[Federal Register Volume 87, Number 134 (Thursday, July 14, 2022)]
[Rules and Regulations]
[Pages 42097-42100]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-14847]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE INTERIOR
Office of the Secretary
43 CFR Part 2
[DOI-2021-0002; DS67010000, DWSNF0000.XD0000, DP67012, 22XD4523WS]
RIN 1090-AB24
Social Security Number Fraud Prevention Act of 2017
Implementation
AGENCY: Office of the Secretary, Interior.
ACTION: Direct final rule.
-----------------------------------------------------------------------
SUMMARY: The Department of the Interior (DOI) is publishing a direct
final rule to promulgate regulations to implement the provisions of the
Social Security Number Fraud Prevention Act of 2017. The new
regulations will prohibit the inclusion of an individual's Social
Security account number (SSN) on any document sent through the mail
unless the Secretary of the Interior deems it necessary and precautions
are taken to protect the SSN. The regulations also include requirements
for the safeguarding of SSNs sent through the mail by partially
redacting SSNs where feasible and prohibiting the display of SSNs on
the outside of any package or envelope sent by mail. This rule is being
published as a direct final rule as DOI does not expect any adverse
comments. If adverse comments are received, this direct final rule will
be withdrawn and a proposed rule for comments will be published.
DATES: This rule is effective September 12, 2022 without further action
unless adverse comment is received by August 15, 2022. If adverse
comment is received, DOI will publish a timely withdrawal of the rule
in the Federal Register.
ADDRESSES: Send written comments identified by docket number [DOI-2021-
0002] or [Regulatory Information Number (RIN) 1090-AB24], by any of the
following methods:
Federal e-Rulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments to docket number [DOI-
2021-0002].
Email: [email protected]. Include docket number
[DOI-2021-0002] or RIN 1090-AB24 in the subject line of the message.
U.S. mail or hand-delivery: Teri Barnett, Departmental
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW,
Room 7112, Washington, DC 20240.
Instructions: All submissions received must include the agency name
and docket number [DOI-2021-0002] or RIN 1090-AB24 for this rulemaking.
All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
Docket: For access to the docket to read background documents or
comments received, go to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Teri Barnett, Departmental Privacy
Officer, U.S. Department of the Interior, 1849 C Street NW, Room 7112,
Washington, DC 20240, [email protected] or (202) 208-1605.
SUPPLEMENTARY INFORMATION:
I. Background
The Social Security Number Fraud Prevention Act of 2017 (the Act),
Public Law 115-59, 42 U.S.C. 405 note, was signed on September 15,
2017. The Act restricts the inclusion of SSNs on any documents sent by
mail unless the head
[[Page 42098]]
of the agency determines that the inclusion of the SSN on the document
is necessary. The Act also directs agencies to issue regulations that
specify when inclusion of an SSN is necessary, include requirements for
the safeguarding of SSNs by partially redacting SSNs where feasible and
prohibiting the display of SSNs on the outside of any package or
envelope sent by mail.
In this direct final rule, DOI is adding a new subpart M, Social
Security Number Fraud Prevention Act Requirements, to 43 CFR part 2, to
implement the provisions of the Act. To comply with the Act, the new
regulations in subpart M prohibit the inclusion of SSNs on any document
sent through the mail by DOI bureaus and offices unless the Secretary
of the Interior (Secretary) deems it necessary and precautions are
taken to protect the SSNs. To safeguard SSNs and protect individual
privacy, subpart M includes requirements for DOI bureaus and offices to
partially redact SSNs where feasible, and specifically prohibits the
display of complete or partial SSNs on the outside of any package or
envelope sent by mail or through the window of an envelope or package.
Subpart M applies to all DOI bureau and office activities and describes
the scope of the regulations to include all documents written or
printed that DOI sends by mail that include the complete or partial SSN
of an individual as defined by the Privacy Act of 1974, as amended, 5
U.S.C. 552a.
II. Direct Final Rulemaking
This rule is being published as a direct final rule as DOI does not
expect to receive any significant adverse comments. If such comments
are received, this direct final rule will be withdrawn and a proposed
rule for comments will be published. If no such comments are received,
this direct final rule will become effective after the comment period
expires. A significant adverse comment is one that explains (1) why the
rule is inappropriate, including challenges to the rule's underlying
premise or approach; or (2) why the direct final rule will be
ineffective or unacceptable without a change. In determining whether a
significant adverse comment necessitates withdrawal of this direct
final rule, DOI will consider whether the comment raises an issue
serious enough to warrant a substantive response had it been submitted
in a standard notice and comment process. A comment recommending an
addition to the rule will not be considered significant and adverse
unless the comment explains how this direct final rule would be
ineffective without the addition.
An agency typically uses direct final rulemaking when it
anticipates the rule will be non-controversial. DOI has determined that
this rule is suitable for direct final rulemaking. The purpose of this
rule is to implement the provisions of the Act to apply restrictions
and safeguards for the inclusion of SSNs in documents that are mailed
to prevent unauthorized disclosure of SSNs and protect individual
privacy. This rule should not be controversial and is consistent with
Federal law and policy regarding the appropriate handling and
protection of personally identifiable information. Accordingly,
pursuant to 5 U.S.C. 553(b), DOI has for good cause determined that the
notice and comment requirements are unnecessary. This action is taken
pursuant to delegated authority.
III. Compliance With Other Laws, Executive Orders, and Department
Policy
1. Regulatory Planning and Review (Executive Orders 12866 and 13563)
Executive Order 12866 provides that the Office of Information and
Regulatory Affairs in the Office of Management and Budget (OMB) will
review all significant rules. The Office of Information and Regulatory
Affairs has determined that this rule is not significant.
Executive Order 13563 reaffirms the principles of Executive Order
12866 while calling for improvements in the nation's regulatory system
to promote predictability, to reduce uncertainty, and to use the best,
most innovative, and least burdensome tools for achieving regulatory
ends. The Executive Order directs agencies to consider regulatory
approaches that reduce burdens and maintain flexibility and freedom of
choice for the public where these approaches are relevant, feasible,
and consistent with regulatory objectives. Executive Order 13563
emphasizes further that regulations must be based on the best available
science and that the rulemaking process must allow for public
participation and an open exchange of ideas. We have developed this
rule in a manner consistent with these requirements.
2. Regulatory Flexibility Act
DOI certifies that this rule will not have a significant economic
effect on a substantial number of small entities under the Regulatory
Flexibility Act (5 U.S.C. 601, et seq.). This rule does not impose a
requirement for small businesses to report or keep records on any of
the requirements contained in this rule.
3. Small Business Regulatory Enforcement Fairness Act
This rule is not a major rule under 5 U.S.C. 804(2), the Small
Business Regulatory Enforcement Fairness Act. This rule:
(a) Does not have an annual effect on the economy of $100 million
or more.
(b) Will not cause a major increase in costs or prices for
consumers, individual industries, Federal, State, or local government
agencies, or geographic regions.
(c) Does not have significant adverse effects on competition,
employment, investment, productivity, innovation, or the ability of
United States-based enterprises to compete with foreign-based
enterprises.
4. Unfunded Mandates Reform Act
This rule does not impose an unfunded mandate on State, local, or
tribal governments in the aggregate, or on the private sector, of more
than $100 million per year. The rule does not have a significant or
unique effect on State, local, or tribal governments or the private
sector. The rule implements the Act in order to restrict the use of
complete SSNs in documents sent via mail. A statement containing the
information required by the Unfunded Mandates Reform Act (2 U.S.C.
1531, et seq.) is not required.
5. Takings (Executive Order 12630)
This proposed rule does not affect a taking of private property or
otherwise have taking implications under Executive Order 12630. This
rule is not a government action capable of interfering with
constitutionally protected property rights. The rule implements the Act
in order to restrict the use of complete SSNs in documents sent via
mail. A takings implication assessment is not required.
6. Federalism (Executive Order 13132)
Under the criteria of section 1 of Executive Order 13132, this rule
does not have any federalism implications to warrant the preparation of
a Federalism Assessment. The rule is not associated with, nor will it
have substantial direct effects on the States, on the relationship
between the Federal Government and the States, or on the distribution
of power and responsibilities among the various levels of government. A
Federalism Assessment is not required.
[[Page 42099]]
7. Civil Justice Reform (Executive Order 12988)
This rule complies with the requirements of Executive Order 12988.
Specifically, this rule:
(a) Meets the criteria of section 3(a) requiring that all
regulations be reviewed to eliminate errors and ambiguity and be
written to minimize litigation; and
(b) Meets the criteria of section 3(b)(2) requiring that all
regulations be written in clear language and contain clear legal
standards.
8. Consultation and Coordination With Indian Tribal Governments
(Executive Order 13175).
In accordance with Executive Order 13175, DOI has evaluated this
proposed rule and determined that it would have no substantial effects
on federally recognized Indian Tribes. This proposed rule does not have
tribal implications that impose substantial direct compliance costs on
Indian Tribal governments.
9. Paperwork Reduction Act of 1995
This rule does not contain information collection requirements and
a submission under the Paperwork Reduction Act is not required.
10. National Environmental Policy Act of 1969
The proposed rule implements the Act in order to restrict the use
of complete SSNs in documents sent via mail, and does not constitute a
major Federal action and would not have a significant effect on the
quality of the human environment. Therefore, this rule does not require
the preparation of an environmental assessment or environmental impact
statement under the requirements of the National Environmental Policy
Act.
11. Data Quality Act
In developing this rule, there was no need to conduct or use a
study, experiment, or survey requiring peer review under the Data
Quality Act (Pub. L. 106-554, section 515).
12. Effects on Energy Supply (Executive Order 13211)
This rule is not a significant energy action under the definition
in Executive Order 13211. DOI has determined that this proposed rule
will not have substantial direct effects on energy supply,
distribution, or use, including a shortfall in supply or price
increase. The rule has no bearing on energy development and will have
no effect on the volume or consumption of energy supplies. A Statement
of Energy Effects is not required.
13. Clarity of This Regulation
DOI is required by Executive Orders 12866 (section 1(b)(12)), 12988
(section 3(b)(1)(B)), and 13563 (section 1(a)), the Plain Writing Act
of 2010 (Pub. L. 111-274), and the Presidential Memorandum of June 1,
1998, to write all rules in plain language. This means each rule we
publish must:
(a) Be logically organized;
(b) Use the active voice to address readers directly;
(c) Use common, everyday words and clear language rather than
jargon;
(d) Be divided into short sections and sentences; and
(e) Use lists and table wherever possible.
List of Subjects in 43 CFR Part 2
Administrative practice and procedure, Classified information,
Confidential business information, Courts, Freedom of Information,
Government employees, Privacy, and Social Security Number Fraud
Prevention.
For reasons stated in the preamble, DOI amends part 2 of title 43
of the CFR as set forth below:
PART 2--FREEDOM OF INFORMATION ACT; RECORDS AND TESTIMONY
0
1. The authority citation for part 2 is revised to read as follows:
Authority: 5 U.S.C. 301, 552, 552a, 553, 31 U.S.C. 3717, 43
U.S.C. 1460, 1461, the Social Security Number Fraud Prevention Act
of 2017, Pub. L. 115-59, September 15, 2017.
0
2. Add subpart M to read as follows:
Subpart M--Social Security Number Fraud Prevention Act Requirements
Sec.
2.300 What is the purpose of this subpart?
2.301 What does this subpart cover?
2.302 What terms are used in this subpart?
2.303 What are DOI's requirements for protecting SSNs in document
sent by mail?
Subpart M--Social Security Number Fraud Prevention Act Requirements
Sec. 2.300 What is the purpose of this subpart?
(a) The purpose of this subpart is to implement the requirements of
the Social Security Number Fraud Prevention Act of 2017 (the Act),
Public Law 115-59, 42 U.S.C. 405 note, September 15, 2017.
(b) The Act:
(1) Prohibits Federal agencies from including any individual's
Social Security account number (SSN) on any document sent by mail
unless the head of the agency determines that such inclusion is
necessary; and
(2) Requires agencies to issue regulations that specify the
circumstances under which such inclusion is necessary.
Sec. 2.301 What does this subpart cover?
(a) This subpart describes how DOI, including all its bureaus and
offices, handles the use and protection of individuals' SSNs in
documents that are mailed. SSNs may only be included in documents that
are mailed when authorized and necessary, and where appropriate
safeguards are employed to protect individual privacy in accordance
with the Act.
(b) This subpart includes the circumstances under which inclusion
of an individual's SSN on a document is authorized to be mailed;
(c) This subpart requires SSNs to be safeguarded when mailed by:
(1) Requiring the partial redaction of SSNs where feasible; and
(2) Prohibiting the display of SSNs on the outside of any package
or mailing envelope sent by mail or through the window of an envelope
or package.
Sec. 2.302 What terms are used in this subpart?
Act means the Social Security Number Fraud Prevention Act of 2017,
Public Law 115-59.
Bureau is any component or constituent bureau or office of DOI,
including the Office of the Secretary and any other Departmental
office.
Department or DOI means the Department of the Interior.
Document means a piece of written or printed matter that provides
information or evidence or that serves as an official record.
Individual means a natural person who is a citizen of the United
States or an alien lawfully admitted for permanent residence as defined
by the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
Mail means artifacts used to assemble letters and packages that are
sent or delivered by means of an authorized carrier of postal delivery
or United States Postal Service (USPS) postal system. (For purposes of
the subpart, the postal system that is managed by the U.S. Postal
Service.)
Social Security number or Social Security account number means the
nine-digit number issued by the Social Security Administration to U.S.
citizens, permanent residents, and temporary (working) residents under
section 205(c)(2) of the Social Security Act, codified as 42 U.S.C.
405(c)(2).
[[Page 42100]]
Truncated or partial SSN means the shortened or partial Social
Security account number.
Sec. 2.303 What are DOI's requirements for protecting SSNs in
document sent by mail?
(a) DOI bureaus and offices may not include the full or partial SSN
of an individual on any document sent via mail unless:
(1) The inclusion of an SSN on a document sent by mail is required
or authorized by law;
(2) The responsible program office has conducted the proper
assessment and taken steps to mitigate the use of the SSN and any
impacts to individual privacy; and
(3) The Secretary of the Interior has determined that the inclusion
of the SSN on the document is necessary and appropriate to meet legal
and mission requirements in accordance with this subpart.
(b) Bureaus and offices shall partially redact or truncate SSNs in
documents sent by mail where feasible to reduce the unnecessary use of
SSNs and mitigate risk to individuals' privacy.
(c) In no case shall any complete or partial SSN be visible on the
outside of any envelope or package sent by mail or displayed on
correspondence that is visible through the window of an envelope or
package.
Joan M. Mooney,
Principal Deputy Assistant Secretary, Policy, Management and Budget.
[FR Doc. 2022-14847 Filed 7-13-22; 8:45 am]
BILLING CODE 4334-63-P