Privacy Act of 1974, as Amended; Alteration to Existing Systems of Records, 69723-69725 [E7-23875]

Download as PDF Federal Register / Vol. 72, No. 236 / Monday, December 10, 2007 / Notices available for inspection and copying in the Commission’s Public Reference Room, 100 F Street, NE., Washington, DC 20549, on official business days between the hours of 10 a.m. and 3 p.m. Copies of the filing also will be available for inspection and copying at the principal office of BSE. All comments received will be posted without change; the Commission does not edit personal identifying information from submissions. You should submit only information that you wish to make available publicly. All submissions should refer to File Number SR–BSE– 2007–49 and should be submitted on or before December 31, 2007. For the Commission, by the Division of Trading and Markets, pursuant to delegated authority.25 Florence E. Harmon, Deputy Secretary. [FR Doc. E7–23816 Filed 12–7–07; 8:45 am] BILLING CODE 8011–01–P SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974, as Amended; Alteration to Existing Systems of Records AGENCY: (SSA). Proposed New Routine Use for Existing Systems of Records. rmajette on PROD1PC64 with NOTICES SUMMARY: As mandated by the Office of Management and Budget (OMB) in Memorandum M–07–16, recommended by the President’s Identity Theft Task Force, and in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and (11)), we are issuing public notice of our intent to establish a new routine use disclosure applicable to SSA’s systems of records listed below under section I of the Supplementary Information section. The proposed routine use specifically permits the disclosure of SSA information in connection with response and remediation efforts in the event of an unintentional release of Agency information, otherwise known as a ‘‘data security breach.’’ Such a routine use would serve to protect the interests of the people whose information is at risk by allowing us to take appropriate steps to facilitate a timely and effective response to a data breach. It would also help us to improve our ability to prevent, minimize, or remedy any harm that may result from a compromise of data maintained in our CFR 200.30–3(a)(12). VerDate Aug<31>2005 15:35 Dec 07, 2007 consent if the disclosure is ‘‘for a routine use as defined in subsection (a)(7) of this section and described under subsection (e)(4)(D) of this section.’’ 5 U.S.C. 552a(b)(3). Subsection (a)(7) of the Act states that ‘‘the term ‘routine use’ means, with respect to the disclosure of a record, the use of such record for a purpose which is compatible with the purpose for which it was collected.’’ 5 U.S.C. 552a(a)(7). Providing information to help respond to and remediate a breach of Federal data qualifies as a necessary and proper use of information. Such a use is in the best interest of both the individual whose record is at issue and the public. The Privacy Act requires that agencies publish notification in the Federal Register of ‘‘each routine use of the records contained in the system, including the categories of users and the purpose of such use.’’ 5 U.S.C. 552a(e)(4)(D). Based on OMB’s recommended language, we have developed the following routine use that we will apply to nearly all of our Privacy Act systems of records,1 and that will allow for disclosure to appropriate agencies, entities, and persons under the following circumstances: Jkt 214001 I. Discussion of the Proposed New Routine Use We may disclose information to appropriate Federal, State, and local agencies, entities, and persons when (1) we suspect or confirm that the security or confidentiality of information in this system of records has been compromised; (2) we determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs of SSA that rely upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. SSA will use this routine use to respond only to those incidents involving an unintentional release of its records. OMB has mandated and the President’s Identity Theft Task Force recommended that Federal agencies develop and publish a routine use for appropriate systems of records that allows for the disclosure of information in connection with the response and remedial efforts in the event of a data breach. Subsection (b)(3) of the Privacy Act provides that information from an agency’s system of records may be disclosed without a subject individual’s In nearly all cases, we will immediately notify affected individuals before informing any other entity. In the rare event that law enforcement needs require us to delay consumer notification, this delay will be limited to the minimum amount of time needed. Timely notification allows individuals the opportunity to minimize or prevent the occurrence of harm. SSA will establish a new routine use to be included in the following systems of records: 1 Our Privacy Act systems of records that contain data protected under the Internal Revenue Code (IRC) will not contain this routine use as the IRC Social Security Administration ACTION: 25 17 systems of records. We invite public comment on this proposal. DATES: We filed a report of the proposed new routine use disclosure with the Chairman of the Senate Committee on Homeland Security and Governmental Affairs, the Chairman of the House Committee on Oversight and Government Reform, and the Director, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB) on November 19, 2007. The proposed routine use will become effective on December 24, 2007, unless we receive comments warranting it not to become effective. ADDRESSES: Interested individuals may comment on this publication by writing to the Executive Director, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, Room 3–A–6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235– 6401. All comments received will be available for public inspection at the above address. FOR FURTHER INFORMATION CONTACT: Ms. Margo Wagner, Social Insurance Specialist, Disclosure Policy Development and Services Division 2, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, Room 3–A–6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235– 6401, telephone: (410) 965–1482, e-mail: margo.wagner@ssa.gov or Mr. Neil Etter, Social Insurance Specialist, Disclosure Policy Development and Services Division 1, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, Room 3–A–6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235– 6401, telephone: (410) 965–8028, e-mail: neil.etter@ssa.gov. SUPPLEMENTARY INFORMATION: 69723 does not contain a provision that permits disclosure for this purpose. PO 00000 Frm 00082 Fmt 4703 Sfmt 4703 E:\FR\FM\10DEN1.SGM 10DEN1 69724 Federal Register / Vol. 72, No. 236 / Monday, December 10, 2007 / Notices New routine use rmajette on PROD1PC64 with NOTICES System No. and name 60–0001—Assignment and Correspondence Tracking Act (ACT) .......................................................... 60–0002—Optical System for Correspondence Analysis and Response ................................................ 60–0003—Attorney Fee File ..................................................................................................................... 60–0004—Working File of the Appeals Council ...................................................................................... 60–0005—Administrative Law Judge Working File on Claimant Cases .................................................. 60–0006—Storage of Hearing Records: Tape Cassettes and Audiograph Discs ................................... 60–0009—Hearings and Appeals Case Control System ......................................................................... 60–0010—Hearing Office Tracking System of Claimant Cases .............................................................. 60–0012—Listing and Alphabetical Name File (Folder) of Vocational Experts, Medical Experts, and Other Health Care/Non-Health Care Professionals Experts (Medicare). 60–0013—Records of Usage of Medical Experts, Vocational Experts, and Other Health Care/NonHealth Care Professionals Experts (Medicare). 60–0014—Curriculum Vitae and Professional Qualifications of Medical Advisors, and Resumes of Vocational Experts. 60–0038—Employee Building Pass Files ................................................................................................ 60–0040—Quality Review System ........................................................................................................... 60–0042—Quality Review Case Files ...................................................................................................... 60–0044—National Disability Determination Services ............................................................................. 60–0045—Black Lung Payment System .................................................................................................. 60–0046—Disability Determination Service Consultant’s File ................................................................. 60–0050—Completed Determination Record—Continuing Disability Determinations ............................. 60–0057—Quality Evaluation Data Records ............................................................................................ 60–0058—Master Files of Social Security Number Holders and SSN Applications ............................... 60–0063—Resource Accounting System ................................................................................................. 60–0077—Congressional Inquiry File ...................................................................................................... 60–0078—Public Inquiry Correspondence File ........................................................................................ 60–0089—Claims Folders System ........................................................................................................... 60–0090—Master Beneficiary Record ...................................................................................................... 60–0094—Recovery of Overpayments, Accounting and Reporting ........................................................ 60–0103—Supplemental Security Income Record .................................................................................. 60–0118—Non-Contributory Military Service Reimbursement System ................................................... 60–0159—Continuous Work History Sample (Statistics) ......................................................................... 60–0186—SSA Litigation Tracking System New Routine Use No. ......................................................... 60–0196—Disability Studies, Surveys, Records and Extracts (Statistics) ............................................... 60–0199—Extramural Surveys (Statistics) ............................................................................................... 60–0200—Retirement and Survivors Studies, Surveys, Records and Extracts (Statistics) .................... 60–0202—Old Age, Survivors and Disability Beneficiary and Worker Records and Extracts (Statistics) 60–0203—Supplemental Security Income Studies, Surveys, Records and Extracts (Statistics) ............ 60–0210—Record of Individuals Authorized Entry to Secured Automated Data Processing Area ........ 60–0211—Beneficiary, Family and Household Surveys, Records and Extracts System (Statistics) ...... 60–0213—Quality Review of Hearing/Appellate Process ........................................................................ 60–0214—Personal Identification Number File (PINFile) ........................................................................ 60–0218—Disability Insurance and Supplemental Security Income Demonstration Projects and Experiments System. 60–0219—Representative Disqualification/Suspension Information System ........................................... 60–0220—Kentucky Birth Records System ............................................................................................. 60–0221—Vocational Rehabilitation Reimbursement Case Processing System .................................... 60–0222—Master Representative Payee File .......................................................................................... 60–0224—SSA-Initiated Personal Earnings and Benefit Estimate Statement (SIPEBES) History File .. 60–0225—SSA Initiated Personal Earnings and Benefit Estimate Statement Address System for Certain Territories. 60–0228—Safety Management Information System (SSA Accident, Injury and Illness Reporting System). 60–0230—Social Security Administration Parking Management Record System ................................... 60–0231—Financial Transactions of SSA Accounting and Finance Offices ........................................... 60–0232—Central Registry of Individuals Doing Business With SSA (Vendor File) ............................... 60–0234—Employee Assistance Program (EAP) Records ..................................................................... 60–0236—Employee Development Program Records ............................................................................ 60–0237—Employees’ Medical Records .................................................................................................. 60–0238—Pay, Leave and Attendance Records ..................................................................................... 60–0239—Personnel Records in Operating Offices ................................................................................ 60–0241—Employee Suggestion Program Records New Routine Uses ................................................ 60–0244—Administrative Grievances Filed Under Part 771 of 5 CFR ................................................... 60–0245—Negotiated Grievance Procedure Records ............................................................................. 60–0250—Equal Employment Opportunity (EEO) Counselor and Investigator Personnel Records ...... 60–0255—Plans for Achieving Self-Support (PASS) Management Information System ........................ 60–0259—Claims Under the Federal Tort Claims Act and Military Personnel and Civilian Employees’ Claim Act. 60–0262—Attorney Applicant Files .......................................................................................................... 60–0268—Medicare Part B Buy-In Information System .......................................................................... 60–0269—Prisoner Update Processing System (PUPS) ......................................................................... 60–0270—Records of Individuals Authorized Entry into Secured Areas by Digital Lock Systems, Electronic Key Card Systems or Other Electronic Access Devices. VerDate Aug<31>2005 15:35 Dec 07, 2007 Jkt 214001 PO 00000 Frm 00083 Fmt 4703 Sfmt 4703 No. No. No. No. No. No. No. No. No. 7 8 9 6 8 8 4 6 7 ............ ............ ............ ............ ............ ............ ............ ............ ............ Federal Register publication date/citation No. 71 71 71 70 70 71 65 71 71 FR FR FR FR FR FR FR FR FR 1800, 01/11/06. 1802, 01/11/06. 1803, 01/11/06. 60383, 10/17/05. 60383, 10/17/05. 1805, 01/11/06. 46997, 08/01/00. 1806, 01/11/06. 1807, 01/11/06. No.7 ............. 71 FR 1809, 01/11/06. No. 8 ............ 59 FR 46439, 09/08/94. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. 7 ............ 14 .......... 14 .......... 11 .......... 14 .......... 7 ............ 10 .......... 6 ............ 42 .......... 6 ............ 7 ............ 8 ............ 36 .......... 38 .......... 9 ............ 37 .......... 6 ............ 5 ............ 6 ............ 4 ............ 4 ............ 4 ............ 5 ............ 5 ............ 7 ............ 5 ............ 7 ............ 5 ............ 7 ............ 59 65 65 71 68 71 71 65 71 59 71 71 71 71 70 71 71 65 70 65 71 65 69 65 59 69 65 59 71 FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR 46439, 09/08/94. 46997, 08/01/00. 46997, 08/01/00. 11810, 01/11/06. 15784, 04/01/03. 1812, 01/11/06. 1814, 01/11/06. 46997, 08/01/00. 1818, 01/11/06. 46439, 09/08/94. 1823, 01/11/06. 1825, 01/11/06. 1829, 01/11/06. 1829, 01/11/06. 49354, 08/23/05. 1829, 01/11/06. 18334, 01/11/06. 46997, 08/01/00. 60383, 10/17/05. 46997, 08/01/00. 1835, 01/11/06. 46997, 08/01/00. 11693, 03/11/04. 46997, 08/01/00. 46439, 09/08/94. 11693, 03/11/04. 46997, 08/01/00. 46441, 09/08/94. 1837, 01/11/06. No. No. No. No. No. No. 8 ............ 5 ............ 10 .......... 18 .......... 7 ............ 6 ............ 71 59 71 71 59 59 FR FR FR FR FR FR 1839, 01/11/06. 46439, 09/08/94. 1841, 01/11/06. 5399, 02/01/06. 54004, 10/27/94. 54004, 10/27/94. No. 7 ............ 71 FR 1844, 01/11/06. No. No. No. No. No. No. No. No. No. No. No. No. No. No. 5 ............ 19 .......... 11 .......... 7 ............ 13 .......... 8 ............ 25 .......... 17 .......... 6 ............ 19 .......... 21 .......... 13 .......... 19 .......... 8 ............ 71 71 71 71 71 71 71 71 71 71 71 71 71 71 FR FR FR FR FR FR FR FR FR FR FR FR FR FR 1846, 1847, 1849, 1850, 1853, 1854, 1856, 1859, 1861, 1862, 1864, 1866, 1867, 1869, No. No. No. No. 7 ............ 9 ............ 12 .......... 5 ............ 71 64 64 65 FR FR FR FR 1871, 01/11/06. 10173, 03/02/99. 11076, 03/08/99. 77953, 12/13/00. E:\FR\FM\10DEN1.SGM 10DEN1 01/11/06. 01/11/06. 01/11/06. 01/11/06. 01/11/06. 01/11/06. 01/11/06. 01/11/06. 01/11/06. 01/11/06. 01/11/06. 01/11/06. 01/11/06. 01/11/06. 69725 Federal Register / Vol. 72, No. 236 / Monday, December 10, 2007 / Notices System No. and name New routine use Federal Register publication date/citation No. 60–0273—Social Security Title VIII Special Veterans Benefits Claims Development and Management Information System. 60–0274—Litigation Docket and Tracking System .................................................................................. 60–0275—Civil Rights Complaints Filed by Members of the Public ....................................................... 60–0276—Social Security Administration’s (SSA’s) Talking and Listening to Customers (TLC) ............ 60–0279—Social Security Administration’s (SSA’s) Mandate Against Red Tape (SMART) ................... 60–0280—SSA Administrative Sanctions ................................................................................................ 60–0290—Social Security Administration’s Customer PIN/Password (PPW) Master File System ......... 60–0295—Ticket-to-Work and Self-Sufficiency Program Payment Database ......................................... 60–0300—Ticket-to-Work Program Manager (PM) Management Information System ........................... 60–0305—SSA Mass Transportation Subsidy Program System ............................................................. 60–0310—Medicare Savings Programs Information System .................................................................. 60–0315—Reasonable Accommodation for Persons with Disabilities (RAPD) ....................................... 60–0318—Representative Payee/Misuse Restitution Control System (RP/MRCS) ................................ 60–0320—Electronic Disability Claim File (eDib) ..................................................................................... 60–0321—Medicare Part D and Part D Subsidy File .............................................................................. 60–0328—National Docketing Management Information System (NDMIS) ............................................ 60–0330—eWork ...................................................................................................................................... 60–0340—eFOIA ...................................................................................................................................... 60–0350—Visitor Intake Process/Customer Service Record (VIP/CSR) System ................................... 60–0355—The Non-Attorney Representative Prerequisites Process File (NARPPF) ............................. 60–0361—Identity Management System (IDMS) ..................................................................................... 60–0370—The Representative Payee and Beneficiary Survey Data System ......................................... No. 15 .......... 65 FR 13803, 03/14/00. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. No. 71 71 65 65 65 71 66 66 67 69 70 70 68 69 70 68 70 70 69 71 71 We are not republishing in their entirety the notices of the systems of records to which we are adding the proposed new routine use disclosures. Instead, we are republishing only the identification number, the name of the system of record, the number of the new routine use and the issue of the Federal Register in which the system notice was last published, including the publication date and page number. rmajette on PROD1PC64 with NOTICES II. Compatibility of Proposed Routine Use As mandated by OMB, as recommended by the President’s Identity Theft Task Force, and in accordance with the Privacy Act (5 U.S.C. 552a(a)(7) and (b)(3)) and our disclosure regulation (20 CFR part 401), we are permitted to release information under a published routine use for a purpose that is compatible with the purpose for which we collected the information. Section 401.120 of our regulations provides that we will disclose information required by law. Since OMB has mandated the publication of this routine use, the proposed routine use is appropriate and meets the relevant statutory and regulatory criteria. In addition, disclosures to other agencies, entities and persons when needed to respond to an unintentional release are compatible with the reasons we collect the information, as helping to prevent and minimize the potential for harm is consistent with taking appropriate steps to protect information entrusted to us. See 5 U.S.C. 552a(e)(10). VerDate Aug<31>2005 15:35 Dec 07, 2007 Jkt 214001 III. Effect of the Proposed Routine Use Disclosure on the Rights of Individuals The proposed routine use would serve to protect the interests of the people whose information is at risk. We would achieve this protection by taking appropriate steps to facilitate a timely and effective response to a security breach of our data, thereby improving our ability to prevent, minimize, or remedy any harm that may result from a compromise of data maintained in our systems of records. We do not anticipate that the proposed new routine use will have any unwarranted adverse effect on the rights of individuals about whom data will be disclosed. Dated: November 13, 2007. Michael J. Astrue, Commissioner. [FR Doc. E7–23875 Filed 12–7–07; 8:45 am] BILLING CODE 4191–02–P DEPARTMENT OF STATE [Public Notice 6011] Exchange Visitor Program—Au Pair Requirements Notice with request for comments. ACTION: The Department will accept comments from the public up to 60 days from date of publication in the Federal Register. ADDRESSES: You may submit comments by any of the following methods: • Persons with access to the Internet may view this notice and provide DATES: PO 00000 Frm 00084 Fmt 4703 Sfmt 4703 11 .......... 9 ............ 6 ............ 7 ............ 6 ............ 7 ............ 8 ............ 8 ............ 12 .......... 8 ............ 11 .......... 8 ............ 31 .......... 17 .......... 16 .......... 10 .......... 11 .......... 9 ............ 11 .......... 15 .......... 6 ............ FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR FR 1872, 01/11/06. 1874, 01/11/06. 48272, 08/07/00. 49047, 08/10/00. 54595, 09/08/00. 1874, 01/11/06. 17985, 04/04/01. 32656, 06/15/01. 44658, 07/03/02. 17019, 03/31/04. 62157, 10/28/05. 12774, 3/15/05. 71210, 12/22/03. 77816, 12/28/04. 34515, 06/14/05. 54037, 09/15/03. 3571, 01/25/03. 59795, 10/13/05. 77823, 12/28/04. 213, 11/03/06. 16399, 3/31/06. comments by going to the regulations.gov Web site at: http:// www.regulations.gov/index.cfm. • Mail (paper, disk, or CD–ROM submissions): U.S. Department of State, Office of Exchange Coordination and Designation, SA–44, 301 4th Street, SW., Room 734, Washington, DC 20547 • E-mail: jexchanges@state.gov. You must include the Public Notice number in the subject line of your message. FOR FURTHER INFORMATION CONTACT: Stanley S. Colvin, Director, Office of Exchange Coordination and Designation, U.S. Department of State, SA–44, 301 4th Street, SW., Room 734, Washington, DC 20547; 202–203–5096 or e-mail at jexchanges@state.gov. SUMMARY: As a component of its Public Diplomacy and people to people exchanges, the Department of State oversees the Au pair Program whereby foreign nationals are afforded the opportunity to live with an American host family and participate directly in the home life of the host family. All au pair participants provide child care services to the host family and attend a U.S. post-secondary educational institution. Au pair participants provide up to forty-five hours of child care services per week and pursue not less than six semester hours of academic credit or its equivalent during their year of program participation. Some au pairs participate in the EduCare program. These au pairs provide up to thirty hours of child care services per week and pursue not less than twelve semester hours of academic credit or its equivalent during their year of program participation. Approximately 15,000 E:\FR\FM\10DEN1.SGM 10DEN1

Agencies

[Federal Register Volume 72, Number 236 (Monday, December 10, 2007)]
[Notices]
[Pages 69723-69725]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E7-23875]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974, as Amended; Alteration to Existing Systems 
of Records

AGENCY: Social Security Administration (SSA).

ACTION: Proposed New Routine Use for Existing Systems of Records.

-----------------------------------------------------------------------

SUMMARY: As mandated by the Office of Management and Budget (OMB) in 
Memorandum M-07-16, recommended by the President's Identity Theft Task 
Force, and in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and 
(11)), we are issuing public notice of our intent to establish a new 
routine use disclosure applicable to SSA's systems of records listed 
below under section I of the Supplementary Information section. The 
proposed routine use specifically permits the disclosure of SSA 
information in connection with response and remediation efforts in the 
event of an unintentional release of Agency information, otherwise 
known as a ``data security breach.'' Such a routine use would serve to 
protect the interests of the people whose information is at risk by 
allowing us to take appropriate steps to facilitate a timely and 
effective response to a data breach. It would also help us to improve 
our ability to prevent, minimize, or remedy any harm that may result 
from a compromise of data maintained in our systems of records. We 
invite public comment on this proposal.

DATES: We filed a report of the proposed new routine use disclosure 
with the Chairman of the Senate Committee on Homeland Security and 
Governmental Affairs, the Chairman of the House Committee on Oversight 
and Government Reform, and the Director, Office of Information and 
Regulatory Affairs, Office of Management and Budget (OMB) on November 
19, 2007. The proposed routine use will become effective on December 
24, 2007, unless we receive comments warranting it not to become 
effective.

ADDRESSES: Interested individuals may comment on this publication by 
writing to the Executive Director, Office of Public Disclosure, Office 
of the General Counsel, Social Security Administration, Room 3-A-6 
Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235-6401. All comments received will be available for public 
inspection at the above address.

FOR FURTHER INFORMATION CONTACT: Ms. Margo Wagner, Social Insurance 
Specialist, Disclosure Policy Development and Services Division 2, 
Office of Public Disclosure, Office of the General Counsel, Social 
Security Administration, Room 3-A-6 Operations Building, 6401 Security 
Boulevard, Baltimore, Maryland 21235-6401, telephone: (410) 965-1482, 
e-mail: margo.wagner@ssa.gov or Mr. Neil Etter, Social Insurance 
Specialist, Disclosure Policy Development and Services Division 1, 
Office of Public Disclosure, Office of the General Counsel, Social 
Security Administration, Room 3-A-6 Operations Building, 6401 Security 
Boulevard, Baltimore, Maryland 21235-6401, telephone: (410) 965-8028, 
e-mail: neil.etter@ssa.gov.

SUPPLEMENTARY INFORMATION:

I. Discussion of the Proposed New Routine Use

    OMB has mandated and the President's Identity Theft Task Force 
recommended that Federal agencies develop and publish a routine use for 
appropriate systems of records that allows for the disclosure of 
information in connection with the response and remedial efforts in the 
event of a data breach.
    Subsection (b)(3) of the Privacy Act provides that information from 
an agency's system of records may be disclosed without a subject 
individual's consent if the disclosure is ``for a routine use as 
defined in subsection (a)(7) of this section and described under 
subsection (e)(4)(D) of this section.'' 5 U.S.C. 552a(b)(3). Subsection 
(a)(7) of the Act states that ``the term `routine use' means, with 
respect to the disclosure of a record, the use of such record for a 
purpose which is compatible with the purpose for which it was 
collected.'' 5 U.S.C. 552a(a)(7). Providing information to help respond 
to and remediate a breach of Federal data qualifies as a necessary and 
proper use of information. Such a use is in the best interest of both 
the individual whose record is at issue and the public.
    The Privacy Act requires that agencies publish notification in the 
Federal Register of ``each routine use of the records contained in the 
system, including the categories of users and the purpose of such 
use.'' 5 U.S.C. 552a(e)(4)(D). Based on OMB's recommended language, we 
have developed the following routine use that we will apply to nearly 
all of our Privacy Act systems of records,\1\ and that will allow for 
disclosure to appropriate agencies, entities, and persons under the 
following circumstances:
---------------------------------------------------------------------------

    \1\ Our Privacy Act systems of records that contain data 
protected under the Internal Revenue Code (IRC) will not contain 
this routine use as the IRC does not contain a provision that 
permits disclosure for this purpose.

    We may disclose information to appropriate Federal, State, and 
local agencies, entities, and persons when (1) we suspect or confirm 
that the security or confidentiality of information in this system 
of records has been compromised; (2) we determine that as a result 
of the suspected or confirmed compromise there is a risk of harm to 
economic or property interests, identity theft or fraud, or harm to 
the security or integrity of this system or other systems or 
programs of SSA that rely upon the compromised information; and (3) 
we determine that disclosing the information to such agencies, 
entities, and persons is necessary to assist in our efforts to 
respond to the suspected or confirmed compromise and prevent, 
minimize, or remedy such harm. SSA will use this routine use to 
respond only to those incidents involving an unintentional release 
---------------------------------------------------------------------------
of its records.

    In nearly all cases, we will immediately notify affected 
individuals before informing any other entity. In the rare event that 
law enforcement needs require us to delay consumer notification, this 
delay will be limited to the minimum amount of time needed. Timely 
notification allows individuals the opportunity to minimize or prevent 
the occurrence of harm.
    SSA will establish a new routine use to be included in the 
following systems of records:

[[Page 69724]]



----------------------------------------------------------------------------------------------------------------
                                                                           Federal Register publication date/
           System No. and name                  New routine use                       citation No.
----------------------------------------------------------------------------------------------------------------
60-0001--Assignment and Correspondence    No. 7......................  71 FR 1800, 01/11/06.
 Tracking Act (ACT).
60-0002--Optical System for               No. 8......................  71 FR 1802, 01/11/06.
 Correspondence Analysis and Response.
60-0003--Attorney Fee File..............  No. 9......................  71 FR 1803, 01/11/06.
60-0004--Working File of the Appeals      No. 6......................  70 FR 60383, 10/17/05.
 Council.
60-0005--Administrative Law Judge         No. 8......................  70 FR 60383, 10/17/05.
 Working File on Claimant Cases.
60-0006--Storage of Hearing Records:      No. 8......................  71 FR 1805, 01/11/06.
 Tape Cassettes and Audiograph Discs.
60-0009--Hearings and Appeals Case        No. 4......................  65 FR 46997, 08/01/00.
 Control System.
60-0010--Hearing Office Tracking System   No. 6......................  71 FR 1806, 01/11/06.
 of Claimant Cases.
60-0012--Listing and Alphabetical Name    No. 7......................  71 FR 1807, 01/11/06.
 File (Folder) of Vocational Experts,
 Medical Experts, and Other Health Care/
 Non-Health Care Professionals Experts
 (Medicare).
60-0013--Records of Usage of Medical      No.7.......................  71 FR 1809, 01/11/06.
 Experts, Vocational Experts, and Other
 Health Care/Non-Health Care
 Professionals Experts (Medicare).
60-0014--Curriculum Vitae and             No. 8......................  59 FR 46439, 09/08/94.
 Professional Qualifications of Medical
 Advisors, and Resumes of Vocational
 Experts.
60-0038--Employee Building Pass Files...  No. 7......................  59 FR 46439, 09/08/94.
60-0040--Quality Review System..........  No. 14.....................  65 FR 46997, 08/01/00.
60-0042--Quality Review Case Files......  No. 14.....................  65 FR 46997, 08/01/00.
60-0044--National Disability              No. 11.....................  71 FR 11810, 01/11/06.
 Determination Services.
60-0045--Black Lung Payment System......  No. 14.....................  68 FR 15784, 04/01/03.
60-0046--Disability Determination         No. 7......................  71 FR 1812, 01/11/06.
 Service Consultant's File.
60-0050--Completed Determination Record-- No. 10.....................  71 FR 1814, 01/11/06.
 Continuing Disability Determinations.
60-0057--Quality Evaluation Data Records  No. 6......................  65 FR 46997, 08/01/00.
60-0058--Master Files of Social Security  No. 42.....................  71 FR 1818, 01/11/06.
 Number Holders and SSN Applications.
60-0063--Resource Accounting System.....  No. 6......................  59 FR 46439, 09/08/94.
60-0077--Congressional Inquiry File.....  No. 7......................  71 FR 1823, 01/11/06.
60-0078--Public Inquiry Correspondence    No. 8......................  71 FR 1825, 01/11/06.
 File.
60-0089--Claims Folders System..........  No. 36.....................  71 FR 1829, 01/11/06.
60-0090--Master Beneficiary Record......  No. 38.....................  71 FR 1829, 01/11/06.
60-0094--Recovery of Overpayments,        No. 9......................  70 FR 49354, 08/23/05.
 Accounting and Reporting.
60-0103--Supplemental Security Income     No. 37.....................  71 FR 1829, 01/11/06.
 Record.
60-0118--Non-Contributory Military        No. 6......................  71 FR 18334, 01/11/06.
 Service Reimbursement System.
60-0159--Continuous Work History Sample   No. 5......................  65 FR 46997, 08/01/00.
 (Statistics).
60-0186--SSA Litigation Tracking System   No. 6......................  70 FR 60383, 10/17/05.
 New Routine Use No..
60-0196--Disability Studies, Surveys,     No. 4......................  65 FR 46997, 08/01/00.
 Records and Extracts (Statistics).
60-0199--Extramural Surveys (Statistics)  No. 4......................  71 FR 1835, 01/11/06.
60-0200--Retirement and Survivors         No. 4......................  65 FR 46997, 08/01/00.
 Studies, Surveys, Records and Extracts
 (Statistics).
60-0202--Old Age, Survivors and           No. 5......................  69 FR 11693, 03/11/04.
 Disability Beneficiary and Worker
 Records and Extracts (Statistics).
60-0203--Supplemental Security Income     No. 5......................  65 FR 46997, 08/01/00.
 Studies, Surveys, Records and Extracts
 (Statistics).
60-0210--Record of Individuals            No. 7......................  59 FR 46439, 09/08/94.
 Authorized Entry to Secured Automated
 Data Processing Area.
60-0211--Beneficiary, Family and          No. 5......................  69 FR 11693, 03/11/04.
 Household Surveys, Records and Extracts
 System (Statistics).
60-0213--Quality Review of Hearing/       No. 7......................  65 FR 46997, 08/01/00.
 Appellate Process.
60-0214--Personal Identification Number   No. 5......................  59 FR 46441, 09/08/94.
 File (PINFile).
60-0218--Disability Insurance and         No. 7......................  71 FR 1837, 01/11/06.
 Supplemental Security Income
 Demonstration Projects and Experiments
 System.
60-0219--Representative Disqualification/ No. 8......................  71 FR 1839, 01/11/06.
 Suspension Information System.
60-0220--Kentucky Birth Records System..  No. 5......................  59 FR 46439, 09/08/94.
60-0221--Vocational Rehabilitation        No. 10.....................  71 FR 1841, 01/11/06.
 Reimbursement Case Processing System.
60-0222--Master Representative Payee      No. 18.....................  71 FR 5399, 02/01/06.
 File.
60-0224--SSA-Initiated Personal Earnings  No. 7......................  59 FR 54004, 10/27/94.
 and Benefit Estimate Statement
 (SIPEBES) History File.
60-0225--SSA Initiated Personal Earnings  No. 6......................  59 FR 54004, 10/27/94.
 and Benefit Estimate Statement Address
 System for Certain Territories.
60-0228--Safety Management Information    No. 7......................  71 FR 1844, 01/11/06.
 System (SSA Accident, Injury and
 Illness Reporting System).
60-0230--Social Security Administration   No. 5......................  71 FR 1846, 01/11/06.
 Parking Management Record System.
60-0231--Financial Transactions of SSA    No. 19.....................  71 FR 1847, 01/11/06.
 Accounting and Finance Offices.
60-0232--Central Registry of Individuals  No. 11.....................  71 FR 1849, 01/11/06.
 Doing Business With SSA (Vendor File).
60-0234--Employee Assistance Program      No. 7......................  71 FR 1850, 01/11/06.
 (EAP) Records.
60-0236--Employee Development Program     No. 13.....................  71 FR 1853, 01/11/06.
 Records.
60-0237--Employees' Medical Records.....  No. 8......................  71 FR 1854, 01/11/06.
60-0238--Pay, Leave and Attendance        No. 25.....................  71 FR 1856, 01/11/06.
 Records.
60-0239--Personnel Records in Operating   No. 17.....................  71 FR 1859, 01/11/06.
 Offices.
60-0241--Employee Suggestion Program      No. 6......................  71 FR 1861, 01/11/06.
 Records New Routine Uses.
60-0244--Administrative Grievances Filed  No. 19.....................  71 FR 1862, 01/11/06.
 Under Part 771 of 5 CFR.
60-0245--Negotiated Grievance Procedure   No. 21.....................  71 FR 1864, 01/11/06.
 Records.
60-0250--Equal Employment Opportunity     No. 13.....................  71 FR 1866, 01/11/06.
 (EEO) Counselor and Investigator
 Personnel Records.
60-0255--Plans for Achieving Self-        No. 19.....................  71 FR 1867, 01/11/06.
 Support (PASS) Management Information
 System.
60-0259--Claims Under the Federal Tort    No. 8......................  71 FR 1869, 01/11/06.
 Claims Act and Military Personnel and
 Civilian Employees' Claim Act.
60-0262--Attorney Applicant Files.......  No. 7......................  71 FR 1871, 01/11/06.
60-0268--Medicare Part B Buy-In           No. 9......................  64 FR 10173, 03/02/99.
 Information System.
60-0269--Prisoner Update Processing       No. 12.....................  64 FR 11076, 03/08/99.
 System (PUPS).
60-0270--Records of Individuals           No. 5......................  65 FR 77953, 12/13/00.
 Authorized Entry into Secured Areas by
 Digital Lock Systems, Electronic Key
 Card Systems or Other Electronic Access
 Devices.

[[Page 69725]]

 
60-0273--Social Security Title VIII       No. 15.....................  65 FR 13803, 03/14/00.
 Special Veterans Benefits Claims
 Development and Management Information
 System.
60-0274--Litigation Docket and Tracking   No. 11.....................  71 FR 1872, 01/11/06.
 System.
60-0275--Civil Rights Complaints Filed    No. 9......................  71 FR 1874, 01/11/06.
 by Members of the Public.
60-0276--Social Security                  No. 6......................  65 FR 48272, 08/07/00.
 Administration's (SSA's) Talking and
 Listening to Customers (TLC).
60-0279--Social Security                  No. 7......................  65 FR 49047, 08/10/00.
 Administration's (SSA's) Mandate
 Against Red Tape (SMART).
60-0280--SSA Administrative Sanctions...  No. 6......................  65 FR 54595, 09/08/00.
60-0290--Social Security                  No. 7......................  71 FR 1874, 01/11/06.
 Administration's Customer PIN/Password
 (PPW) Master File System.
60-0295--Ticket-to-Work and Self-         No. 8......................  66 FR 17985, 04/04/01.
 Sufficiency Program Payment Database.
60-0300--Ticket-to-Work Program Manager   No. 8......................  66 FR 32656, 06/15/01.
 (PM) Management Information System.
60-0305--SSA Mass Transportation Subsidy  No. 12.....................  67 FR 44658, 07/03/02.
 Program System.
60-0310--Medicare Savings Programs        No. 8......................  69 FR 17019, 03/31/04.
 Information System.
60-0315--Reasonable Accommodation for     No. 11.....................  70 FR 62157, 10/28/05.
 Persons with Disabilities (RAPD).
60-0318--Representative Payee/Misuse      No. 8......................  70 FR 12774, 3/15/05.
 Restitution Control System (RP/MRCS).
60-0320--Electronic Disability Claim      No. 31.....................  68 FR 71210, 12/22/03.
 File (eDib).
60-0321--Medicare Part D and Part D       No. 17.....................  69 FR 77816, 12/28/04.
 Subsidy File.
60-0328--National Docketing Management    No. 16.....................  70 FR 34515, 06/14/05.
 Information System (NDMIS).
60-0330--eWork..........................  No. 10.....................  68 FR 54037, 09/15/03.
60-0340--eFOIA..........................  No. 11.....................  70 FR 3571, 01/25/03.
60-0350--Visitor Intake Process/Customer  No. 9......................  70 FR 59795, 10/13/05.
 Service Record (VIP/CSR) System.
60-0355--The Non-Attorney Representative  No. 11.....................  69 FR 77823, 12/28/04.
 Prerequisites Process File (NARPPF).
60-0361--Identity Management System       No. 15.....................  71 FR 213, 11/03/06.
 (IDMS).
60-0370--The Representative Payee and     No. 6......................  71 FR 16399, 3/31/06.
 Beneficiary Survey Data System.
----------------------------------------------------------------------------------------------------------------

    We are not republishing in their entirety the notices of the 
systems of records to which we are adding the proposed new routine use 
disclosures. Instead, we are republishing only the identification 
number, the name of the system of record, the number of the new routine 
use and the issue of the Federal Register in which the system notice 
was last published, including the publication date and page number.

II. Compatibility of Proposed Routine Use

    As mandated by OMB, as recommended by the President's Identity 
Theft Task Force, and in accordance with the Privacy Act (5 U.S.C. 
552a(a)(7) and (b)(3)) and our disclosure regulation (20 CFR part 401), 
we are permitted to release information under a published routine use 
for a purpose that is compatible with the purpose for which we 
collected the information. Section 401.120 of our regulations provides 
that we will disclose information required by law. Since OMB has 
mandated the publication of this routine use, the proposed routine use 
is appropriate and meets the relevant statutory and regulatory 
criteria. In addition, disclosures to other agencies, entities and 
persons when needed to respond to an unintentional release are 
compatible with the reasons we collect the information, as helping to 
prevent and minimize the potential for harm is consistent with taking 
appropriate steps to protect information entrusted to us. See 5 U.S.C. 
552a(e)(10).

III. Effect of the Proposed Routine Use Disclosure on the Rights of 
Individuals

    The proposed routine use would serve to protect the interests of 
the people whose information is at risk. We would achieve this 
protection by taking appropriate steps to facilitate a timely and 
effective response to a security breach of our data, thereby improving 
our ability to prevent, minimize, or remedy any harm that may result 
from a compromise of data maintained in our systems of records. We do 
not anticipate that the proposed new routine use will have any 
unwarranted adverse effect on the rights of individuals about whom data 
will be disclosed.

    Dated: November 13, 2007.
Michael J. Astrue,
Commissioner.
 [FR Doc. E7-23875 Filed 12-7-07; 8:45 am]
BILLING CODE 4191-02-P