H. Rept. 115-636 - PROTECTING CHILDREN FROM IDENTITY THEFT ACT115th Congress (2017-2018)
Committee Report
Hide OverviewReport Type: | House Report |
---|---|
Accompanies: | H.R.5192 |
Committees: |
Report text available as:
- TXT
- PDF (PDF provides a complete and accurate display of this text.) Tip ?
115th Congress } { Report HOUSE OF REPRESENTATIVES 2d Session } { 115-636 ====================================================================== PROTECTING CHILDREN FROM IDENTITY THEFT ACT _______ April 13, 2018.--Committed to the Committee of the Whole House on the State of the Union and ordered to be printed _______ Mr. Brady of Texas, from the Committee on Ways and Means, submitted the following R E P O R T [To accompany H.R. 5192] [Including cost estimate of the Congressional Budget Office] The Committee on Ways and Means, to whom was referred the bill (H.R. 5192) to authorize the Commissioner of Social Security to provide confirmation of fraud protection data to certain permitted entities, and for other purposes, having considered the same, report favorably thereon with an amendment and recommend that the bill as amended do pass. CONTENTS Page I. SUMMARY AND BACKGROUND............................................4 A. Purpose and Summary................................... 4 B. Background and Need for Legislation................... 4 C. Legislative History................................... 6 II. EXPLANATION OF THE BILL...........................................6 A. Short Title (Section 1 of Bill)....................... 6 B. Reducing Identity Fraud (Section 2 of Bill)........... 7 III.VOTES OF THE COMMITTEE............................................9 IV. BUDGET EFFECTS OF THE BILL.......................................10 A. Committee Estimate of Budgetary Effects............... 10 B. Statement Regarding New Budget Authority and Tax Expenditures Budget Authority........................ 10 C. Cost Estimate Prepared by the Congressional Budget Office............................................... 10 V. OTHER MATTERS TO BE DISCUSSED UNDER THE RULES OF THE HOUSE.......11 A. Committee Oversight Findings and Recommendations...... 11 B. Statement of General Performance Goals and Objectives. 11 C. Information Relating to Unfunded Mandates............. 11 D. Congressional Earmarks, Limited Tax Benefits, and Limited Tariff Benefits.............................. 12 E. Duplication of Federal Programs....................... 12 F. Disclosure of Directed Rule Makings................... 12 The amendment is as follows: Strike all after the enacting clause and insert the following: SECTION 1. SHORT TITLE. This Act may be cited as the ``Protecting Children from Identity Theft Act''. SEC. 2. REDUCING IDENTITY FRAUD. (a) Purpose.--The purpose of this section is to reduce the prevalence of synthetic identity fraud, which disproportionally affects vulnerable populations, such as minors and recent immigrants, by facilitating the validation by permitted entities of fraud protection data, pursuant to electronically received consumer consent, through use of a database maintained by the Commissioner. (b) Definitions.--In this section: (1) Commissioner.--The term ``Commissioner'' means the Commissioner of the Social Security Administration. (2) Financial institution.--The term ``financial institution'' has the meaning given the term in section 509 of the Gramm-Leach-Bliley Act (15 U.S.C. 6809). (3) Fraud protection data.--The term ``fraud protection data'' means a combination of the following information with respect to an individual: (A) The name of the individual (including the first name and any family forename or surname of the individual). (B) The Social Security account number of the individual. (C) The date of birth (including the month, day, and year) of the individual. (4) Permitted entity.--The term ``permitted entity'' means a financial institution or a service provider, subsidiary, affiliate, agent, contractor, or assignee of a financial institution. (c) Efficiency.-- (1) Reliance on existing methods.--The Commissioner shall evaluate the feasibility of making modifications to any database that is in existence as of the date of enactment of this Act or a similar resource such that the database or resource-- (A) is reasonably designed to effectuate the purpose of this section; and (B) meets the requirements of subsection (d). (2) Execution.--The Commissioner shall establish a system to carry out subsection (a), in accordance with section 1106 of the Social Security Act. In doing so, the Commissioner shall make the modifications necessary to any database that is in existence as of the date of enactment of this Act or similar resource, or develop a database or similar resource. (d) Protection of Vulnerable Consumers.--The database or similar resource described in subsection (c) shall-- (1) compare fraud protection data provided in an inquiry by a permitted entity against such information maintained by the Commissioner in order to confirm (or not confirm) the validity of the information provided, and in such a manner as to deter fraudulent use of the database or similar resource; (2) be scalable and accommodate reasonably anticipated volumes of verification requests from permitted entities with commercially reasonable uptime and availability; and (3) allow permitted entities to submit-- (A) one or more individual requests electronically for real-time machine-to-machine (or similar functionality) accurate responses; and (B) multiple requests electronically, such as those provided in a batch format, for accurate electronic responses within a reasonable period of time from submission, not to exceed 24 hours. (e) Certification Required.--Before providing confirmation of fraud protection data to a permitted entity, the Commissioner shall ensure that the Commissioner has a certification from the permitted entity that is dated not more than 2 years before the date on which that confirmation is provided that includes the following declarations: (1) The entity is a permitted entity. (2) The entity is in compliance with this section. (3) The entity is, and will remain, in compliance with its privacy and data security requirements, as described in title V of the Gramm-Leach-Bliley Act (15 U.S.C. 6801 et seq.) and as required by the Commissioner, with respect to information the entity receives from the Commissioner pursuant to this section. (4) The entity will retain sufficient records to demonstrate its compliance with its certification and this section for a period of not less than 2 years. (f) Consumer Consent.-- (1) In general.--Notwithstanding any other provision of law or regulation, a permitted entity may submit a request to the database or similar resource described in subsection (c) only-- (A) pursuant to the written, including electronic, consent received by a permitted entity from the individual who is the subject of the request; and (B) in connection with any circumstance described in section 604 of the Fair Credit Reporting Act (15 U.S.C. 1681b). (2) Electronic consent requirements.--For a permitted entity to use the consent of an individual received electronically pursuant to paragraph (1)(A), the permitted entity must obtain the individual's electronic signature, as defined in section 106 of the Electronic Signatures in Global and National Commerce Act (15 U.S.C. 7006). Permitted entities must develop and use an electronic signature process in accordance with all Federal laws and requirements as designated by the Commissioner. (3) Effectuating electronic consent.--No provision of law or requirement, including section 552a of title 5, United States Code, shall prevent the use of electronic consent for purposes of this subsection or for use in any other consent based verification under the discretion of the Commissioner. (g) Compliance and Enforcement.-- (1) Audits and monitoring.-- (A) In general.--The Commissioner-- (i) shall conduct audits and monitoring to-- (I) ensure proper use by permitted entities of the database or similar resource described in subsection (c); and (II) deter fraud and misuse by permitted entities with respect to the database or similar resource described in subsection (c); and (ii) may terminate services for any permitted entity that prevents or refuses to allow the Commissioner to carry out the activities described in clause (i) and may terminate or suspend services for any permitted entity as necessary to enforce any violation of this section or of any certification made under this section. (2) Enforcement.-- (A) In general.--Notwithstanding any other provision of law, including the matter preceding paragraph (1) of section 505(a) of the Gramm-Leach-Bliley Act (15 U.S.C. 6805(a)), any violation of this section and any certification made under this section shall be enforced in accordance with paragraphs (1) through (7) of such section 505(a) by the agencies described in those paragraphs. (B) Relevant information.--Upon discovery by the Commissioner of any violation of this section or any certification made under this section, the Commissioner shall forward any relevant information pertaining to that violation to the appropriate agency described in subparagraph (A) for evaluation by the agency for purposes of enforcing this section. (h) Recovery of Costs.-- (1) In general.-- (A) In general.--Amounts obligated to carry out this section shall be fully recovered from the users of the database or verification system by way of advances, reimbursements, user fees, or other recoveries as determined by the Commissioner. The funds recovered under this paragraph shall be deposited as an offsetting collection to the account providing appropriations for the Social Security Administration, to be used for the administration of this section without fiscal year limitation. (B) Prices fixed by commissioner.--The Commissioner shall establish the amount to be paid by the users under this paragraph, including the costs of any services or work performed, such as any appropriate upgrades, maintenance, and associated direct and indirect administrative costs, in support of carrying out the purposes described in this section, by reimbursement or in advance as determined by the Commissioner. The amount of such prices shall be periodically adjusted by the Commissioner to ensure that amounts collected are sufficient to fully offset the cost of the administration of this section. (2) Initial development.--The Commissioner shall not begin development of a verification system to carry out this section until the Commissioner determines that amounts equal to at least 50 percent of program start-up costs have been collected under paragraph (1). (3) Existing resources.--The Commissioner of Social Security may use funds designated for information technology modernization to carry out this section, but in all cases shall be fully reimbursed under paragraph (1)(A). (4) Annual report.--The Commissioner of Social Security shall annually submit to the Committee on Ways and Means of the House of Representatives and the Committee on Finance of the Senate a report on the amount of indirect costs to the Social Security Administration arising as a result of the implementation of this section. I. SUMMARY AND BACKGROUND A. Purpose and Summary The Protecting Children from Identity Theft Act (H.R. 5192), as reported by the Committee on Ways and Means, requires the Social Security Administration (SSA) to match the name, Social Security number (SSN), and date of birth submitted by permitted entities against the SSA's records. The bill seeks to protect individuals, firms and the economy by allowing financial institutions to verify the accuracy of their customers' personal identity information, in order to guard against the establishment of synthetic identities based on a valid SSN and a false name. The bill would require the SSA to develop or improve an existing system which verifies name-SSN matches and require SSA to accept an electronic signature as authorization of the consent required to conduct this verification. Currently, the SSA requires a wet signature on a paper form as proof of consent. However, many credit applications occur online where a wet signature cannot be obtained. The bill protects the confidentiality of consumers' information and guards against fraudulent misuse of the system by requiring valid consent; limiting the system to certified users; requiring users to comply with requirements for data security and privacy in federal law and as required by the Commissioner; requiring compliance audits of users; and authorizing the Commissioner to terminate or suspend verification services for users that do not comply with these requirements. The bill also ensures the verification system does not detract from the SSA's ability to conduct its mission-critical work, by requiring users of the system to pay for all start-up and ongoing costs, both direct and indirect, of the verification system. B. Background and Need for Legislation Synthetic identity fraud is a form of identity theft that begins when fraudsters combine a real SSN and fictitious information, such as a name and date of birth, to apply for credit. Even though the financial institution may reject this initial application, credit bureaus create a record from this transaction based on the fraudulent credentials. This record can then be nurtured by the fraudster over time to establish a synthetic identity based on the valid SSN but false name, which eventually is used to commit financial or other fraud. Synthetic identity fraud is a growing form of identity theft. According to TransUnion, a record $355 million in outstanding credit card balances was owed by ``people'' whom it suspects did not exist in 2017, up more than eightfold from 2012.\1\ Synthetic identity fraud accounted for 85 percent of all identity fraud, 80 percent of all credit card fraud losses, and 74 percent of the total dollars lost by U.S. business in 2014.\2\ In 2016, credit card companies had approximately $1 billion in losses due to synthetic identity fraud.\3\ --------------------------------------------------------------------------- \1\The New ID Theft: Millions of Credit Applicants Who Don't Exist, The Wall Street Journal, (March 2018). \2\Synthetic Identity Fraud A Fast Growing Category, Information Week, (October 2014). \3\Highlights of a Forum--Combating Synthetic Identity Fraud, Government Accountability Office, (July 2017). --------------------------------------------------------------------------- Children and other individuals with limited or non-existent credit histories are especially vulnerable to having their SSNs misused for a synthetic identity. Since children do not work, drive, or establish credit, an identity thief can misuse a child's SSN for a longer period of time before being noticed. According to the Detroit Free Press, over one million children have their identity stolen annually.\4\ Children are 50 times more likely than adults to be identity theft victims, according to a study by Carnegie Mellon's CyLab.\5\ --------------------------------------------------------------------------- \4\1.3 million kids have identity stolen annually, 50% under 6- years-old, Detroit Free Press, (August 2016). \5\New Evidence Indicates Identity Thieves are Targeting Children for Unused Social Security Numbers, Carnegie Mellon CyLab, (2011). --------------------------------------------------------------------------- The Privacy Act and Social Security law set forth circumstances under which consumers can give consent for information about them held in government records to be shared. SSA has verified for private companies whether an individual's name, SSN and date of birth matches agency records since 2002. From 2002 to 2005, the SSA conducted a pilot program, the Social Security Number Verification Pilot for Private Business, to verify names and SSNs against the SSA's records for companies. The SSA launched the Consent Based Social Security Number Verification system (CBSV) in fiscal year (FY) 2009. Using CBSV, authorized users can verify the name, SSN, and date of birth of consenting individuals. CBSV responds with a match verification of ``yes'' or ``no,'' and if records show that the SSN holder is deceased, CBSV returns a death indicator. The SSA does not respond with the reason for the mismatch, nor does it provide corrected information. Users enroll and agree to the terms and conditions in the SSA's CBSV User Agreement. Users must pay an enrollment fee of $5,000 plus an additional fee of $1.00 for each verification request. Since 2008, the SSA has processed about 16 million verification requests for 78 enrolled users. In FY 2017, the SSA completed 2,875,770 verification requests through CBSV. The SSA determined that 147,100 of those requests, or 5.1 percent, did not match the SSA's records. In addition to those mismatches, there were 100 instances where the SSA's records indicated the individual was deceased. The user is required to obtain consent from the individual for SSA to provide the verification. However, the SSA requires the user to obtain the individual's wet signature, on the SSA's paper form SSA-89, to demonstrate consent. Since the SSA does not accept electronic consent, the CBSV is only useful in situations where the user can obtain and retain a signature on a paper form. (The user does not submit the signed form to SSA, but is required to retain it in its own records.) As a result, CBSV is of limited use for transactions that are done in real time without paper documentation, as is the case with most modern financial transactions. Under a previous version of the user agreement, users were required to hire an independent Certified Public Accountant (CPA) to conduct compliance reviews to ensure they were following the requirements of the agreement, including the consent requirement.\6\ However, an October 2012 audit by the SSA's Office of the Inspector General determined that the ``SSA did not always require that participating companies conduct an annual compliance review to ensure companies were complying with the terms and conditions of the User Agreement, especially the consent requirement.''\7\ The SSA has since strengthened its compliance procedures, and the SSA now contracts with a CPA firm to conduct annual onsite compliance reviews of every CBSV user. According to the SSA, during the most recent audit in FY 2016, 14 out of 72 audited users (19 percent) had instances of missing consent forms. In addition, 6 users (8 percent) had instances of consent forms that were unsigned, and 9 users (13 percent) had instances of accepting an electronically-signed consent form, without a wet signature. --------------------------------------------------------------------------- \6\User Agreement Between the Social Security Administration (SSA) And (Requesting Party) for Consent Based Social Security Number Verification (CBSV), Social Security Administration, (October 2016). \7\Monitoring Controls for the Consent Based Social Security Number Verification Program, Office of the Inspector General, Social Security Administration, (October 2012). A-03-12-11201. --------------------------------------------------------------------------- C. Legislative History BACKGROUND H.R. 5192 was introduced on March 7, 2018, and was referred to the Committee on Ways and Means. The bill was introduced as a companion bill to section 215 of the Economic Growth, Regulatory Relief, and Consumer Protection Act (S. 2155). COMMITTEE HEARINGS None. COMMITTEE ACTION The Committee on Ways and Means marked up H.R. 5192, the Protecting Children from Identity Theft Act, on April 11, 2018, and ordered the bill, as amended, favorably reported (with a quorum being present). II. EXPLANATION OF THE BILL A. Short Title (Section 1 of Bill) PRESENT LAW No provision. REASON FOR CHANGE The Committee believes that the short title reflects the policy and intent included in the legislation. EXPLANATION OF PROVISIONS This section contains the short title of the bill, the ``Protecting Children from Identity Theft Act.'' EFFECTIVE DATE The provision is effective upon the date of enactment. B. Reducing Identity Fraud (Section 2 of Bill) PRESENT LAW The Privacy Act, the Social Security Act, and other laws guard the confidentiality of information about individuals maintained by the government. They also set forth circumstances under which consumers can give consent for this information to be shared. Using this authority, the SSA established the CBSV to permit authorized users to verify whether an individual's name, SSN and date of birth match SSA's records, if the individual has given consent. REASON FOR CHANGE The Committee believes that Americans must be protected from all forms of identity theft. Because SSA is the agency which issues SSNs to individuals and maintains these records, it is in a unique position to help guard against the growing problem of synthetic identity fraud. The Protecting Children from Identity Theft Act will facilitate the verification of name-SSN matches against this authoritative source, with the individual's consent, and thus will help to combat synthetic identity fraud. The SSA's current CBSV is not useful for many types of financial transactions because it requires consent in the form of a wet signature. By requiring SSA to accept electronic consent, with appropriate safeguards, the legislation allows access for entities that conduct business online and electronically, thus protecting SSNs more widely. EXPLANATION OF PROVISIONS The SSA must establish a system to validate the name, SSN, and date of birth of an individual, if submitted by an authorized, permitted entity who has the consent of the individual, for purposes related to circumstances under which consumer reports may be provided under the Fair Credit Reporting Act. In establishing the verification system, the Commissioner may update a current SSA system, such as CBSV, or develop a new one. Permitted entities include financial institutions and their service providers, subsidiaries, affiliates, agents, contractors or assignees. The individual's consent may be obtained electronically, in accordance with federal e-signature laws, other relevant laws such as the Privacy Act, and in compliance with requirements specified by the Commissioner so as to ensure that the consent is valid and the individual providing it is authenticated by the entity. The SSA's existing verification system, CBSV, was established under existing SSA authority, which was not changed by the legislation. It has a variety of users, including those who qualify as permitted entities under this legislation. The Committee recognizes the importance of CBSV to users and notes the legislation does not prohibit access to the improved verification system by other users, provided that those users also meet all SSA and Privacy Act requirements. The system must be scalable and be able to accommodate reasonably anticipated volumes of verification requests, with commercially reasonable uptime and availability. Users are permitted to send individual or multiple requests to the SSA, via electronic means. The Commissioner must provide the match/ no-match response in real time, or within 24 hours in the case of batch-format requests. While the Committee recognizes the importance of timely responses to verification requests, the SSA must design the system in such a way as to deter fraudulent use of the system. One potential for misuse is a user who tries to guess an individual's identifying information by submitting multiple, iterative verification requests in an attempt to eventually discover a valid name-number match. The Committee expects the SSA to monitor verification requests from users, and to take action against users who appear to be using the system in this or other fraudulent ways. The ability of financial institutions to receive real-time responses is critical to combatting synthetic identity fraud. The Committee's intent is to provide a workable and efficient mechanism that protects children and other vulnerable populations from synthetic identity fraud, and that reflects the operational environment of the modern financial services industry, while protecting the SSA's ability to ensure the confidentiality and security of Americans' personal identity information. The SSA requires users of CBSV to sign and comply with a user agreement that details the terms and conditions for use of the system. In order to ensure that only authorized entities have access to the verification system established by the legislation, that they are obtaining valid consent from individuals, and that they are adhering to privacy and data security standards, the Committee expects the SSA to establish a user agreement for the new system, using similar requirements and protections to those already in place for CBSV. The language provides that permitted entities must adhere to privacy and data security standards, as well as authentication and electronic signature standards, required by the Commissioner of Social Security. The Committee expects that these standards would be based on Federal laws, such as the Privacy Act, and related guidance, under which the Commissioner is required to protect the security and integrity of personal information in Social Security records and prevent against its unauthorized disclosure. Users must have a valid certification with the SSA in order to receive verifications. The certification must be dated not more than two years prior to the date of the verification provided to the user. The certification must state that the user is a permitted entity; that it is in compliance with the provisions of the legislation; that it is in and will maintain compliance with privacy and data security requirements in banking law, and as required by the Commissioner; and that it will retain sufficient records to demonstrate compliance for at least two years. The Committee expects the SSA to effectively manage and track user certifications to ensure it only provides verifications to users with a valid certification. The SSA's authority regarding privacy and data security requirements for users is limited to their use of the verification system, including their use of data received from the new system, and does not extend to other activities of the users. The Commissioner is required to audit and monitor users to ensure they are complying with the requirements of the law and the user agreement. The Commissioner has the authority to terminate or suspend verification services for users who do not cooperate with such audits or monitoring, or to enforce any violation of the law, user agreement, or certification. It is the Committee's expectation that SSA will exercise its monitoring and enforcement authority promptly to protect consumers' information. In addition to the Commissioner's authority to terminate or suspend a user's access, bank regulatory agencies also have enforcement authority regarding violations of the legislation. The Commissioner is required to report any violation to the appropriate regulatory agency. The Committee does not intend for the implementation of the verification system to interfere with the SSA's ability to conduct its primary mission, which is to serve the American public by administering Social Security, Supplemental Security Income, and parts of Medicare. Thus, users of the verification system are required under the legislation to pay for all start- up and ongoing costs, including all direct and indirect costs, through fees as determined by the Commissioner. Development of the system may not begin until at least fifty percent of all projected start-up costs has been collected via fees; however, the Committee expects that the SSA will establish and implement the new system as quickly as possible thereafter. If additional funds are necessary to develop the system, the Commissioner may temporarily draw on funds from SSA's Limitation on Administrative Expenses account designated for information technology modernization; however, these expenditures shall be fully reimbursed via fees, so that all funds appropriated for information technology modernization are ultimately used for that purpose. The SSA will also provide an annual report to the Committee on Ways and Means and the Senate Finance Committee on the indirect costs associated with this new workload. EFFECTIVE DATE The provision is effective upon the date of enactment. III. VOTES OF THE COMMITTEE In compliance with clause 3(b) of rule XIII of the Rules of the House of Representatives, the following statement is made concerning the vote of the Committee on Ways and Means in its consideration of H.R. 5192, the Protecting Children from Identity Theft Act, on April 11, 2018. The Chairman's amendment in the nature of a substitute was adopted by a voice vote (with a quorum being present). The bill, H.R. 5192, was ordered favorably reported as amended by a roll call vote of 38 yeas to 0 nays (with a quorum being present). The vote was as follows: ---------------------------------------------------------------------------------------------------------------- Representative Yea Nay Present Representative Yea Nay Present ---------------------------------------------------------------------------------------------------------------- Mr. Brady........................ X ....... ......... Mr. Neal........... X ....... ......... Mr. Johnson...................... X ....... ......... Mr. Levin.......... X ....... ......... Mr. Nunes........................ X ....... ......... Mr. Lewis.......... X ....... ......... Mr. Reichert..................... X ....... ......... Mr. Doggett........ X ....... ......... Mr. Roskam....................... X ....... ......... Mr. Thompson....... X ....... ......... Mr. Buchanan..................... X ....... ......... Mr. Larson......... X ....... ......... Mr. Smith (NE)................... X ....... ......... Mr. Blumenauer..... X ....... ......... Ms. Jenkins...................... X ....... ......... Mr. Kind........... X ....... ......... Mr. Paulsen...................... X ....... ......... Mr. Pascrell....... X ....... ......... Mr. Marchant..................... X ....... ......... Mr. Crowley........ X ....... ......... Ms. Black........................ X ....... ......... Mr. Davis.......... X ....... ......... Mr. Reed......................... ....... ....... ......... Ms. Sanchez........ X ....... ......... Mr. Kelly........................ X ....... ......... Mr. Higgins........ X ....... ......... Mr. Renacci...................... X ....... ......... Ms. Sewell......... X ....... ......... Mr. Meehan....................... X ....... ......... Ms. DelBene........ X ....... ......... Ms. Noem......................... ....... ....... ......... Ms. Chu............ X ....... ......... Mr. Holding...................... X ....... ......... Mr. Smith (MO)................... X ....... ......... Mr. Rice......................... X ....... ......... Mr. Schweikert................... X ....... ......... Ms. Walorski..................... X ....... ......... Mr. Curbelo...................... X ....... ......... Mr. Bishop....................... X ....... ......... Mr. LaHood....................... X ....... ......... ---------------------------------------------------------------------------------------------------------------- IV. BUDGET EFFECTS OF THE BILL A. Committee Estimate of Budgetary Effects In compliance with clause 3(d) of rule XIII of the Rules of the House of Representatives, the following statement is made concerning the effects on the budget of the bill, H.R. 5192, as reported. The Committee agrees with the estimate prepared by the Congressional Budget Office (CBO), which is included below. B. Statement Regarding New Budget Authority and Tax Expenditures Budget Authority In compliance with clause 3(c)(2) of rule XIII of the Rules of the House of Representatives, the Committee states that the bill involves no new or increased budget authority. The Committee states further that the bill involves no new or increased tax expenditures. C. Cost Estimate Prepared by the Congressional Budget Office In compliance with clause 3(c)(3) of rule XIII of the Rules of the House of Representatives, requiring a cost estimate prepared by the CBO, the following statement by CBO is provided. U.S. Congress, Congressional Budget Office, Washington, DC, April 12, 2018. Hon. Kevin Brady, Chairman, Committee on Ways and Means, House of Representatives, Washington, DC. Dear Mr. Chairman: The Congressional Budget Office has prepared the enclosed cost estimate for H.R. 5192, the Protecting Children from Identity Theft Act. If you wish further details on this estimate, we will be pleased to provide them. The CBO staff contact is Noah Meyerson. Sincerely, Keith Hall, Director. Enclosure. H.R. 5192--Protecting Children from Identity Theft Act The Social Security Administration (SSA) operates the Consent Based Social Security Number Verification (CBSV) service, a fee-based program that allows financial institutions to verify that their records of a person's name, date of birth, and Social Security Number match SSA's data. SSA tells institutions only whether the data does or does not match; no other detail is provided. The fees are classified as offsetting collections that are credited against SSA's discretionary appropriations. H.R. 5192 would change the CBSV program by allowing people to electronically verify their consent to allow SSA to provide this information, rather than with a physical signature. CBO expects that change would expand the number of verification requests submitted to SSA. Under H.R. 5192, SSA would set fees to equal the total administrative costs of the program. SSA would incur the direct costs of administering the service and the indirect costs in some cases of resolving errors that are discovered. CBO projects that fees would, on average, fully offset SSA's administrative costs. However, in any given fiscal year, the total amount of fees collected probably would differ slightly from actual costs. CBO estimates that implementing the bill would result in net costs or savings of less than $500,000 in each year; the total effect would be negligible over the 2019-2028 period. Enacting H.R. 5192 would not affect direct spending; therefore, pay-as-you-go procedures do not apply. CBO estimates that enacting H.R. 5192 would not increase net direct spending or on-budget deficits in any of the four consecutive 10-year periods beginning in 2029. H.R. 5192 contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act. The CBO staff contact for this estimate is Noah Meyerson. The estimate was reviewed by H. Samuel Papenfuss, Deputy Assistant Director for Budget Analysis. V. OTHER MATTERS TO BE DISCUSSED UNDER THE RULES OF THE HOUSE A. Committee Oversight Findings and Recommendations With respect to clause 3(c)(1) of rule XIII of the Rules of the House of Representatives, the Committee made findings and recommendations that are reflected in this report. B. Statement of General Performance Goals and Objectives With respect to clause 3(c)(4) of rule XIII of the Rules of the House of Representatives, the Committee advises that the bill does not authorize funding, so no statement of general performance goals and objectives is required. C. Information Relating to Unfunded Mandates This information is provided in accordance with section 423 of the Unfunded Mandates Reform Act of 1995 (Pub. L. No. 104- 4). The Committee has determined that the bill does not contain Federal mandates on the private sector. The Committee has determined that the bill does not impose a Federal intergovernmental mandate on State, local, or tribal governments. D. Congressional Earmarks, Limited Tax Benefits, and Limited Tariff Benefits With respect to clause 9 of rule XXI of the Rules of the House of Representatives, the Committee has carefully reviewed the provisions of the bill, and states that the provisions of the bill do not contain any congressional earmarks, limited tax benefits, or limited tariff benefits within the meaning of the rule. E. Duplication of Federal Programs In compliance with clause 3(c)(5) of rule XIII of the Rules of the House of Representatives, the Committee states that no provision of the bill establishes or reauthorizes: (1) a program of the Federal Government known to be duplicative of another Federal program; (2) a program included in any report from the Government Accountability Office to Congress pursuant to section 21 of Public Law 111-139; or (3) a program related to a program identified in the most recent Catalog of Federal Domestic Assistance, published pursuant to the Federal Program Information Act (Pub. L. No. 95-220, as amended by Pub. L. No. 98-169). F. Disclosure of Directed Rule Makings In compliance with Sec. 3(i) of H. Res. 5 (115th Congress), the following statement is made concerning directed rule makings: The Committee advises that the bill requires no directed rulemakings within the meaning of such section. [all]