[Senate Report 109-203]
[From the U.S. Government Publishing Office]



109th Congress 
 1st Session                     SENATE                          Report
                                                                109-203
_______________________________________________________________________
                                                       Calendar No. 320
 
                     IDENTITY THEFT PROTECTION ACT

                               __________

                              R E P O R T

                                 OF THE

           COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION

                                   on

                       S. H.R. deg. 1408




       DATE deg.December 8, 2005.--Ordered to be printed

 Filed under authority of the order of the Senate of November 18, 2005
       SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION
                       one hundred ninth congress
                             first session

                     TED STEVENS, Alaska, Chairman
                 DANIEL K. INOUYE, Hawaii, Co-Chairman
JOHN McCAIN, Arizona                 JOHN D. ROCKEFELLER IV, West 
CONRAD BURNS, Montana                    Virginia
TRENT LOTT, Mississippi              JOHN F. KERRY, Massachusetts
KAY BAILEY HUTCHISON, Texas          BYRON L. DORGAN, North Dakota
OLYMPIA J. SNOWE, Maine              BARBARA BOXER, California
GORDON H. SMITH, Oregon              BILL NELSON, Florida
JOHN ENSIGN, Nevada                  MARIA CANTWELL, Washington
GEORGE ALLEN, Virginia               FRANK LAUTENBERG, New Jersey
JOHN E. SUNUNU, New Hampshire        E. BENJAMIN NELSON, Nebraska
JIM DeMINT, South Carolina           MARK PRYOR, Arkansas
DAVID VITTER, Louisiana
                    Lisa Sutherland, Staff Director
             Christine Drager Kurth, Deputy Staff Director
                      David Russell, Chief Counsel
     Margaret Cummisky, Democratic Staff Director and Chief Counsel
 Samuel Whitehorn, Democratic Deputy Staff Director and General Counsel
                                                       Calendar No. 320
109th Congress                                                   Report
                                 SENATE
 1st Session                                                    109-203

======================================================================




                     IDENTITY THEFT PROTECTION ACT

                                _______
                                

                December 8, 2005.--Ordered to be printed

 Filed under authority of the order of the Senate of November 18, 2005

                                _______
                                

       Mr. Stevens, from the Committee on Commerce, Science, and 
                Transportation, submitted the following

                              R E P O R T

                         [To accompany S. 1408]

    The Committee on Commerce, Science, and Transportation, to 
which was referred the bill joint resolution deg. (S. 
H.R. deg. 1408) TITLE deg. to strengthen data 
protection and safeguards, require data breach notification, 
and further prevent identity theft, having considered the same, 
reports favorably thereon without amendment deg. 
with amendments deg. with an amendment (in the nature 
of a substitute) and recommends that the bill joint 
resolution deg. (as amended) do pass.

                          Purpose of the Bill

  S. 1408 would bolster data security procedures for covered 
entities that collect, dispose, maintain, sell, or transfer 
sensitive personal information. The bill would require covered 
entities to provide consumer notification under circumstances 
when that entity suffers a breach of security, and the exposure 
of that sensitive personal information would create a 
reasonable risk that an identity theft may occur. S. 1408 also 
would direct the Federal Trade Commission (FTC) to develop 
rules that would require procedures for authenticating the 
credentials of third parties to which sensitive personal 
information may be sold or otherwise transferred. To further 
protect consumers from identity theft, S. 1408 would allow 
consumers to freeze their credit report for a reasonable fee. 
As amended, S. 1408 also would prohibit the solicitation, sale, 
or display of social security numbers by covered entities, 
except under certain specified circumstances.

                          Background and Needs


DATA SECURITY

  In 1998, Congress responded to an explosion in identity theft 
activity by passing the Identity Theft Assumption and 
Deterrence Act. \1\ This Act addressed identity theft in two 
ways: First, the Act strengthened then-existing criminal law 
governing identity theft \2\ to make it a Federal crime to 
knowingly transfer or use, without lawful authority, a means of 
identification of another person with the intent to commit, or 
to aid or abet, any unlawful activity; and second, the Act 
required the FTC to develop a centralized complaint and 
consumer education service for victims of identity theft. This 
FTC clearinghouse was established and currently serves as an 
investigative tool for the FTC and Federal law enforcement to 
track and thwart identity theft.
---------------------------------------------------------------------------
    \1\ P.L. 105-318, 112 Stat. 3007 (Oct. 30, 1998)
    \2\ 18 U.S.C. 1028 (``Fraud and related activity in connection with 
identification documents'')
---------------------------------------------------------------------------
  Despite the existence of several Federal and State laws 
designed to reduce identity theft, the crime continues to be 
perpetrated against American consumers at an alarming rate. A 
2003 FTC survey found that, during a one-year period, identity 
thieves victimized nearly 10 million Americans, or roughly 4.6 
percent of the domestic adult population. The FTC has further 
reported that identity theft--physical and online--accounted 
for 39 percent of the more than 635,000 consumer fraud 
complaints filed last year with the agency.
  While the aggregation and distribution of consumers' 
sensitive personal information for marketing, lending, and 
other purposes are vital to commerce in the United States, such 
practices have in some ways made it easier for identity thieves 
to access and misappropriate sensitive personal information in 
the possession of businesses and other entities.
  In 2005, a string of highly publicized data breaches occurred 
at a variety of private and public organizations ranging from 
financial institutions and commercial retailers, to public 
universities. These data breaches involved the sensitive 
personal information of millions of consumers, including social 
security numbers and financial information. Many of these 
security breaches led to identity theft. The most widely 
publicized data breaches involved the unauthorized access of 
data held by two large information (or data) brokers. These 
breaches raised the question whether consumers' sensitive 
personal information is adequately protected from identity 
thieves by the entities that collect, maintain, and transfer 
sensitive personal information.
  While several Federal laws address data security in different 
contexts, there is no single Federal law that requires the 
protection of sensitive personal information regardless of the 
type of entity that is in possession of that information. In 
addition, relevant Federal law that does exist does not require 
all entities that possess sensitive personal information to 
notify consumers when a breach involving such consumers' 
sensitive personal information has occurred. S. 1408 is 
intended to fill gaps in current Federal data security laws and 
provide a uniform preemptive Federal standard for the 
safeguarding of sensitive personal information regardless of 
the entity with possession. The legislation would strike a 
balance between ensuring adequate security of sensitive 
personal information and not inhibiting the legitimate free 
flow of information that is vital to the U.S. economy.
  Congress has legislated in several contexts in the area of 
data privacy and security. Among other things, Congress has 
placed certain limits on the dissemination of credit report, 
financial, motor vehicle, and health information. The following 
is a brief description of existing data security laws.
  The Fair Credit Reporting Act (FCRA) \3\ was enacted partly 
to ensure that ``consumer reporting agencies exercise their 
grave responsibilities with fairness, impartiality, and a 
respect for the consumer's right to privacy.'' \4\ FCRA 
requires that consumer reporting agencies only disclose 
consumer credit reports if such a disclosure is for a 
``permissible purpose'' as defined in the statute. \5\
---------------------------------------------------------------------------
    \3\ 15 U.S.C. 1681-1681u, as amended; In 2003, FCRA was enhanced by 
the Fair and Accurate Credit Transactions Act (FACT) Act. The FTC has 
not completed implementation of the FACT Act.
    \4\ 15 U.S.C. 1681(a)(4)
    \5\ 15 U.S.C. 1681b(a)(3)(A) through (F)
---------------------------------------------------------------------------
  In FCRA, a permissible purpose is generally a legitimate 
business need by the individual or entity seeking the credit 
report, which includes, among others, verification for 
employment, extension of credit or insurance, or property 
tenancy background checks. FCRA also requires credit-reporting 
agencies to use reasonable procedures to ensure that those 
requesting consumer credit reports are who they claim to be, 
and that they are eligible to receive the report for a 
permissible purpose.
  Title V of the Gramm-Leach-Bliley Act (GLBA) \6\ was enacted 
to ensure the privacy and security of personally identifiable 
information handled by financial institutions. Title V of GLBA 
requires financial institutions to provide notice to customers 
of a possible disclosure of non-public personal information to 
non-affiliates and an opportunity to opt out of such 
disclosure. This non-public information includes an 
individual's address, as well as social security number, 
telephone number, and mother's maiden name. The prohibition 
against disclosure of this information without notice and the 
ability to opt out are subject to statutory exceptions provided 
in GLBA. These exceptions allow for disclosure primarily for 
reasons of law enforcement, prosecution, or fraud prevention. 
GLBA's Privacy Rule for re-disclosure binds recipients of non-
public personal financial information. The GLBA requires 
financial institutions to adopt and implement appropriate 
safeguards for the personal information of their customers. \7\
---------------------------------------------------------------------------
    \6\ 15 U.S.C. 6801-09
    \7\ 15 U.S.C. 6801(b)
---------------------------------------------------------------------------
  The Health Information Portability and Accountability Act 
(HIPAA) \8\ was enacted partly to provide strong Federal 
protections for the privacy rights of patients. The HIPAA 
Privacy Rule prohibits health care providers from disclosing 
personal health information except when required or permitted 
under the Rule. The HIPAA Privacy Rule permits health care 
providers to disclose personal health information for the 
purpose of carrying out essential health care functions such as 
patient treatment, payment for care, or health care operations 
that support treatment and payment. The Rule also requires 
disclosure of personal health information when requested by the 
Department of Health and Human Services (HHS) for an 
investigation or to determine compliance with the Privacy Rule, 
or at the request of a patient or health care enrollee. Like 
GLBA, HIPAA requires health care providers to adopt and 
implement appropriate safeguards to protect personal health 
information. \9\
---------------------------------------------------------------------------
    \8\ 42 U.S.C. 1320d et seq.
    \9\ 45 C.F.R. 164.530(c)
---------------------------------------------------------------------------
  Section 5 of the Federal Trade Commission Act (FTCA) \10\ 
grants authority to the FTC to prevent unfair or deceptive 
trade practices in or affecting interstate commerce. Entities 
operating in interstate commerce are subject to section 5 of 
the FTCA to the extent that they deceptively make false claims 
concerning their information security policies on which 
consumers rely to their detriment. Such entities are subject to 
section 5 of the FTCA if they falsely claim to have adequate 
information security safeguards in place, and/or if they 
knowingly cause consumers substantial economic injury that 
could have been reasonably avoided.
---------------------------------------------------------------------------
    \10\ 15 U.S.C. 45(a)
---------------------------------------------------------------------------
  The Driver's Privacy Protection Act (DPPA) \11\ prohibits the 
disclosure of personal information by State departments of 
motor vehicles except for uses specifically stated by DPPA. It 
contains fourteen permissible uses, mostly for purposes of law 
enforcement, vehicle insurance claims or policies, or judicial 
proceedings.
---------------------------------------------------------------------------
    \11\ 15 U.S.C. 2721-25
---------------------------------------------------------------------------
  In April 2004, the California legislature enacted SB 1386, 
which represented the first effort by a State legislature to 
address data breach notification. The law provides strict 
disclosure requirements for commercial entities or government 
agencies that experience security breaches when the breaches 
may contain the personal information of California residents. 
According to many observers, were it not for the breach 
notification requirements of the California law, most of the 
data security breaches that were highly publicized in 2005 
would not have become publicly known. Thirty-three other States 
have passed or are considering data breach legislation. The two 
prevalent themes among these initiatives are consumer 
notification requirements in the event of a data breach, and 
consumer redress in the event of such breach.

CREDIT FREEZE

  The Fair and Accurate Credit Transaction Act (FACTA) of 2003, 
\12\ which became effective in some States in December 2004, 
\13\ added new sections to FCRA that were intended to provide 
consumers with tools to combat the effects of identity theft. 
FACTA allows a consumer who seeks to mitigate or prevent the 
occurrence of identity theft to contact credit-reporting 
agencies and place a ``fraud alert'' on their credit file. Once 
placed, any entity that attempts to extend credit to the 
consumer is required to contact the consumer by telephone and 
take other reasonable steps to ensure that the credit 
application is not that of an identity thief. Failure to 
contact the consumer in such instances subjects the entity to 
civil penalty. The fraud alert is effective initially for 90 
days, and can be extended for up to seven years for victims of 
identity theft by providing a police report or an affidavit 
proving a theft occurred.
---------------------------------------------------------------------------
    \12\ Pub. L. 108-159, 111 Stat. 1952
    \13\ FACTA is being phased in beginning in December 2004 and ending 
in September 2005.
---------------------------------------------------------------------------
  S. 1408 would take an added step toward providing consumers 
with tools to combat identity theft by allowing consumers to 
place a ``freeze'' on their credit report for a reasonable fee. 
A freeze effectively would preclude (with limited exceptions) 
unauthorized third parties from accessing a credit report. 
Victims of identity theft would be permitted to place freezes 
on their credit report without a fee.
  The credit freeze provision of the bill is a response to a 
growing number of inconsistent State laws that have been 
enacted since the passage of FACTA. There are currently 11 
similar State credit freeze laws, with the possibility of many 
more within the next few years.

                         Summary of Provisions

  S. 1408, the Identity Theft Protection Act, would require 
covered entities to comply with the existing requirements of 
the FTC rules on Standards for Safeguarding Customer 
Information and Disposal of Consumer Report Information and 
Records (Safeguards Rule), \14\ which require covered entities 
to develop, implement, maintain, and enforce written programs 
for the security of sensitive personal information to ensure 
security, protect against any anticipated threats, or 
unauthorized access to consumers' sensitive personal 
information.
---------------------------------------------------------------------------
    \14\ 16 C.F.R. Part 314. The FTC was required to promulgate this 
rule in GLBA, 15 U.S.C. Subchapter I, Sec. 6801-6809 (Disclosure of 
Nonpublic Personal Information).
---------------------------------------------------------------------------
  The bill would apply the Safeguards Rule to entities not 
currently covered and require those entities that handle 
sensitive personal information to provide notice to affected 
consumers in the event of a security breach. S. 1408 also would 
allow consumers to place, lift, and temporarily remove a 
security freeze on their credit, which would prevent credit 
from being extended to third parties without authorization from 
the consumer. In addition, S. 1408 would prohibit (with limited 
exceptions) the sale or purchase of consumers' social security 
numbers. This provision would prohibit employers, educational 
institutions, and others from using social security numbers for 
any employee benefit plan, card, or tag that is provided by 
employers, educational institutions, and others, for the 
purpose of identification. The use of social security numbers 
as identifiers on State drivers' licenses would be prohibited 
as well.

                          Legislative History

  On May 10, 2005, and June 16, 2005, the Committee held 
hearings chaired by Chairman Stevens and Senator Smith, 
respectively, to examine the issues pertaining to data 
security. Those testifying before the Committee were 
representatives of private companies, industry trade 
associations, public interest groups, State Attorneys General, 
and each of the FTC Commissioners.
  On July 14, 2005, Senator Smith introduced S. 1408, ``The 
Identity Theft Protection Act,'' which was referred to the 
Committee. Senators Stevens, Inouye, McCain, Nelson, and Pryor 
were original co-sponsors of the bill.
  On July 28, 2005, the Committee met in open executive session 
to consider an amendment in the nature of a substitute to S. 
1408 offered by Senator Smith that made several substantive 
changes to the bill's provisions as introduced. Senator Boxer 
offered an amendment during the executive session, which would 
limit the amount of time a covered entity would have to notify 
consumers in the event of a data breach. The Committee agreed 
to incorporate Senator Boxer's amendment into Senator Smith's 
amendment in the nature of a substitute. In addition, the 
Committee adopted an amendment offered by Chairman Stevens 
containing technical corrections to the substitute amendment, 
and an amendment offered by Senator Dorgan that would prohibit 
the sale of Social Security numbers with a few exceptions, 
including for the purposes of public health or national 
security. The amendments were adopted and the bill, as amended, 
and the Committee ordered the bill to be reported.

                            Estimated Costs

  In compliance with subsection (a)(3) of paragraph 11 
of rule XXVI of the Standing Rules of the Senate, the Committee 
states that, in its opinion, it is necessary to dispense with 
the requirements of paragraphs (1) and (2) of that subsection 
in order to expedite the business of the Senate. deg.
  In accordance with paragraph 11(a) of rule XXVI of the 
Standing Rules of the Senate and section 403 of the 
Congressional Budget Act of 1974, the Committee provides the 
following cost estimate, prepared by the Congressional Budget 
Office:

                                                  November 3, 2005.
Hon. Ted Stevens,
Chairman, Committee on Commerce, Science, and Transportation,
U.S. Senate, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for S. 1408, the Identity 
Theft Protection Act.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contacts are Melissa Z. 
Petersen (for federal costs), Sarah Puro ( for the state and 
local impact), and Selena Caldera (for the private-sector 
impact).
            Sincerely,
                                               Douglas Holtz-Eakin.
    Enclosure.

S. 1408--Identity Theft Protection Act

    Summary: S. 1408 would require private companies to take 
certain precautions to safeguard the personal information of 
consumers and to notify consumers whenever there is a breach in 
the security of their personal information. Under the bill, 
consumers would have the option to freeze their credit reports 
in the event of a threat on their personal information. The 
bill also would restrict the use, display, and sale of Social 
Security numbers (SSNs). Under S. 1408, the Federal Trade 
Commission (FTC) would enforce these restrictions and 
requirements. Assuming appropriation of the amounts 
specifically authorized in the bill, CBO estimates that 
implementing S. 1408 would cost $1 million in 2006 and $5 
million over the 2006-2010 period.
    Enacting S. 1408 could increase federal revenues and direct 
spending as a result of the collection of additional civil and 
criminal penalties assessed for violations of identity theft 
laws. Collections of criminal penalties are recorded in the 
budget as revenues, deposited in the Crime Victims Fund, and 
later spent. CBO estimates, however, that any additional 
revenues and direct spending that would result from enacting 
the bill would not be significant because of the relatively 
small number of cases likely to be involved.
    S. 1408 contains several intergovernmental mandates as 
defined in the Unfunded Mandates Reform Act (UMRA), including 
limitations on the sale, display, and use of SSNs by state and 
local governments, requirements that schools--many of which are 
public--comply with FTC regulations regarding certain personal 
information that they collect, and explicit preemptions of 
state laws regarding the treatment of that information. While 
the aggregate cost of complying with those mandates is 
uncertain, CBO estimates that such costs would exceed the 
threshold established in UMRA ($62 million in 2005, adjusted 
annually for inflation) in at least one of the first five years 
after the mandates go into effect.
    S. 1408 would impose private-sector mandates on employers, 
retailers, schools, colleges, consumer-credit-reporting 
agencies, and other entities that acquire, maintain, or utilize 
sensitive personal information. While CBO cannot estimate the 
direct cost of complying with each mandate, certain mandates in 
the bill would impose security standards and notification 
requirements on a large number of private-sector entities, 
including more than five million employers. Based on this 
information, CBO estimates that the total direct cost of 
mandates in the bill would exceed the annual threshold 
established by UMRA for private-sector mandates ($123 million 
in 2005, adjusted annually for inflation).
    Estimated cost to the Federal Government: The estimated 
budgetary impact of S. 1408 is shown in the following table. 
The costs of this legislation fall within budget function 370 
(commerce and housing credit). CBO assumes that the bill will 
be enacted in calendar year 2006 and that the specified amounts 
will be appropriated for each year. CBO estimates that 
implementing the bill would cost $1 million in 2006 and $5 
million over the 2006-2010 period to issue regulations and 
enforce the bill's new provisions restricting the use of 
personal information.

----------------------------------------------------------------------------------------------------------------
                                                                       By fiscal year, in millions of dollars--
                                                                    --------------------------------------------
                                                                       2006     2007     2008     2009     2010
----------------------------------------------------------------------------------------------------------------
                                  CHANGES IN SPENDING SUBJECT TO APPROPRIATION

Authorization Level................................................        1        1        1        1        1
Estimated Outlays..................................................        1        1        1        1        1
----------------------------------------------------------------------------------------------------------------

    Estimated impact on state, local, and tribal governments: 
S. 1408 contains several intergovernmental mandates as defined 
in UMRA. Specifically, the bill would:
           Limit the sale, display, and use of Social 
        Security numbers by state, local, and tribal 
        governments;
           Require that educational entities--many of 
        which are public--comply with FTC regulations regarding 
        the treatment of certain personal information that they 
        collect;
           Explicitly preempt state laws in at least 17 
        states regarding the treatment of personal information; 
        and
           Place certain notification requirements on 
        state insurance authorities and State Attorneys 
        General.
    While there are a very large number of entities that would 
be required to make changes to existing systems, the aggregate 
cost of complying with those mandates is uncertain. Based on 
discussion with state and local officials, however, CBO 
estimates that the costs of complying with the mandates in the 
bill would exceed the threshold established in UMRA ($62 
million in 2005, adjusted annually for inflation) in at least 
one of the first five years after the mandates go into effect.
    CBO estimates that the prohibitions against the sale, 
display, and use of Social Security numbers and the 
requirements on educational entities would impact the most 
significant costs on state and local governments. The remainder 
of this analysis focuses on those provisions.

Social Security numbers

    While state and local governments have, in recent years, 
taken steps to reduce the use of SSNs on public documents, many 
continue to use them for a variety of purposes. The bill would 
restrict or prohibit governmental agencies from:
           Selling or displaying Social Security 
        numbers that have been disclosed to the agency because 
        of a mandatory requirement;
           Displaying SSNs on checks or check stubs;
           Placing SSNs on drivers licenses, 
        identification cards, vehicle registrations, or 
        employee identification cards, or coding them into 
        magnetic strips or bar codes on those documents; and
           Allowing prisoners access to SSNs of other 
        individuals.
    The bill would allow SSNs to be sold under certain 
circumstances, for example, when such sale is necessary for 
public health, national security, or tax-law purposes, when 
done in compliance with certain motor vehicle laws, or 
consumer-reporting practices, or for nonmarket research that 
advances the public good.
    If state and local governments do not currently have a 
system in place to safeguard SSNs, they would have to implement 
a new system for any documents issued after the regulations 
become effective (up to one year following enactment of the 
bill). If they use SSNs on checks and check-stubs as part of 
their recordkeeping and tracking procedures, they would have to 
alter those systems and remove the SSNs. Under the provisions 
of the bill, states would have to implement systems for 
removing SSNs from many documents that are available to the 
public. While there is some uncertainty about the extent of the 
requirements in this provision, CBO assumes that governmental 
entities would be required to remove SSNs from existing 
documents, a requirement that would impose significant costs on 
state and local governments. Further, some states may have to 
alter their systems for issuing driver's licenses and vehicle 
registrations to remove SSNs that are coded electronically onto 
a magnetic strip or digitized as part of a bar code. Finally, 
any government agency that uses SSNs would have to implement 
safeguards to preclude unauthorized access to SSNs and their 
derivatives and to protect confidentiality.
    Generally, the use of SSNs by municipal governments for 
recordkeeping and identification is not widespread. There are 
over 75,000 municipal governments, however, so even small one-
time costs--for example, as little as $5,000--would impose 
significant costs, in the aggregate, on intergovernmental 
entities. On the other hand, counties and states, while fewer 
in number (there are about 3,600 counties in the U.S.), are 
more dependent on SSNs for various recordkeeping and 
identification purposes and are thus likely to face 
significantly higher costs because of the complexity and scope 
of their recordkeeping systems. (Some counties estimate that 
altering their systems to use identifiers other than SSNs or to 
eliminate the display of SSNs would result in one-time costs 
ranging from $40,000 to over $1,000,000, depending on the 
county and the scope of the changes that would need to be 
made.) In total, compliance costs for all state and local 
entities would likely be significant.

Requirements on schools

    The bill would require elementary, secondary, and post-
secondary educational institutions to:
           Develop, implement, and maintain a written 
        program to safeguard certain personal information in 
        accordance with FTC regulations;
           Notify affected individuals of any breach of 
        security; and
           Refrain from using Social Security numbers 
        as identifiers in certain circumstances.
    Under current law, educational institutions that receive 
federal funds already are required to safeguard certain 
personal information and must comply with Department of 
Education standards. Depending on the differences between the 
rules promulgated by the FTC and those already required by the 
Department of Education, educational institutions may have to 
make changes to their current systems that could be costly. For 
example, if institutions are required to add additional systems 
or provide additional information, they could face added costs. 
Since there are over 100,000 institutions that would be 
affected by these changes, the total costs could be 
significant.
    A provision that would require schools to notify affected 
individuals of any breach of security in which personal 
information may have been compromised also could be costly. The 
bill would cap costs for each notification to $250,000. 
Examples from California--where a similar law was passed in 
2002--suggest that a large university could expect to incur 
costs of between $100,000 and $200,000 to notify individuals 
whose personal information may have been compromised. The 
California experience suggests that, because the definition of 
a security breach is broad, public schools likely would incur 
some costs to comply with this provision. Because there is a 
large number of educational institutions nationwide (there are 
over 14,000 school districts composed of about 100,000 schools 
and over 1,500 public institutions of higher education), total 
costs could be significant over time. However, CBO cannot 
estimate the likely frequency of such security breaches and 
thus cannot estimate the total costs of complying with this 
provision.
    The bill also would prohibit educational institutions from 
requesting and using a Social Security number unless no other 
type of identifier can be used in its place. Reprogramming 
systems that currently use SSNs as identifiers also could be 
costly.
    Estimated impact on the private sector: S. 1408 would 
impose private-sector mandates on employers, retailers, 
schools, colleges, consumer-credit-reporting agencies, and 
other entities that acquire, maintain, or utilize sensitive 
personal information. The legislation defines sensitive 
personal information as a combination of name and Social 
Security number, driver's license number, or credit card 
information. While CBO cannot determine the direct cost of 
complying with each mandate, certain mandates in S. 1408 would 
impose security standards and notification requirements on a 
large number of private-sector entities, including more than 
five million employers. Based on this information, CBO 
estimates that the total direct cost of mandates in the bill 
would exceed the annual threshold established by UMRA for 
private-sector mandates ($123 million in 2005, adjusted 
annually for inflation).

Security program for the protection of sensitive information

    Section 2 would require covered entities to develop, 
implement, maintain, and enforce a written program containing 
administrative, technical, and physical safeguards to secure 
sensitive personal information. In the bill, covered entities 
would include businesses, employers, and educational and 
nonprofit institutions that acquire, maintain, and utilize 
sensitive personal information. The cost of this mandate 
depends on both the number of covered entities--more than five 
million--and the average cost to an entity of complying with 
the mandate. CBO does not have enough information to estimate 
the average cost to a covered entity to comply with the 
mandate. Because of the large number of covered entities, 
however, we expect that even if the average cost of writing the 
security program was small, the overall costs of this mandate 
could be significantly above the threshold established in UMRA.

Notification of security breach risk

    The bill would set certain procedures for notifying 
consumers, the FTC, and credit reporting agencies of security 
breaches involving personal information. In the case of a 
security breach, section 3(c) would require covered entities to 
investigate any suspected breach of security. If the breach 
creates a reasonable risk of identity theft, the entity would 
be required to notify all those individuals whose personal 
information was compromised and to notify the FTC and the 
credit-reporting agencies if the breach affects 1,000 or more 
individuals.
    The cost of this mandate depends on the number of security 
breaches that occur, the average number of persons affected by 
a breach, and the cost per person of notification. There is 
very little information available on the number of breaches 
each year; only the largest of breaches are noticed and 
recorded. Nevertheless, information that is available suggests 
that security breaches are not rare. Although the cost to 
notify one person by mail may cost up to $2, the potentially 
large number of people in data systems maintained by some 
covered entities would make the cost of notification associated 
with one breach substantial. Furthermore, certain covered 
entities, such as retailers, do not maintain the mailing 
addresses of customers for whom they have name and credit card 
information. It would be costly for those entities to begin 
keeping that information. Based on this information, CBO 
expects that the cost to comply with this mandate could be 
large relative to UMRA's threshold for private-sector mandates.

Security freeze

    Section 4 would allow consumers to place a security freeze 
on their credit report by making a request to a consumer-
credit-reporting agency. The credit-reporting agency would be 
prevented from releasing the credit report to any third parties 
without an authorization from the consumer. The agency also 
would be required to notify all other reporting agencies of the 
security freeze at the consumer's request. To comply with the 
mandates in section 4, credit-reporting agencies would have to 
create and operate new systems to accept, impose, and release 
freezes on credit reports. Further, such agencies would incur 
costs in terms of the lost net income from being unable to sell 
credit reports that they would otherwise be able to sell under 
current law. CBO does not have sufficient information on how 
such systems would be added to existing operating systems or 
the expected revenue from credit report sales. Therefore, CBO 
has no basis to determine the cost of this mandate.

Social Security number protection

    Section 8 would prevent covered entities from soliciting 
any Social Security numbers from individuals unless no other 
identifier can be used reasonably. There are many cases in 
which covered entities ask individuals for their Social 
Security numbers. For example, employers ask their employees to 
provide SSNs for the purpose of sending withheld taxes to the 
Internal Revenue Service; in this case, no other identifier 
would seem possible to use. Schools, on the other hand, ask 
students to provide SSNs on their applications where it may be 
possible to use another identifier. CBO does not have 
sufficient information about how often covered entities could 
use another identifier and, if so, how much it would cost for 
them to switch; therefore, CBO has no basis to estimate the 
cost of this mandate.
    This section also would prevent covered entities from 
displaying Social Security numbers, or any part of such a 
number, on any card or tag used for identification, such as 
student or employee identification cards. This is an 
increasingly rare practice; therefore, CBO estimates that the 
cost of this mandate would be small.
    Estimate prepared by: Federal Costs: Melissa Z. Peterson. 
Impact on State, Local, and Tribal Governments: Sarah Puro. 
Impact on the Private Sector: Selena Caldera and Nabeel 
Alsalam.
    Estimate approved by: Peter H. Fontaine, Deputy Assistance 
Director for Budget Analysis.

                      Regulatory Impact Statement

  In compliance with subsection (b)(2) of paragraph 11 
of rule XXVI of the Standing Rules of the Senate, the Committee 
states that, in its opinion, it is necessary to dispense with 
the requirements of paragraph (1) of that subsection in order 
to expedite the business of the Senate. deg.
  Because S. ------ does not create any new programs, 
the legislation will have no additional regulatory impact, and 
will result in no additional reporting requirements. The 
legislation will have no further effect on the number or types 
of individuals and businesses regulated, the economic impact of 
such regulation, the personal privacy of affected individuals, 
or the paperwork required from such individuals and 
businesses. deg.
  In accordance with paragraph 11(b) of rule XXVI of the 
Standing Rules of the Senate, the Committee provides the 
following evaluation of the regulatory impact of the 
legislation, as reported:

                       NUMBER OF PERSONS COVERED

                            ECONOMIC IMPACT

  S. 1408 would require covered entities to develop, implement, 
maintain, and enforce a written program for the security of 
sensitive personal information in their possession. In 
addition, covered entities would be required to notify 
consumers in event of any breach of sensitive personal 
information. While some covered entities may already have 
safeguards and notification procedures in place, nonetheless, 
the legislation may create compliance costs for such entities 
in the form of equipment upgrades or personnel addition in 
order to ensure that their practices satisfy the new Federal 
requirements.

                                PRIVACY

  S. 1408 would likely bolster consumer privacy by ensuring 
that covered entities that handle sensitive personal 
information take appropriate measures to safeguard such 
information.

                               PAPERWORK

  The legislation would increase paperwork requirements for 
private industry to the extent that such paperwork is necessary 
to comply with the information safeguards, breach notification, 
and credit freeze requirements, as well as the social security 
number use prohibitions, of this Act. The bill would require 
two reports submitted to Congress by the FTC. The first, a 
report by the FTC containing the findings of a working group 
established by the FTC Chairman pursuant to this Act. And, the 
second, a report by the FTC developed in conjunction with the 
Department of Justice (DOJ) on the correlation between 
methamphetamine use and identity theft crimes.

                      Section-by-Section Analysis


Section 1. Short title

  This section would provide that the legislation be cited as 
the ``Identity Theft Protection Act.''

Section 2. Protection of sensitive personal information

  Section 2 would require covered entities to include 
administrative, technical, and physical safeguards within the 
written program to ensure security, protect against any 
anticipated threats, and protect against unauthorized access to 
sensitive personal information. The Committee notes that the 
implementation and enforcement of the data security policy is 
as important as the data security policy itself. Covered 
entities that are in full compliance with the current FTC 
Safeguards Rule would be deemed in compliance with this 
section. The Act also would require that, within one year of 
enactment, the FTC promulgate regulations that would require 
procedures for authenticating the credentials of third parties 
to which sensitive personal information is to be transferred or 
sold.
  The Committee's purposes for allowing covered entities the 
option of complying with the existing FTC Safeguards Rule are 
twofold: first, to provide covered entities regulatory 
consistency without an interim gap that would require such 
entities to modify their safeguards procedures more than once 
in order to comply; and, second, to take into account the 
impact of mandating safeguards rules on small businesses, 
particularly sole proprietors. With respect to the latter 
purpose, the Committee draws a parallel between the Safeguards 
Rule and S. 1408 to the extent that small businesses should be 
afforded flexibility to comply with S. 1408 in a manner that is 
dependent on their size and complexity, the nature and scope of 
their activities, and the sensitivity of the information that 
they handle.
  Accordingly, in promulgating the regulations required under 
subsection 3(c), the FTC should consider the impact that such 
regulations would have on small businesses, as the FTC did when 
developing the existing Safeguards Rule.
  The Committee encourages the FTC in its promulgation of rules 
to fulfill the requirements of section 2 to take into account 
the use of technological safeguards and effective alternative 
methods to reduce the chances of identity theft.

Section 3. Notification of security breach risk

  Section 3 would require a covered entity that, after using 
due diligence, determines that a breach of security has 
resulted in identity theft for one or more individuals, or that 
a reasonable risk of identity theft exists, to notify every 
individual affected by the breach of security. In determining 
whether a reasonable risk of identity theft exists, a covered 
entity would be required to consider factors about the nature 
of the breach, such as if the data is usable by an unauthorized 
third party and whether the data is in the possession and 
control of an unauthorized third party who is likely to commit 
identity theft.
  This section also would require covered entities that suffer 
a breach of security that affects 1,000 or more individuals to 
report the breach to the FTC or other appropriate market 
regulator and notify all consumer-reporting agencies (CRA) of 
the breach. The FTC would be required in such an instance to 
post a report of the breach of security on the agency's website 
without personally identifying any individual affected by the 
breach. In the event that the breach of security affects less 
than 1,000 individuals, and a covered entity determines that 
the breach of security does not create a reasonable risk of 
identity theft, it shall report the breach to the FTC or 
appropriate market regulator under section 5 of this Act. The 
report would be required to contain the number of individuals 
affected, and the type of information that was exposed, as a 
result of the breach of security.
  If a covered entity determines that notification to consumers 
of the breach of security is warranted, the entity would be 
required to contact individuals affected by the breach through 
a written or electronic notice. If the cost of issuing a notice 
would exceed $250,000, involve contacting more than 500,000 
individuals, or the entity lacks the contact information of 
affected individuals, the entity would have the option to 
provide a substitute notice through a posting on the website of 
the entity or via appropriate Statewide or regional media. In 
the event that this substitute notice is necessary, the covered 
entity would be required to include in such notice the name of 
the entity suffering the breach, the affected individuals' 
names, a description of the sensitive personal information that 
was compromised, and the dates indicating the period between 
the breach of the data and the discovery of the breach.
  Section 3 would require a covered entity to give notice to 
consumers when required by this Act in the most expedient 
manner possible, but not later than 45 days following the 
discovery of the breach, unless a Federal or State law 
enforcement agency determines that the timely giving of notice 
would materially impede a civil or criminal investigation, or 
threaten national security or homeland security.
  This section would not apply to electronic communications of 
a third party stored by a cable operator, information service, 
or telecommunications carrier in the network of such operator, 
service, or carrier in the course of transferring or 
transmitting such communication.
  The Committee's consumer notification requirement is meant to 
provide warning to consumers who may become victims of identity 
theft as a result of a data security breach. The Committee 
recognizes, however, that setting the threshold for 
notification too low may result in unnecessary consumer 
notification, which would reduce the effectiveness of the 
warning and create unnecessary costs.
  When deciding to provide notice, the entity should evaluate 
the usability of the information and the likelihood that the 
information is in the possession of an unauthorized party. If 
the compromised sensitive personal information is usable, but 
it has merely been misplaced and is not likely in the 
possession of an unauthorized third party, consumer 
notification would not be required. Similarly, consumer 
notification would not be warranted when sensitive personal 
information has been compromised and is likely in the 
possession of an unauthorized third party, but the information 
is not usable. Should a covered entity discover a breach of 
security, and that the compromised sensitive personal 
information is both usable and possessed by an unauthorized 
third party who is likely to commit identity theft, the covered 
entity must then determine whether a reasonable risk of 
identity theft to one or more individuals exists. If this 
analysis yields an affirmative conclusion, then the covered 
entity would be required to provide consumer notification under 
this section.

Section 4. Security freeze

  Section 4 would allow a consumer to place a security freeze 
on his or her credit report by making a request to a CRA in 
writing, by telephone, or through a secure electronic 
connection made available by the CRA. The security freeze would 
prevent a consumer's credit report from being released to a 
third party without express authorization from the consumer. 
The Committee encourages the CRAs to provide consumers the most 
expedient means to place and lift security freezes.
  A CRA would have up to five days after receiving a written 
request by a consumer to place a security freeze, and three 
days to either lift a freeze either temporarily or permanently. 
This Act would allow the FTC to determine through a rulemaking 
what constitutes a reasonable fee that can be charged to 
consumers by CRAs for placing and lifting a credit freeze.
  The consumer whose credit report was frozen would be 
permitted to remove a security freeze on his or her credit 
report only upon request to the CRA. The CRA would be permitted 
to remove a security freeze upon the consumer's request, or if 
the CRA believes the report was frozen due to a material 
misrepresentation of fact. If a consumer requests that a 
security freeze be lifted, after providing proper 
identification, the CRA must lift the freeze within three days.
  This section would allow a consumer who places, removes, or 
temporarily suspends a security freeze to request that the CRA 
that initiates the action on the security freeze notify all 
other CRAs of the request within three days. A CRA that is 
notified of such a request may request proper identification 
from the consumer within three business days after receiving 
the request, and place the security freeze no later than three 
days after receiving the consumer identification.
  Victims of identity theft would be permitted under subsection 
4(h)(2) to place a security freeze without charge by requesting 
in writing, in addition to filing a police report or identity 
theft report (as defined in section 603 (q)(4) of FCRA (15 
U.S.C. 1681a(q)(4))), to a CRA within 90 days after the theft 
occurred or was discovered by the consumer.
  Section 4 would not apply to the use of a credit report by 
any of the following: a person or entity with which the 
consumer has had a prior business relationship for the purpose 
of reviewing an account or collecting the financial obligation 
owing from an account or contract; any Federal, State or local 
agency, law enforcement agency, trial court, or private 
collection agency acting pursuant to a court order, warrant, or 
subpoena; HHS or any similar State agency acting to investigate 
Medicare or Medicaid fraud; the Internal Revenue Service or a 
State municipal taxing authority to investigate or collect 
delinquent taxes or unpaid court orders or any of their other 
statutory responsibilities; the use of consumer credit 
information for prescreening; any person administering a credit 
file monitoring subscription to which the consumer has 
subscribed; any person or entity for the purpose of providing a 
consumer with his or her credit report or credit score at the 
consumer's request; a check services or fraud prevention 
services company, which issues reports on incidents of fraud; 
or a deposit account information service company, which issues 
report regarding account closures due to fraud, substantial 
overdrafts, or similar negative information.
  Section 4 would exempt any CRA that acts only as a reseller 
of credit information by assembling and merging information 
contained in the data base of another CRA, and does not 
maintain a permanent data base of credit information from which 
new consumer reports are produced.

Section 5. Enforcement

  Section 5 provides new authority for the FTC to take action 
against covered entities that fail to develop, implement, 
maintain, or enforce a written program for the security of 
sensitive personal information as unfair or deceptive acts or 
practices proscribed under section 18(a)(1)(B) of the FTCA (15 
U.S.C. 57a(a)(1)(B)). This new authority is analogous to the 
authority that the FTC currently possesses under Title V of 
GLBA with respect to financial institutions.
  This section also would provide that compliance with this Act 
be enforced exclusively by agencies under the Federal Deposit 
Insurance Act (for foreign banks, commercial lenders, bank 
holding companies, and savings associations), the Federal 
Credit Union Act (for credit unions), the Securities Exchange 
Act of 1934 (for brokers and dealers), the Investment Company 
Act of 1940 (for investment companies), the Investment Advisers 
Act of 1940 (for investment advisers), and State insurance law.
  Section 5 would allow the FTC to seek civil penalties in its 
enforcement actions against covered entities in an amount up to 
$11,000 for each individual; and up to $11,000,000 in the 
aggregate for all such individuals with respect to the same 
violation by a covered entity under section 3 of this Act.
  This section also would provide that nothing in this Act 
would establish a private cause of action against a covered 
entity for the violation of any provision in this Act. However, 
nothing would affect a consumer's right to bring a civil action 
that is not under this Act in State or Federal court.
  In addition, any covered entity to which title V of GLBA (15 
U.S.C. 6801 et seq.) or section 607 of FCRA (15 U.S.C. 1681e) 
applies would be deemed in compliance with sections 2 and 3 of 
this Act to the extent that the person is in compliance with 
the provisions of those Acts, which require the protection of 
sensitive personal information and notification in the event of 
a breach of security.
  It is not the intent of this Committee to impose 
prohibitively onerous safeguards and notification requirements 
on small businesses. Thus, the FTC or appropriate market 
regulator should consider the size of the business and its 
ability to comply as one of many factors when enforcing this 
Act.

Section 6. Enforcement of State Attorneys General

  Section 6 would allow a State to bring an action under this 
Act in Federal court on behalf of its residents. The State 
would be required to notify the FTC or the appropriate Federal 
market regulator of the action at least 60 days prior to 
bringing the action. In the event that such notice is not 
feasible, the State would be required to provide notice 
immediately upon instituting the action. The FTC or appropriate 
Federal market regulator would be authorized to intervene in 
such civil action. If the FTC or appropriate Federal market 
regulator institutes an action for a violation of this Act, no 
State attorney general, or official or agency of the State, 
would be permitted to bring an action during the pendency of 
that action against any defendant named in the complaint.

Section 7. Preemption of State law

  Section 7 of this Act would preempt any State or local law 
that requires, or holds liable, a covered entity for 
safeguarding sensitive personal information, notifying affected 
individuals of breaches of security, or allowing a consumer to 
place, remove, or temporarily suspend a security freeze on his 
or her credit report. This section also would provide that any 
State or local law, regulation, or rule prohibiting or limiting 
the solicitation or display of social security numbers would be 
preempted by this Act.

Section 8. Social Security number protection

  Subsection 8(a) would prohibit the solicitation of a social 
security number from an individual unless there is a specific 
use of the number for which no other identifying number 
reasonably can be used. Subsection 8(b) would prohibit 
employers, educational institutions, and others from using 
social security numbers for any employee benefit plan, card, or 
tag that is provided by employers, educational institutions, 
and others for the purpose of identification. This subsection 
also would prohibit the use of social security numbers as 
driver identifiers on State drivers' licenses.
  Subsection 8(a) would provide certain exceptions for the 
solicitation of a social security number, including: for the 
purpose of obtaining a consumer report or any purpose permitted 
under FCRA (15 U.S.C. 1681 et seq.); for the purpose of 
verifying or obtaining proof of identity by a CRA; for any 
purpose permitted under section 502(e) of GLBA (15 U.S.C. 
6802(e)); or to identify or locate missing or abducted 
children, witnesses, criminals and fugitives, parties to 
lawsuits, parents delinquent in child support payments, organ 
and bone marrow donors, pension fund beneficiaries, and missing 
heirs.
  Subsection 8(c) would amend the Social Security Act (42 
U.S.C. 405(c)(2)(C)) to prohibit any Federal, State, or 
judicial agency from employing or entering into a contract to 
utilize inmates who would have access to the social security 
account numbers of other individuals. This prohibition would go 
into effect 90 days after the date of enactment.
  Subsection 8(d) would prohibit the sale or purchase of social 
security numbers. Exceptions to this prohibition would be for: 
national security purposes; public health purposes; emergency 
situations to protect the health or safety of an individual; 
compliance with a tax law of the United States or of any State; 
or if the sale or purchase is to or by a CRA. This section 
would allow the sale or purchase of an individual's social 
security if written consent is obtained. The Committee 
recognizes that there are legitimate uses for social security 
numbers as indicated in the exceptions to this subsection, and 
that barring such usage may result in unintended consequences. 
Therefore, the Committee intends to develop the language of 
this section as the legislation progresses toward full Senate 
consideration.
  Subsection 8(d) also would require the FTC to promulgate 
regulations concerning the prohibition of sale within 1 year 
after the date of enactment of this Act.

Section 9. Information security working group

  Section 9 would require the Chairman of the FTC to establish 
an Information Working Group comprised of industry 
participants, consumer groups, and other interested parties to 
collect, review, disseminate, and advise on best practices to 
protect sensitive personal information. The Information Working 
Group would be required to submit to Congress a report on its 
findings within 12 months after its establishment. The FTC, 
after notifying Congress, would be authorized to terminate the 
Working Group if the Commission finds that the work and annual 
reports are no longer necessary.

Section 10. Definitions

  Section 10 would provide for a number of notable definitions, 
as follows:
  Breach of Security: The unauthorized access to, and 
acquisition of, data in any form or format containing sensitive 
personal information that compromises the security or 
confidentiality of such information and creates a reasonable 
risk of identity theft.
  Consumer Reporting Agency: Any person engaging in the 
practice of assembling or evaluating consumer credit 
information or other information on consumers for the purpose 
of furnishing credit reports to third parties.
  Covered Entity: A sole proprietorship, partnership, 
corporation, trust, estate, cooperative, sole propriety, 
association, or other commercial entity, and any charitable, 
educational, or nonprofit organization, that acquires, 
maintains, or utilizes sensitive personal information.
  Credit Report: A consumer report as defined in section 603(d) 
of FCRA (15 U.S.C. 1681a(p)), that is used for the purpose of 
serving as a factor in establishing a consumer's eligibility 
for credit for personal, family or household purposes.
  Identity Theft: The unauthorized acquisition, purchase, sale, 
or use by any person of an individual's sensitive personal 
information that violates section 1028 of title 18, U.S.C., or 
any provision of State law; or that results in economic loss to 
the individual whose sensitive personal information was used.
  Reasonable Risk of Identity Theft: The term ``reasonable risk 
of identity theft'' means that the preponderance of the 
evidence available to the covered entity that has experienced a 
breach of security establishes that identity theft for one or 
more individuals from the breach of security is foreseeable.
  Sensitive Personal Information: An individual's name, 
address, or phone number linked with one or more data elements 
as listed in this definition. The FTC would be authorized 
through a rulemaking to designate or delete data elements or 
identifying information that may be used to effectuate identity 
theft as sensitive personal information. The Committee has 
included this FTC authority to add or subtract types of 
information from this definition with the intention that such 
authority would be exercised only when necessary to address any 
change in circumstances by which a new category of information, 
if breached, would create a reasonable risk of identity theft 
pursuant to this Act. The Committee understands that additions 
to or subtractions from the information list may yield economic 
consequences to covered entities, and particularly small 
businesses. Therefore, the FTC should proceed under this 
authority, and, if utilized, the FTC should develop a clear 
record showing how the information to be added or subtracted 
would or would not effectuate identity theft. The Committee did 
not include the following identifiers within the definition of 
sensitive personal information: genetic or biometric 
information; electronic mail signature; electronic identifier 
or screen name with password; consumer credit report 
information, mother's maiden name; and employee, faculty, 
student or U.S. Armed forces serial number. These identifiers 
were excluded because the Committee did not possess clear 
evidence that obtaining this information would effectuate 
identity theft. The Committee encourages the Federal Trade 
Commission to evaluate these identifiers to decide if they 
should be included as sensitive personal information.
  Public Records: Nothing in the Act would prohibit a covered 
entity from obtaining, aggregating, or using sensitive personal 
information it lawfully obtains from public records in a manner 
that would not violate this Act.

Section 11. Authorization of appropriations

  Section 11 would authorize $1,000,000 to be appropriated to 
the FTC to carry out this Act for fiscal years 2006 through 
2010.

Section 12. Related crime study

  Section 12 would require the FTC, in conjunction with DOJ, to 
conduct a study within 18 months of enactment of this Act to 
examine the correlation, if any, between methamphetamine use 
and identity theft crimes, as well as the needs of law 
enforcement to address methamphetamine crimes related to 
identity theft.

Section 13. Prohibition on technology mandates

  This section would make clear that nothing in this Act should 
be construed as authorizing the FTC to issue regulations that 
require or impose a specific technology, product, technological 
standard, or solution.

Section 14. Effective date

  This section would require covered entities under subsection 
2(a) to implement the information safeguards program within 6 
months after the date of enactment of this Act.
  Under this Act, the FTC would be required to initiate 
rulemakings under subsections 2(c), 4(h), and 8(d) within 45 
days after enactment, and promulgate final rules within one 
year after the date of enactment. The requirements of the FTC 
rulemakings under subsections 2(c), 4(h), and 8(d) would take 
effect six months after each of the final rules are 
promulgated. All other provisions of this Act would take effect 
upon its enactment.

                      Rollcall Votes in Committee

    Senator Allen offered an amendment to Senator Smith's 
amendment (in the nature of a substitute) to limit the 
authority of the FTC to change the definition of ``sensitive 
personal information.'' On a rollcall vote of 8 yeas and 14 
nays as follows, the amendment was defeated:
        YEAS--8                       NAYS--14
Mr. Burns                           Mr. McCain\1\
Ms. Snowe                           Mr. Lott
Mr. Ensign\1\                       Mrs. Hutchison\1\
Mr. Allen                           Mr. Smith
Mr. Sununu\1\                       Mr. Inouye
Mr. DeMint\1\                       Mr. Rockefeller\1\
Mr. Vitter                          Mr. Kerry\1\
Mr. Nelson of Nebraska\1\           Mr. Dorgan
                                    Mrs. Boxer\1\
                                    Mr. Nelson of Florida
                                    Ms. Cantwell
                                    Mr. Lautenberg\1\
                                    Mr. Pryor
                                    Mr. Stevens

    \1\By proxy

    Senator Allen offered an amendment to Senator Smith's 
amendment (in the nature of a substitute) to amend the 
definition in the bill of what constitutes a ``reasonable risk 
of identity theft'' that would require companies to notify 
consumers of a security breach or loss of personal information. 
On a rollcall vote of 8 yeas and 14 nays as follows, the 
amendment was defeated:
        YEAS--8                       NAYS--14
Mr. Burns\1\                        Mr. Lott\1\
Mr. Smith                           Mrs. Hutchison\1\
Mr. Allen                           Ms. Snowe\1\
Mr. Sununu\1\                       Mr. Inouye
Mr. McCain\1\                       Mr. Rockefeller\1\
Mr. Ensign\1\                       Mr. Kerry\1\
Mr. DeMint\1\                       Mrs. Boxer\1\
Mr. Vitter\1\                       Mr. Nelson of Florida
                                    Ms. Cantwell\1\
                                    Mr. Lautenberg\1\
                                    Mr. Nelson of Nebraska\1\
                                    Mr. Pryor
                                    Mr. Dorgan
                                    Mr. Stevens\1\

    \1\By proxy

    Senator Bill Nelson offered an amendment to Senator Smith's 
amendment (in the nature of a substitute) to require data 
brokers and others to provide consumers with the same rights to 
sensitive personal information about themselves that they now 
enjoy under FCRA. On a rollcall vote of 9 yeas and 13 nays as 
follows, the amendment was defeated:
        YEAS--9                       NAYS--13
Mr. Inouye                          Mr. McCain\1\
Mr. Rockefeller\1\                  Mr. Burns\1\
Mr. Kerry\1\                        Mr. Lott\1\
Mr. Dorgan\1\                       Mrs. Hutchison\1\
Mrs. Boxer\1\                       Ms. Snowe\1\
Mr. Nelson of Florida               Mr. Smith
Ms. Cantwell\1\                     Mr. Ensign\1\
Mr. Lautenberg\1\                   Mr. Allen\1\
Mr. Pryor                           Mr. Sununu\1\
                                    Mr. DeMint\1\
                                    Mr. Vitter\1\
                                    Mr. Nelson of Nebraska\1\
                                    Mr. Stevens\1\

    \1\By proxy


       Additional, Supplemental, or Minority Views deg.

                        Changes in Existing Law

  In compliance with paragraph 12 of rule XXVI of the Standing 
Rules of the Senate, changes in existing law made by the bill, 
as reported, are shown as follows (existing law proposed to be 
omitted is enclosed in black brackets, new material is printed 
in italic, existing law in which no change is proposed is shown 
in roman):

                          SOCIAL SECURITY ACT

SEC. 205. EVIDENCE AND PROCEDURE FOR ESTABLISHMENT OF BENEFITS.

                            [42 U.S.C. 405]

  (a) Rules and regulations; procedures.--The Commissioner of 
Social Security shall have full power and authority to make 
rules and regulations and to establish procedures, not 
inconsistent with the provisions of this title, which are 
necessary or appropriate to carry out such provisions, and 
shall adopt reasonable and proper rules and regulations to 
regulate and provide for the nature and extent of the proofs 
and evidence and the method of taking and furnishing the same 
in order to establish the right to benefits hereunder.
  (b) Administrative determination of entitlement to benefits; 
findings of fact; hearings; investigations; evidentiary 
hearings in reconsiderations of disability benefit 
terminations.--
          (1) The Commissioner of Social Security is directed 
        to make findings of fact, and decisions as to the 
        rights of any individual applying for a payment under 
        this title. Any such decision by the Commissioner of 
        Social Security which involves a determination of 
        disability and which is in whole or in part unfavorable 
        to such individual shall contain a statement of the 
        case, in understandable language, setting forth a 
        discussion of the evidence, and stating the 
        Commissioner's determination and the reason or reasons 
        upon which it is based. Upon request by any such 
        individual or upon request by a wife, divorced wife, 
        surviving divorced mother, surviving divorced father 
        husband, divorced husband, widower, surviving divorced 
        husband, child, or parent who makes a showing in 
        writing that his or her rights may be prejudiced by any 
        decision the Commissioner of Social Security has 
        rendered, the Commissioner shall give such applicant 
        and such other individual reasonable notice and 
        opportunity for a hearing with respect to such 
        decision, and, if a hearing is held, shall, on the 
        basis of evidence adduced at the hearing, affirm, 
        modify, or reverse the Commissioner's findings of fact 
        and such decision. Any such request with respect to 
        such a decision must be filed within sixty days after 
        notice of such decision is received by the individual 
        making such request. The Commissioner of Social 
        Security is further authorized, on the Commissioner's 
        own motion, to hold such hearings and to conduct such 
        investigations and other proceedings as the 
        Commissioner may deem necessary or proper for the 
        administration of this title. In the course of any 
        hearing, investigation or other proceeding, the 
        Commissioner may administer oaths and affirmations, 
        examine witnesses and receive evidence. Evidence may be 
        received at any hearing before the Commissioner of 
        Social Security even though inadmissible under rules of 
        evidence applicable to court procedure.
          (2) In any case where--
                  (A) an individual is a recipient of 
                disability insurance benefits, or of child's, 
                widow's, or widower's insurance benefits based 
                on disability,
                  (B) the physical or mental impairment on the 
                basis of which such benefits are payable is 
                found to have ceased, not to have existed, or 
                to no longer be disabling, and
                  (C) as a consequence of the finding described 
                in subparagraph (B), such individual is 
                determined by the Commissioner of Social 
                Security not to be entitled to such benefits, 
                any reconsideration of the finding described in 
                subparagraph (B), in connection with a 
                reconsideration by the Commissioner of Social 
                Security (before any hearing under paragraph 
                (1) on the issue of such entitlement) of the 
                Commissioner's determination described in 
                subparagraph (C), shall be made only after 
                opportunity for an evidentiary hearing, with 
                regard to the finding described in subparagraph 
                (B), which is reasonably accessible to such 
                individual. Any reconsideration of a finding 
                described in subparagraph (B) may be made 
                either by the State agency or the Commissioner 
                of Social Security where the finding was 
                originally made by the State agency, and shall 
                be made by the Commissioner of Social Security 
                where the finding was originally made by the 
                Commissioner of Social Security. In the case of 
                a reconsideration by a State agency of a 
                finding described in subparagraph (B) which was 
                originally made by such State agency, the 
                evidentiary hearing shall be held by an 
                adjudicatory unit of the State agency other 
                than the unit that made the finding described 
                in subparagraph (B). In the case of a 
                reconsideration by the Commissioner of Social 
                Security of a finding described in subparagraph 
                (B) which was originally made by the 
                Commissioner of Social Security, the 
                evidentiary hearing shall be held by a person 
                other than the person or persons who made the 
                finding described in subparagraph (B).
          (3)(A) A failure to timely request review of an 
        initial adverse determination with respect to an 
        application for any benefit under this title or an 
        adverse determination on reconsideration of such an 
        initial determination shall not serve as a basis for 
        denial of a subsequent application for any benefit 
        under this title if the applicant demonstrates that the 
        applicant, or any other individual referred to in 
        paragraph (1), failed to so request such a review 
        acting in good faith reliance upon incorrect, 
        incomplete, or misleading information, relating to the 
        consequences of reapplying for benefits in lieu of 
        seeking review of an adverse determination, provided by 
        any officer or employee of the Social Security 
        Administration or any State agency acting under section 
        221.
          (B) In any notice of an adverse determination with 
        respect to which a review may be requested under 
        paragraph (1), the Commissioner of Social Security 
        shall describe in clear and specific language the 
        effect on possible entitlement to benefits under this 
        title of choosing to reapply in lieu of requesting 
        review of the determination.
  (c) Records of wages and self-employment income.--
          (1) For the purposes of this subsection--
                  (A) The term ``year'' means a calendar year 
                when used with respect to wages and a taxable 
                year when used with respect to self-employment 
                income.
                  (B) The term ``time limitation'' means a 
                period of three years, three months, and 
                fifteen days.
                  (C) The term ``survivor'' means an 
                individual's spouse, surviving divorced wife, 
                surviving divorced husband, surviving divorced 
                mother, surviving divorced father, child, or 
                parent, who survives such individual.
                  (D) The term ``period'' when used with 
                respect to self-employment income means a 
                taxable year and when used with respect to 
                wages means--
                          (i) a quarter if wages were reported 
                        or should have been reported on a 
                        quarterly basis on tax returns filed 
                        with the Secretary of the Treasury or 
                        his delegate under section 6011 of the 
                        Internal Revenue Code of 1986 or 
                        regulations thereunder (or on reports 
                        filed by a State under section 218(e) 
                        (as in effect prior to December 31, 
                        1986) or regulations thereunder),
                          (ii) a year if wages were reported or 
                        should have been reported on a yearly 
                        basis on such tax returns or reports, 
                        or
                          (iii) the half year beginning January 
                        1 or July 1 in the case of wages which 
                        were reported or should have been 
                        reported for calendar year 1937.
          (2)(A) On the basis of information obtained by or 
        submitted to the Commissioner of Social Security, and 
        after such verification thereof as the Commissioner 
        deems necessary, the Commissioner of Social Security 
        shall establish and maintain records of the amounts of 
        wages paid to, and the amounts of self-employment 
        income derived by, each individual and of the periods 
        in which such wages were paid and such income was 
        derived and, upon request, shall inform any individual 
        or his survivor, or the legal representative of such 
        individual or his estate, of the amounts of wages and 
        self-employment income of such individual and the 
        periods during which such wages were paid and such 
        income was derived, as shown by such records at the 
        time of such request.
          (B)(i) In carrying out the Commissioner's duties 
        under subparagraph (A) and subparagraph (F), the 
        Commissioner of Social Security shall take affirmative 
        measures to assure that social security account numbers 
        will, to the maximum extent practicable, be assigned to 
        all members of appropriate groups of categories of 
        individuals by assigning such numbers (or ascertaining 
        that such numbers have already been assigned):
                  (I) to aliens at the time of their lawful 
                admission to the United States either for 
                permanent residence or under other authority of 
                law permitting them to engage in employment in 
                the United States and to other aliens at such 
                time as their status is so changed as to make 
                it lawful for them to engage in such 
                employment;
                  (II) to any individual who is an applicant 
                for or recipient of benefits under any program 
                financed in whole or in part from Federal funds 
                including any child on whose behalf such 
                benefits are claimed by another person; and
                  (III) to any other individual when it appears 
                that he could have been but was not assigned an 
                account number under the provisions of 
                subclauses (I) or (II) but only after such 
                investigation as is necessary to establish to 
                the satisfaction of the Commissioner of Social 
                Security, the identity of such individual, the 
                fact that an account number has not already 
                been assigned to such individual, and the fact 
                that such individual is a citizen or a 
                noncitizen who is not, because of his alien 
                status, prohibited from engaging in employment; 
                and, in carrying out such duties, the 
                Commissioner of Social Security is authorized 
                to take affirmative measures to assure the 
                issuance of social security numbers:
                  (IV) to or on behalf of children who are 
                below school age at the request of their 
                parents or guardians; and
                  (V) to children of school age at the time of 
                their first enrollment in school.
          (ii) The Commissioner of Social Security shall 
        require of applicants for social security account 
        numbers such evidence as may be necessary to establish 
        the age, citizenship, or alien status, and true 
        identity of such applicants, and to determine which (if 
        any) social security account number has previously been 
        assigned to such individual. With respect to an 
        application for a social security account number for an 
        individual who has not attained the age of 18 before 
        such application, such evidence shall include the 
        information described in subparagraph (C)(ii).
          (iii) In carrying out the requirements of this 
        subparagraph, the Commissioner of Social Security shall 
        enter into such agreements as may be necessary with the 
        Attorney General and other officials and with State and 
        local welfare agencies and school authorities 
        (including nonpublic school authorities).
  (C)(i) It is the policy of the United States that any State 
(or political subdivision thereof) may, in the administration 
of any tax, general public assistance, driver's license, or 
motor vehicle registration law within its jurisdiction, utilize 
the social security account numbers issued by the Commissioner 
of Social Security for the purpose of establishing the 
identification of individuals affected by such law, and may 
require any individual who is or appears to be so affected to 
furnish to such State (or political subdivision thereof) or any 
agency thereof having administrative responsibility for the law 
involved, the social security account number (or numbers, if he 
has more than one such number) issued to him by the 
Commissioner of Social Security.
  (ii) In the administration of any law involving the issuance 
of a birth certificate, each State shall require each parent to 
furnish to such State (or political subdivision thereof) or any 
agency thereof having administrative responsibility for the law 
involved, the social security account number (or numbers, if 
the parent has more than one such number) issued to the parent 
unless the State (in accordance with regulations prescribed by 
the Commissioner of Social Security) finds good cause for not 
requiring the furnishing of such number. The State shall make 
numbers furnished under this subclause available to the 
Commissioner of Social Security and the agency administering 
the State's plan under part D of title IV in accordance with 
Federal or State law and regulation. Such numbers shall not be 
recorded on the birth certificate. A State shall not use any 
social security account number, obtained with respect to the 
issuance by the State of a birth certificate, for any purpose 
other than for the enforcement of child support orders in 
effect in the State, unless section 7(a) of the Privacy Act of 
1974 does not prohibit the State from requiring the disclosure 
of such number, by reason of the State having adopted, before 
January 1, 1975, a statute or regulation requiring such 
disclosure.
  (iii)(I) In the administration of section 9 of the Food Stamp 
Act of 1977 (7 U.S.C. 2018) involving the determination of the 
qualifications of applicants under such Act, the Secretary of 
Agriculture may require each applicant retail store or 
wholesale food concern to furnish to the Secretary of 
Agriculture the social security account number of each 
individual who is an officer of the store or concern and, in 
the case of a privately owned applicant, furnish the social 
security account numbers of the owners of such applicant. No 
officer or employee of the Department of Agriculture shall have 
access to any such number for any purpose other than the 
establishment and maintenance of a list of the names and social 
security account numbers of such individuals for use in 
determining those applicants who have been previously 
sanctioned or convicted under section 12 or 15 of such Act (7 
U.S.C. 2021 or 2024).
  (II) The Secretary of Agriculture may share any information 
contained in any list referred to in subclause (I) with any 
other agency or instrumentality of the United States which 
otherwise has access to social security account numbers in 
accordance with this subsection or other applicable Federal 
law, except that the Secretary of Agriculture may share such 
information only to the extent that such Secretary determines 
such sharing would assist in verifying and matching such 
information against information maintained by such other agency 
or instrumentality. Any such information shared pursuant to 
this subclause may be used by such other agency or 
instrumentality only for the purpose of effective 
administration and enforcement of the Food Stamp Act of 1977 or 
for the purpose of investigation of violations of other Federal 
laws or enforcement of such laws.
  (III) The Secretary of Agriculture, and the head of any other 
agency or instrumentality referred to in this subclause, shall 
restrict, to the satisfaction of the Commissioner of Social 
Security, access to social security account numbers obtained 
pursuant to this clause only to officers and employees of the 
United States whose duties or responsibilities require access 
for the purposes described in subclause (II).
  (IV) The Secretary of Agriculture, and the head of any agency 
or instrumentality with which information is shared pursuant to 
clause (II), shall provide such other safeguards as the 
Commissioner of Social Security determines to be necessary or 
appropriate to protect the confidentiality of the social 
security account numbers.
  (iv) In the administration of section 506 of the Federal Crop 
Insurance Act, the Federal Crop Insurance Corporation may 
require each policyholder and each reinsured company to furnish 
to the insurer or to the Corporation the social security 
account number of such policyholder, subject to the 
requirements of this clause. No officer or employee of the 
Federal Crop Insurance Corporation shall have access to any 
such number for any purpose other than the establishment of a 
system of records necessary for the effective administration of 
such Act. The Manager of the Corporation may require each 
policyholder to provide to the Manager, at such times and in 
such manner as prescribed by the Manager, the social security 
account number of each individual that holds or acquires a 
substantial beneficial interest in the policyholder. For 
purposes of this clause, the term ``substantial beneficial 
interest'' means not less than 5 percent of all beneficial 
interest in the policyholder. The Secretary of Agriculture 
shall restrict, to the satisfaction of the Commissioner of 
Social Security, access to social security account numbers 
obtained pursuant to this clause only to officers and employees 
of the United States or authorized persons whose duties or 
responsibilities require access for the administration of the 
Federal Crop Insurance Act. The Secretary of Agriculture shall 
provide such other safeguards as the Commissioner of Social 
Security determines to be necessary or appropriate to protect 
the confidentiality of such social security account numbers. 
For purposes of this clause the term ``authorized person'' 
means an officer or employee of an insurer whom the Manager of 
the Corporation designates by rule, subject to appropriate 
safeguards including a prohibition against the release of such 
social security account number (other than to the Corporation) 
by such person.
  (v) If and to the extent that any provision of Federal law 
heretofore enacted is inconsistent with the policy set forth in 
clause (i), such provision shall, on and after the date of the 
enactment of this subparagraph, be null, void, and of no 
effect. If and to the extent that any such provision is 
inconsistent with the requirement set forth in clause (ii), 
such provision shall, on and after the date of the enactment of 
such subclause, be null, void, and of no effect.
  (vi)(I) For purposes of clause (i) of this subparagraph, an 
agency of a State (or political subdivision thereof) charged 
with the administration of any general public assistance, 
driver's license, or motor vehicle registration law which did 
not use the social security account number for identification 
under a law or regulation adopted before January 1, 1975, may 
require an individual to disclose his or her social security 
number to such agency solely for the purpose of administering 
the laws referred to in clause (i) above and for the purpose of 
responding to requests for information from an agency 
administering a program funded under part A of title IV or an 
agency operating pursuant to the provisions of part D of such 
title.
  (II) Any State or political subdivision thereof (and any 
person acting as an agent of such an agency or 
instrumentality), in the administration of any driver's license 
or motor vehicle registration law within its jurisdiction, may 
not display a social security account number issued by the 
Commissioner of Social Security (or any derivative of such 
number) on any driver's license, motor vehicle registration, or 
personal identification card (as defined in section 7212(a)(2) 
of the 9/11 Commission Implementation Act of 2004), or include, 
on any such license, registration, or personal identification 
card, a magnetic strip, bar code, or other means of 
communication which conveys such number (or derivative 
thereof).
  (vii) For purposes of this subparagraph, the term ``State'' 
includes the District of Columbia, the Commonwealth of Puerto 
Rico, the Virgin Islands, Guam, the Commonwealth of the 
Northern Marianas, and the Trust Territory of the Pacific 
Islands.
  (viii)(I) Social security account numbers and related records 
that are obtained or maintained by authorized persons pursuant 
to any provision of law, enacted on or after October 1, 1990, 
shall be confidential, and no authorized person shall disclose 
any such social security account number or related record.
  (II) Paragraphs (1), (2), and (3) of section 7213(a) of the 
Internal Revenue Code of 1986 shall apply with respect to the 
unauthorized willful disclosure to any person of social 
security account numbers and related records obtained or 
maintained by an authorized person pursuant to a provision of 
law enacted on or after October 1, 1990, in the same manner and 
to the same extent as such paragraphs as such paragraphs apply 
with respect to unauthorized disclosures of returns and return 
information described in such paragraphs. Paragraph (4) of such 
7213(a) of such Code shall apply with respect to the willful 
offer of any item of material value in exchange for any such 
social security account number or related record in the same 
manner and to the same extent as such paragraph applies with 
respect to offers (in exchange for any return or return 
information) described in such paragraph.
  (III) For purposes of this clause, the term ``authorized 
person'' means an officer or employee of the United States, an 
officer or employee of any State, political subdivision of a 
State, or agency of a State or political subdivision of a 
State, and any other person (or officer or employee thereof), 
who has or had access to social security account numbers or 
related records pursuant to any provision of law enacted on or 
after October 1, 1990. For purposes of this subclause, the term 
``officer or employee'' includes a former officer or employee.
  (IV) For purposes of this clause, the term ``related record'' 
means any record, list, or compilation that indicates, directly 
or indirectly, the identity of any individual with respect to 
whom a social security account number or a request for a social 
security account number is maintained pursuant to this clause.
  (ix) In the administration of the provisions of chapter 81 of 
title 5, United States Code, and the Longshore and Harbor 
Workers' Compensation Act (33 U.S.C. 901 et seq.), the 
Secretary of Labor may require by regulation that any person 
filing a notice of injury or a claim for benefits under such 
provisions provide as part of such notice or claim such 
person's social security account number, subject to the 
requirements of this clause. No officer or employee of the 
Department of Labor shall have access to any such number for 
any purpose other than the establishment of a system of records 
necessary for the effective administration of such provisions. 
The Secretary of Labor shall restrict, to the satisfaction of 
the Commissioner of Social Security, access to social security 
account numbers obtained pursuant to this clause to officers 
and employees of the United States whose duties or 
responsibilities require access for the administration or 
enforcement of such provisions. The Secretary of Labor shall 
provide such other safeguards as the Commissioner of Social 
Security determines to be necessary or appropriate to protect 
the confidentiality of the social security account numbers.
  (x) No executive, legislative, or judicial agency or 
instrumentality of the Federal Government or of a State or 
political subdivision thereof (or person acting as an agent of 
such an agency or instrumentality) may employ, or enter into a 
contract for the use or employment of, prisoners in any 
capacity that would allow such prisoners access to the social 
security account numbers of other individuals. For purposes of 
this clause, the term `prisoner' means an individual who is 
confined in a jail, prison, or other penal institution or 
correctional facility, serving community service as a term of 
probation or parole, or serving a sentence through a work-
furlough program.
  (D)(i) It is the policy of the United States that--
          (I) any State (or any political subdivision of a 
        State) and any authorized blood donation facility may 
        utilize the social security account numbers issued by 
        the Commissioner of Social Security for the purpose of 
        identifying blood donors, and
          (II) any State (or political subdivision of a State) 
        may require any individual who donates blood within 
        such State (or political subdivision) to furnish to 
        such State (or political subdivision), to any agency 
        thereof having related administrative responsibility, 
        or to any authorized blood donation facility the social 
        security account number (or numbers, if the donor has 
        more than one such number) issued to the donor by the 
        Commissioner of Social Security.
  (ii) If and to the extent that any provision of Federal law 
enacted before the date of the enactment of this subparagraph 
is inconsistent with the policy set forth in clause (i), such 
provision shall, on and after such date, be null, void, and of 
no effect.
  (iii) For purposes of this subparagraph--
          (I) the term ``authorized blood donation facility'' 
        means an entity described in section 1141(h)(1)(B), and
          (II) the term ``State'' includes the District of 
        Columbia, the Commonwealth of Puerto Rico, the Virgin 
        Islands, Guam, the Commonwealth of the Northern 
        Marianas, and the Trust Territory of the Pacific 
        Islands.
  (E)(i) It is the policy of the United States that--
          (I) any State (or any political subdivision of a 
        State) may utilize the social security account numbers 
        issued by the Commissioner of Social Security for the 
        additional purposes described in clause (ii) if such 
        numbers have been collected and are otherwise utilized 
        by such State (or political subdivision) in accordance 
        with applicable law, and
          (II) any district court of the United States may use, 
        for such additional purposes, any such social security 
        account numbers which have been so collected and are so 
        utilized by any State.
  (ii) The additional purposes described in this clause are the 
following:
          (I) Identifying duplicate names of individuals on 
        master lists used for jury selection purposes.
          (II) Identifying on such master lists those 
        individuals who are ineligible to serve on a jury by 
        reason of their conviction of a felony.
  (iii) To the extent that any provision of Federal law enacted 
before the date of the enactment of this subparagraph is 
inconsistent with the policy set forth in clause (i), such 
provision shall, on and after that date, be null, void, and of 
no effect.
  (iv) For purposes of this subparagraph, the term ``State'' 
has the meaning such term has in subparagraph (D).
  (F) The Commissioner of Social Security shall require, as a 
condition for receipt of benefits under this title, that an 
individual furnish satisfactory proof of a social security 
account number assigned to such individual by the Commissioner 
of Social Security or, in the case of an individual to whom no 
such number has been assigned, that such individual make proper 
application for assignment of such a number.
  (G) The Commissioner of Social Security shall issue a social 
security card to each individual at the time of the issuance of 
a social security account number to such individual. The social 
security card shall be made of banknote paper, and (to the 
maximum extent practicable) shall be a card which cannot be 
counterfeited.
  (H) The Commissioner of Social Security shall share with the 
Secretary of the Treasury the information obtained by the 
Commissioner pursuant to the second sentence of subparagraph 
(B)(ii) and to subparagraph (C)(ii) for the purpose of 
administering those sections of the Internal Revenue Code of 
1986 which grant tax benefits based on support or residence of 
children.
          (3) The Commissioner's records shall be evidence for 
        the purpose of proceedings before the Commissioner of 
        Social Security or any court of the amounts of wages 
        paid to, and self- employment income derived by, an 
        individual and of the periods in which such wages were 
        paid and such income was derived. The absence of an 
        entry in such records as to wages alleged to have been 
        paid to, or as to self-employment income alleged to 
        have been derived by, an individual in any period shall 
        be evidence that no such alleged wages were paid to, or 
        that no such alleged income was derived by, such 
        individual during such period.
          (4) Prior to the expiration of the time limitation 
        following any year the Commissioner of Social Security 
        may, if it is brought to the Commissioner's attention 
        that any entry of wages or self- employment income in 
        the Commissioner's records for such year is erroneous 
        or that any item of wages or self-employment income for 
        such year has been omitted from such records, correct 
        such entry or include such omitted item in the 
        Commissioner's records, as the case may be. After the 
        expiration of the time limitation following any year--
                  (A) the Commissioner's records (with changes, 
                if any, made pursuant to paragraph (5)) of the 
                amounts of wages paid to, and self-employment 
                income derived by, an individual during any 
                period in such year shall be conclusive for the 
                purposes of this title;
                  (B) the absence of an entry in the 
                Commissioner's records as to the wages alleged 
                to have been paid by an employer to an 
                individual during any period in such year shall 
                be presumptive evidence for the purposes of 
                this title that no such alleged wages were paid 
                to such individuals in such period; and
                  (C) the absence of an entry in the 
                Commissioner's records as to the self-
                employment income alleged to have been derived 
                by an individual in such year shall be 
                conclusive for the purposes of this title that 
                no such alleged self-employment income was 
                derived by such individual in such year unless 
                it is shown that he filed a tax return of his 
                self-employment income for such year before the 
                expiration of the time limitation following 
                such year, in which case the Commissioner of 
                Social Security shall include in the 
                Commissioner's records the self- employment 
                income of such individual for such year.
          (5) After the expiration of the time limitation 
        following any year in which wages were paid or alleged 
        to have been paid to, or self-employment income was 
        derived or alleged to have been derived by, an 
        individual, the Commissioner of Social Security may 
        change or delete any entry with respect to wages or 
        self-employment income in the Commissioner's records of 
        such year for such individual or include in the 
        Commissioner's records of such year for such individual 
        any omitted item of wages or self-employment income but 
        only--
                  (A) if an application for monthly benefits or 
                for a lump-sum death payment was filed within 
                the time limitation following such year; except 
                that no such change, deletion, or inclusion may 
                be made pursuant to this subparagraph after a 
                final decision upon the application for monthly 
                benefits or lump-sum death payment;
                  (B) if within the time limitation following 
                such year an individual or his survivor makes a 
                request for a change or deletion, or for an 
                inclusion of an omitted item, and alleges in 
                writing that the Commissioner's records of the 
                wages paid to, or the self-employment income 
                derived by, such individual in such year are in 
                one or more respects erroneous; except that no 
                such change, deletion, or inclusion may be made 
                pursuant to this subparagraph after a final 
                decision upon such request. Written notice of 
                the Commissioner's decision on any such request 
                shall be given to the individual who made the 
                request;
                  (C) to correct errors apparent on the face of 
                such records;
                  (D) to transfer items to records of the 
                Railroad Retirement Board if such items were 
                credited under this title when they should have 
                been credited under the Railroad Retirement Act 
                of 1937 or 1974, or to enter items transferred 
                by the Railroad Retirement Board which have 
                been credited under the Railroad Retirement Act 
                of 1937 or 1974 when they should have been 
                credited under this title;
                  (E) to delete or reduce the amount of any 
                entry which is erroneous as a result of fraud;
                  (F) to conform his records to--
                          (i) tax returns or portions thereof 
                        (including information returns and 
                        other written statements) filed with 
                        the Commissioner of Internal Revenue 
                        under title VIII of the Social Security 
                        Act, under subchapter E of chapter 1 or 
                        subchapter A of chapter 9 of the 
                        Internal Revenue Code of 1939, under 
                        chapter 2 or 21 of the Internal Revenue 
                        Code of 1954 or the Internal Revenue 
                        Code of 1986, or under regulations made 
                        under authority of such title, 
                        subchapter, or chapter;
                          (ii) wage reports filed by a State 
                        pursuant to an agreement under section 
                        218 or regulations of the Commissioner 
                        of Social Security thereunder; or
                          (iii) assessments of amounts due 
                        under an agreement pursuant to section 
                        218 (as in effect prior to December 31, 
                        1986), if such assessments are made 
                        within the period specified in 
                        subsection (q) of such section (as so 
                        in effect), or allowances of credits or 
                        refunds of overpayments by a State 
                        under an agreement pursuant to such 
                        section; except that no amount of self-
                        employment income of an individual for 
                        any taxable year (if such return or 
                        statement was filed after the 
                        expiration of the time limitation 
                        following the taxable year) shall be 
                        included in the Commissioner's records 
                        pursuant to this subparagraph;
                  (G) to correct errors made in the allocation, 
                to individuals or periods, of wages or self- 
                employment income entered in the records of the 
                Commissioner of Social Security;
                  (H) to include wages paid during any period 
                in such year to an individual by an employer;
                  (I) to enter items which constitute 
                remuneration for employment under subsection 
                (o), such entries to be in accordance with 
                certified reports of records made by the 
                Railroad Retirement Board pursuant to section 
                5(k)(3) of the Railroad Retirement Act of 1937 
                or section 7(b)(7) of the Railroad Retirement 
                Act of 1974; or
                  (J) to include self-employment income for any 
                taxable year, up to, but not in excess of, the 
                amount of wages deleted by the Commissioner of 
                Social Security as payments erroneously 
                included in such records as wages paid to such 
                individual, if such income (or net earnings 
                from self-employment), not already included in 
                such records as self-employment income, is 
                included in a return or statement (referred to 
                in subparagraph (F)) filed before the 
                expiration of the time limitation following the 
                taxable year in which such deletion of wages is 
                made.
          (6) Written notice of any deletion or reduction under 
        paragraph (4) or (5) shall be given to the individual 
        whose record is involved or to his survivor, except 
        that (A) in the case of a deletion or reduction with 
        respect to any entry of wages such notice shall be 
        given to such individual only if he has previously been 
        notified by the Commissioner of Social Security of the 
        amount of his wages for the period involved, and (B) 
        such notice shall be given to such survivor only if he 
        or the individual whose record is involved has 
        previously been notified by the Commissioner of Social 
        Security of the amount of such individual's wages and 
        self-employment income for the period involved.
          (7) Upon request in writing (within such period, 
        after any change or refusal of a request for a change 
        of the Commissioner's records pursuant to this 
        subsection, as the Commissioner of Social Security may 
        prescribe), opportunity for hearing with respect to 
        such change or refusal shall be afforded to any 
        individual or his survivor. If a hearing is held 
        pursuant to this paragraph the Commissioner of Social 
        Security shall make findings of fact and a decision 
        based upon the evidence adduced at such hearing and 
        shall include any omitted items, or change or delete 
        any entry, in the Commissioner's records as may be 
        required by such findings and decision.
          (8) A translation into English by a third party of a 
        statement made in a foreign language by an applicant 
        for or beneficiary of monthly insurance benefits under 
        this title shall not be regarded as reliable for any 
        purpose under this title unless the third party, under 
        penalty of perjury--
                  (A) certifies that the translation is 
                accurate; and
                  (B) discloses the nature and scope of the 
                relationship between the third party and the 
                applicant or recipient, as the case may be.
          (9) Decisions of the Commissioner of Social Security 
        under this subsection shall be reviewable by commencing 
        a civil action in the United States district court as 
        provided in subsection (g).
  (d) Issuance of subpenas in administrative proceedings.--For 
the purpose of any hearing, investigation, or other proceeding 
authorized or directed under this title, or relative to any 
other matter within the the Commissioner's jurisdiction 
hereunder, the Commissioner of Social Security shall have power 
to issue subpenas requiring the attendance and testimony of 
witnesses and the production of any evidence that relates to 
any matter under investigation or in question before the 
Commissioner of Social Security. Such attendance of witnesses 
and production of evidence at the designated place of such 
hearing, investigation, or other proceeding may be required 
from any place in the United States or in any Territory or 
possession thereof. Subpenas of the Commissioner of Social 
Security shall be served by anyone authorized by the 
Commissioner (1) by delivering a copy thereof to the individual 
named therein, or (2) by registered mail or by certified mail 
addressed to such individual at his last dwelling place or 
principal place of business. A verified return by the 
individual so serving the subpena setting forth the manner of 
service, or, in the case of service by registered mail or by 
certified mail, the return post-office receipt therefor signed 
by the individual so served, shall be proof of service. 
Witnesses so subpenaed shall be paid the same fees and mileage 
as are paid witnesses in the district courts of the United 
States.
  (e) Judicial enforcement of subpenas; contempt.--In case of 
contumacy by, or refusal to obey a subpena duly served upon, 
any person, any district court of the United States for the 
judicial district in which said person charged with contumacy 
or refusal to obey is found or resides or transacts business, 
upon application by the Commissioner of Social Security, shall 
have jurisdiction to issue an order requiring such person to 
appear and give testimony, or to appear and produce evidence, 
or both; any failure to obey such order of the court may be 
punished by said court as contempt thereof.
  (f) [Repealed]
  (g) Judicial review.--Any individual, after any final 
decision of the Commissioner of Social Security made after a 
hearing to which he was a party, irrespective of the amount in 
controversy, may obtain a review of such decision by a civil 
action commenced within sixty days after the mailing to him of 
notice of such decision or within such further time as the 
Commissioner of Social Security may allow. Such action shall be 
brought in the district court of the United States for the 
judicial district in which the plaintiff resides, or has his 
principal place of business, or, if he does not reside or have 
his principal place of business within any such judicial 
district, in the District Court of the United States for the 
District of Columbia. As part of the Commissioner's answer the 
Commissioner of Social Security shall file a certified copy of 
the transcript of the record including the evidence upon which 
the findings and decision complained of are based. The court 
shall have power to enter, upon the pleadings and transcript of 
the record, a judgment affirming, modifying, or reversing the 
decision of the Commissioner of Social Security, with or 
without remanding the cause for a rehearing. The findings of 
the Commissioner of Social Security as to any fact, if 
supported by substantial evidence, shall be conclusive, and 
where a claim has been denied by the Commissioner of Social 
Security or a decision is rendered under subsection (b) hereof 
which is adverse to an individual who was a party to the 
hearing before the Commissioner of Social Security, because of 
failure of the claimant or such individual to submit proof in 
conformity with any regulation prescribed under subsection (a) 
hereof, the court shall review only the question of conformity 
with such regulations and the validity of such regulations. The 
court may, on motion of the Commissioner of Social Security 
made for good cause shown before the Commissioner files the 
Commissioner's answer, remand the case to the Commissioner of 
Social Security for further action by the Commissioner of 
Social Security, and it may at any time order additional 
evidence to be taken before the Commissioner of Social 
Security, but only upon a showing that there is new evidence 
which is material and that there is good cause for the failure 
to incorporate such evidence into the record in a prior 
proceeding; and the Commissioner of Social Security shall, 
after the case is remanded, and after hearing such additional 
evidence if so ordered, modify or affirm the Commissioner's 
findings of fact or the Commissioner's decision, or both, and 
shall file with the court any such additional and modified 
findings of fact and decision, and, in any case in which the 
Commissioner has not made a decision fully favorable to the 
individual, a transcript of the additional record and testimony 
upon which the Commissioner's action in modifying or affirming 
was based. Such additional or modified findings of fact and 
decision shall be reviewable only to the extent provided for 
review of the original findings of fact and decision. The 
judgment of the court shall be final except that it shall be 
subject to review in the same manner as a judgment in other 
civil actions. Any action instituted in accordance with this 
subsection shall survive notwithstanding any change in the 
person occupying the office of Commissioner of Social Security 
or any vacancy in such office.
  (h) Finality of Commissioner's decision.--The findings and 
decisions of the Commissioner of Social Security after a 
hearing shall be binding upon all individuals who were parties 
to such hearing. No findings of fact or decision of the 
Commissioner of Social Security shall be reviewed by any 
person, tribunal, or governmental agency except as herein 
provided. No action against the United States, the Commissioner 
of Social Security, or any officer or employee thereof shall be 
brought under section 1331 or 1346 of title 28, United States 
Code, to recover on any claim arising under this title.
  (i) Certification for payment.--Upon final decision of the 
Commissioner of Social Security, or upon final judgment of any 
court of competent jurisdiction, that any person is entitled to 
any payment or payments under this title, the Commissioner of 
Social Security shall certify to the Managing Trustee the name 
and address of the person so entitled to receive such payment 
or payments, the amount of such payment or payments, and the 
time at which such payment or payments should be made, and the 
Managing Trustee, through the Fiscal Service of the Department 
of the Treasury, and prior to any action thereon by the General 
Accounting Office, shall make payment in accordance with the 
certification of the Commissioner of Social Security (except 
that in the case of (A) an individual who will have completed 
ten years of service (or five or more years of service, all of 
which accrues after December 31, 1995) creditable under the 
Railroad Retirement Act of 1937 or the Railroad Retirement Act 
of 1974, (B) the wife or husband of such an individual, (C) any 
survivor of such an individual if such survivor is entitled, or 
could upon application become entitled, to an annuity under 
section 2 of the Railroad Retirement Act of 1974, and (D) any 
other person entitled to benefits under section 202 of this Act 
on the basis of the wages and self-employment income of such an 
individual (except a survivor of such an individual where such 
individual did not have a current connection with the railroad 
industry, as defined in the Railroad Retirement Act of 1974, at 
the time of his death), such certification shall be made to the 
Railroad Retirement Board which shall provide for such payment 
or payments to such person on behalf of the Managing Trustee in 
accordance with the provisions of the Railroad Retirement Act 
of 1974): Provided, That where a review of the Commissioner's 
decision is or may be sought under subsection (g) the 
Commissioner of Social Security may withhold certification of 
payment pending such review. The Managing Trustee shall not be 
held personally liable for any payment or payments made in 
accordance with a certification by the Commissioner of Social 
Security.
  (j) Representative payees.--
          (1)(A) If the Commissioner of Social Security 
        determines that the interest of any individual under 
        this title would be served thereby, certification of 
        payment of such individual's benefit under this title 
        may be made, regardless of the legal competency or 
        incompetency of the individual, either for direct 
        payment to the individual, or for his or her use and 
        benefit, to another individual, or an organization, 
        with respect to whom the requirements of paragraph (2) 
        have been met (hereinafter in this subsection referred 
        to as the individual's ``representative payee''). If 
        the Commissioner of Social Security or a court of 
        competent jurisdiction determines that a representative 
        payee has misused any individual's benefit paid to such 
        representative payee pursuant to this subsection or 
        section 807 or 1631(a)(2), the Commissioner of Social 
        Security shall promptly revoke certification for 
        payment of benefits to such representative payee 
        pursuant to this subsection and certify payment to an 
        alternative representative payee or, if the interest of 
        the individual under this title would be served 
        thereby, to the individual.
          (B) In the case of an individual entitled to benefits 
        based on disability, the payment of such benefits shall 
        be made to a representative payee if the Commissioner 
        of Social Security determines that such payment would 
        serve the interest of the individual because the 
        individual also has an alcoholism or drug addiction 
        condition (as determined by the Commissioner) and the 
        individual is incapable of managing such benefits.
          (2)(A) Any certification made under paragraph (1) for 
        payment of benefits to an individual's representative 
        payee shall be made on the basis of--
                  (i) an investigation by the Commissioner of 
                Social Security of the person to serve as 
                representative payee, which shall be conducted 
                in advance of such certification and shall, to 
                the extent practicable, include a face-to-face 
                interview with such person, and
                  (ii) adequate evidence that such 
                certification is in the interest of such 
                individual (as determined by the Commissioner 
                of Social Security in regulations).
          (B)(i) As part of the investigation referred to in 
        subparagraph (A)(i), the Commissioner of Social 
        Security shall--
                  (I) require the person being investigated to 
                submit documented proof of the identity of such 
                person, unless information establishing such 
                identity has been submitted with an application 
                for benefits under this title, title VIII, or 
                title XVI,
                  (II) verify such person's social security 
                account number (or employer identification 
                number),
                  (III) determine whether such person has been 
                convicted of a violation of section 208, 811, 
                or 1632,
                  (IV) obtain information concerning whether 
                such person has been convicted of any other 
                offense under Federal or State law which 
                resulted in imprisonment for more than 1 year,
                  (V) obtain information concerning whether 
                such person is a person described in section 
                202(x)(1)(A)(iv), and
                  (VI) determine whether certification of 
                payment of benefits to such person has been 
                revoked pursuant to this subsection, the 
                designation of such person as a representative 
                payee has been revoked pursuant to section 
                807(a), or payment of benefits to such person 
                has been terminated pursuant to section 
                1631(a)(2)(A)(iii) by reason of misuse of funds 
                paid as benefits under this title, title VIII, 
                or title XVI.
          (ii) The Commissioner of Social Security shall 
        establish and maintain a centralized file, which shall 
        be updated periodically and which shall be in a form 
        which renders it readily retrievable by each servicing 
        office of the Social Security Administration. Such file 
        shall consist of--
                  (I) a list of the names and social security 
                account numbers (or employer identification 
                numbers) of all persons with respect to whom 
                certification of payment of benefits has been 
                revoked on or after January 1, 1991, pursuant 
                to this subsection, whose designation as a 
                representative payee has been revoked pursuant 
                to section 807(a), or with respect to whom 
                payment of benefits has been terminated on or 
                after such date pursuant to section 
                1631(a)(2)(A)(iii), by reason of misuse of 
                funds paid as benefits under this title, title 
                VIII, or title XVI, and
                  (II) a list of the names and social security 
                account numbers (or employer identification 
                numbers) of all persons who have been convicted 
                of a violation of section 208, 811, or 1632.
          (iii) Notwithstanding the provisions of section 552a 
        of title 5, United States Code, or any other provision 
        of Federal or State law (other than section 6103 of the 
        Internal Revenue Code of 1986 and section 1106(c) of 
        this Act), the Commissioner shall furnish any Federal, 
        State, or local law enforcement officer, upon the 
        written request of the officer, with the current 
        address, social security account number, and photograph 
        (if applicable) of any person investigated under this 
        paragraph, if the officer furnishes the Commissioner 
        with the name of such person and such other identifying 
        information as may reasonably be required by the 
        Commissioner to establish the unique identity of such 
        person, and notifies the Commissioner that--
                  (I) such person is described in section 
                202(x)(1)(A)(iv),
                  (II) such person has information that is 
                necessary for the officer to conduct the 
                officer's official duties, and
                  (III) the location or apprehension of such 
                person is within the officer's official duties.
          (C)(i) Benefits of an individual may not be certified 
        for payment to any other person pursuant to this 
        subsection if--
                  (I) such person has previously been convicted 
                as described in subparagraph (B)(i)(III),
                  (II) except as provided in clause (ii), 
                certification of payment of benefits to such 
                person under this subsection has previously 
                been revoked as described in subparagraph 
                (B)(i)(VI) the designation of such person as a 
                representative payee has been revoked pursuant 
                to section 807(a), or payment of benefits to 
                such person pursuant to section 
                1631(a)(2)(A)(ii) has previously been 
                terminated as described in section 
                1631(a)(2)(B)(ii)(VI),
                  (III) except as provided in clause (iii), 
                such person is a creditor of such individual 
                who provides such individual with goods or 
                services for consideration,
                  (IV) such person has previously been 
                convicted as described in subparagraph 
                (B)(i)(IV), unless the Commissioner determines 
                that such certification would be appropriate 
                notwithstanding such conviction, or
                  (V) such person is a person described in 
                section 202(x)(1)(A)(iv).
          (ii) The Commissioner of Social Security shall 
        prescribe regulations under which the Commissioner of 
        Social Security may grant exemptions to any person from 
        the provisions of clause (i)(II) on a case-by-case 
        basis if such exemption is in the best interest of the 
        individual whose benefits would be paid to such person 
        pursuant to this subsection.
          (iii) Clause (i)(III) shall not apply with respect to 
        any person who is a creditor referred to therein if 
        such creditor is--
                  (I) a relative of such individual if such 
                relative resides in the same household as such 
                individual,
                  (II) a legal guardian or legal representative 
                of such individual,
                  (III) a facility that is licensed or 
                certified as a care facility under the law of a 
                State or a political subdivision of a State,
                  (IV) a person who is an administrator, owner, 
                or employee of a facility referred to in 
                subclause (III) if such individual resides in 
                such facility, and the certification of payment 
                to such facility or such person is made only 
                after good faith efforts have been made by the 
                local servicing office of the Social Security 
                Administration to locate an alternative 
                representative payee to whom such certification 
                of payment would serve the best interests of 
                such individual, or
                  (V) an individual who is determined by the 
                Commissioner of Social Security, on the basis 
                of written findings and under procedures which 
                the Commissioner of Social Security shall 
                prescribe by regulation, to be acceptable to 
                serve as a representative payee.
          (iv) The procedures referred to in clause (iii)(V) 
        shall require the individual who will serve as 
        representative payee to establish, to the satisfaction 
        of the Commissioner of Social Security, that--
                  (I) such individual poses no risk to the 
                beneficiary,
                  (II) the financial relationship of such 
                individual to the beneficiary poses no 
                substantial conflict of interest, and
                  (III) no other more suitable representative 
                payee can be found.
          (v) In the case of an individual described in 
        paragraph (1)(B), when selecting such individual's 
        representative payee, preference shall be given to--
                  (I) a certified community-based nonprofit 
                social service agency (as defined in paragraph 
                (10)),
                  (II) a Federal, State, or local government 
                agency whose mission is to carry out income 
                maintenance, social service, or health care-
                related activities,
                  (III) a State or local government agency with 
                fiduciary responsibilities, or
                  (IV) a designee of an agency (other than of a 
                Federal agency) referred to in the preceding 
                subclauses of this clause, if the Commissioner 
                of Social Security deems it appropriate, unless 
                the Commissioner of Social Security determines 
                that selection of a family member would be 
                appropriate.
          (D)(i) Subject to clause (ii), if the Commissioner of 
        Social Security makes a determination described in the 
        first sentence of paragraph (1) with respect to any 
        individual's benefit and determines that direct payment 
        of the benefit to the individual would cause 
        substantial harm to the individual, the Commissioner of 
        Social Security may defer (in the case of initial 
        entitlement) or suspend (in the case of existing 
        entitlement) direct payment of such benefit to the 
        individual, until such time as the selection of a 
        representative payee is made pursuant to this 
        subsection.
          (ii)(I) Except as provided in subclause (II), any 
        deferral or suspension of direct payment of a benefit 
        pursuant to clause (i) shall be for a period of not 
        more than 1 month.
          (II) Subclause (I) shall not apply in any case in 
        which the individual is, as of the date of the 
        Commissioner's determination, legally incompetent, 
        under the age of 15 years, or described in paragraph 
        (1)(B).
          (iii) Payment pursuant to this subsection of any 
        benefits which are deferred or suspended pending the 
        selection of a representative payee shall be made to 
        the individual or the representative payee as a single 
        sum or over such period of time as the Commissioner of 
        Social Security determines is in the best interest of 
        the individual entitled to such benefits.
          (E)(i) Any individual who is dissatisfied with a 
        determination by the Commissioner of Social Security to 
        certify payment of such individual's benefit to a 
        representative payee under paragraph (1) or with the 
        designation of a particular person to serve as 
        representative payee shall be entitled to a hearing by 
        the Commissioner of Social Security to the same extent 
        as is provided in subsection (b), and to judicial 
        review of the Commissioner's final decision as is 
        provided in subsection (g).
          (ii) In advance of the certification of payment of an 
        individual's benefit to a representative payee under 
        paragraph (1), the Commissioner of Social Security 
        shall provide written notice of the Commissioner's 
        initial determination to certify such payment. Such 
        notice shall be provided to such individual, except 
        that, if such individual--
                  (I) is under the age of 15,
                  (II) is an unemancipated minor under the age 
                of 18, or
                  (III) is legally incompetent, then such 
                notice shall be provided solely to the legal 
                guardian or legal representative of such 
                individual.
          (iii) Any notice described in clause (ii) shall be 
        clearly written in language that is easily 
        understandable to the reader, shall identify the person 
        to be designated as such individual's representative 
        payee, and shall explain to the reader the right under 
        clause (i) of such individual or of such individual's 
        legal guardian or legal representative--
                  (I) to appeal a determination that a 
                representative payee is necessary for such 
                individual,
                  (II) to appeal the designation of a 
                particular person to serve as the 
                representative payee of such individual, and
                  (III) to review the evidence upon which such 
                designation is based and submit additional 
                evidence.
          (3)(A) In any case where payment under this title is 
        made to a person other than the individual entitled to 
        such payment, the Commissioner of Social Security shall 
        establish a system of accountability monitoring whereby 
        such person shall report not less often than annually 
        with respect to the use of such payments. The 
        Commissioner of Social Security shall establish and 
        implement statistically valid procedures for reviewing 
        such reports in order to identify instances in which 
        such persons are not properly using such payments.
          (B) Subparagraph (A) shall not apply in any case 
        where the other person to whom such payment is made is 
        a State institution. In such cases, the Commissioner of 
        Social Security shall establish a system of 
        accountability monitoring for institutions in each 
        State.
          (C) Subparagraph (A) shall not apply in any case 
        where the individual entitled to such payment is a 
        resident of a Federal institution and the other person 
        to whom such payment is made is the institution.
          (D) Notwithstanding subparagraphs (A), (B), and (C), 
        the Commissioner of Social Security may require a 
        report at any time from any person receiving payments 
        on behalf of another, if the Commissioner of Social 
        Security has reason to believe that the person 
        receiving such payments is misusing such payments.
          (E) In any case in which the person described in 
        subparagraph (A) or (D) receiving payments on behalf of 
        another fails to submit a report required by the 
        Commissioner of Social Security under subparagraph (A) 
        or (D), the Commissioner may, after furnishing notice 
        to such person and the individual entitled to such 
        payment, require that such person appear in person at a 
        field office of the Social Security Administration 
        serving the area in which the individual resides in 
        order to receive such payments.
          (F) The Commissioner of Social Security shall 
        maintain a centralized file, which shall be updated 
        periodically and which shall be in a form which will be 
        readily retrievable by each servicing office of the 
        Social Security Administration, of--
                  (i) the address and the social security 
                account number (or employer identification 
                number) of each representative payee who is 
                receiving benefit payments pursuant to this 
                subsection, section 807, or section 1631(a)(2), 
                and
                  (ii) the address and social security account 
                number of each individual for whom each 
                representative payee is reported to be 
                providing services as representative payee 
                pursuant to this subsection, section 807, or 
                section 1631(a)(2).
          (G) Each servicing office of the Administration shall 
        maintain a list, which shall be updated periodically, 
        of public agencies and certified community-based 
        nonprofit social service agencies (as defined in 
        paragraph (10)) which are qualified to serve as 
        representative payees pursuant to this subsection or 
        section 807 or 1631(a)(2) and which are located in the 
        area served by such servicing office.
          (4)(A)(i) Except as provided in the next sentence, a 
        qualified organization may collect from an individual a 
        monthly fee for expenses (including overhead) incurred 
        by such organization in providing services performed as 
        such individual's representative payee pursuant to this 
        subsection if such fee does not exceed the lesser of--
                  (I) 10 percent of the monthly benefit 
                involved, or
                  (II) $25.00 per month ($50.00 per month in 
                any case in which the individual is described 
                in paragraph (1)(B)). A qualified organization 
                may not collect a fee from an individual for 
                any month with respect to which the 
                Commissioner of Social Security or a court of 
                competent jurisdiction has determined that the 
                organization misused all or part of the 
                individual's benefit, and any amount so 
                collected by the qualified organization for 
                such month shall be treated as a misused part 
                of the individual's benefit for purposes of 
                paragraphs (5) and (6). The Commissioner of 
                Social Security shall adjust annually (after 
                1995) each dollar amount set forth in subclause 
                (II) under procedures providing for adjustments 
                in the same manner and to the same extent as 
                adjustments are provided for under the 
                procedures used to adjust benefit amounts under 
                section 215(i)(2)(A), except that any amount so 
                adjusted that is not a multiple of $ 1.00 shall 
                be rounded to the nearest multiple of $1.00.
          (ii) In the case of an individual who is no longer 
        currently entitled to monthly insurance benefits under 
        this title but to whom all past-due benefits have not 
        been paid, for purposes of clause (i), any amount of 
        such past-due benefits payable in any month shall be 
        treated as a monthly benefit referred to in clause 
        (i)(I). Any agreement providing for a fee in excess of 
        the amount permitted under this subparagraph shall be 
        void and shall be treated as misuse by such 
        organization of such individual's benefits.
          (B) For purposes of this paragraph, the term 
        ``qualified organization'' means any State or local 
        government agency whose mission is to carry out income 
        maintenance, social service, or health care-related 
        activities, any State or local government agency with 
        fiduciary responsibilities, or any certified community-
        based nonprofit social service agency (as defined in 
        paragraph (10)), if such agency, in accordance with any 
        applicable regulations of the Commissioner of Social 
        Security--
                  (i) regularly provides services as the 
                representative payee, pursuant to this 
                subsection or section 807 or 1631(a)(2), 
                concurrently to 5 or more individuals,
                  (ii) demonstrates to the satisfaction of the 
                Commissioner of Social Security that such 
                agency is not otherwise a creditor of any such 
                individual. The Commissioner of Social Security 
                shall prescribe regulations under which the 
                Commissioner of Social Security may grant an 
                exception from clause (ii) for any individual 
                on a case-by-case basis if such exception is in 
                the best interests of such individual.
          (C) Any qualified organization which knowingly 
        charges or collects, directly or indirectly, any fee in 
        excess of the maximum fee prescribed under subparagraph 
        (A) or makes any agreement, directly or indirectly, to 
        charge or collect any fee in excess of such maximum 
        fee, shall be fined in accordance with title 18, United 
        States Code, or imprisoned not more than 6 months, or 
        both.
          (5) In cases where the negligent failure of the 
        Commissioner of Social Security to investigate or 
        monitor a representative payee results in misuse of 
        benefits by the representative payee, the Commissioner 
        of Social Security shall certify for payment to the 
        beneficiary or the beneficiary's alternative 
        representative payee an amount equal to such misused 
        benefits. In any case in which a representative payee 
        that--
                  (A) is not an individual (regardless of 
                whether it is a ``qualified organization'' 
                within the meaning of paragraph (4)(B)); or
                  (B) is an individual who, for any month 
                during a period when misuse occurs, serves 15 
                or more individuals who are beneficiaries under 
                this title, title VIII, title XVI, or any 
                combination of such titles; misuses all or part 
                of an individual's benefit paid to such 
                representative payee, the Commissioner of 
                Social Security shall certify for payment to 
                the beneficiary or the beneficiary's 
                alternative representative payee an amount 
                equal to the amount of such benefit so misused. 
                The provisions of this paragraph are subject to 
                the limitations of paragraph (7)(B). The 
                Commissioner of Social Security shall make a 
                good faith effort to obtain restitution from 
                the terminated representative payee.
          (6)(A) In addition to such other reviews of 
        representative payees as the Commissioner of Social 
        Security may otherwise conduct, the Commissioner shall 
        provide for the periodic onsite review of any person or 
        agency located in the United States that receives the 
        benefits payable under this title (alone or in 
        combination with benefits payable under title VIII or 
        title XVI) to another individual pursuant to the 
        appointment of such person or agency as a 
        representative payee under this subsection, section 
        807, or section 1631(a)(2) in any case in which--
                  (i) the representative payee is a person who 
                serves in that capacity with respect to 15 or 
                more such individuals;
                  (ii) the representative payee is a certified 
                community-based nonprofit social service agency 
                (as defined in paragraph (10) of this 
                subsection or section 1631(a)(2)(I)); or
                  (iii) the representative payee is an agency 
                (other than an agency described in clause (ii)) 
                that serves in that capacity with respect to 50 
                or more such individuals.
          (B) Within 120 days after the end of each fiscal 
        year, the Commissioner shall submit to the Committee on 
        Ways and Means of the House of Representatives and the 
        Committee on Finance of the Senate a report on the 
        results of periodic onsite reviews conducted during the 
        fiscal year pursuant to subparagraph (A) and of any 
        other reviews of representative payees conducted during 
        such fiscal year in connection with benefits under this 
        title. Each such report shall describe in detail all 
        problems identified in such reviews and any corrective 
        action taken or planned to be taken to correct such 
        problems, and shall include--
                  (i) the number of such reviews;
                  (ii) the results of such reviews;
                  (iii) the number of cases in which the 
                representative payee was changed and why;
                  (iv) the number of cases involving the 
                exercise of expedited, targeted oversight of 
                the representative payee by the Commissioner 
                conducted upon receipt of an allegation of 
                misuse of funds, failure to pay a vendor, or a 
                similar irregularity;
                  (v) the number of cases discovered in which 
                there was a misuse of funds;
                  (vi) how any such cases of misuse of funds 
                were dealt with by the Commissioner;
                  (vii) the final disposition of such cases of 
                misuse of funds, including any criminal 
                penalties imposed; and
                  (viii) such other information as the 
                Commissioner deems appropriate.
          (7)(A) If the Commissioner of Social Security or a 
        court of competent jurisdiction determines that a 
        representative payee that is not a Federal, State, or 
        local government agency has misused all or part of an 
        individual's benefit that was paid to such 
        representative payee under this subsection, the 
        representative payee shall be liable for the amount 
        misused, and such amount (to the extent not repaid by 
        the representative payee) shall be treated as an 
        overpayment of benefits under this title to the 
        representative payee for all purposes of this Act and 
        related laws pertaining to the recovery of such 
        overpayments. Subject to subparagraph (B), upon 
        recovering all or any part of such amount, the 
        Commissioner shall certify an amount equal to the 
        recovered amount for payment to such individual or such 
        individual's alternative representative payee.
          (B) The total of the amount certified for payment to 
        such individual or such individual's alternative 
        representative payee under subparagraph (A) and the 
        amount certified for payment under paragraph (5) may 
        not exceed the total benefit amount misused by the 
        representative payee with respect to such individual.
          (8) For purposes of this subsection, the term 
        ``benefit based on disability'' of an individual means 
        a disability insurance benefit of such individual under 
        section 223 or a child's, widow's, or widower's 
        insurance benefit of such individual under section 202 
        based on such individual's disability.
          (9) For purposes of this subsection, misuse of 
        benefits by a representative payee occurs in any case 
        in which the representative payee receives payment 
        under this title for the use and benefit of another 
        person and converts such payment, or any part thereof, 
        to a use other than for the use and benefit of such 
        other person. The Commissioner of Social Security may 
        prescribe by regulation the meaning of the term ``use 
        and benefit'' for purposes of this paragraph.
          (10) For purposes of this subsection, the term 
        ``certified community-based nonprofit social service 
        agency'' means a community-based nonprofit social 
        service agency which is in compliance with 
        requirements, under regulations which shall be 
        prescribed by the Commissioner, for annual 
        certification to the Commissioner that it is bonded in 
        accordance with requirements specified by the 
        Commissioner and that it is licensed in each State in 
        which it serves as a representative payee (if licensing 
        is available in the State) in accordance with 
        requirements specified by the Commissioner. Any such 
        annual certification shall include a copy of any 
        independent audit on the agency which may have been 
        performed since the previous certification.
  (k) Payments to incompetents.--Any payment made after 
December 31, 1939, under conditions set forth in subsection (j) 
any payment made before January 1, 1940, to, or on behalf of, a 
legally incompetent individual, and any payment made after 
December 31, 1939, to a legally incompetent individual without 
knowledge by the Commissioner of Social Security of 
incompetency prior to certification of payment, if otherwise 
valid under this title, shall be a complete settlement and 
satisfaction of any claim, right, or interest in and to such 
payment.
  (l) Delegation of powers and duties by Commissioner of Social 
Security.--The Commissioner of Social Security is authorized to 
delegate to any member, officer, or employee of the Social 
Security Administration designated by the Commissioner any of 
the powers conferred upon the Commissioner by this section, and 
is authorized to be represented by the Commissioner's own 
attorneys in any court in any case or proceeding arising under 
the provisions of subsection (e).
  (m) [Repealed]
  (n) Joint payments.--The Commissioner of Social Security may, 
in the Commissioner's discretion, certify to the Managing 
Trustee any two or more individuals of the same family for 
joint payment of the total benefits payable to such individuals 
for any month, and if one of such individuals dies before a 
check representing such joint payment is negotiated, payment of 
the amount of such unnegotiated check to the surviving 
individual or individuals may be authorized in accordance with 
regulations of the Secretary of the Treasury; except that 
appropriate adjustment or recovery shall be made under section 
204(a) with respect to so much of the amount of such check as 
exceeds the amount to which such surviving individual or 
individuals are entitled under this title for such month.
  (o) Crediting of compensation under the Railroad Retirement 
Act.--If there is no person who would be entitled, upon 
application therefor, to an annuity under section 5 of the 
Railroad Retirement Act of 1974, or to a lump-sum payment under 
section 6(b) of such Act, with respect to the death of an 
employee (as defined in such Act), then, notwithstanding 
section 210(a)(10) of this Act, compensation (as defined in 
such Railroad Retirement Act, but excluding compensation 
attributable as having been paid during any month on account of 
military service creditable under section 3(i) of such Act if 
wages are deemed to have been paid to such employee during such 
month under subsection (a) or (e) of section 217 of this Act) 
of such employee shall constitute remuneration for employment 
for purposes of determining (A) entitlement to and the amount 
of any lump-sum death payment under this title on the basis of 
such employee's wages and self-employment income and (B) 
entitlement to and the amount of any monthly benefit under this 
title, for the month in which such employee died or for any 
month thereafter, on the basis of such wages and self-
employment income. For such purposes, compensation (as so 
defined) paid in a calendar year before 1978 shall, in the 
absence of evidence to the contrary, be presumed to have been 
paid in equal proportions with respect to all months in the 
year in which the employee rendered services for such 
compensation.
  (p) Special rules in case of Federal service.--
          (1) With respect to service included as employment 
        under section 210 which is performed in the employ of 
        the United States or in the employ of any 
        instrumentality which is wholly owned by the United 
        States, including service, performed as a member of a 
        uniformed service, to which the provisions of 
        subsection (l)(1) of such section are applicable, and 
        including service, performed as a volunteer or 
        volunteer leader within the meaning of the Peace Corps 
        Act, to which the provisions of section 210(o) are 
        applicable, the Commissioner of Social Security shall 
        not make determinations as to the amounts of 
        remuneration for such service, or the periods in which 
        or for which such remuneration was paid, but shall 
        accept the determinations with respect thereto of the 
        head of the appropriate Federal agency or 
        instrumentality, and of such agents as such head may 
        designate, as evidenced by returns filed in accordance 
        with the provisions of section 3122 of the Internal 
        Revenue Code of 1954 and certifications made pursuant 
        to this subsection. Such determinations shall be final 
        and conclusive. Nothing in this paragraph shall be 
        construed to affect the Commissioner's authority to 
        determine under sections 209 and 210 whether any such 
        service constitutes employment, the periods of such 
        employment, and whether remuneration paid for any such 
        service constitutes wages.
          (2) The head of any such agency or instrumentality is 
        authorized and directed, upon written request of the 
        Commissioner of Social Security, to make certification 
        to the Commissioner with respect to any matter 
        determinable for the Commissioner of Social Security by 
        such head or his agents under this subsection, which 
        the Commissioner of Social Security finds necessary in 
        administering this title.
          (3) The provisions of paragraphs (1) and (2) shall be 
        applicable in the case of service performed by a 
        civilian employee, not compensated from funds 
        appropriated by the Congress, in the Army and Air Force 
        Exchange Service, Army and Air Force Motion Picture 
        Service, Navy Exchanges, Marine Corps Exchanges, or 
        other activities, conducted by an instrumentality of 
        the United States subject to the jurisdiction of the 
        Secretary of Defense, at installations of the 
        Department of Defense for the comfort, pleasure, 
        contentment, and mental and physical improvement of 
        personnel of such Department; and for purposes of 
        paragraphs (1) and (2) the Secretary of Defense shall 
        be deemed to be the head of such instrumentality. The 
        provisions of paragraphs (1) and (2) shall be 
        applicable also in the case of service performed by a 
        civilian employee, not compensated from funds 
        appropriated by the Congress, in the Coast Guard 
        Exchanges or other activities, conducted by an 
        instrumentality of the United States subject to the 
        jurisdiction of the Secretary of Transportation, at 
        installations of the Coast Guard for the comfort, 
        pleasure, contentment, and mental and physical 
        improvement of personnel of the Coast Guard; and for 
        purposes of paragraphs (1) and (2) the Secretary of 
        Transportation shall be deemed to be the head of such 
        instrumentality.
  (q) Expedited benefit payments.--
          (1) The Commissioner of Social Security shall 
        establish and put into effect procedures under which 
        expedited payment of monthly insurance benefits under 
        this title will, subject to paragraph (4) of this 
        subsection, be made as set forth in paragraphs (2) and 
        (3) of this subsection.
          (2) In any case in which--
                  (A) an individual makes an allegation that a 
                monthly benefit under this title was due him in 
                a particular month but was not paid to him, and
                  (B) such individual submits a written request 
                for the payment of such benefit--
                          (i) in the case of an individual who 
                        received a regular monthly benefit in 
                        the month preceding the month with 
                        respect to which such allegation is 
                        made, not less than 30 days after the 
                        15th day of the month with respect to 
                        which such allegation is made (and in 
                        the event that such request is 
                        submitted prior to the expiration of 
                        such 30-day period, it shall be deemed 
                        to have been submitted upon the 
                        expiration of such period), and
                          (ii) in any other case, not less than 
                        90 days after the later of (I) the date 
                        on which such benefit is alleged to 
                        have been due, or (II) the date on 
                        which such individual furnished the 
                        last information requested by the 
                        Commissioner of Social Security (and 
                        such written request will be deemed to 
                        be filed on the day on which it was 
                        filed, or the ninetieth day after the 
                        first day on which the Commissioner of 
                        Social Security has evidence that such 
                        allegation is true, whichever is 
                        later), the Commissioner of Social 
                        Security shall, if the Commissioner 
                        finds that benefits are due, certify 
                        such benefits for payment, and payment 
                        shall be made within 15 days 
                        immediately following the date on which 
                        the written request is deemed to have 
                        been filed.
          (3) In any case in which the Commissioner of Social 
        Security determines that there is evidence, although 
        additional evidence might be required for a final 
        decision, that an allegation described in paragraph 
        (2)(A) is true, the Commissioner may make a preliminary 
        certification of such benefit for payment even though 
        the 30-day or 90-day periods described in paragraph 
        (2)(B)(i) and (B)(ii) have not elapsed.
          (4) Any payment made pursuant to a certification 
        under paragraph (3) of this subsection shall not be 
        considered an incorrect payment for purposes of 
        determining the liability of the certifying or 
        disbursing officer.
          (5) For purposes of this subsection, benefits payable 
        under section 228 shall be treated as monthly insurance 
        benefits payable under this title. However, this 
        subsection shall not apply with respect to any benefit 
        for which a check has been negotiated, or with respect 
        to any benefit alleged to be due under either section 
        223, or section 202 to a wife, husband, or child of an 
        individual entitled to or applying for benefits under 
        section 223, or to a child who has attained age 18 and 
        is under a disability, or to a widow or widower on the 
        basis of being under a disability.
  (r) Use of death certificates to correct program 
information.--
          (1) The Commissioner of Social Security shall 
        undertake to establish a program under which--
                  (A) States (or political subdivisions 
                thereof) voluntarily contract with the 
                Commissioner of Social Security to furnish the 
                Commissioner of Social Security periodically 
                with information (in a form established by the 
                Commissioner of Social Security in consultation 
                with the States) concerning individuals with 
                respect to whom death certificates (or 
                equivalent documents maintained by the States 
                or subdivisions) have been officially filed 
                with them; and
                  (B) there will be (i) a comparison of such 
                information on such individuals with 
                information on such individuals in the records 
                being used in the administration of this Act, 
                (ii) validation of the results of such 
                comparisons, and (iii) corrections in such 
                records to accurately reflect the status of 
                such individuals.
          (2) Each State (or political subdivision thereof) 
        which furnishes the Commissioner of Social Security 
        with information on records of deaths in the State or 
        subdivision under this subsection may be paid by the 
        Commissioner of Social Security from amounts available 
        for administration of this Act the reasonable costs 
        (established by the Commissioner of Social Security in 
        consultations with the States) for transcribing and 
        transmitting such information to the Commissioner of 
        Social Security.
          (3) In the case of individuals with respect to whom 
        federally funded benefits are provided by (or through) 
        a Federal or State agency other than under this Act, 
        the Commissioner of Social Security shall to the extent 
        feasible provide such information through a cooperative 
        arrangement with such agency, for ensuring proper 
        payment of those benefits with respect to such 
        individuals if--
                  (A) under such arrangement the agency 
                provides reimbursement to the Commissioner of 
                Social Security for the reasonable cost of 
                carrying out such arrangement, and
                  (B) such arrangement does not conflict with 
                the duties of the Commissioner of Social 
                Security under paragraph (1).
          (4) The Commissioner of Social Security may enter 
        into similar agreements with States to provide 
        information for their use in programs wholly funded by 
        the States if the requirements of subparagraphs (A) and 
        (B) of paragraph (3) are met.
          (5) The Commissioner of Social Security may use or 
        provide for the use of such records as may be corrected 
        under this section, subject to such safeguards as the 
        Commissioner of Social Security determines are 
        necessary or appropriate to protect the information 
        from unauthorized use or disclosure, for statistical 
        and research activities conducted by Federal and State 
        agencies.
          (6) Information furnished to the Commissioner of 
        Social Security under this subsection may not be used 
        for any purpose other than the purpose described in 
        this subsection and is exempt from disclosure under 
        section 552 of title 5, United States Code, and from 
        the requirements of section 552a of such title.
          (7) The Commissioner of Social Security shall include 
        information on the status of the program established 
        under this section and impediments to the effective 
        implementation of the program in the 1984 report 
        required under section 704 of the Act.
          (8)(A) The Commissioner of Social Security shall, 
        upon the request of the official responsible for a 
        State driver's license agency pursuant to the Help 
        America Vote Act of 2002--
                  (i) enter into an agreement with such 
                official for the purpose of verifying 
                applicable information, so long as the 
                requirements of subparagraphs (A) and (B) of 
                paragraph (3) are met; and
                  (ii) include in such agreement safeguards to 
                assure the maintenance of the confidentiality 
                of any applicable information disclosed and 
                procedures to permit such agency to use the 
                applicable information for the purpose of 
                maintaining its records.
          (B) Information provided pursuant to an agreement 
        under this paragraph shall be provided at such time, in 
        such place, and in such manner as the Commissioner 
        determines appropriate.
          (C) The Commissioner shall develop methods to verify 
        the accuracy of information provided by the agency with 
        respect to applications for voter registration, for 
        whom the last 4 digits of a social security number are 
        provided instead of a driver's license number.
          (D) For purposes of this paragraph--
                  (i) the term ``applicable information'' means 
                information regarding whether--
                          (I) the name (including the first 
                        name and any family forename or 
                        surname), the date of birth (including 
                        the month, day, and year), and social 
                        security number of an individual 
                        provided to the Commissioner match the 
                        information contained in the 
                        Commissioner's records, and
                          (II) such individual is shown on the 
                        records of the Commissioner as being 
                        deceased; and
                  (ii) the term ``State driver's license 
                agency'' means the State agency which issues 
                driver's licenses to individuals within the 
                State and maintains records relating to such 
                licensure.
          (E) Nothing in this paragraph may be construed to 
        require the provision of applicable information with 
        regard to a request for a record of an individual if 
        the Commissioner determines there are exceptional 
        circumstances warranting an exception (such as safety 
        of the individual or interference with an 
        investigation).
          (F) Applicable information provided by the Commission 
        pursuant to an agreement under this paragraph or by an 
        individual to any agency that has entered into an 
        agreement under this paragraph shall be considered as 
        strictly confidential and shall be used only for the 
        purposes described in this paragraph and for carrying 
        out an agreement under this paragraph. Any officer or 
        employee or former officer or employee of a State, or 
        any officer or employee or former officer or employee 
        of a contractor of a State who, without the written 
        authority of the Commissioner, publishes or 
        communicates any applicable information in such 
        individual's possession by reason of such employment or 
        position as such an officer, shall be guilty of a 
        felony and upon conviction thereof shall be fined or 
        imprisoned, or both, as described in section 208.
  (s) Notice requirements.--The Commissioner of Social Security 
shall take such actions as are necessary to ensure that any 
notice to one or more individuals issued pursuant to this title 
by the Commissioner of Social Security or by a State agency--
          (1) is written in simple and clear language, and
          (2) includes the address and telephone number of the 
        local office of the Social Security Administration 
        which serves the recipient. In the case of any such 
        notice which is not generated by a local servicing 
        office, the requirements of paragraph (2) shall be 
        treated as satisfied if such notice includes the 
        address of the local office of the Social Security 
        Administration which services the recipient of the 
        notice and a telephone number through which such office 
        can be reached.
  (t) Same-day personal interviews at field offices in cases 
where time is of the essence.--In any case in which an 
individual visits a field office of the Social Security 
Administration and represents during the visit to an officer or 
employee of the Social Security Administration in the office 
that the individual's visit is occasioned by--
          (1) the receipt of a notice from the Social Security 
        Administration indicating a time limit for response by 
        the individual, or
          (2) the theft, loss, or nonreceipt of a benefit 
        payment under this title, the Commissioner of Social 
        Security shall ensure that the individual is granted a 
        face-to-face interview at the office with an officer or 
        employee of the Social Security Administration before 
        the close of business on the day of the visit.
  (u) Redetermination of entitlement in cases of fraud or 
similar fault.--
          (1)(A) The Commissioner of Social Security shall 
        immediately redetermine the entitlement of individuals 
        to monthly insurance benefits under this title if there 
        is reason to believe that fraud or similar fault was 
        involved in the application of the individual for such 
        benefits, unless a United States attorney, or 
        equivalent State prosecutor, with jurisdiction over 
        potential or actual related criminal cases, certifies, 
        in writing, that there is a substantial risk that such 
        action by the Commissioner of Social Security with 
        regard to beneficiaries in a particular investigation 
        would jeopardize the criminal prosecution of a person 
        involved in a suspected fraud.
          (B) When redetermining the entitlement, or making an 
        initial determination of entitlement, of an individual 
        under this title, the Commissioner of Social Security 
        shall disregard any evidence if there is reason to 
        believe that fraud or similar fault was involved in the 
        providing of such evidence.
          (2) For purposes of paragraph (1), similar fault is 
        involved with respect to a determination if--
                  (A) an incorrect or incomplete statement that 
                is material to the determination is knowingly 
                made; or
                  (B) information that is material to the 
                determination is knowingly concealed.
          (3) If, after redetermining pursuant to this 
        subsection the entitlement of an individual to monthly 
        insurance benefits, the Commissioner of Social Security 
        determines that there is insufficient evidence to 
        support such entitlement, the Commissioner of Social 
        Security may terminate such entitlement and may treat 
        benefits paid on the basis of such insufficient 
        evidence as overpayments.