Enterprise Data & Privacy Management Office (IDE); Social Security Number Fraud Prevention, 32138-32140 [2023-10279]
Download as PDF
32138
Federal Register / Vol. 88, No. 97 / Friday, May 19, 2023 / Rules and Regulations
‘‘Regulatory Planning and Review’’ (58
FR 51735, October 4, 1993). Because
this action has been exempted from
review under Executive Order 12866,
this action is not subject to Executive
Order 13211, entitled ‘‘Actions
Concerning Regulations That
Significantly Affect Energy Supply,
Distribution, or Use’’ (66 FR 28355, May
22, 2001), or Executive Order 13045,
entitled ‘‘Protection of Children from
Environmental Health Risks and Safety
Risks’’ (62 FR 19885, April 23, 1997).
This action does not contain any
information collections subject to OMB
approval under the Paperwork
Reduction Act (PRA) (44 U.S.C. 3501 et
seq.), nor does it require any special
considerations under Executive Order
12898, entitled ‘‘Federal Actions to
Address Environmental Justice in
Minority Populations and Low-Income
Populations’’ (59 FR 7629, February 16,
1994).
Since tolerances and exemptions that
are established on the basis of a petition
under FFDCA section 408(d), such as
the tolerance exemption in this final
rule, do not require the issuance of a
proposed rule, the requirements of the
Regulatory Flexibility Act (RFA) (5
U.S.C. 601 et seq.), do not apply.
This action directly regulates growers,
food processors, food handlers, and food
retailers, not States or tribes, nor does
this action alter the relationships or
distribution of power and
responsibilities established by Congress
in the preemption provisions of FFDCA
section 408(n)(4). As such, the Agency
has determined that this action will not
have a substantial direct effect on States
or Tribal governments, on the
relationship between the National
Government and the States or Tribal
governments, or on the distribution of
power and responsibilities among the
various levels of government or between
the Federal Government and Indian
tribes. Thus, the Agency has determined
that Executive Order 13132, entitled
‘‘Federalism’’ (64 FR 43255, August 10,
1999), and Executive Order 13175,
entitled ‘‘Consultation and Coordination
with Indian Tribal Governments’’ (65 FR
67249, November 9, 2000), do not apply
to this action. In addition, this action
does not impose any enforceable duty or
contain any unfunded mandate as
described under Title II of the Unfunded
Mandates Reform Act (UMRA) (2 U.S.C.
1501 et seq.).
This action does not involve any
technical standards that would require
Agency consideration of voluntary
consensus standards pursuant to section
12(d) of the National Technology
Transfer and Advancement Act
(NTTAA) (15 U.S.C. 272 note).
VIII. Congressional Review Act
Pursuant to the Congressional Review
Act (5 U.S.C. 801 et seq.), EPA will
submit a report containing this rule and
other required information to the U.S.
Senate, the U.S. House of
Representatives, and the Comptroller
General of the United States prior to
publication of the rule in the Federal
Register. This action is not a ‘‘major
rule’’ as defined by 5 U.S.C. 804(2).
List of Subjects in 40 CFR Part 180
Environmental protection,
Administrative practice and procedure,
Agricultural commodities, Pesticides
and pests, Reporting and recordkeeping
requirements.
Dated: May 15, 2023.
Charles Smith,
Director, Registration Division, Office of
Pesticide Programs.
Therefore, for the reasons stated in the
preamble, EPA is amending 40 CFR
chapter I as follows:
PART 180—TOLERANCES AND
EXEMPTIONS FOR PESTICIDE
CHEMICAL RESIDUES IN FOOD
1. The authority citation for part 180
continues to read as follows:
■
Authority: 21 U.S.C. 321(q), 346a and 371.
2. In § 180.910, amend table 1 to the
section by adding, in alphabetical order,
the inert ingredient ‘‘Benzyl alcohol
(CAS Reg. No. 100–51–6)’’ to read as
follows:
■
§ 180.910 Inert ingredients used pre- and
post-harvest; exemptions from the
requirement of a tolerance.
*
*
*
*
*
TABLE 1 TO 180.910
Inert ingredients
Limits
*
*
*
Benzyl alcohol (CAS Reg. No. 100–51–6) .................................
*
*
*
60% by weight in pesticide formulation .....................................
*
*
*
ACTION:
[FR Doc. 2023–10709 Filed 5–18–23; 8:45 am]
BILLING CODE 6560–50–P
41 CFR Part 105–64
ddrumheller on DSK120RN23PROD with RULES1
[GSPMR Case 2022–105–1; Docket No.
GSA–GSPMR–2022–0017; Sequence No. 1]
RIN 3090–AK62
Enterprise Data & Privacy Management
Office (IDE); Social Security Number
Fraud Prevention
Enterprise Data & Privacy
Management Office (IDE), General
Services Administration (GSA).
AGENCY:
16:30 May 18, 2023
*
Final rule.
GSA is issuing a final rule
amending our Privacy Act Rules to
implement the Social Security Number
Fraud Prevention Act of 2017. The
revisions would clarify and update the
language of procedural requirements
pertaining to the inclusion of Social
Security account numbers (SSNs) on
documents that GSA sends by mail.
DATES: Effective June 20, 2023.
FOR FURTHER INFORMATION CONTACT: Mr.
Richard Speidel, Chief Privacy Officer
(General Services Administration),
Enterprise Data & Privacy Management
Office (IDE). Email address for the GSA
Privacy Office is gsa.privacyact@
gsa.gov. Telephone number is 202–969–
SUMMARY:
GENERAL SERVICES
ADMINISTRATION
VerDate Sep<11>2014
*
Jkt 259001
PO 00000
Frm 00056
Fmt 4700
Uses
Sfmt 4700
*
*
Adjuvant.
*
5830 for clarification of content. For
information pertaining to status or
publication schedules, contact the
Regulatory Secretariat Division at 202–
501–4755 or GSARegSec@gsa.gov.
Please cite GSPMR Case 2022–105–1.
SUPPLEMENTARY INFORMATION:
I. Background
GSA is issuing a final rule amending
41 CFR part 105–64, GSA Privacy Act
Rules, to implement the Social Security
Number Fraud Prevention Act of 2017.
The proposed rule was published on
October 7, 2022, at 87 FR 60955.
The Social Security Number Fraud
Prevention Act of 2017 (the Act) (Pub.
L. 115–59; 42 U.S.C. 405 note), which
was signed on September 15, 2017,
E:\FR\FM\19MYR1.SGM
19MYR1
Federal Register / Vol. 88, No. 97 / Friday, May 19, 2023 / Rules and Regulations
restricts Federal agencies from
including individuals’ SSNs on
documents sent by mail, unless the head
of the agency determines that the
inclusion of the SSN on the document
is necessary (section 2(a) of the Act).
The Act requires agency heads to issue
regulations specifying the circumstances
under which inclusion of a SSN on a
document sent by mail is necessary.
These regulations, which must be issued
not later than five years after the date of
enactment, shall include instructions for
the partial redaction of SSNs where
feasible, and shall require that SSNs not
be visible on the outside of any package
sent by mail (section 2(b) of the Act).
This rule would revise the Agency
regulations under the Privacy Act (41
CFR part 105–64), consistent with these
requirements in the Act. The rule would
clarify the language of procedural
requirements pertaining to the inclusion
of SSNs on documents that the Agency
sends by mail. These revisions are
necessary to implement the Social
Security Number Fraud Prevention Act
of 2017, which restricts the inclusion of
Social Security account Numbers (SSNs)
on documents sent by mail by the
Federal Government.
II. Discussion of the Final Rule
A. Summary of Significant Changes
There are no significant changes, as
the comments were supportive of the
rule. GSA did change the regulatory text
from the published proposed rule, but
the changes are not substantive (merely
reorganizing the prior content for
readability and to avoid redundancy).
ddrumheller on DSK120RN23PROD with RULES1
B. Analysis of Public Comments
GSA received two (2) comments from
the public. GSA acknowledge the
respondents’ support for the rule. GSA
did not change the regulatory text of the
definition from the published proposed
rule.
Comment: The proposed amendment
by GSA is positively impacting US
citizens’ information security by
protecting their personal information,
specifically their social security
number. This rule defines the
requirement to not include a social
security number unless determined
necessary by the head of the agency.
However, clarification is required on the
process to obtain a determination by the
head of the agency such that there is not
an increased burden on business to
understand this process. In addition, the
rule states that social security numbers
can only be included if required by law.
It is the best interest of the people to
identify which laws would require this
information and validate that is still
VerDate Sep<11>2014
16:30 May 18, 2023
Jkt 259001
32139
true. In general, this rule provides
minimal economic impact to the people,
provides increased information security
and we are in support if the above items
are clarified in the documentation. If no
such clarification is provided, it could
lead to confusion and economic impact
for businesses trying to follow the rule.
Finally, cyber security should be as
important as mail fraud and this rule
should also apply to electronic
transmission of documents with social
security numbers. As a US citizen I
recommend applying this in both
written and electronic communication
since the fraud of my identity could
mean substantial harm financially and
emotionally for myself.
Response: Although the Comment
requests more clarity around the process
for determining which documents are
on the Un-redacted SSN Mailed
Document List, GSA finds that the rule
as written provides appropriate
flexibility to arrive at a list in
implementation of the statute while
involving necessary agency stakeholders
such as GSA–IT and GSA Office of the
General Counsel (OGC). Subsequent to
the posting of the final rule, GSA
intends to make available on the GSA
publicly facing privacy page
(www.gsa.gov/reference/gsa-privacyprogram) the specific documents for
which the inclusion of the Social
Security account number (SSN) is
determined to be necessary to fulfill a
compelling Agency business need. GSA
will review on a regular basis the laws
and authorities that would require an
un-redacted social security number on
mailed documents. GSA handles the
transmission of electronic documents in
accordance with the Privacy Act.
Comment: The proposed rule will
provide members of government
agencies with greater clarity. I believe
providing a clear understanding
pertaining to the inclusion of full Social
Security numbers on documents sent
via U.S. mail will provide confidence in
senders and receivers of these
correspondences. Many Americans have
been victims of identity theft, the steps
and feelings involved in the process are
uncomforting and time consuming.
After reviewing the proposed standards
for agencies to follow I believe they are
easy to comprehend and leave little
room for question. I thank you for
investing time and efforts into this
proposed rule.
Response: GSA acknowledges this
comment.
within the meaning of the Regulatory
Flexibility Act, 5 U.S.C. 601, et seq. This
rule does not impose a requirement for
small businesses to report or keep
records on any of the requirements
contained in this rule.
C. Expected Cost Impact to the Public
GSA does not expect the final rule to
have a significant economic impact on
a substantial number of small entities
VI. The Paperwork Reduction Act
The Paperwork Reduction Act does
not apply because the changes to the
GSPMR do not impose recordkeeping or
PO 00000
Frm 00057
Fmt 4700
Sfmt 4700
III. Executive Orders 12866 and 13563
Executive Orders (E.O.s) 12866 and
13563 direct agencies to assess all costs
and benefits of available regulatory
alternatives and, if regulation is
necessary, to select regulatory
approaches that maximize net benefits
(including potential economic,
environmental, public health and safety
effects, distributive impacts, and
equity). E.O. 13563 emphasizes the
importance of quantifying both costs
and benefits, of reducing costs, of
harmonizing rules, and of promoting
flexibility. OIRA has determined that
this is not a significant regulatory action
and, therefore, was not subject to review
under Section 6(b) of Executive Order
12866, Regulatory Planning and Review,
dated September 30, 1993.
IV. Congressional Review Act
OIRA has determined that this rule is
not a ‘‘major rule’’ as defined by 5
U.S.C. 804(2). Subtitle E of the Small
Business Regulatory Enforcement
Fairness Act of 1996 (codified at 5
U.S.C. 801–808), also known as the
Congressional Review Act or CRA,
generally provides that before a ‘‘major
rule’’ may take effect, the agency
promulgating the rule must submit a
rule report, which includes a copy of
the rule, to each House of the Congress
and to the Comptroller General of the
United States. The General Services
Administration will submit a report
containing this rule and other required
information to the U.S. Senate, the U.S.
House of Representatives, and the
Comptroller General of the United
States. A major rule under the CRA
cannot take effect until 60 days after it
is published in the Federal Register.
V. Regulatory Flexibility Act
This final rule will not have a
significant economic impact on a
substantial number of small entities
within the meaning of the Regulatory
Flexibility Act, 5 U.S.C. 601, et seq. This
rule does not impose a requirement for
small businesses to report or keep
records on any of the requirements
contained in this rule. Therefore, a Final
Regulatory Flexibility Analysis has not
been performed.
E:\FR\FM\19MYR1.SGM
19MYR1
32140
Federal Register / Vol. 88, No. 97 / Friday, May 19, 2023 / Rules and Regulations
information collection requirements, or
the collection of information from
offerors, contractors, or members of the
public that require the approval of the
Office of Management and Budget
(OMB) under 44 U.S.C. 3501, et seq.
List of Subjects in 41 CFR Part 105–64
Privacy.
[FR Doc. 2023–10279 Filed 5–18–23; 8:45 am]
BILLING CODE P
Robin Carnahan,
Administrator, General Services
Administration.
LEGAL SERVICES CORPORATION
For the reasons set forth in the
preamble, GSA amends 41 CFR part
105–64 as set forth below:
45 CFR Chapter XVI
Issuance of Updated Audit Guide for
Recipients and Auditors and
Appendices for Audits of Legal
Services Corporation Recipients
PART 105–64—GSA PRIVACY ACT
RULES
1. The authority citation for 41 CFR
part 105–64 continues to read as
follows:
■
Legal Services Corporation,
Office of Inspector General.
ACTION: Notice of issuance of final audit
guide and appendices.
AGENCY:
Authority: 5 U.S.C. 552a.
2. Amend § 105–64.001 by adding in
alphabetical order the definition ‘‘Unredacted SSN Mailed Documents
Listing’’ to read as follows:
■
§ 105–64.001
this part?
What terms are defined in
*
*
*
*
Un-redacted SSN Mailed Documents
Listing (USMDL) means the Agency
approved list, as posted at www.gsa.gov/
reference/gsa-privacy-program,
designating those documents for which
the inclusion of the Social Security
account number (SSN) is determined to
be necessary to fulfill a compelling
Agency business need when the
documents are requested by individuals
outside the Agency or other Federal
agencies, as determined by the
Administrator or their designee.
■ 3. Amend § 105–64.107 by adding
paragraph (c) to read as follows:
§ 105–64.107 What standards of conduct
apply to employees with privacy-related
responsibilities?
ddrumheller on DSK120RN23PROD with RULES1
*
*
*
*
*
(c) (1) The following conditions must
be met for the inclusion of an
unredacted (full) SSN or partially
redacted (truncated) SSN on any
document sent by mail on behalf of the
agency:
(i) The inclusion of the full SSN or
truncated SSN of an individual must be
required or authorized by law; and
(ii) The document must be listed on
the USMDL.
(2) Even when the conditions set forth
in paragraph (c)(1) are met, employees
shall redact SSNs in all documents sent
by mail where feasible. Where full
redaction is not possible due to agency
requirements, partial redaction to create
16:30 May 18, 2023
Jkt 259001
The Legal Services
Corporation (LSC) Office of Inspector
General (OIG) updated its Audit Guide
for Recipients and Auditors, (LSC OIG
Audit Guide), the Compliance
Supplement (Appendix A), and
Appendices B–E. The Audit Guide must
be used for audits for fiscal years ending
September 30, 2023, and thereafter. The
LSC OIG Audit Guide was published in
December 1996 and is outdated. Aside
from one Audit Bulletin issued in 1997,
it has not been updated since. Appendix
A, Compliance Supplement for Audits
of LSC Recipients was updated in April
2016. The LSC OIG Audit Guide and
appendices required revisions to
incorporate changes to LSC regulations,
auditing standards, and other guidelines
that have changed. The changes are to
enhance clarity in guidance and
suggested audit procedures.
DATES: The LSC OIG Audit Guide will
be effective on October 1, 2023, for
audits of LSC grantee fiscal years ending
on or after September 30, 2023.
FOR FURTHER INFORMATION CONTACT:
Grace Nyakoe, Audit Director, Legal
Services Corporation Office of Inspector
General, 3333 K Street NW, Washington,
DC 20007, (202) 295–1662, or gnyakoe@
oig.lsc.gov.
SUPPLEMENTARY INFORMATION:
SUMMARY:
*
VerDate Sep<11>2014
a truncated SSN shall be preferred to no
redaction.
(3) In no case shall any complete or
partial SSN be visible on the outside of
any envelope or package sent by mail or
displayed on correspondence that is
visible through the window of an
envelope or package.
I. History of This Action
Updating the LSC OIG Audit Guide
and appendices is essential in fulfilling
the OIG’s responsibility for oversight.
The LSC OIG Audit Guide and
appendices provide a uniform approach
for audits of LSC recipients and describe
recipients’ responsibilities with respect
to such audits. Audits of recipients are
PO 00000
Frm 00058
Fmt 4700
Sfmt 4700
to be performed in accordance with this
LSC OIG Audit Guide and Compliance
Supplement (Appendix A), among other
criteria. The LSC OIG Audit Guide and
the Compliance Supplement give
auditors guidance in planning and
performing audits to accomplish audit
objectives.
Significant changes include
eliminating the requirement to classify
LSC recipients as High-Risk; adding a
requirement to consider all LSC funds
as major programs regardless of
spending threshold; and revising
suggested audit procedures for changes
to 45 CFR 1635—Timekeeping
Requirement. The appendix
designations have changed because we
eliminated the appendices addressing a
Sample Audit Agreement and Guide for
Procurement of Audit Services.
Information on these topics is readily
available from other sources.
II. General Discussion of Comments
The LSC OIG received three
comments during the public comment
period. All comments were on the
Compliance Supplement. The
commenters were McBride, Lock &
Associates, LLC, the LSC OIG Quality
Control Review contractor; Eide Bailly,
an LSC recipient Independent Public
Accountant; and the National Legal Aid
& Defender Association (NLADA), a
non-LSC funded non-profit, in
cooperation with experienced Chief
Financial Officers of legal aid
organizations and the NLADA
Regulations Committee. One NLADA
comment strongly supported the
proposed change to the Overview
section stating that LSC recipients do
not have to be classified as high risk. All
comments generally support the LSC
OIG changes.
We also received comments for
changes to accounting guidance. OIG
does not issue accounting guidance and
forwarded these comments to LSC.
NLADA strongly supported the LSC
OIG’s decision to no longer require that
LSC recipients be classified as High
Risk. The NLADA also commented that
it generally does not favor blanket
requirements but does not oppose the
LSC OIG requirement that all LSC funds
be classified as major programs. LSC
recipients must have an annual audit
and classifying the funds as a major
program does not add a burden to LSC
recipients. One comment was to correct
a typographical error which was
corrected. The remaining comments will
be discussed in Section III, Detailed
Discussion of Comments.
E:\FR\FM\19MYR1.SGM
19MYR1
Agencies
[Federal Register Volume 88, Number 97 (Friday, May 19, 2023)]
[Rules and Regulations]
[Pages 32138-32140]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-10279]
=======================================================================
-----------------------------------------------------------------------
GENERAL SERVICES ADMINISTRATION
41 CFR Part 105-64
[GSPMR Case 2022-105-1; Docket No. GSA-GSPMR-2022-0017; Sequence No. 1]
RIN 3090-AK62
Enterprise Data & Privacy Management Office (IDE); Social
Security Number Fraud Prevention
AGENCY: Enterprise Data & Privacy Management Office (IDE), General
Services Administration (GSA).
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: GSA is issuing a final rule amending our Privacy Act Rules to
implement the Social Security Number Fraud Prevention Act of 2017. The
revisions would clarify and update the language of procedural
requirements pertaining to the inclusion of Social Security account
numbers (SSNs) on documents that GSA sends by mail.
DATES: Effective June 20, 2023.
FOR FURTHER INFORMATION CONTACT: Mr. Richard Speidel, Chief Privacy
Officer (General Services Administration), Enterprise Data & Privacy
Management Office (IDE). Email address for the GSA Privacy Office is
[email protected]. Telephone number is 202-969-5830 for
clarification of content. For information pertaining to status or
publication schedules, contact the Regulatory Secretariat Division at
202-501-4755 or [email protected]. Please cite GSPMR Case 2022-105-1.
SUPPLEMENTARY INFORMATION:
I. Background
GSA is issuing a final rule amending 41 CFR part 105-64, GSA
Privacy Act Rules, to implement the Social Security Number Fraud
Prevention Act of 2017. The proposed rule was published on October 7,
2022, at 87 FR 60955.
The Social Security Number Fraud Prevention Act of 2017 (the Act)
(Pub. L. 115-59; 42 U.S.C. 405 note), which was signed on September 15,
2017,
[[Page 32139]]
restricts Federal agencies from including individuals' SSNs on
documents sent by mail, unless the head of the agency determines that
the inclusion of the SSN on the document is necessary (section 2(a) of
the Act). The Act requires agency heads to issue regulations specifying
the circumstances under which inclusion of a SSN on a document sent by
mail is necessary. These regulations, which must be issued not later
than five years after the date of enactment, shall include instructions
for the partial redaction of SSNs where feasible, and shall require
that SSNs not be visible on the outside of any package sent by mail
(section 2(b) of the Act). This rule would revise the Agency
regulations under the Privacy Act (41 CFR part 105-64), consistent with
these requirements in the Act. The rule would clarify the language of
procedural requirements pertaining to the inclusion of SSNs on
documents that the Agency sends by mail. These revisions are necessary
to implement the Social Security Number Fraud Prevention Act of 2017,
which restricts the inclusion of Social Security account Numbers (SSNs)
on documents sent by mail by the Federal Government.
II. Discussion of the Final Rule
A. Summary of Significant Changes
There are no significant changes, as the comments were supportive
of the rule. GSA did change the regulatory text from the published
proposed rule, but the changes are not substantive (merely reorganizing
the prior content for readability and to avoid redundancy).
B. Analysis of Public Comments
GSA received two (2) comments from the public. GSA acknowledge the
respondents' support for the rule. GSA did not change the regulatory
text of the definition from the published proposed rule.
Comment: The proposed amendment by GSA is positively impacting US
citizens' information security by protecting their personal
information, specifically their social security number. This rule
defines the requirement to not include a social security number unless
determined necessary by the head of the agency. However, clarification
is required on the process to obtain a determination by the head of the
agency such that there is not an increased burden on business to
understand this process. In addition, the rule states that social
security numbers can only be included if required by law. It is the
best interest of the people to identify which laws would require this
information and validate that is still true. In general, this rule
provides minimal economic impact to the people, provides increased
information security and we are in support if the above items are
clarified in the documentation. If no such clarification is provided,
it could lead to confusion and economic impact for businesses trying to
follow the rule. Finally, cyber security should be as important as mail
fraud and this rule should also apply to electronic transmission of
documents with social security numbers. As a US citizen I recommend
applying this in both written and electronic communication since the
fraud of my identity could mean substantial harm financially and
emotionally for myself.
Response: Although the Comment requests more clarity around the
process for determining which documents are on the Un-redacted SSN
Mailed Document List, GSA finds that the rule as written provides
appropriate flexibility to arrive at a list in implementation of the
statute while involving necessary agency stakeholders such as GSA-IT
and GSA Office of the General Counsel (OGC). Subsequent to the posting
of the final rule, GSA intends to make available on the GSA publicly
facing privacy page (www.gsa.gov/reference/gsa-privacy-program) the
specific documents for which the inclusion of the Social Security
account number (SSN) is determined to be necessary to fulfill a
compelling Agency business need. GSA will review on a regular basis the
laws and authorities that would require an un-redacted social security
number on mailed documents. GSA handles the transmission of electronic
documents in accordance with the Privacy Act.
Comment: The proposed rule will provide members of government
agencies with greater clarity. I believe providing a clear
understanding pertaining to the inclusion of full Social Security
numbers on documents sent via U.S. mail will provide confidence in
senders and receivers of these correspondences. Many Americans have
been victims of identity theft, the steps and feelings involved in the
process are uncomforting and time consuming. After reviewing the
proposed standards for agencies to follow I believe they are easy to
comprehend and leave little room for question. I thank you for
investing time and efforts into this proposed rule.
Response: GSA acknowledges this comment.
C. Expected Cost Impact to the Public
GSA does not expect the final rule to have a significant economic
impact on a substantial number of small entities within the meaning of
the Regulatory Flexibility Act, 5 U.S.C. 601, et seq. This rule does
not impose a requirement for small businesses to report or keep records
on any of the requirements contained in this rule.
III. Executive Orders 12866 and 13563
Executive Orders (E.O.s) 12866 and 13563 direct agencies to assess
all costs and benefits of available regulatory alternatives and, if
regulation is necessary, to select regulatory approaches that maximize
net benefits (including potential economic, environmental, public
health and safety effects, distributive impacts, and equity). E.O.
13563 emphasizes the importance of quantifying both costs and benefits,
of reducing costs, of harmonizing rules, and of promoting flexibility.
OIRA has determined that this is not a significant regulatory action
and, therefore, was not subject to review under Section 6(b) of
Executive Order 12866, Regulatory Planning and Review, dated September
30, 1993.
IV. Congressional Review Act
OIRA has determined that this rule is not a ``major rule'' as
defined by 5 U.S.C. 804(2). Subtitle E of the Small Business Regulatory
Enforcement Fairness Act of 1996 (codified at 5 U.S.C. 801-808), also
known as the Congressional Review Act or CRA, generally provides that
before a ``major rule'' may take effect, the agency promulgating the
rule must submit a rule report, which includes a copy of the rule, to
each House of the Congress and to the Comptroller General of the United
States. The General Services Administration will submit a report
containing this rule and other required information to the U.S. Senate,
the U.S. House of Representatives, and the Comptroller General of the
United States. A major rule under the CRA cannot take effect until 60
days after it is published in the Federal Register.
V. Regulatory Flexibility Act
This final rule will not have a significant economic impact on a
substantial number of small entities within the meaning of the
Regulatory Flexibility Act, 5 U.S.C. 601, et seq. This rule does not
impose a requirement for small businesses to report or keep records on
any of the requirements contained in this rule. Therefore, a Final
Regulatory Flexibility Analysis has not been performed.
VI. The Paperwork Reduction Act
The Paperwork Reduction Act does not apply because the changes to
the GSPMR do not impose recordkeeping or
[[Page 32140]]
information collection requirements, or the collection of information
from offerors, contractors, or members of the public that require the
approval of the Office of Management and Budget (OMB) under 44 U.S.C.
3501, et seq.
List of Subjects in 41 CFR Part 105-64
Privacy.
Robin Carnahan,
Administrator, General Services Administration.
For the reasons set forth in the preamble, GSA amends 41 CFR part
105-64 as set forth below:
PART 105-64--GSA PRIVACY ACT RULES
0
1. The authority citation for 41 CFR part 105-64 continues to read as
follows:
Authority: 5 U.S.C. 552a.
0
2. Amend Sec. 105-64.001 by adding in alphabetical order the
definition ``Un-redacted SSN Mailed Documents Listing'' to read as
follows:
Sec. 105-64.001 What terms are defined in this part?
* * * * *
Un-redacted SSN Mailed Documents Listing (USMDL) means the Agency
approved list, as posted at www.gsa.gov/reference/gsa-privacy-program,
designating those documents for which the inclusion of the Social
Security account number (SSN) is determined to be necessary to fulfill
a compelling Agency business need when the documents are requested by
individuals outside the Agency or other Federal agencies, as determined
by the Administrator or their designee.
0
3. Amend Sec. 105-64.107 by adding paragraph (c) to read as follows:
Sec. 105-64.107 What standards of conduct apply to employees with
privacy-related responsibilities?
* * * * *
(c) (1) The following conditions must be met for the inclusion of
an unredacted (full) SSN or partially redacted (truncated) SSN on any
document sent by mail on behalf of the agency:
(i) The inclusion of the full SSN or truncated SSN of an individual
must be required or authorized by law; and
(ii) The document must be listed on the USMDL.
(2) Even when the conditions set forth in paragraph (c)(1) are met,
employees shall redact SSNs in all documents sent by mail where
feasible. Where full redaction is not possible due to agency
requirements, partial redaction to create a truncated SSN shall be
preferred to no redaction.
(3) In no case shall any complete or partial SSN be visible on the
outside of any envelope or package sent by mail or displayed on
correspondence that is visible through the window of an envelope or
package.
[FR Doc. 2023-10279 Filed 5-18-23; 8:45 am]
BILLING CODE P