Privacy Act of 1974, as Amended; New System of Records, 42727-42732 [E9-20286]

Download as PDF Federal Register / Vol. 74, No. 162 / Monday, August 24, 2009 / Notices IV. Solicitation of Comments Interested persons are invited to submit written data, views, and arguments concerning the foregoing, including whether the proposed rule change is consistent with the Act. Comments may be submitted by any of the following methods: For the Commission, by the Division of Trading and Markets, pursuant to delegated authority.7 Florence E. Harmon, Deputy Secretary. [FR Doc. E9–20241 Filed 8–21–09; 8:45 am] BILLING CODE 8010–01–P Electronic Comments SOCIAL SECURITY ADMINISTRATION • Use the Commission’s Internet comment form (http://www.sec.gov/ rules/sro.shtml); or • Send an e-mail to rulecomments@sec.gov. Please include File Number SR–NYSEArca–2009–70 on the subject line. Privacy Act of 1974, as Amended; New System of Records AGENCY: Social Security Administration SUPPLEMENTARY INFORMATION: Proposed system of records and routine uses: Correction. I. Background and Purpose of the Proposed RECS System of Records ACTION: SUMMARY: We are issuing public notice of our intent to establish a new system of records and routine uses applicable to • Send paper comments in triplicate this system of records in accordance to Elizabeth M. Murphy, Secretary, with the Privacy Act (5 U.S.C. 552a(e)(4) Securities and Exchange Commission, and (e)(11)). The proposed system of 100 F Street, NE., Washington, DC records is entitled the Race and 20549–1090. Ethnicity Collection System (60–0104), All submissions should refer to File hereinafter referred to as the RECS Number SR-NYSEArca–2009–70. This system of records. We discuss the file number should be included on the system of records in the Supplementary subject line if e-mail is used. To help the Information section below. We invite public comments on this proposal. We Commission process and review your published this proposed system of comments more efficiently, please use only one method. The Commission will records on August 19, 2009 (document post all comments on the Commission’s 2009–19935), with an effective date of October 9, 2009, unless we receive Internet Web site (http://www.sec.gov/ comments before that date that would rules/sro.shtml). Copies of the result in a contrary determination. This submission, all subsequent current notice corrects the effective date amendments, all written statements of the proposed RECS system of records with respect to the proposed rule and routine uses, per below. change that are filed with the DATES: We filed a report of the proposed Commission, and all written RECS system of records and routine use communications relating to the disclosures with the Chairman of the proposed rule change between the Commission and any person, other than Senate Committee on Homeland Security and Governmental Affairs, the those that may be withheld from the Chairman of the House Committee on public in accordance with the Oversight and Government Reform, and provisions of 5 U.S.C. 552, will be the Director, Office of Information and available for inspection and copying in Regulatory Affairs, Office of the Commission’s Public Reference Management and Budget (OMB) on Room, 100 F Street, NE., Washington, August 13, 2009. The proposed RECS DC 20549, on official business days system of records and routine uses will between the hours of 10 a.m. and 3 p.m. become effective on September 28, Copies of the filing also will be available 2009, unless we receive comments for inspection and copying at the before that date that would result in a principal office of the Exchange. All contrary determination. comments received will be posted ADDRESSES: Interested persons may without change; the Commission does comment on this publication by writing not edit personal identifying to the Executive Director, Office of information from submissions. You Privacy and Disclosure, Office of the should submit only information that General Counsel, Social Security you wish to make available publicly. All Administration, Room 3–A–6 submissions should refer to File Operations Building, 6401 Security Number SR–NYSEArca–2009–70 and Boulevard, Baltimore, Maryland 21235– should be submitted on or before 6401. All comments we receive will be September 14, 2009. erowe on DSK5CLS3C1PROD with NOTICES 7 17 15:04 Aug 21, 2009 Jkt 217001 available for public inspection at the above address. FOR FURTHER INFORMATION CONTACT: Alicia Matthews, Social Insurance Specialist (Senior Analyst), Disclosure Policy Development and Services Division 1, Office of Privacy and Disclosure, Office of the General Counsel, Social Security Administration, 3–A–6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235–6401, telephone: (410) 965–1723, e-mail: alicia.matthews@ssa.gov. (SSA). Paper Comments VerDate Nov<24>2008 42727 PO 00000 CFR 200.30–3(a)(12). Frm 00084 Fmt 4703 Sfmt 4703 A. General Background In October 1997, the Office of Management and Budget (OMB) announced revised government-wide standards for Federal agencies collecting race and ethnicity (RE) data (62 FR 58782, Oct. 30, 1997, Revisions to the Standards for the Classification of Federal Data on Race and Ethnicity). We need RE data for program evaluation, research, and statistical reporting purposes. We do not use RE data to make decisions about a person’s application for benefits or any other programmatic determination. Prior to 1987, we collected RE data from persons on a voluntary basis when they applied for either original or replacement Social Security number (SSN) cards. Since 1987, however, we have issued most original SSN cards through an enumeration-at-birth program (EAB), which is administered by the States. As the States do not collect RE information, we do not maintain RE information for EAB applicants. Since 2002, the Department of Homeland Security (DHS) has taken applications for SSN cards from aliens entering the United States through the enumeration-at-entry (EAE) program. DHS does not provide us with RE information on EAE applicants. We currently maintain the RE data that we collect in an existing Privacy Act system of records, the Master Files of SSN Number Holders and SSN Applications. The RE data we currently collect is limited to these categories: Asian, Asian-American or Pacific Islander; Hispanic; Black (Not Hispanic); North American Indian or Alaskan Native; and White (Not Hispanic). Under the current standards, persons who provide us race information can designate only one of the categories, and they do not have the option of designating both their race and ethnicity. E:\FR\FM\24AUN1.SGM 24AUN1 42728 Federal Register / Vol. 74, No. 162 / Monday, August 24, 2009 / Notices We will no longer collect RE information using our limited categories. Pursuant to the OMB mandated standards, we will use the following categories to collect RE information: Race • • • • • • • Alaska Native, American Indian, Asian, Black/African American, Native Hawaiian, Other Pacific Islander, and White. Ethnicity • Hispanic/Latino. Under the OMB standards, persons may voluntarily designate one or more categories under ‘‘Race’’ and designate ‘‘yes’’ or ‘‘no’’ under the ‘‘Ethnicity’’ category. We will collect RE information that conforms to the OMB standards for the continuing purposes of program evaluation, research, and statistical reporting. Using the OMB standards, we will maintain all future collections of RE data in a separate electronic system covered by the proposed RECS system of records. The proposed RECS system of records will cover RE data about persons issued original or replacement SSN cards who do not apply through the EAB or EAE programs. B. Collection and Maintenance of the Data for the Proposed RECS System of Records We will collect, maintain, and retrieve personally identifiable information (i.e., SSNs) of persons who voluntarily provide their RE data when they request an original or replacement SSN card from us in an electronic system covered by the proposed RECS system of records. Therefore, the RECS information collection is a system of records as defined by the Privacy Act. II. Proposed Routine Use Disclosures of Data Covered by the Proposed RECS System of Records erowe on DSK5CLS3C1PROD with NOTICES A. Proposed Routine Use Disclosures We are proposing to establish the following routine uses of the information covered by the proposed RECS system of records. 1. To the Office of the President in response to an inquiry from that office made at the request of the subject of the record or a third party on that person’s behalf. We will disclose RE information under this routine use only when the Office of the President makes an inquiry relating to information contained in this VerDate Nov<24>2008 15:04 Aug 21, 2009 Jkt 217001 system of records and indicates that it is acting on behalf of the person whose record is requested. 2. To a congressional office in response to an inquiry from that office made at the request of the subject of a record or a third party on that person’s behalf. We will disclose RE information under this routine use only when a member of Congress, or member of his or her staff, makes an inquiry relating to information contained in this system of records and indicates that he or she is acting on behalf of the person whose record is requested. 3. To the Department of Justice (DOJ), a court, other tribunal, or another party before such court or tribunal when: (a) SSA or any of our components; (b) Any SSA employee in his or her official capacity; (c) Any SSA employee in his or her individual capacity when DOJ (or SSA when we are authorized to do so) has agreed to represent the employee; or (d) The United States or any agency thereof when we determine that the litigation is likely to affect the operations of SSA or any of our components, is party to litigation or has an interest in such litigation, and we determine that the use of such records by DOJ, a court, other tribunal, or another party before such court or tribunal is relevant and necessary to the litigation. In each case, however, we must determine that such disclosure is compatible with the purpose for which we collected the records. We will disclose RE information under this routine use as necessary to enable DOJ to effectively defend us, our components, or our employees in litigation when the use of information from the proposed system of records is relevant and necessary to the litigation and compatible with the purpose of the information collection. We will also disclose information to ensure that courts, other tribunals, and parties before such courts or tribunals, have appropriate information when relevant and necessary. 4. To a Federal, State, or congressional support agency (e.g., Congressional Budget Office and the Congressional Research Staff in the Library of Congress) for research, evaluation, or statistical studies. Such disclosures include, but are not limited to: (a) Releasing information to assess the extent to which one can predict eligibility for Supplemental Security Income (SSI) payments or Social Security disability insurance benefits or other programs under the Social Security Act; PO 00000 Frm 00085 Fmt 4703 Sfmt 4703 (b) Examining the distribution of benefits under programs of the Social Security Act by economic and demographic groups and how these differences might be affected by possible changes in policy; (c) Analyzing the interaction of economic and non-economic variables affecting entry and exit events and duration in the Title II Old Age, Survivors, and Disability Insurance and the Title XVI SSI disability programs; and, (d) Analyzing retirement decisions focusing on the role of Social Security benefit amounts, automatic benefit recomputation, the delayed retirement credit, and the retirement test. We may make these disclosures if we: (1) Determine that the routine use does not violate legal limitations under which the record was provided, collected, or obtained; (2) Determine that the purpose for which the proposed use is to be made: (i) Cannot reasonably be accomplished unless the record is provided in a form that identifies a person; (ii) Is of sufficient importance to warrant the effect on, or risk to, the privacy of the person which such limited additional exposure of the record might bring; (iii) Has a reasonable probability of being accomplished; (iv) Is of importance to the programs under the Social Security Act and beneficiaries of such programs or is for an epidemiological research project that relates to programs under the Social Security Act or beneficiaries of such programs; (3) Require the recipient of information to: (i) Establish appropriate administrative, technical, and physical safeguards to prevent unauthorized use or disclosure of the record and agree to on-site inspection by our employees, our agents, or by independent agents of the recipient agency of those safeguards; (ii) Remove or destroy the information that enables the person to be identified at the earliest time that the recipient can do so consistent with the purpose of the project, unless the recipient receives written authorization from us that it is justified, based on research objectives, in retaining such information; (iii) Make no further use of the records except: (a) Under emergency circumstances affecting the health and safety of a person following written authorization from us; (b) For disclosure to an identified person approved by us for the purpose of auditing the research project; E:\FR\FM\24AUN1.SGM 24AUN1 erowe on DSK5CLS3C1PROD with NOTICES Federal Register / Vol. 74, No. 162 / Monday, August 24, 2009 / Notices (iv) Keep the data as a system of statistical records. A statistical record is one which is maintained only for statistical and research purposes and which is not used to make any determination about a person; (4) Secure a written statement by the recipient of the information attesting to the recipient’s understanding of, and willingness to abide by, these provisions. The use of the revised OMB standards, which include more categories, will permit us to develop richer and more comprehensive information that can be used in actuarial, epidemiological, economic, and other social science projects that will ultimately benefit us, the public, and other Federal, State, or congressional support agencies’ programs. The use of the information will allow new studies to occur regarding the administration of the Social Security program and other related purposes that we and other agencies might not otherwise undertake due to the lack of data. Other related purposes include studies conducted by the Centers for Medicare and Medicaid Services to address health care disparities on the basis of race, ethnicity, and gender for Medicare and Medicaid beneficiaries under Titles XVIII and XIX of the Social Security Act. 5. To our contractors and grantees performing program evaluation, research, and statistical activities directly relating to this system of records, and to contractors or grantees for another Federal or State agency performing such activities. We occasionally contract out certain agency functions when doing so contributes to effective and efficient operations. Other Federal and State agencies also occasionally use contractors or grantees to perform program evaluation and analysis. We must be able to give the contractor or grantee the information needed to fulfill the contract requirements. In these situations, we require safeguards in the contract that prohibit the contractor from using or disclosing the information for any purpose other than that described in the contract. We also assure that contractors for other Federal and State agencies adhere to these safeguards. 6. To student volunteers, persons working under a personal services contract, and others who are not technically Federal employees, when they are performing work for us as authorized by law, and they need access to information in our records in order to perform their assigned agency duties. VerDate Nov<24>2008 15:04 Aug 21, 2009 Jkt 217001 We will disclose RE information under this routine use only when we use the services of student volunteers and participants in certain educational, training, employment, and community service programs when they need access to RE information in this system to perform their assigned agency duties. 7. To the General Services Administration (GSA) and the National Archives Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by the NARA Act, information that is not restricted from disclosure by Federal law for their use in conducting records management studies. We will disclose RE information under this routine use only when it is necessary for GSA and NARA to have access to the information covered by this proposed system of records. The Administrator of GSA and the Archivist of NARA are authorized by Title 44 U.S.C. 2904, as amended, to promulgate standards, procedures, and guidelines regarding records management and conducting records management studies. Title 44 U.S.C. 2906, as amended, provides that GSA and NARA are authorized to inspect Federal agencies’ records for records management purposes and that agencies are to cooperate with GSA and NARA. 8. To the appropriate Federal, State, and local agencies, entities, and persons when (1) we suspect or confirm that the security or confidentiality of information in this system of records has been compromised; (2) we determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or our other systems or programs that rely upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. We will use this routine use to respond only to those incidents involving an unintentional release of our records. We will disclose RE information under this routine use specifically in connection with response and remediation efforts in the event of an unintentional release of agency information, otherwise known as a ‘‘data security breach.’’ This routine use will protect the interests of the people whose information is at risk by allowing us to take appropriate steps to facilitate a timely and effective response to a data breach. The routine use will also help PO 00000 Frm 00086 Fmt 4703 Sfmt 4703 42729 us improve our ability to prevent, minimize, or remedy any harm that may result from a compromise of data covered by this system of records. 9. To Federal, State, and local law enforcement agencies and private security contractors, as appropriate, information necessary: (a) To enable them to assure the safety of our employees and the public, the security of our workplace, and the operation of our facilities; or (b) To assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupt the operation of our facilities. We will disclose RE information under this routine use to law enforcement agencies and private security contractors when information is needed to respond to, investigate, or prevent activities that jeopardize the security and safety of the public, employees, or workplaces, or that otherwise disrupt the operation of our facilities. We will disclose information to assist in prosecuting persons charged with violating a Federal, State, or local law in connection with such activities. B. Compatibility of Proposed Routine Uses The Privacy Act (5 U.S.C. 552a(b)(3)) and our disclosure regulations (20 CFR Part 401) permit us to disclose information under a published routine use for a purpose that is compatible with the purpose for which we collected the information. The proposed routine uses will ensure that we efficiently perform our functions relating to the purpose and administration of the proposed RECS system of records. Our regulations provide that we will disclose information when a law specifically requires disclosure (Section 401.120). Federal law requires the disclosures that we make under routine use number seven. We will disclose information under routine use number seven to the extent another Federal law does not prohibit the disclosure; e.g., the Internal Revenue Code generally prohibits the disclosure of tax return information which we receive to maintain individual earnings records. Therefore, all routine uses are appropriate and meet the relevant statutory and regulatory criteria. III. Record Storage Medium and Safeguards for the Information Covered by the Proposed RECS System of Records We will maintain RE information covered by the proposed RECS system of records in electronic and paper form. We will keep paper records in locked E:\FR\FM\24AUN1.SGM 24AUN1 42730 Federal Register / Vol. 74, No. 162 / Monday, August 24, 2009 / Notices cabinets or in otherwise secure areas. We will safeguard the security of the electronic information covered by the proposed RECS system of records by requiring the use of access codes to enter the computer system that will house the data. We will permit only our authorized employees and contractors who require the information to perform their official duties to access the information covered by the proposed RECS system of records. We provide appropriate security awareness and training annually to all our employees and contractors that include reminders about the need to protect personally identifiable information and the criminal penalties that apply to unauthorized access to, or disclosure of, personally identifiable information. See 5 U.S.C. 552a(i)(1). Furthermore, employees and contractors with access to databases maintaining personally identifiable information must sign a sanction document annually, acknowledging their accountability for making unauthorized access to, or disclosure of, such information. erowe on DSK5CLS3C1PROD with NOTICES IV. Effects of the Proposed RECS System of Records on the Rights of Individuals 15:04 Aug 21, 2009 Jkt 217001 Social Security Administration; Notice of New System of Records; Required by the Privacy Act of 1974, as Amended SYSTEM NUMBER: 60–0104 SYSTEM NAME: Race and Ethnicity Collection System (RECS), Social Security Administration (SSA). SECURITY CLASSIFICATION: None. SYSTEM LOCATION: SSA, Office of Telecommunications and Systems Operations, 6401 Security Boulevard, Baltimore, Maryland 21235. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Successfully enumerated applicants for Social Security number (SSN) cards, other than those who receive cards through the enumeration-at-birth (EAB) or enumeration-at-entry programs (EAE), when such persons voluntarily provide race and ethnicity (RE) data. CATEGORIES OF RECORDS IN THE SYSTEM: We will maintain RE information that is relevant to our agency’s program evaluation, research, and statistical reporting functions in the electronic system covered by the proposed RECS system of records. We will not use RE information to make a determination about entitlement to insurance coverage or benefits under the Social Security Act. We employ safeguards to protect the confidentiality of all personally identifiable information in our possession. We will adhere to the provisions of the Privacy Act and other applicable Federal statutes that govern our use and disclosure of the RE information that is covered by the proposed RECS system of records. We will disclose information under the routine uses discussed in this publication only as necessary to accomplish the stated purposes. Therefore, we do not anticipate that the proposed RECS system of records or routine use disclosures will have any unwarranted adverse effect on the privacy or other rights of persons who request an original or replacement SSN card from us. VerDate Nov<24>2008 Dated: August 18, 2009. Michael J. Astrue, Commissioner. SSN and RE data collected during contacts with the successfully enumerated applicants for SSN cards described above. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Sections 702, 704 and 1106 of the Social Security Act (42 U.S.C. 902, 904, and 1306), and SSA regulations at 20 CFR 401.165. PURPOSE(S): This system of records will cover RE data collected during contacts with persons who conduct enumeration business with us, other than those who receive cards through the EAB or EAE programs. ROUTINE USES OF RECORDS COVERED BY THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: Routine use disclosures are as indicated below: 1. To the Office of the President in response to an inquiry from that office made at the request of the subject of the record or a third party on that person’s behalf. 2. To a congressional office in response to an inquiry from that office made at the request of the subject of a record or a third party on that person’s behalf. 3. To the Department of Justice (DOJ), a court, other tribunal, or another party before such court or tribunal when: PO 00000 Frm 00087 Fmt 4703 Sfmt 4703 (a) SSA or any of our components; (b) Any SSA employee in his or her official capacity; (c) Any SSA employee in his or her individual capacity when DOJ (or SSA when we are authorized to do so) has agreed to represent the employee; or (d) The United States or any agency thereof when we determine that the litigation is likely to affect the operations of SSA or any of our components, is party to litigation or has an interest in such litigation, and we determine that the use of such records by DOJ, a court, other tribunal, or another party before such court or tribunal is relevant and necessary to the litigation. In each case, however, we must determine that such disclosure is compatible with the purpose for which we collected the records. 4. To a Federal, State, or congressional support agency (e.g., Congressional Budget Office and the Congressional Research Staff in the Library of Congress) for research, evaluation, or statistical studies. Such disclosures include, but are not limited to: (a) Releasing information to assess the extent to which one can predict eligibility for Supplemental Security Income (SSI) payments or Social Security disability insurance benefits or other programs under the Social Security Act; (b) Examining the distribution of benefits under programs of the Social Security Act by economic and demographic groups and how these differences might be affected by possible changes in policy; (c) Analyzing the interaction of economic and non-economic variables affecting entry and exit events and duration in the Title II Old Age, Survivors, and Disability Insurance and the Title XVI SSI disability programs; and, (d) Analyzing retirement decisions focusing on the role of Social Security benefit amounts, automatic benefit recomputation, the delayed retirement credit, and the retirement test. We may make these disclosures if we: (1) Determine that the routine use does not violate legal limitations under which the record was provided, collected, or obtained; (2) Determine that the purpose for which the proposed use is to be made: (i) Cannot reasonably be accomplished unless the record is provided in a form that identifies a person; (ii) Is of sufficient importance to warrant the effect on, or risk to, the privacy of the person which such E:\FR\FM\24AUN1.SGM 24AUN1 erowe on DSK5CLS3C1PROD with NOTICES Federal Register / Vol. 74, No. 162 / Monday, August 24, 2009 / Notices limited additional exposure of the record might bring; (iii) Has a reasonable probability of being accomplished; (v) Is of importance to the programs under the Social Security Act and beneficiaries of such programs or is for an epidemiological research project that relates to programs under the Social Security Act or beneficiaries of such programs; (3) Require the recipient of information to: (i) Establish appropriate administrative, technical, and physical safeguards to prevent unauthorized use or disclosure of the record and agree to on-site inspection by our employees, our agents, or by independent agents of the recipient agency of those safeguards; (ii) Remove or destroy the information that enables the person to be identified at the earliest time that the recipient can do so consistent with the purpose of the project, unless the recipient receives written authorization from us that it is justified, based on research objectives, in retaining such information; (iii) Make no further use of the records except: (a) Under emergency circumstances affecting the health and safety of a person following written authorization from us; (b) For disclosure to an identified person approved by us for the purpose of auditing the research project; (iv) Keep the data as a system of statistical records. A statistical record is one which is maintained only for statistical and research purposes and which is not used to make any determination about a person; (4) Secure a written statement by the recipient of the information attesting to the recipient’s understanding of, and willingness to abide by, these provisions. 5. To our contractors and grantees performing program evaluation, research, and statistical activities directly relating to this system of records, and to contractors or grantees for another Federal or State agency performing such activities. 6. To student volunteers, persons working under a personal services contract, and others who are not technically Federal employees, when they are performing work for us as authorized by law, and they need access to information in our records in order to perform their assigned agency duties. 7. To the General Services Administration and the National Archives Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by the NARA Act, information that is not restricted from VerDate Nov<24>2008 15:04 Aug 21, 2009 Jkt 217001 disclosure by Federal law for their use in conducting records management studies. 8. To the appropriate Federal, State, and local agencies, entities, and persons when (1) we suspect or confirm that the security or confidentiality of information in this system of records has been compromised; (2) we determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or our other systems or programs that rely upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. We will use this routine use to respond only to those incidents involving an unintentional release of our records. 9. To Federal, State, and local law enforcement agencies and private security contractors, as appropriate, information necessary: (a) To enable them to assure the safety of our employees and the public, the security of our workplace, and the operation of our facilities; or (b) To assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupt the operation of our facilities. POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE: We will store records in this system in electronic and paper form. RETRIEVABILITY: We will retrieve records by SSN. ACCESSIBILITY: Our researchers and statisticians prepare micro-data files about persons who are current, recently terminated, or potential recipients of benefits from Social Security and related programs for program evaluation, research, and statistical studies. When the product is in the form of micro-data, we make it available without personal identifiers to our other components and certain other agencies for data processing and data manipulation. SAFEGUARDS: We retain electronic and paper files with personal identifiers in secure storage areas accessible only to our authorized employees and contractors. PO 00000 Frm 00088 Fmt 4703 Sfmt 4703 42731 We limit access to data with personal identifiers from this system to persons or organizations authorized by our Office of Research, Evaluation, and Statistics. We furnish specially edited micro-files on request to public and private organizations for purposes of research and analysis. We include further confidentiality protections in our data agreements. We provide appropriate security awareness and training annually to all our employees and contractors that include reminders about the need to protect personally identifiable information and the criminal penalties that apply to unauthorized access to, or disclosure of, personally identifiable information. See 5 U.S.C. 552a(i)(1). Furthermore, employees and contractors with access to databases maintaining personally identifiable information must sign a sanction document annually, acknowledging their accountability for making unauthorized access to, or disclosure of, such information. RETENTION AND DISPOSAL: For purposes of records management disposition authority, we will follow the NARA and Department of Defense (DOD) 5015.2 regulations (DOD Design Criteria Standard for Electronic Records Management Software Applications). We will permanently maintain RE data covered by the RECS system of records. We will retain the research and statistical micro-data extract (stored on the mainframe) for a maximum of 100 years. SYSTEM MANAGER(S) AND ADDRESS: Director, Division of Enumeration and Death Alerts, Office of Earnings, Enumeration, and Administrative Systems, Social Security Administration, 6401 Security Boulevard, Baltimore, MD 21235. NOTIFICATION PROCEDURES: Persons can determine if this system contains a record about them by writing to the system manager at the above address and providing their name, SSN, or other information that may be in this system of records that will identify them. Persons requesting notification of records in person should provide the same information, as well as provide an identity document, preferably with a photograph, such as a driver’s license or some other means of identification, such as voter registration card, etc. Persons lacking identification documents sufficient to establish their identity must certify in writing that they are the person they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record E:\FR\FM\24AUN1.SGM 24AUN1 42732 Federal Register / Vol. 74, No. 162 / Monday, August 24, 2009 / Notices pertaining to another person under false pretenses is a criminal offense. Persons requesting notification by telephone must verify their identity by providing identifying information that parallels the information in the record to which notification is being requested. If we determine that the identifying information the person provides by telephone is insufficient, the person will be required to submit a request in writing or in person. If a person requests information by telephone on behalf of another individual, the subject person must be on the telephone with the requesting person and with us in the same phone call. We will establish the subject person’s identity (his or her name, SSN, address, date of birth, and place of birth, along with one other piece of information such as mother’s maiden name), and ask for his or her consent to provide information to the requesting person. Persons requesting notification submitted by mail must include a notarized statement to us to verify their identity or must certify in the request that they are the person they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record pertaining to another person under false pretenses is a criminal offense. These procedures are in accordance with SSA Regulations (20 CFR 401.40). RECORD ACCESS PROCEDURES: Same as notification procedures. Requesters should also reasonably specify the record contents being sought. These procedures are in accordance with SSA Regulations (20 CFR 401.40(c)). CONTESTING RECORD PROCEDURES: Same as notification procedures. Requesters should also reasonably identify the record, specify the information they are contesting, and state the corrective action sought and the reasons for the correction with supporting justification showing how the record is incomplete, untimely, inaccurate, or irrelevant. These procedures are in accordance with SSA Regulations (20 CFR 401.65(a)). erowe on DSK5CLS3C1PROD with NOTICES RECORD SOURCE CATEGORIES: We obtain information covered by this system of records from successfully enumerated applicants for original or replacement SSN cards (or from third parties acting on their behalf) who are not enumerated through the EAB or EAE programs. VerDate Nov<24>2008 15:04 Aug 21, 2009 Jkt 217001 EXEMPTIONS CLAIMED FOR THE SYSTEM: None. DEPARTMENT OF TRANSPORTATION Federal Railroad Administration [FR Doc. E9–20286 Filed 8–21–09; 8:45 am] [Docket No. FRA 2009–0001–N–20] BILLING CODE P DEPARTMENT OF TRANSPORTATION Office of the Secretary Notice of Applications for Certificates of Public Convenience and Necessity and Foreign Air Carrier Permits Filed Under Subpart B (Formerly Subpart Q) During the Week Ending August 8, 2009 The following Applications for Certificates of Public Convenience and Necessity and Foreign Air Carrier Permits were filed under Subpart B (formerly Subpart Q) of the Department of Transportation’s Procedural Regulations (See 14 CFR 301.201 et seq.). The due date for Answers, Conforming Applications, or Motions to Modify Scope are set forth below for each application. Following the Answer period DOT may process the application by expedited procedures. Such procedures may consist of the adoption of a show-cause order, a tentative order, or in appropriate cases a final order without further proceedings. Docket Number: DOT–OST–2009– 0183. Date Filed: August 5, 2009. Due Date for Answers, Conforming Applications, or Motion to Modify Scope: August 26, 2009. Description: Application of Omni Air International, Inc. requesting a disclaimer of jurisdiction or, alternatively, for approval of the transfer of its certificate of public convenience and necessity. Docket Number: DOT–OST–2009– 0187. Date Filed: August 7, 2009. Due Date for Answers, Conforming Applications, or Motion to Modify Scope: August 28, 2009. Description: Application of Charter Air Transport Inc. requesting authority to operate scheduled passenger service as a commuter air carrier. Renee V. Wright, Program Manager, Docket Operations, Federal Register Liaison. [FR Doc. E9–20271 Filed 8–21–09; 8:45 am] BILLING CODE 4910–9X–P PO 00000 Frm 00089 Fmt 4703 Sfmt 4703 Proposed Agency Information Collection Activities; Comment Request AGENCY: Federal Railroad Administration, DOT. ACTION: Notice. SUMMARY: In accordance with the Paperwork Reduction Act of 1995 and its implementing regulations, the Federal Railroad Administration (FRA) hereby announces that it is seeking reapproval of the following information collection activities. Before submitting these information collection requirements for clearance by the Office of Management and Budget (OMB), FRA is soliciting public comment on specific aspects of the activities identified below. DATES: Comments must be received no later than October 23, 2009. ADDRESSES: Submit written comments on any or all of the following proposed activities by mail to either: Mr. Robert Brogan, Office of Safety, Planning and Evaluation Division, RRS–21, Federal Railroad Administration, 1200 New Jersey Ave., SE., Mail Stop 17, Washington, DC 20590, or Ms. Nakia Jackson, Office of Information Technology, RAD–20, Federal Railroad Administration, 1200 New Jersey Ave., SE., Mail Stop 35, Washington, DC 20590. Commenters requesting FRA to acknowledge receipt of their respective comments must include a self-addressed stamped postcard stating, ‘‘Comments on OMB control number 2130–0583.’’ Alternatively, comments may be transmitted via facsimile to (202) 493– 6216 or (202) 493–6497, or via e-mail to Mr. Brogan at robert.brogan@dot.gov, or to Ms. Jackson at nakia.jackson@dot.gov. Please refer to the assigned OMB control number and the title of the information collection in any correspondence submitted. FRA will summarize comments received in response to this notice in a subsequent notice and include them in its information collection submission to OMB for approval. FOR FURTHER INFORMATION CONTACT: Mr. Robert Brogan, Office of Planning and Evaluation Division, RRS–21, Federal Railroad Administration, 1200 New Jersey Ave., SE., Mail Stop 17, Washington, DC 20590 (telephone: (202) 493–6292) or Ms. Nakia Jackson, Office of Information Technology, RAD–20, Federal Railroad Administration, 1200 E:\FR\FM\24AUN1.SGM 24AUN1

Agencies

[Federal Register Volume 74, Number 162 (Monday, August 24, 2009)]
[Notices]
[Pages 42727-42732]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-20286]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974, as Amended; New System of Records

AGENCY: Social Security Administration (SSA).

ACTION: Proposed system of records and routine uses: Correction.

-----------------------------------------------------------------------

SUMMARY: We are issuing public notice of our intent to establish a new 
system of records and routine uses applicable to this system of records 
in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and (e)(11)). 
The proposed system of records is entitled the Race and Ethnicity 
Collection System (60-0104), hereinafter referred to as the RECS system 
of records. We discuss the system of records in the Supplementary 
Information section below. We invite public comments on this proposal. 
We published this proposed system of records on August 19, 2009 
(document 2009-19935), with an effective date of October 9, 2009, 
unless we receive comments before that date that would result in a 
contrary determination. This current notice corrects the effective date 
of the proposed RECS system of records and routine uses, per below.

DATES: We filed a report of the proposed RECS system of records and 
routine use disclosures with the Chairman of the Senate Committee on 
Homeland Security and Governmental Affairs, the Chairman of the House 
Committee on Oversight and Government Reform, and the Director, Office 
of Information and Regulatory Affairs, Office of Management and Budget 
(OMB) on August 13, 2009. The proposed RECS system of records and 
routine uses will become effective on September 28, 2009, unless we 
receive comments before that date that would result in a contrary 
determination.

ADDRESSES: Interested persons may comment on this publication by 
writing to the Executive Director, Office of Privacy and Disclosure, 
Office of the General Counsel, Social Security Administration, Room 3-
A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235-6401. All comments we receive will be available for public 
inspection at the above address.

FOR FURTHER INFORMATION CONTACT: Alicia Matthews, Social Insurance 
Specialist (Senior Analyst), Disclosure Policy Development and Services 
Division 1, Office of Privacy and Disclosure, Office of the General 
Counsel, Social Security Administration, 3-A-6 Operations Building, 
6401 Security Boulevard, Baltimore, Maryland 21235-6401, telephone: 
(410) 965-1723, e-mail: alicia.matthews@ssa.gov.

SUPPLEMENTARY INFORMATION: 

I. Background and Purpose of the Proposed RECS System of Records

A. General Background

    In October 1997, the Office of Management and Budget (OMB) 
announced revised government-wide standards for Federal agencies 
collecting race and ethnicity (RE) data (62 FR 58782, Oct. 30, 1997, 
Revisions to the Standards for the Classification of Federal Data on 
Race and Ethnicity).
    We need RE data for program evaluation, research, and statistical 
reporting purposes. We do not use RE data to make decisions about a 
person's application for benefits or any other programmatic 
determination. Prior to 1987, we collected RE data from persons on a 
voluntary basis when they applied for either original or replacement 
Social Security number (SSN) cards. Since 1987, however, we have issued 
most original SSN cards through an enumeration-at-birth program (EAB), 
which is administered by the States. As the States do not collect RE 
information, we do not maintain RE information for EAB applicants. 
Since 2002, the Department of Homeland Security (DHS) has taken 
applications for SSN cards from aliens entering the United States 
through the enumeration-at-entry (EAE) program. DHS does not provide us 
with RE information on EAE applicants.
    We currently maintain the RE data that we collect in an existing 
Privacy Act system of records, the Master Files of SSN Number Holders 
and SSN Applications. The RE data we currently collect is limited to 
these categories: Asian, Asian-American or Pacific Islander; Hispanic; 
Black (Not Hispanic); North American Indian or Alaskan Native; and 
White (Not Hispanic). Under the current standards, persons who provide 
us race information can designate only one of the categories, and they 
do not have the option of designating both their race and ethnicity.

[[Page 42728]]

    We will no longer collect RE information using our limited 
categories. Pursuant to the OMB mandated standards, we will use the 
following categories to collect RE information:
Race
     Alaska Native,
     American Indian,
     Asian,
     Black/African American,
     Native Hawaiian,
     Other Pacific Islander, and
     White.
Ethnicity
     Hispanic/Latino.

    Under the OMB standards, persons may voluntarily designate one or 
more categories under ``Race'' and designate ``yes'' or ``no'' under 
the ``Ethnicity'' category.
    We will collect RE information that conforms to the OMB standards 
for the continuing purposes of program evaluation, research, and 
statistical reporting. Using the OMB standards, we will maintain all 
future collections of RE data in a separate electronic system covered 
by the proposed RECS system of records. The proposed RECS system of 
records will cover RE data about persons issued original or replacement 
SSN cards who do not apply through the EAB or EAE programs.

B. Collection and Maintenance of the Data for the Proposed RECS System 
of Records

    We will collect, maintain, and retrieve personally identifiable 
information (i.e., SSNs) of persons who voluntarily provide their RE 
data when they request an original or replacement SSN card from us in 
an electronic system covered by the proposed RECS system of records. 
Therefore, the RECS information collection is a system of records as 
defined by the Privacy Act.

II. Proposed Routine Use Disclosures of Data Covered by the Proposed 
RECS System of Records

A. Proposed Routine Use Disclosures

    We are proposing to establish the following routine uses of the 
information covered by the proposed RECS system of records.
    1. To the Office of the President in response to an inquiry from 
that office made at the request of the subject of the record or a third 
party on that person's behalf.
    We will disclose RE information under this routine use only when 
the Office of the President makes an inquiry relating to information 
contained in this system of records and indicates that it is acting on 
behalf of the person whose record is requested.
    2. To a congressional office in response to an inquiry from that 
office made at the request of the subject of a record or a third party 
on that person's behalf.
    We will disclose RE information under this routine use only when a 
member of Congress, or member of his or her staff, makes an inquiry 
relating to information contained in this system of records and 
indicates that he or she is acting on behalf of the person whose record 
is requested.
    3. To the Department of Justice (DOJ), a court, other tribunal, or 
another party before such court or tribunal when:
    (a) SSA or any of our components;
    (b) Any SSA employee in his or her official capacity;
    (c) Any SSA employee in his or her individual capacity when DOJ (or 
SSA when we are authorized to do so) has agreed to represent the 
employee; or
    (d) The United States or any agency thereof when we determine that 
the litigation is likely to affect the operations of SSA or any of our 
components, is party to litigation or has an interest in such 
litigation, and we determine that the use of such records by DOJ, a 
court, other tribunal, or another party before such court or tribunal 
is relevant and necessary to the litigation. In each case, however, we 
must determine that such disclosure is compatible with the purpose for 
which we collected the records.
    We will disclose RE information under this routine use as necessary 
to enable DOJ to effectively defend us, our components, or our 
employees in litigation when the use of information from the proposed 
system of records is relevant and necessary to the litigation and 
compatible with the purpose of the information collection. We will also 
disclose information to ensure that courts, other tribunals, and 
parties before such courts or tribunals, have appropriate information 
when relevant and necessary.
    4. To a Federal, State, or congressional support agency (e.g., 
Congressional Budget Office and the Congressional Research Staff in the 
Library of Congress) for research, evaluation, or statistical studies. 
Such disclosures include, but are not limited to:
    (a) Releasing information to assess the extent to which one can 
predict eligibility for Supplemental Security Income (SSI) payments or 
Social Security disability insurance benefits or other programs under 
the Social Security Act;
    (b) Examining the distribution of benefits under programs of the 
Social Security Act by economic and demographic groups and how these 
differences might be affected by possible changes in policy;
    (c) Analyzing the interaction of economic and non-economic 
variables affecting entry and exit events and duration in the Title II 
Old Age, Survivors, and Disability Insurance and the Title XVI SSI 
disability programs; and,
    (d) Analyzing retirement decisions focusing on the role of Social 
Security benefit amounts, automatic benefit recomputation, the delayed 
retirement credit, and the retirement test.
    We may make these disclosures if we:
    (1) Determine that the routine use does not violate legal 
limitations under which the record was provided, collected, or 
obtained;
    (2) Determine that the purpose for which the proposed use is to be 
made:
    (i) Cannot reasonably be accomplished unless the record is provided 
in a form that identifies a person;
    (ii) Is of sufficient importance to warrant the effect on, or risk 
to, the privacy of the person which such limited additional exposure of 
the record might bring;
    (iii) Has a reasonable probability of being accomplished;
    (iv) Is of importance to the programs under the Social Security Act 
and beneficiaries of such programs or is for an epidemiological 
research project that relates to programs under the Social Security Act 
or beneficiaries of such programs;
    (3) Require the recipient of information to:
    (i) Establish appropriate administrative, technical, and physical 
safeguards to prevent unauthorized use or disclosure of the record and 
agree to on-site inspection by our employees, our agents, or by 
independent agents of the recipient agency of those safeguards;
    (ii) Remove or destroy the information that enables the person to 
be identified at the earliest time that the recipient can do so 
consistent with the purpose of the project, unless the recipient 
receives written authorization from us that it is justified, based on 
research objectives, in retaining such information;
    (iii) Make no further use of the records except:
    (a) Under emergency circumstances affecting the health and safety 
of a person following written authorization from us;
    (b) For disclosure to an identified person approved by us for the 
purpose of auditing the research project;

[[Page 42729]]

    (iv) Keep the data as a system of statistical records. A 
statistical record is one which is maintained only for statistical and 
research purposes and which is not used to make any determination about 
a person;
    (4) Secure a written statement by the recipient of the information 
attesting to the recipient's understanding of, and willingness to abide 
by, these provisions.
    The use of the revised OMB standards, which include more 
categories, will permit us to develop richer and more comprehensive 
information that can be used in actuarial, epidemiological, economic, 
and other social science projects that will ultimately benefit us, the 
public, and other Federal, State, or congressional support agencies' 
programs. The use of the information will allow new studies to occur 
regarding the administration of the Social Security program and other 
related purposes that we and other agencies might not otherwise 
undertake due to the lack of data. Other related purposes include 
studies conducted by the Centers for Medicare and Medicaid Services to 
address health care disparities on the basis of race, ethnicity, and 
gender for Medicare and Medicaid beneficiaries under Titles XVIII and 
XIX of the Social Security Act.
    5. To our contractors and grantees performing program evaluation, 
research, and statistical activities directly relating to this system 
of records, and to contractors or grantees for another Federal or State 
agency performing such activities.
    We occasionally contract out certain agency functions when doing so 
contributes to effective and efficient operations. Other Federal and 
State agencies also occasionally use contractors or grantees to perform 
program evaluation and analysis. We must be able to give the contractor 
or grantee the information needed to fulfill the contract requirements. 
In these situations, we require safeguards in the contract that 
prohibit the contractor from using or disclosing the information for 
any purpose other than that described in the contract. We also assure 
that contractors for other Federal and State agencies adhere to these 
safeguards.
    6. To student volunteers, persons working under a personal services 
contract, and others who are not technically Federal employees, when 
they are performing work for us as authorized by law, and they need 
access to information in our records in order to perform their assigned 
agency duties.
    We will disclose RE information under this routine use only when we 
use the services of student volunteers and participants in certain 
educational, training, employment, and community service programs when 
they need access to RE information in this system to perform their 
assigned agency duties.
    7. To the General Services Administration (GSA) and the National 
Archives Records Administration (NARA) under 44 U.S.C. 2904 and 2906, 
as amended by the NARA Act, information that is not restricted from 
disclosure by Federal law for their use in conducting records 
management studies.
    We will disclose RE information under this routine use only when it 
is necessary for GSA and NARA to have access to the information covered 
by this proposed system of records. The Administrator of GSA and the 
Archivist of NARA are authorized by Title 44 U.S.C. 2904, as amended, 
to promulgate standards, procedures, and guidelines regarding records 
management and conducting records management studies. Title 44 U.S.C. 
2906, as amended, provides that GSA and NARA are authorized to inspect 
Federal agencies' records for records management purposes and that 
agencies are to cooperate with GSA and NARA.
    8. To the appropriate Federal, State, and local agencies, entities, 
and persons when (1) we suspect or confirm that the security or 
confidentiality of information in this system of records has been 
compromised; (2) we determine that as a result of the suspected or 
confirmed compromise there is a risk of harm to economic or property 
interests, identity theft or fraud, or harm to the security or 
integrity of this system or our other systems or programs that rely 
upon the compromised information; and (3) we determine that disclosing 
the information to such agencies, entities, and persons is necessary to 
assist in our efforts to respond to the suspected or confirmed 
compromise and prevent, minimize, or remedy such harm. We will use this 
routine use to respond only to those incidents involving an 
unintentional release of our records.
    We will disclose RE information under this routine use specifically 
in connection with response and remediation efforts in the event of an 
unintentional release of agency information, otherwise known as a 
``data security breach.'' This routine use will protect the interests 
of the people whose information is at risk by allowing us to take 
appropriate steps to facilitate a timely and effective response to a 
data breach. The routine use will also help us improve our ability to 
prevent, minimize, or remedy any harm that may result from a compromise 
of data covered by this system of records.
    9. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary:
    (a) To enable them to assure the safety of our employees and the 
public, the security of our workplace, and the operation of our 
facilities; or
    (b) To assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of our facilities.
    We will disclose RE information under this routine use to law 
enforcement agencies and private security contractors when information 
is needed to respond to, investigate, or prevent activities that 
jeopardize the security and safety of the public, employees, or 
workplaces, or that otherwise disrupt the operation of our facilities. 
We will disclose information to assist in prosecuting persons charged 
with violating a Federal, State, or local law in connection with such 
activities.

B. Compatibility of Proposed Routine Uses

    The Privacy Act (5 U.S.C. 552a(b)(3)) and our disclosure 
regulations (20 CFR Part 401) permit us to disclose information under a 
published routine use for a purpose that is compatible with the purpose 
for which we collected the information. The proposed routine uses will 
ensure that we efficiently perform our functions relating to the 
purpose and administration of the proposed RECS system of records. Our 
regulations provide that we will disclose information when a law 
specifically requires disclosure (Section 401.120). Federal law 
requires the disclosures that we make under routine use number seven. 
We will disclose information under routine use number seven to the 
extent another Federal law does not prohibit the disclosure; e.g., the 
Internal Revenue Code generally prohibits the disclosure of tax return 
information which we receive to maintain individual earnings records. 
Therefore, all routine uses are appropriate and meet the relevant 
statutory and regulatory criteria.

III. Record Storage Medium and Safeguards for the Information Covered 
by the Proposed RECS System of Records

    We will maintain RE information covered by the proposed RECS system 
of records in electronic and paper form. We will keep paper records in 
locked

[[Page 42730]]

cabinets or in otherwise secure areas. We will safeguard the security 
of the electronic information covered by the proposed RECS system of 
records by requiring the use of access codes to enter the computer 
system that will house the data. We will permit only our authorized 
employees and contractors who require the information to perform their 
official duties to access the information covered by the proposed RECS 
system of records.
    We provide appropriate security awareness and training annually to 
all our employees and contractors that include reminders about the need 
to protect personally identifiable information and the criminal 
penalties that apply to unauthorized access to, or disclosure of, 
personally identifiable information. See 5 U.S.C. 552a(i)(1). 
Furthermore, employees and contractors with access to databases 
maintaining personally identifiable information must sign a sanction 
document annually, acknowledging their accountability for making 
unauthorized access to, or disclosure of, such information.

IV. Effects of the Proposed RECS System of Records on the Rights of 
Individuals

    We will maintain RE information that is relevant to our agency's 
program evaluation, research, and statistical reporting functions in 
the electronic system covered by the proposed RECS system of records. 
We will not use RE information to make a determination about 
entitlement to insurance coverage or benefits under the Social Security 
Act. We employ safeguards to protect the confidentiality of all 
personally identifiable information in our possession. We will adhere 
to the provisions of the Privacy Act and other applicable Federal 
statutes that govern our use and disclosure of the RE information that 
is covered by the proposed RECS system of records. We will disclose 
information under the routine uses discussed in this publication only 
as necessary to accomplish the stated purposes. Therefore, we do not 
anticipate that the proposed RECS system of records or routine use 
disclosures will have any unwarranted adverse effect on the privacy or 
other rights of persons who request an original or replacement SSN card 
from us.

    Dated: August 18, 2009.
Michael J. Astrue,
Commissioner.

Social Security Administration; Notice of New System of Records; 
Required by the Privacy Act of 1974, as Amended

SYSTEM NUMBER: 60-0104

System name:
    Race and Ethnicity Collection System (RECS), Social Security 
Administration (SSA).

Security classification:
    None.

System location:
    SSA, Office of Telecommunications and Systems Operations, 6401 
Security Boulevard, Baltimore, Maryland 21235.

Categories of individuals covered by the system:
    Successfully enumerated applicants for Social Security number (SSN) 
cards, other than those who receive cards through the enumeration-at-
birth (EAB) or enumeration-at-entry programs (EAE), when such persons 
voluntarily provide race and ethnicity (RE) data.

Categories of records in the system:
    SSN and RE data collected during contacts with the successfully 
enumerated applicants for SSN cards described above.

Authority for maintenance of the system:
    Sections 702, 704 and 1106 of the Social Security Act (42 U.S.C. 
902, 904, and 1306), and SSA regulations at 20 CFR 401.165.

Purpose(s):
    This system of records will cover RE data collected during contacts 
with persons who conduct enumeration business with us, other than those 
who receive cards through the EAB or EAE programs.

Routine uses of records covered by the system, including categories of 
users and the purposes of such uses:
    Routine use disclosures are as indicated below:
    1. To the Office of the President in response to an inquiry from 
that office made at the request of the subject of the record or a third 
party on that person's behalf.
    2. To a congressional office in response to an inquiry from that 
office made at the request of the subject of a record or a third party 
on that person's behalf.
    3. To the Department of Justice (DOJ), a court, other tribunal, or 
another party before such court or tribunal when:
    (a) SSA or any of our components;
    (b) Any SSA employee in his or her official capacity;
    (c) Any SSA employee in his or her individual capacity when DOJ (or 
SSA when we are authorized to do so) has agreed to represent the 
employee; or
    (d) The United States or any agency thereof when we determine that 
the litigation is likely to affect the operations of SSA or any of our 
components, is party to litigation or has an interest in such 
litigation, and we determine that the use of such records by DOJ, a 
court, other tribunal, or another party before such court or tribunal 
is relevant and necessary to the litigation. In each case, however, we 
must determine that such disclosure is compatible with the purpose for 
which we collected the records.
    4. To a Federal, State, or congressional support agency (e.g., 
Congressional Budget Office and the Congressional Research Staff in the 
Library of Congress) for research, evaluation, or statistical studies. 
Such disclosures include, but are not limited to:
    (a) Releasing information to assess the extent to which one can 
predict eligibility for Supplemental Security Income (SSI) payments or 
Social Security disability insurance benefits or other programs under 
the Social Security Act;
    (b) Examining the distribution of benefits under programs of the 
Social Security Act by economic and demographic groups and how these 
differences might be affected by possible changes in policy;
    (c) Analyzing the interaction of economic and non-economic 
variables affecting entry and exit events and duration in the Title II 
Old Age, Survivors, and Disability Insurance and the Title XVI SSI 
disability programs; and,
    (d) Analyzing retirement decisions focusing on the role of Social 
Security benefit amounts, automatic benefit recomputation, the delayed 
retirement credit, and the retirement test. We may make these 
disclosures if we:
    (1) Determine that the routine use does not violate legal 
limitations under which the record was provided, collected, or 
obtained;
    (2) Determine that the purpose for which the proposed use is to be 
made:
    (i) Cannot reasonably be accomplished unless the record is provided 
in a form that identifies a person;
    (ii) Is of sufficient importance to warrant the effect on, or risk 
to, the privacy of the person which such

[[Page 42731]]

limited additional exposure of the record might bring;
    (iii) Has a reasonable probability of being accomplished;
    (v) Is of importance to the programs under the Social Security Act 
and beneficiaries of such programs or is for an epidemiological 
research project that relates to programs under the Social Security Act 
or beneficiaries of such programs;
    (3) Require the recipient of information to:
    (i) Establish appropriate administrative, technical, and physical 
safeguards to prevent unauthorized use or disclosure of the record and 
agree to on-site inspection by our employees, our agents, or by 
independent agents of the recipient agency of those safeguards;
    (ii) Remove or destroy the information that enables the person to 
be identified at the earliest time that the recipient can do so 
consistent with the purpose of the project, unless the recipient 
receives written authorization from us that it is justified, based on 
research objectives, in retaining such information;
    (iii) Make no further use of the records except:
    (a) Under emergency circumstances affecting the health and safety 
of a person following written authorization from us;
    (b) For disclosure to an identified person approved by us for the 
purpose of auditing the research project;
    (iv) Keep the data as a system of statistical records. A 
statistical record is one which is maintained only for statistical and 
research purposes and which is not used to make any determination about 
a person;
    (4) Secure a written statement by the recipient of the information 
attesting to the recipient's understanding of, and willingness to abide 
by, these provisions.
    5. To our contractors and grantees performing program evaluation, 
research, and statistical activities directly relating to this system 
of records, and to contractors or grantees for another Federal or State 
agency performing such activities.
    6. To student volunteers, persons working under a personal services 
contract, and others who are not technically Federal employees, when 
they are performing work for us as authorized by law, and they need 
access to information in our records in order to perform their assigned 
agency duties.
    7. To the General Services Administration and the National Archives 
Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended 
by the NARA Act, information that is not restricted from disclosure by 
Federal law for their use in conducting records management studies.
    8. To the appropriate Federal, State, and local agencies, entities, 
and persons when (1) we suspect or confirm that the security or 
confidentiality of information in this system of records has been 
compromised; (2) we determine that as a result of the suspected or 
confirmed compromise there is a risk of harm to economic or property 
interests, identity theft or fraud, or harm to the security or 
integrity of this system or our other systems or programs that rely 
upon the compromised information; and (3) we determine that disclosing 
the information to such agencies, entities, and persons is necessary to 
assist in our efforts to respond to the suspected or confirmed 
compromise and prevent, minimize, or remedy such harm. We will use this 
routine use to respond only to those incidents involving an 
unintentional release of our records.
    9. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary:
    (a) To enable them to assure the safety of our employees and the 
public, the security of our workplace, and the operation of our 
facilities; or
    (b) To assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of our facilities.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    We will store records in this system in electronic and paper form.

Retrievability:
    We will retrieve records by SSN.

Accessibility:
    Our researchers and statisticians prepare micro-data files about 
persons who are current, recently terminated, or potential recipients 
of benefits from Social Security and related programs for program 
evaluation, research, and statistical studies. When the product is in 
the form of micro-data, we make it available without personal 
identifiers to our other components and certain other agencies for data 
processing and data manipulation.

Safeguards:
    We retain electronic and paper files with personal identifiers in 
secure storage areas accessible only to our authorized employees and 
contractors. We limit access to data with personal identifiers from 
this system to persons or organizations authorized by our Office of 
Research, Evaluation, and Statistics. We furnish specially edited 
micro-files on request to public and private organizations for purposes 
of research and analysis. We include further confidentiality 
protections in our data agreements.
    We provide appropriate security awareness and training annually to 
all our employees and contractors that include reminders about the need 
to protect personally identifiable information and the criminal 
penalties that apply to unauthorized access to, or disclosure of, 
personally identifiable information. See 5 U.S.C. 552a(i)(1). 
Furthermore, employees and contractors with access to databases 
maintaining personally identifiable information must sign a sanction 
document annually, acknowledging their accountability for making 
unauthorized access to, or disclosure of, such information.

Retention and disposal:
    For purposes of records management disposition authority, we will 
follow the NARA and Department of Defense (DOD) 5015.2 regulations (DOD 
Design Criteria Standard for Electronic Records Management Software 
Applications). We will permanently maintain RE data covered by the RECS 
system of records. We will retain the research and statistical micro-
data extract (stored on the mainframe) for a maximum of 100 years.

System manager(s) and address:
    Director, Division of Enumeration and Death Alerts, Office of 
Earnings, Enumeration, and Administrative Systems, Social Security 
Administration, 6401 Security Boulevard, Baltimore, MD 21235.

Notification procedures:
    Persons can determine if this system contains a record about them 
by writing to the system manager at the above address and providing 
their name, SSN, or other information that may be in this system of 
records that will identify them. Persons requesting notification of 
records in person should provide the same information, as well as 
provide an identity document, preferably with a photograph, such as a 
driver's license or some other means of identification, such as voter 
registration card, etc. Persons lacking identification documents 
sufficient to establish their identity must certify in writing that 
they are the person they claim to be and that they understand that the 
knowing and willful request for, or acquisition of, a record

[[Page 42732]]

pertaining to another person under false pretenses is a criminal 
offense.
    Persons requesting notification by telephone must verify their 
identity by providing identifying information that parallels the 
information in the record to which notification is being requested. If 
we determine that the identifying information the person provides by 
telephone is insufficient, the person will be required to submit a 
request in writing or in person. If a person requests information by 
telephone on behalf of another individual, the subject person must be 
on the telephone with the requesting person and with us in the same 
phone call. We will establish the subject person's identity (his or her 
name, SSN, address, date of birth, and place of birth, along with one 
other piece of information such as mother's maiden name), and ask for 
his or her consent to provide information to the requesting person. 
Persons requesting notification submitted by mail must include a 
notarized statement to us to verify their identity or must certify in 
the request that they are the person they claim to be and that they 
understand that the knowing and willful request for, or acquisition of, 
a record pertaining to another person under false pretenses is a 
criminal offense. These procedures are in accordance with SSA 
Regulations (20 CFR 401.40).

Record access procedures:
    Same as notification procedures. Requesters should also reasonably 
specify the record contents being sought. These procedures are in 
accordance with SSA Regulations (20 CFR 401.40(c)).

Contesting record procedures:
    Same as notification procedures. Requesters should also reasonably 
identify the record, specify the information they are contesting, and 
state the corrective action sought and the reasons for the correction 
with supporting justification showing how the record is incomplete, 
untimely, inaccurate, or irrelevant. These procedures are in accordance 
with SSA Regulations (20 CFR 401.65(a)).

Record source categories:
    We obtain information covered by this system of records from 
successfully enumerated applicants for original or replacement SSN 
cards (or from third parties acting on their behalf) who are not 
enumerated through the EAB or EAE programs.

Exemptions claimed for the system:
    None.

[FR Doc. E9-20286 Filed 8-21-09; 8:45 am]
BILLING CODE P