2022-21506. General Services Administration Property Management Regulations, (GSPMR), Enterprise Data & Privacy Management Office (IDE); Social Security Number Fraud Prevention
-
Start Preamble
AGENCY:
Enterprise Data & Privacy Management Office (IDE), General Services Administration (GSA).
ACTION:
Proposed rule.
SUMMARY:
The General Service Administration (GSA) is proposing to amend GSA's regulations under the Privacy Act. The revisions would clarify and update the language of procedural requirements pertaining to the inclusion of Social Security account numbers (SSNs) on documents that GSA sends by mail. These revisions are necessary to implement the Social Security Number Fraud Prevention Act of 2017, which restricts the inclusion of Social Security account Numbers (SSNs) on documents sent by mail by the Federal Government.
DATES:
Interested parties should submit written comments to the Regulatory Secretariat Division at the address shown below on or before December 6, 2022 to be considered in the formation of the final rule.
ADDRESSES:
Submit comments in response to GSA-IDE case 2202-001 to: Regulations.gov: https://www.regulations.gov. Submit comments via the Federal eRulemaking portal by searching for “GSPMR Case 2022-105-1”. Select the link “Comment Now” that corresponds with GSPMR Case 2022-105-1. Follow the instructions provided at the “Comment Now” screen. Please include your name, company name (if any), and “GSPMR Case 2022-105-1” on your attached document. If your comment cannot be submitted using https://www.regulations.gov, call or email the points of contact in the FOR FURTHER INFORMATION CONTACT section of this document for alternate instructions.
Instructions: Please submit comments only and cite GSA-IDE Case 2202-001, in all correspondence related to this case. Comments received generally will be posted without change to https://www.regulations.gov, including any personal and/or business confidential information provided. To confirm receipt of your comment(s), please check https://www.regulations.gov, approximately two to three days after submission to verify posting.
Start Further InfoFOR FURTHER INFORMATION CONTACT:
Laura Gerhardt, Privacy Office, Enterprise Data & Privacy Management Office (IDE), General Services Administration, at 202-322-8246 or email gsa.privacyact@gsa.gov for clarification of content. For information pertaining to status or publication schedules, contact the Regulatory Secretariat Division at 202-501-4755 or GSARegSec@gsa.gov. Please cite GSPMR Case 2022-105-1.
End Further Info End Preamble Start Supplemental InformationSUPPLEMENTARY INFORMATION:
I. Background
The Social Security Number Fraud Prevention Act of 2017 (the Act) (Pub. L. 115-59; 42 U.S.C. 405 note), which was signed on September 15, 2017, restricts Federal agencies from including individuals' SSNs on documents sent by mail, unless the head of the agency determines that the inclusion of the SSN on the document is necessary (section 2(a) of the Act). The Act requires agency heads to issue regulations specifying the circumstances under which inclusion of a SSN on a document sent by mail is necessary. These regulations, which must be issued not later than five years after the date of enactment, shall include instructions for the partial redaction of SSNs where feasible, and shall require that SSNs not Start Printed Page 60956 be visible on the outside of any package sent by mail (section 2(b) of the Act). This proposed rule would revise the Agency regulations under the Privacy Act (41 CFR part 105-64), consistent with these requirements in the Act. The proposed revisions would clarify the language of procedural requirements pertaining to the inclusion of SSNs on documents that the Agency sends by mail.
II. Executive Orders 12866 and 13563
Executive Orders (E.O.s) 12866 and 13563 direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). E.O. 13563 emphasizes the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility. This is not a significant regulatory action and, therefore, was not subject to review under section 6(b) of E.O. 12866, Regulatory Planning and Review, dated September 30, 1993.
III. Congressional Review Act
The Office of Information and Regulatory Affairs (OIRA) has determined that this rule is not a major rule under 5 U.S.C. 804(2). Subtitle E of the Small Business Regulatory Enforcement Fairness Act of 1996 (codified at 5 U.S.C. 801-808), also known as the Congressional Review Act or CRA, generally provides that before a “major rule” may take effect, the agency promulgating the rule must submit a rule report, which includes a copy of the rule, to each House of the Congress and to the Comptroller General of the United States. The General Services Administration will submit a report containing this rule and other required information to the U.S. Senate, the U.S. House of Representatives, and the Comptroller General of the United States. A major rule under the CRA cannot take effect until 60 days after it is published in the Federal Register .
IV. Regulatory Flexibility Act
GSA does not expect this proposed rule to have a significant economic impact on a substantial number of small entities within the meaning of the Regulatory Flexibility Act, 5 U.S.C. 601, et seq. This rule does not impose a requirement for small businesses to report or keep records on any of the requirements contained in this rule.
Therefore, an Initial Regulatory Flexibility Analysis has not been performed. GSA invites comments from small business concerns and other interested parties on the expected impact of this rule on small entities.
GSA will also consider comments from small entities concerning the existing regulations in subparts affected by the rule in accordance with 5 U.S.C. 610. Interested parties must submit such comments separately and should cite 5 U.S.C. 610 (GSPMR Case 2022-105-1), in correspondence.
V. Paperwork Reduction Act
The Paperwork Reduction Act does not apply because the changes to the GSA-IDE do not impose recordkeeping or information collection requirements, or the collection of information from offerors, contractors, or members of the public that require the approval of the Office of Management and Budget (OMB) under 44 U.S.C. 3501, et seq.
Start List of SubjectsList of Subjects in 41 CFR Part 105-64
- Privacy
End SignatureLaura Gerhardt,
Acting Chief Privacy Officer, Office of the Deputy Chief Information Officer, General Services Administration.
Therefore, GSA proposes to amend 41 CFR part 105-64 as set forth below:
Start PartPART 105-64-GSA PRIVACY ACT RULES
End Part Start Amendment Part1. The authority citation for 41 CFR part 105-64 continues to read as follows:
End Amendment Part Start Amendment Part2. Amend § 105-64.001 by adding in alphabetical order the definition “Un-redacted SSN Mailed Documents Listing” to read as follows:
End Amendment PartStart Amendment PartWhat terms are defined in this part?* * * * *Un-redacted SSN Mailed Documents Listing (USMDL) means the Agency approved list, as posted at [GSA PRIVACY WEBSITE], designating those documents for which the inclusion of the Social Security account number (SSN) is determined to be necessary to fulfill a compelling Agency business need when the documents are requested by individuals outside the Agency or other Federal agencies, as determined by the Administrator or their designee.
3. Amend § 105-64.107 by adding paragraph (c) to read as follows:
End Amendment PartEnd Supplemental InformationWhat standards of conduct apply to employees with privacy-related responsibilities?* * * * *(c) In all documents sent by mail, employees shall redact SSNs if such redaction is permissible. Where full redaction is not possible due to agency requirements, partial redaction to create a truncated SSN shall be preferred to no redaction. The following conditions must be met for the inclusion of an unredacted (full) SSN or partially redacted (truncated) SSN on any document sent by mail on behalf of the agency:
(1) The inclusion of the full SSN or truncated SSN of an individual must be required or authorized by law;
(2) The inclusion of the full SSN or truncated SSN of an individual must be determined by the Administrator or their designee to be necessary to fulfill a compelling Administration business need;
(3) The full SSN of an individual may be included only on documents listed on the USMDL; and
(4) The full SSN, the truncated SSN, or any part of the SSN of an individual must not be visible from the outside of the envelope or package.
[FR Doc. 2022-21506 Filed 10-6-22; 8:45 am]
BILLING CODE 6820-34-P
Document Information
- Published:
- 10/07/2022
- Department:
- General Services Administration
- Entry Type:
- Proposed Rule
- Action:
- Proposed rule.
- Document Number:
- 2022-21506
- Dates:
- Interested parties should submit written comments to the Regulatory Secretariat Division at the address shown below on or before December 6, 2022 to be considered in the formation of the final rule.
- Pages:
- 60955-60956 (2 pages)
- Docket Numbers:
- GSPMR Case 2022-105-1, Docket No. GSA-GSPMR-2022-0017, Sequence No. 1
- RINs:
- 3090-AK62: General Services Administration, (GSA), Enterprise Data & Privacy Management Office (IDE); IDE Case-2022-01, Social Security Number Fraud Prevention
- RIN Links:
- https://www.federalregister.gov/regulations/3090-AK62/general-services-administration-gsa-enterprise-data-and-privacy-management-office-ide-ide-case-2022-
- Topics:
- Privacy
- PDF File:
- 2022-21506.pdf
- Supporting Documents:
- » Property Management Regulations: Enterprise Data and Privacy Management Office; Social Security Number Fraud Prevention
- CFR: (2)
- 41 CFR 105-64.001
- 41 CFR 105-64.107