The Privacy Act as amended by the Computer Matching and Privacy Protection Act of
1988 (CMPPA) (Public Law 100-503) requires that, before taking any adverse action
against an individual based on information produced by a computer match, SSA must:
Independently verify all data obtained through the computer match; and
Give recipients advance notice of any adverse action resulting from the computer match.
EXCEPTION: Independent verification is not necessary when SSA's Data Integrity Board (DIB) has
determined, in accordance with guidance issued by the Director of the Office of Management
and Budget (OMB), that the information is limited to identification and amount of
benefits paid under a Federal benefit program and there is a high degree of confidence
that the information provided to SSA is accurate.
The VA, RRB, and OPM matches meet these criteria (see SI 02310.020). The system automatically posts data, generates notices, and adjusts benefits when
SSA matches with these agencies and the data SSA receives does not require additional
CMPPA rules for independent verification do not apply to interfaces with other files
maintained by SSA: the master beneficiary record (MBR) and the master earnings file