Privacy Act of 1974, as Amended; Proposed Alteration to Existing System of Records, New Routine Use, and General Housekeeping Changes, 19620-19623 [E9-9840]

Agencies

• Social Security Administration

[Federal Register Volume 74, Number 81 (Wednesday, April 29, 2009)]
[Notices]
[Pages 19620-19623]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-9840]


-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974, as Amended; Proposed Alteration to Existing 
System of Records, New Routine Use, and General Housekeeping Changes

AGENCY: Social Security Administration (SSA).

ACTION: Proposed altered system of records, new routine use, and 
general housekeeping changes.

-----------------------------------------------------------------------

SUMMARY: We are issuing public notice of our intent to alter, add a new 
routine use, and make minor housekeeping changes to an existing system 
of records in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and 
(e)(11)). The affected system of records is the Working File of the 
Appeals Council (60-0004), hereinafter referred to as the AC Working 
File. The proposed alterations will result in the following changes:
     Expansion of the purpose of the system of records to 
include the electronic internal working file of the Office of Appellate 
Operations (OAO) in the Office of Disability Adjudication and Review's 
(ODAR) Appeals Council. This working file is accessed primarily by OAO 
personnel viewing documents stored in the Private Section of eView, an 
electronic interface.
     Inclusion of our data protection routine use that provides 
for the release of information in the event of an unauthorized release 
of personally identifiable information. We published this routine use 
in the Federal Register on December 10, 2007 (72 FR 69723); and
     Updates of various cited Federal Government regulations 
and minor editing, including correcting miscellaneous and stylistic 
format errors.

The proposed revision, new routine use, and housekeeping changes are 
discussed in the SUPPLEMENTARY INFORMATION section below. We invite 
public comments on this proposal.

DATES: We filed a report of the proposed altered system of records and 
added routine use with the Chairman of the Senate Committee on Homeland 
Security and Governmental Affairs, the Chairman of the House Committee 
on Government Reform, and the Director, Office of Information and 
Regulatory Affairs, Office of Management and Budget (OMB) on April 23, 
2009. The proposed altered system of records will become effective on 
June 1, 2009, unless we receive comments before that date that would 
result in a contrary determination.

ADDRESSES: Interested individuals may comment on this publication by 
writing to the Deputy Executive Director, Office of Privacy and 
Disclosure, Office of the General Counsel, Social Security 
Administration, 3-A-6 Operations Building, 6401 Security Boulevard, 
Baltimore, Maryland 21235-6401. All comments received will be available 
for public inspection at the above address.

FOR FURTHER INFORMATION CONTACT: Mr. Neil Etter, Social Insurance 
Specialist, Disclosure Policy Development and Services Division I, 
Office of Privacy and Disclosure, Office of the General Counsel, Social 
Security Administration, Room 3-A-6 Operations Building, 6401 Security 
Boulevard, Baltimore, Maryland 21235-6401, telephone: (410) 965-8028, 
e-mail: neil.etter@ssa.gov.

SUPPLEMENTARY INFORMATION:

I. Background and Purpose of the Proposed Alteration and New Routine 
Use for the AC Working File

A. General Background Relating to the Proposed Alteration

    Under Titles II and XVI of the Social Security Act, an individual 
who is dissatisfied with a hearing decision or hearing dismissal may 
request review by the Appeals Council (AC). The Appeals Council may 
decide on its own motion to review the action taken in a case. The AC 
considers requests of extension of time to file civil actions and is 
also responsible for certain actions on cases in which a civil action 
already has been filed. These actions include acting on new court 
cases, conducting supplemental reviews of pending court cases, acting 
on remand orders from the court, handling appeals on ALJ decisions 
issued following a court remand, and recommending whether to seek an 
appeal when a Federal court makes a decision adverse to the 
Commissioner. The OAO provides professional and technical advice to 
other agency components and the Department of Justice on civil action 
cases when requested. In the past, the AC kept their records in paper 
form. New technology will allow us to store information electronically 
and, therefore, we need to update this system of records to reflect the 
change. As a result, records in this system may be in paper and 
electronic media formats.

B. Discussion of Proposed Alteration to the AC Working File

    Members of the AC are assisted by staff who may prepare an analysis 
and recommendation. When the AC reaches a favorable decision, the 
records may be used to process attorney fees.

[[Page 19621]]

Communications between the members of the Appeals Council and staff 
include instructions, advice, and opinions on disposing of the matters 
at issue. The AC Working File also may contain advisory opinions and 
other communications with other components of SSA and staff in the 
Department of Justice. These writings reflect mental impressions, 
evaluations, opinions, recommendations, and legal theories.
    While there may be both electronic and paper records gathered and 
maintained in the AC Working File, this proposed alteration covers any 
documents maintained electronically, such as any documents viewed in 
the Private Section of eView. eView is the interface that allows 
authorized users to view documents stored electronically. This Private 
Section is accessible only to authorized SSA staff. Additionally, this 
proposed alteration provides that any movement of paper-based records 
in the AC Working File to the new electronic environment does not 
affect:

--The categories of individuals covered by or categories of records 
contained in this system;
--The purpose, storage, retrieval, or notification policies; and
--The existing routine uses of information contained in this system. 
Maintaining information in the Private Section ensures that the 
information will not be integrated or intermingled with other 
information contained in the electronic environment.

    Some of the documents are compiled in anticipation of litigation 
and, thus, may be exempt from the access provisions of the Privacy Act 
(5 U.S.C. 552a(d)(5)). We review requests for access under the Freedom 
of Information Act and as described in the Social Security Ruling SSR 
92-1p: Policy Interpretation Ruling: Request Under The Privacy Act Or 
The Freedom Of Information Act For Access To Records And For Disclosure 
Of Material Maintained By The Office Of Hearings And Appeals.

C. Discussion of New Routine Use

    As recommended by the President's Identity Theft Task Force, as 
mandated by the Office of Management and Budget (OMB) in Memorandum M-
07-16, and in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and 
(11)), we established a routine use disclosure that specifically 
permits the disclosure of SSA information in connection with response 
and remediation efforts in the event of an unintentional release of 
agency information, otherwise known as a ``data security breach.'' Such 
a routine use serves to protect the interests of the people whose 
information is at risk by allowing the agency to take appropriate steps 
to facilitate a timely and effective response to a data breach. (For 
more information, please see: Federal Register (Vol. 72, No. 236) 
Monday, December 10, 2007.)

II. Records Storage Medium and Safeguards for the Information 
Maintained in the Proposed Altered AC Working File System of Records

    The proposed altered AC Working File system of records will 
maintain information in paper or electronic form. We permit only 
authorized personnel who have a need for the information in the 
performance of their official duties to access the information. 
Security measures include the use of access codes to enter the computer 
system that will maintain the data, and storage of the computerized 
records in secured areas that are accessible only to employees who 
require the information in performing their official duties. Any 
related records maintained in hardcopy are kept in locked cabinets or 
in otherwise secure areas.

III. Effects of the Proposed Alteration and New Routine Use Disclosure 
to the AC Working File System of Records on the Rights of Individuals

A. Discussion Relating to the Proposed Alteration

    The proposed alteration to the AC Working File system of records 
pertains to our responsibilities in continuing to expand the record 
storage medium to accommodate increasing demand to maintain records in 
electronic form. We will adhere to all applicable statutory 
requirements, including those under the Social Security Act and the 
Privacy Act, in carrying out our responsibilities. Therefore, we do not 
anticipate that the proposed revision to these systems will have an 
unwarranted adverse effect on the rights of individuals.

B. Discussion Relating to the Added Routine Use

    The new routine use would serve to protect the interests of persons 
whose information could be at risk. We would take appropriate steps to 
facilitate a timely and effective response to a security breach of our 
data, thereby improving our ability to prevent, minimize, or remedy any 
harm that may result from a compromise of data maintained in our 
systems of records. We do not anticipate that the new routine use will 
have any unwarranted adverse effect on the rights of persons about whom 
data might be disclosed.

IV. Compatibility of Proposed Routine Use

    As mandated by OMB, as recommended by the President's Identity 
Theft Task Force, and in accordance with the Privacy Act (5 U.S.C. 
552a(a)(7) and (b)(3)) and our disclosure regulation (20 CFR part 401), 
we are permitted to release information under a published routine use 
for a purpose that is compatible with the purpose for which we 
collected the information. Section 401.120 of our regulations provides 
that we will disclose information required by law. Because OMB has 
mandated the publication of this routine use, the proposed routine use 
is appropriate and meets the relevant statutory and regulatory 
criteria. In addition, disclosures to other agencies, entities, and 
persons when needed to respond to an unintentional release are 
compatible with the reasons we collect the information, as helping to 
prevent and minimize the potential for harm is consistent with taking 
appropriate steps to protect information entrusted to us. See 5 U.S.C. 
552a(e)(10).

V. Minor Housekeeping Changes in the Proposed Altered AC Working File 
System of Records

    We are doing some minor editing, including correcting miscellaneous 
stylistic and formatting errors.

    Dated: April 23, 2009.
Michael J. Astrue,
Commissioner.
Social Security Administration Notice of Altered System of Records 
Required by the Privacy Act of 1974, as Amended

System number:
    60-0004.

System name:
    Working File of the Appeals Council, Social Security 
Administration, Office of Disability Adjudication and Review (ODAR).

Security classification:
    None.

System location:
    Social Security Administration, Office of Disability Adjudication 
and Review, 5107 Leesburg Pike, Falls Church, VA 22241.

Categories of individuals covered by the system:
    Claimants--Title II (Retirement and Survivors Insurance (RSI), and 
Disability Insurance (DI)); Title XVI (Supplemental Security Income 
(SSI)); Title XI (claimants subject to Professional Standards Review).

[[Page 19622]]

Categories of records in the system:
    This file may contain: communications between the Appeals Council 
(AC) and staff about analysis and recommendations to the AC; a copy of 
the administrative law judge (ALJ) decision or dismissal; a copy of the 
Request for Review of the hearing decision or dismissal; requests to 
medical support staff for comments and their responses, if not entered 
into the record; copies of AC actions on the case; notice of denial of 
request for review; notice of granting review; AC decisions; and copies 
of transcripts when available. It may also contain advisory opinions 
and other communications with other components of SSA and staff in the 
Department of Justice.

Authority for maintenance of the system:
    Sections 205 and 1631(d)(1) of the Social Security Act, as amended.

Purpose(s):
    We use the records in this system of records for members of the AC 
and their staff to construct documents internally for use in connection 
with a recommendation to, or action by, the AC in individual cases. 
While there may be both electronic and paper records in the AC Working 
File, this system covers any documents that are gathered, maintained, 
and viewed electronically in the Private Section of eView. eView is the 
interface that allows authorized users to view documents stored 
electronically. The Private Section is accessible only to authorized 
SSA staff.

Routine uses of records maintained in the system of records, including 
categories of users and the purposes of such use:
    Routine use disclosures are as indicated below; however, any 
information defined as ``return or return information'' under 26 U.S.C. 
6103 of the Internal Revenue Code (IRC) will not be disclosed unless 
authorized by the IRC, the Internal Revenue Service (IRS), or IRS 
regulations.
    1. To a congressional office in response to an inquiry from that 
office made at the request of the subject of a record.
    2. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such tribunal when:
    (a) SSA or any component thereof; or
    (b) Any SSA employee in his or her official capacity; or
    (c) Any SSA employee in his or her individual capacity where DOJ 
(or SSA where it is authorized to do so) has agreed to represent the 
employee; or
    (d) The United States or any agency thereof where SSA determines 
that the litigation is likely to affect the operations of SSA or any of 
its components, is a party to litigation or has an interest in such 
litigation, and SSA determines that the use of such records by DOJ, the 
court or other tribunal, or another party before such tribunal is 
relevant and necessary to the litigation, provided, however, that in 
each case, SSA determines that such disclosure is compatible with the 
purpose for which the records were collected.
    3. To IRS, as necessary, for auditing SSA's compliance with 
safeguard provisions of the IRC, as amended.
    4. To contractors and other Federal agencies, as necessary, for the 
purpose of assisting SSA in the efficient administration of its 
programs. We contemplate disclosing information under this routine use 
only in situations in which SSA may enter into a contractual or similar 
agreement with a third party to assist in accomplishing an agency 
function relating to this system of records.
    5. To the General Services Administration (GSA) and the National 
Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 
2906, as amended by the NARA Act, for the use of those agencies in 
conducting records management studies.
    6. To student volunteers and other workers, who technically do not 
have the status of Federal employees, when they are performing work for 
SSA as authorized by law, and they need access to personally 
identifiable information in SSA records in order to perform their 
assigned agency functions.
    7. To the appropriate Federal, State, and local agencies, entities, 
and persons when (1) We suspect or confirm that the security or 
confidentiality of information in this system of records has been 
compromised; (2) we determine that as a result of the suspected or 
confirmed compromise there is a risk of harm to economic or property 
interests, identity theft or fraud, or harm to the security or 
integrity of this system or other systems or programs of SSA that rely 
upon the compromised information; and (3) we determine that disclosing 
the information to such agencies, entities, and persons is necessary to 
assist in our efforts to respond to the suspected or confirmed 
compromise and prevent, minimize, or remedy such harm. SSA will use 
this routine use to respond only to those incidents involving an 
unintentional release of our records.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    We maintain and store records in this system in paper and in 
electronic form.

Retrievability:
    We retrieve records by claimant name and Social Security number 
(SSN).

Safeguards:
    We will store the records in the AC Working File system of records 
in electronic media (e.g., computer data systems) and in paper forms. 
We permit only authorized SSA personnel who have a need for the 
information in the performance of their official duties to access the 
information. Security measures include the use of access codes 
(personal identification number (PIN) and password) to enter our 
computer systems that house the data.
    Additionally, we give all of our employees and our contract 
employees annual reminders of the need to protect personal information 
to which they have access for official purposes and remind them of the 
criminal penalties that apply to unauthorized access to, or disclosure 
of, personal information. See 5 U.S.C. 552a(i)(1).

Retention and disposal:
    After the time in which to appeal a final action of the AC has 
elapsed, we will destroy the records. If a court affirms an AC 
decision, we will destroy the records one year after the final court 
decision. If a court reverses an AC decision, we will destroy the 
records six months after the final court action.

System manager(s) and address:
    Deputy Commissioner, Office of Disability Adjudication and Review, 
Social Security Administration, 5107 Leesburg Pike, Falls Church, Va. 
22041.

Notification procedures:
    Persons can determine if this system contains a record about them 
by writing to the system manager(s) at the above address and providing 
their name, SSN, or other information that may be in the system of 
records that will identify them. Persons requesting notification of 
records in person should provide the same information, as well as 
provide an identity document, preferably with a photograph, such as a 
driver's license or some other means of identification, such as voter 
registration card, etc. Persons lacking any identification documents 
sufficient to establish their identity must certify in writing that 
they are the person they claimed to be and that they understand that 
the knowing and willful

[[Page 19623]]

request for, or acquisition of, a record pertaining to another person 
under false pretenses is a criminal offense.
    Persons requesting notification by telephone must verify their 
identity by providing identifying information that parallels the 
information in the record to which notification is being requested. If 
we determine that the identifying information the person provides by 
telephone is insufficient, the person will be required to submit a 
request in writing or in person. If a person requests information by 
telephone on behalf of another individual, the subject person must be 
on the telephone with the requesting person and us in the same phone 
call. We will establish the subject person's identity (his or her name, 
SSN, address, date of birth, and place of birth, along with one other 
piece of information such as mother's maiden name), and ask for his or 
her consent to provide information to the requesting person.
    Persons requesting notification submitted by mail must include a 
notarized statement to us to verify their identity or must certify in 
the request that they are the person they claim to be and that they 
understand that the knowing and willful request for, or acquisition of, 
a record pertaining to another person under false pretenses is a 
criminal offense. These procedures are in accordance with SSA 
Regulations (20 CFR 401.40).

Record access procedures:
    Same as notification procedures. Requesters should also reasonably 
specify the record contents being sought. These procedures are in 
accordance with SSA Regulations (20 CFR 401.40(c)). Some of the 
documents are compiled in anticipation of litigation and, thus, may be 
exempt from the access provisions of the Privacy Act (5 U.S.C. 
552a(d)(5)).

Contesting record procedures:
    Same as notification procedures. Requesters should also reasonably 
identify the record, specify the information they are contesting, and 
state the corrective action sought and the reasons for the correction 
with supporting justification showing how the record is incomplete, 
untimely, inaccurate, or irrelevant. These procedures are in accordance 
with SSA Regulations (20 CFR 401.65(a)).

Record source categories:
    Information in this system is obtained from claimants; their 
representatives; appropriate members of the public, SSA, and other 
Federal, State, and local agencies.

Systems exempted from certain provisions of the Privacy Act:
    None.

[FR Doc. E9-9840 Filed 4-28-09; 8:45 am]
BILLING CODE P