Privacy Act of 1974; Report of New System of Records and Routine Uses

AGENCY:

Social Security Administration.

ACTION:

New system of records and routine uses.

SUMMARY:

In accordance with the Privacy Act, 5 U.S.C. 552a(e)(4) and (e)(11), we are issuing public notice of our intent to establish a new system of records. The proposed system of records is entitled Records of Individuals Authorized Entry into Secured Areas by Digital Lock Systems, Electronic Key Card Systems or Other Electronic Access Devices, SSA/RO 60-0270. The proposed system will maintain records on individuals authorized to enter secured areas in SSA regional offices, field offices, teleservice centers, program service centers, hearing offices and satellite facilities. We invite public comments on the proposed system and the routine uses.

DATES:

We filed a report of the proposed system with the Chairman, Committee on Government Reform and Oversight, House of Representatives, the Chairman, Committee on Governmental Affairs, United States Senate, and the Director, Office of Information and Regulatory Affairs, Office of Management and Budget on December 4, 2000. We have requested OMB to waive the 40-day advance notice period. If OMB does not waive the 40-day advance period, we will not implement the proposed system until January 15, 2001, unless we receive comments on or before that date that would result in a contrary determination.

ADDRESSES:

Interested individuals may comment on this publication by writing to the SSA Privacy Officer, Social Security Administration, 3-A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235. All comments received will be available at the above address for public inspection and photocopying between 8 a.m. and 4:30 p.m., Monday through Friday.

FOR FURTHER INFORMATION CONTACT:

Ms. Cetta Ruzicka, Social Insurance Policy Specialist, Office of Disclosure Policy, Social Security Administration, 3-A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235, Telephone (410) 965-1743.

SUPPLEMENTARY INFORMATION:

I. Purpose of the Proposed System

SSA is responsible for ensuring the safety of personnel and for safeguarding government records and property in its facilities. Through the use of digital lock systems, electronic key card systems or other electronic access devices, SSA is able to monitor and control the access to its facilities. The digital lock systems, electronic key card systems and other electronic access devices have the capacity to maintain entry and exit data, such as the name and/or personal identification number (PIN) of the individual entering the secured area, the location of the secured area, the date of the entry and the time of the entry and exit. Data in the system is used for security purposes and may be used in a disciplinary action.

II. Collection and Maintenance of Data in the Proposed System

SSA security personnel will assign a PIN to each individual who is authorized to enter secured areas. For electronic key card systems, the name of the individual and assigned PIN will be encoded on the key card. Security personnel will maintain a computer file of the name of the individual and the assigned PIN.

To enter secured areas, an individual manually enters his or her PIN into the digital or electronic access device, or in the case of an electronic key card system, the individual uses his or her key card to facilitate entry. These systems maintain a record of the name and/or PIN of the individual, the entry point, the date of the entry and the time of the entry. Some digital lock systems and electronic lock system are connected to computer systems that maintain the information in computer files. Information will be retrieved by individuals' names and/or PINs.

Only authorized SSA personnel will download and print information from computer files, digital lock systems, electronic key card systems or other electronic access devices. The information will be maintained in file folders and disclosed to Agency personnel on a need-to-know basis or to other individuals or entities consistent with the routine uses below.

III. Proposed Routine Uses of Information in the System

We are proposing to establish routine uses of information that will be maintained in the system as discussed below.

1. To disclose pertinent information to the appropriate Federal, state or local agency responsible for investigating, prosecuting, enforcing or implementing a statute, rule or regulation, or order when the Agency becomes aware of an indication of a violation of civil or criminal law or regulations pertaining to this system of records.

We contemplate disclosing information under this routine use to law enforcement entities that are responsible for investigating alleged violations of civil or criminal statutes or alleged violations of Standards of Conduct governing Federal employees.

2. To a congressional office in response to an inquiry from that office made at the request of the subject of the record.

We contemplate disclosing information under this routine use only in situations in which an individual may ask his or her congressional representative to intercede in an SSA matter on his or her behalf. Information will be disclosed when the congressional representative makes an inquiry and presents evidence that he or she is acting on behalf of the individual whose record is requested.

3. To the Department of Justice (DOJ), a court or other tribunal (including an adjudicative or administrative body, or other third-party before such tribunal when:

(a) SSA, or any component thereof; or

(b) Any SSA employee in his/her official capacity; or

(c) Any SSA employee in his/her individual capacity where DOJ (or SSA where it is authorized to do so) has agreed to represent the employee; or

(d) The United States or any agency thereof where SSA determines that the litigation is likely to affect the operations of SSA or any of its components is a party to litigation or has an interest in such litigation; and SSA determines that the use of such records by DOJ, the court or other tribunal is relevant and necessary to the litigation.

We contemplate disclosing information under this routine use, as necessary, to enable the Department of Justice to effectively defend SSA, its components or employees. We contemplate disclosing information under this routine use when SSA has an interest in litigation involving the proposed systems of records and/or the records contained therein.

4. Nontax return information which is not restricted from disclosure by federal law may be disclosed to the General Services Administration (GSA) and the National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by NARA Act of 1984, for the use of those agencies in conducting records management studies.

The Administrator of GSA and the Archivist of NARA are charged by 44 U.S.C. 2904 with promulgating standards, procedures and guidelines regarding records management and conducting records management studies. Section 2906 of that law, also amended by the NARA Act of 1984, provides that GSA and NARA are to have access to federal agencies' records and that agencies are to cooperate with GSA and NARA. In carrying out these responsibilities, it may be necessary for GSA and NARA to have access to this proposed system of records. In such instances, the routine use will facilitate disclosure.

IV. Compatibility of Proposed Routine Use

The Privacy Act (5 U.S.C. 552a(b)(3)) and our disclosure regulations (20 CFR Part 401) permit us to disclose information under a published routine use for a purpose which is compatible with the purpose for which we collected the information. Section 401.150(c) of the regulations permits us to disclose information under a routine use where necessary to assist in carrying out SSA programs. Section 401.120 of the regulations provides that we will disclose information when a law specifically requires the disclosure. The proposed routine uses numbered 1-3 above will ensure efficient administration of Social Security programs; the disclosures that would be made under routine use number 4 is required by Federal law. Thus, all of the routine uses are appropriate and meet the relevant statutory and regulatory criteria.

V. Records Storage Medium and Safeguards

We will maintain information in digital lock systems, electronic key card systems, or other electronic access devices, computer memory (including floppy diskettes) and paper form. Only SSA security personnel who have a need for the information in the performance of their official duties will be permitted to retrieve information.

VI. Effect of the System on Individuals

The proposed system will maintain information that could lead to administrative, civil or criminal action. This action would occur only after an investigation. Individuals will be afforded all appropriate due process and appeal rights. Thus, we do not anticipate that the proposed system will have any unwarranted adverse effect on the privacy of individuals.

Social Security Administration Notice of System of Records Required by the Privacy Act of 1974

System number: SSA, RO-60-0270.

System name: Records of Individuals Authorized Entry into Secured Areas by Digital Lock Systems, Electronic Key Card Systems or Other Electronic Access Devices, SSA.

Security classification: None.

System Location: Social Security Administration, Offices of the Regional Commissioners.

Categories of individuals covered by the system: Those individuals who are authorized entry into secured areas in regional offices, field offices, teleservice centers, program service centers, hearings offices and satellite facilities.

Categories of records in the system: This system of records contains the name and/or personal identifying number(s) for each individual who is authorized to enter secured areas in regional offices, field offices, teleservice centers, program service centers, hearing offices and satellite facilities. The system also contains the entry point, the date of entry and the time of entry.

Authority for maintenance of the system: 42 U.S.C. 902 and 1302; 5 U.S.C. 552a(e)(10); 41 CFR 101-20.302.

Purpose(s): The principal purpose is to maintain a record of individuals who entered secured areas in the Social Security Administration's facilities and to ensure the security of personnel and property. The system of record may also be used in a disciplinary action.

Routine uses of records maintained by the system, including categories of users and the purposes of such uses: Disclosure may be made for routine uses as indicated below:

1. To disclose pertinent information to the appropriate Federal, state or local agency responsible for investigating, prosecuting, enforcing or implementing a statute, rule or regulation, or order when the Agency becomes aware of an indication of a violation of civil or criminal law or regulations pertaining to this system of records.

2. To a congressional office in response to an inquiry from that office made at the request of the subject of the record.

3. To the Department of Justice (DOJ), a court or other tribunal, (including an adjudicative or administrative body) or other third-party before such tribunal when:

(a) SSA, or any component thereof; or

(b) Any SSA employee in his/her official capacity; or

(c) Any SSA employee in his/her individual capacity where DOJ (or SSA where it is authorized to do so) has agreed to represent the employee; or

(d) The United States or any agency thereof where SSA determines that the litigation is likely to affect the operations of SSA or any of its components is a party to litigation or has an interest in such litigation: and SSA determines that the use of such records by DOJ, the court or other tribunal is relevant and necessary to the litigation.

4. Nontax return information which is not restricted from disclosure by federal law may be disclosed to the General Services (GSA) and the National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by NARA Act of 1984, for the use of those agencies in conducting records management studies.

Policies and Practices for Storing, Retrieving, Accessing, Retaining and Disposing of Records in the System

Storage: Records in this system are stored in the digital lock systems, electronic key card systems, other electronic access devices, computer memory (including floppy diskettes) and paper form.

Retrievability: Records in this system may be retrieved by name of the individual, by assigned personal identifying number(s), by date, by time period, and by entry point.

Safeguards: Only authorized SSA personnel have access to this system of records. Employees who are authorized to retrieve records will be assigned a personal identification number (PIN) and passwords. The information will be processed in a manner that will protect confidentiality and in such a way that unauthorized individuals cannot retrieve it by means of computer, remote terminal or other means. The paper records that result from the digital lock or other electronic access systems are kept in locked cabinets or in otherwise secure areas. All SSA employees, including contractor personnel, having access to data in the system of records are required to adhere to SSA rules concerning safeguards, access, and use of the data. They also are informed of the criminal penalties of the Privacy Act for unauthorized access to or disclosure of information maintained in this system of records.

Retention and disposal: SSA retains records in this system up to 3 years following the expiration of an individual's authority to enter into secured areas. SSA destroys a paper record by shredding and a non-paper record by deleting-wiping it from the digital, magnetic and/or computer memory.

System manager(s) and address: The systems manager will be the Regional Security Officer (or his/her designee) in those Regions where SSA purchases digital lock systems, electronic key card systems or other electronic access devices.

Region I—Boston: Social Security Administration, Regional Security Officer, Room 1975, JFK Federal Building, Boston, Massachusetts 02203-1101, Telephone: (617) 565-2852.

Region II—New York: Social Security Administration, Regional Security Officer, 26 Federal Plaza, Room 4011, New York, New York 10278, Telephone: (212) 264-1716.

Region III—Philadelphia: Social Security Administration, P.O. Box 8788, Philadelphia, Pennsylvania 19101, Telephone: (215) 597-8531.

Region IV—Atlanta: Social Security Administration, Atlanta Regional Security Office, Security and Integrity Team, P.O. Box 10085, Birmingham, Alabama 35202, Telephone: (205) 801-1300.

Region V—Chicago: Social Security Administration, Center for Material Resources, Security and Integrity Section, Box 87479, Chicago, Illinois 60680, Telephone: (312) 353-1224.

Region VI—Dallas: Social Security Administration, MB-1 Room 1400, Management and Budget, ATTN: RSO, 1200 Main Tower Building, Suite M110 Dallas, Texas 75202-4324, Telephone: (214) 767-4331.

Region VII—Kansas City: Social Security Administration, MAMPSC, SIS, 601 East Twelfth Street, P.O. Box 15625, Kansas City, Missouri 64106, Telephone: (816) 426-3095.

Region VIII—Denver: Social Security Administration /M&B/BFS, Attn: Regional Security Office, 1961 Stout Street, Room 325, Denver, Colorado 80294-3538, Telephone: (303) 844-3347.

Region IX—San Francisco: Social Security Administration, FHFB, Field Facilities Team, P.O. Box 4205, Richmond, California 98402, Telephone: (510) 970-8340.

Region X—Seattle: Social Security Administration, Security and Integrity Team, Suite 2900, M/S-291B, 701 Fifth Avenue, Seattle, Washington 98104-7006, Telephone: (206) 615-2150.

Notification procedure: An individual may determine if this system contains a record about him or her by writing to the systems manager. When requesting notification, the individual should provide his or her name and/or personal identifying number(s) and refer to this system.

Record access procedures: Same as notification procedures. Requestors should also reasonably specify the contents of the record being sought.

Contesting record procedures: Same as notification procedures. Requestors should also reasonably: identify the particular record; specify whether he/she is seeking an addition to or a deletion or substitution of the record; and state his/her reason(s) for requesting corrective action or amendment to the record (e.g., why it is not accurate, timely, complete, relevant or necessary).

Record source categories: SSA obtains information in this system from the individuals who are covered by the system or the security personnel.

Systems exempted from certain provisions of the Privacy Act: None.