Privacy Act of 1974, as Amended; New System of Records, 64751-64755 [E6-18549]

Agencies

• Social Security Administration

[Federal Register Volume 71, Number 213 (Friday, November 3, 2006)]
[Notices]
[Pages 64751-64755]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E6-18549]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974, as Amended; New System of Records

AGENCY: Social Security Administration (SSA).

ACTION: Proposed new system of records and proposed routine uses.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and 
(e)(11)), we are issuing public notice of our intent to establish a new 
system of records, entitled the Identity Management System, 60-0361, 
and routine uses applicable to this system of records. Hereinafter, we 
will refer to the proposed system of records as the IDMS system. We 
invite public comment on this proposal.

DATES: We filed a report of the proposed new IDMS system and proposed 
routine use disclosures with the Chairman of the Senate Committee on 
Homeland Security and Governmental Affairs, the Chairman of the House 
Committee on Government Reform, and the Director, Office of Information 
and Regulatory Affairs, Office of Management and Budget on October 26, 
2006. The proposed IDMS system and proposed routine uses will become 
effective on December 5, 2006, unless we receive comments warranting 
them not to become effective.

ADDRESSES: Interested individuals may comment on this publication by 
writing to the Executive Director, Office of Public Disclosure, Office 
of the General Counsel, Social Security Administration, Room 3-A-6 
Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235-6401. All comments received will be available for public 
inspection at the above address.

FOR FURTHER INFORMATION: Contact Margo Wagner, Social Insurance 
Specialist, Disclosure Policy Team, Office of Public Disclosure, Office 
of the General Counsel, Social Security Administration, Room 3-A-6 
Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235-6401, telephone: (410) 965-1482, e-mail: margo.wagner@ssa.gov.

SUPPLEMENTARY INFORMATION:

I. Background and Purpose of the Proposed IDMS System

A. General Background

    On October 27, 2004, President Bush signed Homeland Security 
Presidential Directive-12 (HSPD-12), requiring all Federal agencies to 
implement a standard personal identity verification (PIV) card for use 
by individuals who require access Federal or federally controlled 
buildings and/or information systems in order to eliminate terrorist 
threats. HSPD-12 charges the Department of Commerce and the Office of 
Management and Budget to set standards and guidance for implementing 
the PIV cards.
    In order to carry out our responsibilities under HSPD-12, SSA must 
issue PIV cards to all individuals who require regular, ongoing access 
to Agency facilities, information technology systems, or information 
classified in the interest of national security. These individuals 
include applicants for employment or contracts, Federal employees, 
contractors, students, interns, volunteers, affiliates, as well as 
individuals authorized to perform or use services provided in agency 
facilities (e.g., Credit Union, Fitness Center, etc.). To issue PIV 
cards, SSA must collect and maintain personal information about 
individuals to whom the Agency will issue a PIV card. We will maintain 
the information in the newly established IDMS system and retrieve the 
information from the system when needed by the Social Security number 
(SSN) or other unique identifier of the individual to whom the 
information pertains. Thus, the IDMS system will constitute a system of 
records under the Privacy Act.

B. Collection and Maintenance of the Data for the IDMS System

    The information that SSA will collect and maintain in the IDMS 
system will consist of identifiable information (i.e., name, address, 
phone number, SSN) of individuals who require a PIV card. The 
``Categories of records'' section of the notice of the IDMS system 
below contains a detailed description of the records that will be 
maintained in the IDMS system.

II. Proposed Routine Use Disclosures of Data Maintained in the Proposed 
IDMS System

A. Proposed Routine Use Disclosures

    We are proposing to establish routine uses of information that will 
be maintained in the proposed IDMS system as discussed below.
    1. To the Office of the President for the purpose of responding to 
an individual pursuant to an inquiry received from that individual or 
from a third party on his or her behalf.
    We will disclose information under this routine use only in 
situations in which an individual may contact the Office of the 
President, seeking that office's assistance in a matter relating to 
information contained in this system of records. Information will be 
disclosed when the Office of the President makes an inquiry and 
indicates that it is acting on behalf of the individual whose record is 
requested.
    2. To a congressional office in response to an inquiry from that 
office made at the request of the subject of a record.
    We may disclose information under this routine use only in 
situations in which an individual may ask his or her congressional 
representative to intercede in a matter relating to information 
contained in this system of records. Information will be disclosed when 
the congressional representative makes an inquiry and indicates that he 
or she is acting on behalf of the individual whose record is requested.
    3. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such tribunal when:
    (a) The Social Security Administration (SSA), or any component 
thereof; or
    (b) any SSA employee in his/her official capacity; or
    (c) any SSA employee in his/her individual capacity where DOJ (or 
SSA where it is authorized to do so) has agreed to represent the 
employee; or
    (d) the United States or any agency thereof where SSA determines 
that the litigation is likely to affect the operation of SSA or any of 
its components,

is a party to litigation or has an interest in such litigation, and SSA 
determines that the use of such records by DOJ, a court or other 
tribunal, or another party before such tribunal, is relevant and 
necessary to the litigation, provided, however, that in each case SSA 
determines that such disclosure is compatible with the purpose for 
which the records were collected.
    We may disclose information under this routine use only as 
necessary to enable DOJ to effectively defend SSA,

[[Page 64752]]

its components or employees in litigation involving this system of 
records and ensure that courts and other tribunals have appropriate 
information.
    4. To student volunteers, individuals working under a personal 
services contract, and other individuals performing functions for SSA 
but technically not having the status of agency employees, if they need 
access to the records in order to perform their assigned agency 
functions.
    Under certain Federal statutes, SSA is authorized to use the 
service of volunteers and participants in certain educational, 
training, employment, and community service programs. Examples of such 
statutes and programs include: 5 U.S.C. 3111 regarding student 
volunteers and 42 U.S.C. 2753 regarding the College Work-Study Program. 
We will disclose information under this routine use only when SSA uses 
the services of these individuals and they need access to information 
in this system to perform their assigned agency duties.
    5. To the appropriate public authority whether a Federal, foreign, 
State, local or tribal agency, except as noted on Forms SF 85, 85-P, 
and 86, when a record on its face, or in conjunction with other 
records, indicates a violation or potential violation of law, whether 
civil, criminal, or regulatory in nature, and whether arising by 
general statute or particular program statute, or by regulation, rule, 
or order issued pursuant thereto, for enforcing, investigating or 
prosecuting such violation or charged with enforcing or implementing 
the statute, or rule, regulation, or order issued pursuant thereto, if 
the information disclosed is relevant to any enforcement, regulatory, 
investigative or prosecutorial responsibility of the receiving entity.
    We may disclose information under this routine use except as noted 
on Forms SF 85, 85-P, and 86, when a record on its face, or in 
conjunction with other records, indicates a violation or potential 
violation of law under the authority of the requesting agency.
    6. To a Federal, State, local, foreign, or tribal or other public 
authority the fact that this system of records contains information 
relevant to the retention of an employee, the retention of a security 
clearance, the letting of a contract, or the issuance or retention of a 
license, grant, or other benefit. The other agency or licensing 
organization may then make a request supported by the written consent 
of the individual for the entire record if it so chooses. No disclosure 
will be made unless the information has been determined to be 
sufficiently reliable to support a referral to another office within 
the agency or to another Federal agency for criminal, civil, 
administrative personnel or regulatory action.
    We may disclose to the requesting agency the fact that this system 
of records contains information relevant to that agency's retention of 
an employee, the retention of a security clearance, the letting of a 
contract, or the issuance or retention of a license, grant, or other 
benefit. We will not disclose any other information to the agency 
without the written consent of the subject of the record.
    7. To a Federal, State, or local agency, or other appropriate 
entities or individuals, or through established liaison channels to 
selected foreign governments, in order to enable an intelligence agency 
to carry out its responsibilities under the National Security Act of 
1947 as amended, the CIA Act of 1949 as amended, Executive Order 12333 
or any successor order, applicable national security directives, or 
classified implementing procedures approved by the Attorney General and 
promulgated pursuant to such statutes, orders or directives.
    We may disclose information to the agencies and entities described 
in the routine use for the purpose of carrying out their 
responsibilities and activities under the authorities cited in the 
routine uses when information in this system of records is relevant to 
those responsibilities and activities.
    8. To notify another Federal agency when, or verify whether, a PIV 
card is no longer valid.
    We may disclose information under this routine use for the purpose 
cited so that individuals with invalid PIV cards may not use them to 
gain entry to Federal facilities.
    9. To the Equal Employment Opportunity Commission when requested in 
connection with investigations into alleged or possible discriminatory 
practices in the Federal sector, examination of Federal affirmative 
employment programs, compliance by Federal agencies with the Uniform 
Guidelines on Employee Selection Procedures, or other functions vested 
in the Commission.
    We may disclose information to the EEOC to assist in investigations 
into alleged or possible discriminatory practices in the Federal sector 
and for other functions vested in the Commission.
    10. To the Federal Labor Relations Authority, the Office of the 
Special Counsel, the Federal Mediation and Conciliation Service, the 
Federal Service Impasses Panel, or an arbitrator when information is 
requested in connection with the investigations of allegations of 
unfair practices, matters before an arbitrator or the Federal Service 
Impasses Panel.
    We may disclose information under this routine use, as necessary, 
to the Federal Labor Relations Authority, the General Counsel, the 
Federal Mediation and Conciliation Service, and the Federal Service 
Impasses Panel, or an arbitrator, when requested in connection with 
allegations of unfair labor practices, matters before an arbitrator or 
the Federal Service Impasses Panel.
    11. To the Merit Systems Protection Board or the Office of Special 
Counsel in connection with appeals, special studies of the civil 
service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and other such functions promulgated in 5 U.S.C. Chapter 12, or as may 
be authorized by law.
    We will disclose information under this routine use, as necessary, 
to the Merit Systems Protection Board or the Office of Special Counsel 
when requested in matters pending before the Merit Systems Protection 
Board or the Office of Special Counsel.
    12. To contractors and other Federal agencies, as necessary, for 
the purpose of assisting Social Security Administration (SSA) in the 
efficient administration of its programs. We will disclose information 
under this routine use only in situations in which SSA may enter a 
contractual or similar agreement with a third party to assist in 
accomplishing an agency function relating to this system of records.
    SSA occasionally contracts out certain of its functions when this 
would contribute to effective and efficient operations. For example, 
this may include contractors, as authorized by 31 U.S.C. 3718, or 
Federal agencies that either operate debt collection centers or that 
will assist SSA in collecting debts through Federal salary, 
administrative, and tax refund offset as provided by 5 U.S.C. 3716 and 
Sec.  3720A. SSA must be able to give a contractor or Federal agency 
whatever information SSA can legally provide in order for the 
contractor or Federal agency to fulfill its duties. In situations in 
which we use contractors, safeguards are provided in the contract 
prohibiting the contractor from using or disclosing the information for 
any purpose other than that described in the contract.
    13. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary:

[[Page 64753]]

    (a) To enable them to protect the safety of SSA employees and the 
public, the security of the SSA workplace, and the operation of SSA 
facilities; or
    (b) to assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of SSA facilities.
    We will disclose information under this routine use to law 
enforcement agencies and private security contractors when information 
is needed to respond to, investigate, or prevent, activities that 
jeopardize the security and safety of the public, employees or 
workplaces or that otherwise disrupt the operation of SSA facilities. 
Information would also be disclosed to assist in the prosecution of 
persons charged with violating a Federal, State or local law in 
connection with such activities.
    14. To the National Archives and Records Administration or to the 
General Services Administration for records management inspections 
conducted under 44 U.S.C. 2904 and 2906.
    The Administrator of GSA and the Archivist of NARA are charged by 
44 U.S.C. 2904, as amended, with promulgating standards, procedures and 
guidelines regarding record management and conducting records 
management studies. 44 U.S.C. 2906, as amended, provides that GSA and 
NARA are to have access to Federal agencies' records and that agencies 
are to cooperate with GSA and NARA. In carrying out these 
responsibilities, it may be necessary for GSA and NARA to have access 
to this proposed system of records. In such instances, the routine use 
will facilitate disclosure.

B. Compatibility of Proposed Routine Uses

    The Privacy Act (5 U.S.C. 552a(b)(3)) and our disclosure 
regulations (20 CFR Part 401) permits us to disclose information under 
a published routine use for a purpose that is compatible with the 
purpose for which we collected the information. Section 401.150(c) of 
the regulations permits us to disclose information under a routine use 
where necessary to carry out SSA programs. Section 401.120 of the 
regulations provides that we will disclose information when required by 
to do so by Federal law. Disclosures under routine uses numbered 1-13 
will be made in connection with SSA's responsibilities concerning the 
IDMS system. Disclosures under routine use numbered 14 are required by 
Federal law. Thus, all routine uses are appropriate and meet the 
relevant statutory and regulatory criteria.

III. Record Storage Medium and Safeguards for the Information 
Maintained in the Proposed IDMS System

    The proposed IDMS system will maintain information in electronic 
and manual forms. Only authorized SSA and contractor personnel who have 
a need for the information in the performance of their official duties 
are permitted access to the information. We will safeguard the security 
of the information by requiring the use of access codes to enter the 
computer system that will maintain the data and will store computerized 
records in secured areas that are accessible only to employees who 
require the information in performing their official duties. Manually 
maintained records are kept in locked cabinets or in otherwise secure 
areas.
    All SSA personnel receive annual reminders of the need to protect 
personal data to which they have access for official purposes and are 
reminded of the criminal penalties that apply to unauthorized access to 
or disclosure of personal information. See 5 U.S.C. 52a(i)(1). 
Furthermore, SSA employees having access to SSA databases maintaining 
personal information must sign a sanction document annually, 
acknowledging their accountability for making unauthorized access to or 
disclosure of such information.
    Contractor personnel having access to data in the proposed IDMS 
system will be required to adhere to SSA rules concerning safeguards, 
access and use of the data.

IV. Effect of the Proposed IDMS System on the Rights of Individuals

    The proposed IDMS system will consist of information that is 
relevant to establishing PIV cards for SSA employees and contractors. 
SSA will adhere to all applicable provisions of the Privacy Act and 
other applicable Federal statutes that govern our use and disclosure of 
the information that will be maintained in the proposed IDMS system. 
Therefore, we do not anticipate that the proposed IDMS system will have 
any unwarranted adverse effect on the privacy or other rights of 
individuals.

    Dated: October 26, 2006.
Jo Anne B. Barnhart,
Commissioner.

Social Security Administration; Notice of System of Records; Required 
by the Privacy Act of 1974

System number:
    60-0361.

System name:
    Identity Management System (IDMS).

Security classification:
    None.

System location:
    National Computer Center, Social Security Administration (SSA), 
6201 Security Boulevard, Baltimore, MD 21235. Some data covered by this 
system are at SSA locations, both Federal buildings and federally-
leased space, where staffed guard stations have been established in 
facilities that have installed the Personal Identity Verification (PIV) 
system, as well as the physical security office(s) or computer security 
office(s) of those locations. Contact the systems manager at the 
address below for the addresses of these locations.

Categories of individuals covered by the system:
    Individuals who require regular, ongoing access to Agency 
facilities, information technology systems, or information classified 
in the interest of national security, including applicants for 
employment or contracts, Federal employees, contractors, students, 
interns, volunteers, affiliates, and individuals formerly in any of 
these positions. The system also includes individuals authorized to 
perform or use services provided in Agency facilities (e.g., Credit 
Union, Fitness Center, etc.)
    The system does not apply to occasional visitors or short-term 
guests to whom SSA will issue temporary identification and credentials.

Categories of records in the system:
    Records maintained on individuals issued credentials by SSA include 
the following data fields: full name, Social Security number (SSN); 
date of birth; signature; image (photograph); fingerprints; hair color; 
eye color; height; weight; organization/office of assignment; company 
name; telephone number; copy of background investigation form; PIV card 
issue and expiration dates; personal identification number (PIN); 
results of background investigation; PIV request form; PIV registrar 
approval signature; PIV card serial number; emergency responder 
designation; copies of documents used to verify identification or 
information derived from those documents such as document title, 
document issuing authority, document number, document expiration date, 
document other information; level of national security clearance and 
expiration date; computer system user name; user access and permission 
rights, authentication

[[Page 64754]]

certificates; and digital signature information.
    Records maintained on card holders entering SSA facilities or using 
SSA systems include: name, PIV Card serial number; date, time, and 
location of entry and exit; company name; level of national security 
clearance and expiration date; fingerprints; digital signature 
information; computer networks/applications/data accessed.

Authority for maintenance of the system:
    5 U.S.C. 301; Federal Information Security Act (Pub. L. 104-106, 
section 5113); Electronic Government Act (Pub. L. 104-347, section 
203); the Paperwork Reduction Act of 1995 (44 U.S.C. 3501); and the 
Government Paperwork Elimination Act (P.L. 105-277, 44 U.S.C. 3504); 
Homeland Security Presidential Directive (HSPD) 12, Policy for a Common 
Identification Standard for Federal Employees and Contractors, August 
27, 2004; Federal Property and Administrative Act of 1949, as amended.

Purpose:
    The primary purposes of the system are: (a) To ensure the safety 
and security of SSA facilities, systems, or information, and 
its'occupants and users; (b) to verify that all persons entering 
Federal facilities, using Federal information resources, are authorized 
to do so; and (c) to track and control PIV cards issued to persons 
entering and exiting the facilities or using systems.

    Note: Disclosures within SSA of data obtained from the IDMS that 
pertain to date and time of entry and exit of an agency employee 
working in the District of Columbia may not be made to supervisors, 
managers or any other persons (other than the individual to whom the 
information applies) to verify employee time and attendance records 
for personnel actions because 5 U.S.C. 6106 prohibits Federal 
Executive agencies (other than the Bureau of Engraving and Printing) 
from using a recording clock within the District of Columbia, unless 
used as a part of a flexible schedule program under 5 U.S.C. 6120 et 
seq.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    Information may be disclosed for routine uses as indicated below:
    1. To the Office of the President for the purpose of responding to 
an individual pursuant to an inquiry received from that individual or 
from a third party on his or her behalf.
    2. To a congressional office in response to an inquiry from that 
office made at the request of the subject of a record.
    3. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such tribunal when:
    (a) The Social Security Administration (SSA), or any component 
thereof; or
    (b) any SSA employee in his/her official capacity; or
    (c) any SSA employee in his/her individual capacity where DOJ (or 
SSA where it is authorized to do so) has agreed to represent the 
employee; or
    (d) the United States or any agency thereof where SSA determines 
that the litigation is likely to affect the operation of SSA or any of 
its components, is a party to litigation or has an interest in such 
litigation, and SSA determines that the use of such records by DOJ, a 
court or other tribunal, or another party before such tribunal, is 
relevant and necessary to the litigation, provided, however, that in 
each case SSA determines that such disclosure is compatible with the 
purpose for which the records were collected.
    4. To student volunteers, individuals working under a personal 
services contract, and other individuals performing functions for SSA 
but technically not having the status of agency employees, if they need 
access to the records in order to perform their assigned agency 
functions.
    5. To the appropriate public authority whether a Federal, foreign, 
State, local or tribal agency, except as noted on Forms SF 85, 85-P, 
and 86, when a record on its face, or in conjunction with other 
records, indicates a violation or potential violation of law, whether 
civil, criminal, or regulatory in nature, and whether arising by 
general statute or particular program statute, or by regulation, rule, 
or order issued pursuant thereto, for enforcing, investigating or 
prosecuting such violation or charged with enforcing or implementing 
the statute, or rule, regulation, or order issued pursuant thereto, if 
the information disclosed is relevant to any enforcement, regulatory, 
investigative or prosecutorial responsibility of the receiving entity.
    6. To a Federal State, local, foreign, or tribal or other public 
authority the fact that this system of records contains information 
relevant to the retention of an employee, the retention of a security 
clearance, the letting of a contract, or the issuance or retention of a 
license, grant, or other benefit. The other agency or licensing 
organization may then make a request supported by the written consent 
of the individual for the entire record if it so chooses. No disclosure 
will be made unless the information has been determined to be 
sufficiently reliable to support a referral to another office within 
the agency or to another Federal agency for criminal, civil, 
administrative personnel or regulatory action.
    7. To a Federal, State, or local agency, or other appropriate 
entities or individuals, or through established liaison channels to 
selected foreign governments, in order to enable an intelligence agency 
to carry out its responsibilities under the National Security Act of 
1947 as amended, the CIA Act of 1949 as amended, Executive Order 12333 
or any successor order, applicable national security directives, or 
classified implementing procedures approved by the Attorney General and 
promulgated pursuant to such statutes, orders or directives.
    8. To notify another Federal agency when, or verify whether, a PIV 
card is no longer valid.
    9. To the Equal Employment Opportunity Commission when requested in 
connection with investigations into alleged or possible discriminatory 
practices in the Federal sector, examination of Federal affirmative 
employment programs, compliance by Federal agencies with the Uniform 
Guidelines on Employee Selection Procedures, or other functions vested 
in the Commission.
    10. To the Federal Labor Relations Authority, the Office of the 
Special Counsel, the Federal Mediation and Conciliation Service, the 
Federal Service Impasses Panel, or an arbitrator when information is 
requested in connection with the investigations of allegations of 
unfair practices, matters before an arbitrator or the Federal Service 
Impasses Panel.
    11. To the Merit Systems Protection Board or the Office of Special 
Counsel in connection with appeals, special studies of the civil 
service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and other such functions promulgated in 5 U.S.C. Chapter 12, or as may 
be authorized by law.
    12. To contractors and other Federal agencies, as necessary, for 
the purpose of assisting Social Security Administration (SSA) in the 
efficient administration of its programs. We will disclose information 
under this routine use only in situations in which SSA may enter a 
contractual or similar agreement with a third party to assist in 
accomplishing an agency function relating to this system of records.
    13. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary: 
(a) To enable them to protect the safety of SSA

[[Page 64755]]

employees and the public, the security of the SSA workplace, and the 
operation of SSA facilities; or (b) to assist investigations or 
prosecutions with respect to activities that affect such safety and 
security or activities that disrupt the operation of SSA facilities.
    14. To the National Archives and Records Administration or to the 
General Services Administration for records management inspections 
conducted under 44 U.S.C. 2904 and 2906.

Policies and practices for storing, retrieving, accessing, retaining 
and disposing of records in the system:
Storage:
    Records are stored in electronic media and in paper files.

Retrievability:
    Records are retrievable by name, SSN, other ID number, PIV card 
serial number, image (photograph), fingerprint.

Safeguards:
    Paper records are kept in locked cabinets in secure facilities and 
access to them is restricted to individuals whose role requires use of 
the records. The computer servers in which records are stored are 
located in a secure environment within SSA's National Computer Center 
and are secured by alarm systems and off-master key access. The 
computer servers themselves are password-protected. Access to 
individuals working at guard stations is password-protected; each 
person granted access to the system at guard stations must be 
individually authorized to use the system. A Privacy Act Warning Notice 
appears on the monitor screen when records containing information on 
individuals are first displayed. Data exchanged between the servers' 
and the clients' personal computers at the guard stations and badging 
office are encrypted. Backup tapes are stored in a locked and 
controlled room in a secure, off-site location.
    An audit trail is maintained and reviewed periodically to identify 
unauthorized access. Persons given roles in the PIV process must 
complete training specific to their roles to ensure they are 
knowledgeable about how to protect individually identifiable 
information.

Retention and disposal:
    Records relating to persons' access covered by this system are 
retained in accordance with General Records Schedule (GRS) 18, Item 17 
approved by the National Archives and Records Administration (NARA). 
Records will be maintained indefinitely until NARA approves an Agency 
disposition schedule for these records.
    All other records relating to individuals under this system are 
retained and disposed of in accordance with GRS 18, item 22a, approved 
by NARA. Records are destroyed upon notification of death or not later 
than five years after separation or transfer of employee, whichever is 
applicable or no later than 5 years after a contractual relationship 
expires, whichever is applicable.
    In accordance with HSPD-12, PIV cards are deactivated within 18 
hours of cardholder separation, loss of card, or expiration. The 
information on PIV cards is maintained in accordance with GRS 11, Item 
4. PIV cards are destroyed by cross-cut shredding no later than 90 days 
after deactivation.

System manager(s) and address:
    HSPD-12 Project Manager, SSA, Room 1300 Dunleavy Bldg., 1508 
Woodlawn Drive, Baltimore, MD 21235.

Notification procedures:
    An individual can determine if this system contains a record 
pertaining to him/her by sending a signed, written request to the 
system manager at the above address. When requesting notification of or 
access to records covered by this Notice, an individual should provide 
his/her full name, date of birth, Agency name, and work location. An 
individual requesting notification of records in person must provide 
identity documents sufficient to satisfy the custodian of the records 
that the requester is entitled to access, such as a government-issued 
photo ID. Individuals requesting notification via mail or telephone 
must furnish, at minimum, name, date of birth, SSN, and home address in 
order to establish identity. These procedures are in accordance with 
SSA Regulations (20 CFR 401.40(c)).

Records access procedures:
    Same as notification procedures. Requesters should also reasonably 
specify the record contents being sought. These procedures are in 
accordance with SSA Regulations (20 CFR 401.40(c)). If additional 
information or assistance is required, contact the system manager at 
the above address. SSA may withhold from a record in this system of 
records from access by the subject of the record pursuant to subsection 
(d)(5) of the Privacy Act (5 U.S.C. 552a(d)(5)) in certain situations 
(e.g, a record that may relate to a civil action or proceeding).

Contesting record procedures:
    Same as notification procedures. Requesters should also reasonably 
identify the record, specify the information they are contesting, state 
the corrective action sought and the reasons for the correction along 
with supporting justification showing why the record is not accurate, 
timely, relevant, or complete. These procedures are in accordance with 
SSA Regulations (20 CFR 401.40(c)). If additional information or 
assistance is required, contact the system manager at the above 
address.

Record source categories:
    Employee, contractor, or applicant; sponsoring agency; former 
sponsoring agency; other Federal agencies; contract employer; former 
employer.

System exempted from certain provisions of the Privacy Act:
    None.

 [FR Doc. E6-18549 Filed 11-2-06; 8:45 am]
BILLING CODE 4191-02-P