Privacy Act of 1974, as Amended; Proposed Alteration to Existing System of Records, New Routine Use, and General Housekeeping Changes, 19617-19620 [E9-9835]

Agencies

• Social Security Administration

[Federal Register Volume 74, Number 81 (Wednesday, April 29, 2009)]
[Notices]
[Pages 19617-19620]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-9835]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974, as Amended; Proposed Alteration to Existing 
System of Records, New Routine Use, and General Housekeeping Changes

AGENCY: Social Security Administration (SSA).

ACTION: Proposed altered system of records, new routine use, and 
general housekeeping changes.

-----------------------------------------------------------------------

SUMMARY: We are issuing public notice of our intent to alter, add a new 
routine use, and make minor housekeeping changes to an existing system 
of records in accordance with the Privacy Act (5 U.S.C. 552a(e)(4)) and 
(e)(11). The affected system of records is the Administrative Law Judge 
(ALJ) Working File on Claimant Cases (60-0005), hereinafter referred to 
as the ALJ Working File. The proposed alterations will result in the 
following changes:
     Expansion of the purpose of the system of records to 
include the electronic internal working file of the administrative law 
judges in the hearing offices. This working file is accessed primarily 
by hearing office personnel viewing documents stored in the Private 
Section of eView, an electronic interface.
     Inclusion of our data protection routine use that provides 
for the release of information in the event of an unauthorized release 
of personally identifiable information. We published this routine use 
in the Federal Register on December 10, 2007 (72 FR 69723); and
     Updates of various cited Federal Government regulations 
and minor editing, including correcting miscellaneous and stylistic 
format errors.

The proposed alteration, new routine use, and housekeeping changes are 
discussed in the SUPPLEMENTARY INFORMATION section below. We invite 
public comments on this proposal.

DATES: We filed a report of the proposed altered system of records and 
added routine use with the Chairman of the Senate Committee on Homeland 
Security and Governmental Affairs, the Chairman of the House Committee 
on Government Reform, and the Director, Office of Information and 
Regulatory Affairs, Office of Management and Budget (OMB) on April 23, 
2009. The proposed altered system of records will become effective on 
June 1, 2009, unless we receive comments before that date that would 
result in a contrary determination.

ADDRESSES: Interested individuals may comment on this publication by 
writing to the Deputy Executive Director, Office of Privacy and 
Disclosure, Office of the General Counsel, Social Security 
Administration, 3-A-6 Operations Building, 6401 Security Boulevard, 
Baltimore, Maryland 21235-6401. All comments received will be available 
for public inspection at the above address.

FOR FURTHER INFORMATION CONTACT: Mr. Neil Etter, Social Insurance 
Specialist, Disclosure Policy Development and Services Division I, 
Office of Privacy and Disclosure, Office of the General Counsel, Social 
Security Administration, Room 3-A-6 Operations Building, 6401 Security 
Boulevard, Baltimore, Maryland 21235-6401, telephone: (410) 965-8028, 
e-mail: neil.etter@ssa.gov.

SUPPLEMENTARY INFORMATION: 

I. Background and Purpose of the Proposed Alteration and New Routine 
Use for the ALJ Working File

A. General Background Relating to the Proposed Alteration

    Under Titles II and XVI of the Social Security Act, an individual 
who has received a Federal reviewing official decision, a prototype 
process determination, or a reconsideration determination on a claim 
for benefits has a right to a hearing before an ALJ. In the past, 
hearing offices kept their records in paper form. New technology will 
allow us to store information electronically and, therefore, we need to 
update this system of records to reflect the change. As a result, 
records in this system may be in paper and electronic media formats.

B. Discussion of Proposed Alteration to the ALJ Working File

    During the course of adjudicating a claim at the hearing level, 
ALJs and members of their staffs often create notes and instructions 
regarding the evidence, testimony, legal theories, merits of the case, 
and opinions and advice about a case. While there may be both 
electronic and paper records gathered and maintained in the ALJ Working 
File, this system covers any documents maintained electronically, such 
as any documents viewed in the Private Section of eView. eView is the 
interface that allows authorized users to view documents stored 
electronically. This Private Section is accessible only to authorized 
SSA staff. Additionally, this proposed alteration provides that any 
movement of the paper-based records in the ALJ Working File to the new 
electronic environment does not affect:


[[Page 19618]]


--The categories of individuals covered by or categories of records 
contained in this system;
--The purpose, storage, retrieval, or notification policies; and
--The existing routine uses of information contained in this system.

Maintaining information in the Private Section ensures that the 
information will not be integrated or intermingled with other 
information contained in the electronic environment.
    Some of the documents are compiled in anticipation of litigation 
and, thus, may be exempt from the access provisions of the Privacy Act 
(5 U.S.C. 552a(d)(5)). We review requests for access under the Freedom 
of Information Act and as described in the Social Security Ruling, SSR 
92-1p: Policy Interpretation Ruling: Request Under the Privacy Act or 
the Freedom of Information Act for Access to Records and for Disclosure 
of Material Maintained by the Office of Hearings and Appeals.

C. Discussion of New Routine Use

    As recommended by the President's Identity Theft Task Force, as 
mandated by the Office of Management and Budget (OMB) in Memorandum M-
07-16, and in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and 
(11)), we established a routine use disclosure that specifically 
permits the disclosure of SSA information in connection with response 
and remediation efforts in the event of an unintentional release of 
agency information, otherwise known as a ``data security breach.'' Such 
a routine use serves to protect the interests of the people whose 
information is at risk by allowing the agency to take appropriate steps 
to facilitate a timely and effective response to a data breach. (For 
more information, please see: Federal Register (Vol. 72, No. 236) 
Monday, December 10, 2007.)

II. Records Storage Medium and Safeguards for the Information 
Maintained in the Proposed Altered ALJ Working File System of Records

    The proposed altered ALJ Working File system of records will 
maintain information in electronic and paper form. We permit only 
authorized personnel who have a need for the information in the 
performance of their official duties to access the information. 
Security measures include the use of access codes to enter the computer 
system that will maintain the data, and storage of the computerized 
records in secured areas that are accessible only to employees who 
require the information in performing their official duties. Any 
related records maintained in paper files are kept in locked cabinets 
or in otherwise secure areas.

III. Effects of the Proposed Alteration and New Routine Use Disclosure 
to the ALJ Working File System of Records on the Rights of Individuals

A. Discussion Relating to the Proposed Alteration

    The proposed alteration to the ALJ Working File system of records 
pertains to our responsibilities in continuing to expand the record 
storage medium to accommodate increasing demand to maintain records in 
electronic form. We will adhere to all applicable statutory 
requirements, including those under the Social Security Act and the 
Privacy Act, in carrying out our responsibilities. Therefore, we do not 
anticipate that the proposed alteration to these systems will have an 
unwarranted adverse effect on the rights of individuals.

B. Discussion Relating to the Added Routine Use

    The new routine use would serve to protect the interests of persons 
whose information could be at risk. We would take appropriate steps to 
facilitate a timely and effective response to a security breach of our 
data, thereby improving our ability to prevent, minimize, or remedy any 
harm that may result from a compromise of data maintained in our 
systems of records. We do not anticipate that the new routine use will 
have any unwarranted adverse effect on the rights of persons about whom 
data might be disclosed.

IV. Compatibility of Proposed Routine Use

    As mandated by OMB, as recommended by the President's Identity 
Theft Task Force, and in accordance with the Privacy Act (5 U.S.C. 
552a(a)(7) and (b)(3)) and our disclosure regulation (20 CFR part 401), 
we are permitted to release information under a published routine use 
for a purpose that is compatible with the purpose for which we 
collected the information. Section 401.120 of our regulations provides 
that we will disclose information required by law. Because OMB has 
mandated the publication of this routine use, the proposed routine use 
is appropriate and meets the relevant statutory and regulatory 
criteria. In addition, disclosures to other agencies, entities, and 
persons when needed to respond to an unintentional release are 
compatible with the reasons we collect the information, as helping to 
prevent and minimize the potential for harm is consistent with taking 
appropriate steps to protect information entrusted to us. See 5 U.S.C. 
552a(e)(10).

V. Minor Housekeeping Changes in the Proposed Altered ALJ Working File 
System of Records

    We are doing some minor editing, including correcting miscellaneous 
stylistic and formatting errors.

    Dated: April 23, 2009.
Michael J. Astrue,
Commissioner.
Social Security Administration Notice of Altered System of Records 
Required by the Privacy Act of 1974, as Amended

System number:
    60-0005.

System name:
    Administrative Law Judge Working File on Claimant Cases, Social 
Security Administration (SSA), Office of Disability Adjudication and 
Review (ODAR).

Security classification:
    None.

System location:
    SSA, ODAR, Local hearing offices. Access Social Security 
Administration's Internet Web site: https://www.socialsecurity.gov/foia/bluebook/app_f.htm for local hearing office address information.

Categories of individuals covered by the system:
    Claimants--Title II (Retirement and Survivors Insurance (RSI), and 
Disability Insurance (DI)); Title XI (claimants subject to Professional 
Standards Review); Title XVI (Supplemental Security Income (SSI)).

Categories of records in the system:
    We establish these files in the hearing office as a record of 
actions taken on each particular case. The file may contain copies of 
various documents such as the Notice of Hearing; Decision on Dismissal; 
the Exhibit List when one is prepared; a copy of congressional 
inquiries and responses thereto; as well as copies of post-adjudicative 
material received and any responses made. Official copies of these 
materials are placed in claim folders. These files also contain working 
papers such as notes taken during the hearing by the administrative law 
judge (ALJ); case analyses prepared by hearing office employees; case 
file cover sheets; attorney worksheets; working papers of hearing 
office staff; and other developmental notes and instructional sheets.

Authority for maintenance of the system:
    Sections 205 and 1631(d)(1) of the Social Security Act, as amended.

[[Page 19619]]

Purpose(s):
    We use the records in this system of records to reference the 
actions we take in a particular case at the hearing level. For example, 
during the course of adjudicating the claim at the hearing level, ALJs 
and members of their staffs often construct documents for only internal 
purposes regarding the evidence, testimony, legal theories, merits of 
the case, and opinions and advice regarding other factors involved in 
the case. While there may be both electronic and paper records in the 
ALJ Working File, this system covers any documents that are gathered, 
maintained, and viewed electronically in the Private Section of eView. 
eView is the interface that allows authorized users to view documents 
stored electronically. The Private Section is accessible only to 
authorized SSA staff.

Routine uses of records maintained in the system of records, including 
categories of users and the purposes of such use:
    Routine use disclosures are as indicated below; however, any 
information defined as ``return or return information'' under 26 U.S.C. 
6103 of the Internal Revenue Code (IRC) will not be disclosed unless 
authorized by the IRC, the Internal Revenue Service (IRS), or IRS 
regulations.
    1. To a congressional office in response to an inquiry from that 
office made at the request of the subject of a record.
    2. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such tribunal when:
    (a) SSA or any component thereof; or
    (b) any SSA employee in his or her official capacity; or
    (c) any SSA employee in his or her individual capacity where DOJ 
(or SSA where it is authorized to do so) has agreed to represent the 
employee; or
    (d) the United States or any agency thereof where SSA determines 
that the litigation is likely to affect the operations of SSA or any of 
its components;
    is a party to litigation or has an interest in such litigation, and 
SSA determines that the use of such records by DOJ, the court or other 
tribunal, or another party before such tribunal is relevant and 
necessary to the litigation, provided, however, that in each case, SSA 
determines that such disclosure is compatible with the purpose for 
which the records were collected.
    3. To IRS, as necessary, for the purpose of auditing SSA's 
compliance with safeguard provisions of the IRC, as amended.
    4. To contractors and other Federal agencies, as necessary, for the 
purpose of assisting SSA in the efficient administration of its 
programs. We contemplate disclosing information under this routine use 
only in situations in which SSA may enter into a contractual or similar 
agreement with a third party to assist in accomplishing an agency 
function relating to this system of records.
    5. To the General Services Administration (GSA) and the National 
Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 
2906, as amended by the NARA Act, for the use of those agencies in 
conducting records management studies.
    6. To student volunteers and other workers, who technically do not 
have the status of Federal employees, when they are performing work for 
SSA as authorized by law, and they need access to personally 
identifiable information in SSA records in order to perform their 
assigned agency functions.
    7. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, if information is 
necessary:
    (a) To enable them to protect the safety of SSA employees and 
customers, the security of the SSA workplace, and the operation of SSA 
facilities; or
    (b) To assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupts the operation of SSA facilities.
    8. To the appropriate Federal, State, and local agencies, entities, 
and persons when (1) we suspect or confirm that the security or 
confidentiality of information in this system of records has been 
compromised; (2) we determine that as a result of the suspected or 
confirmed compromise there is a risk of harm to economic or property 
interests, identity theft or fraud, or harm to the security or 
integrity of this system or other systems or programs of SSA that rely 
upon the compromised information; and (3) we determine that disclosing 
the information to such agencies, entities, and persons is necessary to 
assist in our efforts to respond to the suspected or confirmed 
compromise and prevent, minimize, or remedy such harm. SSA will use 
this routine use to respond only to those incidents involving an 
unintentional release of our records.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    We maintain and store records in this system in paper and in 
electronic form.

Retrievability:
    We retrieve records by Social Security number (SSN) or name.

Safeguards:
    We will store the records in the ALJ Working File system of records 
in electronic media (e.g., computer data systems) and in paper forms. 
We permit only authorized SSA personnel who have a need for the 
information in the performance of their official duties to access the 
information. Security measures include the use of access codes 
(personal identification number (PIN) and password) to enter our 
computer systems that house the data.
    Additionally, we give all of our employees and our contract 
employees annual reminders of the need to protect personal information 
to which they have access for official purposes and remind them of the 
criminal penalties that apply to unauthorized access to, or disclosure 
of, personal information. See 5 U.S.C. 552a(i)(1).

Retention and disposal:
    We will destroy electronic and paper records by deleting them 2 
years after the final action is taken.

System manager(s) and address:
    Deputy Commissioner, Office of Disability Adjudication and Review, 
Social Security Administration, 5107 Leesburg Pike, Falls Church, VA 
22041.

Notification procedures:
    A person can determine if this system contains a record about them 
by writing to the hearing office (access https://www.socialsecurity.gov/foia/bluebook/app_f.htm for address information).
    Persons can also determine if this system contains a record about 
them by writing to the system manager(s) at the above address and 
providing their name, SSN, or other information that may be in the 
system of records that will identify them. Persons requesting 
notification of records in person should provide the same information, 
as well as provide an identity document, preferably with a photograph, 
such as a driver's license or some other means of identification, such 
as voter registration card, etc. Persons lacking identification 
documents sufficient to establish their identity must certify in 
writing that they are the person they claimed to be and that they 
understand that the knowing and willful request for, or acquisition of, 
a record pertaining to another person under false pretenses is a 
criminal offense.
    Persons requesting notification by telephone must verify their 
identity by providing identifying information that

[[Page 19620]]

parallels the information in the record to which notification is being 
requested. If we determine that the identifying information the person 
provides by telephone is insufficient, the person will be required to 
submit a request in writing or in person. If a person requests 
information by telephone on behalf of another individual, the subject 
person must be on the telephone with the requesting person and us in 
the same phone call. We will establish the subject person's identity 
(his or her name, SSN, address, date of birth, and place of birth, 
along with one other piece of information such as mother's maiden 
name), and ask for his or her consent to provide information to the 
requesting person.
    Persons requesting notification by mail must include a notarized 
statement to us to verify their identity or must certify in the request 
that they are the person they claim to be and that they understand that 
the knowing and willful request for, or acquisition of, a record 
pertaining to another person under false pretenses is a criminal 
offense. These procedures are in accordance with SSA Regulations (20 
CFR 401.40).

Record access procedures:
    Same as notification procedures. Requesters should also reasonably 
specify the record contents being sought. These procedures are in 
accordance with SSA Regulations (20 CFR 401.40(c)). Some of the 
documents are compiled in anticipation of litigation and, thus, may be 
exempt from the access provisions of the Privacy Act (5 U.S.C. 
552a(d)(5)).

Contesting record procedures:
    Same as notification procedures. Requesters should also reasonably 
identify the record, specify the information they are contesting, and 
state the corrective action sought and the reasons for the correction 
with supporting justification showing how the record is incomplete, 
untimely, inaccurate, or irrelevant. These procedures are in accordance 
with SSA Regulations (20 CFR 401.65(a)).

Record source categories:
    Information in this system is obtained from claimants; their 
representatives; appropriate members of the public, SSA, and other 
Federal, State, and local agencies.

Systems exempted from certain provisions of the Privacy Act:
    None.

[FR Doc. E9-9835 Filed 4-28-09; 8:45 am]
BILLING CODE P