On March 26, the U.S. Department of Commerce’s National Technical Information Service (NTIS) released interim final rules regarding access to the Death Master File (DMF). The DMF is the file that allows people to research whether someone is living or dead. It’s very useful for people who administer defined benefit (DB) pension plans because it’s really not prudent to continue paying people after they’ve died. The new rules were published in the Federal Register (Vol. 79, No. 58).
As I mentioned in an earlier blog, the DMF was a playground for identity thieves, so Congress decided to restrict access to only “certified” individuals. The new interim final rules provide instructions to become a certified user of the DMF.
The rules essentially split the DMF into two groups:
• The “Limited Access DMF” includes people who have died within the last three calendar years.
• The “Open Access DMF” includes people who have died more than three years ago.
As the name implies, the Open Access DMF will be available to anyone and will not require certification. This will allow genealogists to track down long-lost relatives and (in theory) will not be of much use to identity thieves.
The Limited Access DMF will require certification because it is of much interest to identity thieves, pension administrators, and other unsavory characters.
The certification process
To apply for certification, you must:
• Complete a “Limited Access Death Master File Subscriber Certification Form” and a “Limited Access Death Master File Subscriber Agreement.” These forms are available at the NTIS website.
• Promise to behave yourself. You may not provide the information obtained from the DMF to people with no legitimate use for it. Once you have been certified, you are required to maintain a list of all employees, contractors, or subcontractors to whom you pass on the information.
• Safeguard all information obtained from the DMF.
• Pay a $200 processing fee. The certification lasts for one year and can be renewed annually for up to five years.
But wait… there’s more!
The NTIS can conduct regular and unscheduled audits of the user’s systems, facilities, and security procedures. Failure to safeguard the information can result in a $1,000 fine for each disclosure or use, up to a maximum of $250,000 in penalties per calendar year.
Most day-to-day administrators will not be willing to endure the time and expense necessary to become certified and maintain documentation for NTIS audits. Fortunately, there are still vendors available who make a living doing address searches and death audits. These vendors still have access to the DMF by completing a license agreement for use and resale, which involves a much larger fee.