Union Calendar No. 487
115th CONGRESS 2d Session |
[Report No. 115–636]
To authorize the Commissioner of Social Security to provide confirmation of fraud protection data to certain permitted entities, and for other purposes.
March 7, 2018
Mr. Curbelo of Florida (for himself, Mr. Marchant, Ms. Sinema, and Mr. Hultgren) introduced the following bill; which was referred to the Committee on Ways and Means
April 13, 2018
Additional sponsors: Mr. Royce of California, Mr. Messer, Mr. McHenry, Mr. Himes, Mr. Perlmutter, Mr. Duffy, Mr. Huizenga, Mr. Delaney, Mr. Sessions, Mr. Tipton, and Mr. Young of Iowa
April 13, 2018
Reported with an amendment, committed to the Committee of the Whole House on the State of the Union, and ordered to be printed
[Strike out all after the enacting clause and insert the part printed in italic]
[For text of introduced bill, see copy of bill as introduced on March 7, 2018]
To authorize the Commissioner of Social Security to provide confirmation of fraud protection data to certain permitted entities, and for other purposes.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
SEC. 2. Reducing identity fraud.
(a) Purpose.—The purpose of this section is to reduce the prevalence of synthetic identity fraud, which disproportionally affects vulnerable populations, such as minors and recent immigrants, by facilitating the validation by permitted entities of fraud protection data, pursuant to electronically received consumer consent, through use of a database maintained by the Commissioner.
(b) Definitions.—In this section:
(1) COMMISSIONER.—The term “Commissioner” means the Commissioner of the Social Security Administration.
(2) FINANCIAL INSTITUTION.—The term “financial institution” has the meaning given the term in section 509 of the Gramm-Leach-Bliley Act (15 U.S.C. 6809).
(c) Efficiency.—
(1) RELIANCE ON EXISTING METHODS.—The Commissioner shall evaluate the feasibility of making modifications to any database that is in existence as of the date of enactment of this Act or a similar resource such that the database or resource—
(2) EXECUTION.—The Commissioner shall establish a system to carry out subsection (a), in accordance with section 1106 of the Social Security Act. In doing so, the Commissioner shall make the modifications necessary to any database that is in existence as of the date of enactment of this Act or similar resource, or develop a database or similar resource.
(d) Protection of vulnerable consumers.—The database or similar resource described in subsection (c) shall—
(1) compare fraud protection data provided in an inquiry by a permitted entity against such information maintained by the Commissioner in order to confirm (or not confirm) the validity of the information provided, and in such a manner as to deter fraudulent use of the database or similar resource;
(2) be scalable and accommodate reasonably anticipated volumes of verification requests from permitted entities with commercially reasonable uptime and availability; and
(e) Certification required.—Before providing confirmation of fraud protection data to a permitted entity, the Commissioner shall ensure that the Commissioner has a certification from the permitted entity that is dated not more than 2 years before the date on which that confirmation is provided that includes the following declarations:
(3) The entity is, and will remain, in compliance with its privacy and data security requirements, as described in title V of the Gramm-Leach-Bliley Act (15 U.S.C. 6801 et seq.) and as required by the Commissioner, with respect to information the entity receives from the Commissioner pursuant to this section.
(f) Consumer consent.—
(1) IN GENERAL.—Notwithstanding any other provision of law or regulation, a permitted entity may submit a request to the database or similar resource described in subsection (c) only—
(A) pursuant to the written, including electronic, consent received by a permitted entity from the individual who is the subject of the request; and
(B) in connection with any circumstance described in section 604 of the Fair Credit Reporting Act (15 U.S.C. 1681b).
(2) ELECTRONIC CONSENT REQUIREMENTS.—For a permitted entity to use the consent of an individual received electronically pursuant to paragraph (1)(A), the permitted entity must obtain the individual’s electronic signature, as defined in section 106 of the Electronic Signatures in Global and National Commerce Act (15 U.S.C. 7006). Permitted entities must develop and use an electronic signature process in accordance with all Federal laws and requirements as designated by the Commissioner.
(g) Compliance and enforcement.—
(1) AUDITS AND MONITORING.—
(A) IN GENERAL.—The Commissioner—
(i) shall conduct audits and monitoring to—
(ii) may terminate services for any permitted entity that prevents or refuses to allow the Commissioner to carry out the activities described in clause (i) and may terminate or suspend services for any permitted entity as necessary to enforce any violation of this section or of any certification made under this section.
(2) ENFORCEMENT.—
(A) IN GENERAL.—Notwithstanding any other provision of law, including the matter preceding paragraph (1) of section 505(a) of the Gramm-Leach-Bliley Act (15 U.S.C. 6805(a)), any violation of this section and any certification made under this section shall be enforced in accordance with paragraphs (1) through (7) of such section 505(a) by the agencies described in those paragraphs.
(B) RELEVANT INFORMATION.—Upon discovery by the Commissioner of any violation of this section or any certification made under this section, the Commissioner shall forward any relevant information pertaining to that violation to the appropriate agency described in subparagraph (A) for evaluation by the agency for purposes of enforcing this section.
(h) Recovery of costs.—
(1) IN GENERAL.—
(A) IN GENERAL.—Amounts obligated to carry out this section shall be fully recovered from the users of the database or verification system by way of advances, reimbursements, user fees, or other recoveries as determined by the Commissioner. The funds recovered under this paragraph shall be deposited as an offsetting collection to the account providing appropriations for the Social Security Administration, to be used for the administration of this section without fiscal year limitation.
(B) PRICES FIXED BY COMMISSIONER.—The Commissioner shall establish the amount to be paid by the users under this paragraph, including the costs of any services or work performed, such as any appropriate upgrades, maintenance, and associated direct and indirect administrative costs, in support of carrying out the purposes described in this section, by reimbursement or in advance as determined by the Commissioner. The amount of such prices shall be periodically adjusted by the Commissioner to ensure that amounts collected are sufficient to fully offset the cost of the administration of this section.
(2) INITIAL DEVELOPMENT.—The Commissioner shall not begin development of a verification system to carry out this section until the Commissioner determines that amounts equal to at least 50 percent of program start-up costs have been collected under paragraph (1).
(3) EXISTING RESOURCES.—The Commissioner of Social Security may use funds designated for information technology modernization to carry out this section, but in all cases shall be fully reimbursed under paragraph (1)(A).
(4) ANNUAL REPORT.—The Commissioner of Social Security shall annually submit to the Committee on Ways and Means of the House of Representatives and the Committee on Finance of the Senate a report on the amount of indirect costs to the Social Security Administration arising as a result of the implementation of this section.
Union Calendar No. 487 | |||||
| |||||
[Report No. 115–636] | |||||
A BILL | |||||
To authorize the Commissioner of Social Security to provide confirmation of fraud protection data
to certain permitted entities, and for other purposes. | |||||
April 13, 2018 | |||||
Reported with an amendment, committed to the Committee of the Whole House on the State of the
Union, and ordered to be printed |