[Federal Register Volume 65, Number 234 (Tuesday, December 5, 2000)]
[Notices]
[Pages 75995-75999]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 00-30836]


-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974, as Amended; New System of Records and 
Routine Use Disclosures

AGENCY: Social Security Administration (SSA).

ACTION: New System of Records and Proposed New Routine Uses.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act (5 U.S.C. 552a(e)(4)) and 
(e)(11)), we are issuing public notice of our intent to establish a new 
system of records entitled, the Social Security Administration's 
Customer PIN/Password (PPW) Master File System (hereinafter referred to 
as the Customer PPW Master File System) and routine uses applicable to 
this system. The proposed Customer PPW Master File System will maintain 
information collected for use in connection with SSA's implementation 
of a personal identification number (PIN)/Password system that allows 
Social Security program applicants, beneficiaries and other customers 
to conduct business with SSA in an electronic business environment.
    The proposed Customer PPW Master File System will provide for 
routine use disclosures in connection with our administration of the 
Social Security Act or as mandated by Federal law. We invite public 
comment on this proposal.

DATES: We filed a report of the proposed new system of records with the 
Chairman of the Senate Governmental Affairs Committee, the Chairman of 
the House Reform and Oversight Committee, and the Director, Office of 
Information and Regulatory Affairs, Office of Management and Budget 
(OMB) on November 28, 2000. The proposed system of records, including 
the proposed routine uses, will become effective on January 13, 2001, 
unless we receive comments that would warrant the system of records not 
being implemented.

ADDRESSES: Interested individuals may comment on this publication by 
writing to the SSA Privacy Officer, Social Security Administration, 3-
F-1 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235. All comments received will be available for public inspection at 
the above address.

FOR FURTHER INFORMATION CONTACT: Ms. Joan Peddicord, Social Insurance 
Policy Specialist, Social Security Administration, Room 3-C-3 
Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235, telephone (410) 966-6491.

[[Page 75996]]


SUPPLEMENTARY INFORMATION:

1. Background and Purpose of the Proposed Customer PPW Master File 
System

    SSA has a number of electronic initiatives underway that support 
the government mandate directing federal agencies to use information 
technology to offer more efficient and accessible service channels to 
the public. To support some of SSA's electronic initiatives, and after 
careful study and development, the Agency created the PPW 
infrastructure that will allow customers to conduct transactions with 
SSA on a routine basis through the Internet and toll free automated 
touch tone response telephone system. The PPW infrastructure will 
enable SSA to offer customers a specific suite of services that require 
a PIN/Password system. Using a PPW process, our customers will be able 
to apply for social security program benefits or view and possibly 
change personal record information, such as mailing address, through 
secure online transactions.
    Customers must elect (opt-in) to use the PPW process to conduct 
electronic transactions with SSA. Those who opt-in may include 
applicants for Social Security benefits, current beneficiaries in pay 
or non-pay status and other customers who choose these electronic 
service delivery options to conduct business with SSA. Customers who 
initially choose to use the PPW process may later elect out (opt-out) 
of the system by requesting SSA to block access to their records. SSA 
will disable the PPW capabilities to the records of customers making 
this request, thus blocking any access to the record.
    Further, customers who receive information soliciting their 
interest in using the PPW process may want to ensure that no electronic 
access to their records can occur. They may also elect out, and SSA 
will also disable the PPW capabilities to the records of these 
customers, thus blocking any access to the record.

Establishment of the PPW Infrastructure

    The Agency first identified and developed the underlying principles 
to support a PPW business process. These principles intentionally 
focused on the framework to implement a successful PPW process in the 
various electronic applications SSA develops for customer service 
initiatives. For example, the PPW infrastructure is designed to:

 Support all direct customer service delivery by SSA,
 Maximize the level of automation involved in assigning, 
maintaining and using the PPW services,
 Minimize the manual intervention of SSA employees in the PPW 
process, and
 Limit customer information access to that which is appropriate 
to the means used in obtaining the password.

    SSA also established authentication requirements for its electronic 
application and transaction processes that the PPW infrastructure is 
designed to support. These authentication requirements allow SSA to 
verify the identity of users of the Internet and automated telephone 
system electronic services. The process for SSA customers to obtain 
passwords and the corresponding authentication required to use these 
passwords for a determined set of electronic services share a number of 
principles:

 Customers must opt-in to the PPW process by indicating to SSA 
their interest in obtaining a password.
 A customer must have a Password Request Code (PRC) to begin 
the process of obtaining a password. A PRC has one purpose--to identify 
a customer who may wish to obtain an SSA password.
 PRCs are electronically generated and assigned to customers by 
SSA and will only be accessible to a limited number of SSA system 
employees who maintain the PPW system.
 PRCs are sent to customers through the US Mail.
 The authentication parameters for various electronic services 
depend on the level of sensitivity assigned to the particular 
application or transaction to be conducted and the customer's current 
relationship to the Agency.

2. Collection, Maintenance and Use of Data in the Proposed Customer PPW 
Master File System

    The information maintained in this system of records will be 
collected from customers who elect to conduct transactions with SSA in 
an electronic business environment that requires the PPW 
infrastructure. The information maintained will include identifying 
information such as the customer's name, Social Security number (SSN) 
(which functions as the individual's PIN) and mailing address. The 
system will also maintain the customer's PRC, the password itself and 
the authorization level and associated data (e.g., effective date of 
authorization).
    We will also maintain transactional data elements necessary to 
administer and maintain the PPW infrastructure. These include access 
profile information such as blocked PINs, failed access data, effective 
date of password and other data linked to the required authentication 
processes for Internet and automated telephone system applications. The 
information on this system may also include archived transaction data 
and historical data.
    SSA will use the data in the proposed system for management 
information purposes in order to effectively administer the PPW 
infrastructure used to conduct electronic business with SSA customers. 
Because we will maintain and retrieve data from the proposed system of 
records by the customer's SSN (which acts as the individual's PIN), the 
database will constitute a ``system of records'' under the Privacy Act.

3. Proposed Routine Use Disclosures of Data Maintained in the Proposed 
Customer PPW Master File System

    We are proposing to establish routine uses of information that will 
be maintained in the proposed system as discussed below.
    A. Disclosure to the Office of the President for the purpose of 
responding to an individual pursuant to an inquiry received from that 
individual or from a third party on his or her behalf.
    We will disclose information under this routine use only in 
situations in which an individual may contact the Office of the 
President, seeking that office's assistance in an SSA matter on his or 
her behalf involving this system of records. Information would be 
disclosed when the Office of the President makes an inquiry and 
presents evidence that the office is acting on behalf of the individual 
whose record is requested.
    B. Disclosure to a congressional office in response to an inquiry 
from that office made at the request of the subject of a record.
    We will disclose information under this routine use only in 
situations in which an individual may ask his her congressional 
representative to intercede in an SSA matter on his or her behalf 
involving this system of records. Information would be disclosed when 
the congressional representative makes an inquiry and presents evidence 
that he or she is acting on behalf of the individual whose record is 
requested.
    C. To the Department of Justice (DOJ), a court or other tribunal 
(either foreign or domestic), or another party before such tribunal 
when:
    (a) SSA, or any component thereof; or
    (b) Any SSA employee in his/her official capacity; or
    (c) Any SSA employee in his/her individual capacity where DOJ (or 
SSA where it is authorized to do so) has agreed to represent the 
employee; or

[[Page 75997]]

    (d) The United States or any agency thereof where SSA determines 
that the litigation is likely to affect the operations of SSA or any of 
its components,
is a party to the litigation or has an interest in such litigation, and 
SSA determines that the use of such records by DOJ, the court or other 
tribunal is relevant and necessary to the litigation, provided however, 
that in each case, SSA determines that such disclosure is compatible 
with the purpose for which the records were collected.
    We will disclose information under this routine use only as 
necessary to enable DOJ, a court or other tribunal to effectively 
defend SSA, its components or employees in litigation involving the 
proposed system of records.
    D. Disclosure to contractors and other Federal agencies, as 
necessary, for the purpose of assisting SSA in the efficient 
administration of its programs.
    We will disclose information under this routine use only in 
situations in which SSA may enter into a contractual agreement or 
similar agreement with a third party to assist in accomplishing an 
agency function relating to this system of records.
    E. Nontax return information which is not restricted from 
disclosure by federal law may be disclosed to the General Services 
Administration (GSA) and the National Archives and Records 
Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by NARA 
Act of 1984, for the use of those agencies in conducting records 
management studies.
    The Administrator of GSA and the Archivist of NARA are charged by 
44 U.S.C. 2904 with promulgating standards, procedures and guidelines 
regarding records management and conducting records management studies. 
Section 2906 of that law, also amended by the NARA Act of 1984, 
provides that GSA and NARA are to have access to federal agencies' 
records and that agencies are to cooperate with GSA and NARA. In 
carrying out these responsibilities, it may be necessary for GSA and 
NARA to have access to this proposed system of records. In such 
instances, the routine use will facilitate disclosure.

4. Compatibility of Proposed Routine Uses

    The Privacy Act (5 U.S.C. 552a(b)(3)) and our disclosure 
regulations (20 CFR Part 401) permit us to disclose information under a 
published routine use for a purpose which is compatible with the 
purpose for which we collected the information. Section 401.150(c) of 
the regulations permits us to disclose information under a routine use 
where necessary to assist in carrying out SSA programs. Section 401.120 
of the regulations provides that we will disclose information when a 
law specifically requires the disclosure. The proposed routine uses 
lettered A-D above will ensure efficient maintenance of the Customer 
PPW Master File System; the disclosures that would be made under 
routine use ``E'' are required by Federal law. Thus, all of the routine 
uses are appropriate and meet the relevant statutory and regulatory 
criteria.

5. Records Storage Medium and Safeguards for The Proposed Customer 
PPW Master File System

    We will maintain information in the proposed Customer PPW Master 
File System in electronic form, computer data systems and paper form. 
Only authorized SSA personnel who have a need for the information in 
the performance of their official duties will be permitted access to 
the information.
    Computer firewall technology, data encryption and other systems 
security measures will ensure that the PPW system is protected from 
inappropriate access. The existing SSA firewall architecture ensures 
that customers will be limited only to electronic transactions the 
Agency determines and will not be able to access SSA's other systems or 
data.
    Security measures also include the use of access codes to enter the 
computer systems that will maintain the data and storage of the 
computerized records in secured areas that are accessible only to 
employees who require the information in performing their official 
duties. Any manually maintained records will be kept in locked cabinets 
or in otherwise secure areas. Also, all buildings housing this data are 
accessible to authorized personnel only, with entrances and exits 
supervised by security guards. Contractor personnel having access to 
data in the proposed system of records will be required to adhere to 
SSA rules concerning safeguards, access and use of the data. SSA 
personnel having access to the data on these systems will be informed 
of the criminal penalties of the Privacy Act for unauthorized access to 
or disclosure of information maintained in this system. See 5 U.S.C. 
552a(i)(1).

6. Effect of the Proposed Customer PPW Master File System on the 
Rights of Individuals

    The proposed new system will maintain the necessary data elements 
to effectively administer the PPW infrastructure used to conduct 
electronic business with SSA customers. SSA has developed a strategy 
that makes SSA electronic services more readily available via the 
Internet and automated telephone systems but with the commensurate 
privacy and security protections to ensure appropriate use of this new 
system. We will not collect any unnecessary information and will 
protect the personal information that does need to be gathered for the 
Customer PPW Master File System. There are existing security standards 
that protect access to and disclosure of records in this proposed new 
system. We will not use the information in any manner that will be 
adverse to the individuals to whom it pertains. Thus, we do not 
anticipate that the Customer PPW Master File System will have any 
unwarranted adverse effect on individuals.

    Dated: November 28, 2000.
Kenneth S. Apfel,
Commissioner of Social Security.
60-0290

System Name:
    Social Security Administration's Customer PIN/Password (PPW) Master 
File System.

Security Classification:
    None.

System Location:
    Social Security Administration, Office of Systems, 6401 Security 
Boulevard, Baltimore, Maryland 21235.

Categories of Individuals covered by the System:
    All SSA customers (applicants, beneficiaries and other customers) 
who elect to conduct transactions with SSA in an electronic business 
environment that requires the PPW infrastructure. This may include 
customers who elect to block PPW access to SSA electronic transactions 
by requesting SSA to disable their PPW capabilities.

Categories of records in the system:
    The information maintained in this system of records is collected 
from customers who elect to conduct transactions with SSA in an 
electronic business environment that requires the PPW infrastructure. 
The information maintained includes identifying information such as the 
customer's name, Social Security number (which functions as the 
individual's personal identification number (PIN) and mailing address. 
The system also maintains the customer's Password Request Code (PRC), 
the password itself and the authorization level and associated data 
(e.g., effective date of authorization).

[[Page 75998]]

    We also maintain transactional data elements necessary to 
administer and maintain the PPW infrastructure. These include access 
profile information such as blocked PINs, failed access data, effective 
date of password and other data linked to the required authentication 
processes for Internet and automated telephone system applications. The 
information on this system may also include archived transaction data 
and historical data.
    SSA will also use the data in the proposed system for management 
information purposes in order to effectively administer the PPW 
infrastructure used to conduct electronic business with SSA customers. 
Because we will maintain and retrieve data from the proposed system of 
records by the customer's SSN (which acts as the individual's PIN), the 
database will constitute a ``system of records'' under the Privacy Act.

Authority for maintenance of the system:
    Section 205(a) of the Social Security Act; 5 U.S.C. 552a(e)(10) of 
the Privacy Act; and the Government Paperwork Elimination Act.

Purpose(s):
    The Customer PPW Master File System maintains information collected 
for use in connection with SSA's implementation of a PIN/Password 
system that allows Social Security program applicants, beneficiaries 
and other customers to conduct business with SSA in an electronic 
business environment. The system of records is designed to permit entry 
and retrieval of information associated with maintaining a PPW 
infrastructure that supports SSA's electronic initiatives requiring a 
PPW entry process.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    Disclosure may be made for routine uses as indicated below:
    (1) Disclosure to the Office of the President for the purpose of 
responding to an individual pursuant to an inquiry received from that 
individual or from a third party on his or her behalf.
    (2) Disclosure to a congressional office in response to an inquiry 
from that office made at the request of the subject of a record.
    (3) To the Department of Justice (DOJ), a court, or other tribunal 
(either foreign or domestic) or another party before such tribunal 
when:
    (a) SSA, or any component thereof; or
    (b) any SSA employee in his/her official capacity; or
    (c) any SSA employee in his/her individual capacity where DOJ (or 
SSA where it is authorized to do so) has agreed to represent the 
employee; or
    (d) the United States or any agency thereof where SSA determines 
that the litigation is likely to affect the operations of SSA or any of 
its components, is a party to the litigation or has an interest in such 
litigation, and SSA determines that the use of such records by DOJ, the 
court or other tribunal is relevant and necessary to the litigation, 
provided, however, that in each case, SSA determines that such 
disclosure is compatible with the purpose for which the records were 
collected.
    (4) Disclosure to contractors and other Federal agencies, as 
necessary, for the purpose of assisting SSA in the efficient 
administration of its programs.
    (5) Nontax return information which is not restricted from 
disclosure by federal law may be disclosed to the General Services 
Administration (GSA) and the National Archives and Records 
Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by NARA 
Act of 1984, for the use of those agencies in conducting records 
management studies.
Policies and practices for storing, retrieving, accessing, retaining 
and disposing of records in the system:

Storage:
    Data are stored in electronic and paper form.

Retrievability:
    Records in this system are indexed and retrieved by SSN (which acts 
as the individual's PIN).

Safeguards:
    Security measures include computer firewall technology, data 
encryption and other systems security measures to ensure that the PPW 
system is protected from inappropriate access. The existing SSA 
firewall architecture ensures that customers are limited only to 
electronic transactions the Agency determines and will not be able to 
access SSA's other systems or data.
    Security measures also include the use of access codes to enter the 
database and storage of the electronic records in secured areas which 
are accessible only to employees who require the information in 
performing their official duties. The paper records that result from 
the data base site are kept in locked cabinets or in otherwise secure 
areas. Contractor personnel having access to data in the system of 
records are required to adhere to SSA rules concerning safeguards, 
access, and use of the data. SSA personnel having access to the data on 
this system are informed of the criminal penalties of the Privacy Act 
for unauthorized access to or disclosure of information maintained in 
this system of records.

Retention and disposal:
    PPW information maintained in this system is retained until 
notification of the death of the account holder plus seven years. Means 
of disposal is appropriate to storage medium (e.g., deletion of 
individual records from the data base when appropriate or shredding of 
paper records that are produced from the system).

System manager and address:
    Social Security Administration, Associate Commissioner, Office of 
Program Benefits, 6401 Security Boulevard, Baltimore, Maryland, 21235.

Notification procedure:
    An individual can determine if this system contains a record about 
him/her by writing to the system manager at the above address and 
providing his/her name, SSN or other information that may be in the 
system of records that will identify him/her. An individual requesting 
notification of records in person should provide the same information, 
as well as provide an identity document, preferably with a photograph, 
such as a driver's license or some other means of identification, such 
as a voter registration card, credit card, etc. If an individual does 
not have any identification document sufficient to establish his/her 
identity, the individual must certify in writing that he/she is the 
person claimed to be and that he/she understands that the knowing and 
willful request for, or acquisition of, a record pertaining to another 
individual under false pretenses is a criminal offense.
    If notification is requested by telephone, an individual must 
verify his/her identity by providing identifying information that 
parallels the record to which notification is being requested. If it is 
determined that the identifying information provided by telephone is 
insufficient, the individual will be required to submit a request in 
writing or in person. If an individual is requesting information by 
telephone on behalf of another individual, the subject individual must 
be connected with SSA and the requesting individual in the same phone 
call. SSA will establish the subject individual's identity (his/her 
name, SSN, address, date of birth and place of birth along with one 
other piece of information such as mother's maiden name) and ask for 
his/her permission in providing access by telephone to the requesting 
individual.

[[Page 75999]]

    If a request for notification is submitted by mail, an individual 
must include a notarized statement to SSA to verify his/her identity or 
must certify in the request that he/she is the person claimed to be and 
that he/she understands that the knowing and willful request for, or 
acquisition of, a record pertaining to another individual under false 
pretenses is a criminal offense.
    These procedures are in accordance with SSA Regulations 20 CFR 
401.45.

Record access procedures:
    Same as notification procedures. Requesters should also reasonably 
specify the record contents being sought. These procedures are in 
accordance with SSA Regulations 20 CFR 401.50.

Contesting record procedures:
    Same as notification procedures. Requesters should also reasonably 
identify the record, specify the information they are contesting, and 
state the corrective action sought and the reasons for the correction 
with supporting justification showing how the record is untimely, 
incomplete, inaccurate, or irrelevant. These procedures are in 
accordance with SSA Regulations 20 CFR 401.65.

Record source categories:
    Data for the system are obtained primarily from the individuals to 
whom the record pertains.

Systems exempted from certain provisions of the Privacy Act:
    None.

[FR Doc. 00-30836 Filed 12-4-00; 8:45 am]
BILLING CODE 4191-02-P