[Senate Report 115-62] [From the U.S. Government Publishing Office] Calendar No. 79 115th Congress } { Report SENATE 1st Session } { 115-62 _______________________________________________________________________ SOCIAL SECURITY FRAUD PREVENTION ACT OF 2017 __________ R E P O R T of the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS UNITED STATES SENATE to accompany S. 218 TO RESTRICT THE INCLUSION OF SOCIAL SECURITY ACCOUNT NUMBERS ON DOCUMENTS SENT BY MAIL BY THE FEDERAL GOVERNMENT, AND FOR OTHER PURPOSES [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] May 15, 2017.--Ordered to be printed ______ U.S. GOVERNMENT PUBLISHING OFFICE 69-010 WASHINGTON : 2017 COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS RON JOHNSON, Wisconsin, Chairman JOHN McCAIN, Arizona CLAIRE McCASKILL, Missouri ROB PORTMAN, Ohio THOMAS R. CARPER, Delaware RAND PAUL, Kentucky JON TESTER, Montana JAMES LANKFORD, Oklahoma HEIDI HEITKAMP, North Dakota MICHAEL B. ENZI, Wyoming GARY C. PETERS, Michigan JOHN HOEVEN, North Dakota MAGGIE HASSAN, New Hampshire STEVE DAINES, Montana KAMALA D. HARRIS, California Christopher R. Hixon, Staff Director Gabrielle D'Adamo Singer, Chief Counsel Patrick J. Bailey, Chief Counsel for Governmental Affairs Daniel J. Spino, Research Assistant Margaret E. Daum, Minority Staff Director Stacia M. Cardille, Minority Chief Counsel Charles A. Moskowitz, Minority Senior Legislative Counsel Laura W. Kilbride, Chief Clerk Calendar No. 79 115th Congress } { Report SENATE 1st Session } { 115-62 ====================================================================== SOCIAL SECURITY FRAUD PREVENTION ACT OF 2017 _______ May 15, 2017.--Ordered to be printed _______ Mr. Johnson, from the Committee on Homeland Security and Governmental Affairs, submitted the following R E P O R T [To accompany S. 218] [Including cost estimate of the Congressional Budget Office] The Committee on Homeland Security and Governmental Affairs, to which was referred the bill (S. 218) to restrict the inclusion of social security account numbers on documents sent by mail by the Federal Government, and for other purposes, having considered the same, reports favorably thereon with amendments and recommends that the bill, as amended, do pass. CONTENTS Page I. Purpose and Summary..............................................1 II. Background and Need for the Legislation..........................1 III. Legislative History..............................................2 IV. Section-by-Section Analysis......................................3 V. Evaluation of Regulatory Impact..................................3 VI. Congressional Budget Office Cost Estimate........................3 VII. Changes in Existing Law Made by the Bill, as Reported............4 I. PURPOSE AND SUMMARY S. 218, the Social Security Fraud Prevention Act of 2017, would prohibit the Federal Government from including an individual's Social Security Number (SSN) in any agency documents that would go through the mail, unless the head of the agency determined that the inclusion of the SSN is necessary. II. BACKGROUND AND THE NEED FOR LEGISLATION Identity theft has been a growing concern for many Americans. The Federal Trade Commission had over 889,000 identity theft complaints filed in 2015 and 2016.\1\ A large contributing factor to identity theft is the unauthorized acquisition and fraudulent use of SSNs. SSNs are required for a myriad of verification processes, besides just accessing one's Social Security benefits. Individuals interested in receiving certain government services, or applying for private sector services, such as a credit card, will need to provide their SSN in order to complete the application process.\2\ The Social Security Administration (SSA) strongly encourages individuals to keep their SSN confidential and avoid giving it out unnecessarily due to the problems and misfortunes it can lead to.\3\ As a result of this, many citizens refuse to write their SSN down and memorize it to ensure it doesn't get abused by someone else. --------------------------------------------------------------------------- \1\Federal Trade Commission, Consumer Sentinel Network Data Book for January-December 2016 at 79 (March 2017), available at https:// www.ftc.gov/system/files/documents/reports/consumer-sentinel-network- data-book-january-december-2016/csn_cy-2016_data_book.pdf. \2\Social Security Administration, Your Social Security Number and Card, at 2 (January 2016, available at https://www.ssa.gov/pubs/EN-05- 10002.pdf. \3\Id., at 11. --------------------------------------------------------------------------- Many Federal agencies require SSNs as a way to confirm the identity of individuals that are requesting services, benefits, or paying taxes. Using a SSN is an efficient way to confirm an individual's identity. However, with no Government-wide protocol outlining the use of SSNs, the procedures and security of its use varies from agency to agency. In 2007, the Office of Management and Budget released a memorandum to Federal agencies ordering them to review their use of SSNs to increase protection and eliminate any unnecessary use.\4\ The Government Accountability Office later issued a report finding that vulnerabilities are present across the Government.\5\ --------------------------------------------------------------------------- \4\Memorandum from Clay Johnson III, Deputy Director for Management, Office of Management and Budget, to Heads of Executive Dep'ts and Agencies, Safeguarding Against and Responding to the Breach of Personally Identifiable Information (May 22, 2007). \5\Gov't Accountability Office, GAO-07-1023T, Social Security Numbers: Use is Widespread and Protection could be Improved (June 21, 2007), http://www.gao.gov/new.items/d071023t.pdf. --------------------------------------------------------------------------- Having SSNs on Federal correspondence amplifies the possibility of SSNs being compromised. An easy way for the Federal Government to mitigate this preventable risk is to reduce the use of full SSNs on documents sent through the mail. S. 218 restricts Federal agencies from including SSNs in correspondence sent through the mail unless it is deemed necessary by the head of the agency. If this is the case, the agency is required to partially redact the SSN whenever possible and consider other ways to mitigate the risk of identity theft for the individual receiving the mail. III. LEGISLATIVE HISTORY Senator Cory Gardner introduced S. 218, the Social Security Fraud Prevention Act of 2017, on January 24, 2017. The bill was referred to the Homeland Security and Governmental Affairs Committee. The Committee considered S. 218 at a business meeting on March 15, 2017. During the business meeting, an amendment was offered by Senator Daines to make clear that agencies are to take additional mitigation measures whenever it is necessary to send a piece of mail with a SSN. Both the Daines amendment and the bill as amended were ordered reported favorably en bloc by voice vote. Senators Johnson, Portman, Lankford, Daines, McCaskill, Carper, Tester, Heitkamp, Peters, Hassan, and Harris were present for the vote. IV. SECTION-BY-SECTION ANALYSIS OF THE BILL, AS REPORTED Section 1: Short title The short title of the bill is the ``Social Security Fraud Prevention Act of 2017.'' Section 2: Restriction of SSNs on documents sent by mail Subsection (a) states that no federal agency or department can send out mail that includes a SSN, unless the head of that department or agency deems the presence of the SSN on the document necessary. Subsection (b) mandates that each agency issue regulations within one year to specify how the agency is to determine when inclusion of a SSN in a document sent through the mail is necessary. The regulations issued by the agency must include a direction for the agency to: (1) partially redact the SSN whenever possible; (2) ensure SSNs are not visible on the outside of any piece of mail; and (3) take additional methods to mitigate the risk of SSNs sent through the mail when doing so is necessary. Subsection (c) provides that the requirements of the bill will take affect one year from its enactment. V. EVALUATION OF REGULATORY IMPACT Pursuant to the requirements of paragraph 11(b) of rule XXVI of the Standing Rules of the Senate, the Committee has considered the regulatory impact of this bill and determined that the bill will have no regulatory impact within the meaning of the rules. The Committee agrees with the Congressional Budget Office's statement that the bill contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act (UMRA) and would impose no costs on state, local, or tribal governments. VI. CONGRESSIONAL BUDGET OFFICE COST ESTIMATE March 23, 2017. Hon. Ron Johnson, Chairman, Committee on Homeland Security and Governmental Affairs, U.S. Senate, Washington, DC. Dear Mr. Chairman: The Congressional Budget Office has prepared the enclosed cost estimate for S. 218, the Social Security Fraud Prevention Act of 2017. If you wish further details on this estimate, we will be pleased to provide them. The CBO staff contact is Matthew Pickford. Sincerely, Keith Hall. Enclosure. S. 218--Social Security Fraud Prevention Act of 2017 S. 218 would prohibit federal agencies from including social security account numbers on any documents sent by mail unless the agency determines that inclusion of the number is necessary. There are many federal laws and regulations that address the protection of sensitive information including the Federal Information Security Management Act, the Privacy Act of 1974, and a 2007 memorandum from the Office of Management and Budget on safeguarding and responding to the disclosure of personally identifiable information. Because of those laws and rules, CBO expects that most agencies are working to limit the amount of personally identifiable information that they collect and disseminate. As a consequence, CBO estimates that implementing S. 218 would have no significant cost over the next five years. Enacting the legislation could affect direct spending by agencies not funded through annual appropriations; therefore, pay-as-you-go procedures apply. CBO estimates, however, that any net increase in spending by those agencies would be negligible. Enacting S. 218 would not affect revenues. CBO estimates that enacting S. 218 would not increase net direct spending or on-budget deficits in any of the four consecutive 10-year periods beginning in 2028. S. 218 contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act and would impose no costs on state, local, or tribal governments. On February 24, 2017, CBO transmitted a cost estimate for H.R. 624, the Social Security Fraud Prevention Act of 2017, as ordered reported by the House Committee on Oversight and Government Reform on February 14, 2017. The two pieces of legislation are similar and CBO's estimates of their budgetary effects are the same. The CBO staff contact for this estimate is Matthew Pickford. The estimate was approved by H. Samuel Papenfuss, Deputy Assistant Director for Budget Analysis. VII. CHANGES IN EXISTING LAW MADE BY THE BILL, AS REPORTED Because S. 218 would not repeal or amend any provision of current law, it would make no changes in existing law within the meaning of clauses (a) and (b) of paragraph 12 of rule XXVI of the Standing Rules of the Senate. [all]