On May 24, 2018 President Donald J. Trump (R) signed into law the “Economic Growth, Regulatory Relief, and Consumer Protection Act” (“EGRRCPA”) which, among other things, required the Social Security Administration (“SSA”) to establish an identification process for the prevention of fraud, which included a requirement for a financial institution to obtain an individual’s written consent before their data is submitted into the SSA’s new database for verification purposes (for details, see “Permission to Compare” at: https://compliance.docutech.com/2018/06/15/the-economic-growth-regulatory-relief-and-consumer-protection-act-is-it-a-dodd-frank-rollback/).
Last month, the SSA announced the initial enrollment of financial institutions into this process required by the EGRRCPA, which is the new “electronic Consent Based Social Security Number (SSN) Verification” service (“eCBSV”). The SSA is preparing to implement an initial rollout of this service in June 2020 (for details, see 84 FR 26712 [2019] and https://www.ssa.gov/dataexchange/eCBSV/index.html). The SSA provides some information on how consent may be obtained, such as the following (from a “Q&A”):
“[Q.] Can any detail be provided regarding how the consent from the consumer needs to be presented, captured, stored, and presented as evidence?
[A.] Consent must be captured in accordance with the requirements SSA will set forth in the User Agreement. SSA will require consent be captured (1) on a properly-signed SSA-89, Authorization for SSA to Release SSN Verification in either paper format, fillable-PDF or other electronic format, or (2) in some other electronic process consistent with the permitted entity’s existing business process and SSA’s Privacy Act-compliant template language, provided in the eCBSV User Agreement. Moreover, SSA’s signature – including electronic signature requirements will be set forth on SSA’s website and incorporated by reference into the User Agreement.” (see https://www.ssa.gov/dataexchange/eCBSV/faqs.html; question 3.01)
We are currently reviewing this change to determine any impact to our document library and/or systems and evaluating any necessary changes. Any modifications we make will be announced on our website (https://compliance.docutech.com/).