[Federal Register Volume 79, Number 58 (Wednesday, March 26, 2014)]
[Rules and Regulations]
[Pages 16668-16672]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2014-06701]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Technical Information Service

15 CFR Part 1110

[Docket Number: 140321001-4001-01]
RIN 0692-AA21


Temporary Certification Program for Access to the Death Master 
File

AGENCY: National Technical Information Service, U.S. Department of 
Commerce.

[[Page 16669]]


ACTION: Interim final rule.

-----------------------------------------------------------------------

SUMMARY: The National Technical Information Service is issuing this 
interim final rule to establish a certification program under which 
persons may obtain immediate access to the publicly available Death 
Master File (DMF), pursuant to Section 203 of the Bipartisan Budget Act 
of 2013 (Act). This rule sets forth temporary requirements to become a 
certified person, provides that certified persons will be subject to 
periodic and unscheduled audits, and provides for the imposition of 
penalty upon any person who discloses or uses DMF information in a 
manner not in accordance with the Act. This rule also provides for the 
charging of fees for the certification program.

DATES: This rule is effective on March 26, 2014. Comments are due on 
this interim final rule on or before 5:00 p.m. Eastern time April 25, 
2014.

ADDRESSES: National Technical Information Service, 5301 Shawnee Road, 
Alexandria, VA 22312. Written comments must be submitted to John 
Hounsell by email at [email protected], or in paper form at NTIS, 5301 
Shawnee Road, Alexandria, VA 22312.

FOR FURTHER INFORMATION CONTACT: John Hounsell at [email protected], 
by mail at NTIS, 5301 Shawnee Road, Alexandria, VA 22312, or by 
telephone at 703-605-6184. Information about the DMF made available to 
the public by NTIS may be found at https://dmf.ntis.gov.

SUPPLEMENTARY INFORMATION: 

Background

    This interim final rule establishes a temporary certification 
program for persons who seek access to the Death Master File (DMF), as 
defined in Section 203 of the Bipartisan Budget Act of 2013 (Pub. L. 
113-67) (Act). The Act prohibits disclosure of DMF information during 
the three-calendar-year period following an individual's death unless 
the person requesting the information has been certified under a 
program established by the Secretary of Commerce. The Act directs the 
Secretary of Commerce to establish a certification program for such 
access to the DMF. Section 203, ``Restriction on Access to the Death 
Master File,'' requires the establishment of a fee-based certification 
program for allowable uses of DMF data for any deceased individual 
within three calendar years of the individual's death. Authority to 
carry out Section 203 has been delegated by the Secretary of Commerce 
to the Director, National Technical Information Service (NTIS).
    NTIS published a Request for Information and Advance Notice of 
Public Meeting on the Certification Program for Access to the Death 
Master File (RFI) at 79 FR 11735, available at http://www.gpo.gov/fdsys/pkg/FR-2014-03-03/pdf/2014-04584.pdf. The public meeting was held 
March 4, 2014, from 9:00 a.m. to 12:00 p.m. Eastern time at the United 
States Patent and Trademark Office, Madison Building West, 600 Dulany 
Street, Alexandria, VA 22314. The public meeting was also webcast. 
Written comments received in response to the RFI, and a transcription 
of oral comments made and comments submitted via webcast at the public 
meeting, may be viewed at http://dmf.ntis.gov/.
    In response to the RFI, NTIS received approximately 70 written 
comments, as well as oral and webcast comments at the public meeting. 
Among the commenters, 12 were insurance companies, 9 were industry 
associations, 6 were banks or credit services, 4 were pension funds, 
approximately 20 were various types of service providers, and the rest 
were individuals, including 8 genealogists, 6 investigators and 3 
medical researchers. Among the insurance companies and service 
providers, the most frequent comment received was that without 
continued access to the DMF, these organizations would be unable to 
prevent various types of fraud. For example, life insurance companies 
commented that they use the DMF to ensure that they are paying a valid 
claim to proper beneficiaries. Other commenters stressed that their 
continued access to the DMF is necessary to prevent credit card fraud. 
Others commented that they require continued access to the DMF to 
complete timely research to locate legal heirs to estates and unclaimed 
property. The statute and the temporary certification program 
established under this interim final rule permit all entities that meet 
the certification requirements to have access to the Limited Access DMF 
(as defined in the rule). In contrast, others commented that the nature 
of their use of the DMF was such that the Act should not be applied to 
them in accessing the DMF; however, the Act does not provide for 
exceptions.

Section 203, ``Restriction on Access to the Death Master File''

    Section 203(a) of the Act directs that the Secretary of Commerce 
(Secretary) shall not disclose to any person information contained on 
the Death Master File with respect to any deceased individual at any 
time during the three-calendar-year period beginning on the date of the 
individual's death, unless such person is certified under a program 
established under the Act.
    Section 203(b)(1) of the Act directs the Secretary to establish a 
program to certify persons who are eligible to access the information 
contained on the Death Master File, and to perform periodic and 
unscheduled audits of certified persons to determine compliance with 
the program.
    Under Section 203(b)(2) of the Act, a person shall not be certified 
under the program unless such person certifies that access to the 
information is appropriate because such person (A) has (i) a legitimate 
fraud prevention interest, or (ii) a legitimate business purpose 
pursuant to a law, governmental rule, regulation, or fiduciary duty, 
and (B) has systems, facilities, and procedures in place to safeguard 
such information, and experience in maintaining the confidentiality, 
security, and appropriate use of such information, pursuant to 
requirements similar to the requirements of section 6103(p)(4) of the 
Internal Revenue Code of 1986 (IRC), and (C) agrees to satisfy the 
requirements of such section 6103(p)(4) as if such section applied to 
such person.
    Section 203(b)(3)(A) of the Act directs the Secretary to charge 
fees to recover all costs of evaluating applications for certification 
and auditing, inspecting, and monitoring certified persons under the 
program. Section 203(b)(3)(B) of the Act requires the Secretary to 
report annually to the Congress on the fees collected and the cost of 
administering the program.
    Section 203(c)(1) of the Act provides that any certified person who 
receives DMF information as defined in Section 203(a), and who (A) 
discloses such information to any person other than a person meeting 
the requirements of subparagraphs (A), (B), and (C) of subsection 
(b)(2), or (B) discloses such information to any person who uses the 
information for any purpose not listed under subsection (b)(2)(A) or 
who further discloses the information to a person who does not meet 
such requirements, or (C) uses any such information for any purpose not 
listed under subsection (b)(2)(A), shall pay a penalty of $1,000 for 
each such disclosure or use, as shall any person to whom such 
information is disclosed who further discloses or uses such information 
as described in the preceding subparagraphs. Under Section 203(c)(2), 
there is a $250,000 limit on the total penalty that can be imposed on 
any person for any calendar year, unless

[[Page 16670]]

the Secretary determines the violations to have been willful or 
intentional.
    Section 203(d) of the Act defines the term ``Death Master File'' to 
mean information on the name, social security account number, date of 
birth, and date of death of deceased individuals maintained by the 
Commissioner of Social Security, other than information that was 
provided to such Commissioner under section 205(r) of the Social 
Security Act (42 U.S.C. 405(r)).
    Under Section 203(e)(1) of the Act, the Freedom of Information Act 
(FOIA) shall not apply to compel any Federal agency to disclose 
information contained on the Death Master File with respect to any 
deceased individual at any time during the three-calendar-year period 
beginning on the date of the individual's death to anyone other than a 
certified person. Section 203(e)(2) of the Act provides that Section 
203 shall be considered a statute under FOIA section 552(b)(3).
    Under Section 203(f) of the Act, Section 203 takes effect 90 days 
after the date of the enactment, while Section 203(e) (the FOIA 
provision) takes effect upon enactment.
    As noted in the RFI, several Members of Congress described their 
understanding of the purpose and meaning of Section 203 during 
Congressional debate on the Joint Resolution which became the Act, and 
citations to those Member statements are provided in the RFI. The RFI 
also provides background on the component of the DMF covered by Section 
203, which originates from the Social Security Administration.
    In addition, to comply with the certification program requirements 
established under this interim final rule, certified persons who 
receive Limited Access DMF may not themselves redistribute such 
information in an unrestricted manner, including over the Internet.
    The interim final rule defines ``Persons'' to include corporations, 
companies, associations, firms, partnerships, societies, and other 
stock companies, as well as individuals, but does not include Executive 
departments or agencies. Executive departments or agencies will not 
have to complete the Certification Form as set forth in the rule. Those 
working on behalf of and authorized by Executive departments or 
agencies may access the Limited Access DMF through that sponsoring 
Executive department or agency. If, however, an Executive department or 
agency wishes those working on its behalf to access the Limited Access 
DMF directly from NTIS, then those working on behalf of that Executive 
department or agency will be required to complete and submit the 
Certification Form as set forth in the rule and enter into a 
subscription agreement with NTIS in order to access the Limited Access 
DMF.
    This interim final rule contains general provisions regarding 
implementation of the Act and establishes the interim procedure for 
becoming a certified person. These general provisions and the interim 
procedure are effective immediately. Due to the extremely important 
issues raised by potential misuse of the DMF, including concerns about 
availability of sensitive information transmitted across the Internet, 
and the statutory deadline for establishing a certification program, 
NTIS is issuing this interim final rule. NTIS plans to continue to 
refine the certification program, consistent with the Act through a 
separate notice and comment rulemaking process, to be initiated as soon 
as possible.

Additional Information

Executive Order 12866
    This rule has been determined to be significant of Executive Order 
12866.
Executive Order 12612
    This rule does not contain policies with Federalism implications 
sufficient to warrant preparation of a Federalism assessment under 
Executive Order 12612.
Administrative Procedure Act
    NTIS finds good cause to waive the notice and comment provisions in 
5 U.S.C 553(b)(B) because failure to do so would be contrary to the 
public interest. Under Section 203 of the Act, on March 26, 2014, the 
Secretary must cease any and all disclosure of DMF data within three 
calendar years of a person's death unless the recipient of the data is 
certified. Many of the current subscribers of the DMF data, such as 
insurance companies and credit card companies, use the data for fraud 
prevention purposes. If this rule is not effective by March 26, 2014, 
these companies will no longer be able to receive data necessary to 
prevent fraud in their industry. At the public meeting NTIS held on 
March 4, commenters explained why they thought their use of the DMF was 
legitimate under the Act, and emphasized the necessity of uninterrupted 
access to the DMF for their business. Comments were also received 
regarding the content of a certification form that might be used in 
conjunction with a certification program under the Act. Given the 
statutory deadline associated with implementing the Act, it was not 
possible to address all of the arguments and comments presented before 
promulgating this interim final rule. Waiving the notice and comment 
requirements of the Administrative Procedure Act to make this rule 
effective immediately will allow entities who use the DMF for 
legitimate purposes, as defined in the Act, to continue to access the 
data through certification of their compliance with the requirements of 
Section 203.
Regulatory Flexibility Act
    Because notice and comment are not required under 5 U.S.C. 553, or 
any other law, the analytical requirements of the Regulatory 
Flexibility Act (5 U.S.C. 601 et seq.) are inapplicable. As such, a 
regulatory flexibility analysis is not required, and none has been 
prepared.
Paperwork Reduction Act
    This interim final rule contains a collection of information 
requirement subject to the Paperwork Reduction Act and which has been 
approved by the Office of Management and Budget (OMB) under Control 
Number 0692-0013. This interim final rule requires that applicants 
certify their compliance with the requirements of Section 203 of the 
Act.
    Notwithstanding any other provision of the law, no person is 
required to, nor shall any person be subject to penalty for failure to 
comply with a collection of information, subject to the requirements of 
the Paperwork Reduction Act, unless that collection of information 
displays a currently valid OMB Control Number.
National Environmental Policy Act
    This rule will not significantly affect the quality of the human 
environment. Therefore, an environmental assessment or Environmental 
Impact Statement is not required to be prepared under the National 
Environmental Policy Act of 1969.

List of Subjects in 15 CFR Part 1110

    Certification program, Fees, Imposition of penalty.

    Dated: March 21, 2014.
Bruce Borzino,
Director.

    For reasons set forth in the preamble, the National Technical 
Information Service amends 15 CFR chapter XI to add a new part 1110, as 
follows:

PART 1110--CERTIFICATION PROGRAM FOR ACCESS TO THE DEATH MASTER 
FILE

Subpart A--General
Sec.

[[Page 16671]]

1110.1 Description of rule; applicability.
1110.2 Definitions used in this part.
Subpart B--Certification Program
1110.100 Scope.
1110.101 Submission of Certification.
1110.102 Certification.
Subpart C--Penalties and Audits
1110.200 Imposition of Penalty.
1110.201 Audits.
Subpart D--Fees
1110.300 Fees.

    Authority: Pub. L. 113-67, Sec. 203.

Subpart A--General


Sec.  1110.1  Description of rule; applicability.

    (a) The Bipartisan Budget Act of 2013 (Pub. L. 113-67), Section 
203, provides for the establishment of a fee-based certification 
program for persons who seek access to the Death Master File (DMF), and 
prohibits disclosure of DMF information for an individual during the 
three-calendar-year period following the individual's death, unless the 
person requesting the information has been certified.
    (b) This part is applicable to any Person seeking access to a 
Limited Access DMF, as defined in this part.


Sec.  1110.2  Definitions used in this part.

    The following definitions are applicable to this part:
    Act. The Bipartisan Budget Act of 2013 (Pub. L. 113-67).
    Certified Person. A Person who has been certified under the 
certification program established under this part and is eligible to 
access the Limited Access DMF.
    DMF. Death Master File.
    Death Master File. Information on the name, social security account 
number, date of birth, and date of death of deceased individuals 
maintained by the Commissioner of Social Security, other than 
information that was provided to such Commissioner under section 205(r) 
of the Social Security Act (42 U.S.C. 405(r)).
    Limited Access DMF. The DMF product made available by NTIS which 
includes DMF with respect to any deceased individual at any time during 
the three-calendar-year period beginning on the date of the 
individual's death.
    NTIS. The National Technical Information Service, United States 
Department of Commerce.
    Open Access DMF. The DMF product made available by NTIS which does 
not include DMF with respect to any deceased individual at any time 
during the three-calendar-year period beginning on the date of the 
individual's death.
    Person. This term includes corporations, companies, associations, 
firms, partnerships, societies, and joint stock companies, as well as 
individuals.

Subpart B--Certification Program


Sec.  1110.100  Scope.

    (a) Any Person desiring access to the Limited Access DMF must 
certify in accordance with this part. Upon acceptance of a Person's 
certification by NTIS, such Person will be a Certified Person, will be 
entered into the publicly available list of Certified Persons 
maintained by NTIS, and will be eligible to access the Limited Access 
DMF made available by NTIS through subscription.
    (b) Certification under this part is not required for any Person to 
access the Open Access DMF made available by NTIS; however, a Certified 
Person may also access the Open Access DMF.


Sec.  1110.101  Submission of Certification.

    In order to become certified under the certification program 
established under this part, a Person must submit a completed 
certification statement, using the form NTIS FM161 with OMB Control 
Number 0692-0013, and its accompanying instructions at https://dmf.ntis.gov.


Sec.  1110.102  Certification.

    In order to be certified to be eligible to access the Limited 
Access DMF under the certification program established under this part, 
a Person shall certify, in the manner set forth in this part and 
pursuant to section 1001 of title 18, United States Code, that
    (a) Such Person's access to the Limited Access DMF is appropriate 
because:
    (1) Such Person has a legitimate fraud prevention interest, or has 
a legitimate business purpose pursuant to a law, governmental rule, 
regulation, or fiduciary duty, and shall specify the basis for so 
certifying;
    (2) Such Person has systems, facilities, and procedures in place to 
safeguard the accessed information, and experience in maintaining the 
confidentiality, security, and appropriate use of accessed information, 
pursuant to requirements similar to the requirements of section 
6103(p)(4) of the Internal Revenue Code of 1986;
    (3) Such Person agrees to satisfy the requirements of such section 
6103(p)(4) as if such section applied to such Person;
    (4) Such Person shall not, with respect to DMF of any deceased 
individual at any time during the three-calendar-year period beginning 
on the date of the individual's death:
    (i) Disclose such deceased individual's DMF to any person other 
than a person who meets the requirements of paragraphs (a)(1) through 
(3) of this section;
    (ii) Disclose such deceased individual's DMF to any person who uses 
the information for any purpose other than a legitimate fraud 
prevention interest or a legitimate business purpose pursuant to a law, 
governmental rule, regulation, or fiduciary duty;
    (iii) Disclose such deceased individual's DMF to any person who 
further discloses the information to any person other than a person who 
meets the requirements of paragraphs (a)(1) through (3) of this 
section; or
    (iv) Use any such deceased individual's DMF for any purpose other 
than a legitimate fraud prevention interest or a legitimate business 
purpose pursuant to a law, governmental rule, regulation, or fiduciary 
duty,
    (b) The certification required in this section shall state whether 
such Person intends to disclose such deceased individual's DMF to any 
person, and if so, shall state the manner of such disclosure and how 
such Person will ensure compliance with paragraphs (a)(4)(i) through 
(iii) of this section.

Subpart C--Penalties and Audits


Sec.  1110.200  Imposition of Penalty.

    (a) General. (1) Any Person certified under this part who receives 
DMF including information about any deceased individual at any time 
during the three-calendar-year period beginning on the date of the 
individual's death, and who during such three-calendar-year period:
    (i) Discloses such deceased individual's DMF information to any 
person other than a person who meets the requirements of Sec.  
1110.102(a)(1) through (3);
    (ii) Discloses such deceased individual's DMF to any person who 
uses the information for any purpose other than a legitimate fraud 
prevention interest or a legitimate business purpose pursuant to a law, 
governmental rule, regulation, or fiduciary duty;
    (iii) Discloses such deceased individual's DMF to any person who 
further discloses the information to any person other than a person who 
meets the requirements of Sec.  1110.102(a)(1) through (3); or
    (iv) Uses any such deceased individual's DMF for any purpose other 
than a legitimate fraud prevention interest or a legitimate business 
purpose pursuant to a law, governmental rule, regulation, or fiduciary 
duty

[[Page 16672]]

    (2) Any Person to whom such information is disclosed, whether or 
not such Person is certified under this part, who further discloses or 
uses such information as described in paragraphs (a)(1)(i) through (iv) 
of this section shall pay to the General Fund of the United States 
Department of the Treasury a penalty of $1,000 for each such disclosure 
or use.
    (b) Limitation on Penalty. The total amount of the penalty imposed 
under this part on any Person for any calendar year shall not exceed 
$250,000.


Sec.  1110.201  Audits.

    Any Person certified under this part shall, as a condition of 
certification, agree to be subject to audit by NTIS to determine the 
compliance by such Person with the requirements of this part. NTIS may 
conduct periodic and unscheduled audits of the systems, facilities, and 
procedures of any Certified Person relating to such Certified Person's 
access to, and use and distribution of, Limited Access DMF, during 
regular business hours.

Subpart D--Fees


Sec.  1110.300  Fees.

    Fees for the costs associated with evaluating applications for 
certification of Certified Persons under this part are as follows:

Processing of Certification Form and maintenance of Registry     $200.00
 of Certified Persons........................................
 

[FR Doc. 2014-06701 Filed 3-25-14; 8:45 am]
BILLING CODE 3510-04-P