 1320.8(b)(3).
B. Collection of Information Employing Statistical Methods
SSA does not use statistical methods for this information collection.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | 889123 |
| File Modified | 0000-00-00 |
| File Created | 2021-01-30 |