Privacy Act of 1974, as Amended; Alteration to Existing Systems of Records, 69723-69725 [E7-23875]

Agencies

• Social Security Administration

[Federal Register Volume 72, Number 236 (Monday, December 10, 2007)]
[Notices]
[Pages 69723-69725]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E7-23875]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974, as Amended; Alteration to Existing Systems 
of Records

AGENCY: Social Security Administration (SSA).

ACTION: Proposed New Routine Use for Existing Systems of Records.

-----------------------------------------------------------------------

SUMMARY: As mandated by the Office of Management and Budget (OMB) in 
Memorandum M-07-16, recommended by the President's Identity Theft Task 
Force, and in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and 
(11)), we are issuing public notice of our intent to establish a new 
routine use disclosure applicable to SSA's systems of records listed 
below under section I of the Supplementary Information section. The 
proposed routine use specifically permits the disclosure of SSA 
information in connection with response and remediation efforts in the 
event of an unintentional release of Agency information, otherwise 
known as a ``data security breach.'' Such a routine use would serve to 
protect the interests of the people whose information is at risk by 
allowing us to take appropriate steps to facilitate a timely and 
effective response to a data breach. It would also help us to improve 
our ability to prevent, minimize, or remedy any harm that may result 
from a compromise of data maintained in our systems of records. We 
invite public comment on this proposal.

DATES: We filed a report of the proposed new routine use disclosure 
with the Chairman of the Senate Committee on Homeland Security and 
Governmental Affairs, the Chairman of the House Committee on Oversight 
and Government Reform, and the Director, Office of Information and 
Regulatory Affairs, Office of Management and Budget (OMB) on November 
19, 2007. The proposed routine use will become effective on December 
24, 2007, unless we receive comments warranting it not to become 
effective.

ADDRESSES: Interested individuals may comment on this publication by 
writing to the Executive Director, Office of Public Disclosure, Office 
of the General Counsel, Social Security Administration, Room 3-A-6 
Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235-6401. All comments received will be available for public 
inspection at the above address.

FOR FURTHER INFORMATION CONTACT: Ms. Margo Wagner, Social Insurance 
Specialist, Disclosure Policy Development and Services Division 2, 
Office of Public Disclosure, Office of the General Counsel, Social 
Security Administration, Room 3-A-6 Operations Building, 6401 Security 
Boulevard, Baltimore, Maryland 21235-6401, telephone: (410) 965-1482, 
e-mail: margo.wagner@ssa.gov or Mr. Neil Etter, Social Insurance 
Specialist, Disclosure Policy Development and Services Division 1, 
Office of Public Disclosure, Office of the General Counsel, Social 
Security Administration, Room 3-A-6 Operations Building, 6401 Security 
Boulevard, Baltimore, Maryland 21235-6401, telephone: (410) 965-8028, 
e-mail: neil.etter@ssa.gov.

SUPPLEMENTARY INFORMATION:

I. Discussion of the Proposed New Routine Use

    OMB has mandated and the President's Identity Theft Task Force 
recommended that Federal agencies develop and publish a routine use for 
appropriate systems of records that allows for the disclosure of 
information in connection with the response and remedial efforts in the 
event of a data breach.
    Subsection (b)(3) of the Privacy Act provides that information from 
an agency's system of records may be disclosed without a subject 
individual's consent if the disclosure is ``for a routine use as 
defined in subsection (a)(7) of this section and described under 
subsection (e)(4)(D) of this section.'' 5 U.S.C. 552a(b)(3). Subsection 
(a)(7) of the Act states that ``the term `routine use' means, with 
respect to the disclosure of a record, the use of such record for a 
purpose which is compatible with the purpose for which it was 
collected.'' 5 U.S.C. 552a(a)(7). Providing information to help respond 
to and remediate a breach of Federal data qualifies as a necessary and 
proper use of information. Such a use is in the best interest of both 
the individual whose record is at issue and the public.
    The Privacy Act requires that agencies publish notification in the 
Federal Register of ``each routine use of the records contained in the 
system, including the categories of users and the purpose of such 
use.'' 5 U.S.C. 552a(e)(4)(D). Based on OMB's recommended language, we 
have developed the following routine use that we will apply to nearly 
all of our Privacy Act systems of records,\1\ and that will allow for 
disclosure to appropriate agencies, entities, and persons under the 
following circumstances:
---------------------------------------------------------------------------

    \1\ Our Privacy Act systems of records that contain data 
protected under the Internal Revenue Code (IRC) will not contain 
this routine use as the IRC does not contain a provision that 
permits disclosure for this purpose.

    We may disclose information to appropriate Federal, State, and 
local agencies, entities, and persons when (1) we suspect or confirm 
that the security or confidentiality of information in this system 
of records has been compromised; (2) we determine that as a result 
of the suspected or confirmed compromise there is a risk of harm to 
economic or property interests, identity theft or fraud, or harm to 
the security or integrity of this system or other systems or 
programs of SSA that rely upon the compromised information; and (3) 
we determine that disclosing the information to such agencies, 
entities, and persons is necessary to assist in our efforts to 
respond to the suspected or confirmed compromise and prevent, 
minimize, or remedy such harm. SSA will use this routine use to 
respond only to those incidents involving an unintentional release 
---------------------------------------------------------------------------
of its records.

    In nearly all cases, we will immediately notify affected 
individuals before informing any other entity. In the rare event that 
law enforcement needs require us to delay consumer notification, this 
delay will be limited to the minimum amount of time needed. Timely 
notification allows individuals the opportunity to minimize or prevent 
the occurrence of harm.
    SSA will establish a new routine use to be included in the 
following systems of records:

[[Page 69724]]



----------------------------------------------------------------------------------------------------------------
                                                                           Federal Register publication date/
           System No. and name                  New routine use                       citation No.
----------------------------------------------------------------------------------------------------------------
60-0001--Assignment and Correspondence    No. 7......................  71 FR 1800, 01/11/06.
 Tracking Act (ACT).
60-0002--Optical System for               No. 8......................  71 FR 1802, 01/11/06.
 Correspondence Analysis and Response.
60-0003--Attorney Fee File..............  No. 9......................  71 FR 1803, 01/11/06.
60-0004--Working File of the Appeals      No. 6......................  70 FR 60383, 10/17/05.
 Council.
60-0005--Administrative Law Judge         No. 8......................  70 FR 60383, 10/17/05.
 Working File on Claimant Cases.
60-0006--Storage of Hearing Records:      No. 8......................  71 FR 1805, 01/11/06.
 Tape Cassettes and Audiograph Discs.
60-0009--Hearings and Appeals Case        No. 4......................  65 FR 46997, 08/01/00.
 Control System.
60-0010--Hearing Office Tracking System   No. 6......................  71 FR 1806, 01/11/06.
 of Claimant Cases.
60-0012--Listing and Alphabetical Name    No. 7......................  71 FR 1807, 01/11/06.
 File (Folder) of Vocational Experts,
 Medical Experts, and Other Health Care/
 Non-Health Care Professionals Experts
 (Medicare).
60-0013--Records of Usage of Medical      No.7.......................  71 FR 1809, 01/11/06.
 Experts, Vocational Experts, and Other
 Health Care/Non-Health Care
 Professionals Experts (Medicare).
60-0014--Curriculum Vitae and             No. 8......................  59 FR 46439, 09/08/94.
 Professional Qualifications of Medical
 Advisors, and Resumes of Vocational
 Experts.
60-0038--Employee Building Pass Files...  No. 7......................  59 FR 46439, 09/08/94.
60-0040--Quality Review System..........  No. 14.....................  65 FR 46997, 08/01/00.
60-0042--Quality Review Case Files......  No. 14.....................  65 FR 46997, 08/01/00.
60-0044--National Disability              No. 11.....................  71 FR 11810, 01/11/06.
 Determination Services.
60-0045--Black Lung Payment System......  No. 14.....................  68 FR 15784, 04/01/03.
60-0046--Disability Determination         No. 7......................  71 FR 1812, 01/11/06.
 Service Consultant's File.
60-0050--Completed Determination Record-- No. 10.....................  71 FR 1814, 01/11/06.
 Continuing Disability Determinations.
60-0057--Quality Evaluation Data Records  No. 6......................  65 FR 46997, 08/01/00.
60-0058--Master Files of Social Security  No. 42.....................  71 FR 1818, 01/11/06.
 Number Holders and SSN Applications.
60-0063--Resource Accounting System.....  No. 6......................  59 FR 46439, 09/08/94.
60-0077--Congressional Inquiry File.....  No. 7......................  71 FR 1823, 01/11/06.
60-0078--Public Inquiry Correspondence    No. 8......................  71 FR 1825, 01/11/06.
 File.
60-0089--Claims Folders System..........  No. 36.....................  71 FR 1829, 01/11/06.
60-0090--Master Beneficiary Record......  No. 38.....................  71 FR 1829, 01/11/06.
60-0094--Recovery of Overpayments,        No. 9......................  70 FR 49354, 08/23/05.
 Accounting and Reporting.
60-0103--Supplemental Security Income     No. 37.....................  71 FR 1829, 01/11/06.
 Record.
60-0118--Non-Contributory Military        No. 6......................  71 FR 18334, 01/11/06.
 Service Reimbursement System.
60-0159--Continuous Work History Sample   No. 5......................  65 FR 46997, 08/01/00.
 (Statistics).
60-0186--SSA Litigation Tracking System   No. 6......................  70 FR 60383, 10/17/05.
 New Routine Use No..
60-0196--Disability Studies, Surveys,     No. 4......................  65 FR 46997, 08/01/00.
 Records and Extracts (Statistics).
60-0199--Extramural Surveys (Statistics)  No. 4......................  71 FR 1835, 01/11/06.
60-0200--Retirement and Survivors         No. 4......................  65 FR 46997, 08/01/00.
 Studies, Surveys, Records and Extracts
 (Statistics).
60-0202--Old Age, Survivors and           No. 5......................  69 FR 11693, 03/11/04.
 Disability Beneficiary and Worker
 Records and Extracts (Statistics).
60-0203--Supplemental Security Income     No. 5......................  65 FR 46997, 08/01/00.
 Studies, Surveys, Records and Extracts
 (Statistics).
60-0210--Record of Individuals            No. 7......................  59 FR 46439, 09/08/94.
 Authorized Entry to Secured Automated
 Data Processing Area.
60-0211--Beneficiary, Family and          No. 5......................  69 FR 11693, 03/11/04.
 Household Surveys, Records and Extracts
 System (Statistics).
60-0213--Quality Review of Hearing/       No. 7......................  65 FR 46997, 08/01/00.
 Appellate Process.
60-0214--Personal Identification Number   No. 5......................  59 FR 46441, 09/08/94.
 File (PINFile).
60-0218--Disability Insurance and         No. 7......................  71 FR 1837, 01/11/06.
 Supplemental Security Income
 Demonstration Projects and Experiments
 System.
60-0219--Representative Disqualification/ No. 8......................  71 FR 1839, 01/11/06.
 Suspension Information System.
60-0220--Kentucky Birth Records System..  No. 5......................  59 FR 46439, 09/08/94.
60-0221--Vocational Rehabilitation        No. 10.....................  71 FR 1841, 01/11/06.
 Reimbursement Case Processing System.
60-0222--Master Representative Payee      No. 18.....................  71 FR 5399, 02/01/06.
 File.
60-0224--SSA-Initiated Personal Earnings  No. 7......................  59 FR 54004, 10/27/94.
 and Benefit Estimate Statement
 (SIPEBES) History File.
60-0225--SSA Initiated Personal Earnings  No. 6......................  59 FR 54004, 10/27/94.
 and Benefit Estimate Statement Address
 System for Certain Territories.
60-0228--Safety Management Information    No. 7......................  71 FR 1844, 01/11/06.
 System (SSA Accident, Injury and
 Illness Reporting System).
60-0230--Social Security Administration   No. 5......................  71 FR 1846, 01/11/06.
 Parking Management Record System.
60-0231--Financial Transactions of SSA    No. 19.....................  71 FR 1847, 01/11/06.
 Accounting and Finance Offices.
60-0232--Central Registry of Individuals  No. 11.....................  71 FR 1849, 01/11/06.
 Doing Business With SSA (Vendor File).
60-0234--Employee Assistance Program      No. 7......................  71 FR 1850, 01/11/06.
 (EAP) Records.
60-0236--Employee Development Program     No. 13.....................  71 FR 1853, 01/11/06.
 Records.
60-0237--Employees' Medical Records.....  No. 8......................  71 FR 1854, 01/11/06.
60-0238--Pay, Leave and Attendance        No. 25.....................  71 FR 1856, 01/11/06.
 Records.
60-0239--Personnel Records in Operating   No. 17.....................  71 FR 1859, 01/11/06.
 Offices.
60-0241--Employee Suggestion Program      No. 6......................  71 FR 1861, 01/11/06.
 Records New Routine Uses.
60-0244--Administrative Grievances Filed  No. 19.....................  71 FR 1862, 01/11/06.
 Under Part 771 of 5 CFR.
60-0245--Negotiated Grievance Procedure   No. 21.....................  71 FR 1864, 01/11/06.
 Records.
60-0250--Equal Employment Opportunity     No. 13.....................  71 FR 1866, 01/11/06.
 (EEO) Counselor and Investigator
 Personnel Records.
60-0255--Plans for Achieving Self-        No. 19.....................  71 FR 1867, 01/11/06.
 Support (PASS) Management Information
 System.
60-0259--Claims Under the Federal Tort    No. 8......................  71 FR 1869, 01/11/06.
 Claims Act and Military Personnel and
 Civilian Employees' Claim Act.
60-0262--Attorney Applicant Files.......  No. 7......................  71 FR 1871, 01/11/06.
60-0268--Medicare Part B Buy-In           No. 9......................  64 FR 10173, 03/02/99.
 Information System.
60-0269--Prisoner Update Processing       No. 12.....................  64 FR 11076, 03/08/99.
 System (PUPS).
60-0270--Records of Individuals           No. 5......................  65 FR 77953, 12/13/00.
 Authorized Entry into Secured Areas by
 Digital Lock Systems, Electronic Key
 Card Systems or Other Electronic Access
 Devices.

[[Page 69725]]

 
60-0273--Social Security Title VIII       No. 15.....................  65 FR 13803, 03/14/00.
 Special Veterans Benefits Claims
 Development and Management Information
 System.
60-0274--Litigation Docket and Tracking   No. 11.....................  71 FR 1872, 01/11/06.
 System.
60-0275--Civil Rights Complaints Filed    No. 9......................  71 FR 1874, 01/11/06.
 by Members of the Public.
60-0276--Social Security                  No. 6......................  65 FR 48272, 08/07/00.
 Administration's (SSA's) Talking and
 Listening to Customers (TLC).
60-0279--Social Security                  No. 7......................  65 FR 49047, 08/10/00.
 Administration's (SSA's) Mandate
 Against Red Tape (SMART).
60-0280--SSA Administrative Sanctions...  No. 6......................  65 FR 54595, 09/08/00.
60-0290--Social Security                  No. 7......................  71 FR 1874, 01/11/06.
 Administration's Customer PIN/Password
 (PPW) Master File System.
60-0295--Ticket-to-Work and Self-         No. 8......................  66 FR 17985, 04/04/01.
 Sufficiency Program Payment Database.
60-0300--Ticket-to-Work Program Manager   No. 8......................  66 FR 32656, 06/15/01.
 (PM) Management Information System.
60-0305--SSA Mass Transportation Subsidy  No. 12.....................  67 FR 44658, 07/03/02.
 Program System.
60-0310--Medicare Savings Programs        No. 8......................  69 FR 17019, 03/31/04.
 Information System.
60-0315--Reasonable Accommodation for     No. 11.....................  70 FR 62157, 10/28/05.
 Persons with Disabilities (RAPD).
60-0318--Representative Payee/Misuse      No. 8......................  70 FR 12774, 3/15/05.
 Restitution Control System (RP/MRCS).
60-0320--Electronic Disability Claim      No. 31.....................  68 FR 71210, 12/22/03.
 File (eDib).
60-0321--Medicare Part D and Part D       No. 17.....................  69 FR 77816, 12/28/04.
 Subsidy File.
60-0328--National Docketing Management    No. 16.....................  70 FR 34515, 06/14/05.
 Information System (NDMIS).
60-0330--eWork..........................  No. 10.....................  68 FR 54037, 09/15/03.
60-0340--eFOIA..........................  No. 11.....................  70 FR 3571, 01/25/03.
60-0350--Visitor Intake Process/Customer  No. 9......................  70 FR 59795, 10/13/05.
 Service Record (VIP/CSR) System.
60-0355--The Non-Attorney Representative  No. 11.....................  69 FR 77823, 12/28/04.
 Prerequisites Process File (NARPPF).
60-0361--Identity Management System       No. 15.....................  71 FR 213, 11/03/06.
 (IDMS).
60-0370--The Representative Payee and     No. 6......................  71 FR 16399, 3/31/06.
 Beneficiary Survey Data System.
----------------------------------------------------------------------------------------------------------------

    We are not republishing in their entirety the notices of the 
systems of records to which we are adding the proposed new routine use 
disclosures. Instead, we are republishing only the identification 
number, the name of the system of record, the number of the new routine 
use and the issue of the Federal Register in which the system notice 
was last published, including the publication date and page number.

II. Compatibility of Proposed Routine Use

    As mandated by OMB, as recommended by the President's Identity 
Theft Task Force, and in accordance with the Privacy Act (5 U.S.C. 
552a(a)(7) and (b)(3)) and our disclosure regulation (20 CFR part 401), 
we are permitted to release information under a published routine use 
for a purpose that is compatible with the purpose for which we 
collected the information. Section 401.120 of our regulations provides 
that we will disclose information required by law. Since OMB has 
mandated the publication of this routine use, the proposed routine use 
is appropriate and meets the relevant statutory and regulatory 
criteria. In addition, disclosures to other agencies, entities and 
persons when needed to respond to an unintentional release are 
compatible with the reasons we collect the information, as helping to 
prevent and minimize the potential for harm is consistent with taking 
appropriate steps to protect information entrusted to us. See 5 U.S.C. 
552a(e)(10).

III. Effect of the Proposed Routine Use Disclosure on the Rights of 
Individuals

    The proposed routine use would serve to protect the interests of 
the people whose information is at risk. We would achieve this 
protection by taking appropriate steps to facilitate a timely and 
effective response to a security breach of our data, thereby improving 
our ability to prevent, minimize, or remedy any harm that may result 
from a compromise of data maintained in our systems of records. We do 
not anticipate that the proposed new routine use will have any 
unwarranted adverse effect on the rights of individuals about whom data 
will be disclosed.

    Dated: November 13, 2007.
Michael J. Astrue,
Commissioner.
 [FR Doc. E7-23875 Filed 12-7-07; 8:45 am]
BILLING CODE 4191-02-P