Common use of Authorization for SSA to Release SSN Verification Clause in Contracts

Authorization for SSA to Release SSN Verification. Attachment B) associated with the verification requests. The Requesting Party must use the verified SSN only for the purpose(s) specified by the Client. Exceeding the scope of the consent as specified in the signed Consent Form violates state and federal law and subjects the Requesting Party to civil and criminal liability. SSA recognizes that the Requesting Party may seek verification of the Client’s SSN on behalf of a Principal pursuant to the terms of the Client’s Consent Form. In this case, the Requesting Party shall ensure that the Principal agrees in writing to use the verification only for the purpose stated in the Consent Form, and make no further use or redisclosure of the verified SSN. This relationship shall be subjected to the contractual obligations as specified in this document. The information obtained from records maintained by SSA is protected by Federal statutes and regulations, including 5 U.S.C. § 552a(i)(3) of the Privacy Act. Under this section, any person who knowingly and willfully requests or obtains any record concerning an individual from an agency under false pretenses will be guilty of a misdemeanor and fined not more than $5,000. SSA’s verification of an SSN does not provide proof or confirmation of identity. CBSV is designed to provide you with only a “yes” or “no” verification of whether the SSN verified with SSA’s records. If our records show that the SSN holder is deceased, CBSV returns a death indicator. CBSV verifications do not verify an individual's identity. CBSV does not verify employment eligibility, nor does it interface with the Department of Homeland Security’s (DHS) verification system, and it will not satisfy DHS’s I-9 requirements. Requesting Party Responsibilities Failure to follow these rules may result in suspension or a disruption of service. The Requesting Party must designate a Responsible Company Official to sign the Attestation Statement (Attachment D) indicating understanding of the Privacy Act restrictions relating to the use of this service on behalf of the Requesting Party. The signed and dated Attestation Statement must be submitted to SSA with the signed User Agreement. If the Responsible Company Official signing the original Attestation Statement leaves the company or no longer has authority to make legally binding commitments on behalf of the company, the Requesting Party must designate a new Responsible Company Official to submit a new signed Attestation Statement within 30 days. Responsible Company Officials must complete the Attestation Statement annually which advises them of their obligations to establish effective internal controls for compliance with CBSV requirements. (See attachment D) If the Requesting Party wishes the Agency to recognize the Requesting Party’s successor in interest to this Agreement or the Requesting Party’s name change, the Requesting Party must submit written notification to the CBSV Project Manager within 30 days of the change. Any submission should be accompanied by supporting documentation. Because this Agreement is not assignable, any successor in interest to this Agreement must sign a new User Agreement with the agency. Any change resulting in a new agreement may result in a disruption in service. CBSV is not a turnkey application and there are system constraints that require that the agreement be in Active or Amended status. Advance notice minimizes disruption of service. The Requesting Party may submit requests for verifications either (1) online or (2) through a web services platform that conforms to SSA’s data configuration for a real-time response. All requests must specify the name, date of birth, and SSN of each Client whose SSN the Requesting Party seeks to verify. The Requesting Party must complete the Form SSA-88 (Attachment A) with requested information for each Authorized User. The Requesting Party must use one Form SSA-88 to provide information for multiple Authorized Users. The Requesting Party must ensure that the Form SSA-88 provides the total number of the Requesting Party’s Authorized Users. The Requesting Party will notify SSA if there is any change to employment status (including, but not limited to, long-term absence, termination of employment, or change of duties related to CBSV) for any Authorized User or if Requesting Party revokes any Authorized User’s authorization to use CBSV. SSA may change its method of receiving verification requests and providing verification results to the Requesting Party at any time. If SSA decides to change its method of receiving SSN verification requests or providing verification results, the Requesting Party will bear its own costs incurred to accommodate such changes. The Requesting Party will be audited at least annually by a Certified Public Accountant (CPA) designated by SSA. The cost of the Examination Engagement is factored into the transaction fee. The CPA’s report will provide an opinion on the Requesting Party’s assertion that it complied with the CBSV User Agreement requirements. (See Attachment E.) The Requesting Party must pay the one-time enrollment fee and advance payment of estimated transaction fees for the current fiscal year prior to making any request for verification under this User Agreement. Requesting Party will pay in full any remaining balance for verifications from previous fiscal year obligations before it uses CBSV for the following fiscal year. The Requesting Party will ensure that its Responsible Company Official carries out the following actions and responsibilities: As part of the registration process, SSA will mail a one-time activation code to the Responsible Company Official. The Responsible Company Official must provide the activation code to the correct registrant named in the letter in order to complete the registration process and to activate access to CBSV services. The activation code is only mailed out to individuals whose names appear on the SSA-88. The Authorized User must login to BSO and enter the Activation code in order to activate either online services or web services.

Authorization for SSA to Release SSN Verification. Attachment B) associated with the verification requests. The Requesting Party must use the verified SSN only for the purpose(s) specified by the Client. Exceeding the scope of the consent as specified in the signed Consent Form violates state and federal or Federal law and subjects the Requesting Party to civil and criminal liability. SSA recognizes that the Requesting Party may seek verification of the Client’s SSN on behalf of a Principal pursuant to the terms of the Client’s Consent Form. In this case, the Requesting Party shall ensure that the Principal agrees in writing to use the verification only for the purpose stated in the Consent Form, and make no further use or redisclosure re-disclosure of the verified SSN. This relationship shall be subjected to the contractual obligations as specified in this document. The information obtained from records maintained by SSA is protected by Federal statutes and regulations, including 5 U.S.C. § 552a(i)(3) of the Privacy Act. Under this section, any person who knowingly and willfully requests or obtains any record concerning an individual from an agency under false pretenses will be guilty of a misdemeanor and fined not more than $5,000. SSA’s verification of an SSN does not provide proof or confirmation of identity. CBSV is designed to provide you with only a “yes” or “no” verification of whether the SSN verified with SSA’s records. If our records show that the SSN holder is deceased, CBSV returns a death indicator. CBSV verifications do not verify an individual's identity. CBSV does not verify employment eligibility, nor does it interface with the Department of Homeland Security’s (DHS) verification system, and it will not satisfy DHS’s I-9 requirements. Requesting Party Responsibilities Failure to follow these rules may result in suspension or a disruption of service. The Requesting Party must designate a Responsible Company Official to sign the Attestation Statement (Attachment D) indicating understanding of the Privacy Act restrictions relating to the use of this service on behalf of the Requesting Party. The signed and dated Attestation Statement must be submitted to SSA with the signed User Agreement. If the Responsible Company Official signing the original Attestation Statement leaves the company or no longer has authority to make legally binding commitments on behalf of the company, the Requesting Party must designate a new Responsible Company Official to submit a new signed Attestation Statement within 30 days. Responsible Company Officials Official must complete the Attestation Statement annually which advises them to be aware of their obligations responsibilities to establish effective internal controls for over compliance with CBSV requirements. (See attachment D) If the a Requesting Party wishes the Agency to recognize the Requesting Party’s successor in interest to this Agreement or the Requesting Party’s name change, the Requesting Party must submit written notification to the CBSV Project Manager within 30 days of the change. Any submission should be accompanied by supporting documentation. Because this Agreement is not assignable, any successor in interest to this Agreement must sign a new User Agreement with the agencyAgency. Any change resulting Requesting Party will provide SSA with an electronic file through the CBSV website on Business Services Online (BSO) either (1) in batch mode format for response in two to three business days, or (2) as a new agreement may result in a disruption in servicesingle request for real-time response. CBSV is not a turnkey application and there are system constraints that require that Alternately, the agreement be in Active or Amended status. Advance notice minimizes disruption of service. The Requesting Party may submit requests for verifications either (1) online or (2) their request through a web services service platform that conforms to SSA’s data configuration for a real-time response. All requests must specify the name, date of birth, and SSN of each Client whose SSN the Requesting Party seeks to verify. The If the Requesting Party elects to have its employees access CBSV by using SSA BSO either (1) in batch mode format, or (2) as a single request for real-time response option, the Requesting Party must complete the Form SSA-88 (Attachment A) with requested information for each Authorized User. The Requesting Party must use one Form SSA-88 to provide information for multiple Authorized Users. The Requesting Party must ensure that the Form SSA-88 provides the total number of the Requesting Party’s Authorized Users. The Requesting Party will notify SSA if there is any change to employment status (including, but not limited to, long-term absence, termination of employment, or change of duties related to CBSV) for any Authorized User or if Requesting Party revokes any Authorized User’s authorization to use CBSV. SSA may change its method of receiving verification requests and providing verification results to the Requesting Party at any time. If SSA decides to change its method of receiving SSN verification requests or providing verification results, the Requesting Responsible Party will bear its own costs incurred to accommodate such changes. The Requesting Party will be audited at least annually by a Certified Public Accountant (CPA) designated by SSA. The cost of the Examination Engagement is factored into the transaction fee. The CPA’s report will provide an opinion on the Requesting Partyrequesting party’s assertion that it complied with the CBSV User Agreement requirements. (See Attachment E.) The Requesting Party must pay the one-time enrollment fee and full, advance payment of estimated transaction fees for the current fiscal year prior to making any request for verification under this User Agreement. Requesting Party will pay in full any remaining balance for verifications from previous fiscal year obligations before it uses CBSV for the following fiscal year. The Requesting Party will ensure that its Responsible Company Official carries carry out the following actions and responsibilities: As part At the completion of the registration process, SSA will mail issue a one-time activation unique access code to the Responsible Company Official. The Responsible Company Official will provide the access code to each Authorized User only after authenticating that Authorized User’s relationship to the Requesting Party and as authorization for that Authorized User to submit verification requests to CBSV. Responsible Company Official must provide his and other Authorized Users’ information on Form SSA-88 if the activation code Requesting Party elects to use its web service platform client application to access CBSV. Responsible Company Official will be the representative Authorized User for the Requesting Party when using the web service platform client application. Responsible Company Official, jointly and on behalf of the Requesting Party will be responsible for all access requests made through the Requesting Party’s web service platform client application and for complying with the requirement to maintain an audit trail to track all CBSV activities of each Authorized User. Requesting Party will ensure that any Principal to whom Requesting Party discloses SSA-verified information acknowledges and agrees to comply with all of the requirements, as applicable, under this User Agreement via a contractual relationship the Requesting Party establishes with the Principal as outlined in Attachment E. The Requesting Party will inform all authorized personnel with access to confidential information of the confidential nature of the information and the administrative, technical and physical safeguards required to protect the information from improper disclosure. All confidential information must at all times be stored in an area that is physically safe from unauthorized access. Requesting Party acknowledges the following Section 1140 of the Social Security Act authorizes SSA to impose civil monetary penalties on any person who uses the words “Social Security” or other program-related words, acronyms, emblems and symbols in connection with an advertisement, solicitation or other communication, “in a manner which such person knows or should know would convey, or in a manner which reasonably could be interpreted or construed as conveying, the false impression that such item is approved, endorsed, or authorized by the Social Security Administration . . . .” 42 U.S.C. § 1320b-10(a). Requesting Party, or any of its Principals, is specifically prohibited from using the words “Social Security” or other CBSV program-related words, acronyms, emblems and symbols in connection with an advertisement for “identity verification.” Requesting Party, or any of its Principals, is specifically prohibited from advertising that SSN verification provides or serves as identity verification. SSA has the right of access to all books and records of the Requesting Party, or any of its Principals, associated with the CBSV program at any time. SSA Responsibilities SSA will compare the information provided in the Requesting Party’s verification request with the information in SSA’s Master File of SSN Holders and SSN Applications System of Records and provide verification results in appropriate format and method based on the submission format and method. If the Requesting Party submits batch files through the BSO website, SSA will provide submission confirmation by a posting on the CBSV portion of the BSO website. The Requesting Party will also be able to download the verification results file from the BSO website. Results for requests submitted via batch mode upload will generally be available within three business days. However, SSA cannot guarantee a specified time frame, as the Agency’s mission-related work will have priority over any verification requests. SSA’s posting of verification results may be delayed for Agency mission-related work or for system maintenance. If the Requesting Party submits a single request using the web service, SSA will provide a real-time responses, barring any delays for system maintenance. SSA will review CBSV submissions and results, conduct audits, generate reports, and conduct site visits as needed to ensure proper use to deter fraud and misuse. SSA, in its sole discretion, will determine the need for audits, reports, or site visits upon its review of the Requesting Party’s submissions, results, or CPA reports SSA will send out notices or reminders to the correct registrant named Requesting Party requesting payment in an annual or quarterly amount. A standardized Consent Form, Form SSA-89 (Authorization for SSA to Release SSN Verification), is included as Attachment B to this User Agreement. The Form SSA-89 consent form is an OMB approved form. This form must not be altered. SSA will provide SSN verification information only about individuals from whom the Requesting Party has obtained a signed Consent Form. The Requesting Party must obtain a signed Consent Form from each person for whom SSN verification is requested. If the request is for a minor child (under age 18), a parent or a legal guardian must sign the Form SSA-89. If the request is for a legally incompetent adult, a legal guardian must sign theForm SSA-89. If the parent or legal guardian signs the Form SSA-89, the Requesting Party must retain proof of the relationship, e.g., a copy of the birth certificate or court documentation proving the relationship. The Form SSA-89 must be completed and signed, and must include the date of birth of the SSN holder. The authorizing signature must be original and cannot be a digital or electronic signature. Neither the Requesting Party nor any Principal may make alterations to the Consent Form, unless it is made by the SSN holder to change the period during which the consent will be valid. The SSN holder must annotate and initial this change in the letter in order to complete space provided on the registration process and to activate access to CBSV servicesConsent Form. The activation code is only mailed out to individuals whose names appear Requesting Party cannot request the SSN verification from SSA before receiving physical possession of a signed Consent Form from its Client. SSA must receive the request for SSN verification within the time period specified on the SSA-88Consent Form, either 90 days from the date the Client signs the Consent Form, or by an alternate date established on the Consent Form. The Authorized User Requesting Party must login to BSO retain the signed Form SSA-89s for a period of seven (7) years from the date of the verification request, either electronically or on paper. The Requesting Party must protect the confidentiality of completed Form SSA-89s and enter the Activation code in order to activate either online services information therein, as well as the associated record of SSN verification. The Requesting Party must also protect the Form SSA-89s from loss or web services.destruction by taking the measures below. (See Section V.B for procedures on reporting Loss of Personally Identifiable Information (PII))