Privacy Act of 1974, as Amended; Alterations to Existing System of Records, Including New Routine Use

AGENCY:

Social Security Administration (SSA).

ACTION:

Altered System of Records and New Routine Use.

SUMMARY:

In accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and (e)(11)), we are issuing public notice of our intent to alter an existing system of records entitled, the Visitor Intake Process/Customer Service Record (VIP/CSR) System, 60-0350. The proposed alterations will result in the following changes to the VIP/CSR System:

(1) Expansion of the categories of individuals covered by the VIP/CSR System;

(2) Expansion of the categories of records maintained in the VIP/CSR System;

(3) Expansion of the purposes for which we use the VIP/CSR System; and

(4) Amendment of the record source categories covered by the VIP/CSR System.

We are also establishing a new routine use for disclosure of information maintained in the VIP/CSR System.

The proposed alterations and new routine use are discussed in the SUPPLEMENTARY INFORMATION section below. We invite public comment on this proposal.

DATES:

We filed a report of the proposed alterations and new routine use disclosure with the Chairman of the Senate Committee on Homeland Security and Governmental Affairs, the Chairman of the House Committee on Government Reform, and the Director, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB) on November 13, 2007. The proposed altered system of records, including the proposed new routine use applicable to the system, will become effective on December 23, 2007, unless we receive comments warranting them not to become effective.

ADDRESSES:

Interested individuals may comment on this publication by writing to the Deputy Executive Director, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, Room 3-A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401. All comments received will be available for public inspection at the above address.

FOR FURTHER INFORMATION CONTACT:

Contact Earlene Whitworth Hill, Social Insurance Specialist, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, in Room 3-A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, telephone at (410) 965-1817, e-mail: earlene.whitworth.hill@ssa.gov.

SUPPLEMENTARY INFORMATION:

I. Background and Purpose of the Proposed Alterations to the VIP/CSR System of Records

A. General Background

Social Security provides a variety of services to the general public in connection with various programs under the Social Security Act. This activity requires personal interaction between our employees and the public on many occasions. We originally published a notice of the VIP/CSR System in the Federal Register (FR) at 67 FR 63489 on October 11, 2002. At that time, we used information in the VIP/CSR System for management information and administrative purposes, such as tracking scheduled appointments and monitoring visitor information in our field offices, and for programmatic purposes associated with individuals' claims for benefits under programs we administer. On October 13, 2005, we published a notice of alterations and a new routine use applicable to the VIP/CSR System at 70 FR 59794. The alterations to the VIP/CSR System allowed us to maintain information that would alert employees in our offices if a member of the public takes action, or threatens to take action, that affects the security and safety of our employees, security guards, visitors, facilities, or records. We are now making additional alterations to the VIP/CSR System as discussed below.

B. Proposed Alterations

SSA believes that a threat exists to the safety and security of SSA employees, security personnel, visitors, and facilities when a beneficiary, claimant, attorney or non-attorney representative, or representative payee commits, or attempts to commit, a violent crime for which a court has issued an arrest warrant and the individual is not in the custody of a law enforcement agency, and we reasonably believe that the individual will contact SSA for a business-related purpose. We consider this to be the case even when an individual has not threatened or committed an act of violence directly against one of our employees, visitors, or facilities. For example, we could have a situation in which a beneficiary commits or attempts to commit a violent crime against his Social Security representative payee and an arrest warrant is issued for the beneficiary. As a result, it is likely that the beneficiary will contact or visit an SSA office somewhere in the United States in order to designate a new representative payee. If the defendant flees in order to avoid apprehension, he or she may contact or visit SSA in order to conduct other business matters such as a change of address, change method of payment to direct payment, change in direct deposit, payment of an underpayment, payment of benefit check, or to act on a scheduled appointment. Such contact could pose a threat to anyone present in the office, as well as the facility itself.

To assist us in protecting the safety and security of our employees, visitors, and facilities, we have developed a VIP/CSR System High Risk Alert functionality that will alert our offices about these potentially dangerous situations. We will maintain information about individuals only when:

• A court has issued an arrest warrant for the individual who is charged with committing, or attempting to commit, a violent crime and he or she is not in the custody of law enforcement authorities; and
• SSA management officials have a reasonable expectation that the individual will visit or contact us for a business matter (e.g., request a change of address, change of representative payee, direct payment of benefits, change in direct deposit, payment of an underpayment, payment of a benefit check, or the individual has a scheduled appointment); and
• SSA management officials have verified the identity of the individual who is under investigation with law enforcement and have determined that this individual is the same individual with whom we may have contact.

Since we want to ensure that information is entered into the VIP/CSR System only as we describe above, before we enter information into the system, the appropriate Social Security field office (FO) manager, Area Director, and Assistant Regional Commissioner, Management and Operations Support, will be required to review the facts to determine if the case meets the criteria listed above. Once our management concludes that all factors are present, the case will be entered in the VIP/CSR System as a High Risk Alert.

Once information is entered in the VIP/CSR System, at a minimum, the FO manager will confirm, every 30 days with the appropriate law enforcement officials who have jurisdiction over the case, that the individual identified still presents a danger to SSA employees, visitors, or facilities. If it is determined that the individual no longer presents a danger, the High Risk Alert will be deleted. Situations that would meet the criteria for deletion are:

• The individual is in the custody of law enforcement; or
• The individual is no longer a suspect or has been exonerated; or
• The individual is deceased.

The SSA Regional Center for Security and Integrity and the Division of Systems Security and Program Integrity will maintain a list of all High Risk Alert cases that have been entered into VIP/CSR System and will monitor the list to ensure that we are regularly reviewing cases.

We will issue operating instructions for our management officials' use to ensure that the changes to the VIP/CSR System are implemented as we describe above.

Before we can implement the changes discussed above, we must make the following alterations to the VIP/CSR System:

i. Amend the categories of individuals section of the notice of the VIP/CSR System to include our beneficiaries, claimants, attorney or non-attorney representatives, or representative payees who commit, or attempt to commit, a violent crime, have an outstanding arrest warrant, and who we reasonably believe will attempt to contact one of our facilities to conduct program business;

ii. Amend the categories of records section of the notice of the VIP/CSR System to include a High Risk Alert indicator and identifying information about the individuals described in item B.i above, such as their name and/or Social Security number (SSN), date of birth, information pertaining to the specific nature of the crime, and information pertaining to the date, time, and the location of the crime;

iii. Amend the purpose(s) section of the notice of the VIP/CSR System to describe that we will use information in the VIP/CSR System for the purposes described in items B.i and B.ii above; and

iv. Amend the record source categories section of the notice of the VIP/CSR System to identify law enforcement officials as the source of the warrant information that will be maintained in the VIP/CSR System.

II. New Routine Use

A. Discussion

As described above, we will maintain information in the VIP/CSR System about the new category of individuals (i.e., claimants, beneficiaries, attorney or non-attorney representatives, or representative payees) who commits, or attempts to commit, a violent crime, have an outstanding arrest warrant, and who we reasonably believe will attempt to contact one of our facilities to conduct program business, only as long as the individual poses a threat to the security and safety of our employees, visitors to our offices, and our facilities. As discussed above, at a minimum, the FO manager will confirm every 30 days with the law enforcement officials who have jurisdiction over the cases that the individual identified still presents a danger to our employees, visitors, or facilities. This confirmation will require us to disclose some basic information about the individual for whom the warrant was issued. To comply with the Privacy Act, we are establishing the following routine use, which appears as routine use number 8 in the notice of the VIP/CSR System below. The routine use provides for disclosure:

To the appropriate law enforcement official, the Social Security Administration (SSA) may disclose information regarding a Social Security beneficiary, claimant, attorney or non-attorney representative, or representative payee who is the subject of an outstanding arrest warrant for having committed, or having attempted to commit, a violent crime for the purposes of determining whether SSA should include an individual's information in the VIP/CSR System or remove an individual's information from the system because he/she no longer meets the criteria (i.e., the individual is in the custody of law enforcement, is no longer a suspect or has been exonerated, or is deceased).

B. Compatibility of Routine Use

The Privacy Act (5 U.S.C. 552a(a)(7) and (b)(3)) and SSA's disclosure regulation (20 CFR Part 401) permit us to disclose information under a published routine use for a purpose that is compatible with the purpose for which we collected the information. Section 401.150(c) of the regulation permits us to disclose information under a routine use, where necessary, to carry out SSA programs. The routine use we are proposing will allow disclosures that assist in ensuring that our places of business are safe and secure for both customers and employees, and that our employees can perform their duties without fear of intimidation or injury. Thus, the routine use is appropriate and meets the relevant statutory and regulatory criteria.

III. Housekeeping Change

We are making the following housekeeping changes to the VIP/CSR System notice to make it accurate and up-to-date.

1. Categories of records in the system: We are revising the wording of item 7 in this section so that it clearly identifies to whom the records pertain.

2. Routine uses of records maintained in the system, including categories of users and the purposes of such uses: We have revised the wording of routine use number 6. We have not made any substantive changes to the routine use.

3. Safeguards: We are deleting the text “or alternate participants,” which was inadvertently included in this section of the notice.

4. Retention and disposal: We have revised the retention dates so that they adhere to the General Records Schedule issued by National Archives and Records Administration (NARA).

IV. Effect of the Proposed VIP/CSR System Alterations and Routine Use on the Rights of Individuals

The proposed alterations and routine use applicable to the VIP/CSR System will assist us in carrying out our responsibility to protect the safety and security of our employees, visitors to Social Security offices, and SSA facilities. We will collect, maintain, use, and disclose only the minimum information necessary to accomplish this purpose. Further, we will adhere to all applicable statutory requirements when doing so, including those under the Social Security Act and Privacy Act. Thus, we do not anticipate that the alterations and routine use will have an unwarranted effect on the rights of individuals.

SYSTEM NUMBER:

60-0350.

SYSTEM NAME:

Visitor Intake Process/Customer Service Record (VIP/CSR) System.

SECURITY CLASSIFICATION:

None.

SYSTEM LOCATION:

Social Security Administration, Office of Systems, 6401 Security Boulevard, Baltimore, Maryland 21235.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system covers visitors to the Social Security Administration (SSA) field offices (FO) for various purposes (see “Purpose(s)” section below); individuals who have threatened an act of violence, commit, or attempt to commit, a violent crime against an SSA employee, a visitor to any SSA office conducting business or another individual accompanying such visitor, or to any SSA office; and SSA beneficiaries, claimants, attorney or non-attorney representatives, or representative payees who commit, or attempt to commit, a violent crime, have an outstanding arrest warrant, and who we reasonably believe will attempt to contact one of our facilities to conduct program business.

CATEGORIES OF RECORDS IN THE SYSTEM:

This system contains the following information about each visitor:

(1) Visitor information, such as Social Security number, full name and date of birth, when such information is provided by the visitor;

(2) Visitor information, such as the time the visitor entered and left the office, an assigned group number, number of interviews associated with the visit and remarks associated with the visit;

(3) Appointment information, such as date and time of appointment, source of appointment and appointment unit number (unit establishing appointment);

(4) Notice information, such as close-out notice type (e.g., title II 6-month closeout letter, title XVI SSA-L991) and close-out notice date/time when sent;

(5) Interview information, such as each occurrence, subject of interview, estimated waiting time, preferred language, type of translator, the number of the interview in the queue, interview disposition (e.g., completed, deleted, left without service), interview priority, start and ending time and name of interviewer;

(6) SSN, full name and relationship to claimant or beneficiary, when such information is provided;

(7) “High Risk” alert information about individuals who take action, or threaten to take action, that affects the security and safety of our employees, security guards, visitors, facilities, or records; i.e., personal information about the visitor such as name, SSN, date of birth, specific nature of the threat or act of violence, the date, time, and location of the threat or act of violence;

(8) Source of the report from the SSA-3114-U4; and

(9) “High Risk” alert information about beneficiaries, claimants, attorney or non-attorney representatives, or representative payees who commit, or attempt to commit, a violent crime, have an outstanding arrest warrant, and who we reasonably believe will attempt to contact one of our facilities to conduct program business; i.e., personal information about the individuals such as name, SSN, date of birth, information pertaining to the specific nature of the crime, and the date, time, and location of the crime.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Sections 222, 223, 225, 1611, 1615, 1631 and 1633 of the Social Security Act (42 U.S.C. 422, 423, 425, 1382, 1382d, 1383 and 1383b); the Federal Records Act of 1950 (Pub. L. 81-754, 64 Stat. 583), as amended.

PURPOSE(S):

Information in VIP/CSR System is used to:

• Provide a means of collecting waiting time data on all in-office interviews in SSA FOs;
• Provide management information on other aspects of all in-office interviews in SSA FOs;
• Provide a source for customer service record data collection for such interviews and capture discrete data about the volume and nature of inquiries to support management decisions in the areas of process improvement and resource allocation;
• Provide a means of collecting information about individuals who have threatened an act of violence and/or have committed an act of violence against an SSA employee, or a visitor to any SSA office conducting business, and/or to any SSA office;
• Generate a timely “High Risk” alert to alert intake employees of an individual who may pose a security risk, including a “High Risk” alert for Social Security beneficiaries, claimants, attorney or non-attorney representatives, or representative payees who commit, or attempt to commit, a violent crime, have an outstanding arrest warrant, and who we reasonably believe will attempt to contact one of our facilities to conduct program business;
• Provide a standard approach to ensure the safety of SSA employees, visitors, security personnel, and facilities.

The information collected from visitors to SSA FOs will be used for filing claims for benefits under title II, transacting post-entitlement actions if currently entitled to benefits under title II, filing claims for benefits under title XVI, transacting post-eligibility actions if currently eligible for benefits under title XVI, obtaining an SSN, transacting other actions related to a SSN, or other actions or queries that may require an interview at SSA.

The information collected from the “High Risk” alert will be used to advise the intake employees at any SSA office of the potential security risk and to use extra caution when dealing with the individual who is before them and/or who has scheduled an appointment. The “High Risk” alert will include personal information about the visitor such as name, SSN, date of birth, specific nature of the threat or act of violence, and the date, time, and location of the threat or act of violence.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Disclosures may be made for routine uses as indicated below.

1. To the Office of the President for the purpose of responding to an individual pursuant to an inquiry received from that individual or from a third party on his or her behalf.

2. To a congressional office in response to an inquiry from that office made at the request of the subject of a record.

3. To the Department of Justice (DOJ), a court, or other tribunal, or other party before such tribunal when:

(a) The Social Security Administration (SSA), or any component thereof, or

(b) Any SSA employee in his or her official capacity; or

(c) Any SSA employee in his or her individual capacity where DOJ (or SSA where it is authorized to do so) has agreed to represent the employee; or

(d) The United States, or any agency thereof, where SSA determines that the litigation is likely to affect the operations of SSA or any of its components is party to litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court, or other tribunal is relevant and necessary to the litigation, provided, however, that in each case, SSA determines that such disclosure is compatible with the purpose for which the records were collected.

4. To contractors and other Federal agencies, as necessary, to assist the Social Security Administration in the efficient administration of its programs.

5. To student volunteers, individuals working under a personal services contract, and other individuals performing functions for the Social Security Administration, but technically not having the status of Agency employees, if they need access to the records in order to perform their assigned Agency functions.

6. To the General Services Administration and National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by the NARA Act of 1984, information that is not restricted from disclosure by Federal law for the use of those agencies in conducting records management studies.

7. To Federal, State, and local law enforcement agencies and private security contractors as appropriate, information necessary:

(a) To enable them to protect the safety of Social Security Administration (SSA) employees and customers, the security of the SSA workplace and the operation of SSA facilities, or

(b) To assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupts the operation of SSA facilities.

8. To the appropriate law enforcement official, the Social Security Administration (SSA) may disclose information regarding a Social Security beneficiary, claimant, attorney or non-attorney representative, or representative payee who is the subject of an outstanding arrest warrant for having committed, or having attempted to commit, a violent crime for the purposes of determining whether SSA should include an individual's information in the VIP/CSR System or remove an individual's information from the system because he or she no longer meets the criteria (i.e., the individual is in the custody of law enforcement, is no longer a suspect or has been exonerated, or is deceased).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

Records in this system are maintained in both electronic and paper form (e.g., magnetic tape and disc and microfilm).

RETRIEVABILITY:

Records in this system will be retrieved by the individual's SSN and/or name.

SAFEGUARDS:

Security measures include the use of access codes to enter in the computer system, which will maintain the data and storage of the computerized records in secured areas that are accessible only to employees who require the information in performing their official duties. SSA employees who have access to the data will be informed of the criminal penalties of the Privacy Act for unauthorized access to or disclosure of information maintained in the system. See 5 U.S.C. 552a(i)(1).

Contractor personnel and/or alternate participants having access to data in the system of records will be required to adhere to SSA rules concerning safeguards, access and use of the data.

RETENTION AND DISPOSAL:

Records in the Visitor Intake Process/Customer Service Record (VIP/CSR) System “High Risk” file will be retained for five years in accordance with Section E of NC-47-76-12. The means of disposal of the information in the Visitor Intake Process/Customer Service Record (VIP/CSR) System “High Risk” file will be appropriate to the storage medium (e.g., deletion of individual electronic records or shredding of paper records). Additionally, management officials will have the ability to delete records from the “High Risk” file electronic database.

SYSTEM MANAGER(S) AND ADDRESS(ES):

Deputy Commissioner, Office of Systems, Social Security Administration, 6401 Security Boulevard, Baltimore, Maryland 21235.

NOTIFICATION PROCEDURE(S):

An individual can determine if this system contains a record about him or her by writing to the system manager(s) at the above address and providing his or her name, SSN, or other information that may be in the system of records that will identify him or her. An individual requesting notification of records in person should provide the same information, as well as provide an identity document, preferably with a photograph, such as a driver's license. If an individual does not have identification documents sufficient to establish his or her identity, the individual must certify in writing that he or she is the person claimed to be and that he or she understands that knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.

If notification is requested by telephone, an individual must verify his or her identity by providing identifying information that parallels the record to which notification is being requested. If it is determined the identifying information provided by telephone is insufficient, the individual will be required to submit a request in writing or in person. If an individual is requesting information by telephone on behalf of another individual, the subject individual must be connected with SSA and the requesting individual in the same phone call. SSA will establish the subject individual's identity (his or her name, SSN, address, date of birth and place of birth, along with one other piece of information such as mother's maiden name), and ask for his or her consent in providing information to the requesting individual.

If a request for notification is submitted by mail, an individual must include a notarized statement to SSA to verify his or her identity or must certify in the request that he or she is the person claimed to be and that he or she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense. These procedures are in accordance with SSA Regulations (20 CFR 401.40).

RECORD ACCESS PROCEDURE(S):

Same as Notification procedure(s). Requesters also should reasonably specify the record contents they are seeking. These procedures are in accordance with SSA Regulations (20 CFR 401.40).

CONTESTING RECORD PROCEDURE(S):

Same as Notification procedures. Requesters also should reasonably identify the record, specify the information they are contesting, and state the corrective action sought, and the reasons for the correction, with supporting justification showing how the record is untimely, incomplete, inaccurate or irrelevant. These procedures are in accordance with SSA Regulations (20 CFR 401.65).

RECORD SOURCE CATEGORIES:

Information in this system of records is obtained from information collected from individuals interviewed in person in SSA FOs, from existing systems of records, such as the Claims Folders System, 60-0089; Master Beneficiary Record, 60-0090, Supplemental Security Income Record and Special Veterans Benefits, 60-0103; from information generated by SSA, such as computer date/time stamps at various points in the interview process; and from law enforcement.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE PRIVACY ACT:

None.