Privacy Act of 1974, as Amended; New System of Records, 41962-41967 [E9-19935]
Download as PDF
<![CDATA[
41962
Federal Register / Vol. 74, No. 159 / Wednesday, August 19, 2009 / Notices
(3) Publish notice of the computer
matching program in the Federal
Register;
(4) Furnish detailed reports about
matching programs to Congress and
OMB;
(5) Notify applicants and beneficiaries
that their records are subject to
matching; and
(6) Verify match findings before
reducing, suspending, terminating, or
denying a person’s benefits or
payments.
B. SSA Computer Matches Subject to
the Privacy Act
We have taken action to ensure that
all our computer matching programs
comply with the requirements of the
Privacy Act, as amended.
Dated: May 22, 2009.
Mary Glenn-Croft,
Deputy Commissioner for Budget, Finance
and Management.
Notice of Computer Matching Program,
SSA With IRS
A. Participating Agencies
SSA and IRS
jlentini on DSKJ8SOYB1PROD with NOTICES
B. Purpose of the Matching Program
This agreement sets forth the terms
under which IRS agrees to disclose to us
certain tax return information for the
purpose of establishing the correct
amount of Medicare Part B premium
subsidy adjustment under Section
1839(i) of the Social Security Act (Act),
which was enacted by Section 811 of
the Medicare Prescription Drug,
Improvement, and Modernization Act of
2003.
C. Authority for Conducting the
Matching Program
Section 6103(1)(20) of the Internal
Revenue Code (IRC 6103(1)(20))
authorizes IRS to disclose specified tax
return information to us with respect to
taxpayers whose Part B insurance
premium may (according to IRS records)
be subject to adjustment pursuant to
Section 1839(i) of the Act, for the
purpose of establishing the amount of
any such adjustment.
Section 1839(i) of the Act requires us
to determine the amount of a
beneficiary’s Part B premium subsidy
adjustment if the Modified Adjusted
Gross Income (MAGI) is above the
applicable threshold as established in
Section 1839(i) of the Act. Pursuant to
Section 1839(i) of the Act (42 U.S.C.
1395r), we determine whether a
Medicare Part B beneficiary pays a
larger percentage of the Part B premium
than a beneficiary with income below
the applicable threshold.
VerDate Nov<24>2008
16:53 Aug 18, 2009
Jkt 217001
D. Categories of Records and Persons
Covered by the Matching Program
We will disclose to IRS the names and
Social Security numbers (SSNs) of all
appropriate beneficiaries who either are
enrolled or have become entitled to
Medicare Part B. On a weekly basis, we
will provide IRS with this information
with respect to SSA Part B beneficiaries
who:
a. Are enrolled in Medicare under the
rules in Section 1837 of the Act (42
U.S.C. 1395p) and have not dis-enrolled
from Medicare Part B; or
b. Have filed applications specifically
for Medicare Part B; or
c. Have been determined to have
retroactive Medicare Part B entitlement.
As part of the weekly transmission,
we will include the name, SSN,
premium year, and income threshold
amounts for new Part B enrollees. Once
each year, we will provide the name,
SSN, premium year, and income
threshold amounts for all appropriate
enrollees in Part B. We will use
information obtained in this annual
request to determine Part B premium
subsidy adjustments for the coming
premium year. At the time of the annual
exchange, we include the name, SSN,
premium year, income threshold
amounts, and requested tax year with
respect to all enrollees who asked us to
use a more recent tax year or for
beneficiaries where IRS provided 3year-old tax data on the initial request.
We will use the information obtained to
correct Part B premium subsidy
adjustments for the requested premium
year.
On a weekly basis, IRS will extract
MAGI data pertaining to the Part B
enrollees from the Return Transaction
File. IRS will extract MAGI data
pertaining to the tax year beginning in
the second calendar year preceding the
year for which the premium subsidy
adjustment is being calculated (the
premium year). When MAGI data for the
second tax year preceding the premium
year is not available as of October 16 of
the year immediately preceding the
premium year, MAGI data pertaining to
the third tax year preceding the
premium year will be provided to us.
For the annual request, IRS will
extract MAGI data as described above
and provide the responsive records to
us. For requests seeking more recent tax
year data, IRS will extract MAGI data of
the requested year, and provide the
information to us.
E. Inclusive Dates of the Matching
Program
The matching program will become
effective no sooner than 40 days after
PO 00000
Frm 00102
Fmt 4703
Sfmt 4703
notice of the matching program is sent
to Congress and OMB, or 30 days after
publication of this notice in the Federal
Register, whichever date is later. The
matching program will continue for 18
months from the effective date and may
be extended for an additional 12 months
thereafter, if certain conditions are met.
[FR Doc. E9–19920 Filed 8–18–09; 8:45 am]
BILLING CODE 4191–02–P
SOCIAL SECURITY ADMINISTRATION
Privacy Act of 1974, as Amended; New
System of Records
AGENCY:
Social Security Administration
(SSA).
ACTION: Proposed system of records and
routine uses.
SUMMARY: We are issuing public notice
of our intent to establish a new system
of records and routine uses applicable to
this system of records in accordance
with the Privacy Act (5 U.S.C. 552a(e)(4)
and (e)(11)). The proposed system of
records is entitled the Race and
Ethnicity Collection System (60–0104),
hereinafter referred to as the RECS
system of records. We discuss the
system of records in the SUPPLEMENTARY
INFORMATION section below. We invite
public comments on this proposal.
DATES: We filed a report of the proposed
RECS system of records and routine use
disclosures with the Chairman of the
Senate Committee on Homeland
Security and Governmental Affairs, the
Chairman of the House Committee on
Oversight and Government Reform, and
the Director, Office of Information and
Regulatory Affairs, Office of
Management and Budget (OMB) on
August 13, 2009. The proposed RECS
system of records and routine uses will
become effective on October 9, 2009,
unless we receive comments before that
date that would result in a contrary
determination.
ADDRESSES: Interested persons may
comment on this publication by writing
to the Executive Director, Office of
Privacy and Disclosure, Office of the
General Counsel, Social Security
Administration, Room 3–A–6
Operations Building, 6401 Security
Boulevard, Baltimore, Maryland 21235–
6401. All comments we receive will be
available for public inspection at the
above address.
FOR FURTHER INFORMATION CONTACT:
Alicia Matthews, Social Insurance
Specialist (Senior Analyst), Disclosure
Policy Development and Services
Division 1, Office of Privacy and
Disclosure, Office of the General
E:\FR\FM\19AUN1.SGM
19AUN1
Federal Register / Vol. 74, No. 159 / Wednesday, August 19, 2009 / Notices
•
•
•
•
•
•
Counsel, Social Security
Administration, 3–A–6 Operations
Building, 6401 Security Boulevard,
Baltimore, Maryland 21235–6401,
telephone: (410) 965–1723, e-mail:
alicia.matthews@ssa.gov.
SUPPLEMENTARY INFORMATION:
jlentini on DSKJ8SOYB1PROD with NOTICES
I. Background and Purpose of the
Proposed RECS System of Records
A. General Background
In October 1997, the Office of
Management and Budget (OMB)
announced revised government-wide
standards for Federal agencies collecting
race and ethnicity (RE) data (62 FR
58782, Oct. 30, 1997, ‘‘Revisions to the
Standards for the Classification of
Federal Data on Race and Ethnicity’’).
We need RE data for program
evaluation, research, and statistical
reporting purposes. We do not use RE
data to make decisions about a person’s
application for benefits or any other
programmatic determination. Prior to
1987, we collected RE data from persons
on a voluntary basis when they applied
for either original or replacement Social
Security number (SSN) cards. Since
1987, however, we have issued most
original SSN cards through an
enumeration-at-birth program (EAB),
which is administered by the States. As
the States do not collect RE information,
we do not maintain RE information for
EAB applicants. Since 2002, the
Department of Homeland Security
(DHS) has taken applications for SSN
cards from aliens entering the United
States through the enumeration-at-entry
(EAE) program. DHS does not provide
us with RE information on EAE
applicants.
We currently maintain the RE data
that we collect in an existing Privacy
Act system of records, the Master Files
of SSN Number Holders and SSN
Applications. The RE data we currently
collect is limited to these categories:
Asian, Asian-American or Pacific
Islander; Hispanic; Black (Not
Hispanic); North American Indian or
Alaskan Native; and White (Not
Hispanic). Under the current standards,
persons who provide us race
information can designate only one of
the categories, and they do not have the
option of designating both their race and
ethnicity.
We will no longer collect RE
information using our limited
categories. Pursuant to the OMB
mandated standards, we will use the
following categories to collect RE
information:
Race
• Alaska Native,
VerDate Nov<24>2008
16:53 Aug 18, 2009
Jkt 217001
American Indian,
Asian,
Black/African American,
Native Hawaiian,
Other Pacific Islander, and
White.
Ethnicity
• Hispanic/Latino.
Under the OMB standards, persons
may voluntarily designate one or more
categories under ‘‘Race’’ and designate
‘‘yes’’ or ‘‘no’’ under the ‘‘Ethnicity’’
category.
We will collect RE information that
conforms to the OMB standards for the
continuing purposes of program
evaluation, research, and statistical
reporting. Using the OMB standards, we
will maintain all future collections of
RE data in a separate electronic system
covered by the proposed RECS system
of records. The proposed RECS system
of records will cover RE data about
persons issued original or replacement
SSN cards who do not apply through
the EAB or EAE programs.
B. Collection and Maintenance of the
Data for the Proposed RECS System of
Records
We will collect, maintain, and retrieve
personally identifiable information (i.e.,
SSNs) of persons who voluntarily
provide their RE data when they request
an original or replacement SSN card
from us in an electronic system covered
by the proposed RECS system of
records. Therefore, the RECS
information collection is a system of
records as defined by the Privacy Act.
II. Proposed Routine Use Disclosures of
Data Covered by the Proposed RECS
System of Records
A. Proposed Routine Use Disclosures
We are proposing to establish the
following routine uses of the
information covered by the proposed
RECS system of records.
1. To the Office of the President in
response to an inquiry from that office
made at the request of the subject of the
record or a third party on that person’s
behalf.
We will disclose RE information
under this routine use only when the
Office of the President makes an inquiry
relating to information contained in this
system of records and indicates that it
is acting on behalf of the person whose
record is requested.
2. To a congressional office in
response to an inquiry from that office
made at the request of the subject of a
record or a third party on that person’s
behalf.
We will disclose RE information
under this routine use only when a
PO 00000
Frm 00103
Fmt 4703
Sfmt 4703
41963
member of Congress, or member of his
or her staff, makes an inquiry relating to
information contained in this system of
records and indicates that he or she is
acting on behalf of the person whose
record is requested.
3. To the Department of Justice (DOJ),
a court, other tribunal, or another party
before such court or tribunal when:
(a) SSA or any of our components;
(b) Any SSA employee in his or her
official capacity;
(c) Any SSA employee in his or her
individual capacity when DOJ (or SSA
when we are authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency
thereof when we determine that the
litigation is likely to affect the
operations of SSA or any of our
components, is party to litigation or has
an interest in such litigation, and we
determine that the use of such records
by DOJ, a court, other tribunal, or
another party before such court or
tribunal is relevant and necessary to the
litigation. In each case, however, we
must determine that such disclosure is
compatible with the purpose for which
we collected the records.
We will disclose RE information
under this routine use as necessary to
enable DOJ to effectively defend us, our
components, or our employees in
litigation when the use of information
from the proposed system of records is
relevant and necessary to the litigation
and compatible with the purpose of the
information collection. We will also
disclose information to ensure that
courts, other tribunals, and parties
before such courts or tribunals, have
appropriate information when relevant
and necessary.
4. To a Federal, State, or
congressional support agency (e.g.,
Congressional Budget Office and the
Congressional Research Staff in the
Library of Congress) for research,
evaluation, or statistical studies. Such
disclosures include, but are not limited
to:
(a) Releasing information to assess the
extent to which one can predict
eligibility for Supplemental Security
Income (SSI) payments or Social
Security disability insurance benefits or
other programs under the Social
Security Act;
(b) Examining the distribution of
benefits under programs of the Social
Security Act by economic and
demographic groups and how these
differences might be affected by possible
changes in policy;
(c) Analyzing the interaction of
economic and non-economic variables
affecting entry and exit events and
duration in the Title II Old Age,
E:\FR\FM\19AUN1.SGM
19AUN1
jlentini on DSKJ8SOYB1PROD with NOTICES
41964
Federal Register / Vol. 74, No. 159 / Wednesday, August 19, 2009 / Notices
Survivors, and Disability Insurance and
the Title XVI SSI disability programs;
and,
(d) Analyzing retirement decisions
focusing on the role of Social Security
benefit amounts, automatic benefit
recomputation, the delayed retirement
credit, and the retirement test.
We may make these disclosures if we:
(1) Determine that the routine use
does not violate legal limitations under
which the record was provided,
collected, or obtained;
(2) Determine that the purpose for
which the proposed use is to be made:
(i) Cannot reasonably be
accomplished unless the record is
provided in a form that identifies a
person;
(ii) Is of sufficient importance to
warrant the effect on, or risk to, the
privacy of the person which such
limited additional exposure of the
record might bring;
(iii) Has a reasonable probability of
being accomplished;
(iv) Is of importance to the programs
under the Social Security Act and
beneficiaries of such programs or is for
an epidemiological research project that
relates to programs under the Social
Security Act or beneficiaries of such
programs;
(3) Require the recipient of
information to:
(i) Establish appropriate
administrative, technical, and physical
safeguards to prevent unauthorized use
or disclosure of the record and agree to
on-site inspection by our employees,
our agents, or by independent agents of
the recipient agency of those safeguards;
(ii) Remove or destroy the information
that enables the person to be identified
at the earliest time that the recipient can
do so consistent with the purpose of the
project, unless the recipient receives
written authorization from us that it is
justified, based on research objectives,
in retaining such information;
(iii) Make no further use of the
records except:
(a) Under emergency circumstances
affecting the health and safety of a
person following written authorization
from us;
(b) For disclosure to an identified
person approved by us for the purpose
of auditing the research project;
(iv) Keep the data as a system of
statistical records. A statistical record is
one which is maintained only for
statistical and research purposes and
which is not used to make any
determination about a person;
(4) Secure a written statement by the
recipient of the information attesting to
the recipient’s understanding of, and
willingness to abide by, these
provisions.
VerDate Nov<24>2008
16:53 Aug 18, 2009
Jkt 217001
The use of the revised OMB
standards, which include more
categories, will permit us to develop
richer and more comprehensive
information that can be used in
actuarial, epidemiological, economic,
and other social science projects that
will ultimately benefit us, the public,
and other Federal, State, or
congressional support agencies’
programs. The use of the information
will allow new studies to occur
regarding the administration of the
Social Security program and other
related purposes that we and other
agencies might not otherwise undertake
due to the lack of data. Other related
purposes include studies conducted by
the Centers for Medicare and Medicaid
Services to address health care
disparities on the basis of race,
ethnicity, and gender for Medicare and
Medicaid beneficiaries under Titles
XVIII and XIX of the Social Security
Act.
5. To our contractors and grantees
performing program evaluation,
research, and statistical activities
directly relating to this system of
records, and to contractors or grantees
for another Federal or State agency
performing such activities.
We occasionally contract out certain
agency functions when doing so
contributes to effective and efficient
operations. Other Federal and State
agencies also occasionally use
contractors or grantees to perform
program evaluation and analysis. We
must be able to give the contractor or
grantee the information needed to fulfill
the contract requirements. In these
situations, we require safeguards in the
contract that prohibit the contractor
from using or disclosing the information
for any purpose other than that
described in the contract. We also
assure that contractors for other Federal
and State agencies adhere to these
safeguards.
6. To student volunteers, persons
working under a personal services
contract, and others who are not
technically Federal employees, when
they are performing work for us as
authorized by law, and they need access
to information in our records in order to
perform their assigned agency duties.
We will disclose RE information
under this routine use only when we
use the services of student volunteers
and participants in certain educational,
training, employment, and community
service programs when they need access
to RE information in this system to
perform their assigned agency duties.
7. To the General Services
Administration (GSA) and the National
Archives Records Administration
PO 00000
Frm 00104
Fmt 4703
Sfmt 4703
(NARA) under 44 U.S.C. 2904 and 2906,
as amended by the NARA Act,
information that is not restricted from
disclosure by Federal law for their use
in conducting records management
studies.
We will disclose RE information
under this routine use only when it is
necessary for GSA and NARA to have
access to the information covered by
this proposed system of records. The
Administrator of GSA and the Archivist
of NARA are authorized by Title 44
U.S.C. 2904, as amended, to promulgate
standards, procedures, and guidelines
regarding records management and
conducting records management
studies. Title 44 U.S.C. 2906, as
amended, provides that GSA and NARA
are authorized to inspect Federal
agencies’ records for records
management purposes and that agencies
are to cooperate with GSA and NARA.
8. To the appropriate Federal, State,
and local agencies, entities, and persons
when (1) we suspect or confirm that the
security or confidentiality of
information in this system of records
has been compromised; (2) we
determine that as a result of the
suspected or confirmed compromise
there is a risk of harm to economic or
property interests, identity theft or
fraud, or harm to the security or
integrity of this system or our other
systems or programs that rely upon the
compromised information; and (3) we
determine that disclosing the
information to such agencies, entities,
and persons is necessary to assist in our
efforts to respond to the suspected or
confirmed compromise and prevent,
minimize, or remedy such harm. We
will use this routine use to respond only
to those incidents involving an
unintentional release of our records.
We will disclose RE information
under this routine use specifically in
connection with response and
remediation efforts in the event of an
unintentional release of agency
information, otherwise known as a
‘‘data security breach.’’ This routine use
will protect the interests of the people
whose information is at risk by allowing
us to take appropriate steps to facilitate
a timely and effective response to a data
breach. The routine use will also help
us improve our ability to prevent,
minimize, or remedy any harm that may
result from a compromise of data
covered by this system of records.
9. To Federal, State, and local law
enforcement agencies and private
security contractors, as appropriate,
information necessary:
(a) To enable them to assure the safety
of our employees and the public, the
E:\FR\FM\19AUN1.SGM
19AUN1
Federal Register / Vol. 74, No. 159 / Wednesday, August 19, 2009 / Notices
security of our workplace, and the
operation of our facilities; or
(b) To assist investigations or
prosecutions with respect to activities
that affect such safety and security or
activities that disrupt the operation of
our facilities.
We will disclose RE information
under this routine use to law
enforcement agencies and private
security contractors when information is
needed to respond to, investigate, or
prevent activities that jeopardize the
security and safety of the public,
employees, or workplaces, or that
otherwise disrupt the operation of our
facilities. We will disclose information
to assist in prosecuting persons charged
with violating a Federal, State, or local
law in connection with such activities.
jlentini on DSKJ8SOYB1PROD with NOTICES
B. Compatibility of Proposed Routine
Uses
The Privacy Act (5 U.S.C. 552a(b)(3))
and our disclosure regulations (20 CFR
Part 401) permit us to disclose
information under a published routine
use for a purpose that is compatible
with the purpose for which we collected
the information. The proposed routine
uses will ensure that we efficiently
perform our functions relating to the
purpose and administration of the
proposed RECS system of records. Our
regulations provide that we will
disclose information when a law
specifically requires disclosure (Section
401.120). Federal law requires the
disclosures that we make under routine
use number seven. We will disclose
information under routine use number
seven to the extent another Federal law
does not prohibit the disclosure; e.g.,
the Internal Revenue Code generally
prohibits the disclosure of tax return
information which we receive to
maintain individual earnings records.
Therefore, all routine uses are
appropriate and meet the relevant
statutory and regulatory criteria.
III. Record Storage Medium and
Safeguards for the Information Covered
by the Proposed RECS System of
Records
We will maintain RE information
covered by the proposed RECS system
of records in electronic and paper form.
We will keep paper records in locked
cabinets or in otherwise secure areas.
We will safeguard the security of the
electronic information covered by the
proposed RECS system of records by
requiring the use of access codes to
enter the computer system that will
house the data. We will permit only our
authorized employees and contractors
who require the information to perform
their official duties to access the
VerDate Nov<24>2008
19:20 Aug 18, 2009
Jkt 217001
information covered by the proposed
RECS system of records.
We provide appropriate security
awareness and training annually to all
our employees and contractors that
include reminders about the need to
protect personally identifiable
information and the criminal penalties
that apply to unauthorized access to, or
disclosure of, personally identifiable
information. See 5 U.S.C. 552a(i)(1).
Furthermore, employees and contractors
with access to databases maintaining
personally identifiable information must
sign a sanction document annually,
acknowledging their accountability for
making unauthorized access to, or
disclosure of, such information.
IV. Effects of the Proposed RECS
System of Records on the Rights of
Individuals
We will maintain RE information that
is relevant to our agency’s program
evaluation, research, and statistical
reporting functions in the electronic
system covered by the proposed RECS
system of records. We will not use RE
information to make a determination
about entitlement to insurance coverage
or benefits under the Social Security
Act. We employ safeguards to protect
the confidentiality of all personally
identifiable information in our
possession. We will adhere to the
provisions of the Privacy Act and other
applicable Federal statutes that govern
our use and disclosure of the RE
information that is covered by the
proposed RECS system of records. We
will disclose information under the
routine uses discussed in this
publication only as necessary to
accomplish the stated purposes.
Therefore, we do not anticipate that the
proposed RECS system of records or
routine use disclosures will have any
unwarranted adverse effect on the
privacy or other rights of persons who
request an original or replacement SSN
card from us.
Dated: August 12, 2009.
Michael J. Astrue,
Commissioner.
System Number:
60–0104.
SYSTEM NAME:
Race and Ethnicity Collection System
(RECS), Social Security Administration
(SSA)
SECURITY CLASSIFICATION:
None.
PO 00000
Frm 00105
Fmt 4703
Sfmt 4703
41965
SYSTEM LOCATION:
SSA, Office of Telecommunications
and Systems Operations, 6401 Security
Boulevard, Baltimore, Maryland 21235.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Successfully enumerated applicants
for Social Security number (SSN) cards,
other than those who receive cards
through the enumeration-at-birth (EAB)
or enumeration-at-entry programs
(EAE), when such persons voluntarily
provide race and ethnicity (RE) data.
CATEGORIES OF RECORDS IN THE SYSTEM:
SSN and RE data collected during
contacts with the successfully
enumerated applicants for SSN cards
described above.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Sections 702, 704 and 1106 of the
Social Security Act (42 U.S.C. 902, 904,
and 1306), and SSA regulations at 20
CFR 401.165.
PURPOSE(S):
This system of records will cover RE
data collected during contacts with
persons who conduct enumeration
business with us, other than those who
receive cards through the EAB or EAE
programs.
ROUTINE USES OF RECORDS COVERED BY THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES:
Routine use disclosures are as
indicated below:
1. To the Office of the President in
response to an inquiry from that office
made at the request of the subject of the
record or a third party on that person’s
behalf.
2. To a congressional office in
response to an inquiry from that office
made at the request of the subject of a
record or a third party on that person’s
behalf.
3. To the Department of Justice (DOJ),
a court, other tribunal, or another party
before such court or tribunal when:
(a) SSA or any of our components;
(b) Any SSA employee in his or her
official capacity;
(c) Any SSA employee in his or her
individual capacity when DOJ (or SSA
when we are authorized to do so) has
agreed to represent the employee; or
(d) The United States or any agency
thereof when we determine that the
litigation is likely to affect the
operations of SSA or any of our
components,
is party to litigation or has an interest
in such litigation, and we determine
that the use of such records by DOJ, a
court, other tribunal, or another party
before such court or tribunal is relevant
E:\FR\FM\19AUN1.SGM
19AUN1
jlentini on DSKJ8SOYB1PROD with NOTICES
41966
Federal Register / Vol. 74, No. 159 / Wednesday, August 19, 2009 / Notices
and necessary to the litigation. In each
case, however, we must determine that
such disclosure is compatible with the
purpose for which we collected the
records.
4. To a Federal, State, or
congressional support agency (e.g.,
Congressional Budget Office and the
Congressional Research Staff in the
Library of Congress) for research,
evaluation, or statistical studies. Such
disclosures include, but are not limited
to:
(a) Releasing information to assess the
extent to which one can predict
eligibility for Supplemental Security
Income (SSI) payments or Social
Security disability insurance benefits or
other programs under the Social
Security Act;
(b) Examining the distribution of
benefits under programs of the Social
Security Act by economic and
demographic groups and how these
differences might be affected by possible
changes in policy;
(c) Analyzing the interaction of
economic and non-economic variables
affecting entry and exit events and
duration in the Title II Old Age,
Survivors, and Disability Insurance and
the Title XVI SSI disability programs;
and,
(d) Analyzing retirement decisions
focusing on the role of Social Security
benefit amounts, automatic benefit
recomputation, the delayed retirement
credit, and the retirement test.
We may make these disclosures if we:
(1) Determine that the routine use
does not violate legal limitations under
which the record was provided,
collected, or obtained;
(2) Determine that the purpose for
which the proposed use is to be made:
(i) Cannot reasonably be
accomplished unless the record is
provided in a form that identifies a
person;
(ii) Is of sufficient importance to
warrant the effect on, or risk to, the
privacy of the person which such
limited additional exposure of the
record might bring;
(iii) Has a reasonable probability of
being accomplished;
(iv) Is of importance to the programs
under the Social Security Act and
beneficiaries of such programs or is for
an epidemiological research project that
relates to programs under the Social
Security Act or beneficiaries of such
programs;
(3) Require the recipient of
information to:
(i) Establish appropriate
administrative, technical, and physical
safeguards to prevent unauthorized use
or disclosure of the record and agree to
VerDate Nov<24>2008
16:53 Aug 18, 2009
Jkt 217001
on-site inspection by our employees,
our agents, or by independent agents of
the recipient agency of those safeguards;
(ii) Remove or destroy the information
that enables the person to be identified
at the earliest time that the recipient can
do so consistent with the purpose of the
project, unless the recipient receives
written authorization from us that it is
justified, based on research objectives,
in retaining such information;
(iii) Make no further use of the
records except:
(a) Under emergency circumstances
affecting the health and safety of a
person following written authorization
from us;
(b) For disclosure to an identified
person approved by us for the purpose
of auditing the research project;
(iv) Keep the data as a system of
statistical records. A statistical record is
one which is maintained only for
statistical and research purposes and
which is not used to make any
determination about a person;
(4) Secure a written statement by the
recipient of the information attesting to
the recipient’s understanding of, and
willingness to abide by, these
provisions.
5. To our contractors and grantees
performing program evaluation,
research, and statistical activities
directly relating to this system of
records, and to contractors or grantees
for another Federal or State agency
performing such activities.
6. To student volunteers, persons
working under a personal services
contract, and others who are not
technically Federal employees, when
they are performing work for us as
authorized by law, and they need access
to information in our records in order to
perform their assigned agency duties.
7. To the General Services
Administration and the National
Archives Records Administration
(NARA) under 44 U.S.C. 2904 and 2906,
as amended by the NARA Act,
information that is not restricted from
disclosure by Federal law for their use
in conducting records management
studies.
8. To the appropriate Federal, State,
and local agencies, entities, and persons
when (1) we suspect or confirm that the
security or confidentiality of
information in this system of records
has been compromised; (2) we
determine that as a result of the
suspected or confirmed compromise
there is a risk of harm to economic or
property interests, identity theft or
fraud, or harm to the security or
integrity of this system or our other
systems or programs that rely upon the
compromised information; and (3) we
PO 00000
Frm 00106
Fmt 4703
Sfmt 4703
determine that disclosing the
information to such agencies, entities,
and persons is necessary to assist in our
efforts to respond to the suspected or
confirmed compromise and prevent,
minimize, or remedy such harm. We
will use this routine use to respond only
to those incidents involving an
unintentional release of our records.
9. To Federal, State, and local law
enforcement agencies and private
security contractors, as appropriate,
information necessary:
(a) To enable them to assure the safety
of our employees and the public, the
security of our workplace, and the
operation of our facilities; or
(b) To assist investigations or
prosecutions with respect to activities
that affect such safety and security or
activities that disrupt the operation of
our facilities.
POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
We will store records in this system
in electronic and paper form.
RETRIEVABILITY:
We will retrieve records by SSN.
ACCESSIBILITY:
Our researchers and statisticians
prepare micro-data files about persons
who are current, recently terminated, or
potential recipients of benefits from
Social Security and related programs for
program evaluation, research, and
statistical studies. When the product is
in the form of micro-data, we make it
available without personal identifiers to
our other components and certain other
agencies for data processing and data
manipulation.
SAFEGUARDS:
We retain electronic and paper files
with personal identifiers in secure
storage areas accessible only to our
authorized employees and contractors.
We limit access to data with personal
identifiers from this system to persons
or organizations authorized by our
Office of Research, Evaluation, and
Statistics. We furnish specially edited
micro-files on request to public and
private organizations for purposes of
research and analysis. We include
further confidentiality protections in
our data agreements.
We provide appropriate security
awareness and training annually to all
our employees and contractors that
include reminders about the need to
protect personally identifiable
information and the criminal penalties
that apply to unauthorized access to, or
E:\FR\FM\19AUN1.SGM
19AUN1
Federal Register / Vol. 74, No. 159 / Wednesday, August 19, 2009 / Notices
disclosure of, personally identifiable
information. See 5 U.S.C. 552a(i)(1).
Furthermore, employees and contractors
with access to databases maintaining
personally identifiable information must
sign a sanction document annually,
acknowledging their accountability for
making unauthorized access to, or
disclosure of, such information.
RETENTION AND DISPOSAL:
For purposes of records management
disposition authority, we will follow the
NARA and Department of Defense
(DOD) 5015.2 regulations (DOD Design
Criteria Standard for Electronic Records
Management Software Applications).
We will permanently maintain RE data
covered by the RECS system of records.
We will retain the research and
statistical micro-data extract (stored on
the mainframe) for a maximum of 100
years.
SYSTEM MANAGER(S) AND ADDRESS:
Director, Division of Enumeration and
Death Alerts, Office of Earnings,
Enumeration, and Administrative
Systems, Social Security
Administration, 6401 Security
Boulevard, Baltimore, MD 21235.
jlentini on DSKJ8SOYB1PROD with NOTICES
NOTIFICATION PROCEDURES:
Persons can determine if this system
contains a record about them by writing
to the system manager at the above
address and providing their name, SSN,
or other information that may be in this
system of records that will identify
them. Persons requesting notification of
records in person should provide the
same information, as well as provide an
identity document, preferably with a
photograph, such as a driver’s license or
some other means of identification, such
as voter registration card, etc. Persons
lacking identification documents
sufficient to establish their identity
must certify in writing that they are the
person they claim to be and that they
understand that the knowing and willful
request for, or acquisition of, a record
pertaining to another person under false
pretenses is a criminal offense.
Persons requesting notification by
telephone must verify their identity by
providing identifying information that
parallels the information in the record
to which notification is being requested.
If we determine that the identifying
information the person provides by
telephone is insufficient, the person will
be required to submit a request in
writing or in person. If a person requests
information by telephone on behalf of
another individual, the subject person
must be on the telephone with the
requesting person and with us in the
same phone call. We will establish the
VerDate Nov<24>2008
19:20 Aug 18, 2009
Jkt 217001
subject person’s identity (his or her
name, SSN, address, date of birth, and
place of birth, along with one other
piece of information such as mother’s
maiden name), and ask for his or her
consent to provide information to the
requesting person. Persons requesting
notification submitted by mail must
include a notarized statement to us to
verify their identity or must certify in
the request that they are the person they
claim to be and that they understand
that the knowing and willful request for,
or acquisition of, a record pertaining to
another person under false pretenses is
a criminal offense. These procedures are
in accordance with SSA Regulations (20
CFR 401.40).
41967
determine that it is important to the
national interest of the United States to
waive the requirements of section
7088(c)(1) of the Act with respect to the
Government of Turkmenistan, and I
hereby waive such restriction.
This determination shall be reported
to the Congress, and published in the
Federal Register.
Dated: Jul 14 2009.
Jacob L. Lew,
Deputy Secretary of State for Management
and Resources, Department of State.
[FR Doc. E9–19912 Filed 8–18–09; 8:45 am]
BILLING CODE 4710–46–P
DEPARTMENT OF STATE
RECORD ACCESS PROCEDURES:
Same as notification procedures.
Requesters should also reasonably
specify the record contents being
sought. These procedures are in
accordance with SSA Regulations (20
CFR 401.40(c)).
CONTESTING RECORD PROCEDURES:
Same as notification procedures.
Requesters should also reasonably
identify the record, specify the
information they are contesting, and
state the corrective action sought and
the reasons for the correction with
supporting justification showing how
the record is incomplete, untimely,
inaccurate, or irrelevant. These
procedures are in accordance with SSA
Regulations (20 CFR 401.65(a)).
RECORD SOURCE CATEGORIES:
We obtain information covered by this
system of records from successfully
enumerated applicants for original or
replacement SSN cards (or from third
parties acting on their behalf) who are
not enumerated through the EAB or EAE
programs.
[Public Notice 6732]
Waiver of Restriction on Assistance to
the Central Government of Maldives
Pursuant to section 7088(c)(2) of the
Department of State, Foreign
Operations, and Related Programs
Appropriations Act, 2009 (Division H,
Pub. L. 111–8) (‘‘the Act’’), and
Department of State Delegation of
Authority Number 245–1, I hereby
determine that it is important to the
national interest of the United States to
waive the requirements of section
7088(c)(1) of the Act with respect to the
Government of the Republic of
Maldives, and I hereby waive such
restriction.
This determination shall be reported
to the Congress, and published in the
Federal Register.
Dated: July 29, 2009.
Jacob J. Lew,
Deputy Secretary of State for Management
and Resources, Department of State.
[FR Doc. E9–19915 Filed 8–18–09; 8:45 am]
BILLING CODE 4710–26–P
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
[FR Doc. E9–19935 Filed 8–14–09; 8:45 am]
DEPARTMENT OF TRANSPORTATION
BILLING CODE P
Office of the Secretary
[Docket Number: DOT–OST–2009–0185]
DEPARTMENT OF STATE
Waiver of Restriction on Assistance to
the Central Government of
Turkmenistan
Request for OMB Clearance of a New
Emergency Information Collection;
New Information Collection: ARRA
Bonding Assistance Program
Reimbursable Fee Program
Pursuant to section 7088(c)(2) of the
Department of State, Foreign
Operations, and Related Programs
Appropriations Act, 2009 (Division H,
Pub. L. 111–8) (‘‘the Act’’), and
Department of State Delegation of
Authority Number 245–1, I hereby
AGENCY: Office of the Secretary (OST),
Department of Transportation (DOT).
ACTION: Notice; Letter of public
notification of the American Recovery
and Reinvestment Act (ARRA) of 2009,
(Pub. L. 111–5) DBE Bonding Assistance
Program. This request is being
[Public Notice 6731]
PO 00000
Frm 00107
Fmt 4703
Sfmt 4703
E:\FR\FM\19AUN1.SGM
19AUN1
]]>Agencies
[Federal Register Volume 74, Number 159 (Wednesday, August 19, 2009)]
[Notices]
[Pages 41962-41967]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-19935]
-----------------------------------------------------------------------
SOCIAL SECURITY ADMINISTRATION
Privacy Act of 1974, as Amended; New System of Records
AGENCY: Social Security Administration (SSA).
ACTION: Proposed system of records and routine uses.
-----------------------------------------------------------------------
SUMMARY: We are issuing public notice of our intent to establish a new
system of records and routine uses applicable to this system of records
in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and (e)(11)).
The proposed system of records is entitled the Race and Ethnicity
Collection System (60-0104), hereinafter referred to as the RECS system
of records. We discuss the system of records in the Supplementary
Information section below. We invite public comments on this proposal.
DATES: We filed a report of the proposed RECS system of records and
routine use disclosures with the Chairman of the Senate Committee on
Homeland Security and Governmental Affairs, the Chairman of the House
Committee on Oversight and Government Reform, and the Director, Office
of Information and Regulatory Affairs, Office of Management and Budget
(OMB) on August 13, 2009. The proposed RECS system of records and
routine uses will become effective on October 9, 2009, unless we
receive comments before that date that would result in a contrary
determination.
ADDRESSES: Interested persons may comment on this publication by
writing to the Executive Director, Office of Privacy and Disclosure,
Office of the General Counsel, Social Security Administration, Room 3-
A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland
21235-6401. All comments we receive will be available for public
inspection at the above address.
FOR FURTHER INFORMATION CONTACT: Alicia Matthews, Social Insurance
Specialist (Senior Analyst), Disclosure Policy Development and Services
Division 1, Office of Privacy and Disclosure, Office of the General
[[Page 41963]]
Counsel, Social Security Administration, 3-A-6 Operations Building,
6401 Security Boulevard, Baltimore, Maryland 21235-6401, telephone:
(410) 965-1723, e-mail: alicia.matthews@ssa.gov.
SUPPLEMENTARY INFORMATION:
I. Background and Purpose of the Proposed RECS System of Records
A. General Background
In October 1997, the Office of Management and Budget (OMB)
announced revised government-wide standards for Federal agencies
collecting race and ethnicity (RE) data (62 FR 58782, Oct. 30, 1997,
``Revisions to the Standards for the Classification of Federal Data on
Race and Ethnicity'').
We need RE data for program evaluation, research, and statistical
reporting purposes. We do not use RE data to make decisions about a
person's application for benefits or any other programmatic
determination. Prior to 1987, we collected RE data from persons on a
voluntary basis when they applied for either original or replacement
Social Security number (SSN) cards. Since 1987, however, we have issued
most original SSN cards through an enumeration-at-birth program (EAB),
which is administered by the States. As the States do not collect RE
information, we do not maintain RE information for EAB applicants.
Since 2002, the Department of Homeland Security (DHS) has taken
applications for SSN cards from aliens entering the United States
through the enumeration-at-entry (EAE) program. DHS does not provide us
with RE information on EAE applicants.
We currently maintain the RE data that we collect in an existing
Privacy Act system of records, the Master Files of SSN Number Holders
and SSN Applications. The RE data we currently collect is limited to
these categories: Asian, Asian-American or Pacific Islander; Hispanic;
Black (Not Hispanic); North American Indian or Alaskan Native; and
White (Not Hispanic). Under the current standards, persons who provide
us race information can designate only one of the categories, and they
do not have the option of designating both their race and ethnicity.
We will no longer collect RE information using our limited
categories. Pursuant to the OMB mandated standards, we will use the
following categories to collect RE information:
Race
Alaska Native,
American Indian,
Asian,
Black/African American,
Native Hawaiian,
Other Pacific Islander, and
White.
Ethnicity
Hispanic/Latino.
Under the OMB standards, persons may voluntarily designate one or
more categories under ``Race'' and designate ``yes'' or ``no'' under
the ``Ethnicity'' category.
We will collect RE information that conforms to the OMB standards
for the continuing purposes of program evaluation, research, and
statistical reporting. Using the OMB standards, we will maintain all
future collections of RE data in a separate electronic system covered
by the proposed RECS system of records. The proposed RECS system of
records will cover RE data about persons issued original or replacement
SSN cards who do not apply through the EAB or EAE programs.
B. Collection and Maintenance of the Data for the Proposed RECS System
of Records
We will collect, maintain, and retrieve personally identifiable
information (i.e., SSNs) of persons who voluntarily provide their RE
data when they request an original or replacement SSN card from us in
an electronic system covered by the proposed RECS system of records.
Therefore, the RECS information collection is a system of records as
defined by the Privacy Act.
II. Proposed Routine Use Disclosures of Data Covered by the Proposed
RECS System of Records
A. Proposed Routine Use Disclosures
We are proposing to establish the following routine uses of the
information covered by the proposed RECS system of records.
1. To the Office of the President in response to an inquiry from
that office made at the request of the subject of the record or a third
party on that person's behalf.
We will disclose RE information under this routine use only when
the Office of the President makes an inquiry relating to information
contained in this system of records and indicates that it is acting on
behalf of the person whose record is requested.
2. To a congressional office in response to an inquiry from that
office made at the request of the subject of a record or a third party
on that person's behalf.
We will disclose RE information under this routine use only when a
member of Congress, or member of his or her staff, makes an inquiry
relating to information contained in this system of records and
indicates that he or she is acting on behalf of the person whose record
is requested.
3. To the Department of Justice (DOJ), a court, other tribunal, or
another party before such court or tribunal when:
(a) SSA or any of our components;
(b) Any SSA employee in his or her official capacity;
(c) Any SSA employee in his or her individual capacity when DOJ (or
SSA when we are authorized to do so) has agreed to represent the
employee; or
(d) The United States or any agency thereof when we determine that
the litigation is likely to affect the operations of SSA or any of our
components, is party to litigation or has an interest in such
litigation, and we determine that the use of such records by DOJ, a
court, other tribunal, or another party before such court or tribunal
is relevant and necessary to the litigation. In each case, however, we
must determine that such disclosure is compatible with the purpose for
which we collected the records.
We will disclose RE information under this routine use as necessary
to enable DOJ to effectively defend us, our components, or our
employees in litigation when the use of information from the proposed
system of records is relevant and necessary to the litigation and
compatible with the purpose of the information collection. We will also
disclose information to ensure that courts, other tribunals, and
parties before such courts or tribunals, have appropriate information
when relevant and necessary.
4. To a Federal, State, or congressional support agency (e.g.,
Congressional Budget Office and the Congressional Research Staff in the
Library of Congress) for research, evaluation, or statistical studies.
Such disclosures include, but are not limited to:
(a) Releasing information to assess the extent to which one can
predict eligibility for Supplemental Security Income (SSI) payments or
Social Security disability insurance benefits or other programs under
the Social Security Act;
(b) Examining the distribution of benefits under programs of the
Social Security Act by economic and demographic groups and how these
differences might be affected by possible changes in policy;
(c) Analyzing the interaction of economic and non-economic
variables affecting entry and exit events and duration in the Title II
Old Age,
[[Page 41964]]
Survivors, and Disability Insurance and the Title XVI SSI disability
programs; and,
(d) Analyzing retirement decisions focusing on the role of Social
Security benefit amounts, automatic benefit recomputation, the delayed
retirement credit, and the retirement test.
We may make these disclosures if we:
(1) Determine that the routine use does not violate legal
limitations under which the record was provided, collected, or
obtained;
(2) Determine that the purpose for which the proposed use is to be
made:
(i) Cannot reasonably be accomplished unless the record is provided
in a form that identifies a person;
(ii) Is of sufficient importance to warrant the effect on, or risk
to, the privacy of the person which such limited additional exposure of
the record might bring;
(iii) Has a reasonable probability of being accomplished;
(iv) Is of importance to the programs under the Social Security Act
and beneficiaries of such programs or is for an epidemiological
research project that relates to programs under the Social Security Act
or beneficiaries of such programs;
(3) Require the recipient of information to:
(i) Establish appropriate administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record and
agree to on-site inspection by our employees, our agents, or by
independent agents of the recipient agency of those safeguards;
(ii) Remove or destroy the information that enables the person to
be identified at the earliest time that the recipient can do so
consistent with the purpose of the project, unless the recipient
receives written authorization from us that it is justified, based on
research objectives, in retaining such information;
(iii) Make no further use of the records except:
(a) Under emergency circumstances affecting the health and safety
of a person following written authorization from us;
(b) For disclosure to an identified person approved by us for the
purpose of auditing the research project;
(iv) Keep the data as a system of statistical records. A
statistical record is one which is maintained only for statistical and
research purposes and which is not used to make any determination about
a person;
(4) Secure a written statement by the recipient of the information
attesting to the recipient's understanding of, and willingness to abide
by, these provisions.
The use of the revised OMB standards, which include more
categories, will permit us to develop richer and more comprehensive
information that can be used in actuarial, epidemiological, economic,
and other social science projects that will ultimately benefit us, the
public, and other Federal, State, or congressional support agencies'
programs. The use of the information will allow new studies to occur
regarding the administration of the Social Security program and other
related purposes that we and other agencies might not otherwise
undertake due to the lack of data. Other related purposes include
studies conducted by the Centers for Medicare and Medicaid Services to
address health care disparities on the basis of race, ethnicity, and
gender for Medicare and Medicaid beneficiaries under Titles XVIII and
XIX of the Social Security Act.
5. To our contractors and grantees performing program evaluation,
research, and statistical activities directly relating to this system
of records, and to contractors or grantees for another Federal or State
agency performing such activities.
We occasionally contract out certain agency functions when doing so
contributes to effective and efficient operations. Other Federal and
State agencies also occasionally use contractors or grantees to perform
program evaluation and analysis. We must be able to give the contractor
or grantee the information needed to fulfill the contract requirements.
In these situations, we require safeguards in the contract that
prohibit the contractor from using or disclosing the information for
any purpose other than that described in the contract. We also assure
that contractors for other Federal and State agencies adhere to these
safeguards.
6. To student volunteers, persons working under a personal services
contract, and others who are not technically Federal employees, when
they are performing work for us as authorized by law, and they need
access to information in our records in order to perform their assigned
agency duties.
We will disclose RE information under this routine use only when we
use the services of student volunteers and participants in certain
educational, training, employment, and community service programs when
they need access to RE information in this system to perform their
assigned agency duties.
7. To the General Services Administration (GSA) and the National
Archives Records Administration (NARA) under 44 U.S.C. 2904 and 2906,
as amended by the NARA Act, information that is not restricted from
disclosure by Federal law for their use in conducting records
management studies.
We will disclose RE information under this routine use only when it
is necessary for GSA and NARA to have access to the information covered
by this proposed system of records. The Administrator of GSA and the
Archivist of NARA are authorized by Title 44 U.S.C. 2904, as amended,
to promulgate standards, procedures, and guidelines regarding records
management and conducting records management studies. Title 44 U.S.C.
2906, as amended, provides that GSA and NARA are authorized to inspect
Federal agencies' records for records management purposes and that
agencies are to cooperate with GSA and NARA.
8. To the appropriate Federal, State, and local agencies, entities,
and persons when (1) we suspect or confirm that the security or
confidentiality of information in this system of records has been
compromised; (2) we determine that as a result of the suspected or
confirmed compromise there is a risk of harm to economic or property
interests, identity theft or fraud, or harm to the security or
integrity of this system or our other systems or programs that rely
upon the compromised information; and (3) we determine that disclosing
the information to such agencies, entities, and persons is necessary to
assist in our efforts to respond to the suspected or confirmed
compromise and prevent, minimize, or remedy such harm. We will use this
routine use to respond only to those incidents involving an
unintentional release of our records.
We will disclose RE information under this routine use specifically
in connection with response and remediation efforts in the event of an
unintentional release of agency information, otherwise known as a
``data security breach.'' This routine use will protect the interests
of the people whose information is at risk by allowing us to take
appropriate steps to facilitate a timely and effective response to a
data breach. The routine use will also help us improve our ability to
prevent, minimize, or remedy any harm that may result from a compromise
of data covered by this system of records.
9. To Federal, State, and local law enforcement agencies and
private security contractors, as appropriate, information necessary:
(a) To enable them to assure the safety of our employees and the
public, the
[[Page 41965]]
security of our workplace, and the operation of our facilities; or
(b) To assist investigations or prosecutions with respect to
activities that affect such safety and security or activities that
disrupt the operation of our facilities.
We will disclose RE information under this routine use to law
enforcement agencies and private security contractors when information
is needed to respond to, investigate, or prevent activities that
jeopardize the security and safety of the public, employees, or
workplaces, or that otherwise disrupt the operation of our facilities.
We will disclose information to assist in prosecuting persons charged
with violating a Federal, State, or local law in connection with such
activities.
B. Compatibility of Proposed Routine Uses
The Privacy Act (5 U.S.C. 552a(b)(3)) and our disclosure
regulations (20 CFR Part 401) permit us to disclose information under a
published routine use for a purpose that is compatible with the purpose
for which we collected the information. The proposed routine uses will
ensure that we efficiently perform our functions relating to the
purpose and administration of the proposed RECS system of records. Our
regulations provide that we will disclose information when a law
specifically requires disclosure (Section 401.120). Federal law
requires the disclosures that we make under routine use number seven.
We will disclose information under routine use number seven to the
extent another Federal law does not prohibit the disclosure; e.g., the
Internal Revenue Code generally prohibits the disclosure of tax return
information which we receive to maintain individual earnings records.
Therefore, all routine uses are appropriate and meet the relevant
statutory and regulatory criteria.
III. Record Storage Medium and Safeguards for the Information Covered
by the Proposed RECS System of Records
We will maintain RE information covered by the proposed RECS system
of records in electronic and paper form. We will keep paper records in
locked cabinets or in otherwise secure areas. We will safeguard the
security of the electronic information covered by the proposed RECS
system of records by requiring the use of access codes to enter the
computer system that will house the data. We will permit only our
authorized employees and contractors who require the information to
perform their official duties to access the information covered by the
proposed RECS system of records.
We provide appropriate security awareness and training annually to
all our employees and contractors that include reminders about the need
to protect personally identifiable information and the criminal
penalties that apply to unauthorized access to, or disclosure of,
personally identifiable information. See 5 U.S.C. 552a(i)(1).
Furthermore, employees and contractors with access to databases
maintaining personally identifiable information must sign a sanction
document annually, acknowledging their accountability for making
unauthorized access to, or disclosure of, such information.
IV. Effects of the Proposed RECS System of Records on the Rights of
Individuals
We will maintain RE information that is relevant to our agency's
program evaluation, research, and statistical reporting functions in
the electronic system covered by the proposed RECS system of records.
We will not use RE information to make a determination about
entitlement to insurance coverage or benefits under the Social Security
Act. We employ safeguards to protect the confidentiality of all
personally identifiable information in our possession. We will adhere
to the provisions of the Privacy Act and other applicable Federal
statutes that govern our use and disclosure of the RE information that
is covered by the proposed RECS system of records. We will disclose
information under the routine uses discussed in this publication only
as necessary to accomplish the stated purposes. Therefore, we do not
anticipate that the proposed RECS system of records or routine use
disclosures will have any unwarranted adverse effect on the privacy or
other rights of persons who request an original or replacement SSN card
from us.
Dated: August 12, 2009.
Michael J. Astrue,
Commissioner.
System Number:
60-0104.
System name:
Race and Ethnicity Collection System (RECS), Social Security
Administration (SSA)
Security classification:
None.
System location:
SSA, Office of Telecommunications and Systems Operations, 6401
Security Boulevard, Baltimore, Maryland 21235.
Categories of individuals covered by the system:
Successfully enumerated applicants for Social Security number (SSN)
cards, other than those who receive cards through the enumeration-at-
birth (EAB) or enumeration-at-entry programs (EAE), when such persons
voluntarily provide race and ethnicity (RE) data.
Categories of records in the system:
SSN and RE data collected during contacts with the successfully
enumerated applicants for SSN cards described above.
Authority for maintenance of the system:
Sections 702, 704 and 1106 of the Social Security Act (42 U.S.C.
902, 904, and 1306), and SSA regulations at 20 CFR 401.165.
Purpose(s):
This system of records will cover RE data collected during contacts
with persons who conduct enumeration business with us, other than those
who receive cards through the EAB or EAE programs.
Routine uses of records covered by the system, including categories of
users and the purposes of such uses:
Routine use disclosures are as indicated below:
1. To the Office of the President in response to an inquiry from
that office made at the request of the subject of the record or a third
party on that person's behalf.
2. To a congressional office in response to an inquiry from that
office made at the request of the subject of a record or a third party
on that person's behalf.
3. To the Department of Justice (DOJ), a court, other tribunal, or
another party before such court or tribunal when:
(a) SSA or any of our components;
(b) Any SSA employee in his or her official capacity;
(c) Any SSA employee in his or her individual capacity when DOJ (or
SSA when we are authorized to do so) has agreed to represent the
employee; or
(d) The United States or any agency thereof when we determine that
the litigation is likely to affect the operations of SSA or any of our
components,
is party to litigation or has an interest in such litigation, and
we determine that the use of such records by DOJ, a court, other
tribunal, or another party before such court or tribunal is relevant
[[Page 41966]]
and necessary to the litigation. In each case, however, we must
determine that such disclosure is compatible with the purpose for which
we collected the records.
4. To a Federal, State, or congressional support agency (e.g.,
Congressional Budget Office and the Congressional Research Staff in the
Library of Congress) for research, evaluation, or statistical studies.
Such disclosures include, but are not limited to:
(a) Releasing information to assess the extent to which one can
predict eligibility for Supplemental Security Income (SSI) payments or
Social Security disability insurance benefits or other programs under
the Social Security Act;
(b) Examining the distribution of benefits under programs of the
Social Security Act by economic and demographic groups and how these
differences might be affected by possible changes in policy;
(c) Analyzing the interaction of economic and non-economic
variables affecting entry and exit events and duration in the Title II
Old Age, Survivors, and Disability Insurance and the Title XVI SSI
disability programs; and,
(d) Analyzing retirement decisions focusing on the role of Social
Security benefit amounts, automatic benefit recomputation, the delayed
retirement credit, and the retirement test.
We may make these disclosures if we:
(1) Determine that the routine use does not violate legal
limitations under which the record was provided, collected, or
obtained;
(2) Determine that the purpose for which the proposed use is to be
made:
(i) Cannot reasonably be accomplished unless the record is provided
in a form that identifies a person;
(ii) Is of sufficient importance to warrant the effect on, or risk
to, the privacy of the person which such limited additional exposure of
the record might bring;
(iii) Has a reasonable probability of being accomplished;
(iv) Is of importance to the programs under the Social Security Act
and beneficiaries of such programs or is for an epidemiological
research project that relates to programs under the Social Security Act
or beneficiaries of such programs;
(3) Require the recipient of information to:
(i) Establish appropriate administrative, technical, and physical
safeguards to prevent unauthorized use or disclosure of the record and
agree to on-site inspection by our employees, our agents, or by
independent agents of the recipient agency of those safeguards;
(ii) Remove or destroy the information that enables the person to
be identified at the earliest time that the recipient can do so
consistent with the purpose of the project, unless the recipient
receives written authorization from us that it is justified, based on
research objectives, in retaining such information;
(iii) Make no further use of the records except:
(a) Under emergency circumstances affecting the health and safety
of a person following written authorization from us;
(b) For disclosure to an identified person approved by us for the
purpose of auditing the research project;
(iv) Keep the data as a system of statistical records. A
statistical record is one which is maintained only for statistical and
research purposes and which is not used to make any determination about
a person;
(4) Secure a written statement by the recipient of the information
attesting to the recipient's understanding of, and willingness to abide
by, these provisions.
5. To our contractors and grantees performing program evaluation,
research, and statistical activities directly relating to this system
of records, and to contractors or grantees for another Federal or State
agency performing such activities.
6. To student volunteers, persons working under a personal services
contract, and others who are not technically Federal employees, when
they are performing work for us as authorized by law, and they need
access to information in our records in order to perform their assigned
agency duties.
7. To the General Services Administration and the National Archives
Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended
by the NARA Act, information that is not restricted from disclosure by
Federal law for their use in conducting records management studies.
8. To the appropriate Federal, State, and local agencies, entities,
and persons when (1) we suspect or confirm that the security or
confidentiality of information in this system of records has been
compromised; (2) we determine that as a result of the suspected or
confirmed compromise there is a risk of harm to economic or property
interests, identity theft or fraud, or harm to the security or
integrity of this system or our other systems or programs that rely
upon the compromised information; and (3) we determine that disclosing
the information to such agencies, entities, and persons is necessary to
assist in our efforts to respond to the suspected or confirmed
compromise and prevent, minimize, or remedy such harm. We will use this
routine use to respond only to those incidents involving an
unintentional release of our records.
9. To Federal, State, and local law enforcement agencies and
private security contractors, as appropriate, information necessary:
(a) To enable them to assure the safety of our employees and the
public, the security of our workplace, and the operation of our
facilities; or
(b) To assist investigations or prosecutions with respect to
activities that affect such safety and security or activities that
disrupt the operation of our facilities.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
We will store records in this system in electronic and paper form.
Retrievability:
We will retrieve records by SSN.
Accessibility:
Our researchers and statisticians prepare micro-data files about
persons who are current, recently terminated, or potential recipients
of benefits from Social Security and related programs for program
evaluation, research, and statistical studies. When the product is in
the form of micro-data, we make it available without personal
identifiers to our other components and certain other agencies for data
processing and data manipulation.
Safeguards:
We retain electronic and paper files with personal identifiers in
secure storage areas accessible only to our authorized employees and
contractors. We limit access to data with personal identifiers from
this system to persons or organizations authorized by our Office of
Research, Evaluation, and Statistics. We furnish specially edited
micro-files on request to public and private organizations for purposes
of research and analysis. We include further confidentiality
protections in our data agreements.
We provide appropriate security awareness and training annually to
all our employees and contractors that include reminders about the need
to protect personally identifiable information and the criminal
penalties that apply to unauthorized access to, or
[[Page 41967]]
disclosure of, personally identifiable information. See 5 U.S.C.
552a(i)(1). Furthermore, employees and contractors with access to
databases maintaining personally identifiable information must sign a
sanction document annually, acknowledging their accountability for
making unauthorized access to, or disclosure of, such information.
Retention and disposal:
For purposes of records management disposition authority, we will
follow the NARA and Department of Defense (DOD) 5015.2 regulations (DOD
Design Criteria Standard for Electronic Records Management Software
Applications). We will permanently maintain RE data covered by the RECS
system of records. We will retain the research and statistical micro-
data extract (stored on the mainframe) for a maximum of 100 years.
System manager(s) and address:
Director, Division of Enumeration and Death Alerts, Office of
Earnings, Enumeration, and Administrative Systems, Social Security
Administration, 6401 Security Boulevard, Baltimore, MD 21235.
Notification procedures:
Persons can determine if this system contains a record about them
by writing to the system manager at the above address and providing
their name, SSN, or other information that may be in this system of
records that will identify them. Persons requesting notification of
records in person should provide the same information, as well as
provide an identity document, preferably with a photograph, such as a
driver's license or some other means of identification, such as voter
registration card, etc. Persons lacking identification documents
sufficient to establish their identity must certify in writing that
they are the person they claim to be and that they understand that the
knowing and willful request for, or acquisition of, a record pertaining
to another person under false pretenses is a criminal offense.
Persons requesting notification by telephone must verify their
identity by providing identifying information that parallels the
information in the record to which notification is being requested. If
we determine that the identifying information the person provides by
telephone is insufficient, the person will be required to submit a
request in writing or in person. If a person requests information by
telephone on behalf of another individual, the subject person must be
on the telephone with the requesting person and with us in the same
phone call. We will establish the subject person's identity (his or her
name, SSN, address, date of birth, and place of birth, along with one
other piece of information such as mother's maiden name), and ask for
his or her consent to provide information to the requesting person.
Persons requesting notification submitted by mail must include a
notarized statement to us to verify their identity or must certify in
the request that they are the person they claim to be and that they
understand that the knowing and willful request for, or acquisition of,
a record pertaining to another person under false pretenses is a
criminal offense. These procedures are in accordance with SSA
Regulations (20 CFR 401.40).
Record access procedures:
Same as notification procedures. Requesters should also reasonably
specify the record contents being sought. These procedures are in
accordance with SSA Regulations (20 CFR 401.40(c)).
Contesting record procedures:
Same as notification procedures. Requesters should also reasonably
identify the record, specify the information they are contesting, and
state the corrective action sought and the reasons for the correction
with supporting justification showing how the record is incomplete,
untimely, inaccurate, or irrelevant. These procedures are in accordance
with SSA Regulations (20 CFR 401.65(a)).
Record source categories:
We obtain information covered by this system of records from
successfully enumerated applicants for original or replacement SSN
cards (or from third parties acting on their behalf) who are not
enumerated through the EAB or EAE programs.
Exemptions claimed for the system:
None.
[FR Doc. E9-19935 Filed 8-14-09; 8:45 am]
BILLING CODE P
