Social Security Number Fraud Prevention Act of 2017 Implementation, 21933-21935 [2021-06823]

Download as PDF Federal Register / Vol. 86, No. 78 / Monday, April 26, 2021 / Rules and Regulations good cause exists for making some SIAPs effective in less than 30 days. The FAA has determined that this regulation only involves an established body of technical regulations for which frequent and routine amendments are necessary to keep them operationally current. It, therefore—(1) is not a ‘‘significant regulatory action’’ under Executive Order 12866; (2) is not a ‘‘significant rule’’ under DOT Regulatory Policies and Procedures (44 FR 11034; February 26, 1979); and (3) does not warrant preparation of a regulatory evaluation as the anticipated impact is so minimal. For the same reason, the FAA certifies that this amendment will not have a significant economic impact on a substantial number of small entities under the criteria of the Regulatory Flexibility Act. Lists of Subjects in 14 CFR Part 97 Air Traffic Control, Airports, Incorporation by reference, Navigation (Air). Issued in Washington, DC, on April 16, 2021. Wade Terrell Aviation Safety Manager, Flight Procedures & Airspace Group, Flight Technologies and Procedures Division. Adoption of the Amendment Accordingly, pursuant to the authority delegated to me, Title 14, Code of Federal Regulations, Part 97 (14 CRF part 97) is amended by establishing, amending, suspending, or removing Standard Instrument Approach Procedures and/or Takeoff Minimums and Obstacle Departure Procedures effective at 0901 UTC on the dates specified, as follows: PART 97—STANDARD INSTRUMENT APPROACH PROCEDURES 1. The authority citation for part 97 continues to read as follows: ■ Authority: 49 U.S.C. 106(f), 106(g), 40103, 40106, 40113, 40114, 40120, 44502, 44514, 44701, 44719, 44721–44722. 2. Part 97 is amended to read as follows: ■ Effective 20 May 2021 Los Angeles, CA, KLAX, ILS OR LOC RWY 24R, ILS RWY 24R (CAT II), ILS RWY 24R (CAT III), Amdt 26B Los Angeles, CA, KLAX, ILS OR LOC RWY 25L, ILS RWY 25L (CAT II), ILS RWY 25L (CAT III), Amdt 14C Los Angeles, CA, KLAX, RNAV (GPS) Y RWY 24R, Amdt 3B Los Angeles, CA, KLAX, RNAV (GPS) Y RWY 25L, Amdt 4C Los Angeles, CA, KLAX, RNAV (RNP) Z RWY 24R, Amdt 1C VerDate Sep<11>2014 16:01 Apr 23, 2021 Jkt 253001 Los Angeles, CA, KLAX, RNAV (RNP) Z RWY 25L, Amdt 2C Jackson, OH, I43, VOR/DME–A, Amdt 2C, CANCELLED Effective 17 June 2021 Gadsden, AL, KGAD, RNAV (GPS) RWY 6, Amdt 1D Cloverdale, CA, Cloverdale Muni, Takeoff Minimums and Obstacle DP, Amdt 2 Santa Rosa, CA, Charles M SchulzSonoma County, Takeoff Minimums and Obstacle DP, Amdt 8 Atlanta, GA, KHMP, RNAV (GPS) RWY 6, Amdt 3 Atlanta, GA, KHMP, RNAV (GPS) RWY 24, Amdt 3 Cochran, GA, 48A, RNAV (GPS) RWY 29, Amdt 1D Cochran, GA, Cochran, VOR/DME RWY 5, Amdt 6B, CANCELLED Galesburg, IL, KGBG, ILS OR LOC RWY 3, Amdt 11 Galesburg, IL, KGBG, VOR RWY 21, Amdt 7C, CANCELLED Gary, IN, KGYY, ILS OR LOC RWY 30, Amdt 7 Gary, IN, KGYY, RNAV (GPS) Y RWY 12, Amdt 3 Gary, IN, KGYY, RNAV (GPS) Y RWY 30, Amdt 2 Gary, IN, KGYY, RNAV (RNP) Z RWY 12, Amdt 2 Gary, IN, KGYY, RNAV (RNP) Z RWY 30, Amdt 2 Ashland, KY, KDWU, VOR/DME RWY 10, Amdt 12, CANCELLED Shreveport, LA, Shreveport Downtown, Takeoff Minimums and Obstacle DP, Amdt 4 Mountain View, MO, Mountain View, Takeoff Minimums and Obstacle DP, Amdt 5 Haverhill, NH, Dean Memorial, Takeoff Minimums and Obstacle DP, Amdt 1 Keene, NH, Dillant-Hopkins, Takeoff Minimums and Obstacle DP, Amdt 6 Manchester, NH, KMHT, RNAV (GPS) RWY 6, Amdt 3 Malone, NY, KMAL, RNAV (GPS) RWY 5, Amdt 1 Malone, NY, KMAL, RNAV (GPS) RWY 23, Orig-D Sebring, OH, 3G6, RNAV (GPS) RWY 18, Orig Sebring, OH, Tri-City, Takeoff Minimums and Obstacle DP, Orig-A Sebring, OH, 3G6, VOR RWY 18, Amdt 4A Stillwater, OK, Stillwater Rgnl. RNAV (GPS) RWY 17, Amdt 1 Gillette, WY, KGCC, ILS OR LOC RWY 34, Amdt 4A Gillette, WY, KGCC, RNAV (GPS) RWY 16, Orig-B Gillette, WY, KGCC, RNAV (GPS) RWY 34, Orig-B Gillette, WY, Northeast Wyoming Rgnl, Takeoff Minimums and Obstacle DP, Amdt 6 PO 00000 Frm 00017 Fmt 4700 Sfmt 4700 21933 Gillette, WY, KGCC, VOR RWY 16, OrigB [FR Doc. 2021–08590 Filed 4–23–21; 8:45 am] BILLING CODE 4910–13–P DEPARTMENT OF COMMERCE Office of the Secretary 15 CFR Part 4 [Docket No. 210329–0073] RIN 0605–AA49 Social Security Number Fraud Prevention Act of 2017 Implementation Office of the Secretary, Department of Commerce. ACTION: Final rule. AGENCY: This final rule revises the Department of Commerce (Department) regulations under the Freedom of Information Act (FOIA) and the Privacy Act. The revisions clarify and update the language of procedural requirements pertaining to the inclusion of Social Security account numbers on documents that the Department sends by mail. These revisions are necessary to implement the Social Security Number Fraud Prevention Act of 2017 (the Act), which restricts the inclusion of Social Security numbers (SSNs) on documents sent by mail by the Federal government. DATES: Effective May 26, 2021. ADDRESSES: Departmental Privacy Act Officer, Office of Privacy and Open Government, Department of Commerce, 1401 Constitution Ave. NW, Mail Stop 61025, Washington, DC 20230. FOR FURTHER INFORMATION CONTACT: Departmental Privacy Act Officer, Office of Privacy and Open Government, Department of Commerce, (202) 482– 1190, PrivacyAct@doc.gov. SUPPLEMENTARY INFORMATION: SUMMARY: Background The Act (Pub. L. 115–59; 42 U.S.C. 405 note), which was signed on September 15, 2017, restricts Federal agencies from including individuals’ SSNs on documents sent by mail, unless the head of the agency determines that the inclusion of the SSN on the document is necessary (section 2(a) of the Act). The Act requires agency heads to issue regulations specifying the circumstances under which inclusion of a SSN on a document sent by mail is necessary. These regulations, which must be issued not later than five years after the date of enactment, shall include instructions for the partial E:\FR\FM\26APR1.SGM 26APR1 21934 Federal Register / Vol. 86, No. 78 / Monday, April 26, 2021 / Rules and Regulations redaction of SSNs where feasible, and shall require that SSNs not be visible on the outside of any package sent by mail (section 2(b) of the Act). This final rule revises the Department regulations under FOIA (subpart A, 15 CFR part 4) and the Privacy Act (subpart B, 15 CFR part 4), consistent with these requirements in the Act. This final rule also clarifies the language of procedural requirements pertaining to the inclusion of SSNs on documents that the Department sends by mail; makes clarifying updates by changing the term ‘‘Privacy Officer’’ to ‘‘Privacy Act Officer’’ where it occurs in Subpart B of 15 CFR part 4, and by changing the term ‘‘FOI Officer’’ to ‘‘FOIA Officer’’ in several places in Appendix B.; and updates an office name by changing the phrase ‘‘Assistant General Counsel for Employment, Litigation, and Oversight’’ to ‘‘Assistant General Counsel for Employment, Litigation, and Information’’ where it occurs in part 4. Comments on the Proposed Rule The Office of the Secretary received four general comments on the proposed rule from members of the public. The comments on the proposed rule can be viewed and downloaded at the following link: https:// www.regulations.gov/document/DOC2020-0001-0001. No changes have been made to the regulatory text of the proposed rule in response to these four comments. The following are our responses to the comments. Comment 1: I haven’t received my stimulus check. I want to check my information and update my information. Response: This comment is not addressed, as it is not within the scope of this action to amend the Department’s regulations in order to implement the Act. Comment 2: Noting concerns about fraud and criminal activity, a commenter stated that SSNs should be allowed to be used only for social security. The commenter stated that a company wanting to do business with you should assign an account number to serve as your identification, rather than request and use your personal information, including your SSN, and that this needs to be put into law. Response: The Act is a law that restricts the inclusion of SSNs on Federal documents sent by mail. This final rule implements the Act by making changes to the Department’s regulations, which state that the collection of SSNs on Federal documents by mail must be required or authorized by law, or must be deemed by the agency to be necessary for fulfilling a compelling business need of the agency. To the VerDate Sep<11>2014 16:01 Apr 23, 2021 Jkt 253001 extent that this comment addresses the enactment of laws or the conduct of businesses and other entities, the comment is not applicable to this action amending the Department’s regulations. Comment 3: Noting concerns about privacy and potential identity theft, another commenter agreed with the proposed rule, but requested the listing out of specific circumstances in which the inclusion of a SSN on a document is necessary. The commenter stated that the SSN should not appear on any document, because ensuring that the SSN does not appear on the envelope is not enough to guarantee that the information will not be stolen. The commenter also asked why the Act allows a five-year period for implementation, and notes that the Act should be implemented sooner. Response: The Department has policies and procedures in place for justifying the collections, maintenance, and uses of SSNs, as well as for maintaining an inventory of forms collecting SSNs, and for safeguarding the SSNs. The Department also has policies and procedures in place for eliminating the unnecessary collections, maintenance, and uses of SSNs. The Act requires Federal agencies with Chief Financial Officers to issue regulations, and the rationale for such determination, not later than five years after enactment. We note that the question regarding the Congress’ reasons for including a five-year implementation period in the Act is beyond the scope of this final rule. However, this final rule will fully implement the Act’s requirements in advance of the prescribed statutory five-year period. Comment 4: One commenter stated that protecting American’s identities needs to be a high concern of the United States government. With the advancement of technology, it is becoming easier for individuals to engage in identity fraud through SSNs. Therefore, the SSN should not be sent by the Federal government through mail. Many citizens are awaiting their stimulus checks, and criminals may be looking to steal checks that are mailed. Response: The Act requires Federal agencies with Chief Financial Officers to issue regulations specifying the circumstances under which the inclusion of the SSN is necessary on a mailed document. The regulations must include instructions for partial redaction of the SSN where feasible and a requirement that the SSN not be visible on the outside of any mail. The Department has policies and procedures in place for eliminating the unnecessary collections, maintenance, and uses of SSNs. The comment regarding the PO 00000 Frm 00018 Fmt 4700 Sfmt 4700 potential theft of stimulus checks is not addressed, as it is not within the scope of this action to amend the Department’s regulations in order to implement the Act. Changes Between the Proposed Rule and Final Rule This final rule makes no changes to the regulatory text of the proposed rule. Classification This final rule has been determined to be not significant for purposes of review under Executive Order 12866. In accordance with the Regulatory Flexibility Act (5 U.S.C. 605(b)), the Chief Counsel for Regulation has reviewed this rule and certified that this regulation, if implemented, will not have a significant economic impact on a substantial number of small entities. This rule is largely procedural in nature, and, therefore, will not affect requesters. This regulation does not contain a collection of information as defined by the Paperwork Reduction Act, 44 U.S.C. 3501, et seq. List of Subjects in 15 CFR Part 4 Appeals, Freedom of Information Act, Information, Privacy, Privacy Act. Jennifer Goode, Acting Director and Deputy Director of Open Government, and Departmental Privacy Officer. For the reasons stated in the preamble, the Department of Commerce amends Subparts A and B of 15 CFR part 4 as follows: PART 4—DISCLOSURE OF GOVERNMENT INFORMATION 1. The authority citation for part 4 continues to read as follows: ■ Authority: 5 U.S.C. 301; 5 U.S.C. 552; 5 U.S.C. 552a; 5 U.SC. 553; 31 U.S.C. 3717; 44 U.S.C. 3101; Reorganization Plan No. 5 of 1950; Pub. L. 115–59, 131 Stat. 1152 (42 U.S.C. 405, note). Subpart A—Freedom of Information Act 2. In § 4.7, add paragraph (d) to read as follows: ■ § 4.7 Responses to Requests. * * * * * (d) All responses shall be made subject to the provisions of § 4.25(b)(2)(iv). * * * * * Subpart B—Privacy Act 3. Amend subpart B by removing the words ‘‘Privacy Officer’’ wherever they ■ E:\FR\FM\26APR1.SGM 26APR1 Federal Register / Vol. 86, No. 78 / Monday, April 26, 2021 / Rules and Regulations appear and adding in their place the words ‘‘Privacy Act Officer’’. ■ 4. Amend § 4.22 by adding paragraph (b)(10) to read as follows: § 4.22 Definitions. * * * * * (b) * * * (10) Un-redacted SSN Mailed Documents Listing (USMDL) means the Department approved list, as posted at www.commerce.gov/privacy, designating those documents for which the inclusion of SSN is determined to be necessary to fulfill a compelling Department business need when the documents are requested by individuals outside the Department or other Federal agencies, as determined jointly by the Senior Agency Official for Privacy and the Departmental Privacy Act Officer. ■ 5. Amend § 4.25 by: ■ a. Adding paragraphs (a)(3) and (4); and ■ b. Revising paragraph (b)(2)(iii) and adding paragraphs (b)(2)(iv) and (v). The additions and revisions read as follows: § 4.25 Disclosure of requested records to individuals [Amended] (a) * * * (3) Inclusion of SSNs on responsive documents. (i) The Department shall redact SSNs from responsive documents provided to requesters where feasible. Where full redaction is not feasible, partial redaction to create a truncated SSN shall be preferred to no redaction. The following conditions must be met for the inclusion of an unredacted (full) SSN or partially redacted (truncated) SSN on a responsive document: (ii) The inclusion of the full SSN or truncated SSN of an individual must be required or authorized by law, (iii) The inclusion of the full SSN or truncated SSN of an individual must be determined by the Senior Agency Official for Privacy and Departmental Privacy Act Officer to be necessary to fulfill a compelling Department business need; and (iv) The full SSN of an individual may be included only on documents listed on the USMDL. (4) The following requirements apply when the Department mails or delivers responsive documents containing SSNs or truncated SSNs: (i) The full SSN of an individual may be included only on documents listed on the USMDL. (ii) For documents that are listed on the USMDL and that include the full SSN of an individual, the signature of the recipient is required upon delivery. (iii) For documents that include the truncated form of the SSN of an VerDate Sep<11>2014 16:01 Apr 23, 2021 Jkt 253001 individual, the signature of the recipient is required upon delivery. (iv) The full SSN, the truncated SSN, any part of the SSN of an individual must not be visible from the outside of the envelope or package. (b) * * * (2) * * * (iii) Copies of documents may be mailed at the request of the individual and may be subject to payment of the fees prescribed in §§ 4.25(a)(3) and 4.31. In the event that the Department, at its own initiative, elects to provide a copy by mail, no fee will be charged to the individual. (iv) Copies of documents listed on the USMDL that include full SSNs and that are requested by an individual are subject to payment of the fees prescribed in § 4.31. (v) Documents containing SSNs or truncated SSNs that are required to be returned by the individual to the Department will be mailed or delivered along with a prepaid mail or delivery service envelope at the expense of the Department. * * * * * Appendix B to Part 4 [Amended] 6. Amend Appendix B to part 4 by: a. Adding the word ‘‘Act’’ after the phrase ‘‘Freedom of Information’’ wherever it appears in the introductory text, under ‘‘Office of the Secretary,’’ and under ‘‘Assistant Secretary for Administration’’; and ■ b. Adding a semicolon after the term ‘‘Office of Privacy and Open Government: Director’’. ■ ■ [FR Doc. 2021–06823 Filed 4–23–21; 8:45 am] BILLING CODE 3510–17–P DEPARTMENT OF ENERGY FEDERAL ENERGY REGULATORY COMMISSION 18 CFR Part 35 [Docket No. RM16–17–000; Order No. 860] Data Collection for Analytics and Surveillance and Market-Based Rate Purposes Federal Energy Regulatory Commission. ACTION: Final rule; delay of compliance. AGENCY: The Commission delays the compliance date for the requirements of its final rule, ‘‘Data Collection for Analytics and Surveillance and MarketBased Rate Purposes’’ (Order No. 860) until July 1, 2021. DATES: The compliance date for the final rule published on July 26, 2019, at 84 SUMMARY: PO 00000 Frm 00019 Fmt 4700 Sfmt 4700 21935 FR 36390 (Order No. 860), is delayed to July 1, 2021. FOR FURTHER INFORMATION CONTACT: Ryan Stertz (Technical Information), Office of Energy Market Regulation, Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426, (202) 502– 6473, ryan.stertz@ferc.gov Regine Baus (Legal Information), Office of the General Counsel, Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426, (202) 502–8757, regine.baus@ ferc.gov SUPPLEMENTARY INFORMATION: 1. In this Final Rule, the Commission delays the compliance date for the requirements of Order No. 860 until July 1, 2021. I. Background 1. On July 18, 2019, the Commission issued Order No. 860,1 which revised certain aspects of the substance and format of information submitted for market-based rate purposes by Sellers.2 Specifically, the Commission adopted the approach to data collection proposed in the Notice of Proposed Rulemaking issued in July 2016, i.e., to collect market-based rate information in a relational database.3 The current effective date of Order No. 860 was October 1, 2020.4 2. On March 18, 2021, the Commission issued a Notice Seeking Comments (Notice) on a proposal to collect additional data from certain Sellers through revisions to the data dictionary and XML schema that accompany the relational database established in Order No. 860 (MBR Data Dictionary).5 Specifically, the Notice proposes to update the MBR Data Dictionary and add three new attributes to the Entities to Entities table. This requirement includes submitting into 1 Data Collection for Analytics & Surveillance and Market-Based Rate Purposes, Order No. 860, 84 FR 36390 (Jul. 26, 2019) 168 FERC ¶ 61,039 (2019), order on reh’g, Order No. 860–A, 85 FR 13013 (Mar. 6, 2020) 170 FERC ¶ 61,129 (2020). 2 A Seller is defined as any person that has authorization to or seeks authorization to engage in sales for resale of electric energy, capacity or ancillary services at market-based rates under section 205 of the Federal Power Act (FPA). 18 CFR 35.36(a)(1); 16 U.S.C. 824d. 3 Data Collection for Analytics & Surveillance and Market-Based Rate Purposes, Notice of Proposed Rulemaking, 81 FR 51726 (Aug. 4, 2016), 156 FERC ¶ 61,045 (2016). 4 On May 20, 2020, the Commission issued a Notice of Extension of Time to notify industry that the implementation of Order No. 860 would be delayed by six months. 5 Data Collection for Analytics & Surveillance and Market-Based Rate Purposes, Proposed revision of collected information; request for comments, 86 FR 17823 (Apr. 6, 2021), 174 FERC ¶ 61,214 (2021). E:\FR\FM\26APR1.SGM 26APR1

Agencies

[Federal Register Volume 86, Number 78 (Monday, April 26, 2021)]
[Rules and Regulations]
[Pages 21933-21935]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-06823]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

Office of the Secretary

15 CFR Part 4

[Docket No. 210329-0073]
RIN 0605-AA49


Social Security Number Fraud Prevention Act of 2017 
Implementation

AGENCY: Office of the Secretary, Department of Commerce.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This final rule revises the Department of Commerce 
(Department) regulations under the Freedom of Information Act (FOIA) 
and the Privacy Act. The revisions clarify and update the language of 
procedural requirements pertaining to the inclusion of Social Security 
account numbers on documents that the Department sends by mail. These 
revisions are necessary to implement the Social Security Number Fraud 
Prevention Act of 2017 (the Act), which restricts the inclusion of 
Social Security numbers (SSNs) on documents sent by mail by the Federal 
government.

DATES: Effective May 26, 2021.

ADDRESSES: Departmental Privacy Act Officer, Office of Privacy and Open 
Government, Department of Commerce, 1401 Constitution Ave. NW, Mail 
Stop 61025, Washington, DC 20230.

FOR FURTHER INFORMATION CONTACT: Departmental Privacy Act Officer, 
Office of Privacy and Open Government, Department of Commerce, (202) 
482-1190, [email protected].

SUPPLEMENTARY INFORMATION: 

Background

    The Act (Pub. L. 115-59; 42 U.S.C. 405 note), which was signed on 
September 15, 2017, restricts Federal agencies from including 
individuals' SSNs on documents sent by mail, unless the head of the 
agency determines that the inclusion of the SSN on the document is 
necessary (section 2(a) of the Act). The Act requires agency heads to 
issue regulations specifying the circumstances under which inclusion of 
a SSN on a document sent by mail is necessary. These regulations, which 
must be issued not later than five years after the date of enactment, 
shall include instructions for the partial

[[Page 21934]]

redaction of SSNs where feasible, and shall require that SSNs not be 
visible on the outside of any package sent by mail (section 2(b) of the 
Act). This final rule revises the Department regulations under FOIA 
(subpart A, 15 CFR part 4) and the Privacy Act (subpart B, 15 CFR part 
4), consistent with these requirements in the Act. This final rule also 
clarifies the language of procedural requirements pertaining to the 
inclusion of SSNs on documents that the Department sends by mail; makes 
clarifying updates by changing the term ``Privacy Officer'' to 
``Privacy Act Officer'' where it occurs in Subpart B of 15 CFR part 4, 
and by changing the term ``FOI Officer'' to ``FOIA Officer'' in several 
places in Appendix B.; and updates an office name by changing the 
phrase ``Assistant General Counsel for Employment, Litigation, and 
Oversight'' to ``Assistant General Counsel for Employment, Litigation, 
and Information'' where it occurs in part 4.

Comments on the Proposed Rule

    The Office of the Secretary received four general comments on the 
proposed rule from members of the public. The comments on the proposed 
rule can be viewed and downloaded at the following link: https://www.regulations.gov/document/DOC-2020-0001-0001. No changes have been 
made to the regulatory text of the proposed rule in response to these 
four comments. The following are our responses to the comments.
    Comment 1: I haven't received my stimulus check. I want to check my 
information and update my information.
    Response: This comment is not addressed, as it is not within the 
scope of this action to amend the Department's regulations in order to 
implement the Act.
    Comment 2: Noting concerns about fraud and criminal activity, a 
commenter stated that SSNs should be allowed to be used only for social 
security. The commenter stated that a company wanting to do business 
with you should assign an account number to serve as your 
identification, rather than request and use your personal information, 
including your SSN, and that this needs to be put into law.
    Response: The Act is a law that restricts the inclusion of SSNs on 
Federal documents sent by mail. This final rule implements the Act by 
making changes to the Department's regulations, which state that the 
collection of SSNs on Federal documents by mail must be required or 
authorized by law, or must be deemed by the agency to be necessary for 
fulfilling a compelling business need of the agency. To the extent that 
this comment addresses the enactment of laws or the conduct of 
businesses and other entities, the comment is not applicable to this 
action amending the Department's regulations.
    Comment 3: Noting concerns about privacy and potential identity 
theft, another commenter agreed with the proposed rule, but requested 
the listing out of specific circumstances in which the inclusion of a 
SSN on a document is necessary. The commenter stated that the SSN 
should not appear on any document, because ensuring that the SSN does 
not appear on the envelope is not enough to guarantee that the 
information will not be stolen. The commenter also asked why the Act 
allows a five-year period for implementation, and notes that the Act 
should be implemented sooner.
    Response: The Department has policies and procedures in place for 
justifying the collections, maintenance, and uses of SSNs, as well as 
for maintaining an inventory of forms collecting SSNs, and for 
safeguarding the SSNs. The Department also has policies and procedures 
in place for eliminating the unnecessary collections, maintenance, and 
uses of SSNs. The Act requires Federal agencies with Chief Financial 
Officers to issue regulations, and the rationale for such 
determination, not later than five years after enactment. We note that 
the question regarding the Congress' reasons for including a five-year 
implementation period in the Act is beyond the scope of this final 
rule. However, this final rule will fully implement the Act's 
requirements in advance of the prescribed statutory five-year period.
    Comment 4: One commenter stated that protecting American's 
identities needs to be a high concern of the United States government. 
With the advancement of technology, it is becoming easier for 
individuals to engage in identity fraud through SSNs. Therefore, the 
SSN should not be sent by the Federal government through mail. Many 
citizens are awaiting their stimulus checks, and criminals may be 
looking to steal checks that are mailed.
    Response: The Act requires Federal agencies with Chief Financial 
Officers to issue regulations specifying the circumstances under which 
the inclusion of the SSN is necessary on a mailed document. The 
regulations must include instructions for partial redaction of the SSN 
where feasible and a requirement that the SSN not be visible on the 
outside of any mail. The Department has policies and procedures in 
place for eliminating the unnecessary collections, maintenance, and 
uses of SSNs. The comment regarding the potential theft of stimulus 
checks is not addressed, as it is not within the scope of this action 
to amend the Department's regulations in order to implement the Act.

Changes Between the Proposed Rule and Final Rule

    This final rule makes no changes to the regulatory text of the 
proposed rule.

Classification

    This final rule has been determined to be not significant for 
purposes of review under Executive Order 12866. In accordance with the 
Regulatory Flexibility Act (5 U.S.C. 605(b)), the Chief Counsel for 
Regulation has reviewed this rule and certified that this regulation, 
if implemented, will not have a significant economic impact on a 
substantial number of small entities. This rule is largely procedural 
in nature, and, therefore, will not affect requesters. This regulation 
does not contain a collection of information as defined by the 
Paperwork Reduction Act, 44 U.S.C. 3501, et seq.

List of Subjects in 15 CFR Part 4

    Appeals, Freedom of Information Act, Information, Privacy, Privacy 
Act.

Jennifer Goode,
Acting Director and Deputy Director of Open Government, and 
Departmental Privacy Officer.

    For the reasons stated in the preamble, the Department of Commerce 
amends Subparts A and B of 15 CFR part 4 as follows:

PART 4--DISCLOSURE OF GOVERNMENT INFORMATION

0
1. The authority citation for part 4 continues to read as follows:

    Authority:  5 U.S.C. 301; 5 U.S.C. 552; 5 U.S.C. 552a; 5 U.SC. 
553; 31 U.S.C. 3717; 44 U.S.C. 3101; Reorganization Plan No. 5 of 
1950; Pub. L. 115-59, 131 Stat. 1152 (42 U.S.C. 405, note).

Subpart A--Freedom of Information Act

0
2. In Sec.  4.7, add paragraph (d) to read as follows:


Sec.  4.7  Responses to Requests.

* * * * *
    (d) All responses shall be made subject to the provisions of Sec.  
4.25(b)(2)(iv).
* * * * *

Subpart B--Privacy Act

0
3. Amend subpart B by removing the words ``Privacy Officer'' wherever 
they

[[Page 21935]]

appear and adding in their place the words ``Privacy Act Officer''.

0
4. Amend Sec.  4.22 by adding paragraph (b)(10) to read as follows:


Sec.  4.22  Definitions.

* * * * *
    (b) * * *
    (10) Un-redacted SSN Mailed Documents Listing (USMDL) means the 
Department approved list, as posted at www.commerce.gov/privacy, 
designating those documents for which the inclusion of SSN is 
determined to be necessary to fulfill a compelling Department business 
need when the documents are requested by individuals outside the 
Department or other Federal agencies, as determined jointly by the 
Senior Agency Official for Privacy and the Departmental Privacy Act 
Officer.

0
5. Amend Sec.  4.25 by:
0
a. Adding paragraphs (a)(3) and (4); and
0
b. Revising paragraph (b)(2)(iii) and adding paragraphs (b)(2)(iv) and 
(v).
    The additions and revisions read as follows:


Sec.  4.25  Disclosure of requested records to individuals [Amended]

    (a) * * *
    (3) Inclusion of SSNs on responsive documents.
    (i) The Department shall redact SSNs from responsive documents 
provided to requesters where feasible. Where full redaction is not 
feasible, partial redaction to create a truncated SSN shall be 
preferred to no redaction. The following conditions must be met for the 
inclusion of an unredacted (full) SSN or partially redacted (truncated) 
SSN on a responsive document:
    (ii) The inclusion of the full SSN or truncated SSN of an 
individual must be required or authorized by law,
    (iii) The inclusion of the full SSN or truncated SSN of an 
individual must be determined by the Senior Agency Official for Privacy 
and Departmental Privacy Act Officer to be necessary to fulfill a 
compelling Department business need; and
    (iv) The full SSN of an individual may be included only on 
documents listed on the USMDL.
    (4) The following requirements apply when the Department mails or 
delivers responsive documents containing SSNs or truncated SSNs:
    (i) The full SSN of an individual may be included only on documents 
listed on the USMDL.
    (ii) For documents that are listed on the USMDL and that include 
the full SSN of an individual, the signature of the recipient is 
required upon delivery.
    (iii) For documents that include the truncated form of the SSN of 
an individual, the signature of the recipient is required upon 
delivery.
    (iv) The full SSN, the truncated SSN, any part of the SSN of an 
individual must not be visible from the outside of the envelope or 
package.
    (b) * * *
    (2) * * *
    (iii) Copies of documents may be mailed at the request of the 
individual and may be subject to payment of the fees prescribed in 
Sec. Sec.  4.25(a)(3) and 4.31. In the event that the Department, at 
its own initiative, elects to provide a copy by mail, no fee will be 
charged to the individual.
    (iv) Copies of documents listed on the USMDL that include full SSNs 
and that are requested by an individual are subject to payment of the 
fees prescribed in Sec.  4.31.
    (v) Documents containing SSNs or truncated SSNs that are required 
to be returned by the individual to the Department will be mailed or 
delivered along with a prepaid mail or delivery service envelope at the 
expense of the Department.
* * * * *

Appendix B to Part 4 [Amended]

0
6. Amend Appendix B to part 4 by:
0
a. Adding the word ``Act'' after the phrase ``Freedom of Information'' 
wherever it appears in the introductory text, under ``Office of the 
Secretary,'' and under ``Assistant Secretary for Administration''; and
0
b. Adding a semicolon after the term ``Office of Privacy and Open 
Government: Director''.

[FR Doc. 2021-06823 Filed 4-23-21; 8:45 am]
BILLING CODE 3510-17-P