Your World of Legal Intelligence
 United States | 1-800-335-6202

Privacy Act; systems of records,

As Enacted ( Federal Register) Cited authorities 1 Cited in Related
Vincent

[Federal Register: December 10, 2007 (Volume 72, Number 236)]

[Notices]

[Page 69723-69725]

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

[DOCID:fr10de07-114]

SOCIAL SECURITY ADMINISTRATION

Privacy Act of 1974, as Amended; Alteration to Existing Systems of Records

AGENCY: Social Security Administration (SSA).

ACTION: Proposed New Routine Use for Existing Systems of Records.

SUMMARY: As mandated by the Office of Management and Budget (OMB) in Memorandum M-07-16, recommended by the President's Identity Theft Task Force, and in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and (11)), we are issuing public notice of our intent to establish a new routine use disclosure applicable to SSA's systems of records listed below under section I of the Supplementary Information section. The proposed routine use specifically permits the disclosure of SSA information in connection with response and remediation efforts in the event of an unintentional release of Agency information, otherwise known as a ``data security breach.'' Such a routine use would serve to protect the interests of the people whose information is at risk by allowing us to take appropriate steps to facilitate a timely and effective response to a data breach. It would also help us to improve our ability to prevent, minimize, or remedy any harm that may result from a compromise of data maintained in our systems of records. We invite public comment on this proposal.

DATES: We filed a report of the proposed new routine use disclosure with the Chairman of the Senate Committee on Homeland Security and Governmental Affairs, the Chairman of the House Committee on Oversight and Government Reform, and the Director, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB) on November 19, 2007. The proposed routine use will become effective on December 24, 2007, unless we receive comments warranting it not to become effective.

ADDRESSES: Interested individuals may comment on this publication by writing to the Executive Director, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, Room 3-A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401. All comments received will be available for public inspection at the above address.

FOR FURTHER INFORMATION CONTACT: Ms. Margo Wagner, Social Insurance Specialist, Disclosure Policy Development and Services Division 2, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, Room 3-A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, telephone: (410) 965-1482, e-mail: margo.wagner@ssa.gov or Mr. Neil Etter, Social Insurance Specialist, Disclosure Policy Development and Services Division 1, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, Room 3-A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, telephone: (410) 965-8028, e-mail: neil.etter@ssa.gov.

SUPPLEMENTARY INFORMATION:

  1. Discussion of the Proposed New Routine Use

    OMB has mandated and the President's Identity Theft Task Force recommended that Federal agencies develop and publish a routine use for appropriate systems of records that allows for the disclosure of information in connection with the response and remedial efforts in the event of a data breach.

    Subsection (b)(3) of the Privacy Act provides that information from an agency's system of records may be disclosed without a subject individual's consent if the disclosure is ``for a routine use as defined in subsection (a)(7) of this section and described under subsection (e)(4)(D) of this section.'' 5 U.S.C. 552a(b)(3). Subsection (a)(7) of the Act states that ``the term `routine use' means, with respect to the disclosure of a record, the use of such record for a purpose which is compatible with the purpose for which it was collected.'' 5 U.S.C. 552a(a)(7). Providing information to help respond to and remediate a breach of Federal data qualifies as a necessary and proper use of information. Such a use is in the best interest of both the individual whose record is at issue and the public.

    The Privacy Act requires that agencies publish notification in the Federal Register of ``each routine use of the records contained in the system, including the categories of users and the purpose of such use.'' 5 U.S.C. 552a(e)(4)(D). Based on OMB's recommended language, we have developed the following routine use that we will apply to nearly all of our Privacy Act systems of records,\1\ and that will allow for disclosure to appropriate agencies, entities, and persons under the following circumstances:

    \1\ Our Privacy Act systems of records that contain data protected under the Internal Revenue Code (IRC) will not contain this routine use as the IRC does not contain a provision that permits disclosure for this purpose.

    We may disclose information to appropriate Federal, State, and local agencies, entities, and persons when (1) we suspect or confirm that the security or confidentiality of information in this system of records has been compromised; (2) we determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs of SSA that rely upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. SSA will use this routine use to respond only to those incidents involving an unintentional release

    of its records.

    In nearly all cases, we will immediately notify affected individuals before informing any other entity. In the rare event that law enforcement needs require us to delay consumer notification, this delay will be limited to the minimum amount of time needed. Timely notification allows individuals the opportunity to minimize or prevent the occurrence of harm.

    SSA will establish a new routine use to be included in the following systems of records:

    [[Page 69724]]

    Federal Register publication date/ System No. and name

    New routine use

    citation No.

    60-0001--Assignment and Correspondence No. 7...................... 71 FR 1800, 01/11/06. Tracking Act (ACT). 60-0002--Optical System for

    No. 8...................... 71 FR 1802, 01/11/06. Correspondence Analysis and Response. 60-0003--Attorney Fee File.............. No. 9...................... 71 FR 1803, 01/11/06. 60-0004--Working File of the Appeals No. 6...................... 70 FR 60383, 10/17/05. Council. 60-0005--Administrative Law Judge

    No. 8...................... 70 FR 60383, 10/17/05. Working File on Claimant Cases. 60-0006--Storage of Hearing Records: No. 8...................... 71 FR 1805, 01/11/06. Tape Cassettes and Audiograph Discs. 60-0009--Hearings and Appeals Case

    No. 4...................... 65 FR 46997, 08/01/00. Control System. 60-0010--Hearing Office Tracking System No. 6...................... 71 FR 1806, 01/11/06. of Claimant Cases. 60-0012--Listing and Alphabetical Name No. 7...................... 71 FR 1807, 01/11/06. File (Folder) of Vocational Experts, Medical Experts, and Other Health Care/ Non-Health Care Professionals Experts (Medicare). 60-0013--Records of Usage of Medical No.7....................... 71 FR 1809, 01/11/06. Experts, Vocational Experts, and Other Health Care/Non-Health Care Professionals Experts (Medicare). 60-0014--Curriculum Vitae and

    No. 8...................... 59 FR 46439, 09/08/94. Professional Qualifications of Medical Advisors, and Resumes of Vocational Experts. 60-0038--Employee Building Pass Files... No. 7...................... 59 FR 46439, 09/08/94. 60-0040--Quality Review System.......... No. 14..................... 65 FR 46997, 08/01/00. 60-0042--Quality Review Case Files...... No. 14..................... 65 FR 46997, 08/01/00. 60-0044--National Disability

    No. 11..................... 71 FR 11810, 01/11/06. Determination Services. 60-0045--Black Lung Payment System...... No. 14..................... 68 FR 15784, 04/01/03. 60-0046--Disability Determination

    No. 7...................... 71 FR 1812, 01/11/06. Service Consultant's File. 60-0050--Completed Determination Record-- No. 10..................... 71 FR 1814, 01/11/06. Continuing Disability Determinations. 60-0057--Quality Evaluation Data Records No. 6...................... 65 FR 46997, 08/01/00. 60-0058--Master Files of Social Security No. 42..................... 71 FR 1818, 01/11/06. Number Holders and SSN Applications. 60-0063--Resource Accounting System..... No. 6...................... 59 FR 46439, 09/08/94. 60-0077--Congressional Inquiry File..... No. 7...................... 71 FR 1823, 01/11/06. 60-0078--Public Inquiry Correspondence No. 8...................... 71 FR 1825, 01/11/06. File. 60-0089--Claims Folders System.......... No. 36..................... 71 FR 1829, 01/11/06. 60-0090--Master Beneficiary Record...... No. 38..................... 71 FR 1829, 01/11/06. 60-0094--Recovery of Overpayments,

    No. 9...................... 70 FR 49354, 08/23/05. Accounting and Reporting. 60-0103--Supplemental Security Income No. 37..................... 71 FR 1829, 01/11/06. Record. 60-0118--Non-Contributory Military

    No. 6...................... 71 FR 18334, 01/11/06. Service Reimbursement System. 60-0159--Continuous Work History Sample No. 5...................... 65 FR 46997, 08/01/00. (Statistics). 60-0186--SSA Litigation Tracking System No. 6...................... 70 FR 60383, 10/17/05. New Routine Use No.. 60-0196--Disability Studies, Surveys, No. 4...................... 65 FR 46997, 08/01/00. Records and Extracts (Statistics). 60-0199--Extramural Surveys (Statistics) No. 4...................... 71 FR 1835, 01/11/06. 60-0200--Retirement and Survivors

    No. 4...................... 65 FR 46997, 08/01/00. Studies, Surveys, Records and Extracts (Statistics). 60-0202--Old Age, Survivors and

    No. 5...................... 69 FR 11693, 03/11/04. Disability Beneficiary and Worker Records and Extracts (Statistics). 60-0203--Supplemental Security Income No. 5...................... 65 FR 46997, 08/01/00. Studies, Surveys, Records and Extracts (Statistics). 60-0210--Record of Individuals

    No. 7...................... 59 FR 46439, 09/08/94. Authorized Entry to Secured Automated Data Processing Area. 60-0211--Beneficiary, Family and

    No. 5...................... 69 FR 11693, 03/11/04. Household Surveys, Records and Extracts System (Statistics). 60-0213--Quality Review of Hearing/ No. 7...................... 65 FR 46997, 08/01/00. Appellate Process. 60-0214--Personal Identification Number No. 5...................... 59 FR 46441, 09/08/94. File (PINFile). 60-0218--Disability Insurance and

    No. 7...................... 71 FR 1837, 01/11/06. Supplemental Security Income Demonstration Projects and Experiments System. 60-0219--Representative Disqualification/ No. 8...................... 71 FR 1839, 01/11/06. Suspension Information System. 60-0220--Kentucky Birth Records System.. No. 5...................... 59 FR 46439, 09/08/94. 60-0221--Vocational Rehabilitation

    No. 10..................... 71 FR 1841, 01/11/06. Reimbursement Case Processing System. 60-0222--Master Representative Payee No. 18..................... 71 FR 5399, 02/01/06. File. 60-0224--SSA-Initiated Personal Earnings No. 7...................... 59 FR 54004, 10/27/94. and Benefit Estimate Statement (SIPEBES) History File. 60-0225--SSA Initiated Personal Earnings No. 6...................... 59 FR 54004, 10/27/94. and Benefit Estimate Statement Address System for Certain Territories. 60-0228--Safety Management Information No. 7...................... 71 FR 1844, 01/11/06. System (SSA Accident, Injury and Illness Reporting System). 60-0230--Social Security Administration No. 5...................... 71 FR 1846, 01/11/06. Parking Management Record System. 60-0231--Financial Transactions of SSA No. 19..................... 71 FR 1847, 01/11/06. Accounting and Finance Offices. 60-0232--Central Registry of Individuals No. 11..................... 71 FR 1849, 01/11/06. Doing Business With SSA (Vendor File). 60-0234--Employee Assistance Program No. 7...................... 71 FR 1850, 01/11/06. (EAP) Records. 60-0236--Employee Development Program No. 13..................... 71 FR 1853, 01/11/06. Records. 60-0237--Employees' Medical Records..... No. 8...................... 71 FR 1854, 01/11/06. 60-0238--Pay, Leave and Attendance

    No. 25..................... 71 FR 1856, 01/11/06. Records. 60-0239--Personnel Records in Operating No. 17..................... 71 FR 1859, 01/11/06. Offices. 60-0241--Employee Suggestion Program No. 6...................... 71 FR 1861, 01/11/06. Records New Routine Uses. 60-0244--Administrative Grievances Filed No. 19..................... 71 FR 1862, 01/11/06. Under Part 771 of 5 CFR. 60-0245--Negotiated Grievance Procedure No. 21..................... 71 FR 1864, 01/11/06. Records. 60-0250--Equal Employment Opportunity No. 13..................... 71 FR 1866, 01/11/06. (EEO) Counselor and Investigator Personnel Records. 60-0255--Plans for Achieving Self-

    No. 19..................... 71 FR 1867, 01/11/06. Support (PASS) Management Information System. 60-0259--Claims Under the Federal Tort No. 8...................... 71 FR 1869, 01/11/06. Claims Act and Military Personnel and Civilian Employees' Claim Act. 60-0262--Attorney Applicant Files....... No. 7...................... 71 FR 1871, 01/11/06. 60-0268--Medicare Part B Buy-In

    No. 9...................... 64 FR 10173, 03/02/99. Information System. 60-0269--Prisoner Update Processing No. 12..................... 64 FR 11076, 03/08/99. System (PUPS). 60-0270--Records of Individuals

    No. 5...................... 65 FR 77953, 12/13/00. Authorized Entry into Secured Areas by Digital Lock Systems, Electronic Key Card Systems or Other Electronic Access Devices.

    [[Page 69725]]

    60-0273--Social Security Title VIII No. 15..................... 65 FR 13803, 03/14/00. Special Veterans Benefits Claims Development and Management Information System. 60-0274--Litigation Docket and Tracking No. 11..................... 71 FR 1872, 01/11/06. System. 60-0275--Civil Rights Complaints Filed No. 9...................... 71 FR 1874, 01/11/06. by Members of the Public. 60-0276--Social Security

    No. 6...................... 65 FR 48272, 08/07/00. Administration's (SSA's) Talking and Listening to Customers (TLC). 60-0279--Social Security

    No. 7...................... 65 FR 49047, 08/10/00. Administration's (SSA's) Mandate Against Red Tape (SMART). 60-0280--SSA Administrative Sanctions... No. 6...................... 65 FR 54595, 09/08/00. 60-0290--Social Security

    No. 7...................... 71 FR 1874, 01/11/06. Administration's Customer PIN/Password (PPW) Master File System. 60-0295--Ticket-to-Work and Self-

    No. 8...................... 66 FR 17985, 04/04/01. Sufficiency Program Payment Database. 60-0300--Ticket-to-Work Program Manager No. 8...................... 66 FR 32656, 06/15/01. (PM) Management Information System. 60-0305--SSA Mass Transportation Subsidy No. 12..................... 67 FR 44658, 07/03/02. Program System. 60-0310--Medicare Savings Programs

    No. 8...................... 69 FR 17019, 03/31/04. Information System. 60-0315--Reasonable Accommodation for No. 11..................... 70 FR 62157, 10/28/05. Persons with Disabilities (RAPD). 60-0318--Representative Payee/Misuse No. 8...................... 70 FR 12774, 3/15/05. Restitution Control System (RP/MRCS). 60-0320--Electronic Disability Claim No. 31..................... 68 FR 71210, 12/22/03. File (eDib). 60-0321--Medicare Part D and Part D No. 17..................... 69 FR 77816, 12/28/04. Subsidy File. 60-0328--National Docketing Management No. 16..................... 70 FR 34515, 06/14/05. Information System (NDMIS). 60-0330--eWork.......................... No. 10..................... 68 FR 54037, 09/15/03. 60-0340--eFOIA.......................... No. 11..................... 70 FR 3571, 01/25/03. 60-0350--Visitor Intake Process/Customer No. 9...................... 70 FR 59795, 10/13/05. Service Record (VIP/CSR) System. 60-0355--The Non-Attorney Representative No. 11..................... 69 FR 77823, 12/28/04. Prerequisites Process File (NARPPF). 60-0361--Identity Management System No. 15..................... 71 FR 213, 11/03/06. (IDMS). 60-0370--The Representative Payee and No. 6...................... 71 FR 16399, 3/31/06. Beneficiary Survey Data System.

    We are not republishing in their entirety the notices of the systems of records to which we are adding the proposed new routine use disclosures. Instead, we are republishing only the identification number, the name of the system of record, the number of the new routine use and the issue of the Federal Register in which the system notice was last published, including the publication date and page number.

  2. Compatibility of Proposed Routine Use

    As mandated by OMB, as recommended by the President's Identity Theft Task Force, and in accordance with the Privacy Act (5 U.S.C. 552a(a)(7) and (b)(3)) and our disclosure regulation (20 CFR part 401), we are permitted to release information under a published routine use for a purpose that is compatible with the purpose for which we collected the information. Section 401.120 of our regulations provides that we will disclose information required by law. Since OMB has mandated the publication of this routine use, the proposed routine use is appropriate and meets the relevant statutory and regulatory criteria. In addition, disclosures to other agencies, entities and persons when needed to respond to an unintentional release are compatible with the reasons we collect the information, as helping to prevent and minimize the potential for harm is consistent with taking appropriate steps to protect information entrusted to us. See 5 U.S.C. 552a(e)(10).

  3. Effect of the Proposed Routine Use Disclosure on the Rights of Individuals

    The proposed routine use would serve to protect the interests of the people whose information is at risk. We would achieve this protection by taking appropriate steps to facilitate a timely and effective response to a security breach of our data, thereby improving our ability to prevent, minimize, or remedy any harm that may result from a compromise of data maintained in our systems of records. We do not anticipate that the proposed new routine use will have any unwarranted adverse effect on the rights of individuals about whom data will be disclosed.

    Dated: November 13, 2007. Michael J. Astrue, Commissioner. [FR Doc. E7-23875 Filed 12-7-07; 8:45 am]

    BILLING CODE 4191-02-P

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT