[Federal Register Volume 65, Number 234 (Tuesday, December 5, 2000)]
[Notices]
[Pages 75995-75999]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 00-30836]
-----------------------------------------------------------------------
SOCIAL SECURITY ADMINISTRATION
Privacy Act of 1974, as Amended; New System of Records and
Routine Use Disclosures
AGENCY: Social Security Administration (SSA).
ACTION: New System of Records and Proposed New Routine Uses.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act (5 U.S.C. 552a(e)(4)) and
(e)(11)), we are issuing public notice of our intent to establish a new
system of records entitled, the Social Security Administration's
Customer PIN/Password (PPW) Master File System (hereinafter referred to
as the Customer PPW Master File System) and routine uses applicable to
this system. The proposed Customer PPW Master File System will maintain
information collected for use in connection with SSA's implementation
of a personal identification number (PIN)/Password system that allows
Social Security program applicants, beneficiaries and other customers
to conduct business with SSA in an electronic business environment.
The proposed Customer PPW Master File System will provide for
routine use disclosures in connection with our administration of the
Social Security Act or as mandated by Federal law. We invite public
comment on this proposal.
DATES: We filed a report of the proposed new system of records with the
Chairman of the Senate Governmental Affairs Committee, the Chairman of
the House Reform and Oversight Committee, and the Director, Office of
Information and Regulatory Affairs, Office of Management and Budget
(OMB) on November 28, 2000. The proposed system of records, including
the proposed routine uses, will become effective on January 13, 2001,
unless we receive comments that would warrant the system of records not
being implemented.
ADDRESSES: Interested individuals may comment on this publication by
writing to the SSA Privacy Officer, Social Security Administration, 3-
F-1 Operations Building, 6401 Security Boulevard, Baltimore, Maryland
21235. All comments received will be available for public inspection at
the above address.
FOR FURTHER INFORMATION CONTACT: Ms. Joan Peddicord, Social Insurance
Policy Specialist, Social Security Administration, Room 3-C-3
Operations Building, 6401 Security Boulevard, Baltimore, Maryland
21235, telephone (410) 966-6491.
[[Page 75996]]
SUPPLEMENTARY INFORMATION:
1. Background and Purpose of the Proposed Customer PPW Master File
System
SSA has a number of electronic initiatives underway that support
the government mandate directing federal agencies to use information
technology to offer more efficient and accessible service channels to
the public. To support some of SSA's electronic initiatives, and after
careful study and development, the Agency created the PPW
infrastructure that will allow customers to conduct transactions with
SSA on a routine basis through the Internet and toll free automated
touch tone response telephone system. The PPW infrastructure will
enable SSA to offer customers a specific suite of services that require
a PIN/Password system. Using a PPW process, our customers will be able
to apply for social security program benefits or view and possibly
change personal record information, such as mailing address, through
secure online transactions.
Customers must elect (opt-in) to use the PPW process to conduct
electronic transactions with SSA. Those who opt-in may include
applicants for Social Security benefits, current beneficiaries in pay
or non-pay status and other customers who choose these electronic
service delivery options to conduct business with SSA. Customers who
initially choose to use the PPW process may later elect out (opt-out)
of the system by requesting SSA to block access to their records. SSA
will disable the PPW capabilities to the records of customers making
this request, thus blocking any access to the record.
Further, customers who receive information soliciting their
interest in using the PPW process may want to ensure that no electronic
access to their records can occur. They may also elect out, and SSA
will also disable the PPW capabilities to the records of these
customers, thus blocking any access to the record.
Establishment of the PPW Infrastructure
The Agency first identified and developed the underlying principles
to support a PPW business process. These principles intentionally
focused on the framework to implement a successful PPW process in the
various electronic applications SSA develops for customer service
initiatives. For example, the PPW infrastructure is designed to:
Support all direct customer service delivery by SSA,
Maximize the level of automation involved in assigning,
maintaining and using the PPW services,
Minimize the manual intervention of SSA employees in the PPW
process, and
Limit customer information access to that which is appropriate
to the means used in obtaining the password.
SSA also established authentication requirements for its electronic
application and transaction processes that the PPW infrastructure is
designed to support. These authentication requirements allow SSA to
verify the identity of users of the Internet and automated telephone
system electronic services. The process for SSA customers to obtain
passwords and the corresponding authentication required to use these
passwords for a determined set of electronic services share a number of
principles:
Customers must opt-in to the PPW process by indicating to SSA
their interest in obtaining a password.
A customer must have a Password Request Code (PRC) to begin
the process of obtaining a password. A PRC has one purpose--to identify
a customer who may wish to obtain an SSA password.
PRCs are electronically generated and assigned to customers by
SSA and will only be accessible to a limited number of SSA system
employees who maintain the PPW system.
PRCs are sent to customers through the US Mail.
The authentication parameters for various electronic services
depend on the level of sensitivity assigned to the particular
application or transaction to be conducted and the customer's current
relationship to the Agency.
2. Collection, Maintenance and Use of Data in the Proposed Customer PPW
Master File System
The information maintained in this system of records will be
collected from customers who elect to conduct transactions with SSA in
an electronic business environment that requires the PPW
infrastructure. The information maintained will include identifying
information such as the customer's name, Social Security number (SSN)
(which functions as the individual's PIN) and mailing address. The
system will also maintain the customer's PRC, the password itself and
the authorization level and associated data (e.g., effective date of
authorization).
We will also maintain transactional data elements necessary to
administer and maintain the PPW infrastructure. These include access
profile information such as blocked PINs, failed access data, effective
date of password and other data linked to the required authentication
processes for Internet and automated telephone system applications. The
information on this system may also include archived transaction data
and historical data.
SSA will use the data in the proposed system for management
information purposes in order to effectively administer the PPW
infrastructure used to conduct electronic business with SSA customers.
Because we will maintain and retrieve data from the proposed system of
records by the customer's SSN (which acts as the individual's PIN), the
database will constitute a ``system of records'' under the Privacy Act.
3. Proposed Routine Use Disclosures of Data Maintained in the Proposed
Customer PPW Master File System
We are proposing to establish routine uses of information that will
be maintained in the proposed system as discussed below.
A. Disclosure to the Office of the President for the purpose of
responding to an individual pursuant to an inquiry received from that
individual or from a third party on his or her behalf.
We will disclose information under this routine use only in
situations in which an individual may contact the Office of the
President, seeking that office's assistance in an SSA matter on his or
her behalf involving this system of records. Information would be
disclosed when the Office of the President makes an inquiry and
presents evidence that the office is acting on behalf of the individual
whose record is requested.
B. Disclosure to a congressional office in response to an inquiry
from that office made at the request of the subject of a record.
We will disclose information under this routine use only in
situations in which an individual may ask his her congressional
representative to intercede in an SSA matter on his or her behalf
involving this system of records. Information would be disclosed when
the congressional representative makes an inquiry and presents evidence
that he or she is acting on behalf of the individual whose record is
requested.
C. To the Department of Justice (DOJ), a court or other tribunal
(either foreign or domestic), or another party before such tribunal
when:
(a) SSA, or any component thereof; or
(b) Any SSA employee in his/her official capacity; or
(c) Any SSA employee in his/her individual capacity where DOJ (or
SSA where it is authorized to do so) has agreed to represent the
employee; or
[[Page 75997]]
(d) The United States or any agency thereof where SSA determines
that the litigation is likely to affect the operations of SSA or any of
its components,
is a party to the litigation or has an interest in such litigation, and
SSA determines that the use of such records by DOJ, the court or other
tribunal is relevant and necessary to the litigation, provided however,
that in each case, SSA determines that such disclosure is compatible
with the purpose for which the records were collected.
We will disclose information under this routine use only as
necessary to enable DOJ, a court or other tribunal to effectively
defend SSA, its components or employees in litigation involving the
proposed system of records.
D. Disclosure to contractors and other Federal agencies, as
necessary, for the purpose of assisting SSA in the efficient
administration of its programs.
We will disclose information under this routine use only in
situations in which SSA may enter into a contractual agreement or
similar agreement with a third party to assist in accomplishing an
agency function relating to this system of records.
E. Nontax return information which is not restricted from
disclosure by federal law may be disclosed to the General Services
Administration (GSA) and the National Archives and Records
Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by NARA
Act of 1984, for the use of those agencies in conducting records
management studies.
The Administrator of GSA and the Archivist of NARA are charged by
44 U.S.C. 2904 with promulgating standards, procedures and guidelines
regarding records management and conducting records management studies.
Section 2906 of that law, also amended by the NARA Act of 1984,
provides that GSA and NARA are to have access to federal agencies'
records and that agencies are to cooperate with GSA and NARA. In
carrying out these responsibilities, it may be necessary for GSA and
NARA to have access to this proposed system of records. In such
instances, the routine use will facilitate disclosure.
4. Compatibility of Proposed Routine Uses
The Privacy Act (5 U.S.C. 552a(b)(3)) and our disclosure
regulations (20 CFR Part 401) permit us to disclose information under a
published routine use for a purpose which is compatible with the
purpose for which we collected the information. Section 401.150(c) of
the regulations permits us to disclose information under a routine use
where necessary to assist in carrying out SSA programs. Section 401.120
of the regulations provides that we will disclose information when a
law specifically requires the disclosure. The proposed routine uses
lettered A-D above will ensure efficient maintenance of the Customer
PPW Master File System; the disclosures that would be made under
routine use ``E'' are required by Federal law. Thus, all of the routine
uses are appropriate and meet the relevant statutory and regulatory
criteria.
5. Records Storage Medium and Safeguards for The Proposed Customer
PPW Master File System
We will maintain information in the proposed Customer PPW Master
File System in electronic form, computer data systems and paper form.
Only authorized SSA personnel who have a need for the information in
the performance of their official duties will be permitted access to
the information.
Computer firewall technology, data encryption and other systems
security measures will ensure that the PPW system is protected from
inappropriate access. The existing SSA firewall architecture ensures
that customers will be limited only to electronic transactions the
Agency determines and will not be able to access SSA's other systems or
data.
Security measures also include the use of access codes to enter the
computer systems that will maintain the data and storage of the
computerized records in secured areas that are accessible only to
employees who require the information in performing their official
duties. Any manually maintained records will be kept in locked cabinets
or in otherwise secure areas. Also, all buildings housing this data are
accessible to authorized personnel only, with entrances and exits
supervised by security guards. Contractor personnel having access to
data in the proposed system of records will be required to adhere to
SSA rules concerning safeguards, access and use of the data. SSA
personnel having access to the data on these systems will be informed
of the criminal penalties of the Privacy Act for unauthorized access to
or disclosure of information maintained in this system. See 5 U.S.C.
552a(i)(1).
6. Effect of the Proposed Customer PPW Master File System on the
Rights of Individuals
The proposed new system will maintain the necessary data elements
to effectively administer the PPW infrastructure used to conduct
electronic business with SSA customers. SSA has developed a strategy
that makes SSA electronic services more readily available via the
Internet and automated telephone systems but with the commensurate
privacy and security protections to ensure appropriate use of this new
system. We will not collect any unnecessary information and will
protect the personal information that does need to be gathered for the
Customer PPW Master File System. There are existing security standards
that protect access to and disclosure of records in this proposed new
system. We will not use the information in any manner that will be
adverse to the individuals to whom it pertains. Thus, we do not
anticipate that the Customer PPW Master File System will have any
unwarranted adverse effect on individuals.
Dated: November 28, 2000.
Kenneth S. Apfel,
Commissioner of Social Security.
60-0290
System Name:
Social Security Administration's Customer PIN/Password (PPW) Master
File System.
Security Classification:
None.
System Location:
Social Security Administration, Office of Systems, 6401 Security
Boulevard, Baltimore, Maryland 21235.
Categories of Individuals covered by the System:
All SSA customers (applicants, beneficiaries and other customers)
who elect to conduct transactions with SSA in an electronic business
environment that requires the PPW infrastructure. This may include
customers who elect to block PPW access to SSA electronic transactions
by requesting SSA to disable their PPW capabilities.
Categories of records in the system:
The information maintained in this system of records is collected
from customers who elect to conduct transactions with SSA in an
electronic business environment that requires the PPW infrastructure.
The information maintained includes identifying information such as the
customer's name, Social Security number (which functions as the
individual's personal identification number (PIN) and mailing address.
The system also maintains the customer's Password Request Code (PRC),
the password itself and the authorization level and associated data
(e.g., effective date of authorization).
[[Page 75998]]
We also maintain transactional data elements necessary to
administer and maintain the PPW infrastructure. These include access
profile information such as blocked PINs, failed access data, effective
date of password and other data linked to the required authentication
processes for Internet and automated telephone system applications. The
information on this system may also include archived transaction data
and historical data.
SSA will also use the data in the proposed system for management
information purposes in order to effectively administer the PPW
infrastructure used to conduct electronic business with SSA customers.
Because we will maintain and retrieve data from the proposed system of
records by the customer's SSN (which acts as the individual's PIN), the
database will constitute a ``system of records'' under the Privacy Act.
Authority for maintenance of the system:
Section 205(a) of the Social Security Act; 5 U.S.C. 552a(e)(10) of
the Privacy Act; and the Government Paperwork Elimination Act.
Purpose(s):
The Customer PPW Master File System maintains information collected
for use in connection with SSA's implementation of a PIN/Password
system that allows Social Security program applicants, beneficiaries
and other customers to conduct business with SSA in an electronic
business environment. The system of records is designed to permit entry
and retrieval of information associated with maintaining a PPW
infrastructure that supports SSA's electronic initiatives requiring a
PPW entry process.
Routine uses of records maintained in the system, including categories
of users and the purposes of such uses:
Disclosure may be made for routine uses as indicated below:
(1) Disclosure to the Office of the President for the purpose of
responding to an individual pursuant to an inquiry received from that
individual or from a third party on his or her behalf.
(2) Disclosure to a congressional office in response to an inquiry
from that office made at the request of the subject of a record.
(3) To the Department of Justice (DOJ), a court, or other tribunal
(either foreign or domestic) or another party before such tribunal
when:
(a) SSA, or any component thereof; or
(b) any SSA employee in his/her official capacity; or
(c) any SSA employee in his/her individual capacity where DOJ (or
SSA where it is authorized to do so) has agreed to represent the
employee; or
(d) the United States or any agency thereof where SSA determines
that the litigation is likely to affect the operations of SSA or any of
its components, is a party to the litigation or has an interest in such
litigation, and SSA determines that the use of such records by DOJ, the
court or other tribunal is relevant and necessary to the litigation,
provided, however, that in each case, SSA determines that such
disclosure is compatible with the purpose for which the records were
collected.
(4) Disclosure to contractors and other Federal agencies, as
necessary, for the purpose of assisting SSA in the efficient
administration of its programs.
(5) Nontax return information which is not restricted from
disclosure by federal law may be disclosed to the General Services
Administration (GSA) and the National Archives and Records
Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by NARA
Act of 1984, for the use of those agencies in conducting records
management studies.
Policies and practices for storing, retrieving, accessing, retaining
and disposing of records in the system:
Storage:
Data are stored in electronic and paper form.
Retrievability:
Records in this system are indexed and retrieved by SSN (which acts
as the individual's PIN).
Safeguards:
Security measures include computer firewall technology, data
encryption and other systems security measures to ensure that the PPW
system is protected from inappropriate access. The existing SSA
firewall architecture ensures that customers are limited only to
electronic transactions the Agency determines and will not be able to
access SSA's other systems or data.
Security measures also include the use of access codes to enter the
database and storage of the electronic records in secured areas which
are accessible only to employees who require the information in
performing their official duties. The paper records that result from
the data base site are kept in locked cabinets or in otherwise secure
areas. Contractor personnel having access to data in the system of
records are required to adhere to SSA rules concerning safeguards,
access, and use of the data. SSA personnel having access to the data on
this system are informed of the criminal penalties of the Privacy Act
for unauthorized access to or disclosure of information maintained in
this system of records.
Retention and disposal:
PPW information maintained in this system is retained until
notification of the death of the account holder plus seven years. Means
of disposal is appropriate to storage medium (e.g., deletion of
individual records from the data base when appropriate or shredding of
paper records that are produced from the system).
System manager and address:
Social Security Administration, Associate Commissioner, Office of
Program Benefits, 6401 Security Boulevard, Baltimore, Maryland, 21235.
Notification procedure:
An individual can determine if this system contains a record about
him/her by writing to the system manager at the above address and
providing his/her name, SSN or other information that may be in the
system of records that will identify him/her. An individual requesting
notification of records in person should provide the same information,
as well as provide an identity document, preferably with a photograph,
such as a driver's license or some other means of identification, such
as a voter registration card, credit card, etc. If an individual does
not have any identification document sufficient to establish his/her
identity, the individual must certify in writing that he/she is the
person claimed to be and that he/she understands that the knowing and
willful request for, or acquisition of, a record pertaining to another
individual under false pretenses is a criminal offense.
If notification is requested by telephone, an individual must
verify his/her identity by providing identifying information that
parallels the record to which notification is being requested. If it is
determined that the identifying information provided by telephone is
insufficient, the individual will be required to submit a request in
writing or in person. If an individual is requesting information by
telephone on behalf of another individual, the subject individual must
be connected with SSA and the requesting individual in the same phone
call. SSA will establish the subject individual's identity (his/her
name, SSN, address, date of birth and place of birth along with one
other piece of information such as mother's maiden name) and ask for
his/her permission in providing access by telephone to the requesting
individual.
[[Page 75999]]
If a request for notification is submitted by mail, an individual
must include a notarized statement to SSA to verify his/her identity or
must certify in the request that he/she is the person claimed to be and
that he/she understands that the knowing and willful request for, or
acquisition of, a record pertaining to another individual under false
pretenses is a criminal offense.
These procedures are in accordance with SSA Regulations 20 CFR
401.45.
Record access procedures:
Same as notification procedures. Requesters should also reasonably
specify the record contents being sought. These procedures are in
accordance with SSA Regulations 20 CFR 401.50.
Contesting record procedures:
Same as notification procedures. Requesters should also reasonably
identify the record, specify the information they are contesting, and
state the corrective action sought and the reasons for the correction
with supporting justification showing how the record is untimely,
incomplete, inaccurate, or irrelevant. These procedures are in
accordance with SSA Regulations 20 CFR 401.65.
Record source categories:
Data for the system are obtained primarily from the individuals to
whom the record pertains.
Systems exempted from certain provisions of the Privacy Act:
None.
[FR Doc. 00-30836 Filed 12-4-00; 8:45 am]
BILLING CODE 4191-02-P