[Congressional Bills 110th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3046 Reported in House (RH)]
Union Calendar No. 210
110th CONGRESS
1st Session
H. R. 3046
[Report No. 110-339]
To amend the Social Security Act to enhance Social Security account
number privacy protections, to prevent fraudulent misuse of the Social
Security account number, and to otherwise enhance protection against
identity theft, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
July 16, 2007
Mr. McNulty (for himself, Mr. Sam Johnson of Texas, Mr. Rangel, Mr.
McCrery, Mr. Stark, Mr. Levin, Mr. Lewis of Georgia, Mr. Lewis of
Kentucky, Mr. Wolf, Mr. Becerra, Mr. Doggett, Mr. Pomeroy, Mr. Larson
of Connecticut, Mr. Emanuel, Mr. Blumenauer, Mr. Pascrell, Mr. Meek of
Florida, Mr. Hastings of Washington, Ms. Matsui, Mrs. Capps, Mr. Farr,
Mr. Rodriguez, Mr. Filner, Ms. McCollum of Minnesota, and Mr. Hinchey)
introduced the following bill; which was referred to the Committee on
Ways and Means
September 24, 2007
Additional sponsors: Mr. Davis of Illinois, Mr. Miller of Florida, Mr.
Saxton, Mr. Sullivan, Mr. Carter, Mr. Latham, Mr. King of New York, Ms.
Schakowsky, Ms. Linda T. Sanchez of California, Mr. Higgins, Mr. George
Miller of California, Mr. Gohmert, Ms. Corrine Brown of Florida, Mr.
McHugh, Mr. Kuhl of New York, Mr. Obey, Mrs. McMorris Rodgers, Ms.
Kilpatrick, Ms. Ginny Brown-Waite of Florida, Mr. Pastor, Ms. Bordallo,
Mr. DeFazio, Mr. Delahunt, Mrs. Lowey, Mrs. McCarthy of New York, Ms.
Woolsey, Mr. Sestak, Ms. Foxx, and Mr. Reyes
September 24, 2007
Reported with an amendment, committed to the Committee of the Whole
House on the State of the Union, and ordered to be printed
[Strike out all after the enacting clause and insert the part printed
in italic]
[For text of introduced bill, see copy of bill as introduced on July
16, 2007]
_______________________________________________________________________
A BILL
To amend the Social Security Act to enhance Social Security account
number privacy protections, to prevent fraudulent misuse of the Social
Security account number, and to otherwise enhance protection against
identity theft, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE AND TABLE OF CONTENTS.
(a) Short Title.--This Act may be cited as the ``Social Security
Number Privacy and Identity Theft Prevention Act of 2007''.
(b) Table of Contents.--The table of contents is as follows:
Sec. 1. Short title and table of contents.
Sec. 2. Restrictions on the sale or display to the general public of
social security account numbers by
governmental entities.
Sec. 3. Prohibition of display of social security account numbers on
checks issued for payment by governmental
entities.
Sec. 4. Prohibition of the display of social security account numbers
on certain government identification cards
or tags.
Sec. 5. Prohibition of inmate access to social security account
numbers.
Sec. 6. Measures to preclude unauthorized disclosure by governmental
entities of social security account numbers
and protect the confidentiality of such
numbers.
Sec. 7. Uniform standards for truncation of the social security account
number.
Sec. 8. Prohibition of the sale, purchase, and display to the general
public of the social security account
number in the private sector.
Sec. 9. New criminal penalties for misuse of social security account
numbers.
Sec. 10. Extension of civil monetary penalty authority.
Sec. 11. Criminal penalties for employees of the Social Security
Administration who knowingly and
fraudulently issue social security cards or
social security account numbers.
Sec. 12. Enhanced penalties in cases of terrorism, drug trafficking,
crimes of violence, or prior offenses.
Sec. 13. Regulatory and enforcement authority with respect to misuse of
the social security account number.
Sec. 14. Study on feasibility of banning social security account number
as an authenticator.
SEC. 2. RESTRICTIONS ON THE SALE OR DISPLAY TO THE GENERAL PUBLIC OF
SOCIAL SECURITY ACCOUNT NUMBERS BY GOVERNMENTAL ENTITIES.
(a) In General.--Section 205(c)(2)(C) of the Social Security Act
(42 U.S.C. 405(c)(2)(C)) is amended by adding at the end the following
new clause:
``(x)(I) A governmental entity (as defined in subclause (X)) may
not sell or display to the general public any social security account
number if such number has been disclosed to such governmental entity
pursuant to the assertion by such governmental entity to any person
that disclosure of such number is a statutory or regulatory
requirement. Notwithstanding the preceding sentence, such number may be
sold or displayed to the general public in accordance with the
exceptions specified in subclauses (II), (III), (IV), (V), (VI), (VII),
and (VIII) (and for no other purpose).
``(II) Notwithstanding subclause (I), a social security account
number may be sold by a governmental entity to the extent that such
sale is specifically authorized by this Act or the Privacy Act of 1974.
``(III) Notwithstanding subclause (I), a social security account
number may be sold by a governmental entity to the extent that is
necessary or appropriate for law enforcement or national security
purposes, as determined under regulations which shall be issued as
provided in section 1129C.
``(IV) Notwithstanding subclause (I), a social security account
number may be sold by a governmental entity to the extent that such
sale is required to comply with a tax law of the United States or of
any State (or political subdivision thereof).
``(V) Notwithstanding subclause (I), a social security account
number may be sold by a State department of motor vehicles as
authorized under subsection (b) of section 2721 of title 18, United
States Code, if such number is to be used pursuant to such sale solely
for purposes permitted under paragraph (1), (6), or (9) of such
subsection.
``(VI) Notwithstanding subclause (I), a social security account
number may be sold or otherwise made available by a governmental entity
to a consumer reporting agency (as defined in section 603(f) of the
Fair Credit Reporting Act (15 U.S.C. 1681a(f))) for use or disclosure
solely for permissible purposes described in section 604(a) of such Act
(15 U.S.C. 1681b(a)).
``(VII) Notwithstanding subclause (I), a social security account
number may be sold by a governmental entity to the extent necessary for
research (other than market research) conducted by any governmental
entity for the purpose of advancing the public good, on the condition
that the researcher provides adequate assurances that the social
security account numbers will not be used to harass, target, or
publicly reveal information concerning any identifiable individuals,
that information about identifiable individuals obtained from the
research will not be used to make decisions that directly affect the
rights, benefits, or privileges of specific individuals, and that the
researcher has in place appropriate safeguards to protect the privacy
and confidentiality of any information about identifiable individuals,
including procedures to ensure that the social security account numbers
will be encrypted or otherwise appropriately secured from unauthorized
disclosure. In the case of medical research, the Commissioner of Social
Security shall maintain ongoing consultation with the Office for Civil
Rights of the Department of Health and Human Services to ensure that
the sale or purchase of social security account numbers which
constitute personally identifiable medical information is permitted
only in compliance with existing Federal rules and regulations
prescribed by the Secretary of Health and Human Services pursuant to
section 264(c) of the Health Insurance Portability and Accountability
Act of 1996 (110 Stat. 2033).
``(VIII) Notwithstanding subclause (I), a social security account
number may be sold or displayed to the general public by a governmental
entity under such other circumstances as may be specified in
regulations issued as provided in section 1129C.
``(IX) This clause does not apply with respect to a social security
account number of a deceased individual.
``(X) For purposes of this clause, the term `governmental entity'
means an executive, legislative, or judicial agency or instrumentality
of the Federal Government or of a State or political subdivision
thereof, a federally recognized Indian tribe, or a trustee appointed in
a case under title 11, United States Code. Such term includes a person
acting as an agent of such an agency or instrumentality, Indian tribe,
or trustee. For purposes of this subclause, the term `State' has the
meaning provided in subparagraph (D)(iii)(II).
``(XI) For purposes of this clause, the term `sell' means, in
connection with a social security account, to obtain, directly or
indirectly, anything of value in exchange for such number. Such term
does not include the submission of such number as part of the process
for applying for any type of Government benefits or programs (such as
grants, loans, or welfare or other public assistance programs) or as
part of the administration of, or provision of benefits under, an
employee benefit plan.
``(XII) For purposes of this clause, the term `display to the
general public' shall have the meaning provided such term in section
208A(a)(3)(A). In any case in which a governmental entity requires
transmittal to such governmental entity of an individual's social
security account number by means of the Internet without ensuring that
such number is encrypted or otherwise appropriately secured from
disclosure, any such transmittal of such number as so required shall be
treated, for purposes of this clause, as a `display to the general
public' of such number by such governmental entity for purposes of this
clause.
``(XIII) For purposes of this clause, the term `social security
account number' includes any derivative of such number. Notwithstanding
the preceding sentence, any expression, contained in or on any item
sold or displayed to the general public, shall not be treated as a
social security account number solely because such expression sets
forth not more than the last 4 digits of such number, if the remainder
of such number cannot be determined based solely on such expression or
any other matter presented in or on such item.
``(XIV) Nothing in the preceding subclauses of this clause shall be
construed as superseding, altering, or affecting any statute,
regulation, order, or interpretation in effect under any other Federal
or State law, except to the extent that such statute, regulation,
order, or interpretation is inconsistent with such subclauses, and then
only to the extent of the inconsistency. For purposes of this
subclause, a statue, regulation, order, or interpretation is not
inconsistent with the preceding subclauses of this clause if the
protection such statute, regulation, order, or interpretation affords
any person is greater than the protection provided under such
subclauses.''.
(b) Effective Date and Related Rules.--
(1) In general.--Initial final regulations prescribed to
carry out the provisions of section 205(c)(2)(C)(x) of the
Social Security Act (added by this section) shall be issued not
later than the last date of the 18th calendar month following
the date of the enactment of this Act. Such provisions shall
take effect, with respect to matters governed by such
regulations issued by the Commissioner of Social Security or
any other agency or instrumentality of the United States, 1
year after the date of the issuance of such regulations by the
Commissioner or such other agency or instrumentality,
respectively. Such provisions shall apply in the case of
displays to the general public, as defined in section
208A(a)(3) of such Act (added by section 8 of this Act), to
such displays originally occurring after such 1-year period.
Such provisions shall not apply with respect to any display of
a record (containing a social security account number (or any
derivative thereof)) generated prior to the close of such 1-
year period.
(2) Sunset of exception.--The last sentence of subclause
(XIII) of section 205(c)(2)(C)(x) of the Social Security Act
(added by this section) shall cease to be effective with
respect to sales or displays to the general public occurring
after 2 years after the effective date of the initial final
regulations prescribed to carry out the provisions of such
section 205(c)(2)(C)(x).
SEC. 3. PROHIBITION OF DISPLAY OF SOCIAL SECURITY ACCOUNT NUMBERS ON
CHECKS ISSUED FOR PAYMENT BY GOVERNMENTAL ENTITIES.
(a) In General.--Section 205(c)(2)(C) of the Social Security Act
(42 U.S.C. 405(c)(2)(C)) (as amended by section 2 of this Act) is
amended further by adding at the end the following new clause:
``(xi) No governmental entity (as defined in clause (x)(X)) may
include the social security account number of any individual (or any
derivative of such number) on any check issued for any payment by such
governmental entity or on any document attached to or accompanying such
a check.''.
(b) Effective Date.--The amendment made by this section shall apply
with respect to checks (and documents attached to or accompanying such
checks) issued after 1 year after the date of the enactment of this
Act.
SEC. 4. PROHIBITION OF THE DISPLAY OF SOCIAL SECURITY ACCOUNT NUMBERS
ON CERTAIN GOVERNMENT IDENTIFICATION CARDS OR TAGS.
(a) In General.--Section 205(c)(2)(C) of the Social Security Act
(42 U.S.C. 405(c)(2)(C)) (as amended by the preceding provisions of
this Act) is amended further by adding at the end the following new
clause:
``(xii) No governmental entity (as defined in clause (x)(X)), and
no other person offering benefits in connection with an employee
benefit plan maintained by such governmental entity, may display a
social security account number (or any derivative thereof) on any card
or tag that is commonly provided--
``(I) to employees of such governmental entity,
``(II) in the case of a governmental entity which is an
educational institution, to its students, or
``(III) in the case of a governmental entity which is a
medical institution, to its patients,
(or to their family members) for purposes of identification or include
on such card or tag a magnetic strip, bar code, or other means of
communication which conveys such number (or derivative thereof). The
requirements of this clause shall also apply to the Medicare card
issued by the Department of Health and Human Services.''.
(b) Effective Date.--The amendment made by this section shall apply
with respect to cards or tags issued after 1 year after the date of the
enactment of this Act, except that the last sentence of section
205(c)(2)(C)(xii) (as added by this section) shall take effect 2 and
one-half years after the date of the enactment of this Act.
SEC. 5. PROHIBITION OF INMATE ACCESS TO SOCIAL SECURITY ACCOUNT
NUMBERS.
(a) In General.--Section 205(c)(2)(C) of the Social Security Act
(42 U.S.C. 405(c)(2)(C)) (as amended by the preceding provisions of
this Act) is amended further by adding at the end the following new
clause:
``(xiii) No governmental entity (as defined in clause (x)(X)) may
employ, or enter into a contract for the use or employment of,
prisoners in any capacity that would allow such prisoners access to the
social security account numbers of other individuals (or any
derivatives of such numbers). For purposes of this clause, the term
`prisoner' means an individual confined in a jail, prison, or other
penal institution or correctional facility.''.
(b) Effective Date.--
(1) In general.--Except as provided in paragraph (2), the
amendment made by this section shall apply with respect to
employment of prisoners, or entry into contract for the use or
employment of prisoners, on or after the date of the enactment
of this Act.
(2) Treatment of current arrangements.--In the case of--
(A) prisoners employed as described in clause
(xiii) of section 205(c)(2)(C) of the Social Security
Act (as added by this section) on the date of the
enactment of this Act, and
(B) contracts described in such clause in effect on
such date,
the amendment made by this section shall take effect 90 days
after the date of the enactment of this Act.
SEC. 6. MEASURES TO PRECLUDE UNAUTHORIZED DISCLOSURE BY GOVERNMENTAL
ENTITIES OF SOCIAL SECURITY ACCOUNT NUMBERS AND PROTECT
THE CONFIDENTIALITY OF SUCH NUMBERS.
(a) In General.--Section 205(c)(2)(C) of the Social Security Act
(42 U.S.C. 405(c)(2)(C)) (as amended by the preceding provisions of
this Act) is amended further by adding at the end the following new
clause:
``(xiv) Except as otherwise provided in this paragraph, in the case
of any governmental entity (as defined in clause (x)(X)) having access
to an individual's social security account number--
``(I) no officer or employee thereof shall have access to
such number for any purpose other than the effective
administration of the statutory provisions governing its
functions,
``(II) such governmental entity shall restrict, to the
satisfaction of the Commissioner of Social Security, access to
social security account numbers obtained thereby to officers
and employees thereof whose duties or responsibilities require
access for the administration or enforcement of such
provisions, and
``(III) such governmental entity shall provide such other
safeguards as the Commissioner determines to be necessary or
appropriate to preclude unauthorized access to the social
security account number and to otherwise protect the
confidentiality of such number.
For purposes of this clause the term `social security account number'
includes any derivative thereof.''.
(b) Effective Date.--The amendment made by this section shall take
effect 1 year after the date of the enactment of this Act.
SEC. 7. UNIFORM STANDARDS FOR TRUNCATION OF THE SOCIAL SECURITY ACCOUNT
NUMBER.
(a) In General.--Section 205(c)(2)(C) of the Social Security Act
(42 U.S.C. 405(c)(2)(C)) (as amended by the preceding provisions of
this Act) is amended further by adding at the end the following new
clause:
``(xv) The truncation by any governmental entity (as defined in
clause (x)(X)) or by any person in the private sector of an
individual's social security account number which is used by such
governmental entity or person otherwise in accordance with the
requirements of this Act shall be in accordance with a uniform
truncation standard which shall be specified in regulations prescribed
by the Commissioner of Social Security. Under such standard, the number
as truncated shall set forth not more than the last 4 digits of the
number. Nothing in this clause shall be construed to authorize any use
of the social security account number which is not otherwise authorized
by this title or regulations prescribed thereunder.''.
(b) Effective Date.--Initial final regulations prescribed to carry
out the provisions of section 205(c)(2)(C)(xv) of the Social Security
Act (added by this section) shall be issued not later than the last
date of the 18th calendar month following the date of the enactment of
this Act. Such provisions shall take effect, with respect to matters
governed by such regulations issued by the Commissioner or any other
agency or instrumentality of the United States, 1 year after the date
of the issuance of such regulations by the Commissioner or such other
agency or instrumentality, respectively.
SEC. 8. PROHIBITION OF THE SALE, PURCHASE, AND DISPLAY TO THE GENERAL
PUBLIC OF THE SOCIAL SECURITY ACCOUNT NUMBER IN THE
PRIVATE SECTOR.
(a) In General.--Title II of the Social Security Act is amended by
inserting after section 208 (42 U.S.C. 408) the following new section:
``prohibition of the sale, purchase, and display to the general public
of the social security account number in the private sector
``Sec. 208A. (a) Definitions.--For purposes of this section:
``(1) Person.--
``(A) In general.--Subject to subparagraph (B), the
term `person' means any individual, partnership,
corporation, trust, estate, cooperative, association,
or any other entity.
``(B) Exclusion of governmental entities.--Such
term does not include a governmental entity. Nothing in
this subparagraph shall be construed to authorize, in
connection with a governmental entity, an act or
practice otherwise prohibited under this section or
section 205(c)(2)(C).
``(2) Selling and purchasing.--
``(A) In general.--Subject to subparagraph (B)--
``(i) Sell.--The term `sell' in connection
with a social security account number means to
obtain, directly or indirectly, anything of
value in exchange for such number.
``(ii) Purchase.--The term `purchase' in
connection with a social security account
number means to provide, directly or
indirectly, anything of value in exchange for
such number.
``(B) Exceptions.--The terms `sell' and `purchase'
in connection with a social security account number do
not include the submission of such number as part of--
``(i) the process for applying for any type
of Government benefits or programs (such as
grants or loans or welfare or other public
assistance programs),
``(ii) the administration of, or provision
of benefits under, an employee benefit plan, or
``(iii) the sale, lease, merger, transfer,
or exchange of a trade or business.
``(3) Display to the general public.--
``(A) In general.--The term `display to the general
public' means, in connection with a social security
account number, to intentionally place such number in a
viewable manner on an Internet site that is available
to the general public or to make such number available
in any other manner intended to provide access to such
number by the general public.
``(B) Internet transmissions.--In any case in which
a person requires transmittal to such person of an
individual's social security account number by means of
the Internet without ensuring that such number is
encrypted or otherwise well-secured from disclosure,
any such transmittal of such number as so required
shall be treated as a `display to the general public'
of such number by such person.
``(4) Social security account number.--
``(A) In general.--The term `social security
account number' has the meaning given such term in
section 208(e), except that such term includes any
derivative of such number.
``(B) 4-digit expression.--Notwithstanding the
preceding sentence, for purposes of subsection
(b)(1)(A), any expression, contained in or on any item
sold or displayed to the general public, shall not be
treated as a social security account number solely
because such expression sets forth not more than the
last 4 digits of such number, if the remainder of such
number cannot be determined based solely on such
expression or any other matter presented in or on such
item.
``(5) Governmental entity.--
``(A) In general.--The term `governmental entity'
means an executive, legislative, or judicial agency or
instrumentality of the Federal Government, a State or
political subdivision thereof, a federally recognized
Indian tribe, or a trustee appointed in a case under
title 11, United States Code. Such term includes a
person acting as an agent of such an agency or
instrumentality, Indian tribe, or trustee.
``(B) State.--The term `State' includes the
District of Columbia, the Commonwealth of Puerto Rico,
the Virgin Islands, Guam, the Commonwealth of the
Northern Marianas, and the Trust Territory of the
Pacific Islands.
``(b) Prohibition of Sale, Purchase, and Display to the General
Public.--
``(1) In general.--Except as provided in paragraph (2), it
shall be unlawful for any person to--
``(A) sell or purchase a social security account
number or display to the general public a social
security account number, or
``(B) obtain or use any individual's social
security account number for the purpose of locating or
identifying such individual with the intent to harass,
harm, or physically injure such individual or using the
identity of such individual for any illegal purpose.
``(2) Exceptions.--
``(A) In general.--Notwithstanding paragraph (1),
and subject to paragraph (3), a social security account
number may be sold or purchased by any person to the
extent provided in this subsection (and for no other
purpose) as follows:
``(i) to the extent necessary for law
enforcement, including (but not limited to) the
enforcement of a child support obligation, as
determined under regulations issued as provided
in section 1129C;
``(ii) to the extent necessary for national
security purposes, as determined under
regulations issued as provided in section
1129C;
``(iii) to the extent necessary for public
health purposes;
``(iv) to the extent necessary in emergency
situations to protect the health or safety of 1
or more individuals;
``(v) to the extent that the sale or
purchase is required to comply with a tax law
of the United States or of any State (or
political subdivision thereof);
``(vi) to the extent that the sale or
purchase is to or by a consumer reporting
agency (as defined in section 603(f) of the
Fair Credit Reporting Act (15 U.S.C. 1681a(f)))
for use or disclosure solely for permissible
purposes described in section 604(a) of such
Act (15 U.S.C. 1681b(a)); and
``(vii) to the extent necessary for
research (other than market research) conducted
by an agency or instrumentality of the United
States or of a State or political subdivision
thereof (or a person acting as an agent of such
an agency or instrumentality) for the purpose
of advancing the public good, on the condition
that the researcher provides adequate
assurances that--
``(I) the social security account
numbers will not be used to harass,
target, or publicly reveal information
concerning any identifiable
individuals;
``(II) information about
identifiable individuals obtained from
the research will not be used to make
decisions that directly affect the
rights, benefits, or privileges of
specific individuals; and
``(III) the researcher has in place
appropriate safeguards to protect the
privacy and confidentiality of any
information about identifiable
individuals, including procedures to
ensure that the social security account
numbers will be encrypted or otherwise
appropriately secured from unauthorized
disclosure.
``(B) Medical research.--In the case of research
referred to in subparagraph (A)(vii) consisting of
medical research, the Commissioner of Social Security
shall maintain ongoing consultation with the Office for
Civil Rights of the Department of Health and Human
Services to ensure that the sale or purchase of social
security account numbers which constitute personally
identifiable medical information is permitted only in
compliance with existing Federal rules and regulations
prescribed by the Secretary of Health and Human
Services pursuant to section 264(c) of the Health
Insurance Portability and Accountability Act of 1996
(110 Stat. 2033).
``(3) Consent and other circumstances determined by
regulation.--Notwithstanding paragraph (1), a social security
account number assigned to an individual may be sold or
purchased by any person--
``(A) to the extent consistent with such
individual's voluntary and affirmative written consent
to the sale or purchase, but only if--
``(i) the terms of the consent and the
right to refuse consent are presented to the
individual in a clear, conspicuous, and
understandable manner,
``(ii) the individual is placed under no
obligation to provide consent to any such sale
or purchase, and
``(iii) the terms of the consent authorize
the individual to limit the sale or purchase to
purposes directly associated with the
transaction with respect to which the consent
is sought, and
``(B) under such circumstances as may be deemed
appropriate in regulations issued as provided under
section 1129C.
``(c) Prohibition of Display on Checks.--It shall be unlawful for
any person to include the social security account number of any other
individual on any check issued for any payment by such person or on any
document attached to or accompanying such a check.
``(d) Prohibition of Unauthorized Disclosure to Government Agencies
or Instrumentalities.--
``(1) In general.--It shall be unlawful for any person to
communicate by any means to any agency or instrumentality of
the United States or of any State or political subdivision
thereof the social security account number of any individual
other than such person without the written permission of such
individual, unless the number was requested by the agency or
instrumentality. In the case of an individual who is legally
incompetent, permission provided by the individual's legal
representatives shall be deemed to be permission provided by
such individual.
``(2) Exceptions.--Paragraph (1) shall not apply to the
extent necessary--
``(A) for law enforcement, including (but not
limited to) the enforcement of a child support
obligation, or
``(B) for national security purposes,
as determined under regulations issued as provided under
section 1129C.
``(e) Prohibition of the Displays on Cards or Tags Required for
Access to Goods, Services, or Benefits.--No person may display a social
security account number on any card or tag issued to any other person
for the purpose of providing such other person access to any goods,
services, or benefits or include on such card or tag a magnetic strip,
bar code, or other means of communication which conveys such number.
``(f) Prohibition of the Displays on Employee Identification Cards
or Tags.--No person that is an employer, and no other person offering
benefits in connection with an employee benefit plan maintained by such
employer or acting as an agent of such employer, may display a social
security account number on any card or tag that is commonly provided to
employees of such employer (or to their family members) for purposes of
identification or include on such card or tag a magnetic strip, bar
code, or other means of communication which conveys such number.
``(g) Measures To Preclude Unauthorized Disclosure of Social
Security Account Numbers and Protect the Confidentiality of Such
Numbers.--Subject to the preceding provisions of this section, any
person having access to the social security account number of any
individual other than such person shall, to the extent that such access
is maintained for the conduct of such person's trade or business--
``(1) ensure that no officer or employee thereof has access
to such number for any purpose other than as necessary for the
conduct of such person's trade or business,
``(2) restrict, in accordance with regulations of the
Commissioner of Social Security, access to social security
account numbers obtained thereby to officers and employees
thereof whose duties or responsibilities require access for the
conduct of such person's trade or business, and
``(3) provide such safeguards as may be specified, in
regulations of the Commissioner of Social Security, to be
necessary or appropriate to preclude unauthorized access to the
social security account number and to otherwise protect the
confidentiality of such number.
``(h) Deceased Individuals.--This section does not apply with
respect to the social security account number of a deceased individual.
``(i) Applicability of Other Protections.--Nothing in the preceding
subsections of this section shall be construed as superseding,
altering, or affecting any statutory provision, regulation, order, or
interpretation in effect under any other Federal or State law, except
to the extent that such statutory provision, regulation, order, or
interpretation is inconsistent with such subsections, and then only to
the extent of the inconsistency. For purposes of this subclause, a
statutory provision, regulation, order, or interpretation is not
inconsistent with the preceding subsections of this section if the
protection such statutory provision, regulation, order, or
interpretation affords any person is greater than the protection
provided under such subsections.''.
(b) Effective Date and Related Rules.--
(1) In general.--Initial final regulations prescribed to
carry out the provisions of section 208A of the Social Security
Act (added by this section) shall be issued not later than the
last date of the 18th calendar month following the date of the
enactment of this Act. Such provisions shall take effect, with
respect to matters governed by such regulations issued by the
Commissioner of Social Security or any other agency or
instrumentality of the United States, 1 year after the date of
the issuance of such regulations by the Commissioner of Social
Security or such other agency or instrumentality, respectively.
Section 208A(b) of such Act shall apply in the case of displays
to the general public (as defined in section 208A(a)(3) of such
Act) to such displays to the general public originally
occurring after such 1-year period. Such provisions shall not
apply with respect to any such display to the general public of
a record (containing a social security account number (or any
derivative thereof)) generated prior to the close of such 1-
year period.
(2) Sunset of exception.--Section 208A(a)(4)(B) of the
Social Security Act (added by this section) shall cease to be
effective with respect to sales, purchases, or displays to the
general public occurring after 2 years after the effective date
of the initial final regulations prescribed to carry out the
provisions of section 208A of such Act.
SEC. 9. NEW CRIMINAL PENALTIES FOR MISUSE OF SOCIAL SECURITY ACCOUNT
NUMBERS.
(a) In General.--Section 208 of the Social Security Act (42 U.S.C.
408) is amended--
(1) in subsection (a), by inserting ``or'' at the end of
paragraph (8) and by inserting after paragraph (8) the
following new paragraph:
``(9) willfully acts or fails to act so as to cause a
violation of section 208A(b)(1)(B);''.
(2) by redesignating subsections (b) through (e) as
subsections (c) through (f), respectively;
(3) in subsection (c)(1) (as so redesignated), by inserting
``or (b)'' after ``subsection (a)''; and
(4) by inserting after subsection (a) the following new
subsection:
``(b)(1) Whoever--
``(A) knowingly, and with intent to commit, or to aid or
abet, any activity that constitutes a violation of Federal law,
or a violation of any applicable law of a State or political
subdivision thereof if the maximum penalty of such applicable
law includes imprisonment for 5 years or more--
``(i) possesses the social security account number
of another person without lawful authority, or
``(ii) possesses a social security card, knowing
that the social security account number or other
identifying information displayed on the card has been
altered, counterfeited, or forged or that the card was
falsely made, stolen, or obtained from the Social
Security Administration by use of false information;
if such activity is committed, or aided or abetted, with intent
to use such social security account number, social security
card, or other identifying information displayed on such card
in furtherance of such violation;
``(B) being--
``(i) an officer or employee of any governmental
entity (as defined in section 205(c)(2)(C)(x)(X)), or
``(ii) a person acting as an agent of a
governmental entity (as so defined),
willfully acts or fails to act so as to cause a violation of
clause (vi)(II), (xi), (xii), or (xv) of section 205(c)(2)(C);
``(C) being a trustee appointed in a case under title 11,
United States Code (or an officer or employee thereof or a
person acting as an agent thereof), willfully acts or fails to
act so as to cause a violation of clause (xi) or (xv) of
section 205(c)(2)(C); or
``(D) willfully acts or fails to act so as to cause a
violation of subsection (c), (d), (e), or (f) of section 208A
or, as a person in the private sector, willfully acts or fails
to act so as to cause a violation of section 205(c)(2)(C)(xv);
shall be guilty of a misdemeanor and upon conviction thereof shall be
fined under title 18, United States Code, or imprisoned for not more
than 1 year, or both.
``(2)(A) Whoever--
``(i) with intent to deceive, discloses, sells, or
transfers his own social security account number, assigned to
him by the Commissioner of Social Security (in the exercise of
the Commissioner's authority under section 205(c)(2) to
establish and maintain records), to any person;
``(ii) without lawful authority, offers, for a fee, to
acquire for any individual, or to assist in acquiring for any
individual, an additional social security account number or a
number that is purported to be a social security account
number;
``(iii) being--
``(I) an officer or employee of any governmental
entity (as defined in section 205(c)(2)(C)(x)(X)), or
``(II) a person acting as an agent of a
governmental entity (as so defined),
willfully acts or fails to act so as to cause a violation of
clause (x), (xiii), or (xiv) of section 205(c)(2)(C);
``(iv) being a trustee appointed in a case under title 11,
United States Code (or an officer or employee thereof or a
person acting as an agent thereof), willfully acts or fails to
act so as to cause a violation of clause (x) or (xiv) of
section 205(c)(2)(C); or
``(v) willfully acts or fails to act so as to cause a
violation of subsection (b)(1)(A) or (g) of section 208A;
shall be fined, imprisoned, or both, as provided in subparagraph (B).
``(B) A person convicted of a violation described in subparagraph
(A) shall--
``(i) be fined under title 18, United States Code, imprisoned not
more than 1 year, or both; and
``(ii) if the offense is committed under false pretenses or for
commercial advantage, personal gain, or malicious harm, be fined under
title 18, United States Code, imprisoned not more than 5 years, or
both.''.
(b) Effective Dates.--The amendments made by this section shall
apply with respect to each violation occurring after the date of the
enactment of this Act, except that subparagraphs (B), (C), and (D) of
section 208(b)(1) of such Act and clauses (iii), (iv), and (v) of
section 208(b)(2)(A) of such Act (added by subsection (a)(3)) shall
apply, in connection with violations of clause (x), (xi), (xii),
(xiii), (xiv), or (xv) of section 205(c)(2)(C) or section 208A, with
respect to each violation occurring on or after the effective date
applicable with respect to such violation under section 2, 3, 4, 5, 6,
7, or 8.
SEC. 10. EXTENSION OF CIVIL MONETARY PENALTY AUTHORITY.
(a) Application of Civil Money Penalties to Elements of Criminal
Violations.--Section 1129(a) of the Social Security Act (42 U.S.C.
1320a-8(a)) is amended--
(1) by redesignating paragraphs (2) and (3) as paragraphs
(4) and (5), respectively;
(2) by designating the last sentence of paragraph (1) as a
new paragraph (2), appearing after and below paragraph (1); and
(3) by inserting after paragraph (2) (as designated under
paragraph (2) of this subsection) the following:
``(3) Any person (including an organization, agency, or other
entity) who--
``(A) uses a social security account number that such
person knows or should know has been assigned by the
Commissioner of Social Security (in an exercise of authority
under section 205(c)(2) to establish and maintain records) on
the basis of false information furnished to the Commissioner by
any person;
``(B) falsely represents a number to be the social security
account number assigned by the Commissioner of Social Security
to any individual, when such person knows or should know that
such number is not the social security account number assigned
by the Commissioner to such individual;
``(C) with intent to deceive, alters a social security card
that the person knows or should know was issued by the
Commissioner of Social Security, or possesses such a card with
intent to alter it;
``(D) buys or sells a card that such person knows or should
know is, or is purported to be, a card issued by the
Commissioner of Social Security, or possesses such a card with
intent to buy or sell it;
``(E) counterfeits a social security card, or possesses a
counterfeit social security card with intent to buy or sell it;
``(F) discloses, uses, compels the disclosure of, or
knowingly sells or purchases the social security account number
of any person in violation of the laws of the United States;
``(G) with intent to deceive the Commissioner of Social
Security as to such person's true identity (or the true
identity of any other person), furnishes or causes to be
furnished false information to the Commissioner with respect to
any information required by the Commissioner in connection with
the establishment and maintenance of the records provided for
in section 205(c)(2);
``(H) without lawful authority, offers, for a fee, to
acquire for any individual, or to assist in acquiring for any
individual, an additional social security account number or a
number which is purported to be a social security account
number;
``(I) with intent to deceive, discloses, sells, or
transfers his own social security account number, assigned to
him by the Commissioner of Social Security under section
205(c)(2)(B), to any person;
``(J) knowingly, and with intent to commit, or to aid or
abet, any activity that constitutes a violation of Federal law,
or a violation of any applicable law of a State or political
subdivision thereof if the maximum penalty of such applicable
law includes imprisonment for 5 years or more--
``(i) possesses a social security account number of
another individual without lawful authority, or
``(ii) possesses a social security card, knowing
that the social security account number or other
identifying information displayed on the card has been
altered, counterfeited, or forged or that the card was
falsely made, stolen, or obtained from the Social
Security Administration by use of false information,
if such activity is committed, or aided or abetted, with intent
to use such social security account number, social security
card, or other identifying information displayed on such card
in furtherance of such violation;
``(K) being--
``(i) an officer or employee of a governmental
entity (as defined in section 205(c)(2)(C)(x)(X)), or
``(ii) a person acting as an agent of a
governmental entity (as so defined),
willfully acts or fails to act so as to cause a violation of
clause (vi)(II), (x), (xi), (xii), (xiii), (xiv), or (xv) of
section 205(c)(2)(C);
``(L) being a trustee appointed in a case under title 11,
United States Code (or an officer or employee thereof or a
person acting as an agent thereof), willfully acts or fails to
act so as to cause a violation of clause (x), (xi), (xiv), or
(xv) of section 205(c)(2)(C);
``(M) violates section 208A (relating to prohibition of the
sale, purchase, or display of the social security account
number in the private sector) or, as a person in the private
sector, violates section 205(c)(2)(C)(xv); or
``(N) violates section 208(g) (relating to fraud by social
security administration employees);
shall be subject to, in addition to any other penalties that may be
prescribed by law, a civil money penalty of not more than $5,000 for
each violation. Such person shall also be subject to an assessment, in
lieu of damages sustained by the United States resulting from such
violation, of not more than twice the amount of any benefits or
payments paid as a result of such violation.''.
(b) Effective Dates.--The amendments made by this section shall
apply with respect to violations committed after the date of the
enactment of this Act, except that subparagraphs (J), (K), (L), and (M)
of section 1129(a)(3) of the Social Security Act (added by subsection
(a)) shall apply with respect to violations of the provisions of clause
(x), (xi), (xii), (xiii), (xiv), or (xv) of section 205(c)(2)(C) or
section 208A occurring on or after the applicable effective date
provided in connection with such provisions under section 2, 3, 4, 5,
6, 7, or 8 of this Act.
SEC. 11. CRIMINAL PENALTIES FOR EMPLOYEES OF THE SOCIAL SECURITY
ADMINISTRATION WHO KNOWINGLY AND FRAUDULENTLY ISSUE
SOCIAL SECURITY CARDS OR SOCIAL SECURITY ACCOUNT NUMBERS.
(a) In General.--Section 208 of the Social Security Act (as amended
by section 9) is amended further by adding at the end the following new
subsection:
``(g)(1) Whoever is an employee of the Social Security
Administration and knowingly and fraudulently sells or transfers one or
more social security account numbers or social security cards shall,
upon conviction, be guilty of a felony and fined under title 18, United
States Code, imprisoned as provided in paragraph (2), or both.
``(2) Imprisonment for a violation described in paragraph (1) shall
be for--
``(A) not more than 5 years, in the case of an employee of
the Social Security Administration who has fraudulently sold or
transferred not more than 50 social security account numbers or
social security cards,
``(B) not more than 10 years, in the case of an employee of
the Social Security Administration who has fraudulently sold or
transferred more than 50, but not more than 100, social
security account numbers or social security cards, or
``(C) not more than 20 years, in the case of an employee of
the Social Security Administration who has fraudulently sold or
transferred more than 100 social security account numbers or
social security cards.
``(3) For purposes of this subsection--
``(A) The term `social security employee' means any State
employee of a State disability determination service, any
officer, employee, or contractor of the Social Security
Administration, any employee of such a contractor, or any
volunteer providing services or assistance in any facility of
the Social Security Administration.
``(B) The term `social security account number' means a
social security account number assigned by the Commissioner of
Social Security under section 205(c)(2)(B) or another number
that has not been so assigned but is purported to have been so
assigned.
``(C) The term `social security card' means a card issued
by the Commissioner of Social Security under section
205(c)(2)(G), another card which has not been so issued but is
purported to have been so issued, and banknote paper of the
type described in section 205(c)(2)(G) prepared for the entry
of social security account numbers, whether fully completed or
not.''.
(b) Effective Date.--The amendment made by this section shall apply
with respect to violations occurring on or after the date of the
enactment of this Act.
SEC. 12. ENHANCED PENALTIES IN CASES OF TERRORISM, DRUG TRAFFICKING,
CRIMES OF VIOLENCE, OR PRIOR OFFENSES.
(a) Amendments to Title II.--Section 208 of the Social Security Act
(as amended by the preceding provisions of this Act) is amended
further--
(1) in subsection (a), by striking ``shall be fined'' and
all that follows and inserting the following: ``shall be fined,
imprisoned, or both, as provided in subsection (c).'';
(2) in subsection (b)(2)(B)(ii) (as added by section 9), by
striking ``be fined'' and all that follows and inserting the
following: ``be fined, imprisoned, or both, as provided in
subsection (c).'';
(3) by striking subsection (d);
(4) by redesignating subsection (c) as subsection (d); and
(5) by inserting after subsection (b) the following new
subsection:
``(c) A person convicted of a violation described in subsection (a)
or a violation described in subsection (b)(2)(A) which is subject to
subsection (b)(2)(B)(ii) shall be--
``(1) fined under title 18, United States Code, or
imprisoned for not more than 5 years, or both, in the case of
an initial violation, subject to paragraphs (3) and (4),
``(2) fined under title 18, United States Code, or
imprisoned for not more than 10 years, or both, in the case of
a violation which occurs after a prior conviction for another
offense under subsection (a) becomes final, subject to
paragraphs (3) and (4),
``(3) fined under title 18, United States Code, or
imprisoned for not more than 20 years, in the case of a
violation which is committed to facilitate a drug trafficking
crime (as defined in section 929(a)(2) of title 18, United
States Code) or in connection with a crime of violence (as
defined in section 924(c)(3) of title 18, United States Code)
involving force against the person of another, subject to
paragraph (4), and
``(4) fined under title 18, United States Code, or
imprisoned for not more than 25 years, in the case of a
violation which is committed to facilitate an act of
international or domestic terrorism (as defined in paragraphs
(1) and (5), respectively, of section 2331 of title 18, United
States Code).''.
(b) Amendments to Title VIII.--Section 811 of such Act (42 U.S.C.
1011) is amended--
(1) in subsection (a), by striking ``shall be fined'' and
all that follows and inserting ``shall be fined, imprisoned, or
both, as provided in subsection (b).'';
(2) by redesignating subsection (b) as subsection (c); and
(3) by inserting after subsection (a) the following new
subsection:
``(b) Punishment.--A person convicted of a violation described in
subsection (a) shall be--
``(1) fined under title 18, United States Code, or
imprisoned for not more than 5 years, or both, in the case of
an initial violation, subject to paragraphs (3) and (4),
``(2) fined under title 18, United States Code, or
imprisoned for not more than 10 years, or both, in the case of
a violation which occurs after a prior conviction for another
offense under subsection (a) becomes final, subject to
paragraphs (3) and (4),
``(3) fined under title 18, United States Code, or
imprisoned for not more than 20 years, in the case of a
violation which is committed to facilitate a drug trafficking
crime (as defined in section 929(a)(2) of title 18, United
States Code) or in connection with a crime of violence (as
defined in section 924(c)(3) of title 18, United States Code)
involving force against the person of another, subject to
paragraph (4), and
``(4) fined under title 18, United States Code, or
imprisoned for not more than 25 years, in the case of a
violation which is committed to facilitate an act of
international or domestic terrorism (as defined in paragraphs
(1) and (5), respectively, of section 2331 of title 18, United
States Code).''.
(c) Amendments to Title XVI.--Section 1632 of such Act (42 U.S.C.
1383a) is amended--
(1) in subsection (a), by striking ``shall be fined'' and
all that follows and inserting ``shall be fined, imprisoned, or
both, as provided in subsection (b).'';
(2) by redesignating subsections (b) and (c) as subsections
(c) and (d), respectively; and
(3) by inserting after subsection (a) the following new
subsection:
``(b) A person convicted of a violation described in subsection (a)
shall be--
``(1) fined under title 18, United States Code, or
imprisoned for not more than 5 years, or both, in the case of
an initial violation, subject to paragraphs (3) and (4),
``(2) fined under title 18, United States Code, or
imprisoned for not more than 10 years, or both, in the case of
a violation which occurs after a prior conviction for another
offense under subsection (a) becomes final, subject to
paragraphs (3) and (4),
``(3) fined under title 18, United States Code, or
imprisoned for not more than 20 years, in the case of a
violation which is committed to facilitate a drug trafficking
crime (as defined in section 929(a)(2) of title 18, United
States Code) or in connection with a crime of violence (as
defined in section 924(c)(3) of title 18, United States Code)
involving force against the person of another, subject to
paragraph (4), and
``(4) fined under title 18, United States Code, or
imprisoned for not more than 25 years, in the case of a
violation which is committed to facilitate an act of
international or domestic terrorism (as defined in paragraphs
(1) and (5), respectively, of section 2331 of title 18, United
States Code).''.
(d) Effective Date.--The amendments made by this section shall
apply with respect to violations occurring after the date of the
enactment of this Act.
SEC. 13. REGULATORY AND ENFORCEMENT AUTHORITY WITH RESPECT TO MISUSE OF
THE SOCIAL SECURITY ACCOUNT NUMBER.
Title XI of the Social Security Act is amended by inserting after
section 1129B (42 U.S.C. 1320a-7b) the following new section:
``regulatory and enforcement authority with respect to misuse of the
social security account number
``Sec. 1129C. (a) Regulatory Authority.--
``(1) In general.--The Commissioner of Social Security
shall prescribe regulations to carry out the provisions of
clauses (vi)(II), (x), (xi), (xii), (xiii), (xiv), and (xv) of
section 205(c)(2)(C) and section 208A. Such regulations shall
be issued in consultation with the Federal Trade Commission,
the Attorney General of the United States, the Secretary of
Homeland Security, the Secretary of Health and Human Services,
the Secretary of the Treasury, the Federal banking agencies (as
defined in section 3 of the Federal Deposit Insurance Act), the
National Credit Union Administration, the Securities and
Exchange Commission, State attorneys general, and such
representatives of the State insurance commissioners as may be
designated by the National Association of Insurance
Commissioners.
``(2) Treatment of matters relating to law enforcement and
national security.--In issuing the regulations described in
paragraph (1) with respect to the provisions of
205(c)(2)(C)(x)(III), paragraph (A) or (B) of section
208A(b)(2), or section 208A(c)(2) (relating to law enforcement
and national security), the sale or purchase of Social Security
account numbers may be authorized only if the Commissioner (or
the agency or instrumentality delegated authority to issue such
regulations under paragraph (5)) determines that--
``(A) such sale or purchase would serve a
compelling public interest that cannot reasonably be
served through alternative measures, and
``(B) such sale or purchase will not pose an
unreasonable risk of identity theft, or bodily,
emotional, or financial harm to an individual (taking
into account any restrictions and conditions that the
agency or instrumentality issuing the regulations
imposes on the sale, purchase, or disclosure).
``(3) Treatment of other matters in general discretion of
the commissioner.--
``(A) In general.--In issuing the regulations
described in paragraph (1) with respect to the
provisions of section 205(c)(2)(C)(x)(VIII) or section
208A(b)(3)(B), the sale, purchase, or display to the
general public of social security account numbers may
be authorized only after considering, among other
relevant factors--
``(i) the extent to which the authorization
of the sale, purchase, or display of the social
security account number would serve a
compelling public interest that cannot
reasonably be served through alternative
measures,
``(ii) the associated cost or burden of the
authorization to the general public,
businesses, commercial enterprises, non-profit
organizations, and Federal, State, and local
governments; and
``(iii) the associated benefit of the
authorization to the general public,
businesses, commercial enterprises, non-profit
associations, and Federal, State, and local
governments.
``(B) Restrictions and conditions.--If, after
considering the factors in subparagraph (A), the sale,
purchase, or display to the general public of social
security account numbers is authorized under
regulations referred to in subparagraph (A), the
Commissioner (or the agency or instrumentality
delegated authority to issue such regulations under
paragraph (5)) shall impose restrictions and conditions
on the sale, purchase, or display to the general public
to the extent necessary--
``(i) to provide reasonable assurances that
social security account numbers will not be
used to commit or facilitate fraud, deceptions,
or crime, and
``(ii) to prevent an unreasonable risk of
identity theft or bodily, emotional, or
financial harm to any individual, considering
the nature, likelihood, and severity of the
anticipated harm that could result from the
sale, purchase, or display to the general
public of social security account numbers,
together with the nature, likelihood, and
extent of any benefits that could be realized.
``(C) 5-year expiration date for regulations.--At
the end of the 5-year period beginning on the effective
date of any final regulations issued pursuant to this
paragraph--
``(i) such regulations shall expire, and
``(ii) new regulations may be issued
pursuant to this paragraph.
``(4) Administrative procedure.--In the issuance of
regulations pursuant to this subsection, notice shall be
provided as described in paragraphs (1), (2), and (3) of
section 553(b) of title 5, United States Code, and opportunity
to participate in the rule making shall be provided in
accordance with section 553(c) of such title.
``(5) Delegation to other agencies.--Any agency or
instrumentality of the United States may exercise the authority
of the Commissioner under this subsection, with respect to
matters otherwise subject to regulation by such agency or
instrumentality, to the extent determined appropriate in
regulations of the Commissioner.
``(6) Consultation and coordination.--Each agency and
instrumentality exercising authority to issue regulations under
this subsection shall consult and coordinate with the other
such agencies and instrumentalities for the purposes of
assuring, to the extent possible, that the regulations
prescribed by each such agency or instrumentality are
consistent and comparable, as appropriate, with the regulations
prescribed by the other such agencies and instrumentalities.
The Commissioner shall undertake to facilitate such
consultation and coordination.
``(7) Definitions and special rules.--
``(A) For purposes of this subsection, the terms
`sell', `purchase', and `display to the general public'
shall have the meanings provided such terms under
section 205(c)(2)(C)(x) or section 208A(a), as
applicable.
``(B) For purposes of this subsection, section
205(c)(2)(C)(x)(XI) shall apply.
``(b) Coordination of Enforcement With Other Agencies.--The
Commissioner may provide, by regulation, for enforcement by any other
agency or instrumentality of the United States of the provisions of
section 208A and regulations prescribed pursuant to subsection (a)(1)
with respect to section 208A.
``(c) Actions by States With Respect to Misuse in Private Sector or
by State and Local Governments.--
``(1) Civil actions.--In any case in which the attorney
general of a State (as defined in section 205(c)(2)(C)(x)(X))
has reason to believe that an interest of the residents of that
State has been or is threatened or adversely affected by an act
or practice described in paragraph (2), the State, as parens
patriae, may bring a civil action on behalf of the residents of
the State in a district court of the United States of
appropriate jurisdiction, to--
``(A) enjoin that act or practice;
``(B) enforce compliance with the regulation;
``(C) obtain civil penalties in an amount of
$11,000 per violation not to exceed a total of
$5,000,000; or
``(D) obtain such other legal and equitable relief
as the district court may consider to be appropriate.
Before filing an action under this subsection, the attorney
general of the State involved shall provide to the Commissioner
of Social Security and the Attorney General of the United
States a written notice of that action and a copy of the
complaint for that action. If the State attorney general
determines that it is not feasible to provide the notice
described in this subparagraph before the filing of the action,
the State attorney general shall provide the written notice and
the copy of the complaint as soon after the filing of the
complaint as practicable. Any reference in this subsection to
the attorney general of a State shall be deemed also to be a
reference to any equivalent official of such State.
``(2) Acts or practices subject to enforcement.--An act or
practice described in this paragraph is--
``(A) an act or practice by an executive,
legislative, or judicial agency or instrumentality of
the State involved or a political subdivision thereof,
a person acting as an agent thereof, or any officer or
employee of the foregoing or person acting as an agent
of the foregoing that violates clause (vi)(II), (x),
(xi), (xii), (xiii), (xiv), or (xv) of section
205(c)(2)(C) or any regulation promulgated thereunder,
or
``(B) an act or practice by any person that
violates section 208A or any regulation promulgated
thereunder.
``(3) Attorney general authority.--On receiving notice
under paragraph (1), the Attorney General of the United States
shall have the right--
``(A) to move to stay the action, pending the final
disposition of a pending Federal matter as described in
paragraph (4);
``(B) to intervene in an action under paragraph
(1);
``(C) upon so intervening, to be heard on all
matters arising therein; and
``(D) to file petitions for appeal.
``(4) Pending criminal proceedings.--If the Attorney
General of the United States has instituted a criminal
proceeding under section 208 alleging an act or practice
described in paragraph (2) in connection with any State, such
State may not, during the pendency of such proceeding or
action, bring an action under this subsection against any
defendant named in the criminal proceeding.
``(5) Rule of construction.--For purposes of bringing any
civil action under paragraph (1), nothing in this subsection
shall be construed to prevent an attorney general of a State
from exercising the powers conferred on the attorney general by
the laws of that State to conduct investigations, administer
oaths and affirmations, or compel the attendance of witnesses
or the production of documentary and other evidence.
``(6) Venue; service of process.--Any action brought under
paragraph (1) may be brought in any district court of the
United States that meets applicable requirements relating to
venue under section 1391 of title 28, United States Code. In an
action brought under paragraph (1), process may be served in
any district in which the defendant is an inhabitant or may be
found.
``(d) Remedies to Individuals for Violations by the Federal
Government of Requirements Relating to Social Security Account
Numbers.--
``(1) Civil actions.--Any individual who is aggrieved by an
act or practice by any person acting as an officer, employee,
or agent of an agency or instrumentality of the Federal
Government in violation of the requirements of clause (vi)(II),
(x), (xi), (xii), (xiii), (xiv), or (xv) of subsection
(c)(2)(C) with respect to the social security account number
assigned to such individual under subsection (c)(2)(B) may
commence a civil action for appropriate equitable relief or
actual damages.
``(2) Venue; service of process.--An action under this
subsection action may be brought in the district court of the
United States for the judicial district in which the plaintiff
resides, or has his principal place of business, in which the
violation took place, or in which the defendant resides or may
be found, and process may be served in any other district in
which a defendant resides or may be found.
``(3) Jurisdiction.--The district courts of the United
States shall have jurisdiction, without respect to the amount
in controversy or the citizenship of the parties, to grant the
relief provided for in paragraph (1).
``(4) Attorney's fees.--In any action under this
subsection, the court in its discretion may allow a reasonable
attorney's fee and costs of action to either party.
``(e) Ongoing GAO Review on Efficacy of Regulations.--
``(1) In general.--The Comptroller General of the United
States shall conduct an ongoing review of the efficacy of the
regulations prescribed by any agency or instrumentality of the
United States pursuant to this section. Such review shall
consider the extent to which such regulations are consistent
with, and in furtherance of the purposes of, the amendments
made by the Social Security Number Privacy and Identity Theft
Prevention Act of 2007.
``(2) Report.--Not later than 4 years after the effective
date of any final regulations issued by any agency or
instrumentality of the United States pursuant to this section,
the Comptroller General shall report to each House of the
Congress regarding the results of the review of such
regulations conducted under this paragraph. Such report shall
include the Comptroller General's recommendations for such
statutory or regulatory changes as the Comptroller General
considers appropriate.''.
SEC. 14. STUDY ON FEASIBILITY OF BANNING SOCIAL SECURITY ACCOUNT NUMBER
AS AN AUTHENTICATOR.
(a) Study.--As soon as practicable after the date of the enactment
of this Act, the Commissioner of Social Security shall enter into an
arrangement with the National Research Council under which the Council
shall carry out a study to determine--
(1) the extent of the use of social security account
numbers as a primary means of authenticating identity;
(2) the extent of the use of social security account
numbers for verification in commercial transactions; and
(3) the feasibility of a prohibition on such use.
The study shall also examine possible alternatives to social security
account numbers for verification purposes and uses in authenticating
identity.
(b) Report.--The arrangement entered into with the Council under
this section shall provide for submission by the Council to the
Commissioner and to each House of the Congress of a report setting
forth the results of the Council's study under this section, together
with the Council's findings and recommendations, no later than 1 year
after the effective date of the initial final regulations issued by the
Commissioner pursuant to the amendments made by section 2 of this Act.
Union Calendar No. 210
110th CONGRESS
1st Session
H. R. 3046
[Report No. 110-339]
_______________________________________________________________________
A BILL
To amend the Social Security Act to enhance Social Security account
number privacy protections, to prevent fraudulent misuse of the Social
Security account number, and to otherwise enhance protection against
identity theft, and for other purposes.
_______________________________________________________________________
September 24, 2007
Reported with an amendment, committed to the Committee of the Whole
House on the State of the Union, and ordered to be printed