[Senate Report 109-203]
[From the U.S. Government Publishing Office]
109th Congress
1st Session SENATE Report
109-203
_______________________________________________________________________
Calendar No. 320
IDENTITY THEFT PROTECTION ACT
__________
R E P O R T
OF THE
COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION
on
S. H.R. deg. 1408
DATE deg.December 8, 2005.--Ordered to be printed
Filed under authority of the order of the Senate of November 18, 2005
SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION
one hundred ninth congress
first session
TED STEVENS, Alaska, Chairman
DANIEL K. INOUYE, Hawaii, Co-Chairman
JOHN McCAIN, Arizona JOHN D. ROCKEFELLER IV, West
CONRAD BURNS, Montana Virginia
TRENT LOTT, Mississippi JOHN F. KERRY, Massachusetts
KAY BAILEY HUTCHISON, Texas BYRON L. DORGAN, North Dakota
OLYMPIA J. SNOWE, Maine BARBARA BOXER, California
GORDON H. SMITH, Oregon BILL NELSON, Florida
JOHN ENSIGN, Nevada MARIA CANTWELL, Washington
GEORGE ALLEN, Virginia FRANK LAUTENBERG, New Jersey
JOHN E. SUNUNU, New Hampshire E. BENJAMIN NELSON, Nebraska
JIM DeMINT, South Carolina MARK PRYOR, Arkansas
DAVID VITTER, Louisiana
Lisa Sutherland, Staff Director
Christine Drager Kurth, Deputy Staff Director
David Russell, Chief Counsel
Margaret Cummisky, Democratic Staff Director and Chief Counsel
Samuel Whitehorn, Democratic Deputy Staff Director and General Counsel
Calendar No. 320
109th Congress Report
SENATE
1st Session 109-203
======================================================================
IDENTITY THEFT PROTECTION ACT
_______
December 8, 2005.--Ordered to be printed
Filed under authority of the order of the Senate of November 18, 2005
_______
Mr. Stevens, from the Committee on Commerce, Science, and
Transportation, submitted the following
R E P O R T
[To accompany S. 1408]
The Committee on Commerce, Science, and Transportation, to
which was referred the bill joint resolution deg. (S.
H.R. deg. 1408) TITLE deg. to strengthen data
protection and safeguards, require data breach notification,
and further prevent identity theft, having considered the same,
reports favorably thereon without amendment deg.
with amendments deg. with an amendment (in the nature
of a substitute) and recommends that the bill joint
resolution deg. (as amended) do pass.
Purpose of the Bill
S. 1408 would bolster data security procedures for covered
entities that collect, dispose, maintain, sell, or transfer
sensitive personal information. The bill would require covered
entities to provide consumer notification under circumstances
when that entity suffers a breach of security, and the exposure
of that sensitive personal information would create a
reasonable risk that an identity theft may occur. S. 1408 also
would direct the Federal Trade Commission (FTC) to develop
rules that would require procedures for authenticating the
credentials of third parties to which sensitive personal
information may be sold or otherwise transferred. To further
protect consumers from identity theft, S. 1408 would allow
consumers to freeze their credit report for a reasonable fee.
As amended, S. 1408 also would prohibit the solicitation, sale,
or display of social security numbers by covered entities,
except under certain specified circumstances.
Background and Needs
DATA SECURITY
In 1998, Congress responded to an explosion in identity theft
activity by passing the Identity Theft Assumption and
Deterrence Act. \1\ This Act addressed identity theft in two
ways: First, the Act strengthened then-existing criminal law
governing identity theft \2\ to make it a Federal crime to
knowingly transfer or use, without lawful authority, a means of
identification of another person with the intent to commit, or
to aid or abet, any unlawful activity; and second, the Act
required the FTC to develop a centralized complaint and
consumer education service for victims of identity theft. This
FTC clearinghouse was established and currently serves as an
investigative tool for the FTC and Federal law enforcement to
track and thwart identity theft.
---------------------------------------------------------------------------
\1\ P.L. 105-318, 112 Stat. 3007 (Oct. 30, 1998)
\2\ 18 U.S.C. 1028 (``Fraud and related activity in connection with
identification documents'')
---------------------------------------------------------------------------
Despite the existence of several Federal and State laws
designed to reduce identity theft, the crime continues to be
perpetrated against American consumers at an alarming rate. A
2003 FTC survey found that, during a one-year period, identity
thieves victimized nearly 10 million Americans, or roughly 4.6
percent of the domestic adult population. The FTC has further
reported that identity theft--physical and online--accounted
for 39 percent of the more than 635,000 consumer fraud
complaints filed last year with the agency.
While the aggregation and distribution of consumers'
sensitive personal information for marketing, lending, and
other purposes are vital to commerce in the United States, such
practices have in some ways made it easier for identity thieves
to access and misappropriate sensitive personal information in
the possession of businesses and other entities.
In 2005, a string of highly publicized data breaches occurred
at a variety of private and public organizations ranging from
financial institutions and commercial retailers, to public
universities. These data breaches involved the sensitive
personal information of millions of consumers, including social
security numbers and financial information. Many of these
security breaches led to identity theft. The most widely
publicized data breaches involved the unauthorized access of
data held by two large information (or data) brokers. These
breaches raised the question whether consumers' sensitive
personal information is adequately protected from identity
thieves by the entities that collect, maintain, and transfer
sensitive personal information.
While several Federal laws address data security in different
contexts, there is no single Federal law that requires the
protection of sensitive personal information regardless of the
type of entity that is in possession of that information. In
addition, relevant Federal law that does exist does not require
all entities that possess sensitive personal information to
notify consumers when a breach involving such consumers'
sensitive personal information has occurred. S. 1408 is
intended to fill gaps in current Federal data security laws and
provide a uniform preemptive Federal standard for the
safeguarding of sensitive personal information regardless of
the entity with possession. The legislation would strike a
balance between ensuring adequate security of sensitive
personal information and not inhibiting the legitimate free
flow of information that is vital to the U.S. economy.
Congress has legislated in several contexts in the area of
data privacy and security. Among other things, Congress has
placed certain limits on the dissemination of credit report,
financial, motor vehicle, and health information. The following
is a brief description of existing data security laws.
The Fair Credit Reporting Act (FCRA) \3\ was enacted partly
to ensure that ``consumer reporting agencies exercise their
grave responsibilities with fairness, impartiality, and a
respect for the consumer's right to privacy.'' \4\ FCRA
requires that consumer reporting agencies only disclose
consumer credit reports if such a disclosure is for a
``permissible purpose'' as defined in the statute. \5\
---------------------------------------------------------------------------
\3\ 15 U.S.C. 1681-1681u, as amended; In 2003, FCRA was enhanced by
the Fair and Accurate Credit Transactions Act (FACT) Act. The FTC has
not completed implementation of the FACT Act.
\4\ 15 U.S.C. 1681(a)(4)
\5\ 15 U.S.C. 1681b(a)(3)(A) through (F)
---------------------------------------------------------------------------
In FCRA, a permissible purpose is generally a legitimate
business need by the individual or entity seeking the credit
report, which includes, among others, verification for
employment, extension of credit or insurance, or property
tenancy background checks. FCRA also requires credit-reporting
agencies to use reasonable procedures to ensure that those
requesting consumer credit reports are who they claim to be,
and that they are eligible to receive the report for a
permissible purpose.
Title V of the Gramm-Leach-Bliley Act (GLBA) \6\ was enacted
to ensure the privacy and security of personally identifiable
information handled by financial institutions. Title V of GLBA
requires financial institutions to provide notice to customers
of a possible disclosure of non-public personal information to
non-affiliates and an opportunity to opt out of such
disclosure. This non-public information includes an
individual's address, as well as social security number,
telephone number, and mother's maiden name. The prohibition
against disclosure of this information without notice and the
ability to opt out are subject to statutory exceptions provided
in GLBA. These exceptions allow for disclosure primarily for
reasons of law enforcement, prosecution, or fraud prevention.
GLBA's Privacy Rule for re-disclosure binds recipients of non-
public personal financial information. The GLBA requires
financial institutions to adopt and implement appropriate
safeguards for the personal information of their customers. \7\
---------------------------------------------------------------------------
\6\ 15 U.S.C. 6801-09
\7\ 15 U.S.C. 6801(b)
---------------------------------------------------------------------------
The Health Information Portability and Accountability Act
(HIPAA) \8\ was enacted partly to provide strong Federal
protections for the privacy rights of patients. The HIPAA
Privacy Rule prohibits health care providers from disclosing
personal health information except when required or permitted
under the Rule. The HIPAA Privacy Rule permits health care
providers to disclose personal health information for the
purpose of carrying out essential health care functions such as
patient treatment, payment for care, or health care operations
that support treatment and payment. The Rule also requires
disclosure of personal health information when requested by the
Department of Health and Human Services (HHS) for an
investigation or to determine compliance with the Privacy Rule,
or at the request of a patient or health care enrollee. Like
GLBA, HIPAA requires health care providers to adopt and
implement appropriate safeguards to protect personal health
information. \9\
---------------------------------------------------------------------------
\8\ 42 U.S.C. 1320d et seq.
\9\ 45 C.F.R. 164.530(c)
---------------------------------------------------------------------------
Section 5 of the Federal Trade Commission Act (FTCA) \10\
grants authority to the FTC to prevent unfair or deceptive
trade practices in or affecting interstate commerce. Entities
operating in interstate commerce are subject to section 5 of
the FTCA to the extent that they deceptively make false claims
concerning their information security policies on which
consumers rely to their detriment. Such entities are subject to
section 5 of the FTCA if they falsely claim to have adequate
information security safeguards in place, and/or if they
knowingly cause consumers substantial economic injury that
could have been reasonably avoided.
---------------------------------------------------------------------------
\10\ 15 U.S.C. 45(a)
---------------------------------------------------------------------------
The Driver's Privacy Protection Act (DPPA) \11\ prohibits the
disclosure of personal information by State departments of
motor vehicles except for uses specifically stated by DPPA. It
contains fourteen permissible uses, mostly for purposes of law
enforcement, vehicle insurance claims or policies, or judicial
proceedings.
---------------------------------------------------------------------------
\11\ 15 U.S.C. 2721-25
---------------------------------------------------------------------------
In April 2004, the California legislature enacted SB 1386,
which represented the first effort by a State legislature to
address data breach notification. The law provides strict
disclosure requirements for commercial entities or government
agencies that experience security breaches when the breaches
may contain the personal information of California residents.
According to many observers, were it not for the breach
notification requirements of the California law, most of the
data security breaches that were highly publicized in 2005
would not have become publicly known. Thirty-three other States
have passed or are considering data breach legislation. The two
prevalent themes among these initiatives are consumer
notification requirements in the event of a data breach, and
consumer redress in the event of such breach.
CREDIT FREEZE
The Fair and Accurate Credit Transaction Act (FACTA) of 2003,
\12\ which became effective in some States in December 2004,
\13\ added new sections to FCRA that were intended to provide
consumers with tools to combat the effects of identity theft.
FACTA allows a consumer who seeks to mitigate or prevent the
occurrence of identity theft to contact credit-reporting
agencies and place a ``fraud alert'' on their credit file. Once
placed, any entity that attempts to extend credit to the
consumer is required to contact the consumer by telephone and
take other reasonable steps to ensure that the credit
application is not that of an identity thief. Failure to
contact the consumer in such instances subjects the entity to
civil penalty. The fraud alert is effective initially for 90
days, and can be extended for up to seven years for victims of
identity theft by providing a police report or an affidavit
proving a theft occurred.
---------------------------------------------------------------------------
\12\ Pub. L. 108-159, 111 Stat. 1952
\13\ FACTA is being phased in beginning in December 2004 and ending
in September 2005.
---------------------------------------------------------------------------
S. 1408 would take an added step toward providing consumers
with tools to combat identity theft by allowing consumers to
place a ``freeze'' on their credit report for a reasonable fee.
A freeze effectively would preclude (with limited exceptions)
unauthorized third parties from accessing a credit report.
Victims of identity theft would be permitted to place freezes
on their credit report without a fee.
The credit freeze provision of the bill is a response to a
growing number of inconsistent State laws that have been
enacted since the passage of FACTA. There are currently 11
similar State credit freeze laws, with the possibility of many
more within the next few years.
Summary of Provisions
S. 1408, the Identity Theft Protection Act, would require
covered entities to comply with the existing requirements of
the FTC rules on Standards for Safeguarding Customer
Information and Disposal of Consumer Report Information and
Records (Safeguards Rule), \14\ which require covered entities
to develop, implement, maintain, and enforce written programs
for the security of sensitive personal information to ensure
security, protect against any anticipated threats, or
unauthorized access to consumers' sensitive personal
information.
---------------------------------------------------------------------------
\14\ 16 C.F.R. Part 314. The FTC was required to promulgate this
rule in GLBA, 15 U.S.C. Subchapter I, Sec. 6801-6809 (Disclosure of
Nonpublic Personal Information).
---------------------------------------------------------------------------
The bill would apply the Safeguards Rule to entities not
currently covered and require those entities that handle
sensitive personal information to provide notice to affected
consumers in the event of a security breach. S. 1408 also would
allow consumers to place, lift, and temporarily remove a
security freeze on their credit, which would prevent credit
from being extended to third parties without authorization from
the consumer. In addition, S. 1408 would prohibit (with limited
exceptions) the sale or purchase of consumers' social security
numbers. This provision would prohibit employers, educational
institutions, and others from using social security numbers for
any employee benefit plan, card, or tag that is provided by
employers, educational institutions, and others, for the
purpose of identification. The use of social security numbers
as identifiers on State drivers' licenses would be prohibited
as well.
Legislative History
On May 10, 2005, and June 16, 2005, the Committee held
hearings chaired by Chairman Stevens and Senator Smith,
respectively, to examine the issues pertaining to data
security. Those testifying before the Committee were
representatives of private companies, industry trade
associations, public interest groups, State Attorneys General,
and each of the FTC Commissioners.
On July 14, 2005, Senator Smith introduced S. 1408, ``The
Identity Theft Protection Act,'' which was referred to the
Committee. Senators Stevens, Inouye, McCain, Nelson, and Pryor
were original co-sponsors of the bill.
On July 28, 2005, the Committee met in open executive session
to consider an amendment in the nature of a substitute to S.
1408 offered by Senator Smith that made several substantive
changes to the bill's provisions as introduced. Senator Boxer
offered an amendment during the executive session, which would
limit the amount of time a covered entity would have to notify
consumers in the event of a data breach. The Committee agreed
to incorporate Senator Boxer's amendment into Senator Smith's
amendment in the nature of a substitute. In addition, the
Committee adopted an amendment offered by Chairman Stevens
containing technical corrections to the substitute amendment,
and an amendment offered by Senator Dorgan that would prohibit
the sale of Social Security numbers with a few exceptions,
including for the purposes of public health or national
security. The amendments were adopted and the bill, as amended,
and the Committee ordered the bill to be reported.
Estimated Costs
In compliance with subsection (a)(3) of paragraph 11
of rule XXVI of the Standing Rules of the Senate, the Committee
states that, in its opinion, it is necessary to dispense with
the requirements of paragraphs (1) and (2) of that subsection
in order to expedite the business of the Senate. deg.
In accordance with paragraph 11(a) of rule XXVI of the
Standing Rules of the Senate and section 403 of the
Congressional Budget Act of 1974, the Committee provides the
following cost estimate, prepared by the Congressional Budget
Office:
November 3, 2005.
Hon. Ted Stevens,
Chairman, Committee on Commerce, Science, and Transportation,
U.S. Senate, Washington, DC.
Dear Mr. Chairman: The Congressional Budget Office has
prepared the enclosed cost estimate for S. 1408, the Identity
Theft Protection Act.
If you wish further details on this estimate, we will be
pleased to provide them. The CBO staff contacts are Melissa Z.
Petersen (for federal costs), Sarah Puro ( for the state and
local impact), and Selena Caldera (for the private-sector
impact).
Sincerely,
Douglas Holtz-Eakin.
Enclosure.
S. 1408--Identity Theft Protection Act
Summary: S. 1408 would require private companies to take
certain precautions to safeguard the personal information of
consumers and to notify consumers whenever there is a breach in
the security of their personal information. Under the bill,
consumers would have the option to freeze their credit reports
in the event of a threat on their personal information. The
bill also would restrict the use, display, and sale of Social
Security numbers (SSNs). Under S. 1408, the Federal Trade
Commission (FTC) would enforce these restrictions and
requirements. Assuming appropriation of the amounts
specifically authorized in the bill, CBO estimates that
implementing S. 1408 would cost $1 million in 2006 and $5
million over the 2006-2010 period.
Enacting S. 1408 could increase federal revenues and direct
spending as a result of the collection of additional civil and
criminal penalties assessed for violations of identity theft
laws. Collections of criminal penalties are recorded in the
budget as revenues, deposited in the Crime Victims Fund, and
later spent. CBO estimates, however, that any additional
revenues and direct spending that would result from enacting
the bill would not be significant because of the relatively
small number of cases likely to be involved.
S. 1408 contains several intergovernmental mandates as
defined in the Unfunded Mandates Reform Act (UMRA), including
limitations on the sale, display, and use of SSNs by state and
local governments, requirements that schools--many of which are
public--comply with FTC regulations regarding certain personal
information that they collect, and explicit preemptions of
state laws regarding the treatment of that information. While
the aggregate cost of complying with those mandates is
uncertain, CBO estimates that such costs would exceed the
threshold established in UMRA ($62 million in 2005, adjusted
annually for inflation) in at least one of the first five years
after the mandates go into effect.
S. 1408 would impose private-sector mandates on employers,
retailers, schools, colleges, consumer-credit-reporting
agencies, and other entities that acquire, maintain, or utilize
sensitive personal information. While CBO cannot estimate the
direct cost of complying with each mandate, certain mandates in
the bill would impose security standards and notification
requirements on a large number of private-sector entities,
including more than five million employers. Based on this
information, CBO estimates that the total direct cost of
mandates in the bill would exceed the annual threshold
established by UMRA for private-sector mandates ($123 million
in 2005, adjusted annually for inflation).
Estimated cost to the Federal Government: The estimated
budgetary impact of S. 1408 is shown in the following table.
The costs of this legislation fall within budget function 370
(commerce and housing credit). CBO assumes that the bill will
be enacted in calendar year 2006 and that the specified amounts
will be appropriated for each year. CBO estimates that
implementing the bill would cost $1 million in 2006 and $5
million over the 2006-2010 period to issue regulations and
enforce the bill's new provisions restricting the use of
personal information.
----------------------------------------------------------------------------------------------------------------
By fiscal year, in millions of dollars--
--------------------------------------------
2006 2007 2008 2009 2010
----------------------------------------------------------------------------------------------------------------
CHANGES IN SPENDING SUBJECT TO APPROPRIATION
Authorization Level................................................ 1 1 1 1 1
Estimated Outlays.................................................. 1 1 1 1 1
----------------------------------------------------------------------------------------------------------------
Estimated impact on state, local, and tribal governments:
S. 1408 contains several intergovernmental mandates as defined
in UMRA. Specifically, the bill would:
Limit the sale, display, and use of Social
Security numbers by state, local, and tribal
governments;
Require that educational entities--many of
which are public--comply with FTC regulations regarding
the treatment of certain personal information that they
collect;
Explicitly preempt state laws in at least 17
states regarding the treatment of personal information;
and
Place certain notification requirements on
state insurance authorities and State Attorneys
General.
While there are a very large number of entities that would
be required to make changes to existing systems, the aggregate
cost of complying with those mandates is uncertain. Based on
discussion with state and local officials, however, CBO
estimates that the costs of complying with the mandates in the
bill would exceed the threshold established in UMRA ($62
million in 2005, adjusted annually for inflation) in at least
one of the first five years after the mandates go into effect.
CBO estimates that the prohibitions against the sale,
display, and use of Social Security numbers and the
requirements on educational entities would impact the most
significant costs on state and local governments. The remainder
of this analysis focuses on those provisions.
Social Security numbers
While state and local governments have, in recent years,
taken steps to reduce the use of SSNs on public documents, many
continue to use them for a variety of purposes. The bill would
restrict or prohibit governmental agencies from:
Selling or displaying Social Security
numbers that have been disclosed to the agency because
of a mandatory requirement;
Displaying SSNs on checks or check stubs;
Placing SSNs on drivers licenses,
identification cards, vehicle registrations, or
employee identification cards, or coding them into
magnetic strips or bar codes on those documents; and
Allowing prisoners access to SSNs of other
individuals.
The bill would allow SSNs to be sold under certain
circumstances, for example, when such sale is necessary for
public health, national security, or tax-law purposes, when
done in compliance with certain motor vehicle laws, or
consumer-reporting practices, or for nonmarket research that
advances the public good.
If state and local governments do not currently have a
system in place to safeguard SSNs, they would have to implement
a new system for any documents issued after the regulations
become effective (up to one year following enactment of the
bill). If they use SSNs on checks and check-stubs as part of
their recordkeeping and tracking procedures, they would have to
alter those systems and remove the SSNs. Under the provisions
of the bill, states would have to implement systems for
removing SSNs from many documents that are available to the
public. While there is some uncertainty about the extent of the
requirements in this provision, CBO assumes that governmental
entities would be required to remove SSNs from existing
documents, a requirement that would impose significant costs on
state and local governments. Further, some states may have to
alter their systems for issuing driver's licenses and vehicle
registrations to remove SSNs that are coded electronically onto
a magnetic strip or digitized as part of a bar code. Finally,
any government agency that uses SSNs would have to implement
safeguards to preclude unauthorized access to SSNs and their
derivatives and to protect confidentiality.
Generally, the use of SSNs by municipal governments for
recordkeeping and identification is not widespread. There are
over 75,000 municipal governments, however, so even small one-
time costs--for example, as little as $5,000--would impose
significant costs, in the aggregate, on intergovernmental
entities. On the other hand, counties and states, while fewer
in number (there are about 3,600 counties in the U.S.), are
more dependent on SSNs for various recordkeeping and
identification purposes and are thus likely to face
significantly higher costs because of the complexity and scope
of their recordkeeping systems. (Some counties estimate that
altering their systems to use identifiers other than SSNs or to
eliminate the display of SSNs would result in one-time costs
ranging from $40,000 to over $1,000,000, depending on the
county and the scope of the changes that would need to be
made.) In total, compliance costs for all state and local
entities would likely be significant.
Requirements on schools
The bill would require elementary, secondary, and post-
secondary educational institutions to:
Develop, implement, and maintain a written
program to safeguard certain personal information in
accordance with FTC regulations;
Notify affected individuals of any breach of
security; and
Refrain from using Social Security numbers
as identifiers in certain circumstances.
Under current law, educational institutions that receive
federal funds already are required to safeguard certain
personal information and must comply with Department of
Education standards. Depending on the differences between the
rules promulgated by the FTC and those already required by the
Department of Education, educational institutions may have to
make changes to their current systems that could be costly. For
example, if institutions are required to add additional systems
or provide additional information, they could face added costs.
Since there are over 100,000 institutions that would be
affected by these changes, the total costs could be
significant.
A provision that would require schools to notify affected
individuals of any breach of security in which personal
information may have been compromised also could be costly. The
bill would cap costs for each notification to $250,000.
Examples from California--where a similar law was passed in
2002--suggest that a large university could expect to incur
costs of between $100,000 and $200,000 to notify individuals
whose personal information may have been compromised. The
California experience suggests that, because the definition of
a security breach is broad, public schools likely would incur
some costs to comply with this provision. Because there is a
large number of educational institutions nationwide (there are
over 14,000 school districts composed of about 100,000 schools
and over 1,500 public institutions of higher education), total
costs could be significant over time. However, CBO cannot
estimate the likely frequency of such security breaches and
thus cannot estimate the total costs of complying with this
provision.
The bill also would prohibit educational institutions from
requesting and using a Social Security number unless no other
type of identifier can be used in its place. Reprogramming
systems that currently use SSNs as identifiers also could be
costly.
Estimated impact on the private sector: S. 1408 would
impose private-sector mandates on employers, retailers,
schools, colleges, consumer-credit-reporting agencies, and
other entities that acquire, maintain, or utilize sensitive
personal information. The legislation defines sensitive
personal information as a combination of name and Social
Security number, driver's license number, or credit card
information. While CBO cannot determine the direct cost of
complying with each mandate, certain mandates in S. 1408 would
impose security standards and notification requirements on a
large number of private-sector entities, including more than
five million employers. Based on this information, CBO
estimates that the total direct cost of mandates in the bill
would exceed the annual threshold established by UMRA for
private-sector mandates ($123 million in 2005, adjusted
annually for inflation).
Security program for the protection of sensitive information
Section 2 would require covered entities to develop,
implement, maintain, and enforce a written program containing
administrative, technical, and physical safeguards to secure
sensitive personal information. In the bill, covered entities
would include businesses, employers, and educational and
nonprofit institutions that acquire, maintain, and utilize
sensitive personal information. The cost of this mandate
depends on both the number of covered entities--more than five
million--and the average cost to an entity of complying with
the mandate. CBO does not have enough information to estimate
the average cost to a covered entity to comply with the
mandate. Because of the large number of covered entities,
however, we expect that even if the average cost of writing the
security program was small, the overall costs of this mandate
could be significantly above the threshold established in UMRA.
Notification of security breach risk
The bill would set certain procedures for notifying
consumers, the FTC, and credit reporting agencies of security
breaches involving personal information. In the case of a
security breach, section 3(c) would require covered entities to
investigate any suspected breach of security. If the breach
creates a reasonable risk of identity theft, the entity would
be required to notify all those individuals whose personal
information was compromised and to notify the FTC and the
credit-reporting agencies if the breach affects 1,000 or more
individuals.
The cost of this mandate depends on the number of security
breaches that occur, the average number of persons affected by
a breach, and the cost per person of notification. There is
very little information available on the number of breaches
each year; only the largest of breaches are noticed and
recorded. Nevertheless, information that is available suggests
that security breaches are not rare. Although the cost to
notify one person by mail may cost up to $2, the potentially
large number of people in data systems maintained by some
covered entities would make the cost of notification associated
with one breach substantial. Furthermore, certain covered
entities, such as retailers, do not maintain the mailing
addresses of customers for whom they have name and credit card
information. It would be costly for those entities to begin
keeping that information. Based on this information, CBO
expects that the cost to comply with this mandate could be
large relative to UMRA's threshold for private-sector mandates.
Security freeze
Section 4 would allow consumers to place a security freeze
on their credit report by making a request to a consumer-
credit-reporting agency. The credit-reporting agency would be
prevented from releasing the credit report to any third parties
without an authorization from the consumer. The agency also
would be required to notify all other reporting agencies of the
security freeze at the consumer's request. To comply with the
mandates in section 4, credit-reporting agencies would have to
create and operate new systems to accept, impose, and release
freezes on credit reports. Further, such agencies would incur
costs in terms of the lost net income from being unable to sell
credit reports that they would otherwise be able to sell under
current law. CBO does not have sufficient information on how
such systems would be added to existing operating systems or
the expected revenue from credit report sales. Therefore, CBO
has no basis to determine the cost of this mandate.
Social Security number protection
Section 8 would prevent covered entities from soliciting
any Social Security numbers from individuals unless no other
identifier can be used reasonably. There are many cases in
which covered entities ask individuals for their Social
Security numbers. For example, employers ask their employees to
provide SSNs for the purpose of sending withheld taxes to the
Internal Revenue Service; in this case, no other identifier
would seem possible to use. Schools, on the other hand, ask
students to provide SSNs on their applications where it may be
possible to use another identifier. CBO does not have
sufficient information about how often covered entities could
use another identifier and, if so, how much it would cost for
them to switch; therefore, CBO has no basis to estimate the
cost of this mandate.
This section also would prevent covered entities from
displaying Social Security numbers, or any part of such a
number, on any card or tag used for identification, such as
student or employee identification cards. This is an
increasingly rare practice; therefore, CBO estimates that the
cost of this mandate would be small.
Estimate prepared by: Federal Costs: Melissa Z. Peterson.
Impact on State, Local, and Tribal Governments: Sarah Puro.
Impact on the Private Sector: Selena Caldera and Nabeel
Alsalam.
Estimate approved by: Peter H. Fontaine, Deputy Assistance
Director for Budget Analysis.
Regulatory Impact Statement
In compliance with subsection (b)(2) of paragraph 11
of rule XXVI of the Standing Rules of the Senate, the Committee
states that, in its opinion, it is necessary to dispense with
the requirements of paragraph (1) of that subsection in order
to expedite the business of the Senate. deg.
Because S. ------ does not create any new programs,
the legislation will have no additional regulatory impact, and
will result in no additional reporting requirements. The
legislation will have no further effect on the number or types
of individuals and businesses regulated, the economic impact of
such regulation, the personal privacy of affected individuals,
or the paperwork required from such individuals and
businesses. deg.
In accordance with paragraph 11(b) of rule XXVI of the
Standing Rules of the Senate, the Committee provides the
following evaluation of the regulatory impact of the
legislation, as reported:
NUMBER OF PERSONS COVERED
ECONOMIC IMPACT
S. 1408 would require covered entities to develop, implement,
maintain, and enforce a written program for the security of
sensitive personal information in their possession. In
addition, covered entities would be required to notify
consumers in event of any breach of sensitive personal
information. While some covered entities may already have
safeguards and notification procedures in place, nonetheless,
the legislation may create compliance costs for such entities
in the form of equipment upgrades or personnel addition in
order to ensure that their practices satisfy the new Federal
requirements.
PRIVACY
S. 1408 would likely bolster consumer privacy by ensuring
that covered entities that handle sensitive personal
information take appropriate measures to safeguard such
information.
PAPERWORK
The legislation would increase paperwork requirements for
private industry to the extent that such paperwork is necessary
to comply with the information safeguards, breach notification,
and credit freeze requirements, as well as the social security
number use prohibitions, of this Act. The bill would require
two reports submitted to Congress by the FTC. The first, a
report by the FTC containing the findings of a working group
established by the FTC Chairman pursuant to this Act. And, the
second, a report by the FTC developed in conjunction with the
Department of Justice (DOJ) on the correlation between
methamphetamine use and identity theft crimes.
Section-by-Section Analysis
Section 1. Short title
This section would provide that the legislation be cited as
the ``Identity Theft Protection Act.''
Section 2. Protection of sensitive personal information
Section 2 would require covered entities to include
administrative, technical, and physical safeguards within the
written program to ensure security, protect against any
anticipated threats, and protect against unauthorized access to
sensitive personal information. The Committee notes that the
implementation and enforcement of the data security policy is
as important as the data security policy itself. Covered
entities that are in full compliance with the current FTC
Safeguards Rule would be deemed in compliance with this
section. The Act also would require that, within one year of
enactment, the FTC promulgate regulations that would require
procedures for authenticating the credentials of third parties
to which sensitive personal information is to be transferred or
sold.
The Committee's purposes for allowing covered entities the
option of complying with the existing FTC Safeguards Rule are
twofold: first, to provide covered entities regulatory
consistency without an interim gap that would require such
entities to modify their safeguards procedures more than once
in order to comply; and, second, to take into account the
impact of mandating safeguards rules on small businesses,
particularly sole proprietors. With respect to the latter
purpose, the Committee draws a parallel between the Safeguards
Rule and S. 1408 to the extent that small businesses should be
afforded flexibility to comply with S. 1408 in a manner that is
dependent on their size and complexity, the nature and scope of
their activities, and the sensitivity of the information that
they handle.
Accordingly, in promulgating the regulations required under
subsection 3(c), the FTC should consider the impact that such
regulations would have on small businesses, as the FTC did when
developing the existing Safeguards Rule.
The Committee encourages the FTC in its promulgation of rules
to fulfill the requirements of section 2 to take into account
the use of technological safeguards and effective alternative
methods to reduce the chances of identity theft.
Section 3. Notification of security breach risk
Section 3 would require a covered entity that, after using
due diligence, determines that a breach of security has
resulted in identity theft for one or more individuals, or that
a reasonable risk of identity theft exists, to notify every
individual affected by the breach of security. In determining
whether a reasonable risk of identity theft exists, a covered
entity would be required to consider factors about the nature
of the breach, such as if the data is usable by an unauthorized
third party and whether the data is in the possession and
control of an unauthorized third party who is likely to commit
identity theft.
This section also would require covered entities that suffer
a breach of security that affects 1,000 or more individuals to
report the breach to the FTC or other appropriate market
regulator and notify all consumer-reporting agencies (CRA) of
the breach. The FTC would be required in such an instance to
post a report of the breach of security on the agency's website
without personally identifying any individual affected by the
breach. In the event that the breach of security affects less
than 1,000 individuals, and a covered entity determines that
the breach of security does not create a reasonable risk of
identity theft, it shall report the breach to the FTC or
appropriate market regulator under section 5 of this Act. The
report would be required to contain the number of individuals
affected, and the type of information that was exposed, as a
result of the breach of security.
If a covered entity determines that notification to consumers
of the breach of security is warranted, the entity would be
required to contact individuals affected by the breach through
a written or electronic notice. If the cost of issuing a notice
would exceed $250,000, involve contacting more than 500,000
individuals, or the entity lacks the contact information of
affected individuals, the entity would have the option to
provide a substitute notice through a posting on the website of
the entity or via appropriate Statewide or regional media. In
the event that this substitute notice is necessary, the covered
entity would be required to include in such notice the name of
the entity suffering the breach, the affected individuals'
names, a description of the sensitive personal information that
was compromised, and the dates indicating the period between
the breach of the data and the discovery of the breach.
Section 3 would require a covered entity to give notice to
consumers when required by this Act in the most expedient
manner possible, but not later than 45 days following the
discovery of the breach, unless a Federal or State law
enforcement agency determines that the timely giving of notice
would materially impede a civil or criminal investigation, or
threaten national security or homeland security.
This section would not apply to electronic communications of
a third party stored by a cable operator, information service,
or telecommunications carrier in the network of such operator,
service, or carrier in the course of transferring or
transmitting such communication.
The Committee's consumer notification requirement is meant to
provide warning to consumers who may become victims of identity
theft as a result of a data security breach. The Committee
recognizes, however, that setting the threshold for
notification too low may result in unnecessary consumer
notification, which would reduce the effectiveness of the
warning and create unnecessary costs.
When deciding to provide notice, the entity should evaluate
the usability of the information and the likelihood that the
information is in the possession of an unauthorized party. If
the compromised sensitive personal information is usable, but
it has merely been misplaced and is not likely in the
possession of an unauthorized third party, consumer
notification would not be required. Similarly, consumer
notification would not be warranted when sensitive personal
information has been compromised and is likely in the
possession of an unauthorized third party, but the information
is not usable. Should a covered entity discover a breach of
security, and that the compromised sensitive personal
information is both usable and possessed by an unauthorized
third party who is likely to commit identity theft, the covered
entity must then determine whether a reasonable risk of
identity theft to one or more individuals exists. If this
analysis yields an affirmative conclusion, then the covered
entity would be required to provide consumer notification under
this section.
Section 4. Security freeze
Section 4 would allow a consumer to place a security freeze
on his or her credit report by making a request to a CRA in
writing, by telephone, or through a secure electronic
connection made available by the CRA. The security freeze would
prevent a consumer's credit report from being released to a
third party without express authorization from the consumer.
The Committee encourages the CRAs to provide consumers the most
expedient means to place and lift security freezes.
A CRA would have up to five days after receiving a written
request by a consumer to place a security freeze, and three
days to either lift a freeze either temporarily or permanently.
This Act would allow the FTC to determine through a rulemaking
what constitutes a reasonable fee that can be charged to
consumers by CRAs for placing and lifting a credit freeze.
The consumer whose credit report was frozen would be
permitted to remove a security freeze on his or her credit
report only upon request to the CRA. The CRA would be permitted
to remove a security freeze upon the consumer's request, or if
the CRA believes the report was frozen due to a material
misrepresentation of fact. If a consumer requests that a
security freeze be lifted, after providing proper
identification, the CRA must lift the freeze within three days.
This section would allow a consumer who places, removes, or
temporarily suspends a security freeze to request that the CRA
that initiates the action on the security freeze notify all
other CRAs of the request within three days. A CRA that is
notified of such a request may request proper identification
from the consumer within three business days after receiving
the request, and place the security freeze no later than three
days after receiving the consumer identification.
Victims of identity theft would be permitted under subsection
4(h)(2) to place a security freeze without charge by requesting
in writing, in addition to filing a police report or identity
theft report (as defined in section 603 (q)(4) of FCRA (15
U.S.C. 1681a(q)(4))), to a CRA within 90 days after the theft
occurred or was discovered by the consumer.
Section 4 would not apply to the use of a credit report by
any of the following: a person or entity with which the
consumer has had a prior business relationship for the purpose
of reviewing an account or collecting the financial obligation
owing from an account or contract; any Federal, State or local
agency, law enforcement agency, trial court, or private
collection agency acting pursuant to a court order, warrant, or
subpoena; HHS or any similar State agency acting to investigate
Medicare or Medicaid fraud; the Internal Revenue Service or a
State municipal taxing authority to investigate or collect
delinquent taxes or unpaid court orders or any of their other
statutory responsibilities; the use of consumer credit
information for prescreening; any person administering a credit
file monitoring subscription to which the consumer has
subscribed; any person or entity for the purpose of providing a
consumer with his or her credit report or credit score at the
consumer's request; a check services or fraud prevention
services company, which issues reports on incidents of fraud;
or a deposit account information service company, which issues
report regarding account closures due to fraud, substantial
overdrafts, or similar negative information.
Section 4 would exempt any CRA that acts only as a reseller
of credit information by assembling and merging information
contained in the data base of another CRA, and does not
maintain a permanent data base of credit information from which
new consumer reports are produced.
Section 5. Enforcement
Section 5 provides new authority for the FTC to take action
against covered entities that fail to develop, implement,
maintain, or enforce a written program for the security of
sensitive personal information as unfair or deceptive acts or
practices proscribed under section 18(a)(1)(B) of the FTCA (15
U.S.C. 57a(a)(1)(B)). This new authority is analogous to the
authority that the FTC currently possesses under Title V of
GLBA with respect to financial institutions.
This section also would provide that compliance with this Act
be enforced exclusively by agencies under the Federal Deposit
Insurance Act (for foreign banks, commercial lenders, bank
holding companies, and savings associations), the Federal
Credit Union Act (for credit unions), the Securities Exchange
Act of 1934 (for brokers and dealers), the Investment Company
Act of 1940 (for investment companies), the Investment Advisers
Act of 1940 (for investment advisers), and State insurance law.
Section 5 would allow the FTC to seek civil penalties in its
enforcement actions against covered entities in an amount up to
$11,000 for each individual; and up to $11,000,000 in the
aggregate for all such individuals with respect to the same
violation by a covered entity under section 3 of this Act.
This section also would provide that nothing in this Act
would establish a private cause of action against a covered
entity for the violation of any provision in this Act. However,
nothing would affect a consumer's right to bring a civil action
that is not under this Act in State or Federal court.
In addition, any covered entity to which title V of GLBA (15
U.S.C. 6801 et seq.) or section 607 of FCRA (15 U.S.C. 1681e)
applies would be deemed in compliance with sections 2 and 3 of
this Act to the extent that the person is in compliance with
the provisions of those Acts, which require the protection of
sensitive personal information and notification in the event of
a breach of security.
It is not the intent of this Committee to impose
prohibitively onerous safeguards and notification requirements
on small businesses. Thus, the FTC or appropriate market
regulator should consider the size of the business and its
ability to comply as one of many factors when enforcing this
Act.
Section 6. Enforcement of State Attorneys General
Section 6 would allow a State to bring an action under this
Act in Federal court on behalf of its residents. The State
would be required to notify the FTC or the appropriate Federal
market regulator of the action at least 60 days prior to
bringing the action. In the event that such notice is not
feasible, the State would be required to provide notice
immediately upon instituting the action. The FTC or appropriate
Federal market regulator would be authorized to intervene in
such civil action. If the FTC or appropriate Federal market
regulator institutes an action for a violation of this Act, no
State attorney general, or official or agency of the State,
would be permitted to bring an action during the pendency of
that action against any defendant named in the complaint.
Section 7. Preemption of State law
Section 7 of this Act would preempt any State or local law
that requires, or holds liable, a covered entity for
safeguarding sensitive personal information, notifying affected
individuals of breaches of security, or allowing a consumer to
place, remove, or temporarily suspend a security freeze on his
or her credit report. This section also would provide that any
State or local law, regulation, or rule prohibiting or limiting
the solicitation or display of social security numbers would be
preempted by this Act.
Section 8. Social Security number protection
Subsection 8(a) would prohibit the solicitation of a social
security number from an individual unless there is a specific
use of the number for which no other identifying number
reasonably can be used. Subsection 8(b) would prohibit
employers, educational institutions, and others from using
social security numbers for any employee benefit plan, card, or
tag that is provided by employers, educational institutions,
and others for the purpose of identification. This subsection
also would prohibit the use of social security numbers as
driver identifiers on State drivers' licenses.
Subsection 8(a) would provide certain exceptions for the
solicitation of a social security number, including: for the
purpose of obtaining a consumer report or any purpose permitted
under FCRA (15 U.S.C. 1681 et seq.); for the purpose of
verifying or obtaining proof of identity by a CRA; for any
purpose permitted under section 502(e) of GLBA (15 U.S.C.
6802(e)); or to identify or locate missing or abducted
children, witnesses, criminals and fugitives, parties to
lawsuits, parents delinquent in child support payments, organ
and bone marrow donors, pension fund beneficiaries, and missing
heirs.
Subsection 8(c) would amend the Social Security Act (42
U.S.C. 405(c)(2)(C)) to prohibit any Federal, State, or
judicial agency from employing or entering into a contract to
utilize inmates who would have access to the social security
account numbers of other individuals. This prohibition would go
into effect 90 days after the date of enactment.
Subsection 8(d) would prohibit the sale or purchase of social
security numbers. Exceptions to this prohibition would be for:
national security purposes; public health purposes; emergency
situations to protect the health or safety of an individual;
compliance with a tax law of the United States or of any State;
or if the sale or purchase is to or by a CRA. This section
would allow the sale or purchase of an individual's social
security if written consent is obtained. The Committee
recognizes that there are legitimate uses for social security
numbers as indicated in the exceptions to this subsection, and
that barring such usage may result in unintended consequences.
Therefore, the Committee intends to develop the language of
this section as the legislation progresses toward full Senate
consideration.
Subsection 8(d) also would require the FTC to promulgate
regulations concerning the prohibition of sale within 1 year
after the date of enactment of this Act.
Section 9. Information security working group
Section 9 would require the Chairman of the FTC to establish
an Information Working Group comprised of industry
participants, consumer groups, and other interested parties to
collect, review, disseminate, and advise on best practices to
protect sensitive personal information. The Information Working
Group would be required to submit to Congress a report on its
findings within 12 months after its establishment. The FTC,
after notifying Congress, would be authorized to terminate the
Working Group if the Commission finds that the work and annual
reports are no longer necessary.
Section 10. Definitions
Section 10 would provide for a number of notable definitions,
as follows:
Breach of Security: The unauthorized access to, and
acquisition of, data in any form or format containing sensitive
personal information that compromises the security or
confidentiality of such information and creates a reasonable
risk of identity theft.
Consumer Reporting Agency: Any person engaging in the
practice of assembling or evaluating consumer credit
information or other information on consumers for the purpose
of furnishing credit reports to third parties.
Covered Entity: A sole proprietorship, partnership,
corporation, trust, estate, cooperative, sole propriety,
association, or other commercial entity, and any charitable,
educational, or nonprofit organization, that acquires,
maintains, or utilizes sensitive personal information.
Credit Report: A consumer report as defined in section 603(d)
of FCRA (15 U.S.C. 1681a(p)), that is used for the purpose of
serving as a factor in establishing a consumer's eligibility
for credit for personal, family or household purposes.
Identity Theft: The unauthorized acquisition, purchase, sale,
or use by any person of an individual's sensitive personal
information that violates section 1028 of title 18, U.S.C., or
any provision of State law; or that results in economic loss to
the individual whose sensitive personal information was used.
Reasonable Risk of Identity Theft: The term ``reasonable risk
of identity theft'' means that the preponderance of the
evidence available to the covered entity that has experienced a
breach of security establishes that identity theft for one or
more individuals from the breach of security is foreseeable.
Sensitive Personal Information: An individual's name,
address, or phone number linked with one or more data elements
as listed in this definition. The FTC would be authorized
through a rulemaking to designate or delete data elements or
identifying information that may be used to effectuate identity
theft as sensitive personal information. The Committee has
included this FTC authority to add or subtract types of
information from this definition with the intention that such
authority would be exercised only when necessary to address any
change in circumstances by which a new category of information,
if breached, would create a reasonable risk of identity theft
pursuant to this Act. The Committee understands that additions
to or subtractions from the information list may yield economic
consequences to covered entities, and particularly small
businesses. Therefore, the FTC should proceed under this
authority, and, if utilized, the FTC should develop a clear
record showing how the information to be added or subtracted
would or would not effectuate identity theft. The Committee did
not include the following identifiers within the definition of
sensitive personal information: genetic or biometric
information; electronic mail signature; electronic identifier
or screen name with password; consumer credit report
information, mother's maiden name; and employee, faculty,
student or U.S. Armed forces serial number. These identifiers
were excluded because the Committee did not possess clear
evidence that obtaining this information would effectuate
identity theft. The Committee encourages the Federal Trade
Commission to evaluate these identifiers to decide if they
should be included as sensitive personal information.
Public Records: Nothing in the Act would prohibit a covered
entity from obtaining, aggregating, or using sensitive personal
information it lawfully obtains from public records in a manner
that would not violate this Act.
Section 11. Authorization of appropriations
Section 11 would authorize $1,000,000 to be appropriated to
the FTC to carry out this Act for fiscal years 2006 through
2010.
Section 12. Related crime study
Section 12 would require the FTC, in conjunction with DOJ, to
conduct a study within 18 months of enactment of this Act to
examine the correlation, if any, between methamphetamine use
and identity theft crimes, as well as the needs of law
enforcement to address methamphetamine crimes related to
identity theft.
Section 13. Prohibition on technology mandates
This section would make clear that nothing in this Act should
be construed as authorizing the FTC to issue regulations that
require or impose a specific technology, product, technological
standard, or solution.
Section 14. Effective date
This section would require covered entities under subsection
2(a) to implement the information safeguards program within 6
months after the date of enactment of this Act.
Under this Act, the FTC would be required to initiate
rulemakings under subsections 2(c), 4(h), and 8(d) within 45
days after enactment, and promulgate final rules within one
year after the date of enactment. The requirements of the FTC
rulemakings under subsections 2(c), 4(h), and 8(d) would take
effect six months after each of the final rules are
promulgated. All other provisions of this Act would take effect
upon its enactment.
Rollcall Votes in Committee
Senator Allen offered an amendment to Senator Smith's
amendment (in the nature of a substitute) to limit the
authority of the FTC to change the definition of ``sensitive
personal information.'' On a rollcall vote of 8 yeas and 14
nays as follows, the amendment was defeated:
YEAS--8 NAYS--14
Mr. Burns Mr. McCain\1\
Ms. Snowe Mr. Lott
Mr. Ensign\1\ Mrs. Hutchison\1\
Mr. Allen Mr. Smith
Mr. Sununu\1\ Mr. Inouye
Mr. DeMint\1\ Mr. Rockefeller\1\
Mr. Vitter Mr. Kerry\1\
Mr. Nelson of Nebraska\1\ Mr. Dorgan
Mrs. Boxer\1\
Mr. Nelson of Florida
Ms. Cantwell
Mr. Lautenberg\1\
Mr. Pryor
Mr. Stevens
\1\By proxy
Senator Allen offered an amendment to Senator Smith's
amendment (in the nature of a substitute) to amend the
definition in the bill of what constitutes a ``reasonable risk
of identity theft'' that would require companies to notify
consumers of a security breach or loss of personal information.
On a rollcall vote of 8 yeas and 14 nays as follows, the
amendment was defeated:
YEAS--8 NAYS--14
Mr. Burns\1\ Mr. Lott\1\
Mr. Smith Mrs. Hutchison\1\
Mr. Allen Ms. Snowe\1\
Mr. Sununu\1\ Mr. Inouye
Mr. McCain\1\ Mr. Rockefeller\1\
Mr. Ensign\1\ Mr. Kerry\1\
Mr. DeMint\1\ Mrs. Boxer\1\
Mr. Vitter\1\ Mr. Nelson of Florida
Ms. Cantwell\1\
Mr. Lautenberg\1\
Mr. Nelson of Nebraska\1\
Mr. Pryor
Mr. Dorgan
Mr. Stevens\1\
\1\By proxy
Senator Bill Nelson offered an amendment to Senator Smith's
amendment (in the nature of a substitute) to require data
brokers and others to provide consumers with the same rights to
sensitive personal information about themselves that they now
enjoy under FCRA. On a rollcall vote of 9 yeas and 13 nays as
follows, the amendment was defeated:
YEAS--9 NAYS--13
Mr. Inouye Mr. McCain\1\
Mr. Rockefeller\1\ Mr. Burns\1\
Mr. Kerry\1\ Mr. Lott\1\
Mr. Dorgan\1\ Mrs. Hutchison\1\
Mrs. Boxer\1\ Ms. Snowe\1\
Mr. Nelson of Florida Mr. Smith
Ms. Cantwell\1\ Mr. Ensign\1\
Mr. Lautenberg\1\ Mr. Allen\1\
Mr. Pryor Mr. Sununu\1\
Mr. DeMint\1\
Mr. Vitter\1\
Mr. Nelson of Nebraska\1\
Mr. Stevens\1\
\1\By proxy
Additional, Supplemental, or Minority Views deg.
Changes in Existing Law
In compliance with paragraph 12 of rule XXVI of the Standing
Rules of the Senate, changes in existing law made by the bill,
as reported, are shown as follows (existing law proposed to be
omitted is enclosed in black brackets, new material is printed
in italic, existing law in which no change is proposed is shown
in roman):
SOCIAL SECURITY ACT
SEC. 205. EVIDENCE AND PROCEDURE FOR ESTABLISHMENT OF BENEFITS.
[42 U.S.C. 405]
(a) Rules and regulations; procedures.--The Commissioner of
Social Security shall have full power and authority to make
rules and regulations and to establish procedures, not
inconsistent with the provisions of this title, which are
necessary or appropriate to carry out such provisions, and
shall adopt reasonable and proper rules and regulations to
regulate and provide for the nature and extent of the proofs
and evidence and the method of taking and furnishing the same
in order to establish the right to benefits hereunder.
(b) Administrative determination of entitlement to benefits;
findings of fact; hearings; investigations; evidentiary
hearings in reconsiderations of disability benefit
terminations.--
(1) The Commissioner of Social Security is directed
to make findings of fact, and decisions as to the
rights of any individual applying for a payment under
this title. Any such decision by the Commissioner of
Social Security which involves a determination of
disability and which is in whole or in part unfavorable
to such individual shall contain a statement of the
case, in understandable language, setting forth a
discussion of the evidence, and stating the
Commissioner's determination and the reason or reasons
upon which it is based. Upon request by any such
individual or upon request by a wife, divorced wife,
surviving divorced mother, surviving divorced father
husband, divorced husband, widower, surviving divorced
husband, child, or parent who makes a showing in
writing that his or her rights may be prejudiced by any
decision the Commissioner of Social Security has
rendered, the Commissioner shall give such applicant
and such other individual reasonable notice and
opportunity for a hearing with respect to such
decision, and, if a hearing is held, shall, on the
basis of evidence adduced at the hearing, affirm,
modify, or reverse the Commissioner's findings of fact
and such decision. Any such request with respect to
such a decision must be filed within sixty days after
notice of such decision is received by the individual
making such request. The Commissioner of Social
Security is further authorized, on the Commissioner's
own motion, to hold such hearings and to conduct such
investigations and other proceedings as the
Commissioner may deem necessary or proper for the
administration of this title. In the course of any
hearing, investigation or other proceeding, the
Commissioner may administer oaths and affirmations,
examine witnesses and receive evidence. Evidence may be
received at any hearing before the Commissioner of
Social Security even though inadmissible under rules of
evidence applicable to court procedure.
(2) In any case where--
(A) an individual is a recipient of
disability insurance benefits, or of child's,
widow's, or widower's insurance benefits based
on disability,
(B) the physical or mental impairment on the
basis of which such benefits are payable is
found to have ceased, not to have existed, or
to no longer be disabling, and
(C) as a consequence of the finding described
in subparagraph (B), such individual is
determined by the Commissioner of Social
Security not to be entitled to such benefits,
any reconsideration of the finding described in
subparagraph (B), in connection with a
reconsideration by the Commissioner of Social
Security (before any hearing under paragraph
(1) on the issue of such entitlement) of the
Commissioner's determination described in
subparagraph (C), shall be made only after
opportunity for an evidentiary hearing, with
regard to the finding described in subparagraph
(B), which is reasonably accessible to such
individual. Any reconsideration of a finding
described in subparagraph (B) may be made
either by the State agency or the Commissioner
of Social Security where the finding was
originally made by the State agency, and shall
be made by the Commissioner of Social Security
where the finding was originally made by the
Commissioner of Social Security. In the case of
a reconsideration by a State agency of a
finding described in subparagraph (B) which was
originally made by such State agency, the
evidentiary hearing shall be held by an
adjudicatory unit of the State agency other
than the unit that made the finding described
in subparagraph (B). In the case of a
reconsideration by the Commissioner of Social
Security of a finding described in subparagraph
(B) which was originally made by the
Commissioner of Social Security, the
evidentiary hearing shall be held by a person
other than the person or persons who made the
finding described in subparagraph (B).
(3)(A) A failure to timely request review of an
initial adverse determination with respect to an
application for any benefit under this title or an
adverse determination on reconsideration of such an
initial determination shall not serve as a basis for
denial of a subsequent application for any benefit
under this title if the applicant demonstrates that the
applicant, or any other individual referred to in
paragraph (1), failed to so request such a review
acting in good faith reliance upon incorrect,
incomplete, or misleading information, relating to the
consequences of reapplying for benefits in lieu of
seeking review of an adverse determination, provided by
any officer or employee of the Social Security
Administration or any State agency acting under section
221.
(B) In any notice of an adverse determination with
respect to which a review may be requested under
paragraph (1), the Commissioner of Social Security
shall describe in clear and specific language the
effect on possible entitlement to benefits under this
title of choosing to reapply in lieu of requesting
review of the determination.
(c) Records of wages and self-employment income.--
(1) For the purposes of this subsection--
(A) The term ``year'' means a calendar year
when used with respect to wages and a taxable
year when used with respect to self-employment
income.
(B) The term ``time limitation'' means a
period of three years, three months, and
fifteen days.
(C) The term ``survivor'' means an
individual's spouse, surviving divorced wife,
surviving divorced husband, surviving divorced
mother, surviving divorced father, child, or
parent, who survives such individual.
(D) The term ``period'' when used with
respect to self-employment income means a
taxable year and when used with respect to
wages means--
(i) a quarter if wages were reported
or should have been reported on a
quarterly basis on tax returns filed
with the Secretary of the Treasury or
his delegate under section 6011 of the
Internal Revenue Code of 1986 or
regulations thereunder (or on reports
filed by a State under section 218(e)
(as in effect prior to December 31,
1986) or regulations thereunder),
(ii) a year if wages were reported or
should have been reported on a yearly
basis on such tax returns or reports,
or
(iii) the half year beginning January
1 or July 1 in the case of wages which
were reported or should have been
reported for calendar year 1937.
(2)(A) On the basis of information obtained by or
submitted to the Commissioner of Social Security, and
after such verification thereof as the Commissioner
deems necessary, the Commissioner of Social Security
shall establish and maintain records of the amounts of
wages paid to, and the amounts of self-employment
income derived by, each individual and of the periods
in which such wages were paid and such income was
derived and, upon request, shall inform any individual
or his survivor, or the legal representative of such
individual or his estate, of the amounts of wages and
self-employment income of such individual and the
periods during which such wages were paid and such
income was derived, as shown by such records at the
time of such request.
(B)(i) In carrying out the Commissioner's duties
under subparagraph (A) and subparagraph (F), the
Commissioner of Social Security shall take affirmative
measures to assure that social security account numbers
will, to the maximum extent practicable, be assigned to
all members of appropriate groups of categories of
individuals by assigning such numbers (or ascertaining
that such numbers have already been assigned):
(I) to aliens at the time of their lawful
admission to the United States either for
permanent residence or under other authority of
law permitting them to engage in employment in
the United States and to other aliens at such
time as their status is so changed as to make
it lawful for them to engage in such
employment;
(II) to any individual who is an applicant
for or recipient of benefits under any program
financed in whole or in part from Federal funds
including any child on whose behalf such
benefits are claimed by another person; and
(III) to any other individual when it appears
that he could have been but was not assigned an
account number under the provisions of
subclauses (I) or (II) but only after such
investigation as is necessary to establish to
the satisfaction of the Commissioner of Social
Security, the identity of such individual, the
fact that an account number has not already
been assigned to such individual, and the fact
that such individual is a citizen or a
noncitizen who is not, because of his alien
status, prohibited from engaging in employment;
and, in carrying out such duties, the
Commissioner of Social Security is authorized
to take affirmative measures to assure the
issuance of social security numbers:
(IV) to or on behalf of children who are
below school age at the request of their
parents or guardians; and
(V) to children of school age at the time of
their first enrollment in school.
(ii) The Commissioner of Social Security shall
require of applicants for social security account
numbers such evidence as may be necessary to establish
the age, citizenship, or alien status, and true
identity of such applicants, and to determine which (if
any) social security account number has previously been
assigned to such individual. With respect to an
application for a social security account number for an
individual who has not attained the age of 18 before
such application, such evidence shall include the
information described in subparagraph (C)(ii).
(iii) In carrying out the requirements of this
subparagraph, the Commissioner of Social Security shall
enter into such agreements as may be necessary with the
Attorney General and other officials and with State and
local welfare agencies and school authorities
(including nonpublic school authorities).
(C)(i) It is the policy of the United States that any State
(or political subdivision thereof) may, in the administration
of any tax, general public assistance, driver's license, or
motor vehicle registration law within its jurisdiction, utilize
the social security account numbers issued by the Commissioner
of Social Security for the purpose of establishing the
identification of individuals affected by such law, and may
require any individual who is or appears to be so affected to
furnish to such State (or political subdivision thereof) or any
agency thereof having administrative responsibility for the law
involved, the social security account number (or numbers, if he
has more than one such number) issued to him by the
Commissioner of Social Security.
(ii) In the administration of any law involving the issuance
of a birth certificate, each State shall require each parent to
furnish to such State (or political subdivision thereof) or any
agency thereof having administrative responsibility for the law
involved, the social security account number (or numbers, if
the parent has more than one such number) issued to the parent
unless the State (in accordance with regulations prescribed by
the Commissioner of Social Security) finds good cause for not
requiring the furnishing of such number. The State shall make
numbers furnished under this subclause available to the
Commissioner of Social Security and the agency administering
the State's plan under part D of title IV in accordance with
Federal or State law and regulation. Such numbers shall not be
recorded on the birth certificate. A State shall not use any
social security account number, obtained with respect to the
issuance by the State of a birth certificate, for any purpose
other than for the enforcement of child support orders in
effect in the State, unless section 7(a) of the Privacy Act of
1974 does not prohibit the State from requiring the disclosure
of such number, by reason of the State having adopted, before
January 1, 1975, a statute or regulation requiring such
disclosure.
(iii)(I) In the administration of section 9 of the Food Stamp
Act of 1977 (7 U.S.C. 2018) involving the determination of the
qualifications of applicants under such Act, the Secretary of
Agriculture may require each applicant retail store or
wholesale food concern to furnish to the Secretary of
Agriculture the social security account number of each
individual who is an officer of the store or concern and, in
the case of a privately owned applicant, furnish the social
security account numbers of the owners of such applicant. No
officer or employee of the Department of Agriculture shall have
access to any such number for any purpose other than the
establishment and maintenance of a list of the names and social
security account numbers of such individuals for use in
determining those applicants who have been previously
sanctioned or convicted under section 12 or 15 of such Act (7
U.S.C. 2021 or 2024).
(II) The Secretary of Agriculture may share any information
contained in any list referred to in subclause (I) with any
other agency or instrumentality of the United States which
otherwise has access to social security account numbers in
accordance with this subsection or other applicable Federal
law, except that the Secretary of Agriculture may share such
information only to the extent that such Secretary determines
such sharing would assist in verifying and matching such
information against information maintained by such other agency
or instrumentality. Any such information shared pursuant to
this subclause may be used by such other agency or
instrumentality only for the purpose of effective
administration and enforcement of the Food Stamp Act of 1977 or
for the purpose of investigation of violations of other Federal
laws or enforcement of such laws.
(III) The Secretary of Agriculture, and the head of any other
agency or instrumentality referred to in this subclause, shall
restrict, to the satisfaction of the Commissioner of Social
Security, access to social security account numbers obtained
pursuant to this clause only to officers and employees of the
United States whose duties or responsibilities require access
for the purposes described in subclause (II).
(IV) The Secretary of Agriculture, and the head of any agency
or instrumentality with which information is shared pursuant to
clause (II), shall provide such other safeguards as the
Commissioner of Social Security determines to be necessary or
appropriate to protect the confidentiality of the social
security account numbers.
(iv) In the administration of section 506 of the Federal Crop
Insurance Act, the Federal Crop Insurance Corporation may
require each policyholder and each reinsured company to furnish
to the insurer or to the Corporation the social security
account number of such policyholder, subject to the
requirements of this clause. No officer or employee of the
Federal Crop Insurance Corporation shall have access to any
such number for any purpose other than the establishment of a
system of records necessary for the effective administration of
such Act. The Manager of the Corporation may require each
policyholder to provide to the Manager, at such times and in
such manner as prescribed by the Manager, the social security
account number of each individual that holds or acquires a
substantial beneficial interest in the policyholder. For
purposes of this clause, the term ``substantial beneficial
interest'' means not less than 5 percent of all beneficial
interest in the policyholder. The Secretary of Agriculture
shall restrict, to the satisfaction of the Commissioner of
Social Security, access to social security account numbers
obtained pursuant to this clause only to officers and employees
of the United States or authorized persons whose duties or
responsibilities require access for the administration of the
Federal Crop Insurance Act. The Secretary of Agriculture shall
provide such other safeguards as the Commissioner of Social
Security determines to be necessary or appropriate to protect
the confidentiality of such social security account numbers.
For purposes of this clause the term ``authorized person''
means an officer or employee of an insurer whom the Manager of
the Corporation designates by rule, subject to appropriate
safeguards including a prohibition against the release of such
social security account number (other than to the Corporation)
by such person.
(v) If and to the extent that any provision of Federal law
heretofore enacted is inconsistent with the policy set forth in
clause (i), such provision shall, on and after the date of the
enactment of this subparagraph, be null, void, and of no
effect. If and to the extent that any such provision is
inconsistent with the requirement set forth in clause (ii),
such provision shall, on and after the date of the enactment of
such subclause, be null, void, and of no effect.
(vi)(I) For purposes of clause (i) of this subparagraph, an
agency of a State (or political subdivision thereof) charged
with the administration of any general public assistance,
driver's license, or motor vehicle registration law which did
not use the social security account number for identification
under a law or regulation adopted before January 1, 1975, may
require an individual to disclose his or her social security
number to such agency solely for the purpose of administering
the laws referred to in clause (i) above and for the purpose of
responding to requests for information from an agency
administering a program funded under part A of title IV or an
agency operating pursuant to the provisions of part D of such
title.
(II) Any State or political subdivision thereof (and any
person acting as an agent of such an agency or
instrumentality), in the administration of any driver's license
or motor vehicle registration law within its jurisdiction, may
not display a social security account number issued by the
Commissioner of Social Security (or any derivative of such
number) on any driver's license, motor vehicle registration, or
personal identification card (as defined in section 7212(a)(2)
of the 9/11 Commission Implementation Act of 2004), or include,
on any such license, registration, or personal identification
card, a magnetic strip, bar code, or other means of
communication which conveys such number (or derivative
thereof).
(vii) For purposes of this subparagraph, the term ``State''
includes the District of Columbia, the Commonwealth of Puerto
Rico, the Virgin Islands, Guam, the Commonwealth of the
Northern Marianas, and the Trust Territory of the Pacific
Islands.
(viii)(I) Social security account numbers and related records
that are obtained or maintained by authorized persons pursuant
to any provision of law, enacted on or after October 1, 1990,
shall be confidential, and no authorized person shall disclose
any such social security account number or related record.
(II) Paragraphs (1), (2), and (3) of section 7213(a) of the
Internal Revenue Code of 1986 shall apply with respect to the
unauthorized willful disclosure to any person of social
security account numbers and related records obtained or
maintained by an authorized person pursuant to a provision of
law enacted on or after October 1, 1990, in the same manner and
to the same extent as such paragraphs as such paragraphs apply
with respect to unauthorized disclosures of returns and return
information described in such paragraphs. Paragraph (4) of such
7213(a) of such Code shall apply with respect to the willful
offer of any item of material value in exchange for any such
social security account number or related record in the same
manner and to the same extent as such paragraph applies with
respect to offers (in exchange for any return or return
information) described in such paragraph.
(III) For purposes of this clause, the term ``authorized
person'' means an officer or employee of the United States, an
officer or employee of any State, political subdivision of a
State, or agency of a State or political subdivision of a
State, and any other person (or officer or employee thereof),
who has or had access to social security account numbers or
related records pursuant to any provision of law enacted on or
after October 1, 1990. For purposes of this subclause, the term
``officer or employee'' includes a former officer or employee.
(IV) For purposes of this clause, the term ``related record''
means any record, list, or compilation that indicates, directly
or indirectly, the identity of any individual with respect to
whom a social security account number or a request for a social
security account number is maintained pursuant to this clause.
(ix) In the administration of the provisions of chapter 81 of
title 5, United States Code, and the Longshore and Harbor
Workers' Compensation Act (33 U.S.C. 901 et seq.), the
Secretary of Labor may require by regulation that any person
filing a notice of injury or a claim for benefits under such
provisions provide as part of such notice or claim such
person's social security account number, subject to the
requirements of this clause. No officer or employee of the
Department of Labor shall have access to any such number for
any purpose other than the establishment of a system of records
necessary for the effective administration of such provisions.
The Secretary of Labor shall restrict, to the satisfaction of
the Commissioner of Social Security, access to social security
account numbers obtained pursuant to this clause to officers
and employees of the United States whose duties or
responsibilities require access for the administration or
enforcement of such provisions. The Secretary of Labor shall
provide such other safeguards as the Commissioner of Social
Security determines to be necessary or appropriate to protect
the confidentiality of the social security account numbers.
(x) No executive, legislative, or judicial agency or
instrumentality of the Federal Government or of a State or
political subdivision thereof (or person acting as an agent of
such an agency or instrumentality) may employ, or enter into a
contract for the use or employment of, prisoners in any
capacity that would allow such prisoners access to the social
security account numbers of other individuals. For purposes of
this clause, the term `prisoner' means an individual who is
confined in a jail, prison, or other penal institution or
correctional facility, serving community service as a term of
probation or parole, or serving a sentence through a work-
furlough program.
(D)(i) It is the policy of the United States that--
(I) any State (or any political subdivision of a
State) and any authorized blood donation facility may
utilize the social security account numbers issued by
the Commissioner of Social Security for the purpose of
identifying blood donors, and
(II) any State (or political subdivision of a State)
may require any individual who donates blood within
such State (or political subdivision) to furnish to
such State (or political subdivision), to any agency
thereof having related administrative responsibility,
or to any authorized blood donation facility the social
security account number (or numbers, if the donor has
more than one such number) issued to the donor by the
Commissioner of Social Security.
(ii) If and to the extent that any provision of Federal law
enacted before the date of the enactment of this subparagraph
is inconsistent with the policy set forth in clause (i), such
provision shall, on and after such date, be null, void, and of
no effect.
(iii) For purposes of this subparagraph--
(I) the term ``authorized blood donation facility''
means an entity described in section 1141(h)(1)(B), and
(II) the term ``State'' includes the District of
Columbia, the Commonwealth of Puerto Rico, the Virgin
Islands, Guam, the Commonwealth of the Northern
Marianas, and the Trust Territory of the Pacific
Islands.
(E)(i) It is the policy of the United States that--
(I) any State (or any political subdivision of a
State) may utilize the social security account numbers
issued by the Commissioner of Social Security for the
additional purposes described in clause (ii) if such
numbers have been collected and are otherwise utilized
by such State (or political subdivision) in accordance
with applicable law, and
(II) any district court of the United States may use,
for such additional purposes, any such social security
account numbers which have been so collected and are so
utilized by any State.
(ii) The additional purposes described in this clause are the
following:
(I) Identifying duplicate names of individuals on
master lists used for jury selection purposes.
(II) Identifying on such master lists those
individuals who are ineligible to serve on a jury by
reason of their conviction of a felony.
(iii) To the extent that any provision of Federal law enacted
before the date of the enactment of this subparagraph is
inconsistent with the policy set forth in clause (i), such
provision shall, on and after that date, be null, void, and of
no effect.
(iv) For purposes of this subparagraph, the term ``State''
has the meaning such term has in subparagraph (D).
(F) The Commissioner of Social Security shall require, as a
condition for receipt of benefits under this title, that an
individual furnish satisfactory proof of a social security
account number assigned to such individual by the Commissioner
of Social Security or, in the case of an individual to whom no
such number has been assigned, that such individual make proper
application for assignment of such a number.
(G) The Commissioner of Social Security shall issue a social
security card to each individual at the time of the issuance of
a social security account number to such individual. The social
security card shall be made of banknote paper, and (to the
maximum extent practicable) shall be a card which cannot be
counterfeited.
(H) The Commissioner of Social Security shall share with the
Secretary of the Treasury the information obtained by the
Commissioner pursuant to the second sentence of subparagraph
(B)(ii) and to subparagraph (C)(ii) for the purpose of
administering those sections of the Internal Revenue Code of
1986 which grant tax benefits based on support or residence of
children.
(3) The Commissioner's records shall be evidence for
the purpose of proceedings before the Commissioner of
Social Security or any court of the amounts of wages
paid to, and self- employment income derived by, an
individual and of the periods in which such wages were
paid and such income was derived. The absence of an
entry in such records as to wages alleged to have been
paid to, or as to self-employment income alleged to
have been derived by, an individual in any period shall
be evidence that no such alleged wages were paid to, or
that no such alleged income was derived by, such
individual during such period.
(4) Prior to the expiration of the time limitation
following any year the Commissioner of Social Security
may, if it is brought to the Commissioner's attention
that any entry of wages or self- employment income in
the Commissioner's records for such year is erroneous
or that any item of wages or self-employment income for
such year has been omitted from such records, correct
such entry or include such omitted item in the
Commissioner's records, as the case may be. After the
expiration of the time limitation following any year--
(A) the Commissioner's records (with changes,
if any, made pursuant to paragraph (5)) of the
amounts of wages paid to, and self-employment
income derived by, an individual during any
period in such year shall be conclusive for the
purposes of this title;
(B) the absence of an entry in the
Commissioner's records as to the wages alleged
to have been paid by an employer to an
individual during any period in such year shall
be presumptive evidence for the purposes of
this title that no such alleged wages were paid
to such individuals in such period; and
(C) the absence of an entry in the
Commissioner's records as to the self-
employment income alleged to have been derived
by an individual in such year shall be
conclusive for the purposes of this title that
no such alleged self-employment income was
derived by such individual in such year unless
it is shown that he filed a tax return of his
self-employment income for such year before the
expiration of the time limitation following
such year, in which case the Commissioner of
Social Security shall include in the
Commissioner's records the self- employment
income of such individual for such year.
(5) After the expiration of the time limitation
following any year in which wages were paid or alleged
to have been paid to, or self-employment income was
derived or alleged to have been derived by, an
individual, the Commissioner of Social Security may
change or delete any entry with respect to wages or
self-employment income in the Commissioner's records of
such year for such individual or include in the
Commissioner's records of such year for such individual
any omitted item of wages or self-employment income but
only--
(A) if an application for monthly benefits or
for a lump-sum death payment was filed within
the time limitation following such year; except
that no such change, deletion, or inclusion may
be made pursuant to this subparagraph after a
final decision upon the application for monthly
benefits or lump-sum death payment;
(B) if within the time limitation following
such year an individual or his survivor makes a
request for a change or deletion, or for an
inclusion of an omitted item, and alleges in
writing that the Commissioner's records of the
wages paid to, or the self-employment income
derived by, such individual in such year are in
one or more respects erroneous; except that no
such change, deletion, or inclusion may be made
pursuant to this subparagraph after a final
decision upon such request. Written notice of
the Commissioner's decision on any such request
shall be given to the individual who made the
request;
(C) to correct errors apparent on the face of
such records;
(D) to transfer items to records of the
Railroad Retirement Board if such items were
credited under this title when they should have
been credited under the Railroad Retirement Act
of 1937 or 1974, or to enter items transferred
by the Railroad Retirement Board which have
been credited under the Railroad Retirement Act
of 1937 or 1974 when they should have been
credited under this title;
(E) to delete or reduce the amount of any
entry which is erroneous as a result of fraud;
(F) to conform his records to--
(i) tax returns or portions thereof
(including information returns and
other written statements) filed with
the Commissioner of Internal Revenue
under title VIII of the Social Security
Act, under subchapter E of chapter 1 or
subchapter A of chapter 9 of the
Internal Revenue Code of 1939, under
chapter 2 or 21 of the Internal Revenue
Code of 1954 or the Internal Revenue
Code of 1986, or under regulations made
under authority of such title,
subchapter, or chapter;
(ii) wage reports filed by a State
pursuant to an agreement under section
218 or regulations of the Commissioner
of Social Security thereunder; or
(iii) assessments of amounts due
under an agreement pursuant to section
218 (as in effect prior to December 31,
1986), if such assessments are made
within the period specified in
subsection (q) of such section (as so
in effect), or allowances of credits or
refunds of overpayments by a State
under an agreement pursuant to such
section; except that no amount of self-
employment income of an individual for
any taxable year (if such return or
statement was filed after the
expiration of the time limitation
following the taxable year) shall be
included in the Commissioner's records
pursuant to this subparagraph;
(G) to correct errors made in the allocation,
to individuals or periods, of wages or self-
employment income entered in the records of the
Commissioner of Social Security;
(H) to include wages paid during any period
in such year to an individual by an employer;
(I) to enter items which constitute
remuneration for employment under subsection
(o), such entries to be in accordance with
certified reports of records made by the
Railroad Retirement Board pursuant to section
5(k)(3) of the Railroad Retirement Act of 1937
or section 7(b)(7) of the Railroad Retirement
Act of 1974; or
(J) to include self-employment income for any
taxable year, up to, but not in excess of, the
amount of wages deleted by the Commissioner of
Social Security as payments erroneously
included in such records as wages paid to such
individual, if such income (or net earnings
from self-employment), not already included in
such records as self-employment income, is
included in a return or statement (referred to
in subparagraph (F)) filed before the
expiration of the time limitation following the
taxable year in which such deletion of wages is
made.
(6) Written notice of any deletion or reduction under
paragraph (4) or (5) shall be given to the individual
whose record is involved or to his survivor, except
that (A) in the case of a deletion or reduction with
respect to any entry of wages such notice shall be
given to such individual only if he has previously been
notified by the Commissioner of Social Security of the
amount of his wages for the period involved, and (B)
such notice shall be given to such survivor only if he
or the individual whose record is involved has
previously been notified by the Commissioner of Social
Security of the amount of such individual's wages and
self-employment income for the period involved.
(7) Upon request in writing (within such period,
after any change or refusal of a request for a change
of the Commissioner's records pursuant to this
subsection, as the Commissioner of Social Security may
prescribe), opportunity for hearing with respect to
such change or refusal shall be afforded to any
individual or his survivor. If a hearing is held
pursuant to this paragraph the Commissioner of Social
Security shall make findings of fact and a decision
based upon the evidence adduced at such hearing and
shall include any omitted items, or change or delete
any entry, in the Commissioner's records as may be
required by such findings and decision.
(8) A translation into English by a third party of a
statement made in a foreign language by an applicant
for or beneficiary of monthly insurance benefits under
this title shall not be regarded as reliable for any
purpose under this title unless the third party, under
penalty of perjury--
(A) certifies that the translation is
accurate; and
(B) discloses the nature and scope of the
relationship between the third party and the
applicant or recipient, as the case may be.
(9) Decisions of the Commissioner of Social Security
under this subsection shall be reviewable by commencing
a civil action in the United States district court as
provided in subsection (g).
(d) Issuance of subpenas in administrative proceedings.--For
the purpose of any hearing, investigation, or other proceeding
authorized or directed under this title, or relative to any
other matter within the the Commissioner's jurisdiction
hereunder, the Commissioner of Social Security shall have power
to issue subpenas requiring the attendance and testimony of
witnesses and the production of any evidence that relates to
any matter under investigation or in question before the
Commissioner of Social Security. Such attendance of witnesses
and production of evidence at the designated place of such
hearing, investigation, or other proceeding may be required
from any place in the United States or in any Territory or
possession thereof. Subpenas of the Commissioner of Social
Security shall be served by anyone authorized by the
Commissioner (1) by delivering a copy thereof to the individual
named therein, or (2) by registered mail or by certified mail
addressed to such individual at his last dwelling place or
principal place of business. A verified return by the
individual so serving the subpena setting forth the manner of
service, or, in the case of service by registered mail or by
certified mail, the return post-office receipt therefor signed
by the individual so served, shall be proof of service.
Witnesses so subpenaed shall be paid the same fees and mileage
as are paid witnesses in the district courts of the United
States.
(e) Judicial enforcement of subpenas; contempt.--In case of
contumacy by, or refusal to obey a subpena duly served upon,
any person, any district court of the United States for the
judicial district in which said person charged with contumacy
or refusal to obey is found or resides or transacts business,
upon application by the Commissioner of Social Security, shall
have jurisdiction to issue an order requiring such person to
appear and give testimony, or to appear and produce evidence,
or both; any failure to obey such order of the court may be
punished by said court as contempt thereof.
(f) [Repealed]
(g) Judicial review.--Any individual, after any final
decision of the Commissioner of Social Security made after a
hearing to which he was a party, irrespective of the amount in
controversy, may obtain a review of such decision by a civil
action commenced within sixty days after the mailing to him of
notice of such decision or within such further time as the
Commissioner of Social Security may allow. Such action shall be
brought in the district court of the United States for the
judicial district in which the plaintiff resides, or has his
principal place of business, or, if he does not reside or have
his principal place of business within any such judicial
district, in the District Court of the United States for the
District of Columbia. As part of the Commissioner's answer the
Commissioner of Social Security shall file a certified copy of
the transcript of the record including the evidence upon which
the findings and decision complained of are based. The court
shall have power to enter, upon the pleadings and transcript of
the record, a judgment affirming, modifying, or reversing the
decision of the Commissioner of Social Security, with or
without remanding the cause for a rehearing. The findings of
the Commissioner of Social Security as to any fact, if
supported by substantial evidence, shall be conclusive, and
where a claim has been denied by the Commissioner of Social
Security or a decision is rendered under subsection (b) hereof
which is adverse to an individual who was a party to the
hearing before the Commissioner of Social Security, because of
failure of the claimant or such individual to submit proof in
conformity with any regulation prescribed under subsection (a)
hereof, the court shall review only the question of conformity
with such regulations and the validity of such regulations. The
court may, on motion of the Commissioner of Social Security
made for good cause shown before the Commissioner files the
Commissioner's answer, remand the case to the Commissioner of
Social Security for further action by the Commissioner of
Social Security, and it may at any time order additional
evidence to be taken before the Commissioner of Social
Security, but only upon a showing that there is new evidence
which is material and that there is good cause for the failure
to incorporate such evidence into the record in a prior
proceeding; and the Commissioner of Social Security shall,
after the case is remanded, and after hearing such additional
evidence if so ordered, modify or affirm the Commissioner's
findings of fact or the Commissioner's decision, or both, and
shall file with the court any such additional and modified
findings of fact and decision, and, in any case in which the
Commissioner has not made a decision fully favorable to the
individual, a transcript of the additional record and testimony
upon which the Commissioner's action in modifying or affirming
was based. Such additional or modified findings of fact and
decision shall be reviewable only to the extent provided for
review of the original findings of fact and decision. The
judgment of the court shall be final except that it shall be
subject to review in the same manner as a judgment in other
civil actions. Any action instituted in accordance with this
subsection shall survive notwithstanding any change in the
person occupying the office of Commissioner of Social Security
or any vacancy in such office.
(h) Finality of Commissioner's decision.--The findings and
decisions of the Commissioner of Social Security after a
hearing shall be binding upon all individuals who were parties
to such hearing. No findings of fact or decision of the
Commissioner of Social Security shall be reviewed by any
person, tribunal, or governmental agency except as herein
provided. No action against the United States, the Commissioner
of Social Security, or any officer or employee thereof shall be
brought under section 1331 or 1346 of title 28, United States
Code, to recover on any claim arising under this title.
(i) Certification for payment.--Upon final decision of the
Commissioner of Social Security, or upon final judgment of any
court of competent jurisdiction, that any person is entitled to
any payment or payments under this title, the Commissioner of
Social Security shall certify to the Managing Trustee the name
and address of the person so entitled to receive such payment
or payments, the amount of such payment or payments, and the
time at which such payment or payments should be made, and the
Managing Trustee, through the Fiscal Service of the Department
of the Treasury, and prior to any action thereon by the General
Accounting Office, shall make payment in accordance with the
certification of the Commissioner of Social Security (except
that in the case of (A) an individual who will have completed
ten years of service (or five or more years of service, all of
which accrues after December 31, 1995) creditable under the
Railroad Retirement Act of 1937 or the Railroad Retirement Act
of 1974, (B) the wife or husband of such an individual, (C) any
survivor of such an individual if such survivor is entitled, or
could upon application become entitled, to an annuity under
section 2 of the Railroad Retirement Act of 1974, and (D) any
other person entitled to benefits under section 202 of this Act
on the basis of the wages and self-employment income of such an
individual (except a survivor of such an individual where such
individual did not have a current connection with the railroad
industry, as defined in the Railroad Retirement Act of 1974, at
the time of his death), such certification shall be made to the
Railroad Retirement Board which shall provide for such payment
or payments to such person on behalf of the Managing Trustee in
accordance with the provisions of the Railroad Retirement Act
of 1974): Provided, That where a review of the Commissioner's
decision is or may be sought under subsection (g) the
Commissioner of Social Security may withhold certification of
payment pending such review. The Managing Trustee shall not be
held personally liable for any payment or payments made in
accordance with a certification by the Commissioner of Social
Security.
(j) Representative payees.--
(1)(A) If the Commissioner of Social Security
determines that the interest of any individual under
this title would be served thereby, certification of
payment of such individual's benefit under this title
may be made, regardless of the legal competency or
incompetency of the individual, either for direct
payment to the individual, or for his or her use and
benefit, to another individual, or an organization,
with respect to whom the requirements of paragraph (2)
have been met (hereinafter in this subsection referred
to as the individual's ``representative payee''). If
the Commissioner of Social Security or a court of
competent jurisdiction determines that a representative
payee has misused any individual's benefit paid to such
representative payee pursuant to this subsection or
section 807 or 1631(a)(2), the Commissioner of Social
Security shall promptly revoke certification for
payment of benefits to such representative payee
pursuant to this subsection and certify payment to an
alternative representative payee or, if the interest of
the individual under this title would be served
thereby, to the individual.
(B) In the case of an individual entitled to benefits
based on disability, the payment of such benefits shall
be made to a representative payee if the Commissioner
of Social Security determines that such payment would
serve the interest of the individual because the
individual also has an alcoholism or drug addiction
condition (as determined by the Commissioner) and the
individual is incapable of managing such benefits.
(2)(A) Any certification made under paragraph (1) for
payment of benefits to an individual's representative
payee shall be made on the basis of--
(i) an investigation by the Commissioner of
Social Security of the person to serve as
representative payee, which shall be conducted
in advance of such certification and shall, to
the extent practicable, include a face-to-face
interview with such person, and
(ii) adequate evidence that such
certification is in the interest of such
individual (as determined by the Commissioner
of Social Security in regulations).
(B)(i) As part of the investigation referred to in
subparagraph (A)(i), the Commissioner of Social
Security shall--
(I) require the person being investigated to
submit documented proof of the identity of such
person, unless information establishing such
identity has been submitted with an application
for benefits under this title, title VIII, or
title XVI,
(II) verify such person's social security
account number (or employer identification
number),
(III) determine whether such person has been
convicted of a violation of section 208, 811,
or 1632,
(IV) obtain information concerning whether
such person has been convicted of any other
offense under Federal or State law which
resulted in imprisonment for more than 1 year,
(V) obtain information concerning whether
such person is a person described in section
202(x)(1)(A)(iv), and
(VI) determine whether certification of
payment of benefits to such person has been
revoked pursuant to this subsection, the
designation of such person as a representative
payee has been revoked pursuant to section
807(a), or payment of benefits to such person
has been terminated pursuant to section
1631(a)(2)(A)(iii) by reason of misuse of funds
paid as benefits under this title, title VIII,
or title XVI.
(ii) The Commissioner of Social Security shall
establish and maintain a centralized file, which shall
be updated periodically and which shall be in a form
which renders it readily retrievable by each servicing
office of the Social Security Administration. Such file
shall consist of--
(I) a list of the names and social security
account numbers (or employer identification
numbers) of all persons with respect to whom
certification of payment of benefits has been
revoked on or after January 1, 1991, pursuant
to this subsection, whose designation as a
representative payee has been revoked pursuant
to section 807(a), or with respect to whom
payment of benefits has been terminated on or
after such date pursuant to section
1631(a)(2)(A)(iii), by reason of misuse of
funds paid as benefits under this title, title
VIII, or title XVI, and
(II) a list of the names and social security
account numbers (or employer identification
numbers) of all persons who have been convicted
of a violation of section 208, 811, or 1632.
(iii) Notwithstanding the provisions of section 552a
of title 5, United States Code, or any other provision
of Federal or State law (other than section 6103 of the
Internal Revenue Code of 1986 and section 1106(c) of
this Act), the Commissioner shall furnish any Federal,
State, or local law enforcement officer, upon the
written request of the officer, with the current
address, social security account number, and photograph
(if applicable) of any person investigated under this
paragraph, if the officer furnishes the Commissioner
with the name of such person and such other identifying
information as may reasonably be required by the
Commissioner to establish the unique identity of such
person, and notifies the Commissioner that--
(I) such person is described in section
202(x)(1)(A)(iv),
(II) such person has information that is
necessary for the officer to conduct the
officer's official duties, and
(III) the location or apprehension of such
person is within the officer's official duties.
(C)(i) Benefits of an individual may not be certified
for payment to any other person pursuant to this
subsection if--
(I) such person has previously been convicted
as described in subparagraph (B)(i)(III),
(II) except as provided in clause (ii),
certification of payment of benefits to such
person under this subsection has previously
been revoked as described in subparagraph
(B)(i)(VI) the designation of such person as a
representative payee has been revoked pursuant
to section 807(a), or payment of benefits to
such person pursuant to section
1631(a)(2)(A)(ii) has previously been
terminated as described in section
1631(a)(2)(B)(ii)(VI),
(III) except as provided in clause (iii),
such person is a creditor of such individual
who provides such individual with goods or
services for consideration,
(IV) such person has previously been
convicted as described in subparagraph
(B)(i)(IV), unless the Commissioner determines
that such certification would be appropriate
notwithstanding such conviction, or
(V) such person is a person described in
section 202(x)(1)(A)(iv).
(ii) The Commissioner of Social Security shall
prescribe regulations under which the Commissioner of
Social Security may grant exemptions to any person from
the provisions of clause (i)(II) on a case-by-case
basis if such exemption is in the best interest of the
individual whose benefits would be paid to such person
pursuant to this subsection.
(iii) Clause (i)(III) shall not apply with respect to
any person who is a creditor referred to therein if
such creditor is--
(I) a relative of such individual if such
relative resides in the same household as such
individual,
(II) a legal guardian or legal representative
of such individual,
(III) a facility that is licensed or
certified as a care facility under the law of a
State or a political subdivision of a State,
(IV) a person who is an administrator, owner,
or employee of a facility referred to in
subclause (III) if such individual resides in
such facility, and the certification of payment
to such facility or such person is made only
after good faith efforts have been made by the
local servicing office of the Social Security
Administration to locate an alternative
representative payee to whom such certification
of payment would serve the best interests of
such individual, or
(V) an individual who is determined by the
Commissioner of Social Security, on the basis
of written findings and under procedures which
the Commissioner of Social Security shall
prescribe by regulation, to be acceptable to
serve as a representative payee.
(iv) The procedures referred to in clause (iii)(V)
shall require the individual who will serve as
representative payee to establish, to the satisfaction
of the Commissioner of Social Security, that--
(I) such individual poses no risk to the
beneficiary,
(II) the financial relationship of such
individual to the beneficiary poses no
substantial conflict of interest, and
(III) no other more suitable representative
payee can be found.
(v) In the case of an individual described in
paragraph (1)(B), when selecting such individual's
representative payee, preference shall be given to--
(I) a certified community-based nonprofit
social service agency (as defined in paragraph
(10)),
(II) a Federal, State, or local government
agency whose mission is to carry out income
maintenance, social service, or health care-
related activities,
(III) a State or local government agency with
fiduciary responsibilities, or
(IV) a designee of an agency (other than of a
Federal agency) referred to in the preceding
subclauses of this clause, if the Commissioner
of Social Security deems it appropriate, unless
the Commissioner of Social Security determines
that selection of a family member would be
appropriate.
(D)(i) Subject to clause (ii), if the Commissioner of
Social Security makes a determination described in the
first sentence of paragraph (1) with respect to any
individual's benefit and determines that direct payment
of the benefit to the individual would cause
substantial harm to the individual, the Commissioner of
Social Security may defer (in the case of initial
entitlement) or suspend (in the case of existing
entitlement) direct payment of such benefit to the
individual, until such time as the selection of a
representative payee is made pursuant to this
subsection.
(ii)(I) Except as provided in subclause (II), any
deferral or suspension of direct payment of a benefit
pursuant to clause (i) shall be for a period of not
more than 1 month.
(II) Subclause (I) shall not apply in any case in
which the individual is, as of the date of the
Commissioner's determination, legally incompetent,
under the age of 15 years, or described in paragraph
(1)(B).
(iii) Payment pursuant to this subsection of any
benefits which are deferred or suspended pending the
selection of a representative payee shall be made to
the individual or the representative payee as a single
sum or over such period of time as the Commissioner of
Social Security determines is in the best interest of
the individual entitled to such benefits.
(E)(i) Any individual who is dissatisfied with a
determination by the Commissioner of Social Security to
certify payment of such individual's benefit to a
representative payee under paragraph (1) or with the
designation of a particular person to serve as
representative payee shall be entitled to a hearing by
the Commissioner of Social Security to the same extent
as is provided in subsection (b), and to judicial
review of the Commissioner's final decision as is
provided in subsection (g).
(ii) In advance of the certification of payment of an
individual's benefit to a representative payee under
paragraph (1), the Commissioner of Social Security
shall provide written notice of the Commissioner's
initial determination to certify such payment. Such
notice shall be provided to such individual, except
that, if such individual--
(I) is under the age of 15,
(II) is an unemancipated minor under the age
of 18, or
(III) is legally incompetent, then such
notice shall be provided solely to the legal
guardian or legal representative of such
individual.
(iii) Any notice described in clause (ii) shall be
clearly written in language that is easily
understandable to the reader, shall identify the person
to be designated as such individual's representative
payee, and shall explain to the reader the right under
clause (i) of such individual or of such individual's
legal guardian or legal representative--
(I) to appeal a determination that a
representative payee is necessary for such
individual,
(II) to appeal the designation of a
particular person to serve as the
representative payee of such individual, and
(III) to review the evidence upon which such
designation is based and submit additional
evidence.
(3)(A) In any case where payment under this title is
made to a person other than the individual entitled to
such payment, the Commissioner of Social Security shall
establish a system of accountability monitoring whereby
such person shall report not less often than annually
with respect to the use of such payments. The
Commissioner of Social Security shall establish and
implement statistically valid procedures for reviewing
such reports in order to identify instances in which
such persons are not properly using such payments.
(B) Subparagraph (A) shall not apply in any case
where the other person to whom such payment is made is
a State institution. In such cases, the Commissioner of
Social Security shall establish a system of
accountability monitoring for institutions in each
State.
(C) Subparagraph (A) shall not apply in any case
where the individual entitled to such payment is a
resident of a Federal institution and the other person
to whom such payment is made is the institution.
(D) Notwithstanding subparagraphs (A), (B), and (C),
the Commissioner of Social Security may require a
report at any time from any person receiving payments
on behalf of another, if the Commissioner of Social
Security has reason to believe that the person
receiving such payments is misusing such payments.
(E) In any case in which the person described in
subparagraph (A) or (D) receiving payments on behalf of
another fails to submit a report required by the
Commissioner of Social Security under subparagraph (A)
or (D), the Commissioner may, after furnishing notice
to such person and the individual entitled to such
payment, require that such person appear in person at a
field office of the Social Security Administration
serving the area in which the individual resides in
order to receive such payments.
(F) The Commissioner of Social Security shall
maintain a centralized file, which shall be updated
periodically and which shall be in a form which will be
readily retrievable by each servicing office of the
Social Security Administration, of--
(i) the address and the social security
account number (or employer identification
number) of each representative payee who is
receiving benefit payments pursuant to this
subsection, section 807, or section 1631(a)(2),
and
(ii) the address and social security account
number of each individual for whom each
representative payee is reported to be
providing services as representative payee
pursuant to this subsection, section 807, or
section 1631(a)(2).
(G) Each servicing office of the Administration shall
maintain a list, which shall be updated periodically,
of public agencies and certified community-based
nonprofit social service agencies (as defined in
paragraph (10)) which are qualified to serve as
representative payees pursuant to this subsection or
section 807 or 1631(a)(2) and which are located in the
area served by such servicing office.
(4)(A)(i) Except as provided in the next sentence, a
qualified organization may collect from an individual a
monthly fee for expenses (including overhead) incurred
by such organization in providing services performed as
such individual's representative payee pursuant to this
subsection if such fee does not exceed the lesser of--
(I) 10 percent of the monthly benefit
involved, or
(II) $25.00 per month ($50.00 per month in
any case in which the individual is described
in paragraph (1)(B)). A qualified organization
may not collect a fee from an individual for
any month with respect to which the
Commissioner of Social Security or a court of
competent jurisdiction has determined that the
organization misused all or part of the
individual's benefit, and any amount so
collected by the qualified organization for
such month shall be treated as a misused part
of the individual's benefit for purposes of
paragraphs (5) and (6). The Commissioner of
Social Security shall adjust annually (after
1995) each dollar amount set forth in subclause
(II) under procedures providing for adjustments
in the same manner and to the same extent as
adjustments are provided for under the
procedures used to adjust benefit amounts under
section 215(i)(2)(A), except that any amount so
adjusted that is not a multiple of $ 1.00 shall
be rounded to the nearest multiple of $1.00.
(ii) In the case of an individual who is no longer
currently entitled to monthly insurance benefits under
this title but to whom all past-due benefits have not
been paid, for purposes of clause (i), any amount of
such past-due benefits payable in any month shall be
treated as a monthly benefit referred to in clause
(i)(I). Any agreement providing for a fee in excess of
the amount permitted under this subparagraph shall be
void and shall be treated as misuse by such
organization of such individual's benefits.
(B) For purposes of this paragraph, the term
``qualified organization'' means any State or local
government agency whose mission is to carry out income
maintenance, social service, or health care-related
activities, any State or local government agency with
fiduciary responsibilities, or any certified community-
based nonprofit social service agency (as defined in
paragraph (10)), if such agency, in accordance with any
applicable regulations of the Commissioner of Social
Security--
(i) regularly provides services as the
representative payee, pursuant to this
subsection or section 807 or 1631(a)(2),
concurrently to 5 or more individuals,
(ii) demonstrates to the satisfaction of the
Commissioner of Social Security that such
agency is not otherwise a creditor of any such
individual. The Commissioner of Social Security
shall prescribe regulations under which the
Commissioner of Social Security may grant an
exception from clause (ii) for any individual
on a case-by-case basis if such exception is in
the best interests of such individual.
(C) Any qualified organization which knowingly
charges or collects, directly or indirectly, any fee in
excess of the maximum fee prescribed under subparagraph
(A) or makes any agreement, directly or indirectly, to
charge or collect any fee in excess of such maximum
fee, shall be fined in accordance with title 18, United
States Code, or imprisoned not more than 6 months, or
both.
(5) In cases where the negligent failure of the
Commissioner of Social Security to investigate or
monitor a representative payee results in misuse of
benefits by the representative payee, the Commissioner
of Social Security shall certify for payment to the
beneficiary or the beneficiary's alternative
representative payee an amount equal to such misused
benefits. In any case in which a representative payee
that--
(A) is not an individual (regardless of
whether it is a ``qualified organization''
within the meaning of paragraph (4)(B)); or
(B) is an individual who, for any month
during a period when misuse occurs, serves 15
or more individuals who are beneficiaries under
this title, title VIII, title XVI, or any
combination of such titles; misuses all or part
of an individual's benefit paid to such
representative payee, the Commissioner of
Social Security shall certify for payment to
the beneficiary or the beneficiary's
alternative representative payee an amount
equal to the amount of such benefit so misused.
The provisions of this paragraph are subject to
the limitations of paragraph (7)(B). The
Commissioner of Social Security shall make a
good faith effort to obtain restitution from
the terminated representative payee.
(6)(A) In addition to such other reviews of
representative payees as the Commissioner of Social
Security may otherwise conduct, the Commissioner shall
provide for the periodic onsite review of any person or
agency located in the United States that receives the
benefits payable under this title (alone or in
combination with benefits payable under title VIII or
title XVI) to another individual pursuant to the
appointment of such person or agency as a
representative payee under this subsection, section
807, or section 1631(a)(2) in any case in which--
(i) the representative payee is a person who
serves in that capacity with respect to 15 or
more such individuals;
(ii) the representative payee is a certified
community-based nonprofit social service agency
(as defined in paragraph (10) of this
subsection or section 1631(a)(2)(I)); or
(iii) the representative payee is an agency
(other than an agency described in clause (ii))
that serves in that capacity with respect to 50
or more such individuals.
(B) Within 120 days after the end of each fiscal
year, the Commissioner shall submit to the Committee on
Ways and Means of the House of Representatives and the
Committee on Finance of the Senate a report on the
results of periodic onsite reviews conducted during the
fiscal year pursuant to subparagraph (A) and of any
other reviews of representative payees conducted during
such fiscal year in connection with benefits under this
title. Each such report shall describe in detail all
problems identified in such reviews and any corrective
action taken or planned to be taken to correct such
problems, and shall include--
(i) the number of such reviews;
(ii) the results of such reviews;
(iii) the number of cases in which the
representative payee was changed and why;
(iv) the number of cases involving the
exercise of expedited, targeted oversight of
the representative payee by the Commissioner
conducted upon receipt of an allegation of
misuse of funds, failure to pay a vendor, or a
similar irregularity;
(v) the number of cases discovered in which
there was a misuse of funds;
(vi) how any such cases of misuse of funds
were dealt with by the Commissioner;
(vii) the final disposition of such cases of
misuse of funds, including any criminal
penalties imposed; and
(viii) such other information as the
Commissioner deems appropriate.
(7)(A) If the Commissioner of Social Security or a
court of competent jurisdiction determines that a
representative payee that is not a Federal, State, or
local government agency has misused all or part of an
individual's benefit that was paid to such
representative payee under this subsection, the
representative payee shall be liable for the amount
misused, and such amount (to the extent not repaid by
the representative payee) shall be treated as an
overpayment of benefits under this title to the
representative payee for all purposes of this Act and
related laws pertaining to the recovery of such
overpayments. Subject to subparagraph (B), upon
recovering all or any part of such amount, the
Commissioner shall certify an amount equal to the
recovered amount for payment to such individual or such
individual's alternative representative payee.
(B) The total of the amount certified for payment to
such individual or such individual's alternative
representative payee under subparagraph (A) and the
amount certified for payment under paragraph (5) may
not exceed the total benefit amount misused by the
representative payee with respect to such individual.
(8) For purposes of this subsection, the term
``benefit based on disability'' of an individual means
a disability insurance benefit of such individual under
section 223 or a child's, widow's, or widower's
insurance benefit of such individual under section 202
based on such individual's disability.
(9) For purposes of this subsection, misuse of
benefits by a representative payee occurs in any case
in which the representative payee receives payment
under this title for the use and benefit of another
person and converts such payment, or any part thereof,
to a use other than for the use and benefit of such
other person. The Commissioner of Social Security may
prescribe by regulation the meaning of the term ``use
and benefit'' for purposes of this paragraph.
(10) For purposes of this subsection, the term
``certified community-based nonprofit social service
agency'' means a community-based nonprofit social
service agency which is in compliance with
requirements, under regulations which shall be
prescribed by the Commissioner, for annual
certification to the Commissioner that it is bonded in
accordance with requirements specified by the
Commissioner and that it is licensed in each State in
which it serves as a representative payee (if licensing
is available in the State) in accordance with
requirements specified by the Commissioner. Any such
annual certification shall include a copy of any
independent audit on the agency which may have been
performed since the previous certification.
(k) Payments to incompetents.--Any payment made after
December 31, 1939, under conditions set forth in subsection (j)
any payment made before January 1, 1940, to, or on behalf of, a
legally incompetent individual, and any payment made after
December 31, 1939, to a legally incompetent individual without
knowledge by the Commissioner of Social Security of
incompetency prior to certification of payment, if otherwise
valid under this title, shall be a complete settlement and
satisfaction of any claim, right, or interest in and to such
payment.
(l) Delegation of powers and duties by Commissioner of Social
Security.--The Commissioner of Social Security is authorized to
delegate to any member, officer, or employee of the Social
Security Administration designated by the Commissioner any of
the powers conferred upon the Commissioner by this section, and
is authorized to be represented by the Commissioner's own
attorneys in any court in any case or proceeding arising under
the provisions of subsection (e).
(m) [Repealed]
(n) Joint payments.--The Commissioner of Social Security may,
in the Commissioner's discretion, certify to the Managing
Trustee any two or more individuals of the same family for
joint payment of the total benefits payable to such individuals
for any month, and if one of such individuals dies before a
check representing such joint payment is negotiated, payment of
the amount of such unnegotiated check to the surviving
individual or individuals may be authorized in accordance with
regulations of the Secretary of the Treasury; except that
appropriate adjustment or recovery shall be made under section
204(a) with respect to so much of the amount of such check as
exceeds the amount to which such surviving individual or
individuals are entitled under this title for such month.
(o) Crediting of compensation under the Railroad Retirement
Act.--If there is no person who would be entitled, upon
application therefor, to an annuity under section 5 of the
Railroad Retirement Act of 1974, or to a lump-sum payment under
section 6(b) of such Act, with respect to the death of an
employee (as defined in such Act), then, notwithstanding
section 210(a)(10) of this Act, compensation (as defined in
such Railroad Retirement Act, but excluding compensation
attributable as having been paid during any month on account of
military service creditable under section 3(i) of such Act if
wages are deemed to have been paid to such employee during such
month under subsection (a) or (e) of section 217 of this Act)
of such employee shall constitute remuneration for employment
for purposes of determining (A) entitlement to and the amount
of any lump-sum death payment under this title on the basis of
such employee's wages and self-employment income and (B)
entitlement to and the amount of any monthly benefit under this
title, for the month in which such employee died or for any
month thereafter, on the basis of such wages and self-
employment income. For such purposes, compensation (as so
defined) paid in a calendar year before 1978 shall, in the
absence of evidence to the contrary, be presumed to have been
paid in equal proportions with respect to all months in the
year in which the employee rendered services for such
compensation.
(p) Special rules in case of Federal service.--
(1) With respect to service included as employment
under section 210 which is performed in the employ of
the United States or in the employ of any
instrumentality which is wholly owned by the United
States, including service, performed as a member of a
uniformed service, to which the provisions of
subsection (l)(1) of such section are applicable, and
including service, performed as a volunteer or
volunteer leader within the meaning of the Peace Corps
Act, to which the provisions of section 210(o) are
applicable, the Commissioner of Social Security shall
not make determinations as to the amounts of
remuneration for such service, or the periods in which
or for which such remuneration was paid, but shall
accept the determinations with respect thereto of the
head of the appropriate Federal agency or
instrumentality, and of such agents as such head may
designate, as evidenced by returns filed in accordance
with the provisions of section 3122 of the Internal
Revenue Code of 1954 and certifications made pursuant
to this subsection. Such determinations shall be final
and conclusive. Nothing in this paragraph shall be
construed to affect the Commissioner's authority to
determine under sections 209 and 210 whether any such
service constitutes employment, the periods of such
employment, and whether remuneration paid for any such
service constitutes wages.
(2) The head of any such agency or instrumentality is
authorized and directed, upon written request of the
Commissioner of Social Security, to make certification
to the Commissioner with respect to any matter
determinable for the Commissioner of Social Security by
such head or his agents under this subsection, which
the Commissioner of Social Security finds necessary in
administering this title.
(3) The provisions of paragraphs (1) and (2) shall be
applicable in the case of service performed by a
civilian employee, not compensated from funds
appropriated by the Congress, in the Army and Air Force
Exchange Service, Army and Air Force Motion Picture
Service, Navy Exchanges, Marine Corps Exchanges, or
other activities, conducted by an instrumentality of
the United States subject to the jurisdiction of the
Secretary of Defense, at installations of the
Department of Defense for the comfort, pleasure,
contentment, and mental and physical improvement of
personnel of such Department; and for purposes of
paragraphs (1) and (2) the Secretary of Defense shall
be deemed to be the head of such instrumentality. The
provisions of paragraphs (1) and (2) shall be
applicable also in the case of service performed by a
civilian employee, not compensated from funds
appropriated by the Congress, in the Coast Guard
Exchanges or other activities, conducted by an
instrumentality of the United States subject to the
jurisdiction of the Secretary of Transportation, at
installations of the Coast Guard for the comfort,
pleasure, contentment, and mental and physical
improvement of personnel of the Coast Guard; and for
purposes of paragraphs (1) and (2) the Secretary of
Transportation shall be deemed to be the head of such
instrumentality.
(q) Expedited benefit payments.--
(1) The Commissioner of Social Security shall
establish and put into effect procedures under which
expedited payment of monthly insurance benefits under
this title will, subject to paragraph (4) of this
subsection, be made as set forth in paragraphs (2) and
(3) of this subsection.
(2) In any case in which--
(A) an individual makes an allegation that a
monthly benefit under this title was due him in
a particular month but was not paid to him, and
(B) such individual submits a written request
for the payment of such benefit--
(i) in the case of an individual who
received a regular monthly benefit in
the month preceding the month with
respect to which such allegation is
made, not less than 30 days after the
15th day of the month with respect to
which such allegation is made (and in
the event that such request is
submitted prior to the expiration of
such 30-day period, it shall be deemed
to have been submitted upon the
expiration of such period), and
(ii) in any other case, not less than
90 days after the later of (I) the date
on which such benefit is alleged to
have been due, or (II) the date on
which such individual furnished the
last information requested by the
Commissioner of Social Security (and
such written request will be deemed to
be filed on the day on which it was
filed, or the ninetieth day after the
first day on which the Commissioner of
Social Security has evidence that such
allegation is true, whichever is
later), the Commissioner of Social
Security shall, if the Commissioner
finds that benefits are due, certify
such benefits for payment, and payment
shall be made within 15 days
immediately following the date on which
the written request is deemed to have
been filed.
(3) In any case in which the Commissioner of Social
Security determines that there is evidence, although
additional evidence might be required for a final
decision, that an allegation described in paragraph
(2)(A) is true, the Commissioner may make a preliminary
certification of such benefit for payment even though
the 30-day or 90-day periods described in paragraph
(2)(B)(i) and (B)(ii) have not elapsed.
(4) Any payment made pursuant to a certification
under paragraph (3) of this subsection shall not be
considered an incorrect payment for purposes of
determining the liability of the certifying or
disbursing officer.
(5) For purposes of this subsection, benefits payable
under section 228 shall be treated as monthly insurance
benefits payable under this title. However, this
subsection shall not apply with respect to any benefit
for which a check has been negotiated, or with respect
to any benefit alleged to be due under either section
223, or section 202 to a wife, husband, or child of an
individual entitled to or applying for benefits under
section 223, or to a child who has attained age 18 and
is under a disability, or to a widow or widower on the
basis of being under a disability.
(r) Use of death certificates to correct program
information.--
(1) The Commissioner of Social Security shall
undertake to establish a program under which--
(A) States (or political subdivisions
thereof) voluntarily contract with the
Commissioner of Social Security to furnish the
Commissioner of Social Security periodically
with information (in a form established by the
Commissioner of Social Security in consultation
with the States) concerning individuals with
respect to whom death certificates (or
equivalent documents maintained by the States
or subdivisions) have been officially filed
with them; and
(B) there will be (i) a comparison of such
information on such individuals with
information on such individuals in the records
being used in the administration of this Act,
(ii) validation of the results of such
comparisons, and (iii) corrections in such
records to accurately reflect the status of
such individuals.
(2) Each State (or political subdivision thereof)
which furnishes the Commissioner of Social Security
with information on records of deaths in the State or
subdivision under this subsection may be paid by the
Commissioner of Social Security from amounts available
for administration of this Act the reasonable costs
(established by the Commissioner of Social Security in
consultations with the States) for transcribing and
transmitting such information to the Commissioner of
Social Security.
(3) In the case of individuals with respect to whom
federally funded benefits are provided by (or through)
a Federal or State agency other than under this Act,
the Commissioner of Social Security shall to the extent
feasible provide such information through a cooperative
arrangement with such agency, for ensuring proper
payment of those benefits with respect to such
individuals if--
(A) under such arrangement the agency
provides reimbursement to the Commissioner of
Social Security for the reasonable cost of
carrying out such arrangement, and
(B) such arrangement does not conflict with
the duties of the Commissioner of Social
Security under paragraph (1).
(4) The Commissioner of Social Security may enter
into similar agreements with States to provide
information for their use in programs wholly funded by
the States if the requirements of subparagraphs (A) and
(B) of paragraph (3) are met.
(5) The Commissioner of Social Security may use or
provide for the use of such records as may be corrected
under this section, subject to such safeguards as the
Commissioner of Social Security determines are
necessary or appropriate to protect the information
from unauthorized use or disclosure, for statistical
and research activities conducted by Federal and State
agencies.
(6) Information furnished to the Commissioner of
Social Security under this subsection may not be used
for any purpose other than the purpose described in
this subsection and is exempt from disclosure under
section 552 of title 5, United States Code, and from
the requirements of section 552a of such title.
(7) The Commissioner of Social Security shall include
information on the status of the program established
under this section and impediments to the effective
implementation of the program in the 1984 report
required under section 704 of the Act.
(8)(A) The Commissioner of Social Security shall,
upon the request of the official responsible for a
State driver's license agency pursuant to the Help
America Vote Act of 2002--
(i) enter into an agreement with such
official for the purpose of verifying
applicable information, so long as the
requirements of subparagraphs (A) and (B) of
paragraph (3) are met; and
(ii) include in such agreement safeguards to
assure the maintenance of the confidentiality
of any applicable information disclosed and
procedures to permit such agency to use the
applicable information for the purpose of
maintaining its records.
(B) Information provided pursuant to an agreement
under this paragraph shall be provided at such time, in
such place, and in such manner as the Commissioner
determines appropriate.
(C) The Commissioner shall develop methods to verify
the accuracy of information provided by the agency with
respect to applications for voter registration, for
whom the last 4 digits of a social security number are
provided instead of a driver's license number.
(D) For purposes of this paragraph--
(i) the term ``applicable information'' means
information regarding whether--
(I) the name (including the first
name and any family forename or
surname), the date of birth (including
the month, day, and year), and social
security number of an individual
provided to the Commissioner match the
information contained in the
Commissioner's records, and
(II) such individual is shown on the
records of the Commissioner as being
deceased; and
(ii) the term ``State driver's license
agency'' means the State agency which issues
driver's licenses to individuals within the
State and maintains records relating to such
licensure.
(E) Nothing in this paragraph may be construed to
require the provision of applicable information with
regard to a request for a record of an individual if
the Commissioner determines there are exceptional
circumstances warranting an exception (such as safety
of the individual or interference with an
investigation).
(F) Applicable information provided by the Commission
pursuant to an agreement under this paragraph or by an
individual to any agency that has entered into an
agreement under this paragraph shall be considered as
strictly confidential and shall be used only for the
purposes described in this paragraph and for carrying
out an agreement under this paragraph. Any officer or
employee or former officer or employee of a State, or
any officer or employee or former officer or employee
of a contractor of a State who, without the written
authority of the Commissioner, publishes or
communicates any applicable information in such
individual's possession by reason of such employment or
position as such an officer, shall be guilty of a
felony and upon conviction thereof shall be fined or
imprisoned, or both, as described in section 208.
(s) Notice requirements.--The Commissioner of Social Security
shall take such actions as are necessary to ensure that any
notice to one or more individuals issued pursuant to this title
by the Commissioner of Social Security or by a State agency--
(1) is written in simple and clear language, and
(2) includes the address and telephone number of the
local office of the Social Security Administration
which serves the recipient. In the case of any such
notice which is not generated by a local servicing
office, the requirements of paragraph (2) shall be
treated as satisfied if such notice includes the
address of the local office of the Social Security
Administration which services the recipient of the
notice and a telephone number through which such office
can be reached.
(t) Same-day personal interviews at field offices in cases
where time is of the essence.--In any case in which an
individual visits a field office of the Social Security
Administration and represents during the visit to an officer or
employee of the Social Security Administration in the office
that the individual's visit is occasioned by--
(1) the receipt of a notice from the Social Security
Administration indicating a time limit for response by
the individual, or
(2) the theft, loss, or nonreceipt of a benefit
payment under this title, the Commissioner of Social
Security shall ensure that the individual is granted a
face-to-face interview at the office with an officer or
employee of the Social Security Administration before
the close of business on the day of the visit.
(u) Redetermination of entitlement in cases of fraud or
similar fault.--
(1)(A) The Commissioner of Social Security shall
immediately redetermine the entitlement of individuals
to monthly insurance benefits under this title if there
is reason to believe that fraud or similar fault was
involved in the application of the individual for such
benefits, unless a United States attorney, or
equivalent State prosecutor, with jurisdiction over
potential or actual related criminal cases, certifies,
in writing, that there is a substantial risk that such
action by the Commissioner of Social Security with
regard to beneficiaries in a particular investigation
would jeopardize the criminal prosecution of a person
involved in a suspected fraud.
(B) When redetermining the entitlement, or making an
initial determination of entitlement, of an individual
under this title, the Commissioner of Social Security
shall disregard any evidence if there is reason to
believe that fraud or similar fault was involved in the
providing of such evidence.
(2) For purposes of paragraph (1), similar fault is
involved with respect to a determination if--
(A) an incorrect or incomplete statement that
is material to the determination is knowingly
made; or
(B) information that is material to the
determination is knowingly concealed.
(3) If, after redetermining pursuant to this
subsection the entitlement of an individual to monthly
insurance benefits, the Commissioner of Social Security
determines that there is insufficient evidence to
support such entitlement, the Commissioner of Social
Security may terminate such entitlement and may treat
benefits paid on the basis of such insufficient
evidence as overpayments.