Number: 116-7
Date: August 22, 2019
The President Signs H.R. 1079, the
“Creating Advanced Streamlined Electronic Services (CASES) for Constituents Act”
On August 22, 2019, the President signed H.R. 1079, the Creating Advanced Streamlined Electronic Services (CASES) for Constituents Act, which became Public Law 116-50. Introduced by Representative Garrett Graves on February 7, 2019, the bill previously passed the House unanimously by a vote of 379-0 on February 11, 2019, under suspension of the rules. The bill then passed the Senate unanimously without amendment on July 31, 2019. In general, the law requires OMB to issue guidance requiring agencies, including SSA, to accept electronic forms that allow an individual to provide consent to disclose information from or access to their records.
H.R. 1079 includes the following provisions of interest to SSA:
- Require the Director of OMB, no later than 1 year after enactment, to issue guidance that:
- Requires each agency 1 to accept electronic identity proofing and authentication 2 processes that allow an individual 3 to provide prior written consent for the disclosure of the individual’s recordsor for individual access to records 4;
- Creates a template for electronic consent and access forms and requires each agency:
- to post the template on the agency website; and
- to accept the forms from any individual properly identity proofed and authenticated; and
- Requires each agency to accept the electronic consent and access forms from any individual properly identity proofed and authenticated as authorization to disclose from an individual’s records to another entity, including a congressional office, or for the individual’s access to records.
- Require each agency to comply with OMB guidance no later than 1 year after the date of issuance.
The law does not provide funding to implement these requirements.
1 As defined in 5 U.S. Code §552a(a), “agency” means an agency that maintains in its system of records information about an individual as is relevant, necessary and required by law to conduct business with the agency.
2 According to NIST Special Publication 800-63A, Appendix A, identity proofing is “the process by which a credential service provider collects, validates, and verifies information about a person” and authentication is the process of “verifying the identity of a user, process, or device, often as a prerequisite to allowing access to a system’s resources.”
3 As defined in 5 U.S. Code §552a(a), “individual” means a citizen of the United States or an alien lawfully admitted for permanent residence.
4 As defined in 5 U.S. Code §552a(a),“record” means any item, collection, or grouping of information about an individual that is maintained by an agency that contains a name, or the identifying number, symbol, or other identifying particular assigned to the individual.