A-04-07-27112 - Alternate Format

OFFICE OF
THE INSPECTOR GENERAL

SOCIAL SECURITY ADMINISTRATION

CONTROLS FOR ISSUING
SOCIAL SECURITY NUMBER
VERIFICATION PRINTOUTS

December 2007

A-04-07-27112

AUDIT REPORT

Mission

By conducting independent and objective audits, evaluations and investigations, we inspire public confidence in the integrity and security of SSA's programs and operations and protect them against fraud, waste and abuse. We provide timely, useful and reliable information and advice to Administration officials, Congress and the public.

Authority

The Inspector General Act created independent audit and investigative units, called the Office of Inspector General (OIG). The mission of the OIG, as spelled out in the Act, is to:

Conduct and supervise independent and objective audits and investigations relating to agency programs and operations.
Promote economy, effectiveness, and efficiency within the agency.
Prevent and detect fraud, waste, and abuse in agency programs and operations.
Review and make recommendations regarding existing and proposed legislation and regulations relating to agency programs and operations.
Keep the agency head and the Congress fully and currently informed of problems in agency programs and operations.

To ensure objectivity, the IG Act empowers the IG with:

Independence to determine what reviews to perform.
Access to all information necessary for the reviews.
Authority to publish findings and recommendations based on the reviews.

Vision

We strive for continual improvement in SSA's programs, operations and management by proactively seeking new ways to prevent and deter fraud, waste and abuse. We commit to integrity and excellence by supporting an environment that provides a valuable public service while encouraging employee development and retention and fostering diversity and innovation.

MEMORANDUM

Date: December 5, 2007

To: The Commissioner

From: Inspector General

Subject: Controls for Issuing Social Security Number Verification Printouts (A-04-07-27112)

OBJECTIVE

Our objective was to determine whether the Social Security Administration's (SSA) internal controls over the issuance of Social Security Number (SSN) Verification Printouts (SSN Printout) were effective.

BACKGROUND

In compliance with both the Privacy Act of 1974 (Privacy Act) and the Social Security Act, SSA's information disclosure policy dictates that it will protect the privacy of individuals to the fullest extent possible, while also permitting the exchange of information needed to fulfill its administrative and program responsibilities. Notwithstanding some exceptions, Federal law gives individuals the right to access information about themselves that is in SSA's systems of records.

Generally, individuals have access to records maintained by SSA that are retrievable by name, SSN or other personal identifier. Some of the most frequently requested
SSN-related records include the original Application for a Social Security Card (Form SS-5) and the Numident. The Numident is an electronic record of the information contained on an individual's original application for an SSN and subsequent applications for replacement cards. Numident printouts are not issued by SSA field offices. To obtain a Numident printout, an individual must send a written request to SSA's Central Office and pay a $16 fee.
The Numident contains a significant amount of the numberholder's personally identifiable information (for example, name, SSN, date of birth, place of birth, and parents' names). Because SSA was concerned about potential identity theft that could occur if a Numident were obtained by someone with ill intent, in January 2002, SSA began issuing SSN Printouts, which contain the numberholder's name and SSN. See Appendix B for a sample SSN Printout. Although not shown on the example, SSA field offices are required to mark the printouts with a stamp indicating which office issued the document. Additionally, personnel approving the request for an SSN Printout must sign the form before providing it to the requestor.

SSA's Program Operations Manual System (POMS) states, "The Numident and the SSN Verification Printout are NOT official verifications of an SSN." Additionally, the SSN Printout states YOUR SOCIAL SECURITY CARD IS THE OFFICIAL VERIFICATION OF YOUR SOCIAL SECURITY NUMBER. THIS PRINTOUT DOES NOT VERIFY YOUR RIGHT TO WORK IN THE UNITED STATES. PROTECT YOUR SOCIAL SECURITY NUMBER FROM FRAUD AND IDENTITY THEFT. BE CAREFUL WHO YOU SHARE YOUR NUMBER WITH.

Unlike the Social Security card, the SSN Printout contains no significant security features other than the field office stamp and employee signature.
In Fiscal Year (FY) 2006, SSA offices issued about 6.3 million SSN Printouts. See Appendix C for the distribution of SSN Printouts issued by SSA regions. The number of SSN Printouts has significantly increased from FY 2003, the first full year SSA issued them. In FY 2003, SSA issued about 4.6 million, by 2006 the number of SSN Printouts increased by about 1.7 million or 37 percent. See Appendix D for more background information.

To accomplish our objective, we reviewed pertinent sections of Federal laws, regulations and SSA policies and procedures. We also obtained and analyzed a data extract from SSA's Audit Trail System (ATS), which contained some transaction data on SSN Printouts issued in FY 2006. Further, we interviewed officials from 42 SSA field offices (including the 25 that issued the most SSN Printouts in FY 2006), 4 district offices and 4 regional offices to determine (1) their procedures for issuing SSN Printouts and (2) whether they received any management information regarding the SSN Printout workload. Additionally, of the 42 field offices, we visited 21 to observe their procedures for processing SSN Printouts. In total, we observed SSA personnel issuing 72 SSN Printouts. We also interviewed representatives from SSA components involved in the development and implementation of SSN Printout regulations and policies. These components included the Offices of Operations, Income and Security Programs, Systems and General Counsel. See Appendix E for more information on our scope and methodology.
RESULTS OF REVIEW

We believe the Agency's controls for issuing SSN printouts should be strengthened. Although the appearance of a Social Security card and an SSN Printout vary significantly, the critical content of these documents is identical. That is, both documents contain vital information about the numberholder-their name and SSN. We acknowledge that the SSN Printout clearly states the only true proof of one's SSN is the Social Security card. However, our review found that the Printout is treated by some third parties as an equal-or even superior-verification of an individual's SSN. In line with the treatment of these documents, we believe the issuance of SSN Printouts should be afforded the same amount of control and care as the issuance of Social Security cards.

This discrepancy exists in part because the Agency has attempted to comply with the spirit of the Privacy Act and allow individuals access to information about themselves in SSA records-without undue burden on the requestor. However, given the (1) significant increase in requests for these documents in recent years, (2) the
increase in identity theft and (3) the Agency's equally important mandate of protecting numberholders' personally identifiable information, we believe procedures for issuing SSN Printouts should adhere to recently enhanced replacement Social Security card issuance procedures.

For example, we believe the same identity documents presented to obtain a replacement Social Security card should be required to obtain an SSN Printout. Currently, SSA policy allows for the numberholder to provide less probative identity documents (such as, credit cards) to obtain an SSN Printout. Additionally, unlike recently implemented limits on the number of replacement Social Security cards an individual can obtain in a year and lifetime, there are no such limits on SSN Printouts. In fact, we determined that over 55,000 numberholders obtained 3 or more SSN Printouts during FY 2006. Also, we believe systems' capability to capture a request for an SSN Printout similar to a Social Security card application would better ensure procedures are followed and the requestor's identity is established before releasing this sensitive and personally identifiable information.

We also believe SSA should develop and disseminate more management information regarding the SSN Printout workload. Currently, SSA managers have little information to monitor the number of SSN Printouts issued and/or anomalies. For example, better management information may enable responsible SSA personnel to address potential problems such as the large number of printouts issued by certain field offices and numberholders who obtained an excessive number of printouts during an interview/day/year.

Finally, because the demand for SSN Printouts by third parties has increased, we believe SSA must raise awareness among these entities regarding alternate and perhaps more reliable and efficient methods for verifying that an SSN belongs to an individual seeking their services or employment.
PROCEDURES FOR ISSUING SSN PRINTOUTS SHOULD FOLLOW THE IMPROVED REPLACEMENT CARD PROCEDURES

SSA's procedures for issuing an SSN Printout allow numberholders to prove their identity with documents that have limited probative value. In response to the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) and its own efforts to better ensure SSN integrity, SSA revised its policies and procedures for issuing replacement Social Security cards. In particular, SSA:

Increased the identity requirements for obtaining a replacement SSN card. In most situations, numberholders must now present certain valid photo identification documents of high probative value to prove their identity.

Limited the number of replacement Social Security cards an individual can receive to 3 in a year and 10 in a lifetime.

Required that field offices use the SS-5 Assistant to process most SSN applications. See Appendix F for a discussion of the SS-5 Assistant.

However, SSA did not implement similar procedures in the SSN Printout issuance process.

Identity Requirements

Despite increasing identity requirements for an individual to obtain a replacement Social Security card, SSA procedures for issuing SSN Printouts remain relatively unchanged. According to SSA officials, the identity requirements for obtaining an SSN Printout are less restrictive than those for obtaining an SSN card, but are consistent with SSA's disclosure regulations that implement the Privacy Act. Specifically, SSA's policies and procedures for issuing an SSN Printout allow individuals to prove their identity with a "driver's license, credit card, passport, or other identification a person might normally carry." Also, in certain circumstances, individuals can obtain the SSN Printout from a field office without any identity documents. In this situation, the individual is required to answer identifying questions and sign a form SSA-795, Statement of Claimant or Other Person. Finally, numberholders can obtain an SSN Printout by calling SSA or sending a written request. In either of these situations, photograph identification is not required. Numberholders prove their identity by providing identifying information-not identity documents. In contrast, SSA does not take replacement card applications over the phone. Although, SSA accepts replacement SSN card applications via the mail, the numberholder must submit original identity documents that meet SSA requirements. We believe the less restrictive identity requirements for SSN Printouts increase the chance SSA will improperly provide an individual with documentation of personally identifiable information they should not have.

During the course of our audit fieldwork, we observed SSA personnel issuing 72 SSN Printouts at 21 field offices. Of these, SSA personnel issued 13 (18.1 percent) Printouts based on identity documents that would not be acceptable to obtain a replacement Social Security card. In fact, SSA personnel issued 6 (8.3 percent) of the 72 Printouts when the requestor had no identifying documentation. Instead, these individuals answered a series of questions mandated by SSA policy, which are designed to help establish the individual's identity, and then signed form SSA-795 to certify their identity. Given the personally identifiable information contained in these documents, which we believe is equal to that of the Social Security card, we are concerned that almost 20 percent were issued without substantive proof of the requestor's identity.

Multiple SSN Printouts Issued to Numberholders in a Day and Year

In December 2005, in compliance with IRTPA, SSA began limiting the number of replacement Social Security cards a numberholder can obtain to 3 in a year and 10 in a lifetime. As we reported in a September 2001 audit report, Replacement Social Security Number Cards: Opportunities to Reduce the Risk of Improper Attainment and Misuse, the ability to obtain multiple replacement Social Security cards could lead to the sharing of these cards for improper purposes-such as, for employment by noncitizens unauthorized to work in the United States.

We are equally concerned about the ability of numberholders to obtain multiple SSN Printouts in a day, year and lifetime and believe that the ability to do so may negate the limits on replacement cards. We recognize the Privacy Act requires that SSA give access to information it holds in its systems of records to the numberholder. However, we believe SSA should establish an acceptable number of SSN Printouts an individual may obtain in a day, year or lifetime and require specific management approval for requests exceeding that number. During our audit and after discussions with Agency personnel regarding our data analysis, SSA revised its policy to state that generally SSA personnel should not issue more than one SSN Printout to a requestor in the same interview/same day. However, the Agency has not incorporated any system controls to preclude such occurrences.

Our analysis of the FY 2006 ATS data determined that some numberholders obtained multiple SSN Printouts during the year, and others received multiple printouts in a day. Table 1 provides details on numberholders who received three or more SSN Printouts in FY 2006.

Table 1: Numberholders Received Multiple SSN Printouts During FY 2006
SSN Printouts Received Numberholders
Day Year
3 7,269 45,214
4 1,447 7,280
5 527 1,747
6 to 9 511 1,068
10 or more 36 77
Total 9,790 55,386

We asked SSA personnel in field offices, district and regional offices and other knowledgeable components if they could provide any explanations why someone would need multiple SSN Printouts in a day or as many as 10 in a year. Most commonly, they speculated that numberholders may have requested copies for multiple third parties or computer printing problems occurred (that is, the printer did not actually print copies of the documents, but the system registered a count each time the user tried). Additionally, some pointed out that our audit period included the period following Hurricane Katrina, during which SSN Printouts were provided to numberholders so they could replace other identity documents (such as, a driver's license).

SSA examined the 77 occurrences in which numberholders were issued 10 or more SSN Printouts during FY 2006. SSA determined that the SSN Printouts were not improperly issued. Specifically, the Agency found that many of the numberholders had unusual circumstances that required multiple SSN Printouts, and, in other cases, the multiple SSNs Printouts were associated with staff training. Although the SSN Printouts were not involved in any improper action, we believe proactive integrity reviews of instances in which the number and frequency of SSN Printouts appear unusual would further improve controls.

SSN Printout Issuance Process

Currently, SSA personnel issue SSN printouts through a print query of the Numident file. No record of the applicant's identity document(s) is established. For replacement Social Security cards, field office staff is required to process applications through the SS-5 Assistant. (See Appendix F for additional information on the SS-5 Assistant.) To complete the application, field office staff must record in the SS-5 Assistant the type of identity document presented, the document's identification number and other pertinent information. We believe SSA should implement a similar system to process and record requests for SSN Printouts. Such a system will better ensure that SSA personnel follow required procedures and establish the requestor's identity before releasing this sensitive and personally identifiable information.

We recognize SSA does not issue as many SSN Printouts in a year as it does replacement cards. Nevertheless, we believe the number of SSN Printouts issued is significant. Since 2004, the number of SSN Printouts issued has averaged close to 6 million per year, while the number of replacement cards averaged about 12 million per year. Table 2 details the number of SSN Printouts and replacement cards issued since 2004.

Table 2: Replacement Cards and SSN Printouts
Issued Since 2004
Fiscal Year Number of Replacement
SSN Cards Number of SSN Verification Printouts
2004 12,364,771 5,304,052
2005 12,078,921 5,621,500
2006 11,575,697 6,336,750

SSN Printouts are often issued in conjunction with a replacement card application. In processing a replacement Social Security card application, SSA personnel must view and record data from established identify documents. Accordingly, in these instances, SSA has the information recorded in SS-5 Assistant for the replacement card application, which would apply to the request for an SSN Printout. However, the SS-5 Assistant does not currently have the functionality to document the same information when only an SSN Printout is requested. Additionally, the SS-5 Assistant does not capture when an SSN Printout is issued as part of a replacement card application.

MANAGEMENT INFORMATION IS NEEDED TO BETTER MONITOR THE SSN PRINTOUT WORKLOAD

SSA does not have procedures in place to share relevant SSN Printout management information with responsible personnel. As a result, managers at the field, district, and regional offices did not have necessary data to address any potential problems with this workload-such as, excessive issuance of these documents by a particular field office or to a specific numberholder. SSA's systems did capture some data on the SSN
Printout workload through ATS. However, this information was limited to the following elements for each request:

SSN,
date issued,
office code where originated, and
employee number of the SSA staff that initiated the action.

SSA did not compile or disseminate these data to responsible Agency managers. As a result, responsible personnel could not analyze trends or anomalies in the SSN Printout workload. For example, the managers we spoke with were not aware that, during FY 2006, almost 10,000 numberholders obtained more than 3 SSN Printouts in a single day, and over 55,000 obtained more than 3 SSN Printouts throughout the year. Had this information been available earlier, the Agency could have performed a more timely investigation of any egregious cases.

We also found that certain field offices issued a high volume of SSN printouts. Analysis of the ATS data disclosed that 25 (1.8 percent) of SSA's 1338 field offices issued about 700,000 (11 percent) of the 6.3 million SSN Printouts in FY 2006. We believe office size and visitor traffic were not the only factors that explain why these offices issued a high number of SSN printouts. For example, some managers we spoke with acknowledged that personnel in their field offices generally asked every applicant for a replacement Social Security card whether they needed immediate proof of their SSN-via an SSN Printout. This practice did not comply with SSA policies and procedures. A comparison of the number of SSN Printouts issued to the number of replacement Social Security cards issued for the top 25 field offices disclosed that

11 offices processed more SSN Printout requests than replacement Social Security card applications, and

7 offices processed about the same number of SSN Printout requests as replacement Social Security card applications.

See Appendix G for detailed information on the 25 field offices that issued the most SSN Printouts in FY 2006.

We believe reliable management information for SSN printouts would help SSA ensure the proper issuance of these documents. Almost all of the SSA managers interviewed, responded that some SSN Printout information for their offices would be helpful. Additionally, most managers indicated that timely information about unusual situations such as an excessive number of SSN Printouts issued to one individual in a day or year would enable them to be more proactive in preventing potential SSN misuse.

DEMAND FOR THE SSN PRINTOUT HAS INCREASED

For the 4-year period October 2002 through September 2006, the number of SSN Printouts increased in each consecutive FY. From FY 2003 to FY 2006, the number of SSN Printouts issued increased by 37.2 percent. Table 3 details the number of SSN Printouts issued in the last 4 FYs.

TABLE 3: 4-Year History of SSN Printouts
Fiscal Year SSN Verification Printouts Increase from previous year Percentage Increase from Previous Year
2003 4,618,180 -- --
2004 5,304,052 685,872 14.9
2005 5,621,500 317,448 6.0
2006 6,336,750 715,250 12.7

Many of the management officials interviewed explained that the high volume of SSN Printouts issued, and the growth in these numbers has been driven by third parties who want the document to verify an individual's SSN. Our observations seem to confirm this belief. We observed the issuance of 72 SSN Printouts and learned that the numberholders requested the document for various reasons, as detailed in Table 4.

TABLE 4: Reasons Why SSN Printouts Were Requested
Reason For SSN Printout Requests SSN Printouts Percent
Employer 24 33.3
State Department of Motor Vehicles 16 22.2
State Social Service Agencies 12 16.7
Other Third Parties (such as tax preparers) 15 20.8
Personal Use 5 7.0
Total 72 100

As confirmed by our observations, field office managers with whom we spoke stated that employers and State Departments of Motor Vehicles (DMV) are the third parties that most frequently ask numberholders to obtain SSN Printouts. DMVs and employers know the SSN Printout provides a fast and reliable method for verifying an SSN and requires little effort on their part. In some cases, it appears these entities prefer the SSN Printout over SSN verification services offered by SSA. In fact, most State DMVs already use the Social Security On-Line Verification (SSOLV) service, which compares an individual's name and SSN with SSA data-and provides real-time feedback. Table 5 details some of the SSN verification services SSA provides to employers, DMVs and, in some instances, State agencies.

Table 5: Some of SSA's SSN Verification Services
Service Users Method of Verification
Employee Verification Service Employers
and State Benefit Agencies Telephone, fax, written request via mail, or magnetic tape. Employer must register with SSA when requests exceed 50 SSNs or magnetic tape is used.

Social Security Number Verification Service Employers On-line verification only. Employer must register with SSA to obtain an activation code, personal identification number and password E-Verify Employers On-line verification. Employer must register for program with the Department of Homeland Security. E-Verify also provides information to the employer regarding the employee's work authorization status in the United States.
SSOLV State DMVs On-line only. Users enter SSNs to be verified on SSA website.

Although SSA's overall position is that the Social Security card is the only official paper verification of the SSN, in practicality the SSN Printout is used for just this purpose. In fact, SSA policies and procedures state that the SSN Printout can be used for SSN verification purposes. Further, the document includes the language "Social Security Number Verification" and "Our Records Indicate that the Social Security Number (000-00-000) is Assigned to (numberholder name)." Accordingly, there appears to be contradictory policy regarding the purposes and value of the SSN Printout in SSA's own guidelines. Until such time as SSA clarifies its policies and, perhaps revises the language on the SSN Printout, we believe third parties will continue to rely on this document as official verification of an individual's SSN.

Additionally, to address the increased demand for these documents by third parties, we believe SSA should undertake an aggressive outreach program that informs employers of the ease and usefulness of SSN verification services. This outreach should extend to State DMVs, which should be encouraged to verify SSNs through SSA's on-line services rather than the SSN Printout.

CONCLUSION AND RECOMMENDATIONS

Because the SSN Printout contains sensitive personally identifiable information about numberholders and could be misused, we believe SSA's policies and procedures for the issuance of these documents should be strengthened. Specifically, SSA should require that individuals who request SSN Printouts provide the same identity documents required for replacement Social Security card applications. Further, SSA should establish an acceptable number of SSN Printouts an individual may obtain in a day, year or lifetime and require management approval for requests exceeding that number.

We also believe SSA should consider developing a system similar to the SS-5 Assistant (or its successor) to provide an application process for SSN Printouts so (1) a record of the applicant's identity document(s) is recorded and maintained and (2) SSA can be assured that personnel follow all policy requirements for issuing the printout. We also believe SSA should provide better management information to those responsible for this workload. Finally, given the increased demand for SSN Printouts by third parties, we believe SSA should undertake an extensive outreach program to better inform these entities of the ease and usefulness of already established SSN verification services.

We recommend SSA:

1. Revise the applicable Federal regulation and SSA policies governing individuals' right to access their personal information maintained in the Agency's system of records. Specifically, we believe these individuals should be required to present the same type of identity documents as replacement Social Security card applicants.

2. Establish an acceptable number of SSN Printouts an individual may obtain in a day, year or lifetime, and require specific management approval for requests exceeding that number.

3. Establish procedures to perform routine integrity reviews of anomalies involving the issuance of SSN Printouts. Any cases involving potential SSN misuse should be referred to the Office of the Inspector General.

4. Consider developing a system or application similar to the SS-5 Assistant to document and track actions taken to issue an SSN Printout.

5. Develop and disseminate management information for the SSN Printout workload to responsible SSA personnel. At a minimum, the information should enable managers to identify anomalies in the number of SSN Printouts issued by field offices and to numberholders.

6. Clarify SSA policies and the SSN Printout language to consistently communicate the Agency's official position as to whether the document is valid for SSN verification purposes.

7. Extend outreach to employers, DMVs and other third parties in areas where the demand for SSN Printouts is high to raise the awareness that SSA offers verification services.

8. Issue a reminder to field office staff that SSN Printouts should only be issued when the numberholder expresses an immediate need for a verification of the SSN.

AGENCY COMMENTS

SSA agreed with Recommendations 4, 6 and 7, and partially agreed with Recommendations 1, 2, 3 and 5. SSA disagreed with Recommendation 8. A summary of the Agency's responses for Recommendations 1, 2, 3, 5 and 8 follows. See Appendix H for the full text of SSA's comments.

Regarding Recommendation 1, which suggested that individuals requesting SSN printouts should be required to present the same type of identity documents as those applying for replacement Social Security cards and that the Federal Regulation should be revised to reflect these revised requirements. In its response, SSA states that its current policies for verifying identity are sufficient and provide individuals access to their records as required by the Privacy Act guidelines. However, the Agency acknowledged the risk of identity theft associated with disclosing the SSN. Accordingly, SSA stated it will evaluate the effectiveness of improved controls planned for FY 2008 and assess current regulatory requirements to determine whether any regulatory changes are needed to increase identity requirements for issuing SSN Printouts.

SSA partially agreed with Recommendation 2, in which we suggested the Agency should establish an acceptable number of SSN Printouts an individual may obtain in a day, year or lifetime and require specific management approval for requests exceeding those numbers. The Agency cited the Privacy Act-stating that the Act establishes an individual's right of access to records maintained by Federal agencies without limiting the number of times those records can be requested. However, in its response, SSA acknowledged the need to balance the responsibility for protecting SSNs with the obligation of providing individuals access to personal information. Accordingly, SSA agreed to assess how limiting the number of SSN Printouts individuals can obtain impacts their Privacy Act rights.

SSA partially agreed with Recommendation 3, which suggested that it perform routine integrity reviews of anomalies involving the issuance of SSN printouts. SSA stated that this action will be completed through the new Web based Comprehensive Integrity Review Process (CIRP), which is scheduled for implementation in FY 2008. As such, the Agency will not establish special procedures to review SSN Printout anomalies.

SSA partially agreed with Recommendation 5, in which we suggested the Agency develop and disseminate information for the SSN Printout workload to responsible SSA personnel. Again, the Agency stated that the new version of CIRP will make certain
SSN Printout information available to managers. However, the Agency stated that it did not believe multiple printouts alone are indicators of possible fraud, abuse or misuse.

Finally, the Agency disagreed with Recommendation 8 in which we suggested SSA issue a reminder to field office staff that SSN Printouts should only be issued when the numberholder expresses an immediate need for a verification of the SSN. SSA stated that current policy does not dictate that the numberholder express an "immediate need" for this information. Once again, the Agency cited Privacy Act provisions, which protect an individual's right to access his or her record. Additionally, the Agency stated the Office of Management and Budget's (OMB) Privacy Act guidelines indicate that the granting of access may not be conditioned upon any requirement to state a reason or otherwise justify the need to gain access to a particular record.

OIG RESPONSE

While we agree with and respect individuals' rights to access records Federal agencies maintain about them, we believe SSA and other Federal agencies have an equally paramount responsibility to protect the information they house on individuals. In fact, OMB recently issued a memorandum to the heads of Federal departments and agencies on how to best safeguard personally identifiable information. In general, the memorandum requires Federal agencies to implement additional controls to safeguard this data. We understand the Privacy Act guidelines are designed to ensure individuals are not unduly burdened when seeking information about themselves from Federal agencies-and it is not our intent to place unreasonable restrictions on this process. However, we believe SSA should consider the need for legally permissible revisions in its implementation of the Privacy Act and other governing guidance in light of the unprecedented growth in identity-related crimes and the obligation of Federal agencies to protect personally identifiable information, such as information contained on SSN Printouts.

As the issuer and keeper of hundreds of millions of SSNs and related records, we believe SSA should be the standard bearer in establishing controls that protect this information. Currently, we do not believe the Agency's controls over SSN Printout issuance provide sufficient protection of this personal information. Specifically, we are concerned that SSA's procedures do not always ensure the person obtaining the SSN Printout is the numberholder. In its response to our recommendations, SSA indicated it will further evaluate the need to strengthen controls over the SSN Printout workload and determine whether changes to privacy related regulations are needed.

We are encouraged SSA is working to improve the integrity of the SSN. However, SSA only partially agreed with four of our recommendations and disagreed with one. Our concerns with SSA's response to these five recommendations are discussed below.

Regarding Recommendation 1, we are pleased that SSA plans to evaluate possible regulatory changes to strengthen the identity requirements for SSN Printouts. In FY 2006, SSA issued over 6 million SSN Printouts, which contained the same personally
identifiable information as Social Security cards. The OIG certainly understands and fully respects the importance of the Privacy Act. However, given the number of SSN Printouts issued in FY 2006 and the risk associated with disclosing an SSN, we do not believe it is unduly burdensome to require that an individual provide the same type of identity documents to obtain an SSN printout as is required for a replacement Social Security card.

As to Recommendation 2, we are encouraged that SSA is going to consider how limiting the number of SSN printouts an individual can obtain impacts their right to information under the Privacy Act. We acknowledge that the Agency found no fraud or abuse in the cases it reviewed in which individuals obtained 10 or more SSN Printouts in FY 2006. However, the absence of fraud should not dissuade the Agency from addressing known vulnerabilities. We believe the potential an individual could improperly obtain an SSN Printout and use it to assume the true numberholder's identity should be sufficient incentive for the Agency to implement our recommendation-especially given that it issues millions of these documents every year.

Regarding Recommendations 3 and 5, we are pleased that CIRP will provide additional information to managers regarding the SSN Printout workload. However, we understand that this information will be limited. That is, CIRP will identify SSN Printouts issued, but regional or field office managers will have to download the information and perform their own analyses to identify trends such as an individual obtaining multiple Printouts in a given time period-especially, if they obtain these printouts at various field offices. Additionally, we understand that no aggregate figures will be provided to field office or regional managers showing the total number of SSN Printouts issued by their office(s) each month (or year). Rather, the managers will have to ascertain (or calculate) these figures from the CIRP reports. We believe such information would assist managers in identifying trends such as offices issuing an exceptionally high number of Printouts. Accordingly, we encourage SSA to consider developing and disseminating additional management information, which the managers do not have to analyze and calculate themselves.

Finally, with regard to Recommendation 8, we acknowledge that SSA policy does not specifically require that the individual who requests an SSN Printout cite an "immediate need" for SSN verification before the document is provided. Nevertheless, the policy does state that SSN Printouts should only be provided when expressly requested by the numberholder. Additionally, the policy requires that SSA personnel explain that the Social Security card is the official verification of an individual's SSN and encourage
requestors to apply for a replacement Social Security card, if necessary. Our intent was for SSA to remind field office personnel that they should not offer every applicant for a replacement Social Security card an SSN Printout nor should they provide the SSN Printout as a form of receipt after an SSN application is processed. Based on the large volume of SSN Printouts issued by some offices, we believe some form of reminder or training is warranted to reiterate the circumstances under which these documents should be offered and provided.

Patrick P. O'Carroll, Jr.

Appendices
APPENDIX A - Acronyms
APPENDIX B - Example of a Social Security Number Verification Printout
APPENDIX C - Social Security Number Verification Printouts by Region
APPENDIX D - Background
APPENDIX E - Scope and Methodology
APPENDIX F - The SS-5 Assistant
APPENDIX G - Twenty-five Field Offices That Issued the Most Social Security Number Verification Printouts
APPENDIX H - Agency Comments
APPENDIX I - OIG Contacts and Staff Acknowledgments

Appendix A
Acronyms
ATS Audit Trail System
C.F.R. Code of Federal Regulations
CIRP Comprehensive Integrity Review Process
DMV Department of Motor Vehicles
EEVS Employment Eligibility Verification System
EVS Employee Verification Service
FY Fiscal Year
IRTPA Intelligence Reform and Terrorism Prevention Act of 2004
OMB Office of Management and Budget
POMS Program Operations Manual System
SSA Social Security Administration
SSN Social Security Number
SSN Printout SSN Verification Printout
SSNAP Social Security Number Application Process
SSOLV Social Security On-Line Verification

Forms
SS-5 Application for a Social Security Card
SSA-795 Statement of Claimant or Other Person

Appendix B
Example of a Social Security Number Verification Printout
NUMI DTE: 01/10/07 SSN: 000-00-0000 XC: UNIT: OIG PG: 001

SOCIAL SECURITY ADMINISTRATION
SOCIAL SECURITY NUMBER VERIFICATION

OUR RECORDS INDICATE THAT SOCIAL SECURITY NUMBER 000-00-0000 IS
ASSIGNED TO JOHN, DOE, JR.

YOUR SOCIAL SECURITY CARD IS THE OFFICIAL VERIFICATION OF YOUR SOCIAL SECURITY NUMBER. THIS PRINTOUT DOES NOT VERIFY YOUR RIGHT TO WORK IN THE UNITED STATES. PROTECT YOUR SOCIAL SECURITY NUMBER FROM FRAUD AND IDENTITY THEFT. BE CAREFUL WHO YOU SHARE YOUR NUMBER WITH.

Appendix C
Social Security Number Verification Printouts by Region
Region State SSN Printouts Region State SSN Printouts
1 Massachusetts 73,084 6 Texas 735,684
Connecticut 17,690 Louisiana 189,933
Rhode Island 17,353 Arkansas 68,500
New Hampshire 10,915 Oklahoma 49,371
Maine 8,615 New Mexico 45,395
Vermont 5,884 Total 1,088,883 Total 133,541
2 New York 186,539 7 Missouri 191,212
New Jersey 115,890 Kansas 49,484
Puerto Rico 55,144 Iowa 9,578
Virgin Islands 1,973 Nebraska 7,574
Total 359,546 Total 257,848
3 Pennsylvania 196,976 8 Colorado 68,436
Virginia 96,894 Utah 27,180
Maryland 53,675 Montana 11,984
District of Columbia 43,574 South Dakota 5,337
Delaware 19,165 North Dakota 4,878
West Virginia 19,093 Wyoming 4,790
Total 429,377
Total 122,6054 Florida 441,299 9 California 655,336
Georgia 249,903 Arizona 105,737
North Carolina 211,811 Nevada 84,400
Alabama 164,393 Hawaii 17,565
Tennessee 148,249 American Soma 4,230
South Carolina 126,858 Guam 3,070
Mississippi 123,112 Saipan 873
Kentucky 106,758 Total 871,211 Total 1,572,383 10 Washington 77,577
5 Ohio 520,398 Oregon 29,433
Illinois 329,399 Alaska 13,112
Indiana 200,642 Idaho 9,869
Michigan 189,588 Total 129,991 Wisconsin 94,683 Total of Regions 6,328,824
Minnesota 28,729 Other SSA Components 7,926
Total 1,363,439
Total SSN Printouts 6,336,750

Appendix D
Background

In compliance with both the Privacy Act of 1974 and the Social Security Act, the Social Security Administration's (SSA) information disclosure policy dictates that it will protect the privacy of individuals to the fullest extent possible, while also permitting the exchange of information needed to fulfill its administrative and program responsibilities. Notwithstanding some exceptions, Federal law gives individuals the right to access information about themselves that are in SSA's systems of records.

Generally, individuals have access to records maintained by a Federal agency that are retrievable by name, Social Security number (SSN), or other personal identifier. Some of the most frequently requested SSN-related records include the original Application for a Social Security Card (Form SS-5) and the Numident. The Numident is an electronic record of the information contained on an individual's original application for an SSN and subsequent applications for replacement cards. To obtain a Numident, an individual must send a written request to SSA's Central Office and pay a $16 fee.

WHAT IS AN SSN VERIFICATION PRINTOUT?

Numidents contain a significant amount of personally identifiable information about the numberholder (for example, name, SSN, date of birth, place of birth, and parents' names). Because SSA was concerned with potential identity theft that could occur if a Numident were obtained by someone with ill intent, in January 2002, SSA began issuing the SSN Printout, which contains the numberholder's name and SSN. See Appendix B for a sample SSN Printout. Although not shown on the example, SSA field offices are required to mark the printouts with a stamp indicating which office issued the document. Additionally, personnel approving the request for an SSN Printout must sign the form before providing it to the requestor.

SSA's Program Operations Manual System (POMS) states, "The Numident and the SSN Verification Printout are NOT official verifications of an SSN." Additionally, the SSN printout states, YOUR SOCIAL SECURITY CARD IS THE OFFICIAL VERIFICATION OF YOUR SOCIAL SECURITY NUMBER. THIS PRINTOUT DOES NOT VERIFY YOUR RIGHT TO WORK IN THE UNITED STATES. PROTECT YOUR SOCIAL SECURITY NUMBER FROM FRAUD AND IDENTITY THEFT. BE CAREFUL WHO YOU SHARE YOUR NUMBER WITH.
Unlike the Social Security card, the SSN Printout contains no significant security features other than the field office stamp and employee signature.

In Fiscal Year (FY) 2006, SSA offices issued about 6.3 million SSN Printouts. See Appendix C for the distribution of SSN Printouts issued by SSA Regions. The number of SSN Printouts has significantly increased from FY 2003, the first full year when SSA issued them. In FY 2003, SSA issued about 4.6 million, by 2006 the number of SSN Printouts increased by about 1.7 million or 37 percent.

WHY DO INDIVIDUALS REQUEST SSN PRINTOUTS?

SSN numberholders and third parties request SSN Printouts for a number of reasons-
and, as more entities and numberholders become aware of these documents, the demand for them appears to increase. The following are among the reasons we learned SSN Printouts are issued.

Applicants for replacement Social Security cards do not want to wait the approximate 10 days required to receive the new card in the mail. Rather, they request proof of their SSNs immediately-often to provide it to a third party.

Some third parties, such as State Departments of Motor Vehicles (DMV), employers, tax preparers, and benefit agencies, require proof of an individual's SSN before providing the applicable service or employment. We learned that some of these entities know SSA field offices will issue the SSN Printouts immediately and encourage numberholders to obtain them. Despite the existence of other SSN verification services (for example, SSA's Employee Verification Service for Registered Employers, the SSN Verification Service and the Social Security On-Line Verification program provided to DMVs), we learned that some third parties prefer the stamped SSN Printout for verification of a numberholder's SSN.

Based on our audit, it appears that some numberholder's do not request SSN Printouts but are offered them by field offices. Some SSA offices routinely ask most replacement Social Security card applicants whether they would like an SSN Printout and, when prompted, many of the numberholders respond affirmatively. While this practice seems to be the exception rather than the norm, it does provide some perspective regarding the disparity between the large number of SSN Printouts some SSA field offices issue versus the much smaller number that the majority of the SSA offices issue.

HOW DO NUMBER HOLDERS OBTAIN AN SSN PRINTOUT?

Numberholders may obtain SSN Printouts by (1) visiting their local SSA field office, (2) mailing a written request or (3) calling SSA. In each situation, the numberholder must prove his/her identity. Table 1 details SSA's policy regarding how a numberholder must prove his/her identity when requesting an SSN printout.

TABLE 1: How Numberholders Prove Their Identity
SSN Printout is Requested at a Field Office
Numberholder should provide a driver's license, credit card, passport, or another identification document that a person might normally carry.
If the numberholder has no identification, the individual should sign a statement that certifies their identity.
SSN Printout is Requested by Mail
Numberholder should send a written request that provides his/her name, address and SSN; along with a notarized statement of identity.
SSN Printout is Requested by Telephone
Numberholder should provide his/her name, SSN, address, date of birth, place of birth, and at least one other item of information available in SSA's records.

Before issuing an SSN Printout, field office staff is required to explain to the numberholder that the Social Security card, not the SSN Printout, is the only official verification of the SSN. In addition, if field office staff knows the applicant's SSN card was lost, staff should encourage the numberholder to complete a replacement card application. However, if the numberholder wants only the SSN Printout, the office must issue it, provided the individual's identity can be established. To issue the printout, SSA employees need only query SSA's Numident file with the applicant's SSN, and select "Yes" at the system prompt asking whether an SSN Printout is desired.

Appendix E
Scope and Methodology

To accomplish our objective, we performed the following steps.
Reviewed pertinent sections of Federal laws, regulations and the Social Security Administration's (SSA) policies and procedures.
Reviewed Office of the Inspector General reports and other relevant documents.
Obtained a data extract from SSA's Audit Trail System (ATS) that contained detailed information on all SSN Verification Printouts (SSN Printouts) issued in Fiscal Year (FY) 2006.
Analyzed the ATS data to determine the
¢ total SSN Printouts issued,
¢ total numberholders who received an SSN Printout,
¢ distribution of SSN Printouts by SSA field office and region,
¢ 25 field offices that issued the most SSN Printouts, and
¢ total SSN Printouts received by SSN - in a day and year.

Interviewed officials from 42 SSA field offices (including the 25 that issued the most SSN Printouts in FY 2006), 4 district offices and 4 regional offices to determine (1) their procedures for issuing SSN Printouts and (2) whether they received any management information regarding the SSN Printout workload.

Visited 21 of the 42 field offices we interviewed to observe their procedures for processing SSN Printouts. In total, we observed SSA personnel issuing 72 SSN Printouts. The SSN Printouts observed were not randomly selected.

Interviewed representatives from SSA components involved in the development and implementation of SSN Printout regulations and policies. These components included the Offices of Operations, Income and Security Programs, Systems and General Counsel.

Our review of internal controls was limited to obtaining an understanding of SSA's procedures and controls for issuing SSN Printouts. For our analysis, we generally relied upon data from SSA's ATS. We determined that this data was sufficiently reliable to satisfy our audit objectives. The SSA entities audited were the Offices of Operations, Income and Security Programs, and General Counsel. We conducted the audit between November 2006 through May 2007 in Atlanta, Georgia, and Baltimore Maryland. We conducted this performance audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Appendix F
The SS-5 Assistant

In March 2005, the Social Security Administration (SSA) began requiring that its field offices use the SS-5 Assistant to process most Social Security number (SSN) applications. The purpose of the SS-5 Assistant was to increase the controls over the SSN application process and improve the quality of data used to assign SSNs. The SS-5 Assistant, a Microsoft Access-based application, guides field office personnel in processing SSN applications by providing structured interview questions and requiring certain identity data to complete the application process.

When field office staff process a replacement card application through the SS-5 Assistant, a record of the applicant's identity document(s) is established. For example, field office staff record in the SS-5 Assistant the type of document presented (for example, a driver's license), the document's identification number, and other pertinent information. Also, when the application is cleared for processing, the SS-5 Assistant updates the Modernized Enumeration System (MES) to reflect the SSN card action. In contrast, when field office staff completes a Social Security Number Verification Printout (SSN Printout) action, only a print function within the Numident query is executed. As a result, no record of the identity documents is established and no record is established on the Numident that a printout was issued.

At the time of our audit, field offices processed most replacement card applications through the SS-5 assistant. However, no path was available within the SS-5 assistant to document whether an SSN Printout was issued in conjunction with a successful replacement card application. If such a path was available, field office personnel's response to a query could also be structured to print an SSN Printout when requested by the numberholder. Because a majority (about 73 percent) of the SSN Printouts are issued in conjunction with replacement card applications, this modified path within the SS-5 Assistant would increase the controls over most SSN Printouts.

The SS-5 Assistant would have to be further modified to account for situations where individuals obtain an SSN Printout absent a replacement card application. The
SS-5 Assistant would need a path for tracking the identity document(s) presented by the numberholder.

SSA is in the Planning and Analysis phase of developing the Social Security Number Application Process (SSNAP), an automated SSN assignment system that will replace the SS-5 Assistant and MES. The Agency is determining the user requirements for SSNAP and plans to implement this system within the next 2 years. Accordingly, any recommendations we make in this report will address considerations we believe should be given to the new system design.

Appendix G
Twenty-five Field Offices That Issued the Most Social Security Number Verification Printouts

Field
Office
Location Social Security Number
Printouts
Issued
Replacement Cards
Issued Percent of
Printouts to Replacement Cards
1 Las Vegas, Nevada 55,475 74,840 74.12 Dallas (North), Texas 41,396 41,061 100.8
3 San Antonio, Texas 38,308 29,261 130.9
4 Houston (Southwest), Texas 35,707 41,282 86.5
5 Cincinnati (Downtown), Ohio 35,133 21,954 160.0
6 Grand Prairie, Texas 31,546 32,670 96.6
7 Columbus, Ohio 30,427 19,562 155.5
8 Houston (Southeast), Texas 29,761 26,799 111.1
9 Brooklyn, New York 26,404 78,973 33.4
10 Dallas (Fair Park), Texas 25,967 19,151 135.6
11 Fort Worth, Texas 25,407 30,582 83.1
12 Pasadena, Texas 25,373 27,420 92.5
13 Reno, Texas 25,241 27,641 91.3
14 El Paso, Texas 24,855 23,762 104.6
15 Mesa, Arizona 23,781 37,730 63.0
16 Balch Spring, Texas 22,467 21,651 103.8
17 Houston (Northeast), Texas 22,360 26,910 83.1
18 Nashville, Tennessee 22,278 23,869 93.3
19 Birmingham, Alabama 22,062 23,638 93.3
20 Terrytown, Louisiana 21,886 19,974 109.6
21 Albuquerque, New Mexico 21,847 37,800 57.8
22 Baton Rouge, Louisiana 21,376 23,538 90.8
23 Cincinnati (North), Ohio 21,375 19,983 107.0
24 Jackson, Mississippi 21,312 23,631 90.2
25 Melbourne, Florida 21,254 20,579 103.3

Appendix H
Agency Comments

MEMORANDUM

Date: October 25, 2007

To: James A. Kissko
Deputy Inspector General

From: David V. Foster /s/ (David Rust for David Foster)
Chief of Staff

Subject: Revised Comments on the Office of the Inspector General (OIG) Draft Report, "Controls for Issuing Social Security Number Verification Printouts" (A-04-07-27112)--INFORMATION

Thank you for the opportunity to review and revise our comments on the draft report. As noted in our initial comments, we agree that it is important to protect the integrity of the Social Security number (SSN) and the enumeration process while at the same time ensuring that people have appropriate access to information that would be necessary to gain employment and other services where the SSN is deemed essential.

For recommendations 1 and 2, we have considered your concerns and revised our response from disagree to partially agree. We continue to believe that what OIG is recommending is inconsistent with applicable Privacy Act and Personally Identifiable Information disclosure policies. However, we acknowledge the threat of identity theft, and agree to evaluate the effectiveness of improved controls to be implemented and will evaluate the current regulatory requirements to determine what additional regulatory or non-regulatory measures may be used to make disclosure of SSN printouts less vulnerable while ensuring that individuals' Privacy Act rights are not violated.

For recommendation 4, we revised the response to agree that it is important to track actions taken to issue an SSN Printout. We reaffirm our initial comments that stated: 1) we currently have systems in place to obtain that data through the Audit Trail System; 2) by late fiscal year 2008 these actions will be captured through the Web based CIRP which will track both Numidents and NUMI Lites (SSN Printouts); and 3) the Integrity Review Handbook contains instructions on the review and certification of potential fraud or abuse cases. Our POMS GN 04100 contains additional procedures for referral of cases to OIG.

Please let me know if we can be of further assistance. Staff inquiries may be directed to Ms. Candace Skurnik, Director, Audit Management and Liaison Staff, at extension (410) 965-4636.

Attachment:
Revised SSA Comments

REVISED COMMENTS ON THE OFFICE OF THE INSPECTOR GENERAL (OIG) DRAFT REPORT, "CONTROLS FOR ISSUING SOCIAL SECURITY NUMBER VERIFICATION PRINTOUTS" (A-04-07-27112)

Thank you for the opportunity to review and comment on the draft report. We agree that it is important to protect the integrity of the Social Security number (SSN) and the enumeration process while at the same time ensuring that people have appropriate access to information that would be necessary to gain employment and other services where the SSN is deemed essential. We also agree that there should be controls in place to ensure that the SSN Verification Printouts (SSN Printout) are not misused. However, any such procedures must comply with SSA's, the Office of Management and Budget's (OMB) and other applicable Privacy Act and disclosure guidelines. The procedures must also provide flexibility for individuals who need immediate SSN documentation, but cannot provide the required evidentiary documents due to circumstances beyond their control (i.e., victims of natural and unnatural disasters). Specific examples of situations where we have experienced a large number of requests include displaced individuals as a result of Hurricane Katrina and the September 11, 2001 terrorist attacks.

Our responses to the specific recommendations are provided below.

Recommendation 1

Revise applicable Federal regulation and SSA policy governing individuals' right to access their personal information maintained in the Agency's system of records. Specifically, we believe these individuals should be required to present the same type of identity documents as replacement Social Security card applicants.

Response

We partially agree. We believe that the applicable regulation (20 CFR 401.45) and policies for verifying identity are sufficient and establish requirements consistent with OMB Privacy Act Guidelines for providing individuals access to their records. These guidelines indicate that identity requirements should be kept to a minimum and ensure an individual is not granted improper access to records pertaining to another person. The guidelines also state that identity requirements should not unduly impede the individual's right to access. Imposing additional requirements for establishing identity may hinder the individual's legitimate right of access to his/her records and create an unnecessary workload for employees who receive these requests. Nevertheless, we acknowledge the threat of identity theft, and agree to evaluate the effectiveness of improved controls to be implemented and will evaluate the current regulatory requirements to determine what additional regulatory or non-regulatory measures may be used to make disclosure of SSN printouts less vulnerable while ensuring that individuals' Privacy Act rights are not violated.

Current Program and Operations Manual System (POMS) instructions are very clear regarding the purpose of the SSN card compared to the SSN Printout. While the documents needed for identity purposes are not as stringent for an SSN Printout, the Numident does contain special indicator codes alerting personnel to verify identity. These special indicator codes may also prevent an SSN Printout from printing. Refer to RM 00202.320.F. Procedure - SSN Verification Printout Request Generates Alert.

Recommendation 2

Establish an acceptable number of SSN Printouts an individual may obtain in a day, year or lifetime, and require specific management approval for requests exceeding that number.

Response

We partially agree. The Privacy Act establishes an individual's right of access to records maintained by Federal agencies without limiting the number of times those records can be requested. An SSN Printout is a record of an individual held by the Agency, and the Privacy Act and OMB Privacy Act guidelines do not limit access to such information. Additionally, the Agency's efforts to establish a limited number of times an individual may request SSN Printouts may be arbitrary in nature and may have a negative effect on his/her legitimate right of access to this information. Nevertheless, we acknowledge the need to balance responsibility for protecting SSNs with the obligation of providing individuals access to personal information in SSA's possession. Thus, we will assess the impact of limiting the number of SSN Printouts individuals may request on their Privacy Act rights.

We also have considerable concerns regarding the resources that would be necessary to implement the restrictions in this recommendation, since no misuse cases have been identified as a result of the generation of multiple printouts. As part of our efforts to prevent abuse or misuse of SSN Printouts, current POMS RM 00202.320.C.2 states, "In general, you should issue no more than one verification printout to a requestor at the same interview/same day." However, the policy as written allows the interviewer flexibility to issue multiple printouts if needed or requested.

Recommendation 3

Establish procedures to perform routine integrity reviews of anomalies involving the issuance of SSN Printouts. Any cases involving potential SSN misuse should be referred to OIG.

Response

We partially agree. These actions will be captured through the Web-based Comprehensive Integrity Review Process (CIRP), which is scheduled for implementation in fiscal year 2008. We do not believe there is a need to establish special procedures for these cases. If abuse or misuse cases are identified through routine CIRP reviews, they will be referred to OIG for further action.

Recommendation 4

Consider developing a system or application similar to the SS-5 Assistant to document and track actions taken to issue an SSN Printout.

Response

We agree that it is important to track actions taken to issue an SSN Printout. We believe we currently have systems in place to obtain that data through the Audit Trail System and, by late fiscal year 2008, these actions will be captured through the WEB based CIRP process which is being developed. Also, as described in our response to recommendation 3, CIRP will track both Numidents and NUMI Lites (SSN Printouts). In addition to targeted criteria designated to monitor transactions involving sensitive queries, Web CIRP will also provide anomaly reports and listings of sensitive queries performed by each employee sortable by SSN, type and date. The Integrity Review Handbook contains instructions on the review and certification of potential fraud or abuse cases. Our POMS GN 04100 contains additional procedures for referral of cases to OIG.

Recommendation 5

Develop and disseminate management information for the SSN Printout workload to responsible SSA personnel. At a minimum, the information should enable managers to identify anomalies in the number of SSN Printouts issued by field offices and to numberholders.

Response

We partially agree. As indicated in our response to recommendation number 4, CIRP will make information available to managers on the verifications processed. We do not believe that multiple printouts alone are indicators of possible fraud, abuse or misuse. We reviewed the multiple printout cases identified in this audit and determined that none involved fraud, abuse or misuse.

Recommendation 6

Clarify SSA policies and the SSN Printout language to consistently communicate the Agency's official position as to whether the document is valid for SSN verification purposes.

Response

We agree. While our statement on the printout and policy clearly states, "the Social Security card is the official verification of a Social Security number," we agree that the SSN Printout can be confusing for the public and third parties as the title "SSN Verification Printout" is misleading. We will clarify POMS instructions and the wording on the SSN Printout to provide a consistent message; i.e., that the SSN Printout is not an official verification of an SSN. These actions will be completed by December 31, 2007

Recommendation 7

Extend outreach to employers, Department of Motor Vehicles (DMV) and other third parties in areas where the demand for SSN Printouts is high to raise the awareness that SSA offers verification services.

Response

We agree. We will continue our outreach efforts with employers regarding the procedures and types of SSN verification services we provide. We will also remind our employees who perform outreach activities with DMVs and other third parties to raise the awareness that we offer various verification services.

Recommendation 8

Issue a reminder to field office staff that SSN Printouts should only be issued when the numberholder expresses an immediate need for a verification of the SSN.

Response

We disagree. Current policy does not dictate that the number holder express an "immediate need" for this information. As previously noted, the Privacy Act protects an individual's right to access his or her records. Furthermore, OMB's Privacy Act guidelines indicate that the granting of access may not be conditioned upon any requirement to state a reason or otherwise justify the need to gain access to a particular record.

Appendix I
OIG Contacts and Staff Acknowledgments
OIG Contacts
Kimberly Byrd, Director, Southern Audit Division, (205) 801-1650
Frank Nagy, Audit Manager, (404) 562-5552
Acknowledgments
In addition to those named above:
Shane Henley, Auditor
Mike Leibrecht, Senior Auditor

For additional copies of this report, please visit our web site at www.socialsecurity.gov/oig or contact the Office of the Inspector General's Public Affairs Specialist at (410) 965-3218. Refer to Common Identification Number A-04-07-27112.

Overview of the Office of the Inspector General
The Office of the Inspector General (OIG) is comprised of our Office of Investigations (OI), Office of Audit (OA), Office of the Chief Counsel to the Inspector General (OCCIG), and Office of Resource Management (ORM). To ensure compliance with policies and procedures, internal controls, and professional standards, we also have a comprehensive Professional Responsibility and Quality Assurance program.

Office of Audit
OA conducts and/or supervises financial and performance audits of the Social Security Administration's (SSA) programs and operations and makes recommendations to ensure program objectives are achieved effectively and efficiently. Financial audits assess whether SSA's financial statements fairly present SSA's financial position, results of operations, and cash flow. Performance audits review the economy, efficiency, and effectiveness of SSA's programs and operations. OA also conducts short-term management and program evaluations and projects on issues of concern to SSA, Congress, and the general public.

Office of Investigations
OI conducts and coordinates investigative activity related to fraud, waste, abuse, and mismanagement in SSA programs and operations. This includes wrongdoing by applicants, beneficiaries, contractors, third parties, or SSA employees performing their official duties. This office serves as OIG liaison to the Department of Justice on all matters relating to the investigations of SSA programs and personnel. OI also conducts joint investigations with other Federal, State, and local law enforcement agencies.

Office of the Chief Counsel to the Inspector General
OCCIG provides independent legal advice and counsel to the IG on various matters, including statutes, regulations, legislation, and policy directives. OCCIG also advises the IG on investigative procedures and techniques, as well as on legal implications and conclusions to be drawn from audit and investigative material. Finally, OCCIG administers the Civil Monetary Penalty program.

Office of Resource Management
ORM supports OIG by providing information resource management and systems security. ORM also coordinates OIG's budget, procurement, telecommunications, facilities, and human resources. In addition, ORM is the focal point for OIG's strategic planning function and the development and implementation of performance measures required by the Government Performance and Results Act of 1993.