[Senate Report 115-62]
[From the U.S. Government Publishing Office]


                                                       Calendar No. 79
115th Congress    }                                      {      Report
                                 SENATE
 1st Session      }                                      {      115-62
_______________________________________________________________________

   

                    SOCIAL SECURITY FRAUD PREVENTION

                              ACT OF 2017

                               __________

                              R E P O R T

                                 of the

                   COMMITTEE ON HOMELAND SECURITY AND

                          GOVERNMENTAL AFFAIRS

                          UNITED STATES SENATE

                              to accompany

                                 S. 218

          TO RESTRICT THE INCLUSION OF SOCIAL SECURITY ACCOUNT
 NUMBERS ON DOCUMENTS SENT BY MAIL BY THE FEDERAL GOVERNMENT, AND FOR 
                             OTHER PURPOSES

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


                  May 15, 2017.--Ordered to be printed
                  
                                   ______

                         U.S. GOVERNMENT PUBLISHING OFFICE 

69-010                         WASHINGTON : 2017                   
                  
                  
                  
                  
                  
                  
                  
                  
                  
                  
                  
                  
                  
                  
                  
                  
                  
                  
        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

                    RON JOHNSON, Wisconsin, Chairman
JOHN McCAIN, Arizona                 CLAIRE McCASKILL, Missouri
ROB PORTMAN, Ohio                    THOMAS R. CARPER, Delaware
RAND PAUL, Kentucky                  JON TESTER, Montana
JAMES LANKFORD, Oklahoma             HEIDI HEITKAMP, North Dakota
MICHAEL B. ENZI, Wyoming             GARY C. PETERS, Michigan
JOHN HOEVEN, North Dakota            MAGGIE HASSAN, New Hampshire
STEVE DAINES, Montana                KAMALA D. HARRIS, California

                  Christopher R. Hixon, Staff Director
                Gabrielle D'Adamo Singer, Chief Counsel
       Patrick J. Bailey, Chief Counsel for Governmental Affairs
                  Daniel J. Spino, Research Assistant
               Margaret E. Daum, Minority Staff Director
               Stacia M. Cardille, Minority Chief Counsel
       Charles A. Moskowitz, Minority Senior Legislative Counsel
                     Laura W. Kilbride, Chief Clerk















                                                       Calendar No. 79
115th Congress    }                                      {      Report
                                 SENATE
 1st Session      }                                      {      115-62

======================================================================



 
              SOCIAL SECURITY FRAUD PREVENTION ACT OF 2017

                                _______
                                

                  May 15, 2017.--Ordered to be printed

                                _______
                                

 Mr. Johnson, from the Committee on Homeland Security and Governmental 
                    Affairs, submitted the following

                              R E P O R T

                         [To accompany S. 218]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Homeland Security and Governmental 
Affairs, to which was referred the bill (S. 218) to restrict 
the inclusion of social security account numbers on documents 
sent by mail by the Federal Government, and for other purposes, 
having considered the same, reports favorably thereon with 
amendments and recommends that the bill, as amended, do pass.

                                CONTENTS

                                                                   Page
  I. Purpose and Summary..............................................1
 II. Background and Need for the Legislation..........................1
III. Legislative History..............................................2
 IV. Section-by-Section Analysis......................................3
  V. Evaluation of Regulatory Impact..................................3
 VI. Congressional Budget Office Cost Estimate........................3
VII. Changes in Existing Law Made by the Bill, as Reported............4

                         I. PURPOSE AND SUMMARY

    S. 218, the Social Security Fraud Prevention Act of 2017, 
would prohibit the Federal Government from including an 
individual's Social Security Number (SSN) in any agency 
documents that would go through the mail, unless the head of 
the agency determined that the inclusion of the SSN is 
necessary.

              II. BACKGROUND AND THE NEED FOR LEGISLATION

    Identity theft has been a growing concern for many 
Americans. The Federal Trade Commission had over 889,000 
identity theft complaints filed in 2015 and 2016.\1\ A large 
contributing factor to identity theft is the unauthorized 
acquisition and fraudulent use of SSNs. SSNs are required for a 
myriad of verification processes, besides just accessing one's 
Social Security benefits. Individuals interested in receiving 
certain government services, or applying for private sector 
services, such as a credit card, will need to provide their SSN 
in order to complete the application process.\2\ The Social 
Security Administration (SSA) strongly encourages individuals 
to keep their SSN confidential and avoid giving it out 
unnecessarily due to the problems and misfortunes it can lead 
to.\3\ As a result of this, many citizens refuse to write their 
SSN down and memorize it to ensure it doesn't get abused by 
someone else.
---------------------------------------------------------------------------
    \1\Federal Trade Commission, Consumer Sentinel Network Data Book 
for January-December 2016 at 79 (March 2017), available at https://
www.ftc.gov/system/files/documents/reports/consumer-sentinel-network-
data-book-january-december-2016/csn_cy-2016_data_book.pdf.
    \2\Social Security Administration, Your Social Security Number and 
Card, at 2 (January 2016, available at https://www.ssa.gov/pubs/EN-05-
10002.pdf.
    \3\Id., at 11.
---------------------------------------------------------------------------
    Many Federal agencies require SSNs as a way to confirm the 
identity of individuals that are requesting services, benefits, 
or paying taxes. Using a SSN is an efficient way to confirm an 
individual's identity. However, with no Government-wide 
protocol outlining the use of SSNs, the procedures and security 
of its use varies from agency to agency. In 2007, the Office of 
Management and Budget released a memorandum to Federal agencies 
ordering them to review their use of SSNs to increase 
protection and eliminate any unnecessary use.\4\ The Government 
Accountability Office later issued a report finding that 
vulnerabilities are present across the Government.\5\
---------------------------------------------------------------------------
    \4\Memorandum from Clay Johnson III, Deputy Director for 
Management, Office of Management and Budget, to Heads of Executive 
Dep'ts and Agencies, Safeguarding Against and Responding to the Breach 
of Personally Identifiable Information (May 22, 2007).
    \5\Gov't Accountability Office, GAO-07-1023T, Social Security 
Numbers: Use is Widespread and Protection could be Improved (June 21, 
2007), http://www.gao.gov/new.items/d071023t.pdf.
---------------------------------------------------------------------------
    Having SSNs on Federal correspondence amplifies the 
possibility of SSNs being compromised. An easy way for the 
Federal Government to mitigate this preventable risk is to 
reduce the use of full SSNs on documents sent through the mail.
    S. 218 restricts Federal agencies from including SSNs in 
correspondence sent through the mail unless it is deemed 
necessary by the head of the agency. If this is the case, the 
agency is required to partially redact the SSN whenever 
possible and consider other ways to mitigate the risk of 
identity theft for the individual receiving the mail.

                        III. LEGISLATIVE HISTORY

    Senator Cory Gardner introduced S. 218, the Social Security 
Fraud Prevention Act of 2017, on January 24, 2017. The bill was 
referred to the Homeland Security and Governmental Affairs 
Committee.
    The Committee considered S. 218 at a business meeting on 
March 15, 2017. During the business meeting, an amendment was 
offered by Senator Daines to make clear that agencies are to 
take additional mitigation measures whenever it is necessary to 
send a piece of mail with a SSN.
    Both the Daines amendment and the bill as amended were 
ordered reported favorably en bloc by voice vote. Senators 
Johnson, Portman, Lankford, Daines, McCaskill, Carper, Tester, 
Heitkamp, Peters, Hassan, and Harris were present for the vote.

        IV. SECTION-BY-SECTION ANALYSIS OF THE BILL, AS REPORTED

Section 1: Short title

    The short title of the bill is the ``Social Security Fraud 
Prevention Act of 2017.''

Section 2: Restriction of SSNs on documents sent by mail

    Subsection (a) states that no federal agency or department 
can send out mail that includes a SSN, unless the head of that 
department or agency deems the presence of the SSN on the 
document necessary.
    Subsection (b) mandates that each agency issue regulations 
within one year to specify how the agency is to determine when 
inclusion of a SSN in a document sent through the mail is 
necessary. The regulations issued by the agency must include a 
direction for the agency to: (1) partially redact the SSN 
whenever possible; (2) ensure SSNs are not visible on the 
outside of any piece of mail; and (3) take additional methods 
to mitigate the risk of SSNs sent through the mail when doing 
so is necessary.
    Subsection (c) provides that the requirements of the bill 
will take affect one year from its enactment.

                   V. EVALUATION OF REGULATORY IMPACT

    Pursuant to the requirements of paragraph 11(b) of rule 
XXVI of the Standing Rules of the Senate, the Committee has 
considered the regulatory impact of this bill and determined 
that the bill will have no regulatory impact within the meaning 
of the rules. The Committee agrees with the Congressional 
Budget Office's statement that the bill contains no 
intergovernmental or private-sector mandates as defined in the 
Unfunded Mandates Reform Act (UMRA) and would impose no costs 
on state, local, or tribal governments.

             VI. CONGRESSIONAL BUDGET OFFICE COST ESTIMATE

                                                    March 23, 2017.
Hon. Ron Johnson,
Chairman, Committee on Homeland Security and Governmental Affairs, U.S. 
        Senate, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for S. 218, the Social 
Security Fraud Prevention Act of 2017.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contact is Matthew 
Pickford.
            Sincerely,
                                                        Keith Hall.
    Enclosure.








S. 218--Social Security Fraud Prevention Act of 2017

    S. 218 would prohibit federal agencies from including 
social security account numbers on any documents sent by mail 
unless the agency determines that inclusion of the number is 
necessary. There are many federal laws and regulations that 
address the protection of sensitive information including the 
Federal Information Security Management Act, the Privacy Act of 
1974, and a 2007 memorandum from the Office of Management and 
Budget on safeguarding and responding to the disclosure of 
personally identifiable information. Because of those laws and 
rules, CBO expects that most agencies are working to limit the 
amount of personally identifiable information that they collect 
and disseminate. As a consequence, CBO estimates that 
implementing S. 218 would have no significant cost over the 
next five years.
    Enacting the legislation could affect direct spending by 
agencies not funded through annual appropriations; therefore, 
pay-as-you-go procedures apply. CBO estimates, however, that 
any net increase in spending by those agencies would be 
negligible. Enacting S. 218 would not affect revenues.
    CBO estimates that enacting S. 218 would not increase net 
direct spending or on-budget deficits in any of the four 
consecutive 10-year periods beginning in 2028.
    S. 218 contains no intergovernmental or private-sector 
mandates as defined in the Unfunded Mandates Reform Act and 
would impose no costs on state, local, or tribal governments.
    On February 24, 2017, CBO transmitted a cost estimate for 
H.R. 624, the Social Security Fraud Prevention Act of 2017, as 
ordered reported by the House Committee on Oversight and 
Government Reform on February 14, 2017. The two pieces of 
legislation are similar and CBO's estimates of their budgetary 
effects are the same.
    The CBO staff contact for this estimate is Matthew 
Pickford. The estimate was approved by H. Samuel Papenfuss, 
Deputy Assistant Director for Budget Analysis.

       VII. CHANGES IN EXISTING LAW MADE BY THE BILL, AS REPORTED

    Because S. 218 would not repeal or amend any provision of 
current law, it would make no changes in existing law within 
the meaning of clauses (a) and (b) of paragraph 12 of rule XXVI 
of the Standing Rules of the Senate.

                                  [all]