SSA - POMS: GN 03325.002 - Disclosure and Verification of Social Security Numbers (SSN) Without Consent

A. History of the Social Security number (SSN)

The Social Security number (SSN) was established in 1936 to track the wages of workers covered under the Social Security system. Because of its use as a unique identifier, the SSN is one of the most sensitive pieces of personal information in our records. It is the key to identifying and retrieving most of the highly personal and sensitive information we maintain about individuals.

Over the decades, the use of the SSN has expanded greatly beyond the original purpose for its establishment. In fact, it has become the identifier of choice by all levels of government and the private and commercial sectors, as a numerical key to their recordkeeping systems. In some cases, Federal (and State) laws have been enacted that authorize the use of the SSN for a specific purpose(s). In the vast majority of cases, however, there are no Federal laws that either prohibit or authorize the use of the SSN. Consequently, governmental and nongovernmental entities use the SSN as a personal identifier for lawful purposes because of its availability as a unique identifier. Some government agencies use the SSN for identification and administrative purposes. The private sector uses the SSN for similar purposes, generally, without restraint. For example, the private sector may refuse service or credit, or may deny admission or membership, etc., to anyone unwilling to furnish their SSN. Generally, Federal law does not control private sectors’ use of SSNs disclosed to them directly from a number holder, other than criminal actions.

We have no authority over other entities’ collection and use of the SSN. Although the SSN is widely used, it is our policy to verify SSNs, and SSN information, under limited circumstances as allowed or required by Federal laws, such as the Privacy Act (5 U.S.C. § 552a(b)), the Freedom of Information Act (5 U.S.C. § 552), the Social Security Act (e.g., 42 U.S.C. §§ 405(a); 405(c); and 1320b-7), and our disclosure regulations (20 C.F.R. §§ 401 and 402). We only disclose an SSN in narrow circumstances in which we have legal authority and where we are able to identify the true number holder.

All Federal, State, or local government agencies that collect and use the SSN for identification purposes must adhere to the requirements in section 7 of the Privacy Act (5 U.S.C. § 552a, Note). For a discussion of the Privacy Act’s section 7 requirements, see GN 03325.005B.1. We do not have any enforcement or other authority for Section 7 of the Privacy Act. Such authority rests with the Office of Management and Budget.

B. Verifying SSNs

In cases in which we may verify SSNs, the requester must provide sufficient information for us to locate the SSN and to determine if the request meets our disclosure criteria.

Because of the sensitivity of the SSN as a unique personal identifier, we only verify SSNs without consent under the following circumstances:

•

a Federal law requires us to verify SSNs;
•

a Federal law authorizes the collection of SSNs to administer an income/health maintenance program, allowing us to verify SSNs to the agency administering the program; or
•

one or more of the Privacy Act’s disclosure exceptions allows us to verify SSNs.

1. When Federal law requires SSA to verify SSNs

When a Federal law requires SSA to verify SSNs, we will comply with the statutory mandate regardless of the purpose for the verifications in the law.

NOTE: A Federal law that authorizes another government agency to collect and use the SSN is not the same as a Federal law requiring SSA to verify an SSN. However, refer to section 2 below. Similarly, a Federal law that authorizes another government agency to collect and use the SSN is not the same as a Federal law requiring SSA to disclose an SSN. In order for us to disclose the SSN, the statute must specifically mandate that SSA disclose SSNs.

2. Verification of SSNs under one or more of the Privacy Act’s disclosure exceptions

The Privacy Act (5 U.S.C. § 552a(b)) contains 12 exceptions that allow Federal agencies to disclose information without the written consent of the individual to whom the information pertains. For a discussion of these disclosure exceptions, see GN 03301.020B.4. We apply the Privacy Act disclosure exceptions to requests for SSNs on a case-by-case basis.

a. Verification of SSNs under the Privacy Act routine use exception

One of the Privacy Act’s 12 disclosure exceptions is the routine use exception (5 U.S.C. § 552a(b)(3)). The routine use exception allows SSA to verify SSNs to third parties without the consent of the individual, to whom the information pertains, for a purpose that is compatible with the purpose for which we collected the information.

We established a number of routine uses in the Master Files of SSN Holders and SSN Applications system of records notice that allow the verification of SSNs to third parties. You can view this system of records notice and its routine uses at https://www.ssa.gov/privacy/sorn.html.

NOTE: We only disclose an SSN under a Privacy Act routine use in rare circumstances. Direct such requests to the Office of Privacy and Disclosure.

b. When Federal law authorizes use of the SSN in an income-maintenance or health-maintenance program

When a Federal law authorizes a Federal, State, or local government agency to collect and use the SSN to determine eligibility for benefits, benefit amounts, or other matters of benefit status in an income-maintenance or health-maintenance program that it administers, we may verify the SSN for the administration of that income-maintenance or health-maintenance program.

Examples of Federal laws that authorize use of the SSN in income-maintenance or health-maintenance program are:

•

42 U.S.C. § 1320b-7 (Section 1137 of the Social Security Act (Act) requires the States to collect the SSN of applicants for certain programs (e.g., Medicaid, Supplemental Nutrition Assistance Program (SNAP), and unemployment compensation);
•

42 U.S.C. § 405(c)(2)(C)(i) (Section 205(c)(2)(C)(i) of the Act) provides that States may require applicants for general public assistance to furnish their SSNs; and
•

42 U.S.C. § 405(c)(2)(C)(iii) (Section 205(c)(2)(C)(iii) of the Act) allows the Secretary of Agriculture to require participants in SNAP to furnish their SSNs and to use the SSN for other administrative purposes or enforcement of the Food Stamp Act of 1977.

NOTE: The Federal law must specifically authorize the agency’s use of the SSN. Questions concerning whether a Federal law authorizes the use of the SSN in an income-maintenance program or health-maintenance program should be referred to the Office of Privacy and Disclosure, Office of the General Counsel, through the Regional or Central Office Privacy Act Coordinator.

c. Verification of SSNs to Federal, State, and local law enforcement agencies

Verification for a law enforcement purpose is one of the Privacy Act disclosure exceptions (5 U.S.C. § 552a(b)(7)). We make decisions to verify SSNs on a case-by-case basis for criminal law enforcement activity. The law enforcement agency must present a valid written request for information concerning:

•

an individual who has been indicted for or convicted of a serious crime (e.g., murder, rape, kidnapping, drug trafficking) or
•

criminal activity involving Social Security programs (including SSN misuse) or another agency’s health/income maintenance program.

We discuss our policy and criteria for disclosure of information for law enforcement activities in GN 03312.000.

d. Verification of SSNs pursuant to court orders

We may verify an SSN in response to a court order from a court of competent jurisdiction under the following circumstances:

•

the Commissioner is a party to the proceedings;
•

disclosure is specifically permitted by 20 C.F.R. Part 401; or
•

the information is necessary for due process in a criminal proceeding.

Due process cases can be complex because a disclosure may affect the privacy rights of someone other than the defendant. Thus, consult with the Office of General Law, Office 1, Disclosure Law Branch on these cases. For further guidance regarding court orders, see GN 03330.000.

NOTE: A protective order should be sought from the court even if an order meets the criteria stated in this section.

EXAMPLE: A defendant in a criminal proceeding needs information from our records, other than their own, that is alleged to be essential to their defense. We may make a disclosure under the above circumstances, but should seek a protective order before doing so.

C. Criteria for verifying SSNs

1. Required identifying information

Individual requests for SSN verification must include the SSN, first and last name, and date of birth of the individual whose SSN a requester is seeking to verify. A requester unable to provide the date of birth must provide one or more of the following identifying particulars:

•

place of birth;
•

mother’s maiden name; or
•

father’s first and last name.

NOTE: If a request for SSN verification includes only the first and last name and SSN, and our policy would otherwise allow the verification, you may verify the SSN only if you locate a single SSN record containing an exact match of that first and last name and SSN with information in our files. We will not verify an SSN without a name, even if the requester provides the place of birth, mother’s maiden name, or father’s first and last name.

2. Justification for verification

The requester must provide sufficient information to determine the request meets our disclosure criteria.

D. Common verifications of SSNs

The following are the most common SSN verifications allowed under our disclosure policy. The listings are not all inclusive. Please review our routine uses listed in the Privacy Act system of records notice, Master Files of Social Security Number (SSN) Holders and SSN Applications System, for a full list of our disclosure authorities. You can view this notice at https://www.ssa.gov/privacy/sorn.html.

1. Verification of SSNs to Federal, State, and local agencies

We have many data exchange agreements with Federal, State, and local agencies, through which we verify SSNs to these agencies. Field offices (FO) and components should check with their Data Exchange Coordinator to determine if we have an agreement to verify SSNs with a particular agency. The chart below identifies the most common disclosures and verifications of SSNs to Federal, State, and local agencies.

Agency or Entity	Purpose of Disclosure
Department of Homeland Security (DHS), U.S. Citizenship and Immigration Services (USCIS)	Pursuant to a written request to identify and locate aliens in the United States. NOTE: We do not have the legal authority to disclose information about U.S. citizens to DHS. If DHS requests information and we determine the information pertains to both U.S. citizens and aliens, only information about the aliens can be disclosed.
Department of Justice (DOJ)	To investigate and prosecute violations of the Social Security Act.
Department of Treasury (DOT), Internal Revenue Service (IRS)	For tax administration as defined in section 6103 of the Internal Revenue Code (IRC) (42 U.S.C. § 405(c)(2)(H)).
DOT, IRS	Verification of the SSNs of parents for children under age 18 to administer sections of the IRC which grant tax benefits based on support or residence of children (42 U.S.C. § 405(c)(2)(H)).
Federal, State, or local agencies	To administer health- and income-maintenance programs. We provide most SSN verifications under data exchange agreements.
Selective Service System (SSS)	To enforce draft registration concerning young men required to register with the SSS. 50 U.S.C. App. 462(e)
State Bureau of Vital Statistics agencies	For use as a primary identifier in administering public health- and income-maintenance programs. For use in statistical research and evaluation projects such as: • establishing public immunization registries; • ensuring complete birth record registration by matching vital records with neonatal test results; • conducting studies of factors contributing to infant mortality by linking birth and death records; and • evaluating the efficacy of intervention programs such as Women, Infants and Children (WIC) nutrition programs, “Healthy Start,” or other health maintenance programs. NOTE: The disclosure of SSNs is limited to the SSNs of newborns issued via SSA’s Enumeration at Birth program.
Department of Defense (DOD)	To assist in identifying those members of the Armed Forces and military enrollees who are aliens or noncitizen nationals that may qualify for expedited naturalization or citizenship processing in accordance with 8 U.S.C. § 1440 and Executive Order 13269. We provide SSN verifications under a data exchange agreement.
Department of Education	For student loan applicants. We provide SSN verifications under a data exchange agreement.
State and Territory Motor Vehicle Administration (MVA) officials	To verify the accuracy of information provided by the State agency, with respect to applications for voter registration for those individuals who do not have a driver’s license number, for whom the last four digits of the SSN are provided in accordance with section 205(r)(8) of the Act (42 U.S.C. § 405(r)(8)). We provide verifications of the last four digits of the SSN under a data exchange agreement.
State MVAs	To issue driver’s licenses and MVA-issued identification cards in accordance with section 205(c)(2)(C)(i) of the Act (42 U.S.C. § 405(c)(2)(C)(i)). We provide SSN verifications under a data exchange agreement.

2. Verification of SSNs to entities other than Federal, State, or local agencies

The chart below identifies the most common verifications of SSNs to non-governmental entities.

Third Party	Purpose
Employers	To report FICA taxes and State or local Social Security taxes for employees under Section 218 of the Social Security Act, and to correct earnings records.
Foreign countries that are parties to Totalization agreements	To carry out a purpose of an international social security agreement (i.e., Totalization agreement) entered into between the United States and the foreign country under section 233 of the Social Security Act (42 U.S.C. § 433). These agreements assist in administering the social security programs of countries that are a party to Totalization agreements with SSA.
Natural or adoptive Parent or legal guardian of a person judicially determined to be legally incompetent)	When acting on behalf, or in the best interest, of a minor or incompetent person such as: • to prepare a tax return (to claim the minor as a deduction); • to open a bank account; • to purchase stocks or bonds; or • for school identification.

Third Party

Purpose

Employers

To report FICA taxes and State or local Social Security taxes for employees under Section 218 of the Social Security Act, and to correct earnings records.

Foreign countries that are parties to Totalization agreements

To carry out a purpose of an international social security agreement (i.e., Totalization agreement) entered into between the United States and the foreign country under section 233 of the Social Security Act (42 U.S.C. § 433). These agreements assist in administering the social security programs of countries that are a party to Totalization agreements with SSA.

Natural or adoptive Parent or legal guardian of a person judicially determined to be legally incompetent)

When acting on behalf, or in the best interest, of a minor or incompetent person such as:

•

to prepare a tax return (to claim the minor as a deduction);
•

to open a bank account;
•

to purchase stocks or bonds; or
•

for school identification.

Social Security

Program Operations Manual System (POMS)

GN 03325.002 Disclosure and Verification of Social Security Numbers (SSN) Without Consent