20 CFR 401.100
A. Justification
Introduction/Authoring Laws and Regulations - Third-party requesters, such as private businesses, present the Social Security Administration (SSA) requests for SSN (Social Security Number) verifications. To facilitate processing these requests, SSA developed the Consent Based Social Security Number Verification Process (CBSV). CBSV is a fee-based SSN verification service that private businesses and other requesting parties may use once they have obtained valid consent from number holders. Section 1106 of the Social Security Act (Act) and section 20 C.F.R. 401.100 of the Code of Federal Regulations provide the authority for SSA to provide verification of SSNs. Additionally, section 205(a) of the Act authorizes the Commissioner to set forth rules, regulations, and procedures that are necessary to carry out the SSA’s programs and related responsibilities.
Description of Collection - The CBSV is a fee-based SSN verification service private business and other requesting parties may use to obtain validation of SSNs of consenting number holders. The purpose of the information collection is for SSA to verify for the requesting party that the submitted name and SSN matches or does not match the data contained in our records. After signing a User Agreement and completing a registration process, the requesting party submits a file to SSA, through either the CBSV internet or web service application, of the names and SSNs of number holders who have given valid consent. SSA matches the information against our Master File, using SSN, name, date of birth, and gender code (if available). The results file SSA returns to the requesting party over the Internet or web service shows only a match/no match indicator (and an indicator if our records show that the individual issued the SSN is deceased). SSA does not provide specific information on what data elements did not match. SSA does not provide any SSNs. The verification does not authenticate the identity of individuals or conclusively prove that the individuals we are verifying are who they are claiming to be.
Under the CBSV process, the requesting party does not submit the number holder’s consent forms to SSA. SSA requires each requesting party to retain a valid consent form for each SSN verification request (Form SSA-89, Authorization for SSA to Release SSN Verification) for a period of 7 years. The requesting party retains the Form SSA-89 in either electronic or paper format.
So that SSA may ensure the requesting parties have obtained valid consent from number holders, each requesting party is required to contract with an independent certified public accountant (CPA) to conduct compliance reviews. The reviews ensure that the requesting parties are meeting all terms and conditions of the User Agreement. The CPA conducts these reviews at SSA’s request. All compliance review costs are borne by the requesting party. In general, we request annual reviews with additional reviews as determined necessary. The CPA follows review standards established by the American Institute of Certified Public Accountants.
CPA’s send their review results directly to SSA. If SSA determines that the reported findings of the compliance reviews are unsatisfactory, under the User Agreement, SSA may elect to:
Perform our own onsite inspection (see Article VI, Compliance Reviews, of the User Agreement); and/or,
Refer the report to the Office of the Inspector General for appropriate action, including referral to the Department of Justice for criminal prosecution;
Cancel the User Agreement; and/or,
Take any other action SSA deems necessary.
At any time, SSA may conduct onsite inspections of the requester’s site, including a systems review, to ensure they have taken the required precautions to protect the consent forms (SSA-89) and to assess system security overall.
A participating third party who presents a valid consent form from the number holder (i.e., the subject of the record) may also request and receive SSN verifications at local SSA field offices.
Use of Information Technology to Collect the Information - In accordance with the agency’s Government Paperwork Elimination Act plan, SSA created the CBSV application. The requesting parties conduct most of the compliance activities for this information collection electronically.
Why We Cannot Use Duplicate Information
The nature and manner of the information we are collecting preclude duplication. SSA uses no other collection instrument that collects data similar to that collected here.
Minimizing Burden on Small Respondents - CBSV is a fee-based application. Businesses that elect to enroll in this service incur costs at start up ($5,000 registration fee) and as they utilize the system (i.e., transaction fee). To the extent feasible, SSA has tried to mitigate users’ cost. There is extensive interest among the small business community for this type of service because they believe it will save them time and improve efficiency in verifying SSNs. The use of CBSV is voluntary.
6. Consequence of Not Collecting Information or Collecting it Less Frequently - If we did not collect this information, many businesses would not have the ability to obtain the SSN verification they need for business purposes, a service they have requested. Since we only collect the information once per person, we cannot collect it less frequently.
There are no technical or legal obstacles that prevent burden reduction
7. Special Circumstances - Consent Form Retention Requirement - SSA requires participating third parties to retain the signed consent form of the individual who is the subject of the verification request (Form SSA-89, Authorization for SSA to Release SSN Verification) for 7 years. They do not submit the consent form to SSA. Our primary purpose for requiring third parties to retain consent forms for 7 years is based on SSA’s need to ensure that it can obtain a copy of the consent form (Form SSA-89) to defend against or prosecute alleged violations of civil and criminal law. The agency permits third parties to retain copies of the consent forms (Form SSA-89) in either paper or electronic format.
Because the Privacy Act establishes a 2-year statute of limitations that begins when the individual discovers a potential violation of the Act (5 U.S.C. § 552a(g)(5)), SSA must require no less than a 3-year consent retention period to ensure that it can obtain a copy of the consent form (Form SSA-89) from the third party to defend against any alleged Privacy Act cause of action.
In addition, other statutes of limitations applicable to criminal actions that might arise from consent based disclosures to third parties counsel in favor of a 7-year retention period. For example, in the event an employee of a third party provides fraudulent consent forms to the agency or a third party misrepresents the validity of a consent, several Federal statutes could be used to investigate and prosecute fraud against the Government, including 18 U.S.C. § 371 (conspiracy to defraud the Government) and 18 U.S.C. § 1001 (false statements).
Accordingly, SSA is requiring a 7-year consent retention period in order to prosecute alleged violations of criminal law. A 7-year retention period also serves to reinforce the need for third parties to provide SSA with accurate and valid consent forms (Form SSA-89) as a critical requirement.
There are no special circumstances that would cause SSA to conduct this information collection in a manner inconsistent with 5 CFR 1320.5.
Solicitation of Public Comment and Other Consultations with the Public
SSA published the 60-day advance Federal Register Notice on August 2, 2010 at 75 FR 45190, and SSA has received no public comments. We published the 30-day Notice on _____________at ____FR_________. If we receive any comments on the second Notice, we will forward them to OMB. We did not consult with members of the public.
Payment or Gifts to Respondents
SSA provides no payment or gifts to the respondents.
Assurances of Confidentiality
SSA protects and holds confidential the information it collects in accordance with 42 U.S.C. 1306, 20 CFR 401 and 402, 5 U.S.C. 552 (Freedom of Information Act), 5 U.S.C. 552a (Privacy Act of 1974), and OMB Circular No. A-130.
Justification for Sensitive Questions
The information collection does not contain any questions of a sensitive nature.
Estimates of Public Reporting Burden
There are approximately 1,107,920 responses with an estimated annual burden of 148,028 hours and a total maximum cost burden to the public of $5,937,425.
The following is a breakdown of respondents and burden hours.
Participating Companies:
Requirement |
Number of Respondents |
Frequency of Response |
Number of Responses |
Average Burden per Response (minutes) |
Estimated Annual Burden (hours) |
Registration process for new participating companies. |
10* |
1 |
10 |
120 |
20 |
Creation of file with SSN holder identification data; maintaining required documentation/forms |
115 |
251** |
28,865 |
60 |
28,865 |
Using the system to upload request file, check status, and download results file |
115 |
251 |
28,865 |
5 |
2,405 |
Storing Consent Forms |
115 |
251 |
28,865 |
60 |
28,865 |
Activities related to compliance review |
115 |
251 |
28,865 |
60 |
28,865 |
Total |
|
|
115,470 |
|
89,020 |
* One-time registration process/approximately 10 new participating companies per year.
** Please note there are 251 Federal business days per year on which a requesting
party could submit a file.
People whose SSNs SSA Will Verify:
Requirement |
Number of Respondents |
Frequency of Response |
Number of Responses |
Average Burden per Response (minutes) |
Estimated Annual Burden (hours) |
Reading and signing authorization for SSA to release SSN verification |
986,585 |
1 |
986,585 |
3 |
49,329 |
Responding to CPA re-contact |
5,750 |
1 |
5,750 |
5 |
479 |
Total |
992,335 |
|
992,335 |
|
49,808 |
There are 115 CPA respondents conducting compliance reviews and preparing
written reports of findings. The average burden per response is 4,800 minutes for a total burden of 9,200 hours annually.
NOTE:
For the first ICI, the registration process, the registration form/CBSV Enrollment Application itself, will only take several minutes. The rest of the time accounts for reading through the User Guide and other registration requirements. See Section 2 of the User Guide for details. Participating companies complete the registration process only once. We estimate approximately 10 new companies per year participating in the registration process.
We based the revised burden estimate on 115 requesting parties participating in FY 2009, with an average of 10 new participants per year.
The number of Federal workdays is 251 days per year. This excludes Saturdays, Sundays, and Federal holidays. Based on the prior SSN Interim Verification Process, most companies submit at least one file daily.
13. Annual Cost to the Respondents (Other)- Participating requesters must compensate SSA for non program-related work we do others so that the Social Security Trust Funds do not bear the costs of such activities. Advance payment is required before work begins on reimbursable projects requested by non-Federal organizations. OMB Circular A-11 (Preparation, Submission, and Execution of the Budget) stipulates that budgetary resources for reimbursable work with non-Federal organizations, including State and local governments, are not available for obligation until receiving advance payments. OMB designed this policy to prevent unintentional violations of the Anti-Deficiency Act. In addition, advance payment covers the start-up costs if potential participating parties cancel the User Agreement, it protects SSA against any uncollectible debts, and prevents SSA components’ regular administrative allowance from having to absorb the cost. Accordingly, non-Federal requesters must pay 100 percent of SSA’s estimated transaction costs in advance.
At least quarterly, SSA prepares a bill (Form SSA-1036) that illustrates exactly how much work we performed for the requesting party during the period and submits this to our Office of Finance. The Office of Finance applies the amount listed on the Form SSA-1036 from the requesting party’s advance payment to the SSA component's budget account. The Office of Finance prepares a quarterly statement for each requesting party illustrating how much of its advance payment has been applied and how much is currently available. Thus, participating parties compensate SSA for reimbursable work.
The public burden cost is dependent upon the number of companies and transactions per year. The cost estimates below are based upon 115 participating companies (includes 10 new companies per year) submitting a total of 986,585 transactions. The total cost for developing the system is $5.6 million. SSA has already expended $3 million that we will recover over the depreciable life of the system based on the fee-per-transaction model.
CBSV Cost Burdens
Total CBSV Cost Burden (With Web Service Building Option)
One-Time Per Company Registration Fee - $5,000 x 10 companies = $50,000
Estimated Per SSN Transaction Fee - $5.00 x 986,585* SSN requests = $4,932,925 *
To Store Consent Forms - $300 x 115 companies = $34,500
Cost To Contract with CPA for Audit - $8,000 x 115 companies = $920,000
___________________________________________________________________________
Total CBSV Cost Burden - $5,937,425**
*The number of SSN requests submitted will vary greatly per company. The 986,585 estimate represents the total estimated number of verifications that SSA anticipates receiving on an annual basis (based on past years’ transactions).
** SSA offers participating companies an optional web design service at a one-time cost of $200, 000 per company. SSA does not require companies to have us create an individualized web service for them. A company may choose to submit batch files or real-time individual requests via the SSA website Business Services Online, CBSV Internet application. There is no public burden cost for using the CBSV system.
SSA maintains an “open enrollment” season. If more than the estimated number of companies enroll, the transaction fee costs cited above could be less. In addition, SSA periodically recalculates costs to provide CBSV services and adjusts the fees charged as needed. We notify companies in writing of any change; companies have the opportunity to cancel the agreement or continue service using the new transaction fee.
Annual Cost To Federal Government – SSA has designated CBSV a fee-based service recovering the full costs.
Program Changes or Adjustments to the Information Collection Request
Although the number of participating companies has increased since we last cleared this collection, the overall number of transactions has decreased, thus reducing the public reporting burden.
16. Plans for Publication Information Collection Results – SSA will not publish the results of the information collection.
17. Displaying the OMB Approval Expiration Date – SSA is not requesting an exception to the requirement to display the OMB approval expiration date.
Exceptions to Certification Statement
SSA is not requesting an exception to the certification requirements at 5 CFR 1320.9 and related provisions at 5 CFR 1320.8(b)(3).
B. Collections of Information Employing Statistical Methods
SSA does not use statistical methods for this information collection.
| File Type | application/msword |
| File Title | Title of Information Collection and Form Number(s) |
| Author | Naomi |
| Last Modified By | 889123 |
| File Modified | 2010-11-01 |
| File Created | 2010-10-18 |