Privacy Act of 1974, as Amended; New System of Records and Routine Use Disclosures

AGENCY:

Social Security Administration (SSA).

ACTION:

New System of Records and Proposed New Routine Uses.

SUMMARY:

In accordance with the Privacy Act (5 U.S.C. 552a(e)(4)) and (e)(11)), we are issuing public notice of our intent to establish a new system of records entitled, the Social Security Administration's Customer PIN/Password (PPW) Master File System (hereinafter referred to as the Customer PPW Master File System) and routine uses applicable to this system. The proposed Customer PPW Master File System will maintain information collected for use in connection with SSA's implementation of a personal identification number (PIN)/Password system that allows Social Security program applicants, beneficiaries and other customers to conduct business with SSA in an electronic business environment.

The proposed Customer PPW Master File System will provide for routine use disclosures in connection with our administration of the Social Security Act or as mandated by Federal law. We invite public comment on this proposal.

DATES:

We filed a report of the proposed new system of records with the Chairman of the Senate Governmental Affairs Committee, the Chairman of the House Reform and Oversight Committee, and the Director, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB) on November 28, 2000. The proposed system of records, including the proposed routine uses, will become effective on January 13, 2001, unless we receive comments that would warrant the system of records not being implemented.

ADDRESSES:

Interested individuals may comment on this publication by writing to the SSA Privacy Officer, Social Security Administration, 3-F-1 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235. All comments received will be available for public inspection at the above address.

FOR FURTHER INFORMATION CONTACT:

Ms. Joan Peddicord, Social Insurance Policy Specialist, Social Security Administration, Room 3-C-3 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235, telephone (410) 966-6491.

SUPPLEMENTARY INFORMATION:

1. Background and Purpose of the Proposed Customer PPW Master File System

SSA has a number of electronic initiatives underway that support the government mandate directing federal agencies to use information technology to offer more efficient and accessible service channels to the public. To support some of SSA's electronic initiatives, and after careful study and development, the Agency created the PPW infrastructure that will allow customers to conduct transactions with SSA on a routine basis through the Internet and toll free automated touch tone response telephone system. The PPW infrastructure will enable SSA to offer customers a specific suite of services that require a PIN/Password system. Using a PPW process, our customers will be able to apply for social security program benefits or view and possibly change personal record information, such as mailing address, through secure online transactions.

Customers must elect (opt-in) to use the PPW process to conduct electronic transactions with SSA. Those who opt-in may include applicants for Social Security benefits, current beneficiaries in pay or non-pay status and other customers who choose these electronic service delivery options to conduct business with SSA. Customers who initially choose to use the PPW process may later elect out (opt-out) of the system by requesting SSA to block access to their records. SSA will disable the PPW capabilities to the records of customers making this request, thus blocking any access to the record.

Further, customers who receive information soliciting their interest in using the PPW process may want to ensure that no electronic access to their records can occur. They may also elect out, and SSA will also disable the PPW capabilities to the records of these customers, thus blocking any access to the record.

Establishment of the PPW Infrastructure

The Agency first identified and developed the underlying principles to support a PPW business process. These principles intentionally focused on the framework to implement a successful PPW process in the various electronic applications SSA develops for customer service initiatives. For example, the PPW infrastructure is designed to:

• Support all direct customer service delivery by SSA,
• Maximize the level of automation involved in assigning, maintaining and using the PPW services,
• Minimize the manual intervention of SSA employees in the PPW process, and
• Limit customer information access to that which is appropriate to the means used in obtaining the password.

SSA also established authentication requirements for its electronic application and transaction processes that the PPW infrastructure is designed to support. These authentication requirements allow SSA to verify the identity of users of the Internet and automated telephone system electronic services. The process for SSA customers to obtain passwords and the corresponding authentication required to use these passwords for a determined set of electronic services share a number of principles:

• Customers must opt-in to the PPW process by indicating to SSA their interest in obtaining a password.
• A customer must have a Password Request Code (PRC) to begin the process of obtaining a password. A PRC has one purpose—to identify a customer who may wish to obtain an SSA password.
• PRCs are electronically generated and assigned to customers by SSA and will only be accessible to a limited number of SSA system employees who maintain the PPW system.
• PRCs are sent to customers through the US Mail.
• The authentication parameters for various electronic services depend on the level of sensitivity assigned to the particular application or transaction to be conducted and the customer's current relationship to the Agency.

2. Collection, Maintenance and Use of Data in the Proposed Customer PPW Master File System

The information maintained in this system of records will be collected from customers who elect to conduct transactions with SSA in an electronic business environment that requires the PPW infrastructure. The information maintained will include identifying information such as the customer's name, Social Security number (SSN) (which functions as the individual's PIN) and mailing address. The system will also maintain the customer's PRC, the password itself and the authorization level and associated data (e.g., effective date of authorization).

We will also maintain transactional data elements necessary to administer and maintain the PPW infrastructure. These include access profile information such as blocked PINs, failed access data, effective date of password and other data linked to the required authentication processes for Internet and automated telephone system applications. The information on this system may also include archived transaction data and historical data.

SSA will use the data in the proposed system for management information purposes in order to effectively administer the PPW infrastructure used to conduct electronic business with SSA customers. Because we will maintain and retrieve data from the proposed system of records by the customer's SSN (which acts as the individual's PIN), the database will constitute a “system of records” under the Privacy Act.

3. Proposed Routine Use Disclosures of Data Maintained in the Proposed Customer PPW Master File System

We are proposing to establish routine uses of information that will be maintained in the proposed system as discussed below.

A. Disclosure to the Office of the President for the purpose of responding to an individual pursuant to an inquiry received from that individual or from a third party on his or her behalf.

We will disclose information under this routine use only in situations in which an individual may contact the Office of the President, seeking that office's assistance in an SSA matter on his or her behalf involving this system of records. Information would be disclosed when the Office of the President makes an inquiry and presents evidence that the office is acting on behalf of the individual whose record is requested.

B. Disclosure to a congressional office in response to an inquiry from that office made at the request of the subject of a record.

We will disclose information under this routine use only in situations in which an individual may ask his her congressional representative to intercede in an SSA matter on his or her behalf involving this system of records. Information would be disclosed when the congressional representative makes an inquiry and presents evidence that he or she is acting on behalf of the individual whose record is requested.

C. To the Department of Justice (DOJ), a court or other tribunal (either foreign or domestic), or another party before such tribunal when:

(a) SSA, or any component thereof; or

(b) Any SSA employee in his/her official capacity; or

(c) Any SSA employee in his/her individual capacity where DOJ (or SSA where it is authorized to do so) has agreed to represent the employee; or

(d) The United States or any agency thereof where SSA determines that the litigation is likely to affect the operations of SSA or any of its components,

is a party to the litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, the court or other tribunal is relevant and necessary to the litigation, provided however, that in each case, SSA determines that such disclosure is compatible with the purpose for which the records were collected.

We will disclose information under this routine use only as necessary to enable DOJ, a court or other tribunal to effectively defend SSA, its components or employees in litigation involving the proposed system of records.

D. Disclosure to contractors and other Federal agencies, as necessary, for the purpose of assisting SSA in the efficient administration of its programs.

We will disclose information under this routine use only in situations in which SSA may enter into a contractual agreement or similar agreement with a third party to assist in accomplishing an agency function relating to this system of records.

E. Nontax return information which is not restricted from disclosure by federal law may be disclosed to the General Services Administration (GSA) and the National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by NARA Act of 1984, for the use of those agencies in conducting records management studies.

The Administrator of GSA and the Archivist of NARA are charged by 44 U.S.C. 2904 with promulgating standards, procedures and guidelines regarding records management and conducting records management studies. Section 2906 of that law, also amended by the NARA Act of 1984, provides that GSA and NARA are to have access to federal agencies' records and that agencies are to cooperate with GSA and NARA. In carrying out these responsibilities, it may be necessary for GSA and NARA to have access to this proposed system of records. In such instances, the routine use will facilitate disclosure.

4. Compatibility of Proposed Routine Uses

The Privacy Act (5 U.S.C. 552a(b)(3)) and our disclosure regulations (20 CFR Part 401) permit us to disclose information under a published routine use for a purpose which is compatible with the purpose for which we collected the information. Section 401.150(c) of the regulations permits us to disclose information under a routine use where necessary to assist in carrying out SSA programs. Section 401.120 of the regulations provides that we will disclose information when a law specifically requires the disclosure. The proposed routine uses lettered A-D above will ensure efficient maintenance of the Customer PPW Master File System; the disclosures that would be made under routine use “E” are required by Federal law. Thus, all of the routine uses are appropriate and meet the relevant statutory and regulatory criteria.

5. Records Storage Medium and Safeguards for The Proposed Customer PPW Master File System

We will maintain information in the proposed Customer PPW Master File System in electronic form, computer data systems and paper form. Only authorized SSA personnel who have a need for the information in the performance of their official duties will be permitted access to the information.

Computer firewall technology, data encryption and other systems security measures will ensure that the PPW system is protected from inappropriate access. The existing SSA firewall architecture ensures that customers will be limited only to electronic transactions the Agency determines and will not be able to access SSA's other systems or data.

Security measures also include the use of access codes to enter the computer systems that will maintain the data and storage of the computerized records in secured areas that are accessible only to employees who require the information in performing their official duties. Any manually maintained records will be kept in locked cabinets or in otherwise secure areas. Also, all buildings housing this data are accessible to authorized personnel only, with entrances and exits supervised by security guards. Contractor personnel having access to data in the proposed system of records will be required to adhere to SSA rules concerning safeguards, access and use of the data. SSA personnel having access to the data on these systems will be informed of the criminal penalties of the Privacy Act for unauthorized access to or disclosure of information maintained in this system. See 5 U.S.C. 552a(i)(1).

6. Effect of the Proposed Customer PPW Master File System on the Rights of Individuals

The proposed new system will maintain the necessary data elements to effectively administer the PPW infrastructure used to conduct electronic business with SSA customers. SSA has developed a strategy that makes SSA electronic services more readily available via the Internet and automated telephone systems but with the commensurate privacy and security protections to ensure appropriate use of this new system. We will not collect any unnecessary information and will protect the personal information that does need to be gathered for the Customer PPW Master File System. There are existing security standards that protect access to and disclosure of records in this proposed new system. We will not use the information in any manner that will be adverse to the individuals to whom it pertains. Thus, we do not anticipate that the Customer PPW Master File System will have any unwarranted adverse effect on individuals.

60-0290

System Name:

Social Security Administration's Customer PIN/Password (PPW) Master File System.

Security Classification:

None.

System Location:

Social Security Administration, Office of Systems, 6401 Security Boulevard, Baltimore, Maryland 21235.

Categories of Individuals covered by the System:

All SSA customers (applicants, beneficiaries and other customers) who elect to conduct transactions with SSA in an electronic business environment that requires the PPW infrastructure. This may include customers who elect to block PPW access to SSA electronic transactions by requesting SSA to disable their PPW capabilities.

Categories of records in the system:

The information maintained in this system of records is collected from customers who elect to conduct transactions with SSA in an electronic business environment that requires the PPW infrastructure. The information maintained includes identifying information such as the customer's name, Social Security number (which functions as the individual's personal identification number (PIN) and mailing address. The system also maintains the customer's Password Request Code (PRC), the password itself and the authorization level and associated data (e.g., effective date of authorization).

We also maintain transactional data elements necessary to administer and maintain the PPW infrastructure. These include access profile information such as blocked PINs, failed access data, effective date of password and other data linked to the required authentication processes for Internet and automated telephone system applications. The information on this system may also include archived transaction data and historical data.

SSA will also use the data in the proposed system for management information purposes in order to effectively administer the PPW infrastructure used to conduct electronic business with SSA customers. Because we will maintain and retrieve data from the proposed system of records by the customer's SSN (which acts as the individual's PIN), the database will constitute a “system of records” under the Privacy Act.

Authority for maintenance of the system:

Section 205(a) of the Social Security Act; 5 U.S.C. 552a(e)(10) of the Privacy Act; and the Government Paperwork Elimination Act.

Purpose(s):

The Customer PPW Master File System maintains information collected for use in connection with SSA's implementation of a PIN/Password system that allows Social Security program applicants, beneficiaries and other customers to conduct business with SSA in an electronic business environment. The system of records is designed to permit entry and retrieval of information associated with maintaining a PPW infrastructure that supports SSA's electronic initiatives requiring a PPW entry process.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

Disclosure may be made for routine uses as indicated below:

(1) Disclosure to the Office of the President for the purpose of responding to an individual pursuant to an inquiry received from that individual or from a third party on his or her behalf.

(2) Disclosure to a congressional office in response to an inquiry from that office made at the request of the subject of a record.

(3) To the Department of Justice (DOJ), a court, or other tribunal (either foreign or domestic) or another party before such tribunal when:

(a) SSA, or any component thereof; or

(b) any SSA employee in his/her official capacity; or

(c) any SSA employee in his/her individual capacity where DOJ (or SSA where it is authorized to do so) has agreed to represent the employee; or

(d) the United States or any agency thereof where SSA determines that the litigation is likely to affect the operations of SSA or any of its components, is a party to the litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, the court or other tribunal is relevant and necessary to the litigation, provided, however, that in each case, SSA determines that such disclosure is compatible with the purpose for which the records were collected.

(4) Disclosure to contractors and other Federal agencies, as necessary, for the purpose of assisting SSA in the efficient administration of its programs.

(5) Nontax return information which is not restricted from disclosure by federal law may be disclosed to the General Services Administration (GSA) and the National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by NARA Act of 1984, for the use of those agencies in conducting records management studies.

Policies and practices for storing, retrieving, accessing, retaining and disposing of records in the system:

Storage:

Data are stored in electronic and paper form.

Retrievability:

Records in this system are indexed and retrieved by SSN (which acts as the individual's PIN).

Safeguards:

Security measures include computer firewall technology, data encryption and other systems security measures to ensure that the PPW system is protected from inappropriate access. The existing SSA firewall architecture ensures that customers are limited only to electronic transactions the Agency determines and will not be able to access SSA's other systems or data.

Security measures also include the use of access codes to enter the database and storage of the electronic records in secured areas which are accessible only to employees who require the information in performing their official duties. The paper records that result from the data base site are kept in locked cabinets or in otherwise secure areas. Contractor personnel having access to data in the system of records are required to adhere to SSA rules concerning safeguards, access, and use of the data. SSA personnel having access to the data on this system are informed of the criminal penalties of the Privacy Act for unauthorized access to or disclosure of information maintained in this system of records.

Retention and disposal:

PPW information maintained in this system is retained until notification of the death of the account holder plus seven years. Means of disposal is appropriate to storage medium (e.g., deletion of individual records from the data base when appropriate or shredding of paper records that are produced from the system).

System manager and address:

Social Security Administration, Associate Commissioner, Office of Program Benefits, 6401 Security Boulevard, Baltimore, Maryland, 21235.

Notification procedure:

An individual can determine if this system contains a record about him/her by writing to the system manager at the above address and providing his/her name, SSN or other information that may be in the system of records that will identify him/her. An individual requesting notification of records in person should provide the same information, as well as provide an identity document, preferably with a photograph, such as a driver's license or some other means of identification, such as a voter registration card, credit card, etc. If an individual does not have any identification document sufficient to establish his/her identity, the individual must certify in writing that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.

If notification is requested by telephone, an individual must verify his/her identity by providing identifying information that parallels the record to which notification is being requested. If it is determined that the identifying information provided by telephone is insufficient, the individual will be required to submit a request in writing or in person. If an individual is requesting information by telephone on behalf of another individual, the subject individual must be connected with SSA and the requesting individual in the same phone call. SSA will establish the subject individual's identity (his/her name, SSN, address, date of birth and place of birth along with one other piece of information such as mother's maiden name) and ask for his/her permission in providing access by telephone to the requesting individual.

If a request for notification is submitted by mail, an individual must include a notarized statement to SSA to verify his/her identity or must certify in the request that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.

These procedures are in accordance with SSA Regulations 20 CFR 401.45.

Record access procedures:

Same as notification procedures. Requesters should also reasonably specify the record contents being sought. These procedures are in accordance with SSA Regulations 20 CFR 401.50.

Contesting record procedures:

Same as notification procedures. Requesters should also reasonably identify the record, specify the information they are contesting, and state the corrective action sought and the reasons for the correction with supporting justification showing how the record is untimely, incomplete, inaccurate, or irrelevant. These procedures are in accordance with SSA Regulations 20 CFR 401.65.

Record source categories:

Data for the system are obtained primarily from the individuals to whom the record pertains.

Systems exempted from certain provisions of the Privacy Act:

None.