20 CFR 401.100
A. Justification
Introduction/Authoring Laws and Regulations
Third-party requesters, such as private businesses, present the Social Security Administration (SSA) with requests for Social Security number (SSN) verifications. To facilitate processing these requests, SSA developed the Consent Based Social Security Number Verification (CBSV) process. Section 1106 of the Social Security Act (Act) and Section 20 CFR 401.100 of the Code of Federal Regulations provide the authority for SSA to provide verification of SSNs. Additionally, Section 205(a) of the Act authorizes the Commissioner to set forth rules, regulations, and procedures that are necessary to carry out SSA’s programs and related responsibilities.
Description of Collection
CBSV is a fee-based SSN verification service which private business and other requesting parties may use to obtain validation of SSNs of consenting number holders. The purpose of the information collection is for SSA to verify for the requesting party that the submitted name and SSN matches, or does not match, the data contained in our records. After signing a User Agreement and completing a registration process, the requesting party submits a file to SSA, through the CBSV Internet or web service application, the names, dates of birth, and SSNs of number holders who gave valid consent to the requesting agency to verify their SSN. SSA verifies the information against our Master File, using SSN, name, and date of birth. The results file SSA returns to the requesting party over the Internet or web service shows only a match/no match indicator (and an indicator if our records show that the individual issued the SSN died). SSA does not provide specific information on what data elements did not match, nor does SSA provide any SSNs. The verification does not authenticate the identity of individuals or conclusively prove the individuals we verify are who they are claiming to be. CBSV is not mandatory.
Under the CBSV process, the requesting party does not submit the number holder’s consent forms to SSA. SSA requires each requesting party to retain a valid consent form for each SSN verification request (Form SSA-89, Authorization for SSA to Release SSN Verification) for a period of 5 years. The requesting party retains Form SSA-89 in either electronic or paper format.
SSA requires each requesting party to undergo compliance reviews to ensure the requesting parties obtained valid consent from number holders. An SSA approved certified public accountant (CPA) conducts the compliance reviews. The reviews ensure the requesting parties meet all terms and conditions of the User Agreement. The requesting party pays all compliance review costs through the transaction fee. In general, we request annual reviews with additional reviews as necessary. The CPA follows review standards established by the American Institute of Certified Public Accountants. At any time, SSA may conduct onsite inspections of the requester’s site, including a systems review, to ensure they took the required precautions to protect the consent forms (SSA-89), and to assess systems security overall.
To provide legal and secure access between SSA and the requesting parties who use the CBSV, SSA created an external testing environment (ETE), as an optional supplement to the User Agreement. The ETE allows CBSV web service users to test external software applications. It also allows users the flexibility to test software on an “as needed” basis to ensure their software remains up-to-date and continues to provide accurate data on behalf of the public to SSA systems. The supplemental ETE user agreement helps SSA serve the business community by providing structured guidelines, conditions, terms, and safeguards under which we can provide access to external-to-SSA developers for testing within the ETE. The respondents are participating companies; members of the public who consent to the SSN verification; and CPAs who provide compliance review services.
Use of Information Technology to Collect the Information
In accordance with the agency’s Government Paperwork Elimination Act plan, SSA created the CBSV application. Based on our data, we estimate that approximately 80% of respondents under this OMB number use the electronic version. The electronic PDF version of the SSA-89 consent form is available on SSA’s dedicated CBSV website. Requesting parties enter information from the form into the CBSV website using an online or web-service. In addition, we are currently working on the Electronic Consent Based Social Security Number Verification (eCBSV) package for which we are in the process of obtaining OMB approval under a separate OMB number.
Why We Cannot Use Duplicate Information
The nature of the information we collect and the manner in which we collect it precludes duplication. SSA does not currently use another collection instrument to obtain similar data.
Minimizing Burden on Small Respondents
CBSV is a fee-based application. Businesses that elect to enroll in this service incur costs at start up ($5,000 registration fee) and as they utilize the system (i.e., transaction fee $1.00). To the extent feasible, SSA has mitigated users’ cost. There is extensive interest among the small business community for this type of service because they believe it will save them time and improve efficiency in verifying SSNs. The use of CBSV is voluntary.
6. Consequence of Not Collecting Information or Collecting it Less Frequently If we did not collect this information, many businesses would not have the ability to obtain the SSN verification they need for business purposes, a service they have requested. Since we only collect the information once per person, we cannot collect it less frequently. There are no technical or legal obstacles that prevent burden reduction.
7. Special Circumstances
Consent Form Retention Requirement – SSA requires participating third parties to retain the signed consent form of the individual who is the subject of the verification request (Form SSA-89, Authorization for SSA to Release SSN Verification) for 5 years. They do not submit the consent form to SSA. Our primary purpose for requiring third parties to retain consent forms for 5 years is due to SSA’s need to ensure that we can obtain a copy of the consent form (Form SSA-89) to defend against, or prosecute, alleged violations of civil and criminal law. The agency permits third parties to retain copies of the consent forms (Form SSA-89) in either paper or electronic format. Because the Privacy Act establishes a 2-year statute of limitations that begins when the individual discovers a potential violation of the Act (5 U.S.C. § 552a(g)(5)), SSA must require no less than a 3‑year consent retention period to ensure we can obtain a copy of the consent form (Form SSA-89) from the third‑party to defend against any alleged Privacy Act cause of action.
In addition, other statutes of limitations applicable to criminal actions that might arise from consent based disclosures to third parties counsel in favor of a 5-year retention period. For example, in the event an employee of a third-party provides fraudulent consent forms to the agency, or a third-party misrepresents the validity of a consent, Federal statutes exist in aiding investigations of fraud against the Government, including 18 U.S.C. § 371 (conspiracy to defraud the Government) and 18 U.S.C. § 1001 (false statements). Accordingly, SSA is requiring a 5-year consent retention period to prosecute alleged violations of criminal law. A 5-year retention period serves to reinforce the need for third parties to provide SSA with accurate and valid consent forms (Form SSA-89) as a critical requirement.
There are no special circumstances that would cause SSA to conduct this information collection in a manner inconsistent with 5 CFR 1320.5.
Solicitation of Public Comment and Other Consultations with the Public
The 60-day advance Federal Register Notice published on December 23, 2019 at 84 FR 70610, and we received no public comments. SSA published the second Notice on February 26, 2020 at 85 FR 11174. If we receive comments in response to the 30-day Notice, we will forward them to OMB.
Payment or Gifts to Respondents
SSA provides no payment or gifts to the respondents.
Assurances of Confidentiality
SSA protects and holds confidential the information it collects in accordance with 42 U.S.C. 1306, 20 CFR 401 and 402, 5 U.S.C. 552 (Freedom of Information Act), 5 U.S.C. 552a (Privacy Act of 1974), and OMB Circular No. A-130.
Justification for Sensitive Questions
The information collection does not contain any questions of a sensitive nature.
Estimates of Public Reporting Burden
Please see the burden charts below:
Participating Companies/Requesting Parties:
Requirement |
Number of Respondents |
Frequency of Response |
Number of Responses |
Average Burden per Response (minutes) |
Estimated Total Annual Burden (hours) |
Average Theoretical Hourly Cost Amount (dollars)* |
Total Annual Opportunity Cost (dollars)** |
Registration process for new participating companies. |
10*** |
1 |
10 |
120 |
20 |
$36.98* |
$740** |
Creation of file with SSN holder identification data; maintaining required documentation/ forms |
80 |
251**** |
20,080 |
60 |
20,080 |
$36.98* |
$742,558** |
Using the system to upload request file, check status, and download results file |
80 |
251 |
20,080 |
5 |
1,673 |
$36.98* |
$61,868** |
Storing Consent Forms |
80 |
251 |
20,080 |
60 |
20,080 |
$36.98* |
$742,558** |
Activities related to compliance review |
80 |
251 |
20,080 |
60 |
20,080 |
$36.98* |
$742,558** |
Totals |
330 |
|
80,330 |
|
61,933 |
|
2,290,282** |
Participating Companies Who Opt for ETE:
Requirement |
Number of Respondents |
Frequency of Response |
Number of Responses |
Average Burden per Response (minutes) |
Estimated Total Annual Burden (hours) |
Average Theoretical Hourly Cost Amount (dollars)* |
Total Annual Opportunity Cost (dollars)** |
ETE Registration Process (includes reviewing and completing ETE User Agreement) |
30 |
1 |
30 |
180 |
90 |
$36.98* |
$3,328** |
Web Service Transactions |
30 |
50 |
1,500 |
1 |
25 |
$36.98* |
$925** |
Reporting Issues Encountered on Web service testing (e.g., reports on application’s reliability) |
30 |
50 |
1,500 |
1 |
25 |
$36.98* |
$925** |
Reporting changes in users’ status (e.g., termination or changes in users’ employment status; changes in duties of authorized users) |
30 |
1 |
30 |
60 |
30 |
$36.98* |
$1,109** |
Cancellation of Agreement |
30 |
1 |
30 |
30 |
15 |
$36.98* |
$555** |
Dispute Resolution |
30 |
1 |
30 |
120 |
60 |
$36.98* |
$2,219** |
Totals |
180 |
|
3,120 |
|
245 |
|
$9,061** |
People Whose SSNs SSA Will Verify:
Requirement |
Number of Respondents |
Frequency of Response |
Number of Responses |
Average Burden per Response (minutes) |
Estimated Total Annual Burden (hours) |
Average Theoretical Hourly Cost Amount (dollars)* |
Total Annual Opportunity Cost (dollars)** |
Reading and signing authorization for SSA to release SSN verification (Form SSA-89) |
2,500,000 |
1 |
2,500,000 |
3 |
125,000 |
$10.22* |
$1,277,500** |
Responding to CPA re-contact |
4,000 |
1 |
4,000 |
5 |
333 |
$36.98* |
$12,314** |
Totals |
2,504,000 |
|
2,504,000 |
|
125,333 |
|
$1,289,814** |
* We based these figures on average Business and Financial operations occupations hourly salaries, as reported by Bureau of Labor Statistics data, and per average DI payments, as reported in SSA’s disability insurance payment data.
** This figure does not represent actual costs that SSA is imposing on recipients of Social Security payments to complete this application; rather, these are theoretical opportunity costs for the additional time respondents will spend to complete the application. There is no actual charge to respondents to complete the application.
*** One-time registration process/approximately 10 new participating companies per year.
**** Please note there are 251 Federal business days per year on which a requesting party could submit a file.
There is one CPA respondent conducting compliance reviews and preparing written reports of findings. The average burden per the 80 responses is 4,800 minutes for a total burden of 6,400 hours annually.
The total burden for this ICR is 193,911 burden hours (reflecting SSA management information data), which results in an associated theoretical (not actual) opportunity cost financial burden of $3,589,157. SSA does not charge respondents to complete our applications.
13. Annual Cost to the Respondents (Other)
Participating requesters must compensate SSA for non-program-related work we do for others so that the Social Security Trust Funds do not bear the costs of such activities. Advance payment is required before work begins on reimbursable projects requested by non-Federal organizations. OMB Circular A-11 (Preparation, Submission, and Execution of the Budget) stipulates that budgetary resources for reimbursable work with non-Federal organizations, including State and local governments, are not available for obligation until receiving advance payments. OMB designed this policy to prevent unintentional violations of the Anti-Deficiency Act. In addition, advance payment covers the start-up costs if potential participating parties cancel the User Agreement, it protects SSA against any uncollectible debts, and prevents SSA components’ regular administrative allowance from having to absorb the cost. Accordingly, non-Federal requesters must pay 100 percent of SSA’s estimated transaction costs in advance.
SSA, Office of Finance, decreases the advance balance each day by the number of verifications performed. The Office of Finance prepares a quarterly statement for each requesting party illustrating how much of its advance payment has been applied and how much is currently available. Thus, participating parties compensate SSA for reimbursable work.
The public cost burden is dependent upon the number of companies and transactions per year. In FY 2019, 80 companies enrolled; 80 companies submitted an advance; and 70 actually performed verifications. (Not all companies that enroll renew and submit an advance every year. Of those that renew and submit an advance, not all of them perform verifications.) The cost estimates below are based upon 80 participating companies in FY 2019 (includes an average of 10 new companies per year since 2016) submitting a total of 2,500,000 transactions. Each year companies start and end CBSV services, depending on business need.
CBSV Cost Burdens
Total CBSV Cost Burden (With Web Service Building Option)
One-Time Per Company Registration Fee - $5,000 x 10* companies = $50,000
Estimated Per SSN Transaction Fee - $1.00 x 2,500,000** SSN requests = $ 2,500,000
To Store Consent Forms - $300 x 80 companies = $24,000
Cost To Contract with CPA for Audit - $550,000 firm-fixed contract***
__________________________________________________________________
Total CBSV Cost Burden - $3,124,000
*An average of 10 new companies joined the service since 2016.
**The number of SSN requests submitted will vary greatly per company. The 2,500,000 estimate represents the total estimated number of verifications that SSA anticipates receiving on an annual basis (based on the average for FY 2019 transactions).
***The cost of the CPA audit reviews is incorporated into the $1.00 transaction fee paid by participating companies. SSA also uses the transaction fee to allocate for forecasted systems and operational expenses based on prior year cost analysis, agency oversight, and the systems enhancements necessary to sustain the service.
SSA maintains “open enrollment” throughout the fiscal year. In addition, SSA periodically recalculates costs to provide CBSV services and adjusts the fees charged as needed. We notify companies of a transaction fee adjustment at the renewal of the CBSV User Agreement and via notice in the Federal Register; companies have the opportunity to cancel the agreement or continue service using the new transaction fee.
Annual Cost To Federal Government
SSA designated CBSV a fee-based service recovering the full costs (See #13 above).
Program Changes or Adjustments to the Information Collection Request
When we last cleared this IC in 2017, the burden was 217,522 hours. However, we are currently reporting a burden of 193,911 hours. This change stems from a decrease in the number of participating companies, and an increase in the number of transactions. There is no change to the burden time per response. Although the number of responses changed, SSA did not take any actions to cause this change. These figures represent current Management Information data.
16. Plans for Publication Information Collection Results
SSA will not publish the results of the information collection.
17. Displaying the OMB Approval Expiration Date
SSA is not requesting an exception to the requirement to display the OMB approval expiration date.
Exceptions to Certification Statement
SSA is not requesting an exception to the certification requirements at 5 CFR 1320.9 and related provisions at 5 CFR 1320.8(b)(3).
B. Collections of Information Employing Statistical Methods
SSA does not use statistical methods for this information collection.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Modified | 0000-00-00 |
| File Created | 0000-00-00 |