GN 03325: Disclosure and Verification of Social Security Numbers (SSN)
TN 3 (09-05)
Citations:
Freedom of Information Act (5 U.S.C. § 552)
Privacy Act of 1974 (5 U.S.C. § 552a(b) and Section 7)
Section 205(c) of the Social Security Act (42 U.S.C. § 405(c))
Section 208(a) of the Social Security Act (42 U.S.C. § 408(a))
Section 1106 of the Social Security Act (42 U.S.C. § 1306)
Section 1137 of Social Security Act (42 U.S.C., § 1320b-7)
20 C.F.R. Part 401 (Regulation No. 1)
20 C.F.R. Part 402 (Regulation No. 2)
A. Introduction
This subchapter provides general information concerning use of the Social Security number (SSN), and instructions on the disclosure and verification of SSNs without the written consent of the number holder.
Reference 1: See RM 10201.000 for information concerning the general use of the SSN, including impossible SSNs.
Reference 2: See RM 10205.000 for information concerning instructions for replacement or duplicate SSN cards.
Reference 3: See GN 03305.000 for information concerning instructions for disclosure of SSNs with written consent.
Reference 4: See GN 03340.010 and GN 03340.015 for instructions about access requests for SSNs and other personal information.
B. Background
The Social Security number (SSN) was established in 1936 for the purpose of tracking the wages of workers covered under the social security system. Because of its use as a unique identifier, the SSN is one of the most sensitive pieces of personal information in SSA’s records. It is the key to identifying and retrieving most of the highly personal and sensitive information SSA maintains about individuals.
Over the decades, the use of the SSN has expanded greatly beyond the original purpose for its establishment. In fact, it has become the identifier of choice by all levels of government and the private and commercial sectors as a numerical key to their recordkeeping systems. In some cases, Federal (and State) laws have been enacted that authorize the use of the SSN for a specific purpose or purposes. In the vast majority of cases, however, there are no Federal laws that either prohibit or authorize the use of the SSN. Consequently, governmental and nongovernmental entities use the SSN as a personal identifier for lawful purposes because of its ready availability as a unique identifier. Some government agencies use the SSN for identification and administrative purposes. The private sector uses the SSN for similar purposes, generally, without restraint. For example, the private sector may refuse service or credit, deny admission or membership, etc., to anyone unwilling to furnish his/her SSN. There generally is no provision in any Federal law governing or limiting the use, or the disclosure of the SSN by the private sector such as businesses and organizations, except for fraudulent use of the SSN.
SSA has no authority over other entities’ collection and use of the SSN. Although the SSN is widely used, SSA policy is to disclose the SSN and SSN information only under limited circumstances as allowed or required by Federal laws such as the Privacy Act (5 U.S.C. § 552a(b)), the Freedom of Information Act (5 U.S.C. § 552), and the Social Security Act (e.g., 42 U.S.C. §§ 405(a); 405(c); and 1320b-7, and the Agency’s disclosure regulations (20 C.F.R. §§ 401 and 402).
All Federal, State, or local government agencies that collect and use the SSN for identification purposes must adhere to the requirements in section 7 of the Privacy Act (5 U.S.C. § 552a, Note). (See GN 03325.005B.1. for a discussion of the Privacy Act’s Section 7 requirements.) SSA does not have any enforcement or other authority for Section 7 of the Privacy Act. Such authority rests with the Office of Management and Budget.
C. Definitions
1. SSN disclosure
This means disclosure of the SSN to any party other than the number holder, with or without his/her consent.
2. SSN verification
This means matching the name, SSN, and other information such as date of birth, place of birth, and parents’ names with information in SSA records and providing the results of the match. If the information in SSA’s records is different, we do not provide the information in our records.
D. Procedure
1. Request for SSN or SSN Verification
See GN 03325.004 if a request contains an SSN but no other identifying information about the number holder (NH) and is seeking a Numident or identifying information about the NH.
Upon receipt of a single request for disclosure of an SSN or SSN verification, the reviewing office should take the following action:
Determine if the SSN can be disclosed or verified (see GN 03325.002, GN 03325.003, and GN 03325.025).
If the disclosure or verification is allowed, determine if a fee should be charged and the amount of the fee (see GN 03311.005 and GN 03311.007).
-
Release the requested data to the requester without consultation with the Regional or Component Privacy Act Coordinator.
REMINDER: SSA has established computer matching and other formal electronic data exchanges to facilitate the release of information, including disclosure and verification of SSN, to Federal, State, and local agencies. FOs and other components should not be routinely handling requests for SSN information if there is a data exchange agreement between SSA and the particular agency. FOs can consult with the Data Exchange Coordinator to determine if there is an agreement between SSA and a particular Federal, State, or local government agency that provides for disclosure or verification of SSNs.
Also, see GN 03313.001K.2. and GN 03313.001K.3. for requests from Federal agencies; see GN 03314.001J., items 1-3. for requests from State and local agencies.
If the disclosure or verification is not allowed, go to step (b).
If the request is from any requester other than a court or Federal agency, and disclosure is not allowed, handle it as a potential Freedom of Information Act denial (see GN 03350.005B.3.).
If the request is from a Federal agency or court and disclosure is not allowed, handle it as a potential Privacy Act denial (see GN 03350.015).
2. Multiple (Volume) Requests
a. General
Each field office (FO) should determine the quantity of requests to be handled locally depending on workloads (approximately 50 requests are recommended). If FO management determines that it does not have sufficient resources to handle volume requests, the FO should following regional procedures in addressing the matter (e.g., contact the area director or the Regional Privacy Act Coordinator). As necessary, the regions should consult with the Office of Public Service and Operations Support for guidance on handling volume workloads.
NOTE: If volume requests are received from employers, FOs may contact the Regional Employer Service Liaison Officer or Wage Reporting Specialist in their area.
b. Fee Charging
See GN 03311.005 to determine if the request is for a program or non-program purpose.
See GN 03311.007 for fee charging instructions for non-program third party requests for SSN verification.
See www.socialsecurity.gov/foia/html/foia_guide.htm for fee charging for non-program requests for Numidents and copies of Form SS-5.