§ 401.45. Verifying your identity.
https://www.ssa.gov/OP_Home/cfr20/401/401-0045.htm
§ 401.45 is a government regulation that explains how to verify your identity when making a request for notification or access to a record from the Social Security Administration (SSA). The SSA needs to make sure that they only provide sensitive information to the right person, so they require you to prove your identity in certain ways depending on how you make your request.
If you make your request in person, you must provide one piece of identification like a driver’s license, passport, or voter registration card. If you make your request by telephone, you will be asked to provide identifying information that matches the record you are requesting, and if that information is not enough, you may be asked to submit your request in writing or in person. If you make your request electronically, you will need to go through identity confirmation procedures appropriate to the sensitivity of the information you are requesting.
If you cannot prove your identity, you will not be given access to the information you are requesting, and if you knowingly and willfully provide false information, you may face criminal charges. If you are making a request on behalf of someone else, you must also verify your relationship to that person, and for sensitive records like medical records, you may need to provide even more specific information for verification.
§ 401.45 is a regulation issued by the Social Security Administration (SSA) that outlines the requirements for verifying the identity of individuals who request access to their personal records. The regulation specifies the circumstances under which identity verification is necessary and the methods for doing so.
The regulation requires individuals to verify their identity if they are requesting notification of or access to a record in a manner other than in person and are not personally known to the SSA representative. This verification is necessary when the SSA determines that disclosure of the record to someone other than the subject individual would be a clearly unwarranted invasion of privacy, or when the record is not required to be disclosed to the general public under the Freedom of Information Act.
The regulation sets out different methods for verifying identity depending on how the request is made. If the request is made in person, the individual must provide at least one piece of tangible identification such as a driver’s license, passport, or voter registration card. If the request is made by telephone, the individual must provide identifying particulars that match the record being sought, and if this is insufficient, the request must be submitted in writing or in person. For electronic requests, the identity confirmation procedures used must be commensurate with the sensitivity of the information being requested, and if the individual cannot be verified, the request must be submitted in writing.
The regulation also provides additional requirements for requests for sensitive records such as medical records, including the need for further verification of identity. Finally, the regulation specifies the requirements for requests made on behalf of a minor or legal incompetent, requiring verification of the requester’s relationship to the individual and additional evidence of guardianship or competency.