Skip to Content

We invite you to try out our new beta eCFR site at https://ecfr.federalregister.gov. We’ve made big changes to make the eCFR easier to use. Be sure to leave feedback using the 'Feedback' button on the bottom right of each page!

Rule

Social Security Number Fraud Prevention Act of 2017 Implementation

Document Details

Information about this document as published in the Federal Register.

Document Statistics
Document page views are updated periodically throughout the day and are cumulative counts for this document. Counts are subject to sampling, reprocessing and revision (up or down) throughout the day.
Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Office of the Secretary, Department of Commerce.

ACTION:

Final rule.

SUMMARY:

This final rule revises the Department of Commerce (Department) regulations under the Freedom of Information Act (FOIA) and the Privacy Act. The revisions clarify and update the language of procedural requirements pertaining to the inclusion of Social Security account numbers on documents that the Department sends by mail. These revisions are necessary to implement the Social Security Number Fraud Prevention Act of 2017 (the Act), which restricts the inclusion of Social Security numbers (SSNs) on documents sent by mail by the Federal government.

DATES:

Effective May 26, 2021.

ADDRESSES:

Departmental Privacy Act Officer, Office of Privacy and Open Government, Department of Commerce, 1401 Constitution Ave. NW, Mail Stop 61025, Washington, DC 20230.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Departmental Privacy Act Officer, Office of Privacy and Open Government, Department of Commerce, (202) 482-1190, PrivacyAct@doc.gov.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

Background

The Act (Pub. L. 115-59; 42 U.S.C. 405 note), which was signed on September 15, 2017, restricts Federal agencies from including individuals' SSNs on documents sent by mail, unless the head of the agency determines that the inclusion of the SSN on the document is necessary (section 2(a) of the Act). The Act requires agency heads to issue regulations specifying the circumstances under which inclusion of a SSN on a document sent by mail is necessary. These regulations, which must be issued not later than five years after the date of enactment, shall include instructions for the partial Start Printed Page 21934redaction of SSNs where feasible, and shall require that SSNs not be visible on the outside of any package sent by mail (section 2(b) of the Act). This final rule revises the Department regulations under FOIA (subpart A, 15 CFR part 4) and the Privacy Act (subpart B, 15 CFR part 4), consistent with these requirements in the Act. This final rule also clarifies the language of procedural requirements pertaining to the inclusion of SSNs on documents that the Department sends by mail; makes clarifying updates by changing the term “Privacy Officer” to “Privacy Act Officer” where it occurs in Subpart B of 15 CFR part 4, and by changing the term “FOI Officer” to “FOIA Officer” in several places in Appendix B.; and updates an office name by changing the phrase “Assistant General Counsel for Employment, Litigation, and Oversight” to “Assistant General Counsel for Employment, Litigation, and Information” where it occurs in part 4.

Comments on the Proposed Rule

The Office of the Secretary received four general comments on the proposed rule from members of the public. The comments on the proposed rule can be viewed and downloaded at the following link: https://www.regulations.gov/​document/​DOC-2020-0001-0001. No changes have been made to the regulatory text of the proposed rule in response to these four comments. The following are our responses to the comments.

Comment 1: I haven't received my stimulus check. I want to check my information and update my information.

Response: This comment is not addressed, as it is not within the scope of this action to amend the Department's regulations in order to implement the Act.

Comment 2: Noting concerns about fraud and criminal activity, a commenter stated that SSNs should be allowed to be used only for social security. The commenter stated that a company wanting to do business with you should assign an account number to serve as your identification, rather than request and use your personal information, including your SSN, and that this needs to be put into law.

Response: The Act is a law that restricts the inclusion of SSNs on Federal documents sent by mail. This final rule implements the Act by making changes to the Department's regulations, which state that the collection of SSNs on Federal documents by mail must be required or authorized by law, or must be deemed by the agency to be necessary for fulfilling a compelling business need of the agency. To the extent that this comment addresses the enactment of laws or the conduct of businesses and other entities, the comment is not applicable to this action amending the Department's regulations.

Comment 3: Noting concerns about privacy and potential identity theft, another commenter agreed with the proposed rule, but requested the listing out of specific circumstances in which the inclusion of a SSN on a document is necessary. The commenter stated that the SSN should not appear on any document, because ensuring that the SSN does not appear on the envelope is not enough to guarantee that the information will not be stolen. The commenter also asked why the Act allows a five-year period for implementation, and notes that the Act should be implemented sooner.

Response: The Department has policies and procedures in place for justifying the collections, maintenance, and uses of SSNs, as well as for maintaining an inventory of forms collecting SSNs, and for safeguarding the SSNs. The Department also has policies and procedures in place for eliminating the unnecessary collections, maintenance, and uses of SSNs. The Act requires Federal agencies with Chief Financial Officers to issue regulations, and the rationale for such determination, not later than five years after enactment. We note that the question regarding the Congress' reasons for including a five-year implementation period in the Act is beyond the scope of this final rule. However, this final rule will fully implement the Act's requirements in advance of the prescribed statutory five-year period.

Comment 4: One commenter stated that protecting American's identities needs to be a high concern of the United States government. With the advancement of technology, it is becoming easier for individuals to engage in identity fraud through SSNs. Therefore, the SSN should not be sent by the Federal government through mail. Many citizens are awaiting their stimulus checks, and criminals may be looking to steal checks that are mailed.

Response: The Act requires Federal agencies with Chief Financial Officers to issue regulations specifying the circumstances under which the inclusion of the SSN is necessary on a mailed document. The regulations must include instructions for partial redaction of the SSN where feasible and a requirement that the SSN not be visible on the outside of any mail. The Department has policies and procedures in place for eliminating the unnecessary collections, maintenance, and uses of SSNs. The comment regarding the potential theft of stimulus checks is not addressed, as it is not within the scope of this action to amend the Department's regulations in order to implement the Act.

Changes Between the Proposed Rule and Final Rule

This final rule makes no changes to the regulatory text of the proposed rule.

Classification

This final rule has been determined to be not significant for purposes of review under Executive Order 12866. In accordance with the Regulatory Flexibility Act (5 U.S.C. 605(b)), the Chief Counsel for Regulation has reviewed this rule and certified that this regulation, if implemented, will not have a significant economic impact on a substantial number of small entities. This rule is largely procedural in nature, and, therefore, will not affect requesters. This regulation does not contain a collection of information as defined by the Paperwork Reduction Act, 44 U.S.C. 3501, et seq.

Start List of Subjects

List of Subjects in 15 CFR Part 4

  • Appeals
  • Freedom of Information Act
  • Information
  • Privacy
  • Privacy Act
End List of Subjects Start Signature

Jennifer Goode,

Acting Director and Deputy Director of Open Government, and Departmental Privacy Officer.

End Signature

For the reasons stated in the preamble, the Department of Commerce amends Subparts A and B of 15 CFR part 4 as follows:

Start Part

PART 4—DISCLOSURE OF GOVERNMENT INFORMATION

End Part Start Amendment Part

1. The authority citation for part 4 continues to read as follows:

End Amendment Part Start Authority

Authority: 5 U.S.C. 301; 5 U.S.C. 552; 5 U.S.C. 552a; 5 U.SC. 553; 31 U.S.C. 3717; 44 U.S.C. 3101; Reorganization Plan No. 5 of 1950; Pub. L. 115-59, 131 Stat. 1152 (42 U.S.C. 405, note).

End Authority

Subpart A—Freedom of Information Act

Start Amendment Part

2. In § 4.7, add paragraph (d) to read as follows:

End Amendment Part
Responses to Requests.
* * * * *

(d) All responses shall be made subject to the provisions of § 4.25(b)(2)(iv).

* * * * *

Subpart B—Privacy Act

Start Amendment Part

3. Amend subpart B by removing the words “Privacy Officer” wherever they Start Printed Page 21935appear and adding in their place the words “Privacy Act Officer”.

End Amendment Part Start Amendment Part

4. Amend § 4.22 by adding paragraph (b)(10) to read as follows:

End Amendment Part
Definitions.
* * * * *

(b) * * *

(10) Un-redacted SSN Mailed Documents Listing (USMDL) means the Department approved list, as posted at www.commerce.gov/​privacy, designating those documents for which the inclusion of SSN is determined to be necessary to fulfill a compelling Department business need when the documents are requested by individuals outside the Department or other Federal agencies, as determined jointly by the Senior Agency Official for Privacy and the Departmental Privacy Act Officer.

Start Amendment Part

5. Amend § 4.25 by:

End Amendment Part Start Amendment Part

a. Adding paragraphs (a)(3) and (4); and

End Amendment Part Start Amendment Part

b. Revising paragraph (b)(2)(iii) and adding paragraphs (b)(2)(iv) and (v).

End Amendment Part

The additions and revisions read as follows:

Disclosure of requested records to individuals [Amended]

(a) * * *

(3) Inclusion of SSNs on responsive documents.

(i) The Department shall redact SSNs from responsive documents provided to requesters where feasible. Where full redaction is not feasible, partial redaction to create a truncated SSN shall be preferred to no redaction. The following conditions must be met for the inclusion of an unredacted (full) SSN or partially redacted (truncated) SSN on a responsive document:

(ii) The inclusion of the full SSN or truncated SSN of an individual must be required or authorized by law,

(iii) The inclusion of the full SSN or truncated SSN of an individual must be determined by the Senior Agency Official for Privacy and Departmental Privacy Act Officer to be necessary to fulfill a compelling Department business need; and

(iv) The full SSN of an individual may be included only on documents listed on the USMDL.

(4) The following requirements apply when the Department mails or delivers responsive documents containing SSNs or truncated SSNs:

(i) The full SSN of an individual may be included only on documents listed on the USMDL.

(ii) For documents that are listed on the USMDL and that include the full SSN of an individual, the signature of the recipient is required upon delivery.

(iii) For documents that include the truncated form of the SSN of an individual, the signature of the recipient is required upon delivery.

(iv) The full SSN, the truncated SSN, any part of the SSN of an individual must not be visible from the outside of the envelope or package.

(b) * * *

(2) * * *

(iii) Copies of documents may be mailed at the request of the individual and may be subject to payment of the fees prescribed in §§ 4.25(a)(3) and 4.31. In the event that the Department, at its own initiative, elects to provide a copy by mail, no fee will be charged to the individual.

(iv) Copies of documents listed on the USMDL that include full SSNs and that are requested by an individual are subject to payment of the fees prescribed in § 4.31.

(v) Documents containing SSNs or truncated SSNs that are required to be returned by the individual to the Department will be mailed or delivered along with a prepaid mail or delivery service envelope at the expense of the Department.

* * * * *

Appendix B to Part 4 [Amended]

Start Amendment Part

6. Amend Appendix B to part 4 by:

End Amendment Part Start Amendment Part

a. Adding the word “Act” after the phrase “Freedom of Information” wherever it appears in the introductory text, under “Office of the Secretary,” and under “Assistant Secretary for Administration”; and

End Amendment Part Start Amendment Part

b. Adding a semicolon after the term “Office of Privacy and Open Government: Director”.

End Amendment Part End Supplemental Information

[FR Doc. 2021-06823 Filed 4-23-21; 8:45 am]

BILLING CODE 3510-17-P