Limited Access Death Master File (LADMF) Certification Requirements Changed
The Limited Access Death Master File (LADMF) contains personally identifiable information—including social security numbers, dates of birth, dates of death, etc.—for deceased individuals. Many organizations with certified access to the LADMF download the file on a monthly basis and then integrate it with their own business processes. However, the National Technical Information Service (NTIS) rule 15 CFR Part 1110, in effect since November 28, 2016, changed the requirements for certification.
Previously, the NTIS only required that organizations vouch for their security measures protecting the file. According to the new rule, all organizations with access must provide a written third-party conformity attestation from an Accredited Conformity Assessment Body (ACAB). The attestation must indicate the organization is taking appropriate measures to safeguard the Limited Access Death Master File (LADMF).
What this means for organizations
Companies generally use the information in the LADMF for various financial transactions, including ensuring life insurance payouts on a person’s death, verifying death claims, and ending annuity payments. Any company requesting access or continued authorization to the LADMF must now:
- Have their access recertified every year
- Provide a third-party conformity attestation from an Accredited Conformity Assessment Body every three years
- Comply with scheduled and unscheduled audits
- Pay a penalty in the event of LADMF misuse
The rule also offers a way for companies to request an appeal if certified access is refused or withdrawn.
What attestation is now required for organizations
Organizations will need to have an accredited independent party conduct an examination under the attestation standards such as AICPA or ISO to verify the security framework in place complies with the NTIS rules. The organization may protect the LADMF by incorporating a formal security network or one that successfully meets criteria outlined in Limited Access Death Master File Publication 100.
Contact Greg Smith, Partner, Advisory Services, to discuss the third-party attestation services you may need to comply with the U.S. Department of Commerce NTIS rule.