Privacy Act of 1974; as Amended New System of Records and Routine Use Disclosures, 5619-5624 [E8-1674]

Download as PDF Federal Register / Vol. 73, No. 20 / Wednesday, January 30, 2008 / Notices (ii) security futures where at least one side of the trade is cleared by an OCC clearing member.5 Simultaneous with the adoption of the new standard clearing fee schedule, OCC additionally discounted clearing fees. Effective September 1 through December 31, 2007, OCC further reduced its discounted clearing fees and halved the market-maker scratch fee.6 Effective January 1, 2008, OCC will implement a new discounted clearing fee schedule Contracts/trade $0.05/contract ........................................................ $0.04/contract ........................................................ $0.03/contract ........................................................ $55.00 (capped) .................................................... The discounted clearing fee schedule and market maker scratch fee will remain in effect until further action by OCC’s Board of Directors. The adoption of the new discounted fee schedule reflects the strong contract volume experienced by OCC in 2007. OCC believes that these discounted fees will financially benefit clearing members and other market participants without adversely affecting OCC’s ability to meet its expenses and maintain an acceptable level of retained earnings. The proposed rule change is consistent with the requirements of section 17A of the Act 7 and the rules and regulations thereunder applicable to OCC because it benefits clearing members and other market participants by discounting fees and allocating them in a fair and equitable manner. The proposed rule change is not inconsistent with the existing rules of OCC, including any other rules proposed to be amended. (B) Self-Regulatory Organization’s Statement on Burden on Competition OCC does not believe that the proposed rule change would impose any burden on competition. Discounted standard fee schedule, effective January 1, 2008 $0.03/contract. $0.024/contract. $18.00 (capped). $18.00 (capped). 4(f)(2) 9 thereunder because the proposed rule establishes or changes a due, fee, or other charge. At any time within sixty days of the filing of such rule change, the Commission may summarily abrogate such rule change if it appears to the Commission that such action is necessary or appropriate in the public interest, for the protection of investors, or otherwise in furtherance of the purposes of the Act. IV. Solicitation of Comments Interested persons are invited to submit written data, views, and arguments concerning the foregoing, including whether the proposed rule change is consistent with the Act. Comments may be submitted by any of the following methods: Electronic Comments • Use the Commission’s Internet comment form (http://www.sec.gov/ rules/sro.shtml) or • Send an e-mail to rulecomments@sec.gov. Please include File Number SR–OCC–2007–17 on the subject line. Paper Comments The foregoing rule change has become effective upon filing pursuant to section 19(b)(3)(A)(ii) of the Act 8 and Rule 19b– • Send paper comments in triplicate to Nancy M. Morris, Secretary, Securities and Exchange Commission, 100 F Street, NE., Washington, DC 20549–1090. All submissions should refer to File Number SR–OCC–2007–17. This file number should be included on the subject line if e-mail is used. To help the Commission process and review your comments more efficiently, please use only one method. The Commission will post all comments on the Commission’s Internet Web site (http://www.sec.gov/ rules/sro.shtml). Copies of the submission, all subsequent amendments, all written statements 5 Securities Exchange Act Release No. 55709 (May 4, 2007), 72 FR 26669 (May 10, 2007) [File No. SR– OCC–2007–05]. 6 Securities Exchange Act Release No. 56386 (September 11, 2007), 72 FR 53273 (September 18, 2007) [File No. SR–OCC–2007–09]. In addition, OCC permanently adopted the standard fee schedule for commodity futures and eliminated the alternative fee schedule previously offered to futures markets. (C) Self-Regulatory Organization’s Statement on Comments on the Proposed Rule Change Received From Members, Participants, or Others Written comments were not and are not intended to be solicited with respect to the proposed rule change, and none have been received. III. Date of Effectiveness of the Proposed Rule Change and Timing for Commission Action mstockstill on PROD1PC66 with NOTICES that will replace the May 1 discounted fees and will continue the discounted market-maker scratch fee of $0.01 per side. The following chart sets forth the new discounted clearing fee schedule. Current permanent standard fee schedule, effective May 1, 2007 1–500 ....................................................... 501–1,000 ................................................ 1,001–2,000 ............................................. >2,000 ...................................................... VerDate Aug<31>2005 18:49 Jan 29, 2008 Jkt 214001 PO 00000 Frm 00126 Fmt 4703 Sfmt 4703 5619 with respect to the proposed rule change that are filed with the Commission, and all written communications relating to the proposed rule change between the Commission and any person, other than those that may be withheld from the public in accordance with the provisions of 5 U.S.C. 552, will be available for inspection and copying in the Commission’s Public Reference Room, 100 F Street, NE., Washington, DC 20549, on official business days between the hours of 10 a.m. and 3 p.m. The text of the proposed rule change is available at OCC, the Commission’s Public Reference Room, and http:// www.theocc.com/publications/rules/ proposed_changes/sr_occ_ 07_17.pdf. All comments received will be posted without change; the Commission does not edit personal identifying information from submissions. You should submit only information that you wish to make available publicly. All submissions should refer to File Number SR–OCC–2007–17 and should be submitted on or before February 20, 2008. For the Commission by the Division of Trading and Markets, pursuant to delegated authority.10 Florence E. Harmon, Deputy Secretary. [FR Doc. E8–1614 Filed 1–29–08; 8:45 am] BILLING CODE 8011–01–P SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974; as Amended New System of Records and Routine Use Disclosures AGENCY: Social Security Administration (SSA). 7 15 U.S.C. 78q–1. U.S.C. 78s(b)(3)(A)(ii). 9 17 CFR 240.19b–4(f)(2). 10 17 CFR 200.30–3(a)(12). 8 15 E:\FR\FM\30JAN1.SGM 30JAN1 5620 Federal Register / Vol. 73, No. 20 / Wednesday, January 30, 2008 / Notices Proposed New System of Records and Proposed Routine Uses. ACTION: SUMMARY: In accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and (e)(11)), we are issuing public notice of our intent to establish a new system of records entitled, Social Security Administration Unified Measurement System/Managerial Cost Accountability System (SUMS/MCAS) 60–0371, and routine uses applicable to this system of records. SUMS/MCAS will consist of information related to five interrelated Agency initiatives: (1) Workload counts, (2) performance measures, (3) time allocation, (4) customer service records, and (5) managerial cost accountability. We invite public comments on this proposal. DATES: We filed a report of SUMS/MCAS and its applicable routine uses with the Chairman of the Senate Committee on Homeland Security and Governmental Affairs, the Chairman of the House Committee on Government Reform, and the Director, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB) on January 23, 2008. SUMS/MCAS and its routine uses will become effective on March 3, 2008, unless we receive comments warranting that they not become effective. ADDRESSES: Interested individuals may comment on this publication by writing to the Executive Director, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, Room 3-A–6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235–6401. All comments received will be available for public inspection at the above address. FOR FURTHER INFORMATION CONTACT: Ms. Earlene Whitworth Hill, Social Insurance Specialist, Disclosure Policy Development and Services Division 1, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, Room 3-A–6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235–6401, telephone at (410) 965–1817, or e-mail: earlene.whitworth.hill@ssa.gov. SUPPLEMENTARY INFORMATION: mstockstill on PROD1PC66 with NOTICES I. Background and Purpose of SUMS/ MCAS A. General Background SUMS/MCAS will support SSA and the State Disability Determination Services (DDS) management and management information (MI) analysts in analyzing workloads, planning resources, performing cost allocation activities, improving access to MI, and improving work-power allocation, VerDate Aug<31>2005 18:49 Jan 29, 2008 Jkt 214001 which in turn will help us improve customer service and reduce manual work. SUMS/MCAS will provide a single source of data, collected in a consistent manner, which will improve the quality, consistency, and access to information used throughout SSA and DDS. It will also produce detailed reports that will assist us in assessing office, unit, and employee performance. SUMS/MCAS will enable us to manage and account for resources through one uniform source of MI, combining five interrelated initiatives: • Workload Counts. • Performance Measure. • Time Allocation. • Customer Service Record. • Managerial Cost Accountability. B. Collection and Maintenance of the Data for SUMS/MCAS SSA will collect and maintain information in SUMS/MCAS that is derived from SSA’s mainframe and webbased computer usage files (log files), payroll and human resource databases, security files (including the Internet verification files and Internet enterprise security interface), and programmatic work measurement data collected from all SSA processing locations. The information maintained in SUMS/MCAS will be maintained in paper and electronic formats. Specifically, it will contain some, or all, of the following information about our clients and visitors to any SSA facility: name, Social Security number (SSN), age, address, and date of birth (DOB), along with related claims processing information. The system will contain some, or all, of the following information about our employees, contractor employees, and DDS employees: personal identification number (PIN); position; function and office codes; access and exit times when logging-on to any SSA system; and names and locations of the systems (log files). We will retrieve information from the system via online analytical processing (OLAP) tools using any of the data elements that the system contains. Standardized reports will be created from the data. Thus, SUMS/ MCAS will constitute a system of records under the Privacy Act. II. Proposed Routine Use Disclosures of Data Maintained in SUMS/MCAS A. Proposed Routine Use Disclosures We are proposing to establish routine uses of information that will be maintained in SUMS/MCAS as discussed below. 1. To the Office of the President for the purpose of responding to an PO 00000 Frm 00127 Fmt 4703 Sfmt 4703 individual pursuant to an inquiry received from that individual or from a third party on his or her behalf. We will disclose information under this routine use only in situations in which an individual contacts the Office of the President, seeking that Office’s assistance in a matter relating to information contained in SUMS/MCAS. Information will be disclosed when the Office of the President makes an inquiry and indicates that it is acting on behalf of the individual whose record is requested. 2. To a congressional office in response to an inquiry from that office made at the request of the subject of a record. We will disclose information under this routine use only in situations in which an individual asks his or her congressional representative to intercede in a matter relating to information contained in SUMS/MCAS. Information will be disclosed when the congressional representative makes an inquiry and indicates that he or she is acting on behalf of the individual whose record is requested. 3. To the Department of Justice (DOJ), a court or other tribunal, or another party before such tribunal when: (a) SSA, or any component thereof; or (b) Any SSA employee in his/her official capacity; or (c) Any SSA employee in his/her individual capacity where DOJ (or SSA where it is authorized to do so) has agreed to represent the employee; or (d) The United States or any agency thereof where SSA determines that the litigation is likely to affect the operation of SSA or any of its components, is a party to litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court or other tribunal, or another party before such tribunal, is relevant and necessary to the litigation, provided, however, that in each case, SSA determines that such disclosure is compatible with the purpose for which the records were collected. We will disclose information under this routine use only as necessary to enable DOJ to effectively defend SSA, its components or employees, in litigation involving SUMS/MCAS and/or to ensure that courts and other tribunals have appropriate information. 4. To the Equal Employment Opportunity Commissioner (EEOC) when requesting information in connection with investigations into alleged or possible discriminatory practices in the Federal sector, examination of Federal affirmative employment programs, compliance by E:\FR\FM\30JAN1.SGM 30JAN1 mstockstill on PROD1PC66 with NOTICES Federal Register / Vol. 73, No. 20 / Wednesday, January 30, 2008 / Notices Federal agencies with the Uniform Guidelines on Employee Selection Procedures, or other functions vested in the Commission. We will disclose information about our employees to the EEOC, as necessary, to assist in reassessing individuals’ requests for reasonable accommodations; to assist in investigations into alleged or possible discriminatory practices in the Federal sector; to combat and prevent fraud, waste, and abuse under the Rehabilitation Act of 1973; and to assist the Commission in carrying out its other functions. 5. To the Federal Labor Relations Authority, the General Counsel, the Federal Mediation and Conciliation Service, the Federal Service Impasses Panel, or an arbitrator when information is requested in connection with investigations of allegations of unfair practices or of other matters before an arbitrator or the Federal Service Impasses Panel. We will disclose information about our employees under this routine use, as necessary, to the Federal Labor Relations Authority, the General Counsel, the Federal Mediation and Conciliation Service, and the Federal Service Impasses Panel or an arbitrator, in which all or part of the allegations involve SUMS/MCAS. 6. To the Merit Systems Protection Board or the Office of the Special Counsel in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and other such functions promulgated in 5 U.S.C. Chapter 12, or as may be authorized by law. We will disclose information about our employees under this routine use, as necessary, to the Merit Systems Protection Board or the Office of the Special Counsel, in which all or part of the allegations in the appeal or action involve SUMS/MCAS. 7. To contractors and other Federal agencies, as necessary, for the purpose of assisting SSA in the efficient administration of its programs. We contemplate disclosing information under this routine use only in situations in which SSA may enter into a contractual or similar agreement with a third party to assist in accomplishing an Agency function relating to SUMS/ MCAS. We will disclose information under this routine use only in situations where SSA enters into a contractual agreement or similar agreement with a third party to assist in accomplishing an Agency function relating to SUMS/MCAS. VerDate Aug<31>2005 18:49 Jan 29, 2008 Jkt 214001 8. To student volunteers, individuals who are working under a personal service contract, and other individuals performing functions for SSA, but technically not having the status of Agency employees, if they need access to the records in order to perform their assigned Agency functions. Under certain Federal statutes, SSA is authorized to use the service of volunteers and participants in certain educational, training, employment, and community service programs. Examples of such statutes and programs include 5 U.S.C. 3111, which pertain to student volunteers, and 42 U.S.C. 2753, which pertain to the College Work-Study Program. We contemplate disclosing information under this routine use only when SSA uses the services of these individuals and they need access to information in this system to perform their assigned Agency duties. 9. To General Services Administration (GSA) and the National Archives and Records Administration (NARA) under 44 U.S.C. § 2904 and § 2906, as amended by NARA Act of 1984, information which is not restricted from disclosure by Federal law for the use of those agencies in conducting records management studies. The Administrator of GSA and the Archivist of NARA are authorized by 44 U.S.C. 2904, as amended, to promulgate standards, procedures and guidelines regarding record management and conducting records management studies. GSA and NARA are authorized to inspect Federal agencies’ records, for records management purposes, and agencies are expected to cooperate with GSA and NARA (44 U.S.C. 2906). In such instances, the routine use will allow disclosure. 10. To Federal, State, and local law enforcement agencies and private security contractors, as appropriate, information necessary: • To enable them to protect the safety of SSA employees and customers, the security of the SSA workplace, or the operation of SSA facilities, or • To assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupts the operation of SSA facilities. We will disclose information under this routine use to law enforcement agencies and private security contractors when information is needed to respond to, investigate, or prevent activities that jeopardize the security and safety of SSA customers, employees, or workplaces, or that otherwise disrupt the operation of SSA facilities. Information would also be disclosed to assist in the prosecution of PO 00000 Frm 00128 Fmt 4703 Sfmt 4703 5621 persons charged with violating Federal, State, or local law in connection with such activities. 11. To the Secretary of Health and Human Services (HHS) or to any State, we will disclose any record or information requested in writing by the Secretary for the purpose of administering any program administered by the Secretary, if records or information of such type were so disclosed under applicable rules, regulations, and procedures in effect before the date of enactment of the Social Security Independence and Program Improvements Act of 1994. We will disclose information under this routine use as directed in section 704(e)(1)(B) of the Social Security Independence and Program Improvements Act of 1994, which mandates certain disclosures to HHS components. 12. To appropriate Federal, State, and local agencies, entities, and persons when (1) we suspect or confirm that the security or confidentiality of information in this system of records has been compromised; (2) we determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs of SSA that rely upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and to prevent, minimize, or remedy such harm. We will use this routine use to respond only to those incidents involving an unintentional release of our records. This routine use specifically permits the disclosure of SSA information in connection with response and remediation efforts in the event of an unintentional release of Agency information, otherwise known as a ‘‘data security breach.’’ This routine use serves to protect the interests of the person whose information is at risk by allowing us to take appropriate steps to facilitate a timely and effective response to a data breach. It will also help us to improve our ability to prevent, minimize, or remedy any harm that may result from a compromise of data maintained in this system of records. B. Compatibility of Proposed Routine Uses The Privacy Act (5 U.S.C. 552a(b)(3)) and our disclosure regulations (20 CFR Part 401) permit us to disclose information under a published notice of E:\FR\FM\30JAN1.SGM 30JAN1 5622 Federal Register / Vol. 73, No. 20 / Wednesday, January 30, 2008 / Notices routine use for a purpose that is compatible with the purpose for which we collected the information. Section 401.150(c) of our regulations permits us to disclose information under a routine use where necessary to carry out SSA programs. Section 401.120 provides that we will disclose information when a law specifically requires the disclosure. The proposed routine uses numbered 1 through 8, and 10 and 11 above, will ensure we efficiently administer SUMS/ MCAS. The disclosure that would be made under routine uses number 9 and 12 are required by Federal law. Thus, all routine uses are appropriate and meet the relevant statutory and regulatory criteria. mstockstill on PROD1PC66 with NOTICES III. Records Storage Medium and Safeguards for the Information Maintained in SUMS/MCAS We will maintain information in SUMS/MCAS in paper and electronic form. Only authorized SSA, DDS, and contractor personnel who have a need for the information in the performance of their official duties will be permitted access to the information. We will safeguard the security of the information by requiring the use of access codes to enter the computer system that will maintain the data and will store computerized records in secured areas that are accessible only to employees who require the information to perform their official duties. We keep paper records in locked cabinets or in otherwise secure areas. DDS and contractor personnel having access to data in SUMS/MCAS will be required to adhere to SSA rules concerning safeguards, access, and use of the data. SSA, DDS, and contractor personnel having access to the data on this system will be informed of the criminal penalties of the Privacy Act for unauthorized access to, or disclosure of, information maintained in this system. See 5 U.S.C. 552a(i)(1). IV. Effect of SUMS/MCAS on the Rights of Individuals SUMS/MCAS will maintain only information that is necessary to carry out our official functions under the Social Security Act and other applicable Federal statutes. We will use security measures that protect access to, and preclude unauthorized disclosure of, records in SUMS/MCAS. Our maintenance and use of the information are in accordance with the provisions of the Privacy Act (5 U.S.C. § 552a) and SSA’s disclosure regulations (20 CFR Part 401). We employ safeguards to protect all personal information in our possession as well as the confidentiality VerDate Aug<31>2005 18:49 Jan 29, 2008 Jkt 214001 of the information. We will disclose information under the routine uses discussed above only as necessary to accomplish the stated purpose(s). Thus, we do not anticipate that SUMS/MCAS and its routine use disclosures will have an unwarranted adverse effect on the rights of the individuals to whom they pertain. Dated: January 23, 2008. Michael J. Astrue, Commissioner. Social Security Administration (SSA) Notice of System of Records Required by the Privacy Act of 1974; as Amended SYSTEM NUMBER: 60–0371. SYSTEM NAME: Social Security Administration Unified Measurement System/ Managerial Cost Accountability (SUMS/ MCAS). SECURITY CLASSIFICATION: None. SYSTEM LOCATION: Office of Systems, SSA, 6401 Security Boulevard, Baltimore, Maryland 21235– 6401. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: SSA employees, individuals who do business with SSA (e.g., Social Security claimants, beneficiaries, attorney or non-attorney representatives, and representative payees), the State Disability Determination Services (DDS) employees and contractors who assist the Agency in administering the Agency’s programs. CATEGORIES OF RECORDS IN THE SYSTEM: We collect records maintained in SUMS/MCAS for management information (MI) in administering the Agency’s programs to improve customer service and to produce detailed reports that will assist us in assessing office, unit, and employee performance. Specifically, it will contain some or all of the following information about individuals who do business with SSA: Name, Social Security number (SSN), age, address, and date of birth (DOB), along with other claims related processing information. The system will contain some or all of the following information about our employees, DDS employees, and contractor employees: Name; SSN; personal identification number (PIN); position; function and office codes; access and exit times when logging on any SSA system; and names and locations of the systems (log files). The records will consist of information from SSA’s mainframe and PO 00000 Frm 00129 Fmt 4703 Sfmt 4703 web-based computer usage files (log files); payroll and human resource databases; security files including the Internet verification file and Internet enterprise security interface; and programmatic work measurement data collected from all SSA processing locations. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Section 205(a) of the Social Security Act (42 U.S.C. 405(a)). Chief Financial Officers (CFO) Act (1990)—Provides for the integration and modernization of Federal financial systems and requires development of reporting of cost information. Government Performance and Results Act (GPRA) (1993)—GPRA requires development of Agency strategic plans and performance goals, measurement and reporting on actual performance compared to goals, computation of costs and unit costs as key performance indicators, and comparison of costs with outputs and outcomes. Government Management Reform Act (GMRA) (1994)—Requires an agencywide performance and financial statement, an audited statement, and cost information. Federal Financial Management Improvement Act (FFMIA) (1996)— Mandates that agencies establish financial management systems that comply with Federal standards and requirements. It directs auditors to report on compliance as part of the review of agency financial statements. Office of Management and Budget (OMB) Standards—Require SSA to implement a modern managerial cost accounting system that satisfies all needs at all managerial decision levels. PURPOSE(S): SUMS/MCAS includes five interrelated Agency initiatives: (1) Workload Counts; (2) Performance Measures; (3) Time Allocation; (4) Customer Service Record; and (5) Managerial Cost Accountability, which will provide a single source for data, collected in a consistent manner to improve the quality, consistency, and accessibility of MI. SUMS/MCAS will enable the Agency to: • Improve customer service and enhance the Agency’s ability to monitor customer service; • Create a unified work measurement and work power (i.e., the amount of time it takes to do one piece of work) identification system providing simpler access to information for reporting data; • Produce detailed reports that will assist us in assessing office, unit, and employee performance; E:\FR\FM\30JAN1.SGM 30JAN1 Federal Register / Vol. 73, No. 20 / Wednesday, January 30, 2008 / Notices • Consolidate the Agency workload structure and provide data at any office level, down to a specific employee; • Allocate work-time usage information consistently for all components, workload activities, and the time that it takes to perform work and calculate productivity; • Accommodate new workloads in a flexible work-measurement system by shifting work to locations where capacity exists, improving customer service; • Ensure an accurate cost allocation of work performed by SSA; • Manage and account for resources through one uniform source of MI; • Measure outcomes, determine full costs, control resources, assess performance and provide timely feedback to managers to enhance the Agency’s accountability and customer service; and • Satisfy government-wide managerial cost accounting regulations and enable the Agency to link resource expenditures with performance, as required by legislation and other government-wide requirements stated in: 1. CFO Act of 1990; 2. GPRA Act of 1993; 3. GMRA Act of 1994; 4. FFMIA Act of 1996; and 5. OMB Standards. mstockstill on PROD1PC66 with NOTICES ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSE OF SUCH USES: Disclosure may be made for routine uses as indicated below. 1. To the Office of the President for the purpose of responding to an individual pursuant to an inquiry received from that individual or from a third party on his or her behalf. 2. To a congressional office in response to an inquiry from that office made at the request of the subject of a record. 3. To the Department of Justice (DOJ), a court or other tribunal, or another party before such tribunal when: a. SSA, or any component thereof; or b. Any SSA employee in his or her official capacity; or c. Any SSA employee in his or her individual capacity where DOJ (or SSA where it is authorized to do so) has agreed to represent the employee; or d. The United States or any agency thereof where SSA determines that the litigation is likely to affect the operations of SSA or any of its components, is a party to litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court or other tribunal, or another party before such VerDate Aug<31>2005 18:49 Jan 29, 2008 Jkt 214001 tribunal, is relevant and necessary to the litigation, provided, however, that in each case, SSA determines that such disclosure is compatible with the purpose for which the records were collected. 4. To the Equal Employment Opportunity Commission when requesting information in connection with investigations into alleged or possible discriminatory practices in the Federal sector, examination of Federal affirmative employment programs, compliance by Federal agencies with the Uniform Guidelines on Employee Selection Procedures, or other functions vested in the Commission. 5. To the Federal Labor Relations Authority, the General Counsel, the Federal Mediation and Conciliation Service, the Federal Service Impasses Panel, or an arbitrator when information is requested in connection with the investigations of allegations of unfair practices or of other matters before an arbitrator or the Federal Impasses Panel. 6. To the Merit Systems Protection Board or the Office of the Special Counsel in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigation of alleged or possible prohibited personnel practices, and other such functions promulgated in 5 U.S.C. Chapter 12, or as may be authorized by law. 7. To contractors and other Federal agencies, as necessary, for the purpose of assisting SSA in the efficient administration of its programs. We contemplate disclosing information under this routine use only in situations in which SSA may enter into a contractual or similar agreement with a third party to assist in accomplishing an Agency function relating to this system of records. 8. To student volunteers, individuals working under a personal service contract, and other workers who technically do not have the status of Federal employees, when they are performing work for the SSA, as authorized by law, and they need access to personally identifiable information in SSA records in order to perform their assigned Agency functions. 9. To General Services Administration and the National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by NARA Act of 1984, information which is not restricted from disclosure by Federal law for the use of those agencies in conducting records management studies. 10. To Federal, State, and local law enforcement agencies and private PO 00000 Frm 00130 Fmt 4703 Sfmt 4703 5623 security contractors, as appropriate, information necessary: • To enable them to protect the safety of SSA employees and customers, the security of the SSA workplace, or the operation of SSA facilities, or • To assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupt the operation of SSA facilities. 11. To the Secretary of Health and Human Services or to any State, we will disclose any record or information requested in writing by the Secretary for the purpose of administering any program administered by the Secretary, if records or information of such type were so disclosed under applicable rules, regulations, and procedures in effect before the date of enactment of the Social Security Independence and Program Improvements Act of 1994. 12. To appropriate Federal, State, and local agencies, entities, and persons when (1) We suspect or confirm that the security or confidentiality of information in this system of records has been compromised; (2) we determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs of SSA that rely upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and to prevent, minimize, or remedy such harm. We will use this routine use to respond only to those incidents involving an unintentional release of our records. POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE: We maintain and store records in SUMS/MCAS in electronic and paper form. We keep paper records in locked cabinets or in otherwise secure areas. RETRIEVABILITY: We retrieve records in SUMS/MCAS by the name, SSN, age, address, and DOB of individuals who do business with SSA (e.g., Social Security claimants, beneficiaries, attorney or non-attorney representatives, and representative payees). We retrieve records in SUMS/MCAS by the name, SSN, PIN, position code, function or office location codes of employees, DDS employees and contractors. E:\FR\FM\30JAN1.SGM 30JAN1 5624 Federal Register / Vol. 73, No. 20 / Wednesday, January 30, 2008 / Notices SAFEGUARDS: Security measures include the use of access codes to enter the computer system that maintains the data; computerized records will be stored in secured areas that are accessible only to employees who require the information in performing their official duties. All paper records will be kept in locked cabinets or in otherwise secure areas. SSA and DDS employees who have access to the data will be informed of the criminal penalties of the Privacy Act for unauthorized access to or disclosure of information maintained in the system. See 5 U.S.C. 552a(i)(1). Contractor personnel having access to data in the system of records will be required to adhere to SSA rules concerning safeguards, access, and use of the data. RETENTION AND DISPOSAL: The project will adhere to NARA record retention standards as outlined in the SUMS/MCAS Global Requirements document. Specific retention periods follow NC–47–75–7 as shown below: (1) Data source extract records housed in the SUMS/MCAS active data warehouse will be retained for 2 full fiscal years plus the current fiscal year. (2) Active detail records and corresponding summary records housed in the SUMS/MCAS active data warehouse will be retained for 9 full fiscal years plus the current fiscal year. (3) Long term offline archive of summary data housed in the SUMS/ MCAS long term offline archive database will be retained for a total of 50 years or 40 additional years from the time it moves from the active data warehouse. (4) MI housed in the Operational Data Stores (ODS) will be retained for a maximum of 5 years. (5) Reference data housed in reference tables within the active data warehouse will be maintained in the active data warehouse for 50 years. SYSTEM MANAGER(S) AND ADDRESS: SUMS/MCAS Program Manager, Office of Systems, Social Security Administration, 6401 Security Boulevard, Baltimore, Maryland 21235– 6401. mstockstill on PROD1PC66 with NOTICES NOTIFICATION PROCEDURE(S): An individual may determine if this system contains a record about him or her by writing to the systems manager(s) at the above address and providing his or her name, SSN, or other information that may be in the system of records that will identify him or her. An individual requesting notification of records in VerDate Aug<31>2005 18:49 Jan 29, 2008 Jkt 214001 person should provide the same information, as well as provide an identity document, preferably with a photograph, such as a driver’s license, or some other means of identification. If an individual does not have any identification documents sufficient to establish his or her identity, the individual must certify in writing that he or she is the person he or she claims to be and that he or she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense. If notification is requested by telephone, an individual must verify his or her identity by providing identifying information that parallels the record to which notification is being requested. The individual will be required to submit a request in writing or in person, if we determine that the identifying information provided by telephone is insufficient. If an individual is requesting information by telephone on behalf of another individual, the subject individual must be connected with SSA and the requesting individual in the same phone call. SSA will establish the subject individual’s identity (his or her name, SSN, address, date of birth, and place of birth, along with one other piece of information such as mother’s maiden name) and ask for his or her permission to provide the information to the requesting individual. If a request for notification is submitted by mail, an individual must include a notarized statement to SSA to verify his or her identity or must certify in the request that he or she is the person he or she claims to be and that he or she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense. These procedures are in accordance with SSA regulations (20 CFR 401.40). RECORD ACCESS PROCEDURE(S): Same as Notification procedures. Requesters also should reasonably specify the record contents they are seeking. These procedures are in accordance with SSA regulations (20 CFR 401.40). CONTESTING RECORD PROCEDURE(S): Same as Notification procedures. Requesters should also reasonably identify the record, specify the information they are contesting, and state the corrective action sought and the reasons for the correction with supporting justification showing how the record is untimely, incomplete, inaccurate, or irrelevant. These PO 00000 Frm 00131 Fmt 4703 Sfmt 4703 procedures are in accordance with SSA Regulations (20 CFR 401.65). RECORD SOURCE CATEGORIES: The information that SSA will collect and maintain in SUMS/MCAS will consist of information from SSA’s mainframe customer information control system, system management facility transaction logs, visitor intake process data extracts, payroll operations data store, position codes, report office table, Internet verification file, electronic disability collect system and related applications, customer help and information programs, Medicare application processing system, Internet enterprise security interface log files, travel manager, processing center, work measurement transaction database, district office weekly report, SSA webbased applications, programmatic processes, and operational data stores. SYSTEMS EXEMPT FROM CERTAIN PROVISIONS OF THE PRIVACY ACT: None. [FR Doc. E8–1674 Filed 1–29–08; 8:45 am] BILLING CODE 4191–02–P DEPARTMENT OF STATE [Public Notice 6076] Advisory Committee on Transformational Diplomacy Notice of Report Finalization and Submission The Department of State announces that the Secretary of State’s Advisory Committee on Transformational Diplomacy (‘‘Committee’’) will submit its report of recommendations on Tuesday, January 29, 2008, from 1:15 p.m. to 1:45 p.m., at the Department of State, 2201 C Street, Washington, DC in the Treaty Room. This event will not be a meeting of the Committee. The Committee is composed of persons from the private sector and academia who provide advice on the Department’s worldwide management operations, including structuring, leading and managing large global enterprises, communicating governmental missions and policies to relevant publics, and better use of information technology. The report is comprised of committee findings and recommendations to the Department that support transformational diplomacy in the areas including budgets, integration of foreign affairs and national security efforts, personnel recruiting and fortification, public private partnerships, upgrades to technological infrastructure, as well as tracking and measuring efforts. The E:\FR\FM\30JAN1.SGM 30JAN1

Agencies

[Federal Register Volume 73, Number 20 (Wednesday, January 30, 2008)]
[Notices]
[Pages 5619-5624]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E8-1674]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974; as Amended New System of Records and Routine 
Use Disclosures

AGENCY: Social Security Administration (SSA).

[[Page 5620]]


ACTION: Proposed New System of Records and Proposed Routine Uses.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and 
(e)(11)), we are issuing public notice of our intent to establish a new 
system of records entitled, Social Security Administration Unified 
Measurement System/Managerial Cost Accountability System (SUMS/MCAS) 
60-0371, and routine uses applicable to this system of records. SUMS/
MCAS will consist of information related to five interrelated Agency 
initiatives: (1) Workload counts, (2) performance measures, (3) time 
allocation, (4) customer service records, and (5) managerial cost 
accountability. We invite public comments on this proposal.

DATES: We filed a report of SUMS/MCAS and its applicable routine uses 
with the Chairman of the Senate Committee on Homeland Security and 
Governmental Affairs, the Chairman of the House Committee on Government 
Reform, and the Director, Office of Information and Regulatory Affairs, 
Office of Management and Budget (OMB) on January 23, 2008. SUMS/MCAS 
and its routine uses will become effective on March 3, 2008, unless we 
receive comments warranting that they not become effective.

ADDRESSES: Interested individuals may comment on this publication by 
writing to the Executive Director, Office of Public Disclosure, Office 
of the General Counsel, Social Security Administration, Room 3-A-6 
Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235-6401. All comments received will be available for public 
inspection at the above address.

FOR FURTHER INFORMATION CONTACT: Ms. Earlene Whitworth Hill, Social 
Insurance Specialist, Disclosure Policy Development and Services 
Division 1, Office of Public Disclosure, Office of the General Counsel, 
Social Security Administration, Room 3-A-6 Operations Building, 6401 
Security Boulevard, Baltimore, Maryland 21235-6401, telephone at (410) 
965-1817, or e-mail: earlene.whitworth.hill@ssa.gov.

SUPPLEMENTARY INFORMATION:

I. Background and Purpose of SUMS/MCAS

A. General Background

    SUMS/MCAS will support SSA and the State Disability Determination 
Services (DDS) management and management information (MI) analysts in 
analyzing workloads, planning resources, performing cost allocation 
activities, improving access to MI, and improving work-power 
allocation, which in turn will help us improve customer service and 
reduce manual work. SUMS/MCAS will provide a single source of data, 
collected in a consistent manner, which will improve the quality, 
consistency, and access to information used throughout SSA and DDS. It 
will also produce detailed reports that will assist us in assessing 
office, unit, and employee performance. SUMS/MCAS will enable us to 
manage and account for resources through one uniform source of MI, 
combining five interrelated initiatives:
     Workload Counts.
     Performance Measure.
     Time Allocation.
     Customer Service Record.
     Managerial Cost Accountability.

B. Collection and Maintenance of the Data for SUMS/MCAS

    SSA will collect and maintain information in SUMS/MCAS that is 
derived from SSA's mainframe and web-based computer usage files (log 
files), payroll and human resource databases, security files (including 
the Internet verification files and Internet enterprise security 
interface), and programmatic work measurement data collected from all 
SSA processing locations.
    The information maintained in SUMS/MCAS will be maintained in paper 
and electronic formats. Specifically, it will contain some, or all, of 
the following information about our clients and visitors to any SSA 
facility: name, Social Security number (SSN), age, address, and date of 
birth (DOB), along with related claims processing information. The 
system will contain some, or all, of the following information about 
our employees, contractor employees, and DDS employees: personal 
identification number (PIN); position; function and office codes; 
access and exit times when logging-on to any SSA system; and names and 
locations of the systems (log files). We will retrieve information from 
the system via online analytical processing (OLAP) tools using any of 
the data elements that the system contains. Standardized reports will 
be created from the data. Thus, SUMS/MCAS will constitute a system of 
records under the Privacy Act.

II. Proposed Routine Use Disclosures of Data Maintained in SUMS/MCAS

A. Proposed Routine Use Disclosures

    We are proposing to establish routine uses of information that will 
be maintained in SUMS/MCAS as discussed below.
    1. To the Office of the President for the purpose of responding to 
an individual pursuant to an inquiry received from that individual or 
from a third party on his or her behalf.
    We will disclose information under this routine use only in 
situations in which an individual contacts the Office of the President, 
seeking that Office's assistance in a matter relating to information 
contained in SUMS/MCAS. Information will be disclosed when the Office 
of the President makes an inquiry and indicates that it is acting on 
behalf of the individual whose record is requested.
    2. To a congressional office in response to an inquiry from that 
office made at the request of the subject of a record.
    We will disclose information under this routine use only in 
situations in which an individual asks his or her congressional 
representative to intercede in a matter relating to information 
contained in SUMS/MCAS. Information will be disclosed when the 
congressional representative makes an inquiry and indicates that he or 
she is acting on behalf of the individual whose record is requested.
    3. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such tribunal when:
    (a) SSA, or any component thereof; or
    (b) Any SSA employee in his/her official capacity; or
    (c) Any SSA employee in his/her individual capacity where DOJ (or 
SSA where it is authorized to do so) has agreed to represent the 
employee; or
    (d) The United States or any agency thereof where SSA determines 
that the litigation is likely to affect the operation of SSA or any of 
its components,

is a party to litigation or has an interest in such litigation, and SSA 
determines that the use of such records by DOJ, a court or other 
tribunal, or another party before such tribunal, is relevant and 
necessary to the litigation, provided, however, that in each case, SSA 
determines that such disclosure is compatible with the purpose for 
which the records were collected.
    We will disclose information under this routine use only as 
necessary to enable DOJ to effectively defend SSA, its components or 
employees, in litigation involving SUMS/MCAS and/or to ensure that 
courts and other tribunals have appropriate information.
    4. To the Equal Employment Opportunity Commissioner (EEOC) when 
requesting information in connection with investigations into alleged 
or possible discriminatory practices in the Federal sector, examination 
of Federal affirmative employment programs, compliance by

[[Page 5621]]

Federal agencies with the Uniform Guidelines on Employee Selection 
Procedures, or other functions vested in the Commission.
    We will disclose information about our employees to the EEOC, as 
necessary, to assist in reassessing individuals' requests for 
reasonable accommodations; to assist in investigations into alleged or 
possible discriminatory practices in the Federal sector; to combat and 
prevent fraud, waste, and abuse under the Rehabilitation Act of 1973; 
and to assist the Commission in carrying out its other functions.
    5. To the Federal Labor Relations Authority, the General Counsel, 
the Federal Mediation and Conciliation Service, the Federal Service 
Impasses Panel, or an arbitrator when information is requested in 
connection with investigations of allegations of unfair practices or of 
other matters before an arbitrator or the Federal Service Impasses 
Panel.
    We will disclose information about our employees under this routine 
use, as necessary, to the Federal Labor Relations Authority, the 
General Counsel, the Federal Mediation and Conciliation Service, and 
the Federal Service Impasses Panel or an arbitrator, in which all or 
part of the allegations involve SUMS/MCAS.
    6. To the Merit Systems Protection Board or the Office of the 
Special Counsel in connection with appeals, special studies of the 
civil service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and other such functions promulgated in 5 U.S.C. Chapter 12, or as may 
be authorized by law.
    We will disclose information about our employees under this routine 
use, as necessary, to the Merit Systems Protection Board or the Office 
of the Special Counsel, in which all or part of the allegations in the 
appeal or action involve SUMS/MCAS.
    7. To contractors and other Federal agencies, as necessary, for the 
purpose of assisting SSA in the efficient administration of its 
programs. We contemplate disclosing information under this routine use 
only in situations in which SSA may enter into a contractual or similar 
agreement with a third party to assist in accomplishing an Agency 
function relating to SUMS/MCAS.
    We will disclose information under this routine use only in 
situations where SSA enters into a contractual agreement or similar 
agreement with a third party to assist in accomplishing an Agency 
function relating to SUMS/MCAS.
    8. To student volunteers, individuals who are working under a 
personal service contract, and other individuals performing functions 
for SSA, but technically not having the status of Agency employees, if 
they need access to the records in order to perform their assigned 
Agency functions.
    Under certain Federal statutes, SSA is authorized to use the 
service of volunteers and participants in certain educational, 
training, employment, and community service programs. Examples of such 
statutes and programs include 5 U.S.C. 3111, which pertain to student 
volunteers, and 42 U.S.C. 2753, which pertain to the College Work-Study 
Program. We contemplate disclosing information under this routine use 
only when SSA uses the services of these individuals and they need 
access to information in this system to perform their assigned Agency 
duties.
    9. To General Services Administration (GSA) and the National 
Archives and Records Administration (NARA) under 44 U.S.C. Sec.  2904 
and Sec.  2906, as amended by NARA Act of 1984, information which is 
not restricted from disclosure by Federal law for the use of those 
agencies in conducting records management studies.
    The Administrator of GSA and the Archivist of NARA are authorized 
by 44 U.S.C. 2904, as amended, to promulgate standards, procedures and 
guidelines regarding record management and conducting records 
management studies. GSA and NARA are authorized to inspect Federal 
agencies' records, for records management purposes, and agencies are 
expected to cooperate with GSA and NARA (44 U.S.C. 2906). In such 
instances, the routine use will allow disclosure.
    10. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary:
     To enable them to protect the safety of SSA employees and 
customers, the security of the SSA workplace, or the operation of SSA 
facilities, or
     To assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupts the operation of SSA facilities.
    We will disclose information under this routine use to law 
enforcement agencies and private security contractors when information 
is needed to respond to, investigate, or prevent activities that 
jeopardize the security and safety of SSA customers, employees, or 
workplaces, or that otherwise disrupt the operation of SSA facilities. 
Information would also be disclosed to assist in the prosecution of 
persons charged with violating Federal, State, or local law in 
connection with such activities.
    11. To the Secretary of Health and Human Services (HHS) or to any 
State, we will disclose any record or information requested in writing 
by the Secretary for the purpose of administering any program 
administered by the Secretary, if records or information of such type 
were so disclosed under applicable rules, regulations, and procedures 
in effect before the date of enactment of the Social Security 
Independence and Program Improvements Act of 1994.
    We will disclose information under this routine use as directed in 
section 704(e)(1)(B) of the Social Security Independence and Program 
Improvements Act of 1994, which mandates certain disclosures to HHS 
components.
    12. To appropriate Federal, State, and local agencies, entities, 
and persons when (1) we suspect or confirm that the security or 
confidentiality of information in this system of records has been 
compromised; (2) we determine that as a result of the suspected or 
confirmed compromise there is a risk of harm to economic or property 
interests, identity theft or fraud, or harm to the security or 
integrity of this system or other systems or programs of SSA that rely 
upon the compromised information; and (3) we determine that disclosing 
the information to such agencies, entities, and persons is necessary to 
assist in our efforts to respond to the suspected or confirmed 
compromise and to prevent, minimize, or remedy such harm. We will use 
this routine use to respond only to those incidents involving an 
unintentional release of our records.
    This routine use specifically permits the disclosure of SSA 
information in connection with response and remediation efforts in the 
event of an unintentional release of Agency information, otherwise 
known as a ``data security breach.'' This routine use serves to protect 
the interests of the person whose information is at risk by allowing us 
to take appropriate steps to facilitate a timely and effective response 
to a data breach. It will also help us to improve our ability to 
prevent, minimize, or remedy any harm that may result from a compromise 
of data maintained in this system of records.

B. Compatibility of Proposed Routine Uses

    The Privacy Act (5 U.S.C. 552a(b)(3)) and our disclosure 
regulations (20 CFR Part 401) permit us to disclose information under a 
published notice of

[[Page 5622]]

routine use for a purpose that is compatible with the purpose for which 
we collected the information. Section 401.150(c) of our regulations 
permits us to disclose information under a routine use where necessary 
to carry out SSA programs. Section 401.120 provides that we will 
disclose information when a law specifically requires the disclosure. 
The proposed routine uses numbered 1 through 8, and 10 and 11 above, 
will ensure we efficiently administer SUMS/MCAS. The disclosure that 
would be made under routine uses number 9 and 12 are required by 
Federal law. Thus, all routine uses are appropriate and meet the 
relevant statutory and regulatory criteria.

III. Records Storage Medium and Safeguards for the Information 
Maintained in SUMS/MCAS

    We will maintain information in SUMS/MCAS in paper and electronic 
form. Only authorized SSA, DDS, and contractor personnel who have a 
need for the information in the performance of their official duties 
will be permitted access to the information. We will safeguard the 
security of the information by requiring the use of access codes to 
enter the computer system that will maintain the data and will store 
computerized records in secured areas that are accessible only to 
employees who require the information to perform their official duties. 
We keep paper records in locked cabinets or in otherwise secure areas.
    DDS and contractor personnel having access to data in SUMS/MCAS 
will be required to adhere to SSA rules concerning safeguards, access, 
and use of the data.
    SSA, DDS, and contractor personnel having access to the data on 
this system will be informed of the criminal penalties of the Privacy 
Act for unauthorized access to, or disclosure of, information 
maintained in this system. See 5 U.S.C. 552a(i)(1).

IV. Effect of SUMS/MCAS on the Rights of Individuals

    SUMS/MCAS will maintain only information that is necessary to carry 
out our official functions under the Social Security Act and other 
applicable Federal statutes. We will use security measures that protect 
access to, and preclude unauthorized disclosure of, records in SUMS/
MCAS. Our maintenance and use of the information are in accordance with 
the provisions of the Privacy Act (5 U.S.C. Sec.  552a) and SSA's 
disclosure regulations (20 CFR Part 401). We employ safeguards to 
protect all personal information in our possession as well as the 
confidentiality of the information. We will disclose information under 
the routine uses discussed above only as necessary to accomplish the 
stated purpose(s). Thus, we do not anticipate that SUMS/MCAS and its 
routine use disclosures will have an unwarranted adverse effect on the 
rights of the individuals to whom they pertain.

    Dated: January 23, 2008.
Michael J. Astrue,
Commissioner.
Social Security Administration (SSA)
Notice of System of Records Required by the Privacy Act of 1974; as 
Amended

System number:
    60-0371.

System name:
    Social Security Administration Unified Measurement System/
Managerial Cost Accountability (SUMS/MCAS).

Security classification:
    None.

System location:
    Office of Systems, SSA, 6401 Security Boulevard, Baltimore, 
Maryland 21235-6401.

Categories of individuals covered by the system:
    SSA employees, individuals who do business with SSA (e.g., Social 
Security claimants, beneficiaries, attorney or non-attorney 
representatives, and representative payees), the State Disability 
Determination Services (DDS) employees and contractors who assist the 
Agency in administering the Agency's programs.

Categories of records in the system:
    We collect records maintained in SUMS/MCAS for management 
information (MI) in administering the Agency's programs to improve 
customer service and to produce detailed reports that will assist us in 
assessing office, unit, and employee performance. Specifically, it will 
contain some or all of the following information about individuals who 
do business with SSA: Name, Social Security number (SSN), age, address, 
and date of birth (DOB), along with other claims related processing 
information. The system will contain some or all of the following 
information about our employees, DDS employees, and contractor 
employees: Name; SSN; personal identification number (PIN); position; 
function and office codes; access and exit times when logging on any 
SSA system; and names and locations of the systems (log files).
    The records will consist of information from SSA's mainframe and 
web-based computer usage files (log files); payroll and human resource 
databases; security files including the Internet verification file and 
Internet enterprise security interface; and programmatic work 
measurement data collected from all SSA processing locations.

Authority for Maintenance of the System:
    Section 205(a) of the Social Security Act (42 U.S.C. 405(a)).
    Chief Financial Officers (CFO) Act (1990)--Provides for the 
integration and modernization of Federal financial systems and requires 
development of reporting of cost information.
    Government Performance and Results Act (GPRA) (1993)--GPRA requires 
development of Agency strategic plans and performance goals, 
measurement and reporting on actual performance compared to goals, 
computation of costs and unit costs as key performance indicators, and 
comparison of costs with outputs and outcomes.
    Government Management Reform Act (GMRA) (1994)--Requires an agency-
wide performance and financial statement, an audited statement, and 
cost information.
    Federal Financial Management Improvement Act (FFMIA) (1996)--
Mandates that agencies establish financial management systems that 
comply with Federal standards and requirements. It directs auditors to 
report on compliance as part of the review of agency financial 
statements.
    Office of Management and Budget (OMB) Standards--Require SSA to 
implement a modern managerial cost accounting system that satisfies all 
needs at all managerial decision levels.

Purpose(s):
    SUMS/MCAS includes five interrelated Agency initiatives: (1) 
Workload Counts; (2) Performance Measures; (3) Time Allocation; (4) 
Customer Service Record; and (5) Managerial Cost Accountability, which 
will provide a single source for data, collected in a consistent manner 
to improve the quality, consistency, and accessibility of MI. SUMS/MCAS 
will enable the Agency to:
     Improve customer service and enhance the Agency's ability 
to monitor customer service;
     Create a unified work measurement and work power (i.e., 
the amount of time it takes to do one piece of work) identification 
system providing simpler access to information for reporting data;
     Produce detailed reports that will assist us in assessing 
office, unit, and employee performance;

[[Page 5623]]

     Consolidate the Agency workload structure and provide data 
at any office level, down to a specific employee;
     Allocate work-time usage information consistently for all 
components, workload activities, and the time that it takes to perform 
work and calculate productivity;
     Accommodate new workloads in a flexible work-measurement 
system by shifting work to locations where capacity exists, improving 
customer service;
     Ensure an accurate cost allocation of work performed by 
SSA;
     Manage and account for resources through one uniform 
source of MI;
     Measure outcomes, determine full costs, control resources, 
assess performance and provide timely feedback to managers to enhance 
the Agency's accountability and customer service; and
     Satisfy government-wide managerial cost accounting 
regulations and enable the Agency to link resource expenditures with 
performance, as required by legislation and other government-wide 
requirements stated in:
    1. CFO Act of 1990;
    2. GPRA Act of 1993;
    3. GMRA Act of 1994;
    4. FFMIA Act of 1996; and
    5. OMB Standards.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and the Purpose of Such Uses:
    Disclosure may be made for routine uses as indicated below.
    1. To the Office of the President for the purpose of responding to 
an individual pursuant to an inquiry received from that individual or 
from a third party on his or her behalf.
    2. To a congressional office in response to an inquiry from that 
office made at the request of the subject of a record.
    3. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such tribunal when:
    a. SSA, or any component thereof; or
    b. Any SSA employee in his or her official capacity; or
    c. Any SSA employee in his or her individual capacity where DOJ (or 
SSA where it is authorized to do so) has agreed to represent the 
employee; or
    d. The United States or any agency thereof where SSA determines 
that the litigation is likely to affect the operations of SSA or any of 
its components, is a party to litigation or has an interest in such 
litigation, and SSA determines that the use of such records by DOJ, a 
court or other tribunal, or another party before such tribunal, is 
relevant and necessary to the litigation, provided, however, that in 
each case, SSA determines that such disclosure is compatible with the 
purpose for which the records were collected.
    4. To the Equal Employment Opportunity Commission when requesting 
information in connection with investigations into alleged or possible 
discriminatory practices in the Federal sector, examination of Federal 
affirmative employment programs, compliance by Federal agencies with 
the Uniform Guidelines on Employee Selection Procedures, or other 
functions vested in the Commission.
    5. To the Federal Labor Relations Authority, the General Counsel, 
the Federal Mediation and Conciliation Service, the Federal Service 
Impasses Panel, or an arbitrator when information is requested in 
connection with the investigations of allegations of unfair practices 
or of other matters before an arbitrator or the Federal Impasses Panel.
    6. To the Merit Systems Protection Board or the Office of the 
Special Counsel in connection with appeals, special studies of the 
civil service and other merit systems, review of rules and regulations, 
investigation of alleged or possible prohibited personnel practices, 
and other such functions promulgated in 5 U.S.C. Chapter 12, or as may 
be authorized by law.
    7. To contractors and other Federal agencies, as necessary, for the 
purpose of assisting SSA in the efficient administration of its 
programs. We contemplate disclosing information under this routine use 
only in situations in which SSA may enter into a contractual or similar 
agreement with a third party to assist in accomplishing an Agency 
function relating to this system of records.
    8. To student volunteers, individuals working under a personal 
service contract, and other workers who technically do not have the 
status of Federal employees, when they are performing work for the SSA, 
as authorized by law, and they need access to personally identifiable 
information in SSA records in order to perform their assigned Agency 
functions.
    9. To General Services Administration and the National Archives and 
Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended 
by NARA Act of 1984, information which is not restricted from 
disclosure by Federal law for the use of those agencies in conducting 
records management studies.
    10. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary:
     To enable them to protect the safety of SSA employees and 
customers, the security of the SSA workplace, or the operation of SSA 
facilities, or
     To assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of SSA facilities.
    11. To the Secretary of Health and Human Services or to any State, 
we will disclose any record or information requested in writing by the 
Secretary for the purpose of administering any program administered by 
the Secretary, if records or information of such type were so disclosed 
under applicable rules, regulations, and procedures in effect before 
the date of enactment of the Social Security Independence and Program 
Improvements Act of 1994.
    12. To appropriate Federal, State, and local agencies, entities, 
and persons when (1) We suspect or confirm that the security or 
confidentiality of information in this system of records has been 
compromised; (2) we determine that as a result of the suspected or 
confirmed compromise there is a risk of harm to economic or property 
interests, identity theft or fraud, or harm to the security or 
integrity of this system or other systems or programs of SSA that rely 
upon the compromised information; and (3) we determine that disclosing 
the information to such agencies, entities, and persons is necessary to 
assist in our efforts to respond to the suspected or confirmed 
compromise and to prevent, minimize, or remedy such harm. We will use 
this routine use to respond only to those incidents involving an 
unintentional release of our records.

Policies and Practices for Storing, Retrieving, Accessing, Retaining 
and Disposing of Records in the System:
Storage:
    We maintain and store records in SUMS/MCAS in electronic and paper 
form. We keep paper records in locked cabinets or in otherwise secure 
areas.

Retrievability:
    We retrieve records in SUMS/MCAS by the name, SSN, age, address, 
and DOB of individuals who do business with SSA (e.g., Social Security 
claimants, beneficiaries, attorney or non-attorney representatives, and 
representative payees). We retrieve records in SUMS/MCAS by the name, 
SSN, PIN, position code, function or office location codes of 
employees, DDS employees and contractors.

[[Page 5624]]

Safeguards:
    Security measures include the use of access codes to enter the 
computer system that maintains the data; computerized records will be 
stored in secured areas that are accessible only to employees who 
require the information in performing their official duties. All paper 
records will be kept in locked cabinets or in otherwise secure areas. 
SSA and DDS employees who have access to the data will be informed of 
the criminal penalties of the Privacy Act for unauthorized access to or 
disclosure of information maintained in the system. See 5 U.S.C. 
552a(i)(1).
    Contractor personnel having access to data in the system of records 
will be required to adhere to SSA rules concerning safeguards, access, 
and use of the data.

Retention and Disposal:
    The project will adhere to NARA record retention standards as 
outlined in the SUMS/MCAS Global Requirements document. Specific 
retention periods follow NC-47-75-7 as shown below:
    (1) Data source extract records housed in the SUMS/MCAS active data 
warehouse will be retained for 2 full fiscal years plus the current 
fiscal year.
    (2) Active detail records and corresponding summary records housed 
in the SUMS/MCAS active data warehouse will be retained for 9 full 
fiscal years plus the current fiscal year.
    (3) Long term offline archive of summary data housed in the SUMS/
MCAS long term offline archive database will be retained for a total of 
50 years or 40 additional years from the time it moves from the active 
data warehouse.
    (4) MI housed in the Operational Data Stores (ODS) will be retained 
for a maximum of 5 years.
    (5) Reference data housed in reference tables within the active 
data warehouse will be maintained in the active data warehouse for 50 
years.

System Manager(s) and Address:
    SUMS/MCAS Program Manager, Office of Systems, Social Security 
Administration, 6401 Security Boulevard, Baltimore, Maryland 21235-
6401.

Notification Procedure(s):
    An individual may determine if this system contains a record about 
him or her by writing to the systems manager(s) at the above address 
and providing his or her name, SSN, or other information that may be in 
the system of records that will identify him or her. An individual 
requesting notification of records in person should provide the same 
information, as well as provide an identity document, preferably with a 
photograph, such as a driver's license, or some other means of 
identification. If an individual does not have any identification 
documents sufficient to establish his or her identity, the individual 
must certify in writing that he or she is the person he or she claims 
to be and that he or she understands that the knowing and willful 
request for, or acquisition of, a record pertaining to another 
individual under false pretenses is a criminal offense.
    If notification is requested by telephone, an individual must 
verify his or her identity by providing identifying information that 
parallels the record to which notification is being requested. The 
individual will be required to submit a request in writing or in 
person, if we determine that the identifying information provided by 
telephone is insufficient. If an individual is requesting information 
by telephone on behalf of another individual, the subject individual 
must be connected with SSA and the requesting individual in the same 
phone call. SSA will establish the subject individual's identity (his 
or her name, SSN, address, date of birth, and place of birth, along 
with one other piece of information such as mother's maiden name) and 
ask for his or her permission to provide the information to the 
requesting individual.
    If a request for notification is submitted by mail, an individual 
must include a notarized statement to SSA to verify his or her identity 
or must certify in the request that he or she is the person he or she 
claims to be and that he or she understands that the knowing and 
willful request for, or acquisition of, a record pertaining to another 
individual under false pretenses is a criminal offense. These 
procedures are in accordance with SSA regulations (20 CFR 401.40).

Record Access Procedure(s):
    Same as Notification procedures. Requesters also should reasonably 
specify the record contents they are seeking. These procedures are in 
accordance with SSA regulations (20 CFR 401.40).

Contesting Record Procedure(s):
    Same as Notification procedures. Requesters should also reasonably 
identify the record, specify the information they are contesting, and 
state the corrective action sought and the reasons for the correction 
with supporting justification showing how the record is untimely, 
incomplete, inaccurate, or irrelevant. These procedures are in 
accordance with SSA Regulations (20 CFR 401.65).

Record Source Categories:
    The information that SSA will collect and maintain in SUMS/MCAS 
will consist of information from SSA's mainframe customer information 
control system, system management facility transaction logs, visitor 
intake process data extracts, payroll operations data store, position 
codes, report office table, Internet verification file, electronic 
disability collect system and related applications, customer help and 
information programs, Medicare application processing system, Internet 
enterprise security interface log files, travel manager, processing 
center, work measurement transaction database, district office weekly 
report, SSA web-based applications, programmatic processes, and 
operational data stores.

Systems Exempt from Certain Provisions of the Privacy Act:
    None.

[FR Doc. E8-1674 Filed 1-29-08; 8:45 am]
BILLING CODE 4191-02-P