[Federal Register Volume 87, Number 134 (Thursday, July 14, 2022)]
[Rules and Regulations]
[Pages 42097-42100]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-14847]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

Office of the Secretary

43 CFR Part 2

[DOI-2021-0002; DS67010000, DWSNF0000.XD0000, DP67012, 22XD4523WS]
RIN 1090-AB24


Social Security Number Fraud Prevention Act of 2017 
Implementation

AGENCY: Office of the Secretary, Interior.

ACTION: Direct final rule.

-----------------------------------------------------------------------

SUMMARY: The Department of the Interior (DOI) is publishing a direct 
final rule to promulgate regulations to implement the provisions of the 
Social Security Number Fraud Prevention Act of 2017. The new 
regulations will prohibit the inclusion of an individual's Social 
Security account number (SSN) on any document sent through the mail 
unless the Secretary of the Interior deems it necessary and precautions 
are taken to protect the SSN. The regulations also include requirements 
for the safeguarding of SSNs sent through the mail by partially 
redacting SSNs where feasible and prohibiting the display of SSNs on 
the outside of any package or envelope sent by mail. This rule is being 
published as a direct final rule as DOI does not expect any adverse 
comments. If adverse comments are received, this direct final rule will 
be withdrawn and a proposed rule for comments will be published.

DATES: This rule is effective September 12, 2022 without further action 
unless adverse comment is received by August 15, 2022. If adverse 
comment is received, DOI will publish a timely withdrawal of the rule 
in the Federal Register.

ADDRESSES: Send written comments identified by docket number [DOI-2021-
0002] or [Regulatory Information Number (RIN) 1090-AB24], by any of the 
following methods:
     Federal e-Rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments to docket number [DOI-
2021-0002].
     Email: [email protected]. Include docket number 
[DOI-2021-0002] or RIN 1090-AB24 in the subject line of the message.
     U.S. mail or hand-delivery: Teri Barnett, Departmental 
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, 
Room 7112, Washington, DC 20240.
    Instructions: All submissions received must include the agency name 
and docket number [DOI-2021-0002] or RIN 1090-AB24 for this rulemaking. 
All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Teri Barnett, Departmental Privacy 
Officer, U.S. Department of the Interior, 1849 C Street NW, Room 7112, 
Washington, DC 20240, [email protected] or (202) 208-1605.

SUPPLEMENTARY INFORMATION:

I. Background

    The Social Security Number Fraud Prevention Act of 2017 (the Act), 
Public Law 115-59, 42 U.S.C. 405 note, was signed on September 15, 
2017. The Act restricts the inclusion of SSNs on any documents sent by 
mail unless the head

[[Page 42098]]

of the agency determines that the inclusion of the SSN on the document 
is necessary. The Act also directs agencies to issue regulations that 
specify when inclusion of an SSN is necessary, include requirements for 
the safeguarding of SSNs by partially redacting SSNs where feasible and 
prohibiting the display of SSNs on the outside of any package or 
envelope sent by mail.
    In this direct final rule, DOI is adding a new subpart M, Social 
Security Number Fraud Prevention Act Requirements, to 43 CFR part 2, to 
implement the provisions of the Act. To comply with the Act, the new 
regulations in subpart M prohibit the inclusion of SSNs on any document 
sent through the mail by DOI bureaus and offices unless the Secretary 
of the Interior (Secretary) deems it necessary and precautions are 
taken to protect the SSNs. To safeguard SSNs and protect individual 
privacy, subpart M includes requirements for DOI bureaus and offices to 
partially redact SSNs where feasible, and specifically prohibits the 
display of complete or partial SSNs on the outside of any package or 
envelope sent by mail or through the window of an envelope or package. 
Subpart M applies to all DOI bureau and office activities and describes 
the scope of the regulations to include all documents written or 
printed that DOI sends by mail that include the complete or partial SSN 
of an individual as defined by the Privacy Act of 1974, as amended, 5 
U.S.C. 552a.

II. Direct Final Rulemaking

    This rule is being published as a direct final rule as DOI does not 
expect to receive any significant adverse comments. If such comments 
are received, this direct final rule will be withdrawn and a proposed 
rule for comments will be published. If no such comments are received, 
this direct final rule will become effective after the comment period 
expires. A significant adverse comment is one that explains (1) why the 
rule is inappropriate, including challenges to the rule's underlying 
premise or approach; or (2) why the direct final rule will be 
ineffective or unacceptable without a change. In determining whether a 
significant adverse comment necessitates withdrawal of this direct 
final rule, DOI will consider whether the comment raises an issue 
serious enough to warrant a substantive response had it been submitted 
in a standard notice and comment process. A comment recommending an 
addition to the rule will not be considered significant and adverse 
unless the comment explains how this direct final rule would be 
ineffective without the addition.
    An agency typically uses direct final rulemaking when it 
anticipates the rule will be non-controversial. DOI has determined that 
this rule is suitable for direct final rulemaking. The purpose of this 
rule is to implement the provisions of the Act to apply restrictions 
and safeguards for the inclusion of SSNs in documents that are mailed 
to prevent unauthorized disclosure of SSNs and protect individual 
privacy. This rule should not be controversial and is consistent with 
Federal law and policy regarding the appropriate handling and 
protection of personally identifiable information. Accordingly, 
pursuant to 5 U.S.C. 553(b), DOI has for good cause determined that the 
notice and comment requirements are unnecessary. This action is taken 
pursuant to delegated authority.

III. Compliance With Other Laws, Executive Orders, and Department 
Policy

1. Regulatory Planning and Review (Executive Orders 12866 and 13563)

    Executive Order 12866 provides that the Office of Information and 
Regulatory Affairs in the Office of Management and Budget (OMB) will 
review all significant rules. The Office of Information and Regulatory 
Affairs has determined that this rule is not significant.
    Executive Order 13563 reaffirms the principles of Executive Order 
12866 while calling for improvements in the nation's regulatory system 
to promote predictability, to reduce uncertainty, and to use the best, 
most innovative, and least burdensome tools for achieving regulatory 
ends. The Executive Order directs agencies to consider regulatory 
approaches that reduce burdens and maintain flexibility and freedom of 
choice for the public where these approaches are relevant, feasible, 
and consistent with regulatory objectives. Executive Order 13563 
emphasizes further that regulations must be based on the best available 
science and that the rulemaking process must allow for public 
participation and an open exchange of ideas. We have developed this 
rule in a manner consistent with these requirements.

2. Regulatory Flexibility Act

    DOI certifies that this rule will not have a significant economic 
effect on a substantial number of small entities under the Regulatory 
Flexibility Act (5 U.S.C. 601, et seq.). This rule does not impose a 
requirement for small businesses to report or keep records on any of 
the requirements contained in this rule.

3. Small Business Regulatory Enforcement Fairness Act

    This rule is not a major rule under 5 U.S.C. 804(2), the Small 
Business Regulatory Enforcement Fairness Act. This rule:
    (a) Does not have an annual effect on the economy of $100 million 
or more.
    (b) Will not cause a major increase in costs or prices for 
consumers, individual industries, Federal, State, or local government 
agencies, or geographic regions.
    (c) Does not have significant adverse effects on competition, 
employment, investment, productivity, innovation, or the ability of 
United States-based enterprises to compete with foreign-based 
enterprises.

4. Unfunded Mandates Reform Act

    This rule does not impose an unfunded mandate on State, local, or 
tribal governments in the aggregate, or on the private sector, of more 
than $100 million per year. The rule does not have a significant or 
unique effect on State, local, or tribal governments or the private 
sector. The rule implements the Act in order to restrict the use of 
complete SSNs in documents sent via mail. A statement containing the 
information required by the Unfunded Mandates Reform Act (2 U.S.C. 
1531, et seq.) is not required.

5. Takings (Executive Order 12630)

    This proposed rule does not affect a taking of private property or 
otherwise have taking implications under Executive Order 12630. This 
rule is not a government action capable of interfering with 
constitutionally protected property rights. The rule implements the Act 
in order to restrict the use of complete SSNs in documents sent via 
mail. A takings implication assessment is not required.

6. Federalism (Executive Order 13132)

    Under the criteria of section 1 of Executive Order 13132, this rule 
does not have any federalism implications to warrant the preparation of 
a Federalism Assessment. The rule is not associated with, nor will it 
have substantial direct effects on the States, on the relationship 
between the Federal Government and the States, or on the distribution 
of power and responsibilities among the various levels of government. A 
Federalism Assessment is not required.

[[Page 42099]]

7. Civil Justice Reform (Executive Order 12988)

    This rule complies with the requirements of Executive Order 12988. 
Specifically, this rule:
    (a) Meets the criteria of section 3(a) requiring that all 
regulations be reviewed to eliminate errors and ambiguity and be 
written to minimize litigation; and
    (b) Meets the criteria of section 3(b)(2) requiring that all 
regulations be written in clear language and contain clear legal 
standards.

8. Consultation and Coordination With Indian Tribal Governments 
(Executive Order 13175).

    In accordance with Executive Order 13175, DOI has evaluated this 
proposed rule and determined that it would have no substantial effects 
on federally recognized Indian Tribes. This proposed rule does not have 
tribal implications that impose substantial direct compliance costs on 
Indian Tribal governments.

9. Paperwork Reduction Act of 1995

    This rule does not contain information collection requirements and 
a submission under the Paperwork Reduction Act is not required.

10. National Environmental Policy Act of 1969

    The proposed rule implements the Act in order to restrict the use 
of complete SSNs in documents sent via mail, and does not constitute a 
major Federal action and would not have a significant effect on the 
quality of the human environment. Therefore, this rule does not require 
the preparation of an environmental assessment or environmental impact 
statement under the requirements of the National Environmental Policy 
Act.

11. Data Quality Act

    In developing this rule, there was no need to conduct or use a 
study, experiment, or survey requiring peer review under the Data 
Quality Act (Pub. L. 106-554, section 515).

12. Effects on Energy Supply (Executive Order 13211)

    This rule is not a significant energy action under the definition 
in Executive Order 13211. DOI has determined that this proposed rule 
will not have substantial direct effects on energy supply, 
distribution, or use, including a shortfall in supply or price 
increase. The rule has no bearing on energy development and will have 
no effect on the volume or consumption of energy supplies. A Statement 
of Energy Effects is not required.

13. Clarity of This Regulation

    DOI is required by Executive Orders 12866 (section 1(b)(12)), 12988 
(section 3(b)(1)(B)), and 13563 (section 1(a)), the Plain Writing Act 
of 2010 (Pub. L. 111-274), and the Presidential Memorandum of June 1, 
1998, to write all rules in plain language. This means each rule we 
publish must:
    (a) Be logically organized;
    (b) Use the active voice to address readers directly;
    (c) Use common, everyday words and clear language rather than 
jargon;
    (d) Be divided into short sections and sentences; and
    (e) Use lists and table wherever possible.

List of Subjects in 43 CFR Part 2

    Administrative practice and procedure, Classified information, 
Confidential business information, Courts, Freedom of Information, 
Government employees, Privacy, and Social Security Number Fraud 
Prevention.

    For reasons stated in the preamble, DOI amends part 2 of title 43 
of the CFR as set forth below:

PART 2--FREEDOM OF INFORMATION ACT; RECORDS AND TESTIMONY

0
1. The authority citation for part 2 is revised to read as follows:

    Authority:  5 U.S.C. 301, 552, 552a, 553, 31 U.S.C. 3717, 43 
U.S.C. 1460, 1461, the Social Security Number Fraud Prevention Act 
of 2017, Pub. L. 115-59, September 15, 2017.


0
2. Add subpart M to read as follows:
Subpart M--Social Security Number Fraud Prevention Act Requirements
Sec.
2.300 What is the purpose of this subpart?
2.301 What does this subpart cover?
2.302 What terms are used in this subpart?
2.303 What are DOI's requirements for protecting SSNs in document 
sent by mail?

Subpart M--Social Security Number Fraud Prevention Act Requirements


Sec.  2.300   What is the purpose of this subpart?

    (a) The purpose of this subpart is to implement the requirements of 
the Social Security Number Fraud Prevention Act of 2017 (the Act), 
Public Law 115-59, 42 U.S.C. 405 note, September 15, 2017.
    (b) The Act:
    (1) Prohibits Federal agencies from including any individual's 
Social Security account number (SSN) on any document sent by mail 
unless the head of the agency determines that such inclusion is 
necessary; and
    (2) Requires agencies to issue regulations that specify the 
circumstances under which such inclusion is necessary.


Sec.  2.301   What does this subpart cover?

    (a) This subpart describes how DOI, including all its bureaus and 
offices, handles the use and protection of individuals' SSNs in 
documents that are mailed. SSNs may only be included in documents that 
are mailed when authorized and necessary, and where appropriate 
safeguards are employed to protect individual privacy in accordance 
with the Act.
    (b) This subpart includes the circumstances under which inclusion 
of an individual's SSN on a document is authorized to be mailed;
    (c) This subpart requires SSNs to be safeguarded when mailed by:
    (1) Requiring the partial redaction of SSNs where feasible; and
    (2) Prohibiting the display of SSNs on the outside of any package 
or mailing envelope sent by mail or through the window of an envelope 
or package.


Sec.  2.302   What terms are used in this subpart?

    Act means the Social Security Number Fraud Prevention Act of 2017, 
Public Law 115-59.
    Bureau is any component or constituent bureau or office of DOI, 
including the Office of the Secretary and any other Departmental 
office.
    Department or DOI means the Department of the Interior.
    Document means a piece of written or printed matter that provides 
information or evidence or that serves as an official record.
    Individual means a natural person who is a citizen of the United 
States or an alien lawfully admitted for permanent residence as defined 
by the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
    Mail means artifacts used to assemble letters and packages that are 
sent or delivered by means of an authorized carrier of postal delivery 
or United States Postal Service (USPS) postal system. (For purposes of 
the subpart, the postal system that is managed by the U.S. Postal 
Service.)
    Social Security number or Social Security account number means the 
nine-digit number issued by the Social Security Administration to U.S. 
citizens, permanent residents, and temporary (working) residents under 
section 205(c)(2) of the Social Security Act, codified as 42 U.S.C. 
405(c)(2).

[[Page 42100]]

    Truncated or partial SSN means the shortened or partial Social 
Security account number.


Sec.  2.303   What are DOI's requirements for protecting SSNs in 
document sent by mail?

    (a) DOI bureaus and offices may not include the full or partial SSN 
of an individual on any document sent via mail unless:
    (1) The inclusion of an SSN on a document sent by mail is required 
or authorized by law;
    (2) The responsible program office has conducted the proper 
assessment and taken steps to mitigate the use of the SSN and any 
impacts to individual privacy; and
    (3) The Secretary of the Interior has determined that the inclusion 
of the SSN on the document is necessary and appropriate to meet legal 
and mission requirements in accordance with this subpart.
    (b) Bureaus and offices shall partially redact or truncate SSNs in 
documents sent by mail where feasible to reduce the unnecessary use of 
SSNs and mitigate risk to individuals' privacy.
    (c) In no case shall any complete or partial SSN be visible on the 
outside of any envelope or package sent by mail or displayed on 
correspondence that is visible through the window of an envelope or 
package.

Joan M. Mooney,
Principal Deputy Assistant Secretary, Policy, Management and Budget.
[FR Doc. 2022-14847 Filed 7-13-22; 8:45 am]
BILLING CODE 4334-63-P