Justification for Non-Substantive Changes
Consent Based Social Security Number Verification (CBSV)
20 CFR 41.100
OMB No. 0960-0760
Background of the collection:
The CBSV is a fee-based Social Security number (SSN) verification service private business and other requesting parties use to obtain SSA’s validation of SSNs of consenting number holders. After signing a user agreement and completing a registration process, the requesting party (i.e., business entity) submits a file to SSA through either the CBSV internet or web service application. SSA matches the information against our Master File, using SSN, name, date of birth, and gender code (if available). The results file SSA returns to the requesting party over the Internet or web service shows only a match/no match indicator (and an indicator if our records show that the individual issued the SSN is deceased).
Justification for Non-Substantive Changes to the Collection or Resubmission of the Collection within One Year of OMB Approval
In June 2012, SSA contracted with the accounting firm Harper, Rains, and Knight (HRK) to evaluate the security, soundness, and efficacy of the CBSV program. Based on their evaluation, SSA is proposing to make the following non-substantive changes to the collection instruments, User Agreement and Form SSA-89. These changes will ensure the integrity of the program and more clearly define standard contracting practices as they relate to Federal contracting guidelines. These changes do not increase the burden on the public.
We are also clarifying our instructions to business entities on the handling and safeguarding of personally identifiable information (PII) as recommended by SSA’s Office of General Counsel.
Table of Contents – We updated page numbers and sections to improve clarity and readability.
Section I. Purpose and Definitions (page 4)
New Agreement: We included additional definitions that were previously omitted. In addition, we changed the terminology for the compliance review to more accurately reflect accounting industry terms. In lieu of “review criteria,” these are now called “assertions.” The certified public account’s (CPA) audit response is an attestation to the Requesting Party’s assertion. We defined the compliance review as an examination engagement.
Section III.A. Requesting Party Responsibilities (page 6)
New Agreement: A.8.a – We added language to address the Requesting Party’s responsibility for notifying SSA if the name of the business changes.
This is a clarification of the business process. The old user agreement did not describe the process. This is in line with SSA’s Office of Acquisitions and Grants’ Federal contracting requirements when contracting with the private sector. Federal Acquisitions Regulations 42.1203 requires the responsible contracting officer (i.e., SSA) to identify and submit the information necessary to evaluate the proposed agreement for recognizing a successor in interest or a name change.
Section III. Responsibilities (page 7) - New Agreement: We modified the language for #8 to show SSA will designate the CPA for compliance reviews. We also included language in #12 to further explain the responsibility for handling and safeguarding PII rests with the business.
Section IV. Responsibilities (page 9) - New Agreement: We established clearly that the Form SSA-89 consent form must be used without alteration with the exception of the Social Security number holder’s approved alternate timeframe.
Section V. Consent (pages 10 - 12) - New Agreement: Added Subparts A and B.
Section B - Protecting and Reporting Loss of PII adds language to the agreement on protecting PII. Standard operating procedures for all SSA contracted business.
Section VIII.B. - Suspension of Services (pages 15 - 17). New Agreement: We added language, explaining in more detail, about suspensions and length of suspensions based on non-compliance. This includes a chart that defines compliance vs. non-compliance situations and resulting penalties.
Section IX. Compliance Reviews (pages 18 - 20)
New Agreement: Updated language to clarify a compliance review is required at least annually and clarified the business process for initiating the review.
Section XV. Persons to Contact (page 22)
New Agreement: This section provides contact information for reporting lost, compromised, or potentially compromised PII.
Attachment A. Form SSA-88 (page 23) New Agreement: Added language requiring the requesting party to provide SSA with an email address to receive CBSV notifications.
Attachment B. Form SSA-89 (page 25) New Agreement: We modified the reasons on the form to mirror the reasons on the CBSV Enrollment Application Form SSA-200.
Attachment D. Attestation Statement (page 29) New Agreement: We added language requiring annual signatory attestation.
Attachment E. CBSV Attestation Requirements and Requesting Party Compliance Assertions (pages 30-39) New Agreement: Changed section title to reflect new terminology to align with the American Institute of Certified Public Accountants language. We adopted recommendations from our contractor, HRK, for attestation requirements and assertions. We included a chart for clarity to define compliance and non-compliance situations.
We will implement the changes in fiscal year 2014 upon OMB approval.
| File Type | application/msword |
| File Title | ADDENDUM TO SUPPORTING STATEMENT |
| Author | Naomi |
| Last Modified By | 889123 |
| File Modified | 2013-05-20 |
| File Created | 2013-05-20 |