Supporting Statement for Integrated Registration Services (IRES) System
20 CFR 401.45
OMB No. 0960-0626
Justification
Introduction/Authoring Laws and Regulations
The Integrated Registration Services (IRES) system is an electronic authentication process by which the Social Security Administration (SSA) registers and authenticates users of our online business services.
SSA collects this information by authority of section 5 USC 552a, (e)(10), of the United States Code, the Privacy Act of 1974, which requires agencies to establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of records. Also, section 5 USC 552a, (f)(2)&(3) requires agencies to establish requirements for identifying an individual who requests a record or information pertaining to that individual and to establish procedures for disclosure of personal information. SSA promulgated Privacy Act rules in the Code of Federal Regulations, Subpart B. procedures for verifying identity are at 20 CFR 401.45.
Description of Collection
SSA uses the information from this collection to verify the identity of individuals, businesses, organizations, entities, and government agencies who use our secured Internet and telephone applications for requesting and exchanging business data with SSA. We collect the personal information one time only when the individual registers to use our online business services.
IRES is an internet-based application that replaced the respondent’s handwritten paper‑based signature with a user identification number (User ID) and a password. IRES provides registration, authentication, and authorization gateway services for Business‑to‑Government (B2G) suites of services, including, but not limited to:
Business Services Online (BSO)
Electronic Wage Reporting (EWR)
Third party Bulk Filing
Verification of Social Security Numbers (SSNVS)
Claimant Representative Services
Representative Payee Services
Government Services Online (GSO) (OMB#0960-0757)
Office of Child Support Enforcement (OCSE) Services
Secure exchange of information between SSA and third parties in support of SSA and other federal government-supported programs
Customer Support Application (CSA)
CSA provides customer support service for IRES. CSA allows users to complete the registration process via a telephone interview with a Social Security customer service representative.
To register for a User ID, we first need to verify the user’s identity. We will ask the user to give us some personal information, such as:
Name
Date of birth
Social Security Number
Home address
Home telephone number
Email address
Once we verify this information, we issue the respondents a User ID. In addition, we ask the user to create a password, select security questions and answers for password reset.
Respondents are individuals who wish to register to use our online business services. These may be (but are not limited to): employers; employees; third parties working on behalf of businesses; appointed representatives; representative payees; and other government agencies wishing to exchange data with SSA in support of our programs.
Use of Information Technology to Collect the Information
This is an electronic information collection. The respondents key and transmit their identifying information to SSA over the Internet or by telephone, which SSA compares in real time to existing electronic records. If the information keyed and transmitted matches with that in SSA records, we provide the respondent with a User ID and password. Their User ID and password allows them access to our Internet and telephone services.
Why We Cannot Use Duplicate Information
SSA previously collected, and posted to SSA’s master electronic records, most of the information we collect through these screens; however, SSA asks it again for comparison and verification. Currently, there is no existing alternative means for the agency to verify identity electronically through use of a User ID and password when the request to access our BSO is user-initiated over the Internet or by telephone.
Minimizing Burden on Small Respondents
This collection does not significantly affect small businesses or other small entities.
Consequence of Not Collecting Information or Collecting it Less Frequently
Failure to verify the respondent’s identity would result in SSA’s not being able to respond to these Internet or telephone requests. Making this service available electronically saves the respondents the effort of mailing their forms to SSA; phoning an SSA Tele-Service Center; or visiting an SSA field office to obtain name or SSN information. In addition, it saves SSA staff time. Since SSA only requests this information on an as needed basis, we cannot collect the information less frequently. There are no technical or legal obstacles to burden reduction.
Special Circumstances
There are no special circumstances that would cause SSA to conduct this information collection in a manner that is not consistent with 5 CFR 1320.5.
Solicitation of Public Comment and Other Consultations with the Public
The 60-day advance Federal Register Notice published on August 6, 2018, at 83 FR 38441, and we received no public comments. The 30-day FRN published on October 15, 2018 at 83 FR 52042. If we receive any comments in response to this Notice, we will forward them to OMB.
Payment or Gifts to Respondents
SSA does not provide payment or gift to the respondents.
Assurances of Confidentiality
SSA protects and holds the information it collects in accordance with 42 U.S.C. 1306, 20 CFR 401 and 402, 5 U.S.C. 552 (Freedom of Information Act), 5 U.S.C. 552a (Privacy Act of 1974) and OMB Circular No. A130.
In addition, our Privacy Policy protects information collected by SSA for internet services that ensures the confidentiality of all information provided by the requester. Our internet privacy policy is:
You do not need to give us personal information to visit our site.
We collect personally identifiable information (name, SSN, DOB or E-mail) only if specifically, and knowingly provided by you.
We will use personally identifying information you provide only in conjunction with services you request as described at the point of collection.
We sometimes perform statistical analyses of user behavior in order to measure customer interest in the various areas of our site. We will disclose this information to third parties only in aggregate form.
We do not give, sell, or transfer any personal information to a third party.
We implement Tier 1 (Single session) and Tier 2 (Multi-session without PII) technologies using the text-based “cookie” technology. We use Tier 2 technology to help us analyze site use by identifying you as a new or returning visitor; this does nothing other than distinguish whether you have been to our site before. Our web measurement applications compare the behavior of new and returning visitors in the aggregate to help us identify work flows and trends and also resolve common problems on our site. We do not use this technology to identify you or any other person. We use Tier 2 web measurement technology to improve our website and provide a better user experience for our customers. This technology anonymously tracks how visitors interact with socialsecurity.gov, including where they came from, what they did on the site, and whether they completed any pre-determined tasks while on the site. The Social Security Administration also uses Tier 2 technology to obtain feedback and data on visitors’ satisfaction with the SSA website.
Additionally, SSA will ensure the confidentiality of the requester’s personal information in several ways:
The Secure Socket Layer (SSL) security protocol will encrypt all electronic requests. SSL encryption prevents a third party from reading the transmitted data even if intercepted. This protocol is an industry standard, and is used by banks such as Wells Fargo and Bank of America for Internet banking.
IRES will give the requester adequate warnings that the Internet is an open system and there is no absolute guarantee that others will not intercept and decrypt the personal information they have entered. SSA will advise them of alternative methods of requesting personal information, i.e., personal visit to a field office or a call to the 800 number.
Only upon verification of identity will IRES allow the requester access to additional screens which allow requests for personal information from SSA.
Justification for Sensitive Questions
We ask some questions of a sensitive nature in this Information Collection. The requester supplies basic information, for example, name; SSN; date of birth; and address information. For authorization purposes, we collect the Employment Identification Number during the employer registration, and we ask appointed representatives using IRES in support of beneficiaries to submit additional information. We ask the responder some “shared secret” questions. Before we ask for any information, the responders must read and agree to our “User Registration Attestation,” which serves to acknowledge and indicate their consent to provide us with sensitive information. The “User Registration Attestation” explains SSA’s legal authority for collecting the information.
We collect “shared secrets” from the individual to use as password reset questions to improve customer service, and reduce workloads and costs. We ask individuals to select and answer five password reset questions. If individuals lose or forget their passwords, we ask three questions randomly selected from the five we established with the individuals during account setup when they originally created the User ID. The individuals must provide correct answers, consistent with the answers on record, to all three questions.
Estimates of Public Reporting Burden
For FY 2017, there were 611,296 successful registrations through the IRES Internet system. In addition to new registrations for FY 2017, there were 15,692,525 logins (which may include users who registered in a prior FY or users accessing the system subsequent to registering). We estimate that it takes an average of 5 minutes to register, obtain a credential and authenticate with SSA through IRES, for an annual reporting burden of 50,941 hours. We estimate that for a subsequent login to authenticate with SSA takes an average of 2 minutes, for an annual reporting burden of 523,084 hours. For FY 2017, there were 20,621 registrations through the IRES CS (CSA) system. We estimate that it takes an average of 11 minutes to register, obtain a credential and authenticate with SSA through IRES CS (CSA), for an annual reporting burden of 3,781 hours. The following chart shows the burden estimates for IRES:
Modality of Completion |
Number of Respondents |
Frequency of Response |
Average Burden Per Response (minutes) |
Estimated Total Annual Burden (hours) |
IRES Internet Registrations |
611,296 |
1 |
5 |
50,941 |
IRES Internet Requestors |
15,692,525 |
1 |
2 |
523,084 |
IRES CS (CSA) Registrations |
20,621 |
1 |
11 |
3,781 |
Total |
16,324,442 |
|
|
577,806 |
The total burden for this ICR is 577,806 hours. We based this figure on current management information data from 2017, and it represents burden hours. We did not calculate a separate cost burden.
Annual Cost to the Respondents (Other)
This collection does not impose a known cost burden to the basic IRES or CSA respondents. However, there may be some cost to Appointed Representatives who access services which require extra security. Each time the responders log in to access SSA’s secured online services that require the extra security feature, we send a text message to their cell phone; which they must then enter on the web page.
Storage Management Subsystem (SMS) cost – the code sent via text message from SMS to the individual user:
For the user who receives the SMS code and does not have a text plan, the current cost could range from 10 cents to 20 cents per message.
For the user who has a limited text plan, the cost would just be included as part of the plan. We have no way to estimate this cost.
For the user who has an unlimited text plan, there would be no charge. The user would have paid for this service as part of the plan. We have no way to estimate cost.
Because this cost can fluctuate dependent on the user’s texting plan, we did not account for it in this information collection request.
Annual Cost to the Federal Government
The annual cost to the Federal Government is approximately $7,203,972. This estimate accounts for costs from the following areas: (1) SSA employee (e.g., field office, 800 number) information collection and processing time; and (2) systems development, updating, and maintenance costs.
Program Changes or Adjustments to the Information Collection Request
When we cleared this IC in 2015, the burden was 366,478 hours. However, we are currently reporting a burden of 577,806 hours. This change stems from the increase in the total number of respondents using the Internet screens. There is no change to the burden time per response. Although the number of responses changed, SSA did not take any actions to cause this change. In addition, we had a small burden decrease in the number of individuals registering for both the Internet and CSA screens. See #12 above for updated burden figures.
Plans for Publication Information Collection Results
SSA will not publish the results of the information collection.
Displaying the OMB Approval Expiration Date
SSA is not requesting an exception to the requirement to display the OMB approval expiration date.
Exceptions to Certification Statement
SSA is not requesting an exception to the certification requirements at 5 CFR 1320.9 and related provisions at 5 CFR 1320.8(b)(3).
Collections of Information Employing Statistical Methods
SSA does not use statistical methods for this information collection.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | Sipple, Naomi |
| File Modified | 0000-00-00 |
| File Created | 2021-01-20 |