Social Security Number Fraud Prevention Act of 2017

<RULE> DEPARTMENT OF ENERGY <CFR>10 CFR Part 1008</CFR> <DEPDOC>[DOE-HQ-2023-0058]</DEPDOC> <RIN>RIN 1903-AA14</RIN> <SUBJECT>Social Security Number Fraud Prevention Act of 2017</SUBJECT> <HD SOURCE="HED">AGENCY:</HD> U.S. Department of Energy. <HD SOURCE="HED">ACTION:</HD> Final rule. <SUM> <HD SOURCE="HED">SUMMARY:</HD> The Department of Energy (DOE or Department) revises its regulations regarding records maintained on individuals under the Privacy Act. The revisions would clarify and update procedural requirements pertaining to the inclusion of a Social Security number (SSN) on documents that the Department sends by mail. These revisions are necessary to implement the SSN Fraud Prevention Act of 2017's restriction on the inclusion of SSNs on documents sent by mail by the Federal Government. Additionally, the Department proposes to maintain a publicly available list authorizing certain designated documents to include SSNs if: inclusion is necessary; and the documents are requested by individuals outside DOE or other Federal agencies. </SUM> <EFFDATE> <HD SOURCE="HED">DATES:</HD> This final rule is effective on June 20, 2024. </EFFDATE> <FURINF> <HD SOURCE="HED">FOR FURTHER INFORMATION CONTACT:</HD> Kyle David, U.S. Department of Energy, 1000 Independence Avenue SW, Office 8H-085, Washington, DC 20585; facsimile: (202) 586-8151; email: <E T="03">kyle.david@hq.doe.gov,</E> telephone: (240) 686-9485. </FURINF> <SUPLINF> <HD SOURCE="HED">SUPPLEMENTARY INFORMATION:</HD> <HD SOURCE="HD1">Table of Contents</HD> <EXTRACT> <FP SOURCE="FP-2">I. Authority and Background</FP> <FP SOURCE="FP1-2">A. Authority</FP> <FP SOURCE="FP1-2">B. Background</FP> <FP SOURCE="FP-2">II. Discussion</FP> <FP SOURCE="FP-2">III. Summary of Public Comments</FP> <FP SOURCE="FP-2">IV. Section 1008.22 Analysis</FP> <FP SOURCE="FP-2">V. Procedural Issues and Regulatory Review</FP> <FP SOURCE="FP1-2">A. Review Under Executive Orders 12866, 13563, and 14094</FP> <FP SOURCE="FP1-2">B. Review Under the Regulatory Flexibility Act</FP> <FP SOURCE="FP1-2">C. Review Under the Paperwork Reduction Act of 1995</FP> <FP SOURCE="FP1-2">D. Review Under the National Environmental Policy Act of 1969</FP> <FP SOURCE="FP1-2">E. Review Under Executive Order 12988</FP> <FP SOURCE="FP1-2">F. Review Under Executive Order 13132</FP> <FP SOURCE="FP1-2">G. Review Under Executive Order 13175</FP> <FP SOURCE="FP1-2">H. Review Under the Unfunded Mandates Reform Act of 1995</FP> <FP SOURCE="FP1-2">I. Review Under Executive Order 12360</FP> <FP SOURCE="FP1-2">J. Review Under Executive Order 13211</FP> <FP SOURCE="FP1-2">K. Review Under the Treasury and General Government Appropriations Act, 1999</FP> <FP SOURCE="FP1-2">L. Review Under the Treasury and General Government Appropriations Act, 2001</FP> <FP SOURCE="FP1-2">M. Congressional Notification</FP> <FP SOURCE="FP-2">VI. Approval by the Office of the Secretary of Energy</FP> </EXTRACT> <HD SOURCE="HD1">I. Authority and Background</HD> <HD SOURCE="HD2">A. Authority</HD> DOE has broad authority to regulate the agency's collection, use, processing, maintenance, storage, and disclosure of SSNs pursuant to the following authorities: 42 U.S.C. 7101 <E T="03">et seq.,</E> 50 U.S.C. 2401 <E T="03">et seq.,</E> 5 U.S.C. 1104, 5 U.S.C. 293, 5 U.S.C. 552, 5 U.S.C. 552a, 42 U.S.C. 7254, 5 U.S.C. 301, and 42 U.S.C. 405 note. <HD SOURCE="HD2">B. Background</HD> The SSN Fraud Prevention Act of 2017 (the Act) (Pub L. 115-59; 42 U.S.C. 405 note), enacted on September 15, 2017, prohibits Federal agencies from including individuals' full SSN on documents transmitted by physical mail unless the head of the agency determines that the inclusion of the full SSN on the document is necessary (section 2(a), Pub. L. 115-59). The Act requires agency heads to issue regulations specifying the circumstances under which inclusion of a full SSN on a document sent by mail is necessary. The Act specifies that these regulations be issued no later than five years after the date of enactment, include instructions for the partial redaction of SSNs where feasible, and require that SSNs not be visible on the outside of any package sent by mail (section 2(b), Pub. L. 115-59). This rule would revise 10 CFR 1008.22 (Use and collection of Social Security numbers) consistent with these requirements in the Act. The revisions clarify the procedural requirements pertaining to the inclusion of full SSNs on documents that DOE sends by mail. <HD SOURCE="HD1">II. Discussion</HD> Pursuant to the Act, an agency may not include a SSN on a document sent by mail unless the Secretary determines that inclusion of the SSN on the document is necessary. DOE usage of SSNs is necessary in instances when it is required by law, or fulfills a compelling business need. The regulatory text revises 10 CFR 1008.22 to establish the process by which Departmental Elements may request a Secretarial waiver of the prohibition on inclusion of SSNs. The text provides for a Secretarial waiver for pre-approved items listed on DOE's “Un-redacted SSN Mailed Documents Listing” (USMDL). This is a list of categories of documents which the Secretary of Energy, or the Secretary's authorized designee, has determined to be pre-approved for the inclusion of a full SSN in a mailed document. The justification for this determination is that the identified forms are necessary to fulfill a compelling DOE business need or mission function. DOE developed this list of pre-approved forms and documents based on responses to annual DOE data calls to assess which documents (1) contain a full SSN, (2) contain a full SSN that cannot be redacted, and (3) must be transmitted through physical mail and include a full SSN. Documents listed on the USMDL include those related to payroll, human resources, taxes, security, badging, and Privacy Act and Freedom of Information Act requests. DOE proposes that forms and documents included on the USMDL will not require a separate Secretarial waiver to be transmitted by physical mail. This final rule provides that forms and documents not listed on the USMDL that contain a full SSN and must be transmitted through physical mail to fulfill a compelling DOE business need will require a Secretarial waiver in accordance with these regulations. Pursuant to “Department of Energy Designation Order No. 00-17.00A to the Chief Information Officer,” section 1.3, the Chief Information Officer (CIO), as Senior Agency Official for Privacy (SAOP), has the authority to implement “information privacy protection, including compliance with Federal laws, regulations, and policies that relate to information privacy and the Privacy Act.” Pursuant to this authority, for circumstances where a transmitting DOE Element anticipates the sending of a particular form or document will be a one-time occurrence, and under conditions where such transmission is an urgent matter, the Element may request a conditional, one-time Secretarial waiver from the DOE SAOP. Similarly, pursuant Designation Order No. 00-17.00A section 1.3, for circumstances where the transmitting element anticipates a regular and frequent transmission of a particular form or document, the final rule provides that the Element may request that the relevant form or document be added to the USMDL from the DOE SAOP. A request by a current or former DOE employee or contractor, through an internal system, to have a document or form containing that individual's SSN mailed to the individual will not require a waiver under this final rule. <HD SOURCE="HD1">III. Summary of Public Comments</HD> On December 18, 2023, DOE published a notice of proposed rulemaking seeking comments on its proposition to revise its regulations in accordance with the previous discussion section. (88 FR 87371) The 30-day public comment period of this notice of proposed rulemaking ended on January 17, 2024. No public comments were received. <HD SOURCE="HD1">IV. Section 1008.22 Analysis</HD> This final rule adds new paragraphs (c)(1) through (c)(2), which prohibit heads of Headquarters Divisions and Offices and heads of other DOE locations from including a full Social Security number on a form or document transmitted by physical mail except under the listed circumstances. This final rule adds new paragraphs (d)(1) through (d)(5), which describe the process through which heads of Headquarters Divisions and Offices and heads of other DOE locations may request a one-time Secretarial waiver in order to transmit a full Social Security number on a form or document by physical mail. This final rule also adds new paragraphs (e)(1) through (e)(5), which describe the process through which heads of Headquarters Divisions and Offices and heads of other DOE locations that anticipate frequent transmission through physical mail of a particular form or document containing full Social Security numbers not already listed on the USMDL may request that a new category relevant to the form or document be added to the USMDL. <HD SOURCE="HD1">V. Procedural Issues and Regulatory Review</HD> <HD SOURCE="HD2">A. Review Under Executive Order 12866, 13563, and 14094</HD> Executive Order (“E.O.”) 12866, “Regulatory Planning and Review,” 58 FR 51735 (Oct. 4, 1993), as supplemented and reaffirmed by E.O. 13563, “Improving Regulation and Regulatory Review,” 76 FR 3821 (Jan. 21, 2011) and amended by E.O. 14094, “Modernizing Regulatory Review,” 88 FR 21879 (April 11, 2023), requires agencies, to the extent permitted by law, to (1) propose or adopt a regulation only upon a reasoned determination that its benefits justify its costs (recognizing that some benefits and costs are difficult to quantify); (2) tailor regulations to impose the least burden on society, consistent with obtaining regulatory objectives, taking into account, among other things, and to the extent practicable, the costs of cumulative regulations ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Preview showing 10k of 30k characters. Full document text is stored and available for version comparison. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━