Privacy Act of 1974; as Amended; New System of Records and New Routine Use Disclosures

AGENCY:

Social Security Administration (SSA).

ACTION:

Proposed new system of records and proposed routine uses.

SUMMARY:

In accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and (e)(11)), we are issuing public notice of our intent to establish a new system of records entitled Representative Payee/Misuse Restitution Control System (RP/MRCS), 60-0318, and routine uses applicable to this system of records. Hereinafter, we will refer to the proposed system of records as the RP/MRCS. We invite public comments on this proposal.

DATES:

We filed a report of the proposed new system of records and proposed routine use disclosures with the Chairman of the Senate Committee on Homeland Security and Governmental Affairs, the Chairman of the House Committee on Government Reform, and the Director, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB) on January 25, 2005. The proposed system of records and routine uses will become effective on March 6, 2005, unless we receive comments warranting it not to become effective.

ADDRESSES:

Interested individuals may comment on this publication by writing to the Executive Director, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, Room 3-A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401. All comments received will be available for public inspection at the above address.

FOR FURTHER INFORMATION CONTACT:

Ms. Joyce Schaul, Social Insurance Specialist, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, Room 3-A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235, e-mail address at joyce.schaul@ssa.gov, or by telephone at (410) 965-5662.

SUPPLEMENTARY INFORMATION:

I. Background and Purpose of the Proposed New System of Records Entitled the RP/MRCS System

A. General Background

On March 4, 2004, President Bush signed into law the Social Security Protection Act of 2004 (Pub. L. 108-203), which amended section 205(j) of the Social Security Act. Included in the amendment is a requirement for the Commissioner of Social Security to re-issue benefits under Title II or XVI whenever an individual representative payee serving 15 or more beneficiaries or an organizational representative payee is found to have misused a beneficiary's funds. This is effective for determinations of misuse on or after January 1, 1995. To carry out this function as required under the amended section 205(j), SSA must collect and maintain certain identifying information about: (1) Representative payees that have misused benefits; (2) beneficiaries whose benefits have been misused; and (3) the relationship between the representative payee and the beneficiary.

B. Collection and Maintenance of the Data for the Proposed New System of Records Entitled the RP/MRCS System

SSA must collect and maintain certain identifying information about representative payees that have misused benefits; beneficiaries whose benefits have been misused; and, the relationship between the representative payee and the beneficiary. We will retrieve information from the proposed system of records by using the individual's name and/or Social Security Number. Thus the RP/MRCS system will constitute a system of records under the Privacy Act of 1974, as amended.

II. Proposed Routine Use Disclosures of Data Maintained in the Proposed RP/MRCS

A. Proposed Routine Use Disclosures

We are proposing to establish routine uses of information that will be maintained in the proposed RP/MRCS as discussed below.

1. To the Office of the President for the purpose of responding to an individual pursuant to an inquiry received from that individual or from a third party on his or her behalf.

We will disclose information under this routine use only in situations in which an individual may contact the Office of the President, seeking that Office's assistance in a matter relating to information contained in this system of records. Information will be disclosed when the Office of the President makes an inquiry and indicates that it is acting on behalf of the individual whose record is requested.

2. To a congressional office in response to an inquiry from that office made at the request of the subject of a record.

We will disclose information under this routine use only in situations in which an individual may ask his or her congressional representative to intercede in a matter relating to information contained in this system of records. Information will be disclosed when the congressional representative makes an inquiry and indicates that he or she is acting on behalf of the individual whose record is requested.

3. To the Department of Justice (DOJ), a court or other tribunal, or another party before such tribunal when:

(a) SSA, or any component thereof; or

(b) Any SSA employee in his/her official capacity; or

(c) Any SSA employee in his/her individual capacity where DOJ (or SSA where it is authorized to do so) has agreed to represent the employee; or

(d) The United States or any agency thereof where SSA determines that the litigation is likely to affect the operation of SSA or any of its components,

Is party to litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court or other tribunal, or another party before such tribunal is relevant and necessary to the litigation, provided, however, that in each case, SSA determines that such disclosure is compatible with the purpose for which the records were collected.

Disclosure of any information defined as “return or return information” under 26 U.S.C. 6103 of the Internal Revenue Code (IRC) will not be made unless authorized by a statute, the Internal Revenue Service (IRS), or IRS regulations.

We will disclose information under this routine use only as necessary to enable DOJ to effectively defend SSA, its components or employees, in litigation involving the proposed new system of records and ensure that courts and other tribunals have appropriate information.

4. To contractors and other Federal Agencies, as necessary, for the purpose of assisting SSA in the efficient administration of its programs. We contemplate disclosing information under this routine use only in situations in which SSA may enter into a contractual or similar agreement with a third party to assist in accomplishing an Agency function relating to this system of records.

We will disclose information under this routine use only in situations in which SSA may enter into a contractual agreement or similar agreement with a third party to assist in accomplishing an Agency function relating to this system of records.

5. To student volunteers, individuals working under a personal service contract, and other individuals performing functions for SSA but technically not having the status of Agency employees, if they need access to the records in order to perform their assigned Agency functions.

Under certain Federal statutes, SSA is authorized to use the service of volunteers and participants in certain educational, training, employment and community service programs. Examples of such statutes and programs include: 5 U.S.C. 3111 regarding student volunteers and 42 U.S.C. 2753 regarding the College Work-Study Program. We contemplate disclosing information under this routine use only when SSA uses the services of these individuals, and they need access to information in this system to perform their assigned agency duties.

6. Non-tax return information which is not restricted from disclosure by federal law may be disclosed to the General Services Administration (GSA) and the National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by NARA Act of 1984, for the use of those agencies in conducting records management studies.

The Administrator of GSA and the Archivist of NARA are charged by 44 U.S.C. 2904, as amended, with promulgating standards, procedures and guidelines regarding record management and conducting records management studies. 44 U.S.C. 2906, as amended, provides that GSA and NARA are to have access to Federal agencies' records and that agencies are to cooperate with GSA and NARA. In carrying out these responsibilities, it may be necessary for GSA and NARA to have access to this proposed system of records. In such instances, the routine use will facilitate disclosure.

7. To Federal, State, and local law enforcement agencies and private security contractors, as appropriate, information necessary:

• To enable them to protect the safety of SSA employees and customers, the security of the SSA workplace, and the operation of SSA facilities, or
• To assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupt the operation of SSA facilities.

We will disclose information under this routine use to law enforcement agencies and private security contractors when information is needed to respond to, investigate, or prevent activities that jeopardize the security and safety of SSA customers, employees or workplaces or that otherwise disrupt the operation of SSA facilities. Information would also be disclosed to assist in the prosecution of persons charged with violating Federal or local law in connection with such activities.

B. Compatibility of Proposed Routine Uses

The Privacy Act (5 U.S.C. 552a(b)(3)) and SSA's disclosure regulation (20 CFR part 401) permit us to disclose information under a published routine use for a purpose that is compatible with the purpose for which we collected the information. SSA's Regulations at 20 CFR 401.150(c) permit us to disclose information under a routine use where necessary to carry out SSA programs. SSA's Regulations at 20 CFR 401.120 provide that we will disclose information when a law specifically requires the disclosure. The proposed routine uses numbered 1 through 5 and 7 above will ensure efficient administration of SSA programs administered through the RP/MRCS; the disclosure that would be made under routine use number 6 is required by law. The proposed routine uses are appropriate and meet the relevant statutory and regulatory criteria.

III. Records Storage Medium and Safeguards for the Proposed New System Entitled the RP/MRCS

SSA will maintain information in the RP/MRCS in electronic and paper form. Only authorized SSA and contractor personnel who have a need for the information in the performance of their official duties will be permitted access to the information. We will safeguard the security of the information by requiring the use of access codes to enter the computer system that will maintain the data and will store computerized records in secured areas that are accessible only to employees who require the information to perform their official duties. Any manually maintained records will be kept in locked cabinets or in otherwise secure areas. Furthermore, SSA employees having access to SSA databases maintaining personal information must sign a sanction document annually, acknowledging their accountability for making unauthorized access to or disclosure of such information.

Contractor personnel having access to data in the RP/MRCS will be required to adhere to SSA rules concerning safeguards, access and use of the data.

SSA and contractor personnel having access to the data on this system will be informed of the criminal penalties of the Privacy Act for unauthorized access to or disclosure of information maintained in this system. See 5 U.S.C. 552a(i)(1).

IV. Effect of the Proposed RP/MRCS on the Rights of Individuals

The proposed new system of records will maintain only that information that is necessary for the efficient and effective control and processing of the RP/MRCS in order to investigate certain misuse cases to determine whether the beneficiary has been repaid by either SSA or the representative payee. Security measures will be employed that protect access to and preclude unauthorized disclosure of records in the proposed system of records. Therefore, we do not anticipate that the proposed system of records will have an unwarranted adverse effect on the rights of individuals.

Social Security Administration (SSA); Notice of System of Records; Required by the Privacy Act of 1974; as Amended

60-0318

System Name:

Representative Payee/Misuse Restitution Control System (RP/MRCS), Office of the Deputy Commissioner for Disability and Income Security Programs, Associate Commissioner for Income Security Programs.

Security Classification:

None.

System Location:

Associate Commissioner for Income Security Programs, Social Security Administration, 6401 Security Boulevard, Baltimore, Maryland 21235-6401.

Categories of Individuals Covered by the System:

This system maintains information about representative payees that have misused benefits and beneficiaries/recipients whose benefits have been misused.

Categories of Records in the System:

Data in this system consist of: (1) Names, mailing address, location address, phone number, employee identification number (EIN)/Social Security number (SSN), and identification number of representative payees; (2) Names, SSNs or other cross-referenced account numbers, the program in which the misuse occurred (Title II or Title XVI), current address, payment status, misuse amount, misuse determination date, misuse start date, misuse end date and SSA negligence code (Y or N) of beneficiaries/recipients; and (3) The original amount refunded by payee, original amount restored by SSA, new amount refunded by payee, new amount restored by SSA, case outcome and completion date.

Authority for Maintenance of the System:

The Social Security Protection Act of 2004 (Pub. L. 108-203); Section 205(j)(5) of the Social Security Act; (42 U.S.C. 405(j)(5)).

Purpose(s):

Information in this system will assist SSA in investigating certain representative payee misuse cases going back to January 1, 1995, to determine whether the beneficiary has been repaid by either SSA or the representative payee. The information in this system will also be used to control completion of cases and to provide details about how the case was resolved.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purpose of Such Uses:

Disclosure may be made for routine uses as indicated below. However, disclosure of any information defined as “return” or “return information” under 26 U.S.C. 6103 of the Internal Revenue Code will not be made unless authorized by a statute, the Internal Revenue Service (IRS) or IRS regulations.

1. To the Office of the President for the purpose of responding to an individual pursuant to an inquiry received from that individual or from a third party on his or her behalf.

2. To a congressional office in response to an inquiry from that office made at the request of the subject of a record.

3. To the Department of Justice (DOJ), a court or other tribunal, or another party before such tribunal when: (a) SSA, or any component thereof; or (b) Any SSA employee in his/her official capacity; or (c) Any SSA employee in his/her individual capacity where DOJ (or SSA where it is authorized to do so) has agreed to represent the employee; or (d) The United States or any agency thereof where SSA determines that the litigation is likely to affect the operations of SSA or any of its components, Is party to litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court or other tribunal, or another party before such tribunal is relevant and necessary to the litigation, provided, however, that in each case, SSA determines that such disclosure is compatible with the purpose for which the records were collected.

Disclosure may be made for routine uses as indicated below. However, disclosure of any information defined as “return” or “return information” under 26 U.S.C. 6103 of the Internal Revenue Code will not be made unless authorized by a statute, the Internal Revenue Service (IRS) or IRS regulations.

4. To contractors and other Federal agencies, as necessary, for the purpose of assisting SSA in the efficient administration of its programs. We contemplate disclosing information under this routine use only in situations in which SSA may enter into a contractual or similar agreement with a third party to assist in accomplishing an agency function relating to this system of records.

5. To student volunteers, individuals working under a personal services contract, and other individuals performing functions for SSA but technically not having the status of Agency employees if they need access to the records in order to perform their assigned Agency functions.

6. Non-tax return information which is not restricted from disclosure by Federal law may be disclosed to the General Services Administration (GSA) and the National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by NARA Act of 1984, for the use of those agencies in conducting records management studies.

7. To Federal, State, and local law enforcement agencies and private security contractors, as appropriate, information necessary:

• To enable them to protect the safety of SSA employees and the public, the security of the SSA workplace, the operation of SSA facilities, or
• To assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupt the operation of SSA facilities.

Policies and Practices for Storing, Retrieving, Accessing, Retaining and Disposing of Records in the System:

Storage:

Records in this system are maintained electronically.

Retrievability:

Records in this system will be retrieved by the name, SSN or EIN of the representative payee, or name or SSN of the beneficiary/recipient.

Safeguards:

Security measures include the use of access codes to enter the computer system which will maintain the data, the storage of computerized records in secured areas which are accessible only to employees who require the information in performing their official duties. SSA employees who have access to the data will be informed of the criminal penalties of the Privacy Act for unauthorized access to or disclosure of information maintained in the system. See 5 U.S.C. 552a(i)(1).

Contractor personnel having access to data in the system of records will be required to adhere to SSA rules concerning safeguards, access and use of the data.

Retention and Disposal:

Misuse data and contact information about misusers (payees) will be populated into RP/MRCS via a flat file produced by the Office of Systems from the Representative Payee System (RPS) using the criteria specified by section 205(j) of the Social Security Act. This flat file will also contain current beneficiary contact data from the Master Beneficiary Record and/or the Supplemental Security Income Record.

Once the data is loaded into RP/MRCS, field offices will develop the status of repayment of each misuse event and post resolution information. Management information regarding cases pending and cleared will be collected and reported as will information about case resolution.

Data collected during the course of an RP/MCRS action is stored in a database on the Dallas Regional Office's Windows servers. Only a limited number of new records (those that were not recorded on RPS) will be added to the database. RP/MRCS will cover only misuse events related to the closed period of January 1, 1995, through the initial population of the database from SSA's Representative Payee System in April 2004.

Records in the system will be retained for 12 months after the final data are posted and then they will be archived.

System Manager(s):

Associate Commissioner for Income Security Programs, Social Security Administration, 6401 Security Boulevard, Baltimore, Maryland 21235-6401.

Notification Procedure(s):

An individual can determine if this system contains a record about him/her by writing to the systems manager(s) at the above address and providing his/her name, SSN or other information that may be in the system of records that will identify him/her. An individual requesting notification of records in person should provide the same information, as well as provide an identity document, preferably with a photograph, such as a driver's license or some other means of identification. If an individual does not have any identification documents sufficient to establish his/her identity, the individual must certify in writing that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense. (20 CFR 401.40).

If notification is requested by telephone, an individual must verify his/her identity by providing identifying information that parallels the record to which notification is being requested. If it is determined that the identifying information provided by telephone is insufficient, the individual will be required to submit a request in writing or in person. If an individual is requesting information by telephone on behalf of another individual, the subject individual must be connected with SSA and the requesting individual in the same phone call. SSA will establish the subject individual's identity (his/her name, SSN, address, date of birth and place of birth along with one other piece of information such as mother's maiden name) and ask for his/her consent in providing information to the requesting individual. (20 CFR 401.45)

If a request for notification is submitted by mail, an individual must include a notarized statement to SSA to verify his/her identity or must certify in the request that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense. These procedures are in accordance with SSA Regulations (20 CFR 401.45).

Record Access Procedure(s):

Same as Notification procedures. Requesters also should reasonably specify the record contents they are seeking. These procedures are in accordance with SSA Regulations (20 CFR 401.40).

Contesting Record Procedure(s):

Same as Notification procedures. Requesters should also reasonably identify the record, specify the information they are contesting, and state the corrective action sought and the reasons for the correction with supporting justification showing how the record is untimely, incomplete, inaccurate, or irrelevant. These procedures are in accordance with SSA Regulations (20 CFR 401.65).

Record Source Categories:

Information in this system of records is obtained from existing systems of records such as the Claims Folder System, 60-0089, Master Beneficiary Record, 60-0090, Supplemental Security Income Record and Special Veterans Benefits, 60-0103 and the Master Representative Payee File, 60-0222.

Systems Exempt From Certain Provisions of the Privacy Act:

None.