Statement of ERISA Industry Committee (ERIC), National Association of State Retirement Administrators (NASRA), National Council on Teacher Retirement (NCTR), National Rural Electric Cooperative Association (NRECA), Profit Sharing/401(k) Council of America (PSCA)

The undersigned organizations urge you to carefully consider the unintended consequences of legislation being currently pending before the House Ways and Means, Energy and Commerce, and Financial Services committees. Without amendment, the Social Security Number Privacy and Identity Theft Prevention Act of 2001 (H.R.2036) could unintentionally hinder the delivery of benefits from, and the efficient administration of, public and private employee benefit plans.

We strongly support the bill’s purpose of ensuring the integrity of the social security number (SSN). We are extremely concerned about the proliferation of identity theft and other financial crimes that exploit individual SSNs, and believe strong legislation should be enacted to combat such nefarious acts. As currently drafted, however, H.R.2036 could make it more difficult to deliver comprehensive health and retirement benefits to public and private employees alike.

In general, public and private employee benefit plans use SSNs in plan administration because of the SSNs utility as a common identifier for a highly mobile workforce, and because of tax reporting requirements. Plan administrators take seriously the responsibility that the use of SSNs requires, and they use the utmost caution and security when SSNs are used in plan administration and communications.

Public and private sector defined benefit and defined contribution pension and savings plans, like 401(k), 403(b), and 457 plans, use SSNs to identify plan participants, account for employee contributions, implement the employee’s investment directions, track “rollovers” from other plans, and allow employees to view their account activity or benefit accrual online (typically in conjunction with a secure “PIN”). H.R.2036’s broad prohibitions could impede, for example, an individual’s ability to stay current on the accumulation of benefits for his or her retirement.

SSNs are also used as the primary identifier in many medical and health benefit and prescription drug plans to coordinate communications between the doctor, the medical service provider, and the plan. H.R.2036’s broad prohibitions could, for example, put at risk the delivery of appropriate medications to the individual.

The application of H.R.2036’s broad prohibitions could:

• Unintentionally restrict access to employee benefit plans. Section 202 of H.R.2036 makes it a violation of the Federal Trade Commission Act for “any person” to refuse to “do business” with an individual because the individual refuses to give his or her social security number to the person. While the commonly understood definition of “business” would not include employee benefit plan administration, we are concerned the broad prohibition unintentionally would restrict plan operation. We recommend making it clear that section 202 applies only to commercial transactions, and not in the context of employment of an individual, including the provision of compensation or benefits.

• Unnecessarily limit the legitimate and beneficial use of SSNs. Section 201 prohibits the "sale," "purchase," or "display to the general public" of an individual's social security number. While the intention of that prohibition is clear, the definitions of "sale," purchase," and "display to the general public" are not. Those ambiguous definitions risk making legitimate and beneficial uses of social security numbers a violation of Federal criminal law.

For example, many benefit plan sponsors require participants to submit their social security number to the plan in order to be enrolled in and receive benefits from the plan. While such a transaction would not meet the commonly understood definition of “sale,” the definition of “sale” in section 201 encompasses an exchange of “anything of value” for a social security number.

Expressly excluded from the definition is the application of “any type of Government benefits or program” (which would cover government assistance programs, not necessarily the employment benefits governments offer their employees). The limited exclusion from the definition of “sale” for the application of social security benefits creates a risk that a court will read the exchange-for-value formulation to encompass everything not expressly excluded, including employee benefits. We recommend that the bill’s exclusions be modified to encompass the administration and provision of employee benefit plans.

Section 201 also prohibits the intentional placing of a social security number, or  derivative thereof, “in a viewable manner on an Internet site that is available to the general public or in any other manner intended to provide access to such number or derivative to the general public.” This definition, too, may sweep in routine benefit plan administration. For example, individual social security numbers may appear on correspondence between the plan, the plan administrator, the individual, and an outside third party, like a medical care provider. We are unclear if such “displays” are to the “general public.” We recommend the bill be amended to include a more precise definition of “general public” to ensure that secured and private displays of social security numbers typical in benefit plan administration are not construed to be to the “general public.”

Section 201 provides an exception to the prohibition if “voluntary and affirmative written consent” of each affected individual is obtained. Our plans may cover tens of thousands of individuals. Thus, obtaining affirmative written consent would be wholly impracticable and extremely costly. Moreover, if an individual not consenting to the use of his or her social security number is dropped from the benefit plan, the plan sponsor would be exposed to a significant risk of litigation, enforcement actions, civil penalties, excise tax penalties, and plan disqualification for violation of the federal laws that govern pension and other benefit plans. Thus, we recommend that relief for employee benefit plans be provided by narrowing the bill’s definition of “sale” and “general public” as discussed above.

• Unwisely subject public and private employee benefit plans to regulations promulgated by a federal agency with no expertise in employee benefit plans. Section 201 also gives authority to the U.S. Attorney General to promulgate regulations to ensure, among other things, that the prohibitions contained in section 201 are “no broader than necessary” to accomplish its purpose. If the bill is not amended, as we have recommended, to exclude routine benefit plan administration from the definitions of “sale” and “purchase,” we strongly recommend that the rulemaking authority granted to the Attorney General be done in consultation with a federal agency familiar with the workings of employer-sponsored benefit plans with the clear direction that regulations accommodate legitimate uses of social security numbers in employee benefit plans.

Please do not hesitate to contact Janice Gregory (202-789-1400) at ERIC, Jeannine Markoe Raymond (202-624-1417) at the NASRA, Cynthia Moore (703-243-1667) at the NCTR, Chris Stephen at the NRECA (703-907-6026) or Edward Ferrigno at PSCA (202-626-3634) to discuss this matter in more detail.