[Federal Register Volume 79, Number 41 (Monday, March 3, 2014)]
[Proposed Rules]
[Pages 11735-11738]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-04584]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Technical Information Service

15 CFR Part 1110

[Docket Number: 140205103-4103-01]
RIN 0692-AA21


Certification Program for Access to the Death Master File

AGENCY: National Technical Information Service, U.S. Department of 
Commerce.

ACTION: Request for Information and Advance Notice of Public Meeting.

-----------------------------------------------------------------------

SUMMARY: Section 203 of the Bipartisan Budget Act of 2013 (Act), 
directed the Secretary of Commerce to establish a certification program 
under which persons may obtain immediate access to the publicly 
available Death Master File (DMF). The National Technical Information 
Service is requesting comments from the public regarding the 
establishment and implementation of a certification program for access 
to the DMF. It is expected that information gathered through this RFI 
will inform NTIS's approach to the development of a certification 
program, which will be promulgated by NTIS by Notice and Comment 
Rulemaking.
    In addition, NTIS will hold a public meeting at which members of 
the public will be invited to provide comments in person. More 
information about the public meeting is provided under SUPPLEMENTARY 
INFORMATION.

DATES: Comments are due on or before 5:00 p.m. Eastern time March 18, 
2014. The public meeting will take place on Tuesday, March 4, 2014, 
from 9:00 a.m. to 12:00 p.m. Eastern time at the place noted under 
ADDRESSES, and comments made orally during the public comment portion 
of the public meeting will be recorded and transcribed.

ADDRESSES: Written comments must be submitted to John Hounsell by email 
at jhounsell@ntis.gov, or in paper form at NTIS, 5301 Shawnee Road, 
Alexandria, VA 22312. The public meeting will take place at the United 
States Patent and Trademark Office, Madison Building West, 600 Dulany 
Street, Alexandria, VA 22314. The public meeting will also be webcast.

FOR FURTHER INFORMATION CONTACT: John Hounsell at jhounsell@ntis.gov or 
703-605-6184.

SUPPLEMENTARY INFORMATION: This Request for Information (RFI) seeks 
comments from the public regarding the establishment by the National 
Technical Information Service (NTIS) of the new certification program 
for persons who seek access to the Social Security Administration's 
Public Death Master File (DMF) at any time within the three-calendar-
year period following an individual's death, as required by Section 203 
of the Bipartisan Budget Act of 2013 (Pub. L. 113-67) (Act). The Act 
prohibits disclosure of DMF information during the three-calendar-year 
period following death unless the person requesting the information has 
been certified under a program established by the Secretary of 
Commerce. The Act directs the Secretary of Commerce to establish a 
certification program for such access to the DMF. Section 203, 
``Restriction on Access to the Death Master File,'' requires a fee-
based certification program for allowable uses of DMF data for any 
deceased individual within three calendar years of the individual's 
death. Authority to carry out Section 203 has been delegated by the 
Secretary of Commerce to the National Technical Information Service 
(NTIS).
    NTIS will establish the certification program in a manner 
consistent with the Act and its mission, to promote American innovation 
and economic growth by collecting and disseminating scientific, 
technical and engineering information to the public and industry, by 
providing information management solutions to other Federal agencies, 
and by doing all without appropriated funding. A summary of the 
provisions of Section 203 is provided below.

Section 203, ``Restriction on Access to the Death Master File''

    Section 203(a) of the Act directs that the Secretary of Commerce 
(Secretary) ``shall not disclose to any person information contained on 
the Death Master File with respect to any deceased individual at any 
time during the 3-calendar-year period beginning on the date of the 
individual's death, unless such person is certified under the program 
established under subsection (b)'' of Section 203.
    Section 203(b)(1) of the Act directs the Secretary to ``establish a 
program (A) to certify persons who are eligible to access the 
information described in subsection (a) contained on the Death Master 
File, and (B) to perform periodic and unscheduled audits of certified 
persons to determine the compliance by such certified persons with the 
requirements of the program.''
    Under Section 203(b)(2) of the Act, a person ``shall not be 
certified under the program established under paragraph (1) unless such 
person certifies that access to the information described in subsection 
(a) is appropriate because such person (A) has (i) a legitimate fraud 
prevention interest, or (ii) a legitimate business purpose pursuant to 
a law, governmental rule, regulation, or fiduciary duty, and (B) has 
systems, facilities, and procedures in place to safeguard such 
information, and experience in maintaining the confidentiality, 
security, and appropriate use of such information, pursuant to 
requirements similar to the requirements of section 6103(p)(4) of the 
Internal Revenue Code of 1986 (IRC), and (C) agrees to satisfy the 
requirements of such section 6103(p)(4) as if such section applied to 
such person.''
    Section 203(b)(3)(A) of the Act directs the Secretary to 
``establish under section 9701 of title 31, United States Code, a 
program for the charge of fees sufficient to cover (but not to exceed) 
all costs associated with evaluating applications for certification and 
auditing, inspecting, and monitoring certified persons under the 
program. Any fees so collected shall be deposited and

[[Page 11736]]

credited as offsetting collections to the accounts from which such 
costs are paid.'' Section 203(b)(3)(B) of the Act requires the 
Secretary to report annually to the Congress ``on the total fees 
collected during the preceding year and the cost of administering the 
certification program under this subsection for such year.''
    Section 203(c)(1) of the Act provides that any person ``certified 
under the program established under subsection (b), who receives 
information described in subsection (a), and who during the period of 
time described in subsection (a)(A) discloses such information to any 
person other than a person who meets the requirements of subparagraphs 
(A), (B), and (C) of subsection (b)(2), (B) discloses such information 
to any person who uses the information for any purpose not listed under 
subsection (b)(2)(A) or who further discloses the information to a 
person who does not meet such requirements, or (C) uses any such 
information for any purpose not listed under subsection (b)(2)(A), and 
any person to whom such information is disclosed who further discloses 
or uses such information as described in the preceding subparagraphs, 
shall pay a penalty of $1,000 for each such disclosure or use. Under 
Section 203(c)(2), the total penalty imposed on any person for any 
calendar year ``shall not exceed $250,000,'' unless the Secretary 
determines the violations to have been ``willful or intentional.''
    Section 203(d) of the Act defines the term ``Death Master File'' to 
mean ``information on the name, social security account number, date of 
birth, and date of death of deceased individuals maintained by the 
Commissioner of Social Security, other than information that was 
provided to such Commissioner under section 205(r) of the Social 
Security Act (42 U.S.C. 405(r)).''
    Under Section 203(e)(1) of the Act, no Federal agency ``shall be 
compelled to disclose,'' to any person ``not certified,'' information 
contained on the Death Master File with respect to any deceased 
individual at any time during the 3-calendar-year period beginning on 
the date of the individual's death. Section 203(e)(2) of the Act 
provides that Section 203 shall be considered a statute described in 
subsection (b)(3) of section 552 of title 5, United States Code (the 
Freedom of Information Act (FOIA)).
    Under Section 203(f) of the Act, Section 203 takes effect 90 days 
after the date of the enactment, while Section 203(e) (the FOIA 
provision) takes effect upon enactment.
    During Congressional debate on the Joint Resolution, H. J. Res. 59, 
which, upon being passed by Congress and signed into law by the 
President, became the Bipartisan Budget Act of 2013, several Members of 
Congress described their understanding of the purpose and meaning of 
Section 203. Members offering statements included Representatives 
Johnson,\1\ Bachus \2\ and Neal,\3\ and Senators Nelson,\4\ Murray,\5\ 
Casey \6\ and Hatch.\7\
---------------------------------------------------------------------------

    \1\ 159 CONG. REC. H7699, (daily ed. Dec. 12, 2013) (statement 
of Rep. Sam Johnson).
    \2\ 159 CONG. REC. H8083, (daily ed. Dec. 12, 2013) (statement 
of Rep. Bachus).
    \3\ 159 CONG. REC. H8083, (daily ed. Dec. 12, 2013) (statement 
of Rep. Neal).
    \4\ 159 CONG. REC. S8890-S8891, (daily ed. Dec. 17, 2013) 
(statement of Sen. Nelson).
    \5\ 159 CONG. REC. S8891, (daily ed. Dec. 17, 2013) (statement 
of Sen. Murray).
    \6\ 159 CONG. REC. S8891, (daily ed. Dec. 17, 2013) (statement 
of Sen. Casey).
    \7\ 159 CONG. REC. S8891, (daily ed. Dec. 17, 2013) (statement 
of Sen. Hatch).
---------------------------------------------------------------------------

The Death Master File

    The Social Security Administration (SSA) compiles the DMF from 
certain deaths reported to the agency. SSA receives death reports from 
many sources, including family members, funeral homes, hospitals, 
States, Federal agencies, postal authorities and financial 
institutions. The DMF is not a complete file of all deaths, and does 
not include State death records. (Section 205(r) of the Social Security 
Act prohibits SSA from disclosing this information to the public on the 
DMF.) In addition, SSA cannot guarantee the accuracy of the DMF. The 
absence of a particular person on this file is not proof that the 
individual is alive. Further, in rare instances it is possible for the 
record of a person who is not deceased to be included erroneously in 
the DMF.
    SSA makes the DMF available to the public through an agreement with 
NTIS. NTIS offers the DMF to the public through an online search 
application, as well as through raw data file download products. DMF 
subscribers have the option of subscribing to an online search 
application or maintaining a raw data version of the file at their 
location. The online service is updated on a weekly basis, and raw data 
file weekly and monthly updates are offered electronically via https, 
as well as via secure FTP.
    The Death Master File is an important tool which has been used for 
many purposes. It is used by pension funds, insurance organizations, 
Federal, State and Local government entities and others responsible for 
verifying deceased person(s) in support of fulfillment of benefits to 
their beneficiaries. By methodically running financial, credit, payment 
and other applications against the Death Master File, the financial 
community, insurance companies, security firms and State and Local 
governments are better able to identify and prevent identity fraud, and 
identify customers who are deceased. Other current users include 
clinicians and medical researchers tracking former patients and study 
subjects, law enforcement and genealogists.
    While the DMF unquestionably plays an important role in preventing 
identity fraud, concern about misuse of publicly available DMF 
information, as noted in the statements of several Members of Congress 
cited above, led to the inclusion of Section 203 in the Act, signed 
into law by President Obama. NTIS seeks comments from the public on how 
best to implement the certification program mandated under Section 203.

Request for Comment

    The following questions cover the major areas for which NTIS seeks 
comment. The questions are not intended to limit topics that may be 
addressed through this Request for Information, and commenters may 
address any topic they believe has implications for the establishment 
of a certification program for access to the DMF, regardless of whether 
this document mentions it. NTIS will consider all timely comments 
received.
    Comments containing references, studies, research, and other 
empirical data that are not widely published should include copies of 
the referenced materials. No confidential or proprietary comments, 
information or materials are to be submitted, and all submitted 
comments will be made available publically at http://dmf.ntis.gov/.
    In the questions that follow, references to ``you'' are intended to 
include individual persons as well as organizations unless otherwise 
indicated, and submitted comments should distinguish between 
individuals and organizations as necessary or desirable for context.

Certification Program

    NTIS solicits information on implementation of the certification 
program mandated under Section 203. In particular, NTIS seeks to 
understand how persons would characterize the basis for their use of 
DMF information as it relates to the certification criteria of Section 
203. In addition, NTIS seeks to understand how persons who seek 
certification would comply with the requirements set forth under 
Section 203 to safeguard DMF information. NTIS also seeks information 
regarding

[[Page 11737]]

how to best ensure the safeguarding of released DMF information.
    1. Do you think that you have a legitimate fraud prevention 
interest in accessing DMF information, as described in the Act? If so, 
explain in detail the basis of that interest.
    2. If you have a legitimate business purpose pursuant to a law, 
explain in detail the basis of that legitimate business purpose and 
cite the relevant law.
    3. If you have a legitimate business purpose pursuant to a 
governmental rule, explain in detail the basis of that legitimate 
business purpose and cite the relevant governmental rule.
    4. If you have a legitimate business purpose pursuant to a 
regulation, explain in detail the basis of that legitimate business 
purpose and cite the relevant regulation.
    5. If you have a legitimate business purpose pursuant to a 
fiduciary duty, explain in detail the basis of that legitimate business 
purpose and cite the relevant fiduciary duty.
    6. Do you have systems, facilities, and procedures in place to 
safeguard DMF information, and experience in maintaining the 
confidentiality, security, and appropriate use of such information? If 
so, explain in detail.
    7. If you have systems, facilities, and procedures in place to 
safeguard DMF information, or to safeguard sensitive information other 
than DMF information, explain whether and how your systems, facilities, 
and procedures are audited, inspected or monitored.
    8. If you have systems, facilities, and procedures in place to 
safeguard DMF information, or to safeguard sensitive information other 
than DMF information, and if your systems, facilities, and procedures 
are audited, inspected or monitored, explain whether that is voluntary, 
or whether it is required by law, governmental rule, regulation, 
fiduciary duty, or other reason and cite such.
    9. If you have systems, facilities, and procedures in place to 
safeguard DMF information, or to safeguard sensitive information other 
than DMF information, and if your systems, facilities, and procedures 
are audited, inspected or monitored, explain whether any of these 
reviews would reveal (1) how such information was used by you, (2) 
whether such information had been disclosed to a third person, and (3) 
how such information, if disclosed to a third person, was used by that 
person, or was further disclosed by that person to a fourth person.
    10. If you have systems, facilities, and procedures in place to 
safeguard DMF information, and experience in maintaining the 
confidentiality, security, and appropriate use of such information, 
explain in detail the extent to which these satisfy the requirements of 
section 6103(p)(4) of the IRC, or satisfy requirements ``similar'' to 
the requirements of section 6103(p)(4) of the IRC.
    11. If you do not currently have systems, facilities, and 
procedures in place to safeguard DMF information, explain how you would 
anticipate putting such systems, facilities, and procedures in place in 
order to become certified to access DMF information.
    12. Under the Act, you are required to certify that you have 
systems, facilities, and procedures in place to safeguard DMF 
information, and experience in maintaining the confidentiality, 
security, and appropriate use of such information, pursuant to 
requirements ``similar'' to the requirements of section 6103(p)(4) of 
the IRC. Please explain in detail how your systems, etc., and 
experience might be ``similar'' but not identical to the requirements 
of section 6103(p)(4) of the IRC, and how any differences from the 
requirements of section 6103(p)(4) of the IRC would nevertheless permit 
achieving the objective of safeguarding DMF information.
    13. What systems, facilities, and procedures do you believe are 
necessary to safeguard DMF information provided under the Act, 
including audit, inspection and monitoring procedures?
    14. Identify laws or regulations that require the safeguarding of 
released DMF information, and summarize the procedures required by such 
laws or regulations.

Fees and Penalties

    NTIS solicits information on the fees and penalties mandated under 
Section 203. In particular, because Section 203 mandates the charge of 
fees to cover, but not to exceed, all costs associated with evaluating 
applications for certification and auditing, inspecting, and monitoring 
certified persons under the program, NTIS seeks to understand whether 
persons desiring to access DMF information during the initial three-
calendar-year period, including persons currently accessing DMF 
information, would participate in a fee-based certification program in 
order to obtain or maintain access to the DMF. NTIS also seeks to 
understand how persons certified under the certification program would 
avoid disclosing such information to any person not authorized to 
obtain such information because they are not certified or, if 
certified, would use such information for a purpose not listed under 
Section 203(b)(2)(A).
    15. Would the imposition of a single, presumably larger, fee at the 
time of certification be preferable to the charge of multiple, 
presumably smaller, fees, such as annual fees?
    16. In order to become certified to have access to DMF information, 
how would you prevent disclosure of such information to any person 
other than a person who was also certified, or who, if not certified, 
would meet the requirements of certification?

Death Master File Information

    NTIS solicits comments on the term ``Death Master File,'' as that 
term is defined in Section 203: ``information on the name, social 
security account number, date of birth, and date of death of deceased 
individuals maintained by the Commissioner of Social Security, other 
than information that was provided to such Commissioner under section 
205(r) of the Social Security Act (42 U.S.C. 405(r)).'' In particular, 
NTIS seeks to understand whether persons currently accessing the DMF, 
or who might wish to access the DMF in the future, during the initial 
three-calendar-year period, need access to all the types of information 
included within the definition of that term in order to make use of DMF 
information. If access to all the types of information included within 
the definition of the term ``Death Master File'' is not needed for 
persons to make use of DMF information, NTIS seeks to understand which 
type(s) of information is not needed.
    17. If you currently access DMF information, does your use of that 
information include or require the name, social security account 
number, date of birth, and date of death of deceased individuals? If 
not, explain which type(s) of DMF information you do not use.
    18. Would you find it useful to access DMF information that 
included information for a deceased individual during the 3-calendar-
year period beginning on the date of the individual's death, but did 
not include one or more of the name, social security account number, 
date of birth, and date of death of the deceased individual? If so, 
explain which type(s) of DMF information could be excluded.

Advance Notice of Public Meeting

    NTIS will hold a public meeting at which members of the public may 
provide comments on the establishment of the certification program for 
access to the DMF in person on Tuesday, March 4, 2014, from 9:00 a.m. 
to 12:00 p.m. Eastern time at the United States Patent

[[Page 11738]]

and Trademark Office, Madison Building West, 600 Dulany Street, 
Alexandria, VA 22341. As with written comments, comments made orally at 
the public meeting should not include confidential or proprietary 
information, and all comments from attendees will be will be recorded 
and transcribed, and will made available publically along with written 
comments at http://dmf.ntis.gov/.
    Seating at the public meeting will be limited, and attendance will 
be ``first-come, first-served,'' on a space-available basis. The public 
meeting will also be webcast for those who are unable to participate in 
person. Details about the public meeting, including how to register, 
will be posted at the NTIS DMF Web page, http://dmf.ntis.gov/. The NTIS 
DMF Web page also has information about how to subscribe to the NTIS 
email distribution list to receive announcements from NTIS about the 
progress of the establishment of the certification program. To 
subscribe to this free service, you may provide an email address to 
jhounsell@ntis.gov.

    Dated: February 25, 2014.
Bruce Borzino,
Director.
[FR Doc. 2014-04584 Filed 2-28-14; 8:45 am]
BILLING CODE 3510-04-P