Social Security Administration: Disclosure Policy for Law Enforcement Allows Information Sharing, but SSA Needs to Ensure Consistent Application (30-SEP-03, GAO-03-919). Law enforcement agencies' efforts to investigate the events of September 11th increased awareness that federal agencies collect and maintain personal information on individuals such as name, social security number, and date of birth that could be useful to law enforcement. The Social Security Administration (SSA) is one of the country's primary custodians of personal information. Although the Privacy Act protects much of this information, generally, federal agencies can disclose information to law enforcement. However, determining when the need for disclosure takes priority over an individual's privacy is not clear. GAO was asked to describe (1) SSA's disclosure policy for law enforcement and how it compares with the Privacy Act and those of other federal agencies, (2) SSA's experience sharing information with law enforcement, and (3) law enforcement's experience obtaining information under SSA's policy. -------------------------Indexing Terms------------------------- REPORTNUM: GAO-03-919 ACCNO: A08616 TITLE: Social Security Administration: Disclosure Policy for Law Enforcement Allows Information Sharing, but SSA Needs to Ensure Consistent Application DATE: 09/30/2003 SUBJECT: Federal social security programs Information disclosure Interagency relations Law enforcement agencies Privacy law Social security number Policies and procedures ****************************************************************** ** This file contains an ASCII representation of the text of a ** ** GAO Product. ** ** ** ** No attempt has been made to display graphic images, although ** ** figure captions are reproduced. Tables are included, but ** ** may not resemble those in the printed version. ** ** ** ** Please see the PDF (Portable Document Format) file, when ** ** available, for a complete electronic file of the printed ** ** document's contents. ** ** ** ****************************************************************** GAO-03-919 United States General Accounting Office GAO Report to Congressional Requesters September 2003 SOCIAL SECURITY ADMINISTRATION Disclosure Policy for Law Enforcement Allows Information Sharing, but SSA Needs to Ensure Consistent Application GAO-03-919 Highlights of GAO-03-919, a report to congressional requesters Law enforcement agencies' efforts to investigate the events of September 11th increased awareness that federal agencies collect and maintain personal information on individuals such as name, social security number, and date of birth that could be useful to law enforcement. The Social Security Administration (SSA) is one of the country's primary custodians of personal information. Although the Privacy Act protects much of this information, generally, federal agencies can disclose information to law enforcement. However, determining when the need for disclosure takes priority over an individual's privacy is not clear. GAO was asked to describe (1) SSA's disclosure policy for law enforcement and how it compares with the Privacy Act and those of other federal agencies, (2) SSA's experience sharing information with law enforcement, and (3) law enforcement's experience obtaining information under SSA's policy. GAO recommends that the SSA Commissioner take steps (1) to ensure that its policy is consistently applied across all offices and (2) to provide information on the disclosure policy and procedures to law enforcement entities at all levels of government. SSA raised some concerns but generally agreed with GAO's recommendations. www.gao.gov/cgi-bin/getrpt?GAO-03-919. To view the full report, including the scope and methodology, click on the link above. For more information, contact Barbara Bovbjerg, 202-512-7215, [email protected]. September 2003 SOCIAL SECURITY ADMINISTRATION Disclosure Policy for Law Enforcement Allows Information Sharing, but SSA Needs to Ensure Consistent Application Although SSA's disclosure policy permits the sharing of information with law enforcement entities, it is more restrictive than the Privacy Act and the disclosure policies of most federal agencies. While the Privacy Act permits disclosures to law enforcement for any type of crime, SSA only allows disclosures under certain conditions. For example, for serious and violent crimes, SSA will disclose information to law enforcement if the individual whose information is sought has been indicted or convicted of that crime. Even when information is disclosed, it might be limited to results obtained from verifying a social security number and name unless the investigation concerns fraud in SSA or other federal benefit programs, then the agency can work with law enforcement officials as part of a task force or joint investigation. However, the disclosure policies for law enforcement of the Internal Revenue Service (IRS) and the Census Bureau, both of which have requirements prescribed in their statutes, are also more restrictive than the Privacy Act and the policies of most federal agencies. SSA officials consider SSA's disclosure policy integral to carrying out the agency's mission. The various restrictions in SSA's disclosure policy create a complex policy that is confusing and could cause inconsistent application across the agency's more than 1,300 field offices. This could result in uneven treatment of law enforcement requests. Because aggregated data were not available, GAO was unable to assess the extent to which SSA does not consistently apply its policy. However, GAO was told of instances in which SSA officials in some field offices did not give law enforcement information that appeared to be permitted under the policy as well as instances in which they gave them more than what appeared to be allowed. Generally, law enforcement officials find the limited information SSA shares useful to their investigation, but many law enforcement officials, particularly state and local law enforcement officials, are not familiar with the policy or the process for requesting information from SSA. Most law enforcement officials expressed a desire for more information than is currently permitted under SSA's policy, but SSA maintains that providing more information would hurt its ability to carry out its primary mission. Personal Information SSA Discloses Sources: GAO and copyright (c) Corel Corp. All rights reserved. Contents Letter Results in Brief Background SSA's Disclosure Policy Allows Information Sharing with Law Enforcement under Certain Conditions, but is More Restrictive than the Privacy Act SSA Has Provided Information to Law Enforcement Officials, but Confusion about the Disclosure Policy May Cause Inconsistent Application While Some Law Enforcement Officers Were Unfamiliar with the Policy, Most Were Generally Satisfied with the Information Shared Conclusions Recommendations Agency Comments and Our Evaluation 1 2 4 7 20 24 27 28 28 Appendix I Scope and Methodology Appendix II Chief Financial Officers' Act Agencies' Rules on Disclosure of Records to Law Enforcement Appendix III Comments from the Social Security Administration Appendix IV GAO Contacts and Staff Acknowledgments 41 GAO Contacts 41 Staff Acknowledgments 41 Tables Table 1: Exceptions Permitted under the Privacy Act for Disclosing Information 6 Table 2: Number of Information Requests Granted to Law Enforcement by OIG Field Divisions and Headquarters in Fiscal Years 2000 through 2002 24 Figure Figure 1: SSA's Disclosure Policy for Law Enforcement 12 Abbreviations CD-ROM Compact Disc-Read-Only Memory CFO Chief Financial Officer CFR Code of Federal Regulations FBI Federal Bureau of Investigation FOIA Freedom of Information Act FR Federal Register ICE DHS Immigration and Customs Enforcement Department of Homeland Security INS Immigration and Naturalization Service IRC Internal Revenue Code IRS Internal Revenue Service MOU memorandum of understanding OIG Office of the Inspector General OMB Office of Management and Budget POMS Program Operations Manual System SSA Social Security Administration SSI Supplemental Security Income SSN Social Security number USC United States Code This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States General Accounting Office Washington, DC 20548 September 30, 2003 The Honorable F. James Sensenbrenner, Jr. Chairman Committee on the Judiciary House of Representatives The Honorable E. Clay Shaw, Jr. Chairman Subcommittee on Social Security Committee on Ways and Means House of Representatives Law enforcement agencies' efforts to investigate the events of September 11th increased awareness that federal agencies collect and maintain personal information on individuals that could be useful to law enforcement in helping them locate and prosecute individuals responsible for crimes. Federal agencies maintain personal information such as name, social security number (SSN), and address in their databases. For example, the Social Security Administration (SSA), the federal agency responsible for administering three major benefit programs and issuing SSNs, is one of the country's primary custodians of personal information, maintaining records on 290 million living individuals. To protect personal information collected by all federal agencies, including SSA, the Congress passed the Privacy Act in 1974. The Privacy Act generally requires the individual affected to give consent before a federal agency discloses personal information the agency maintains in certain records and retrieves using the individual's name or other identifying information. However, there are 12 exceptions to the restrictions placed on federal agencies for disclosing this personal information, one of which permits disclosure to law enforcement agencies as long as certain criteria are met. The Privacy Act protects individuals' privacy while, at the same time, allowing individuals' personal information to be disclosed for appropriate purposes, such as assisting law enforcement. Determining when the need for disclosure takes priority over an individual's privacy is not always clear. With an eye toward finding an appropriate balance between protection and disclosure of personal information, the Congress asked us to describe: (1) SSA's disclosure policy for law enforcement purposes and how it compares to the Privacy Act and other federal agencies, (2) SSA's experience sharing information with law enforcement agencies, and (3) law enforcement's experience in obtaining information under SSA's disclosure policy. To provide information on these issues, we compared SSA's disclosure policy for law enforcement with the Privacy Act and with disclosure policies of the other 23 federal agencies covered by the Chief Financial Officers' Act. Because the Internal Revenue Service (IRS) and the Bureau of the Census, like SSA, are similar in size and scope of data maintained on individuals, we also compared SSA's disclosure policy with those of IRS and Census. We also made site visits and interviewed officials about their experiences with SSA's disclosure policy at SSA headquarters; SSA regional and field offices; SSA's Office of the Inspector General (OIG); and federal, state, and local law enforcement agencies. In addition, we surveyed a random sample of SSA field offices and all SSA OIG field offices for investigations to obtain information on law enforcement requests and disclosures between fiscal years 1999 and 2002. The information provided by all entities was self-reported. We conducted our work between August 2002 and July 2003 in accordance with generally accepted government auditing standards. For additional information on our scope and methodology, see appendix I. While SSA's policy permits the sharing of information with law enforcement under certain conditions, it is more restrictive than the law enforcement exception specified under the Privacy Act and the policies of most federal agencies. SSA's disclosure policy requires SSA officials to consider several factors such as the nature of the alleged criminal activity of the individual on whom information is requested, what information has been requested, and which agency has made the request. These requirements stem from a confidentiality policy established in 1937 that prohibited most disclosures. SSA is also the custodian of tax information, which can only be disclosed as permitted in the Internal Revenue Code (IRC). With regard to nontax information, SSA modified its policy subsequent to the enactment of the Privacy Act, to permit disclosures, but only for certain types of crimes or under certain conditions. For example, the Privacy Act allows the sharing of information on individuals who are the subjects of criminal investigations regardless of the type of crimes but under SSA's policy, if the type of crime is considered violent and serious, individuals must have been indicted or convicted of the crime before information is shared. SSA maintains that it must have a restrictive disclosure policy because much of the information the agency maintains was initially obtained under a pledge of confidentiality. Unlike SSA, the policies of most major federal agencies allow the disclosure of information Results in Brief to law enforcement if the requests for information meet the requirements outlined in the Privacy Act. However, the disclosure policies of IRS and Census-two agencies that also maintain information on millions of individuals-have disclosure requirements prescribed in their statutes that are also more restrictive than the Privacy Act and the policies of most federal agencies. The IRS statute prohibits disclosing certain taxpayer information to other federal departments and agencies without specific statutory authorization. The Census Bureau's statute does not authorize any disclosures of individual census data to law enforcement. Although SSA's policy supports sharing tax information as permitted by the IRC and limited nontax information with law enforcement under certain conditions, some SSA field office staff appear confused about the policy and may be applying it inconsistently. Law enforcement can request information from any SSA field office, including OIG offices. On the basis of our random sample of field offices, we estimate that 82 percent of these offices received requests for personal information from law enforcement agencies. The information most frequently shared was the result of name and SSN verification. Through our site visits and survey results, we were told about both instances in which it appeared that SSA field offices denied law enforcement requests when they could have provided information and instances in which it seemed that offices provided more information than was permitted under SSA's policy. While some law enforcement officials were unfamiliar with SSA's disclosure policies, most were generally satisfied with the information provided by SSA, though most wanted more. Some law enforcement agencies at the state and local level were unfamiliar with the process for obtaining information and expressed frustration. These law enforcement agencies frequently were unfamiliar with the process for obtaining information until after making initial requests to SSA field offices and, in some instances, they told us that they had their requests turned down because they did not follow procedures. Federal law enforcement agencies, on the other hand, were more familiar with the procedures for obtaining information from SSA. Law enforcement officials at all levels indicated that the SSN and name verification SSA provided was often helpful to their investigations. However, most wanted SSA to provide additional information such as address, date of birth, and employer or family information. Some law enforcement officers told us that they wanted SSA to expand the circumstances under which disclosures could be made. However, SSA officials expressed concern that expanding SSA's disclosure policy would hamper the agency's ability to ensure that Background individuals' personal information is protected and that resources are not diverted from administering Social Security benefit programs. We make recommendations in this report that the Commissioner of SSA take steps to ensure consistent application of the disclosure policy for law enforcement in all of the agency's offices and better assist law enforcement agencies making requests, so that they understand the procedures for making requests. In its comments on a draft of this report, SSA raised some concerns, but generally agreed with our recommendations and believed in some instances, the agency was already taking steps to address the issues we raised. However, SSA expressed concern that our draft report did not completely describe the statutory basis and rationale behind SSA's disclosure policy, and therefore our findings and recommendations are "overbroad". We believe our findings and recommendations are well grounded; however, we have made some clarifications in this report in response to SSA's comments. With virtually billions of records, the federal government is the largest single producer, collector, and user of information in the United States. In order to carry out the various missions of the federal government, federal agencies collect and maintain personal information such as name, date of birth, address, and SSNs to distinguish among individuals and ensure that people receive the services or benefits they are entitled to under the law. SSA is responsible for issuing SSNs as part of its responsibility for administering three major income support programs for the elderly, disabled, and their dependents: the Old-Age and Survivors Insurance; Disability Insurance; and Supplemental Security Income. SSA is also the repository of information on individuals' wages and earnings. This information is used in tax administration and is reported by individuals on their federal income tax returns. Tax return information may only be disclosed as permitted by the IRC. Information transmitted to SSA has been protected from disclosure by statute and regulation since the inception of the Social Security program. To maintain the confidentiality of the personal information the agency collects to carry out its mission, in June 1937, SSA adopted its first regulation, known as "Regulation No. 1," to protect the privacy of individuals' records and to include a pledge of confidentiality. The regulation was reinforced by amendments to the Social Security Act in 1939, which became the statutory basis for maintaining the confidentiality of SSA's records. For decades, the act, along with Regulation No. 1, formed the basis for SSA's disclosure policy.1 However, the enactment of subsequent legislation-the Freedom of Information Act (FOIA) in 19662 and Government in the Sunshine Act in 1976-caused SSA to reexamine its disclosure and confidentiality policy. This legislation placed the burden on SSA, as well as other federal agencies, to justify withholding information requested. Still, SSA's policy is designed to protect the privacy rights of individuals to the fullest extent possible while permitting the exchange of records required to fulfill its administrative and program responsibilities. Over the years, SSA's disclosure policy has been revised to comply with about 25 statutes, including the Privacy Act. The Privacy Act of 1974 is the primary law governing the protection of personal privacy by agencies of the federal government.3 The Privacy Act regulates the collection, maintenance, use, and disclosure of personal information that federal agencies maintain in a system of records.4 The act requires that, at the time the information is collected, agencies inform an individual of the following: (1) authority for the collection and whether it is mandatory or voluntary, (2) the principal purpose for the collection of information, (3) what the routine uses for the information may be, and (4) what the consequences are of not providing the information.5 The act applies to systems of records maintained by federal agencies, and with certain exceptions, prohibits agencies from disclosing such records without the consent of the individual whose records are being sought. The act authorizes 12 exceptions under which a federal agency may disclose information in its records without consent, as shown in table 1. The Privacy Act requires that the Office of Management and Budget (OMB) issue guidance and oversee agency implementation of the act. The act does not generally apply to state and local government records; state laws 1This statute is codified at 42 U.S.C. 1306. 2FOIA provided the public a right of access to federal agency records unless they are protected from disclosure by nine stated exemptions. 3Generally applicable privacy-related requirements are also found in the FOIA, the Paperwork Reduction Act of 1995, and the E-Government Act of 2002, among others. 4The Privacy Act defines a system of records as a group of records containing information about individuals under the control of the agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifier assigned to the individual, such as an SSN. 5Agencies are required to publish notices in the Federal Register concerning the establishment and revision of systems of records and to ensure the security and confidentiality of the information in those systems. vary widely regarding disclosure of personal information in state government agencies' control. Table 1: Exceptions Permitted under the Privacy Act for Disclosing Information Activity or agency warranting exception Conditions under which disclosure is permitted 1. Internal use within federal If an employee or officer of the agency maintaining agency the record needs the information to perform official duties. 2. FOIA If the provisions of the FOIA require the disclosure. 3. Routine usea If the use has been determined to be compatible with the purpose for which the data were originally collected.b 4. Census Bureau For planning or conducting a census, survey, or related activity authorized by the Census statute. 5. Statistical research If written assurance is provided that the record would be used solely as a statistical record and it is transferred in a form that personal information will not be individually identifiable. 6. National Archives If the record has sufficient historical or other value to warrant its evaluation for preservation by the Archivist of the United States or a designee. 7. Civil or criminal law enforcement If used for the purpose of a civil or criminal law enforcement activity within the United States. 8. Health or safety If compelling circumstances affect the health or safety of an individual.c 9. Congress If either house of the Congress or committees or subcommittees with jurisdiction over the subject requests disclosure. 10. Comptroller General If disclosure is for use in the performance of the duties of the General Accounting Office. 11. Court order If pursuant to the order of a court of competent jurisdiction. 12. Consumer reporting agency If disclosure is relevant to collection of a claim of the United States Government (31 USC 3711(e)). Source: GAO review of the Privacy Act. aAgencies must keep an accounting of disclosures made under exceptions 3-12. bThe routine use must have been publicly identified (in the Federal Register) as such prior to disclosure. cThe Privacy Act requires that the individual be notified after the disclosure is made. The Privacy Act, under the law enforcement exception, outlines the minimum criteria that must be met by a law enforcement agency to obtain personal information without an individual's consent. The act requires that the request specify the information being sought and the law enforcement activity being carried out. The request must be in writing, and signed by the agency head.6 In addition, OMB guidance permits agencies to disclose a personal record covered by the Privacy Act to law enforcement at the agencies' own initiative, when a violation of law is suspected; provided that such disclosure has been established in advance as a "routine use" and misconduct is related to the purposes for which the records are maintained. The routine use exception of the Privacy Act permits disclosure of individuals' personal information if the requested use is compatible with the purpose for which the information was initially collected. Under the act, agencies are required to keep an accurate accounting regarding each disclosure of a record to any person or to another agency and to retain the accounting for at least 5 years or the life of the record, whichever is longer. Under OMB guidance, an agency need not keep track of every disclosure at the time it is made, but the agency must be able to reconstruct an accurate and complete accounting of disclosures. SSA's Disclosure Policy Allows Information Sharing with Law Enforcement under Certain Conditions, but is More Restrictive than the Privacy Act While SSA's policy permits the sharing of nontax information with law enforcement, it does so only under certain conditions and is more restrictive than both the law enforcement exception specified under the Privacy Act and the disclosure policies of most federal agencies. Before allowing the disclosure of information, SSA's disclosure policy requires SSA officials to consider several factors such as the nature of the alleged criminal activity, what information has been requested, and which agency has made the request. Such considerations are above and beyond what is included in the law enforcement exception to the Privacy Act. SSA maintains that it must have a restrictive disclosure policy because much of the information the agency collects is especially personal. In addition, SSA officials believe that the agency must uphold the pledge it made to the public to keep this information confidential when SSA first began collecting it. Unlike SSA, the policies of most major federal agencies allow the disclosure of information to law enforcement if the requests for 6Under implementing OMB guidance, disclosures may also be made to state and local government law enforcement agencies, as well as to federal agencies. "Responsibilities for the Maintenance of Records About Individuals by Federal Agencies," Office of Management and Budget, 40 FR 28948, 28955 (July 9, 1975). OMB found support for its guidance regarding law enforcement disclosures in congressional floor statements made regarding the Privacy Act legislation. information meet the requirements outlined in the Privacy Act. However, like SSA's disclosure policy, the disclosure policies of the IRS and the Bureau of the Census, which have disclosure requirements prescribed in their statutes, are more restrictive than the Privacy Act and the disclosure policies of most federal agencies. SSA Discloses Information to Law Enforcement under Certain Conditions While SSA has a long history of protecting individuals' privacy, the agency's disclosure policy allows the disclosure of information to law enforcement under certain conditions. These conditions require that SSA officials consider several factors before they release individuals' personal information. For example, they must examine the nature of the alleged criminal activity, what information has been requested, and which agency has made the request. SSA will share information if the criminal activity involves one of the following: o Fraud or other criminal activity in Social Security programs. SSA will provide information necessary to investigate or prosecute fraud or other criminal activity in Social Security programs. o Nonviolent crimes and criminal activity in other government programs that are similar to Social Security programs. SSA may also disclose information to investigate and prosecute fraud and other criminal activity in similar benefit programs, including state welfare/social services programs such as Medicare or Medicaid, unemployment compensation, food stamps, and general assistance and federal entitlement programs administered by the Department of Veterans Affairs, Office of Personnel Management, and the Railroad Retirement Board.7 o Violent and serious crimes. SSA may disclose information when a violent crime has been committed and the individual who is the subject of the information requested has been (1) indicted or convicted of the crime and (2) the penalty for conviction is incarceration for at least 1 year and a day regardless of the sentence imposed. SSA might also disclose information when a person violates parole and the violent crime provisions of the original conviction have been met. SSA defines violent and serious crimes as those characterized by the use of physical force or by the threat of physical force causing actual injury, or coercing the victim 7Railroad Retirement benefits are authorized under the Railroad Retirement Act and provide income protection to railroad workers and their families during old age, times of disability, or the death of qualified workers. to act for fear of suffering serious bodily harm. Such crimes include but are not limited to: murder; rape; kidnapping; armed robbery; burglary of a dwelling; arson; drug trafficking or drug possession with intent to manufacture, import, export, distribute or dispense; hijacking; car-jacking; and terrorism. o Provisions of other federal statutes that require that SSA disclose its records such as in connection with civil or criminal violations involving federal income tax or the location of aliens. SSA will disclose information when another federal statute requires disclosure, such as the IRS statute for tax purposes or the Immigration and Naturalization statute for locating aliens. o The jeopardy or potential jeopardy of the security and safety of SSA's clients, personnel, or facilities. SSA will disclose information about an individual if that individual is involved in an activity that places the health, safety or security of SSA clients, personnel, or facilities in jeopardy or potential jeopardy. After the disclosure, SSA must send a notice of the disclosure to the individual whose record was disclosed. SSA's disclosure policy is contained in 20 C.F.R. Part 401 and is promulgated through regulations outlined in its "Program Operations Manual System" (POMS) and Emergency Messages. POMS is the primary tool the field offices use to assist them in making appropriate disclosure decisions when they receive requests from law enforcement agencies. POMS provides detailed guidance and incorporates references to disclosures covered by 25 different statutes, which are located in at least 15 different sections of the POMS. SSA uses Emergency Messages, usually limited to a one-time only emergency situation, to provide implementing guidance in emergency situations. For example, on September 19, 2001, SSA issued an emergency message to field offices instructing them to direct all law enforcement requests related to the terrorists' attacks of September 11, 2001, to SSA's OIG's Office. SSA's regulations are designed for implementation at all levels of the agency, including SSA's field offices, regions, and headquarters offices. SSA can make disclosures through its headquarters, 1,336 field offices, or 10 regional offices. Disclosures can also be made through SSA's OIG, the law enforcement component of SSA that is responsible for conducting audits and investigations of agency programs and activities. The OIG is authorized to handle disclosures through a memorandum of understanding (MOU) with SSA. The OIG investigations staff conducts and coordinates activity related to fraud, waste, abuse, and mismanagement of SSA programs and operations. The OIG investigations staff also conducts joint investigations with other federal, state, and local law enforcement agencies. The OIG investigations staff is located in 60 locations that comprise 31 field offices and 10 field divisions. SSA's OIG is authorized to disclose individuals' personal information to law enforcement agencies as agreed with SSA under a MOU. In July 2000, SSA's OIG and the Commissioner of SSA signed an MOU, which outlines the conditions under which the OIG can disclose to law enforcement agencies certain limited information from SSA's records in cases involving fraud of a Social Security program or misuse of an SSN. Under the MOU, the OIG can disclose whether a given name and SSN match the name and SSN in records at SSA, referred to as SSN verification. The MOU delegates authority to OIG employees at all levels. SSA requires that the OIG ensure that law enforcement requests meet the same requirements outlined in the Privacy Act as well as those outlined in SSA's POMS and other guidance. In addition, law enforcement requests must include the name and SSN to be reviewed and a certification that the individual about whom information is sought is suspected of misusing an SSN or of committing another crime against a Social Security program. Under the MOU, the OIG is permitted to open an investigation and participate in joint investigations with law enforcement officials, if the OIG determines that further investigation is warranted. SSA requires that the OIG submit an annual report to the Commissioner of SSA, no later than 30 days after the end of the fiscal year. The annual report must reflect the total number of SSN verification requests received and responses made, if the number is different, broken down by OIG field division. SSA also requires that the OIG maintain records from each fiscal year for 1 year. The Commissioner of SSA can revoke the delegation of authority to the OIG described in the MOU at any time by providing a 30-day notice. While any SSA office can make disclosures, the Privacy Officer within SSA's Office of Disclosure Policy, located in the Office of General Counsel, has overall responsibility for overseeing the agency's implementation of the disclosure policy. Except for requests involving national security issues, which are referred to the Privacy Officer at SSA headquarters and ultimately to the Commissioner of SSA, field locations handle requests for disclosing information because the offices are at the local level where information is frequently needed. Privacy Coordinators are located in the regional offices and are available to assist the field offices on questions about disclosures. The Privacy Coordinators report to the Privacy Officer. When SSA receives a request from law enforcement agencies, SSA officials must first determine whether the request is valid, that is, in writing on the agency's letterhead, specifies the records being requested, and is signed by an official of the requesting office. SSA field office officials are instructed to rely on their knowledge of local law enforcement agencies to determine whether a request is from the proper person. For valid requests, SSA officials must also determine whether the agency requesting the information has jurisdiction in the particular case. Other specific criteria considered in determining whether SSA will disclose individuals' personal information to law enforcement agencies are outlined in figure 1. Tax information is disclosed consistent with IRC 6103. SSA officials told us that in all cases, the agency's practice is to provide only the minimum amount of information necessary to assist law enforcement. Figure 1: SSA's Disclosure Policy for Law Enforcement SSA's Disclosure Policy for Law Enforcement (continued) SSA's Disclosure Policy for Law Enforcement (continued) Sources: Social Security Administration (data) and copyright (c) Corel Corp. All rights reserved (icons). aState officials do not have jurisdiction in welfare fraud cases in Native American Territories; therefore, SSA does not disclose information to state officials. bThe Bureau of Immigration and Customs Enforcement of the Department of Homeland Security (ICE DHS) was created with the merger of the former Immigration and Naturalization Service (INS) and Customs Service. cSSA has specific procedures for processing Immigration requests for personal information through its field offices and the Immigration District located in Baltimore, Maryland. dState and local agencies may obtain this information from SSA under automated data exchange. eAll requests concerning these crimes are processed at SSA headquarters through the Privacy Officer, who refers the cases to the Commissioner for a decision under the Commissioner's ad hoc authority. fSSA advises staff to consider whether the possible violations are of significant value to the other agency and whether excessive use of SSA's resources would be required to help the other agency in its investigation. For law enforcement requests that do not fit neatly in the categories described or do not meet the specific criteria outlined in SSA's policy, SSA's Commissioner decides whether or not the agency will share the requested information using the Commissioner's ad hoc authority. The Commissioner's ad hoc authority is generally reserved for exceptional cases approved on a case-by-case basis. For example, following the September 11th, 2001, terrorist attacks, the Commissioner's ad hoc authority was invoked to disclose to the FBI and other law enforcement agencies information in SSA's files concerning suspects or other persons who may have had information on the attacks and to help identify and locate victims and members of their families.8 Certain requirements must be met in order to invoke the Commissioner's ad hoc authority. The request must be deemed appropriate and necessary, SSA's regulations cannot specify what is to be done in the circumstance in question, and no provision of law can specifically prohibit the disclosure. SSA policy prohibits the disclosure of tax return information under the Commissioner's ad hoc authority. SSA officials told us that the Commissioner invokes this authority infrequently and had rendered decisions to disclose information to law enforcement agencies 35 times between April 1981 and October 2002. SSA's Disclosure Policy for Law Enforcement Is More Restrictive than the Privacy Act Unlike SSA's disclosure policy, the Privacy Act requires that fewer criteria be met before a disclosure is made. However, SSA officials state that the agency must protect tax information and maintain the pledge of confidentiality that the agency made long before the Privacy Act was enacted. Therefore, SSA's policy imposes additional requirements as a condition for disclosure. Over the years, SSA has modified its disclosure policy to incorporate legislative requirements, but where it had discretion, SSA has continued to focus its policy on protecting individuals' privacy and upholding the pledge of confidentiality. 8As noted in figure 1, SSA's policy usually prohibits the disclosure of individuals' personal information to law enforcement agencies when the person whose information is requested is only suspected of a crime. However, in this case, the Commissioner made the decision that it was appropriate to give information on individuals suspected of the criminal activity and the families of the victims. The law enforcement exception of the Privacy Act permits disclosure of individuals' personal information when a law enforcement agency (1) requests the information for an authorized law enforcement activity, (2) makes the request through the agency head, (3) submits the request in writing, and (4) specifies the information requested and the law enforcement activity involved. Under the Privacy Act, a law enforcement agency investigating a person suspected of embezzlement or shoplifting could submit a request to most federal agencies, including SSA, for information seeking or verifying the person's name, SSN, date of birth, last known address, and other data. Most federal agencies would probably provide that information from their records covered by the Privacy Act. However, under SSA's policy, no information would be given to the law enforcement agency because SSA has determined that these are not crimes that warrant any disclosure of individuals' personal information. Additionally, the Privacy Act includes a routine use exception, which allows personal information to be disclosed on the initiative of the custodian agency. To qualify for a routine use, the proposed use of the information must be compatible with the purpose for which the information was obtained. Agencies must publish their routine uses in the Federal Register. SSA relies on the routine use exception to disclose information to law enforcement when fraud or other violations are suspected in SSA's programs and other similar federal income or health maintenance programs. The law enforcement exception of the Privacy Act permits all federal agencies to disclose personal information to law enforcement agencies upon written request from the law enforcement agency. Twenty of the 9SSA's disclosure policy for nontax information is the subject of this report since disclosure of tax information is only permitted by the IRC. 10Components of some agencies have a disclosure policy that differs from the disclosure policy of the agency of which they are a part. For example, the Department of Commerce uses the Privacy Act to guide its disclosures, while Census, which is a component of Commerce, has its own statute. Similarly, IRS, which is a component of Treasury, has its own statute. SSA's Policy Is More SSA's disclosure policy9 is more restrictive than the disclosure policies of Restrictive than the most major federal agencies, with IRS and the Census Bureau, being Policies of Most Federal exceptions. However, unlike SSA's disclosure policy, the policies of the IRS and Census are specifically provided in statute. Most major federalAgencies, with the agencies' policies allow for disclosures to law enforcement agencies underException of IRS and the law enforcement or the routine use exceptions of the Privacy Act.10 Census 24 major federal agencies have issued regulations that reference that disclosure authority.11 In addition, OMB guidance permits agencies to disclose personal information covered by the Privacy Act to law enforcement agencies under the routine use exception of the Privacy Act. The routine use exception permits federal agencies, at their own initiative, to disclose personal information without consent if the use is compatible with the purpose for which the information was collected. OMB guidance permits such a disclosure to a law enforcement agency when a violation of law is suspected, provided that such disclosure has been established in advance as a "routine use" and the misconduct is related to the purposes for which the information is collected and maintained.12 Fourteen of the 24 major federal agencies have established law enforcement routine use exceptions that are generally applicable to their systems of records. Some agencies alternatively only apply the law enforcement routine use exception to specific systems of records.13 Accordingly, under the Privacy Act, disclosure of personal information to law enforcement agencies may be permitted, depending on the agency and the circumstances, either by the law enforcement exception or the routine use exception. SSA, however, does not permit such disclosures from SSA program records under either exception. As already discussed, SSA requires considerations above and beyond the requirements in the Privacy Act. (See app. II for a list of federal agencies' rules referencing the Privacy Act law enforcement disclosure authority and those authorizing a general law enforcement routine use exception.) Although SSA's disclosure policy for law enforcement is restrictive relative to most other federal agencies, IRS and Census also have restrictive disclosure requirements, which are outlined in these agencies' statutes. IRS's disclosures of tax returns and return information are governed by 11We identify the major federal agencies as the 24 agencies covered by the Chief Financial Officers' Act of 1990 and 1994 legislation designating SSA as an independent agency requiring a Chief Financial Officer. 1240 Fed. Reg. 28948, 28953, and 28955, July 9, 1975. 13The 2001 Compilation of Privacy Act Issuances provides examples of specific systems of records to which the law enforcement routine used is applied: for example, Department of Agriculture, Agricultural Marketing Service, Employment History Records for Licensed Nonfederal Employees (USDA/AMS-1); General Services Administration, Employee-related files (GSA/Agency-1); Small Business Administration, Audit Reports (SBA 015); and Department of the Treasury, Treasury Integrated Management Information Systems (Treasury/DO .002). The Privacy Act Issuances are available on-line from the Government Printing Office (www.gpo.gov). Internal Revenue Code Section 6103, which prohibits disclosures unless specifically authorized in statute. This statutory restriction serves to protect the confidentiality of personal and financial information in IRS's possession and ensure compliance with tax laws. A court order is generally required to open tax returns or other tax information to federal law enforcement officials investigating a federal nontax crime or preparing for a grand jury or other judicial proceeding, without the knowledge or consent of the taxpayer involved. The Attorney General, the Deputy Attorney General, and other Justice Department officials specifically named in the statute, are permitted to seek a court order. To obtain a court order, the requester has to demonstrate that: o reasonable cause exists to believe that a specific criminal act has been committed and tax return information is or may be relevant to a matter relating to the commission of the criminal act; o the information being sought will be used exclusively in a federal criminal investigation concerning the criminal act; and cannot be reasonably obtained, under the circumstances, from another source. Information federal law enforcement obtains from IRS generally cannot be shared with state and local law enforcement. However, the Victims of Terrorism Tax Relief Act of 2001 permits federal law enforcement agencies involved in terrorist investigations/intelligence gathering to redisclose this information to officers and employees of state and local law enforcement who are directly engaged in investigating or analyzing intelligence concerning the terrorist incidents, threats, or activities. The disclosure authority for Census is spelled out in statute under Title 13 of the United States Code. The Census statute prohibits the disclosure of any individual's Census data other than for use by the Census, making information that the Bureau of the Census collects and maintains immune from the legal process. Unlike IRS, a court order will not permit the Census Bureau to disclose information to law enforcement agencies or any other entities that may request an individual's personal information. Regulations provide that a person's individual census information may not be disclosed to the public for 72 years from the decennial census for which the information was collected and the fine for wrongful disclosure of confidential census information is imprisonment of up to 5 years or a fine up to $250,000, or both.14 The statute further restricts the use of individuals' Census data to the Secretary of Commerce, or bureau and agency employees. Additionally, Census data for individuals may only be (1) used for statistical purposes for which it was supplied; (2) published in a manner so that an individual's information cannot be identified; and (3) examined by persons who have been sworn as officers or employees of the Department of Commerce, or the Bureau of the Census. The statute even protects from compulsory disclosure, copies of Census information that an individual may have retained for their own personal use. Accordingly, "no department, bureau, agency, officer, or employee of the government, except the Secretary of Commerce in carrying out the statutory duties of the agency, shall require copies of information an individual may have retained." An individual's personal retained copies of census forms are immune from the legal process and cannot be admitted as evidence in any action, suit, or other judicial or administrative proceeding without the individual's consent. SSA Views Restrictions as Integral to Carrying Out Its Mission SSA maintains that it must have a restrictive disclosure policy to protect individuals' personal information, even from law enforcement requests, because much of the information the agency collects is especially personal and was initially obtained under the pledge of confidentiality. SSA officials told us that they try to limit disclosure because the agency has no control over the extent to which information will be safeguarded once disclosed. In addition, Social Security has universal coverage and an individual cannot refuse to be assigned an SSN. The Social Security Act requires that SSA compile wage and employment data for each individual. According to an SSA official, individuals cannot receive Social Security benefits without having an SSN. In SSA's disclosure policy, the agency recognizes that its rules for disclosure are more restrictive than the Privacy Act and cites several reasons why. According to SSA, it seldom has records that are useful to law enforcement agencies and information from tax returns- such as addresses or employment information-cannot be disclosed. Also, SSA contends that its resources should not be diverted for nonprogram purposes. Finally, SSA says that it has a long-standing pledge to the public to maintain the confidentiality of its records. 14The decennial census occurs every 10 years, in the years ending in "0," to count the population and housing units for the entire United States. SSA Has Provided Information to Law Enforcement Officials, but Confusion about the Disclosure Policy May Cause Inconsistent Application Information SSA Provided to Law Enforcement Often Limited to Name and SSN Verification SSA's Disclosure Policy Confuses Staff and May Not Be Consistently Applied across SSA Field Offices Although SSA's policy supports sharing limited information with law enforcement under certain conditions, we found evidence that some SSA field office staff are confused about the policy that could result in staff applying it inconsistently. Information provided to law enforcement is generally limited to the verification of a name and SSN, though more information may be provided under certain circumstances. Information obtained through our selected site visits and survey results indicated that SSA field offices might have denied law enforcement requests when they could have provided information and instances in which offices might have provided more information than was permitted under SSA's policy. Because SSA is not required to and therefore, does not maintain aggregated data showing what requests were made, whether they were approved, and what information was given to fulfill them, we could not determine the extent to which these inconsistencies occurred. Information provided to law enforcement is routinely limited to the verification of a name and SSN, though more information may be provided under certain circumstances. When law enforcement provides SSA with the name and SSN of an indicted or convicted criminal, SSA can conduct a search on the SSN to determine if it is valid and if it matches the name provided by law enforcement. If the name and the SSN do not match, SSA will not usually identify to whom the SSN actually belongs, though they will tell law enforcement that there was no match. Except to identify and locate illegal aliens, SSA generally will not provide any information if law enforcement only provides an SSN and wants to know to whom it is assigned. Under certain circumstances, such as when SSA's OIG conducts a joint investigation with other law enforcement agencies involving fraud against one of SSA's programs, the OIG is allowed to provide any information available in SSA's data system, short of IRS data. SSA tries to ensure that its disclosure policy is consistently implemented in all field offices. SSA takes various steps to ensure the consistent applications of its disclosure policy. For example, SSA has taken steps to educate its staff about its disclosure policy. SSA managers indicated that SSA staff is given disclosure policy training when they start employment and such training is refreshed as needed. Additionally, SSA posts the policy on its internal Web site and on Compact Disc-Read-Only Memory (CD-ROM) for staff reference. Furthermore, a regional "privacy coordinator" is available to answer staff questions about proper disclosure procedures. One SSA regional office provided a chart to all SSA field offices within its "program circle"15 that briefly summarizes SSA's policy on access and disclosure without consent. Although this chart had not been updated since July 1996, it was viewed by the manager we talked with as a handy guide for what could be disclosed and also provided references to the location of a more thorough explanation of SSA's policy in their POMS. In addition, to ensure that disclosure procedures are followed, field office managers told us that they usually handle information requests from law enforcement officials rather than leaving this duty to staff. However, we noted in our survey and during selected site visits, a limited number of instances where SSA's disclosure policy appears to have been inconsistently applied. In some instances, law enforcement might have received more information than permitted under SSA's policy. For example, one SSA OIG office we visited provided a law enforcement agency with the name, SSN, date of birth, place of birth, and parents' name when it seemed that only the name and SSN verification results should have been provided. In another case, an SSA official reported that a state law enforcement officer stopped an individual and telephoned SSA requesting information to verify the SSN, date of birth, place of birth, and sex and was provided the results over the telephone. Although SSA's policy permits the verification of the name and SSN, such requests are required to be in writing. In other instances, requests that should have been approved might have been turned down. For example, one SSA field office manager told us that nothing could be disclosed to law enforcement if the request for information pertained to an individual suspected of misusing an SSN because the individual had not been indicted or convicted of this crime. However, SSA's policy would appear to permit disclosure in this situation. Another SSA field office manager told us that office would not disclose any information without consent from the individual for whom the information is being requested. Several possible reasons exist for the inconsistent application of SSA's disclosure policy. Although our survey showed that most SSA field offices receive requests for information from law enforcement, SSA field officials we spoke with said that they do not receive requests frequently. For example, several officials told us that they received fewer than 10 requests in 2002. Because requests are infrequent, staff must often consult the policy to help them to respond properly. However, many staff members 15The "program circle" consisted of 12 SSA field offices within the area of this particular regional office. SSA Field Offices Do Not Maintain Aggregated Data, but OIG Does consider the policy confusing. For example, one field office manager said that, "We have doubts as to what information should be provided to U.S. Border Patrol." Similarly, a manager in another field office said, "SSA[`s] disclosure policy should be written in "Plain English" to make it easy to understand by all readers." A different field office manager commented, "[SSA's] Disclosure policy is still frequently confusing for much of our staff." This lack of clarity leads to confusion about what should be disclosed. For example, one manager said, "[SSA's policy] is quite confusing. It's hard to know what you can disclose." Another manager commented, "I think the policy should be clearer than it is. There's too much...'if this, then that, but not this and so on.'" In addition, SSA's responsibilities to both assist law enforcement and protect individuals' privacy may be exacerbating the confusion and inconsistent application of the agency's policy. For example, officials at SSA headquarters said that they want to help law enforcement as much as possible, but they believed they must also protect the privacy of the information in their systems of records in order to perform SSA's primary mission. Some managers in SSA field offices believed that the agency should provide information to law enforcement. However, several field office managers expressed their concerns and reluctance about sharing information with law enforcement agencies. Employees who provide information to an individual inappropriately could be subject to a penalty, including suspension or termination from SSA. Therefore, rather than risk disclosing information inappropriately, some officials might err on the side of caution and not disclose information even when it is permitted under the agency's disclosure policy. Consistent application of SSA's disclosure policy cannot be assessed because, according to OMB guidelines, SSA is not required to maintain aggregated data showing what requests were made, whether they were approved, and what information was given to fulfill them.16 According to SSA, disclosures of individuals' personal information are kept in individuals' files. While SSA policy does not stipulate that field offices must keep track of requests made by a law enforcement agency, our survey revealed some information about these requests. For example, we estimate that 82 percent of SSA field offices indicated that they had 16OMB guidance requires that agencies be able to reconstruct an accurate and complete accounting of disclosures. However, we did not request that SSA reconstruct the accounting of disclosures to law enforcement agencies because it was beyond the scope of this assignment, and according to SSA, such a request would involve a huge undertaking. received requests for personal information from law enforcement agencies. However, 71 percent of SSA's field offices do not maintain a record of requests made by law enforcement agencies. While the majority of SSA field offices do not maintain records of law enforcement requests, results from our survey showed that 90 percent of the SSA OIG offices maintain these data for disclosures the OIG made. The SSA OIG is required to report to the SSA Commissioner aggregated data annually on disclosures made. According to the OIG, it also keeps a hard copy of requests made by law enforcement agencies for at least 1 year. On the basis of these aggregated data, between fiscal years 2000 and 2002, SSA OIG regional divisions fulfilled almost 30,000 requests from law enforcement agencies for name and SSN verification. Table 2 shows the number of verifications fulfilled by SSA OIG regional divisions and headquarters. However, no numbers are kept on denied law enforcement requests. According to SSA OIG officials, in most cases, law enforcement officers contact OIG offices by telephone before submitting a request so no written record exists if the OIG does not grant the request for information. Table 2: Number of Information Requests Granted to Law Enforcement by OIG Field Divisions and Headquarters in Fiscal Years 2000 through 2002 Field divisions and Fiscal year Fiscal year Fiscal year headquarters 2000 2001 2002 Total Atlanta D - NCa 198 1,660 1,858 Boston D - NC 391 1,072 1,463 New York 52 307 2,202 2,561 Philadelphia D - NC 405 1,748 2,153 Chicago D - NC 2,872 7,289 10,161 Dallas 320 439 1,767 2,526 St. Louis 237 894 1,467 2,598 Denver 176 173 1,184 1,533 Los Angeles 400 553 2,353 3,306 Seattle D - NC 520 282 Headquarters - - 838 Totals 1,185 6,752 21,862 29,799 While Some Law Enforcement Officers Were Unfamiliar with the Policy, Most Were Generally Satisfied with the Information Shared Many State and Local Law Enforcement Officers Were Unfamiliar with SSA's Disclosure Policy and Procedures Source: SSA OIG data. aD - NC - Records destroyed; no counts available. Prior to fiscal year 2000, law enforcement verifications were conducted by Allegation Management Division (OIG Hotline), and records no longer exist for those verifications. In April 2002, the Office of Investigations began using the code "LEVER" when conducting law enforcement verifications in the SSA system. The use of "LEVER" will provide OIG with an automated retrieval of the count, and manual counts will no longer be used effective fiscal year 2003. While some law enforcement officials we spoke with were unfamiliar with SSA's disclosure policies, most were generally satisfied with the information provided by SSA, though most would like more. Some law enforcement agencies at the state and local level were unfamiliar with the process for obtaining information and expressed frustration with their attempts to obtain information from SSA. Law enforcement officials indicated that the SSN and name verification SSA provided was often helpful to their investigations. However, most wanted SSA to provide additional information such as address, date of birth, and employer or family information. SSA officials have several concerns about expanding SSA's disclosure policy. Findings from site visits indicated that some law enforcement officers at the state and local level, who generally request information from SSA field offices, are unfamiliar with the process for obtaining information from SSA offices. Because SSA does not have written procedures on its disclosure policy available to law enforcement, some officers find out how Most Law Enforcement Officials Found Shared Information Useful but Many Believed More Information Was Needed to obtain information virtually by trial and error. For example, one officer told us that after having his initial request for information, which was not in writing turned down because he had not followed proper procedures, he obtained a search warrant to obtain the information from SSA. The officer said that no one at SSA explained to him the procedures for obtaining information until he got the search warrant. It is unclear when or if SSA officials let law enforcement officers know what procedures need to be followed to get information. Federal law enforcement agencies, on the other hand, more often understood the Privacy Act's procedures. Further, most federal law enforcement agencies we spoke with submitted their requests to SSA's OIG-itself, a federal law enforcement agency. Our survey results indicated that on average in 2002, 46 percent of the requests made to OIG offices came from federal law enforcement agencies while 27 percent of the requests made to SSA field offices on average came from federal law enforcement agencies. While details on SSA's disclosure policy are available in their POMS and other SSA documents that summarize this information, it is not readily available to law enforcement. A summary of the policy can be found on SSA's Web site under the caption "Code of Federal Regulations for Social Security." However, it is not easy to find and provides little detail on what SSA will provide to law enforcement. Further, the Web site does not provide law enforcement with instructions on what they need to do to get the information. Officials from federal, state, and local law enforcement agencies we spoke with were generally satisfied with the information provided by SSA although most would like more information on individuals. Law enforcement officials indicated that, although in most cases SSA only verified a name and SSN, the information received was useful to their investigations and, in some cases, was enough to help convict an individual of a crime. The information received from SSA was considered by law enforcement as the most accurate and up-to-date information available to help in their investigations. Law enforcement was also satisfied with the time in which SSA provided the information. In many cases, law enforcement officers we spoke with indicated that SSA provided the information very quickly. In addition, one SSA OIG official told us that when procedures are followed correctly, the OIG can reply back in 24 hours or less, depending on the information requested. SSA confirmed the timeliness of its responses to law enforcement requests. We estimate that over 90 percent of both SSA field office and OIG respondents reported that it took 24 hours or less to fulfill a request. Our survey results showed that 40 percent of SSA field offices and 21 percent of SSA OIG offices reported that it took less than an hour to fulfill a request from a law enforcement agency. Although most of the law enforcement officials we spoke with were satisfied with information provided by SSA, several believed the information provided was insufficient. Several of these law enforcement officials believed that the name and SSN verification was not enough to help with their investigations. These individuals generally wanted additional information such as the suspect's wage information, address, employer, and date of birth. In documents provided to us, SSA's OIG listed the following situations in which the OIG could not provide information to law enforcement. When the official o provides the SSN and wants to know to whom it is assigned; o wants information to locate witnesses or suspects in high profile cases or missing persons; o wants information on individuals with Alzheimer's disease who are lost, o wants information on next of kin; o wants information to locate a fugitive who may be receiving benefits under SSA's Old-Age and Survivors Insurance program and its Disability Insurance program; o wants information to make identifications in child pornography cases; o wants information to determine if there has been any activity on a Social Security account in a custodial interference case;17 and o wants information on SSNs related to non-SSA-related fraud cases or counterfeit cases. 17A custodial interference case usually involves the actions of one spouse who kidnaps a child from the spouse who has custody of the child. The Social Security account can provide information that could help to locate the spouse who kidnapped the child. Some law enforcement officials were unhappy with SSA's refusal to provide such information, especially because they believed that SSA could easily provide it in a short period of time. For example, one federal officer who investigates nonviolent felony crimes said that SSA seems more concerned about someone committing fraud against one of its programs than about identity theft involving the use of someone's SSN. He also said that SSA would not provide him with any information on the person whose identity was being stolen. Another officer said that because he could not get necessary information from SSA, he had resorted to other means of gathering the information needed. The officer said that depending on resources available, it could take up to 3 weeks to get someone's SSN through other sources. Furthermore, the officer said that while he could make the case without the SSA information, the information SSA can provide would be invaluable to helping fully prosecute a case. Many SSA officials in the field and OIG offices agreed that SSA's disclosure policy is too restrictive. Many believed that, for legitimate investigations, the policy should allow for disclosures to law enforcement officials of whatever information they need. One SSA OIG official said that, as a law enforcement officer, he believed that he should be able to provide information to another law enforcement officer especially when he knew that doing so would help with a case and also because law enforcement officers would be more willing to share information with the OIG. While the SSA Commissioner can invoke ad hoc authority for certain specific cases to disclose information, as was done in response to the disclosure requests related to the September 11 terrorist attacks, SSA officials said that the use of this authority must be limited. SSA headquarters officials believe that expanding its disclosure policy would hamper its ability to ensure that individuals' personal information is protected and that resources are not diverted from administering Social Security benefit programs. Conclusions Protecting individuals' privacy and providing information to law enforcement that could be helpful in solving crimes or ensuring national security are two important yet sometimes seemingly conflicting policy objectives. SSA places a high priority on privacy, and its policy for disclosure to law enforcement agencies goes beyond the requirements of the Privacy Act. SSA's disclosure policy attempts to preserve its pledge to maintain individuals' privacy while cooperating with law enforcement and complying with applicable statutes. The end result is a complex policy that is more restrictive than the Privacy Act requirements and those of most federal agencies and more like the policies of IRS and Census, agencies Recommendations o o Agency Comments and Our Evaluation that maintain personal information whose requirements are embodied in statute. In addition, some SSA field office staff and local law enforcement officers find SSA's policy confusing and sometimes frustrating. As a possible consequence of SSA staff and local law enforcement's confusion about SSA's policy, law enforcement may be denied requested information even though SSA's policy permits its disclosure or law enforcement may receive information that SSA's policy does not permit. Although we could not assess the overall level of consistency in the application of SSA's policy, we believe eliminating or reducing confusion about the agency's policy would help ensure consistent application, and that this can be achieved with relatively modest actions on SSA's part. To help ensure consistent application of SSA's disclosure policy for law enforcement in all of its offices and to better assist law enforcement agencies making disclosure requests, we recommend that the Commissioner of SSA do the following: Take steps to eliminate confusion about the agency's disclosure policy. These steps could include clarifying SSA's policy; providing additional or refresher training to staff; or delegating decision-making authority for law enforcement requests to specified locations such as the OIG, regional privacy coordinators, or other units that SSA determines would have expertise in this area. Provide law enforcement with information on SSA's disclosure policy and procedures. For example, this information could be provided on its Web site, in informational pamphlets, or some other written format. We obtained written comments on a draft of this report from the Commissioner of SSA. SSA's comments are reproduced in appendix III. SSA also provided technical comments, which we incorporated in the report as appropriate. We also provided a draft of this report to the Departments of Commerce, Justice, and Treasury for review and comment. These three agencies reported that they had no comments. SSA stated that our draft report accurately reflected the importance of SSA's disclosure policy to the agency's mission but it presents an incomplete description of both the statutory basis for and rationale behind the policy. Further, SSA stated that the draft report does not take into account the statutory basis for the nondisclosure of tax information or the statutory support for the agency's long-standing confidentiality pledge; therefore, SSA believes that our findings and recommendations are "overbroad." We are aware of SSA's obligation under the IRC and took this into consideration during our review of SSA's disclosure policy; however, we have revised the report, where appropriate, to clarify that our observations about SSA's disclosure policy relative to the Privacy Act do not extend to SSA's disclosure of tax information. Disclosure of tax information is controlled by section 6103 of the IRC. We also provided additional reference to the statutory basis and rationale behind SSA's disclosure policy. SSA also commented that 42 U.S.C. 1306 provided an independent basis for nondisclosures, apart from the Privacy Act. The report recognizes that 42 U.S.C. 1306 provides the basis for SSA's disclosure policy and we have added a citation for this authority. Section 1306 provides SSA authority to regulate the dissemination of information in its custody as otherwise permitted by federal law. Other federal law includes the Privacy Act. Our report merely points out that SSA has used this authority to regulate in a more restrictive fashion than the Privacy Act requires. SSA stated that it believed that our characterizing the agency's policy as more restrictive than most federal agencies does SSA a disservice because many federal agencies have little interaction with the public at large. SSA states that the only two agencies of SSA's size and scope with respect to gathering information from the public to accomplish their missions are IRS and Census, which have more restrictive disclosure policies and statutes that prohibit disclosures. We believe that our comparison and characterization of SSA's disclosure policy is fair. We compared SSA's disclosure policy to those of the other 23 agencies covered by the Chief Financial Officers' Act. We decided also to compare SSA's policy to those of IRS and Census because they are similar in size and scope of data maintained on individuals. All of the agencies we compared are subject to the Privacy Act. As we reported, SSA's disclosure policy, as well as those of IRS and the Census Bureau is more restrictive than most federal agencies. SSA agreed in part with our recommendation that the Commissioner take steps to eliminate confusion that may cause inconsistent application of the policy. SSA acknowledged that the policy is complex and could lead to occasional inconsistent application. However, SSA stated that it provides extensive instructions in its POMS for employees and the instructions refer staff to experts in regional and central offices for assistance when needed. SSA also stated that its regional offices have provided employees access to Intranet sites that clarify disclosure policy, but the agency will consider providing additional refresher training as appropriate. In addition, SSA stated it is currently reviewing improvements to the POMS sections that address law enforcement disclosures that the agency believes will address our concerns. SSA expressed concern about the option to consider delegating "decision-making authority for law enforcement requests to specified locations such as the OIG..." SSA stated that the Inspectors General Act of 1978 prohibits agencies from transferring programmatic functions to the Inspector General. We acknowledge in our report that SSA provides guidance on its disclosure policy in its POMS. While we found that employees were aware of this guidance, SSA staff told us that they found SSA's policy confusing. We believe additional training as well as improvements to the POMS that clarify or simplify SSA's policy should help ensure consistent application. With respect to SSA's concern about our recommendation to consider delegating decision-making authority for law enforcement requests to specified locations such as the OIG, regional privacy officers, or other units that SSA determines would have expertise in this area, we did not intend to imply that programmatic functions be transferred to the OIG. Our recommendation was aimed at directing disclosure requests to units that currently perform this function and that appear to have expertise in SSA's disclosure policy. We simply intended to provide options for SSA to better utilize the resources they already have in place to determine whether law enforcement requests are permitted under SSA's disclosure policy. The OIG, who currently responds to law enforcement requests as authorized under an MOU with SSA, was only one of the units we suggested as an option. We continue to believe that delegating authority to handle disclosure requests to specified units with expertise in SSA's disclosure policy would be a plausible option for helping to ensure consistent application of SSA's policy. This option could reduce or eliminate the need for SSA field office officials who receive sporadic requests from law enforcement to relearn SSA's disclosure policy. SSA agreed with our recommendation that the Commissioner of SSA should provide law enforcement with information on SSA's disclosure policy and procedures and SSA believes the agency has done so. However, SSA stated it would review its Web site and other public informational materials to see if additional material or formatting changes would be helpful. We acknowledged in our report that SSA's policy can be found on the Internet, but noted that it is not easily found and does not clearly explain how law enforcement could obtain information. Although SSA officials told us that they provided limited discussion of the agency's disclosure policy and procedures at law enforcement conferences, these officials did not indicate the number of conferences attended or whether these conferences involved federal, state, or local law enforcement. Some of the local law enforcement officials we spoke with were unfamiliar with how to obtain information from SSA. Therefore, we continue to believe that information that clearly defines SSA's disclosure policy and procedures would be helpful to law enforcement. Further, we believe that our findings and recommendations are central to many concerns expressed by both SSA and law enforcement officials and we view the steps that SSA indicated that it plans to consider, or already has in process to ensure consistent application of its disclosure policy and law enforcement's understanding of how to obtain information from SSA as appropriate steps toward correcting the concerns expressed. We are sending copies of this report to the Commissioner of Social Security; the Secretaries of Commerce, Treasury, and Homeland Security; the U.S. Attorney General; appropriate congressional committees; and other interested parties. We will also make copies of this report available to others on request. In addition, the report will be available at no charge on GAO's Web site at http://www.gao.gov. If you or your staffs have questions about this report, please call me on (202) 512-7215. Other GAO contacts and staff acknowledgments are listed in appendix IV. Barbara D. Bovbjerg Director, Education, Workforce, and Income Security Issues Appendix I: Scope and Methodology To attain our objectives for this assignment, we reviewed and compared the Social Security Administration's (SSA) disclosure policy for law enforcement and the Privacy Act. We also compared SSA's disclosure policy with that of the Internal Revenue Service (IRS) and the Bureau of the Census because SSA officials believe that these agencies are comparable with SSA. Additionally, we compared SSA's disclosure policy with the general law enforcement disclosure policies for the other 23 Chief Financial Officers' (CFO) Act agencies. To help determine how SSA's disclosure policy affects information sharing with law enforcement, we conducted site visits and detailed interviews at SSA field offices and SSA's Office of the Inspector General (OIG), as well as nearby field offices for federal, state, and local law enforcement agencies in Los Angeles, California; Chicago, Illinois; and Dallas, Texas. We also administered an electronic survey to all SSA OIG field offices1 and a stratified random sample of SSA field offices. We interviewed SSA officials in both headquarters and field offices and law enforcement officials at the federal, state, and local levels of government about their experiences with sharing individuals' personal information. At the headquarters level, we interviewed SSA officials responsible for disclosure policy in the Office of General Counsel and the SSA OIG, Baltimore, Maryland. We interviewed law enforcement officials from the Departments of Justice and Treasury, including the Federal Bureau of Investigation (FBI); Bureau of Immigration and Customs Enforcement, formerly Immigration and Naturalization Service (INS) and Customs; Executive Office for United States' Attorneys; Drug Enforcement Agency; United States Marshals Service; Secret Service; Internal Revenue Service (IRS); and Alcohol, Tobacco and Fire Arms, headquartered in Washington, D.C. During the course of our review, several of these law enforcement agencies merged into the Department of Homeland Security, or were otherwise reorganized.2 We also interviewed OIG officials for investigation at the Departments of Education and Housing and Urban 1SSA OIG officials identified 31 field offices of its 60 locations as the universe of field offices to survey. According to the officials, the remaining locations are satellite offices that report to the 31 offices identified. 2Effective January 2003, the Bureau of Alcohol, Tobacco and Firearms reorganized with the law enforcement functions transferred to the Department of Justice, but the tax and trade functions remained in the Department of the Treasury. Effective March 2003, the Secret Service, Customs, and Immigration and Naturalization Service were merged into the newly created Department of Homeland Security. Appendix I: Scope and Methodology Development in Washington, D.C. Our site visits included interviews with the Bureau of Immigration and Customs Enforcement, at Dallas, Texas, and law enforcement officials of the Arlington Police Department, Arlington, Virginia. We surveyed SSA offices in order to: (1) estimate the type and volume of law enforcement requests for personal information received by SSA; (2) determine the distribution of these requests across federal, state, and local law enforcement agencies; and (3) gain some understanding of the bases for the granting and denial of these requests. Our working definition of a personal information request is an instance for which a law enforcement agency requested the personal information of one or more individuals between fiscal years 1999 and 2002. For example, if a law enforcement agency requested addresses for two people in a single instance, this would count as one personal information request. We were specifically interested in law enforcement agencies' requests for personal information, such as social security numbers, names, addresses, birth dates, and income. We designed an Internet-based survey and organized it into multiple sections that included the following areas: receipt of law enforcement requests, response time for fulfilling law enforcement requests, and methods for handling law enforcement requests. We selected a stratified random sample of 335 SSA field offices to participate in the survey. This number was based on an expected response rate as well as a precision level. The sample was stratified by 10 regional locations and taken from a listing of 1,286 field offices that SSA provided. The original list contained 1,336 locations. Fifty locations that are not considered field offices and, therefore, do not receive law enforcement agency requests were excluded from the sampling frame. All 31 SSA Inspector General offices were surveyed since these sites routinely accept law enforcement agencies' requests for personal information. The survey was mailed electronically to the manager in charge at SSA and Inspector General field offices. Both office types received the same on-line survey. Survey data were collected between February 25, 2003, and March 21, 2003. The overall response rate was 90 percent; with 97 percent of the Inspector General's field offices and 90 percent of SSA's field offices responding. Regional response rates in the sample ranged from 86 percent to 95 percent across 10 regional locations. To provide some indication of the reliability of the survey results, standard errors were calculated. The sample was weighted in the analysis to statistically account for the sample design and nonresponse. We are 95 percent certain that the survey estimates provided in this report are Appendix I: Scope and Methodology within plus or minus 10 percentage points of those estimates that would have been obtained had all SSA offices been captured. To minimize some of the potential biases of other errors that could figure into the survey results, we conducted pretests that included both the SSA Inspector General and SSA field offices. Four pretest sites were SSA field offices located in Wheaton, Maryland; Washington, D.C. (Anacostia); Seattle, Washington; and Chicago, Illinois. One pretest site was an SSA Inspector General office located in Washington, D.C. The pretests were conducted either through teleconferences or face-to-face interviews, and were completed between December 2002 and January 2003. We conducted our audit work between August 2002 and July 2003 in accordance with generally accepted government auditing standards. Appendix II: Chief Financial Officers' Act Agencies' Rules on Disclosure of Records to Law Enforcement Rule referencing Privacy Act disclosure General routine use exception of Privacy Act Federal agencies authority permits disclosure to law enforcementa Agriculture 7 CFR 1.119 Commerce 15 CFR 4.30(a)(5)(vii) 46 FR 63501 (12/31/81) Defense 32 CFR 310.41 32 CFR 310 App. C Education 34 CFR 5b.9(b)(7) 34 CFR 5b. App. B Energy 10 CFR 1008.17(b)(7) Health and Human Services 45 CFR 5b.9(b)(7) 45 CFR 5b. App. B Housing and Urban 24 CFR 16.11(a)(5) 2001 Privacy Act Development Issuance Interior 43 CFR 2.56(b)(5) Justice Labor 67 FR 16816 (4/8/02) State 2001 Privacy Act Issuance Transportation 49 CFR 10.35(a)(7) 2001 Privacy Act Issuance Treasury 31 CFR 1.24(a)(7) Veterans Affairs 38 CFR 1.576(b)(7) Environmental Protection Agency 40 CFR 16.10 67 FR 8246 (2/22/02) 2001 Privacy Act National Aeronautics and Space 14 CFR 1212.203(f)(7) Issuance Administration Agency for International 2001 Privacy Act Development 22 CFR 215.10(c)(7) Issuance Federal Emergency 44 CFR 6.20(g) 67 FR 3193 Management (1/23/02) Agency General Services 41 CFR 105-64.201(g) Administration National Science Foundation Nuclear Regulatory 10 CFR 9.80(a)(7) 67 FR 63774 Commission (10/15/02) Office of Personnel 5 CFR 293.401(g) & 406 60 FR 63075 Management (12/8/95) Small Business 13 CFR 102.22(h) Administration Social Security Administration 20 CFR 401.110 plus more stringent requirements Source: GAO analysis, Office of General Counsel data. aAgencies may also have provisions for routine use disclosures for law enforcement for specific systems of records. The 2001 Compilation of Privacy Act Issuances provides examples of specific systems of records to which the law enforcement routine used is applied: for example, Department of Agriculture, Agricultural Marketing Service, Employment History Records for Licensed Nonfederal Employees (USDA/AMS-1); General Services Administration, Employee-related files (GSA/Agency-1); Small Business Administration, Audit Reports (SBA 015); and Department of the Treasury, Treasury Integrated Management Information Systems (Treasury/DO .002). The Privacy Act Issuances are available on-line from the Government Printing Office (www.gpo.gov). Appendix III: Comments from the Social Security Administration Appendix III: Comments from the Social Security Administration Appendix III: Comments from the Social Security Administration Appendix III: Comments from the Social Security Administration Appendix III: Comments from the Social Security Administration Appendix IV: GAO Contacts and Staff Acknowledgments GAO Contacts Staff Acknowledgments (130185) Shelia Drake (202) 512-7172 ([email protected]) Jacqueline Harpp (202) 512-8380 ([email protected]) In addition to those named above, Margaret Armen, Richard Burkard, Malcolm Drewery, Kevin Jackson, Corinna Nicolaou, and David Plocher made key contributions to this report. Barbara Hills, Theresa Mechem, and Mimi Nguyen provided assistance with graphics. GAO's Mission Obtaining Copies of GAO Reports and Testimony The General Accounting Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO's Web site (www.gao.gov) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as "Today's Reports," on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select "Subscribe to e-mail alerts" under the "Order GAO Products" heading. Order by Mail or Phone The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. General Accounting Office 441 G Street NW, Room LM Washington, D.C. 20548 To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061 Contact: To Report Fraud, Web site: www.gao.gov/fraudnet/fraudnet.htm Waste, and Abuse in E-mail: [email protected] Federal Programs Automated answering system: (800) 424-5454 or (202) 512-7470 Jeff Nelligan, Managing Director, [email protected] (202) 512-4800 Public Affairs U.S. General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C. 20548 *** End of document. ***