Social Security Number Fraud Prevention Act of 2017 Implementation

Issuing agencies

Abstract

NSF is adding a section to its Privacy Act regulations to implement restrictions on the use of Social Security numbers in documents mailed by NSF. These restrictions are required by the Social Security Number Fraud Prevention Act of 2017. The rule is intended to help reduce the potential risk of identity theft from fraudulent or other unauthorized acquisition of Social Security numbers from any NSF mailings.

Full Text

<html>
<head>
<title>Federal Register, Volume 87 Issue 204 (Monday, October 24, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 204 (Monday, October 24, 2022)]
[Rules and Regulations]
[Pages 64167-64169]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-23062]


=======================================================================
-----------------------------------------------------------------------

NATIONAL SCIENCE FOUNDATION

45 CFR Part 613

RIN 3145-AA66


Social Security Number Fraud Prevention Act of 2017 
Implementation

AGENCY: National Science Foundation (NSF).

ACTION: Final rule; request for comments.

-----------------------------------------------------------------------

SUMMARY: NSF is adding a section to its Privacy Act regulations to 
implement restrictions on the use of Social Security numbers in 
documents mailed by NSF. These restrictions are required by the Social 
Security Number Fraud Prevention Act of 2017. The rule is intended to 
help reduce the potential risk of identity theft from fraudulent or 
other unauthorized acquisition of Social Security numbers from any NSF 
mailings.

DATES: The rule is effective October 24, 2022. Comments, if any, are 
requested by November 23, 2022.

ADDRESSES: Submit comments, if any, through the Federal e-rulemaking 
portal, <a href="https://www.regulations.gov">https://www.regulations.gov</a>. In the body of your comment, 
please indicate that it is in response to ``RIN 3145-AA66-Social 
Security Number Fraud Prevention Act of 2017 Implementation.'' If you 
are unable to submit your comment through the portal, please see the 
FOR FURTHER INFORMATION CONTACT section of this document to obtain 
alternate submission instructions. Comments may be made publicly 
available for routine viewing, inspection, and copying on <a href="https://www.regulations.gov">https://www.regulations.gov</a> and/or on the NSF website, <a href="https://www.nsf.gov">https://www.nsf.gov</a>, and 
are subject to disclosure under NSF's Freedom of Information Act 
regulations at 45 CFR part 612. For this reason, do not include in your 
comment information of a confidential nature, such as sensitive 
personal information or proprietary information, or any other 
information that you would not want publicly disclosed.

FOR FURTHER INFORMATION CONTACT: Alex Tang, Assistant General Counsel, 
National Science Foundation, 2415 Eisenhower Avenue, Alexandria, VA 
22314, (703) 292-8547.

SUPPLEMENTARY INFORMATION: The Social Security Number Fraud Prevention 
Act of 2017, Public Law 115-59, 131 Stat. 1152 (Sept. 15, 2017), 
codified at 42 U.S.C. 405 note, restricts federal agencies from 
including Social Security numbers (SSNs) of individuals on documents 
sent by mail unless the head of the agency determines that including 
the SSN on the mailing is necessary. The Act requires agency heads to 
issue regulations, within five years of the Act, specifying the 
circumstances under which including an SSN on a document sent by mail 
is necessary. The Act requires that the regulations include 
instructions for the partial redaction of SSNs where feasible, and 
requires that SSNs not be visible on the outside of any package sent by 
mail.
    To implement these requirements, NSF is amending its existing 
Privacy Act regulations (45 CFR part 613) to add a new Sec.  613.7, and 
to make a

[[Page 64168]]

conforming amendment to Sec.  613.1, which describes the scope of part 
613, to accommodate the new rule. The rule prohibits including an 
individual's SSN on any document that NSF sends by mail unless it is 
necessary, as determined by the Director of NSF (or other agency 
official whom the Director may designate). If so, the rule requires 
that the SSN be truncated to display no more than the last four digits 
or, if such truncation is not feasible, the document may include 
additional SSN digits or the full SSN, as needed, but only under 
certain circumstances, i.e.: if required by law (e.g., statute, court 
order, or other legal mandate); to identify a specific individual where 
no adequate substitute is available; or to fulfill some other 
compelling NSF business need. In all cases, the rule prohibits any SSN, 
truncated or not, from being visible on the outside of any NSF mailing.
    Consistent with the language of the Act, and with the legislative 
intent and examples discussed in the House report (H.R. Rep. No. 115-
150, pt. 1) accompanying the Act, the rule is limited to printed 
documents or correspondence mailed by NSF, including printed documents 
or correspondence mailed by a contractor acting on NSF's behalf. The 
rule does not apply to emails or other documents, correspondence, or 
communications transmitted by electronic means (e.g., via web portals). 
The rule is also not intended to apply to mailings, if any, by NSF 
award recipients or other individuals or entities using financial or 
other support or assistance from NSF, as their award terms and 
conditions do not normally direct or authorize them to send mailings or 
otherwise take any actions on NSF's behalf.

Administrative Procedure Act

    This rule of agency organization, procedure, or practice is exempt 
from the prior public notice and comment requirements of the 
Administrative Procedure Act. See 5 U.S.C. 553(b)(A). Accordingly, it 
is not being published in proposed form before being published as final 
and effective. There is also no need to delay the effective date of the 
rule by 30 days, as normally required for substantive rules. See 5 
U.S.C. 553(d). Instead, there is good cause to make the rule effective 
immediately, as it is merely procedural and reflects a statutory 
requirement that is already in effect (i.e., documents mailed by the 
agency may not include an SSN unless the agency head determines it is 
necessary). Id. Nonetheless, NSF will accept comments, if any, on the 
rule from interested parties, as provided in the ADDRESSES section of 
this document. NSF will consider such comments, if any, and may modify 
the rule on the basis of such comments, or as the agency may otherwise 
deem necessary or appropriate.

Executive Orders 12866 and 13563

    Executive Orders 12866 and 13563 direct agencies to assess the 
costs and benefits of available regulatory alternatives and, when 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health and safety effects, and other advantages; distributive impacts; 
and equity). Executive Order 13563 (Improving Regulation and Regulatory 
Review) emphasizes the importance of quantifying both costs and 
benefits, reducing costs, harmonizing rules, and promoting flexibility. 
This rule is not a significant regulatory action subject to review by 
the Office of Management & Budget (OMB), Office of Information and 
Regulatory Affairs (OIRA) under Executive Order 12866, section 6(a).

Executive Order 13132

    Executive Order 13132 (Federalism) prohibits an agency from 
publishing any rule that has federalism implications if the rule 
imposes substantial direct compliance costs on state and local 
governments and is not required by statute, or the rule preempts state 
law, unless the agency meets the consultation and funding requirements 
of section 6 of the Executive order. This final rule does not have any 
federalism implications, as described above.

Regulatory Flexibility Act

    NSF hereby certifies that this final rule will not have a 
significant economic impact on a substantial number of small entities 
as defined in the Regulatory Flexibility Act (5 U.S.C. 601-612). The 
factual basis for this certification is that the rule governs only the 
circumstances under which NSF includes SSNs in documents mailed by the 
NSF. The rule does not apply to mailings by small entities, other than 
any contractors who may be engaged to send mailings on NSF's behalf. 
Even in those cases, the economic impact would fall on NSF, not on the 
contractor, to determine to what extent, if any, a mailing needs to 
include an SSN in whole or part, and to pay mailing costs. In any 
event, NSF does not expect the volume of such mailings, if any, to be 
significant. Accordingly, pursuant to 5 U.S.C. 605(b), the initial and 
final regulatory flexibility analysis requirements of 5 U.S.C. 603 and 
604 do not apply.

Unfunded Mandates

    The Unfunded Mandates Reform Act of 1995 requires that agencies 
prepare a written statement analyzing and estimating anticipated costs 
and benefits before issuing any rule that may result in the expenditure 
by State, local, and tribal governments, in the aggregate, or by the 
private sector, of $100 million or more (adjusted annually for 
inflation) in any one year. See 2 U.S.C. 1532. The Act further requires 
that the agency publish a summary of such statement with the agency's 
proposed and final rules. No statement or summary is required, since 
the rule will not result in the above-stated expenditure by State, 
local, and tribal governments, or by the private sector.
    Section 1 of Executive Order 12785 requires the agency to submit a 
description of the extent of its prior consultation with 
representatives of affected State, local, and tribal governments, 
together with the agency's position, to OMB to support the need for any 
regulation that is not required by statute, if the direct compliance 
costs incurred by such governments will not be funded by the Federal 
Government (i.e., an unfunded mandate). The Executive order does not 
apply, since the rule is required by statute and, in any event, imposes 
no mandate or compliance obligations, unfunded or otherwise, on any 
State, local, or tribal government.

Congressional Review Act

    A major rule cannot take effect until 60 days after it is published 
in the Federal Register. This rule is not a major rule under 5 U.S.C. 
801.

Paperwork Reduction Act

    This rule contains no information collection, recordkeeping, or 
disclosure provisions that would constitute information collection 
activities subject to the OMB clearance requirements of the Paperwork 
Reduction Act of 1995 (44 U.S.C. 3501-3521).

List of Subjects in 45 CFR Part 613

    Personally identifiable information, Privacy, Social security.

    For the reasons stated in the preamble, NSF amends part 613, title 
45 of the Code of Federal Regulations, as set forth below:

PART 613--PRIVACY ACT REGULATIONS

0
1. Revise the authority citation for part 613 to read as follows:

    Authority:  5 U.S.C. 552a; for Sec.  613.7, 42 U.S.C. 405 note, 
Pub L. 115-59, 131 Stat. 1152.


[[Page 64169]]



0
2. In Sec.  613.1, add a sentence at the end to read as follows:


Sec.  613.1  General Provisions.

    * * * This part also includes regulations required by the Social 
Security Fraud Prevention Act of 2017 to limit the use of Social 
Security numbers on documents mailed by the National Science Foundation 
(NSF or Foundation).

0
3. Add Sec.  613.7 to read as follows:


Sec.  613.7  Social Security numbers on documents mailed by NSF.

    (a) A document that NSF sends by mail shall not include the Social 
Security number (SSN) of an individual, except where the NSF Director 
(or other agency official whom the NSF Director may designate) 
determines that it is necessary. If so, the SSN must be truncated to 
the extent feasible, as follows--
    (1) The document shall include no more than the last four digits of 
the SSN; or
    (2) If the document needs to include more digits, then only where 
they are:
    (i) Required by law (including, but not limited to, a statute, 
court order, or other legal mandate);
    (ii) Needed to identify a specific individual when no adequate 
substitute is available; or
    (iii) Needed to fulfill some other compelling NSF business need.
    (b) No portion of an SSN may be visible on the outside of any NSF 
mailing.
    (c) For purposes of this section, ``mail'' and ``mailing'' means 
printed documents or correspondence, and does not include emails or any 
other documents, correspondence, or communications in electronic form.
    (d) The requirements of this section shall apply to mail sent by 
NSF, including mailings by a contractor on NSF's behalf, on or after 
October 24, 2022.

    Dated: October 17, 2022.
Suzanne H. Plimpton,
Reports Clearance Officer, National Science Foundation.
[FR Doc. 2022-23062 Filed 10-21-22; 8:45 am]
BILLING CODE 7555-01-P


</pre></body>
</html>