Privacy Act of 1974; as Amended Proposed Alteration to an Existing Privacy Act System of Records, and New Routine Use, 51940-51943 [E9-24275]

Agencies

• Social Security Administration

[Federal Register Volume 74, Number 194 (Thursday, October 8, 2009)]
[Notices]
[Pages 51940-51943]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-24275]



[[Page 51940]]

=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974; as Amended Proposed Alteration to an 
Existing Privacy Act System of Records, and New Routine Use

AGENCY: Social Security Administration (SSA).

ACTION: Altered system of records and routine use.

-----------------------------------------------------------------------

SUMMARY: We are issuing public notice of our intent to alter an 
existing system of records and to add a routine use applicable to this 
system of records in accordance with the Privacy Act (5 U.S.C. 
552a(e)(4) and (e)(11)). The system of records is entitled the Attorney 
and Eligible Direct Pay Non-Attorney (EDPNA) 1099-MISC File (60-0325), 
hereinafter referred to as the Appointed Representative File.
    We propose the following changes:
     Expand the purpose for the Appointed Representative File 
system of records to allow us to collect, maintain, and use information 
covered by the system of records to administer activities (e.g., 
authentication, registration, payment, monitoring, and termination of 
appointment) of appointed representatives.
     Expand the category of persons covered by the system of 
records to include non-professional persons (e.g., a friend, neighbor, 
or minister). In 2010, we will expand the category of persons further 
to include firms and other professional entities as representatives.
     Expand the category of records we maintain in the system 
to include the representative's date of birth, cell phone information, 
and assigned representative identification number.
     Change the system of records name from the Attorney and 
Eligible Direct Pay Non-Attorney (EDPNA) 1099-MISC File to the 
Appointed Representative File to more accurately reflect the persons 
covered by the system of records. The change also reflects that we have 
created a single repository, identified as the Appointed Representative 
Database, in which we will maintain all representational data.
     Add our data protection routine use to the system of 
records to allow us to release information to appropriate entities, 
persons, and Federal, State, and local agencies when we suspect or 
confirm an unauthorized release of personally identifiable information.
    We discuss the altered system of records and new routine use in the 
Supplementary Information section below. We invite public comments on 
this proposal.

DATES: We filed a report of the altered Appointed Representative File 
system of records and new routine use disclosure with the Chairman of 
the Senate Committee on Homeland Security and Governmental Affairs, the 
Chairman of the House Committee on Oversight and Government Reform, and 
the Director, Office of Information and Regulatory Affairs, Office of 
Management and Budget (OMB) on September 23, 3009. The altered 
Appointed Representative File system of records and new routine use 
will become effective on November 6, 2009, unless we receive comments 
before that date that would result in a contrary determination.

ADDRESSES: Interested persons may comment on this publication by 
writing to the Executive Director, Office of Privacy and Disclosure, 
Office of the General Counsel, Social Security Administration, Room 3-
A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235-6401. All comments we receive will be available for public 
inspection at the above address.

FOR FURTHER INFORMATION CONTACT: Christine W. Johnson, Social Insurance 
Specialist (Senior Analyst), Disclosure Policy Development and Services 
Division I, Office of Privacy and Disclosure, Office of the General 
Counsel, Social Security Administration, Room 3-A-6 Operations 
Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, 
telephone: (410) 965-8563 or e-mail: chris.w.johnson@ssa.gov.

SUPPLEMENTARY INFORMATION:

I. Background and Purpose of the Appointed Representative File System 
of Records

A. General Background

    In order to increase the number of disability claims and appeals 
filed online, we established the Disability Direct initiative and 
created a staggered roll-out process to automate the disability claims 
and services process, to the maximum extent possible. Through the 
Disability Direct initiative, we will: (1) Simplify the online 
application process; (2) establish an automated suite of services for 
appointed representatives; and (3) receive application data and medical 
records by direct transmission from third parties and medical service 
providers. The Disability Direct initiative will improve online 
disability claims and appeals to help offset our labor-intensive 
disability workload.
    On September 8, 2008, we published revisions to the Rules on 
Representation of Parties in the Federal Register (See 73 FR 51963 
(September 8, 2008)) to make it easier for representatives to do 
business with us electronically. We are altering the Appointed 
Representative File system of records specifically to implement an 
online suite of services for representatives. The online services will 
enable us to establish a framework of new business processes and 
systems enhancements and to provide comprehensive online services for 
representatives who wish to perform services on behalf of our 
claimants.
    To ensure that we administer the appointed representative business 
process in a more efficient and effective manner, we propose to: (1) 
Expand the purpose for which we collect, maintain, and use the 
information covered by this system of records to include the overall 
administration of all representational activities of appointed 
representatives; (2) expand the category of persons covered by the 
system of records to include non-professional persons (e.g., a friend, 
neighbor, or minister); (3) expand the category of records we maintain 
in the system to include the representative's date of birth, cell phone 
information, and representative identification number; (4) change the 
name of the system of records to more accurately reflect the persons 
covered by the system of records; and (5) add our data protection 
routine use to the system of records.
    Our long-standing policy is to recognize only persons as 
representatives. However, in the decades since we adopted that policy, 
the business practices of claimants' representatives have changed 
significantly. For example, many claimants prefer to hire a firm rather 
than a single person within a firm. Accordingly, to provide claimants 
better flexibility in pursuing matters before us, starting in 2010, we 
will recognize firms and other professional entities as 
representatives.
    We will maintain all information about appointed representatives, 
regardless of the category, payment type, or representational status of 
the representative, in a single repository identified as the Appointed 
Representative Database, covered by the Appointed Representative File 
system of records.

B. Discussion of Appointed Representative File System of Records

    We believe that the proposed alteration will significantly 
strengthen the framework of the appointed representative business 
process, as well as our efforts to enhance the infrastructure for 
electronic paperless processes. The alteration brings together related 
information in a single repository designed to increase

[[Page 51941]]

communication efficiency with other key agency systems. It will also 
increase accuracy in the way we administer the representative process.

C. Discussion of New Routine Use

    As recommended by the President's Identity Theft Task Force, as 
mandated by the Office of Management and Budget (OMB) in Memorandum M-
07-16, and in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and 
(11)), we established a routine use that specifically permits us to 
disclose our information when we respond to the unintentional release 
of agency information (a data security breach). Such a routine use 
serves to protect the interests of the people whose information is at 
risk by allowing us to take appropriate steps to facilitate a timely 
and effective response to a data breach. (See 72 FR 69723 (December 10, 
2007)).

II. Records Storage Medium and Safeguards for the Information Covered 
by the Appointed Representative File System of Records

    We will maintain, in paper and electronic form, appointed 
representative information covered by the Appointed Representative File 
system of records. We will keep paper records in locked cabinets or in 
other secure areas. We will safeguard the security of the electronic 
information covered by the Appointed Representative File system of 
records by requiring the use of access codes to enter the computer 
system that will house the data.
    We annually provide all of our employees and contractors with 
appropriate security awareness and training that includes reminders 
about the need to protect personally identifiable information and the 
criminal penalties that apply to unauthorized access to, or disclosure 
of, personally identifiable information. See 5 U.S.C. 552a(i)(1). 
Employees and contractors with access to databases maintaining 
personally identifiable information must sign a sanction document 
annually, acknowledging their accountability for inappropriately 
accessing or disclosing such information.

III. Effects of the Appointed Representative File System of Records and 
Routine Use Disclosure on the Rights of Individuals

A. Discussion Relating to the Alteration

    We propose altering the Appointed Representative File system of 
records as part of our responsibilities in continuing to expand our 
business processes. We will adhere to all applicable statutory 
requirements, including those under the Social Security Act and the 
Privacy Act, in carrying out our responsibilities. Therefore, we do not 
anticipate that the proposed alteration to this system of records will 
have any adverse effect on the privacy or other rights of the persons 
covered by the system of records.

B. Discussion Relating to the New Routine Use

    The new routine use will serve to protect the interests of persons 
whose information could be at risk. We will take appropriate steps to 
facilitate a timely and effective response to a security breach of our 
data, thereby improving our ability to prevent, minimize, or remedy any 
harm that may result from a compromise of data maintained in our system 
of records. We do not anticipate that the new routine use will have any 
adverse effect on the rights of persons whose data might be disclosed.

IV. Compatibility of Proposed Routine Use

    As mandated by OMB, as recommended by the President's Identity 
Theft Task Force, and in accordance with the Privacy Act (5 U.S.C. 
552a(a)(7) and (b)(3)) and our disclosure regulation (20 CFR Part 401), 
we are permitted to release information under a published routine use 
for a purpose that is compatible with the purpose for which we 
collected the information. Section 401.20 of our regulations provides 
that we will disclose information required by law. Since OMB has 
mandated its publication, this routine use is appropriate and meets the 
relevant statutory and regulatory criteria. In addition, we disclose to 
other agencies, entities, and persons, when necessary, to respond to an 
unintentional release. These disclosures are compatible with the 
reasons we collect the information, as helping to prevent and minimize 
the potential for harm is consistent with taking appropriate steps to 
protect information entrusted to us. See 5 U.S.C. 552a(e)(10).

    Dated: September 23, 2009.
Michael J. Astrue,
Commissioner.

Social Security Administration

Notice of System of Records Required by the Privacy Act of 1974; as 
Amended

System Number:
    60-0325.

System name:
    Appointed Representative File, Social Security Administration 
(SSA), Office of Disability Adjudication and Review and Deputy 
Commissioner for Retirement and Disability Policy.

Security classification:
    None.

System Location:
    Social Security Administration, Office of Systems, 6401 Security 
Boulevard, Baltimore, Maryland 21235.

Categories of individuals covered by the system:
    This system covers all claimants' representatives who are currently 
eligible to represent SSA claimants or have represented SSA claimants 
in the past at the administrative or court level in SSA matters. A 
representative may be any person (e.g., attorney, eligible direct pay 
non-attorney, or non-professional such as a friend, neighbor, or 
minister), a firm, or other professional entity that provides 
representative services, regardless of whether the representative 
charges or collects a fee for providing the representational services.

Categories of records in the system:
    This system will contain personally identifiable information and 
contact information for all appointed representatives. For example, we 
collect name (regardless of category, payment type, or representational 
status), date of birth, tax identification number (TIN)/Social Security 
number (SSN), representative identification number, tax mailing 
address, notice address, payment address, telephone numbers (e.g., 
business, fax, and cell phone) and type of representative (i.e., 
attorney, eligible direct pay non-attorney, non-professional, a firm, 
or other professional entity).
    The system will also contain information about the representative's 
legal standing and business affiliations. For example, we collect 
current bar and court information (e.g., year admitted, license number, 
present standing), sanction-related information (e.g., ``Disqualified 
or Suspended,'' and start/stop date of sanction), date the appointment 
was signed, termination of service date, business affiliation 
information (e.g., sole proprietor or single-member Limited Liability 
Company/Limited Liability partnership, partner, or salaried employee), 
name and address of the firm or entity, employer identification number 
(EIN) of the entity, and banking information.
    The system will also maintain relevant claimants' SSNs.

[[Page 51942]]

Authority for maintenance of the system:
    Sections 205, 206, 1631(d)(1) and 1631(d)(2) of the Social Security 
Act, as amended, sections 6041 and 6045 of the Internal Revenue Code, 
and implementing regulations at 26 CFR part 1.

Purpose(s):
    By altering the Appointed Representative File system of records, we 
will more efficiently collect, maintain, and use information about 
appointed representatives, regardless of category, payment type, or 
representational status, and strengthen the overall representative 
business process. We use information in this system to verify, 
document, and organize information about representatives.

Routine uses of records covered by the Appointed Representative File 
system of records, including categories of users and the purposes of 
such uses:
    Routine use disclosures are indicated below; however, we will not 
disclose any information defined as ``return or return information'' 
under 26 U.S.C. 6103 of the Internal Revenue Code (IRC), unless 
authorized by the IRC, the Internal Revenue Service (IRS), or IRS 
regulations.
    1. To the Office of the President in response to an inquiry made at 
the request of the subject of the record or a third party on that 
person's behalf.
    2. To a congressional office in response to an inquiry from that 
office made at the request of the subject of the record or a third 
party on that person's behalf.
    3. To the IRS and to State and local government tax agencies in 
response to inquiries regarding receipt of fees we paid directly 
starting in calendar year 2007.
    4. To the IRS to permit its auditing of our compliance with the 
safeguard provisions of the IRC of 1986, as amended.
    5. To the Department of Justice (DOJ), a court, other tribunal, or 
another party before such court or tribunal when:
    (a) SSA or any component thereof;
    (b) any SSA employee in his or her official capacity;
    (c) any SSA employee in his or her individual capacity when DOJ (or 
SSA when we are authorized to do so) has agreed to represent the 
employee; or
    (d) the United States, or any agency thereof, when we determine 
that the litigation is likely to affect the operations of SSA or any of 
its components, is a party to litigation or has an interest in such 
litigation, and we determine that the use of such records by DOJ, a 
court, other tribunal, or another party before such court or tribunal 
is relevant and necessary to the litigation. In each case, however, we 
must determine that such disclosure is compatible with the purpose for 
which we collected the records.
    6. To DOJ for:
    (a) investigating and prosecuting violations of the Social Security 
Act to which criminal penalties attach;
    (b) representing the Commissioner; or
    (c) investigating issues of fraud or violation of civil rights by 
agency officers or employees.
    7. To contractors and other Federal agencies, as necessary, to 
assist us in efficiently administering our programs. We will disclose 
information under this routine use only in situations in which we may 
enter into a contractual or similar agreement with a third party to 
assist in accomplishing an agency function relating to this system of 
records.
    8. To student volunteers, persons working under a personal services 
contract, and others who are not technically Federal employees, when 
they are performing work for us, as authorized by law, and they need 
access to information in our records in order to perform their assigned 
duties.
    9. To Federal, State, and local law enforcement agencies and 
private security contractors as appropriate, information as necessary:
    (a) to enable them to assure the safety of our employees and 
customers, the security of our workplace, and the operation of our 
facilities; or
    (b) to assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of our facilities.
    10. To the General Services Administration and the National 
Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 
2906, as amended by the NARA Act, information that is not restricted 
from disclosure by Federal law for their use in conducting records 
management studies.
    11. To employers to assist us in collecting debts owed by 
claimants' representatives who received an excess or erroneous 
representational fee payment and owe a delinquent debt to us. 
Disclosure under this routine use is authorized under the Debt 
Collection Improvement Act of 1966 (Pub. L. 104-134) and implemented 
through administrative wage garnishment provisions of this Act. See 31 
U.S.C. 3720D.
    12. To employers of claimants' representatives (e.g., law firms, 
partnerships, or other business entities) in accordance with the 
requirements of sections 6041 and 6045(f) of the IRC as implemented by 
the IRS Regulations found at 26 CFR 1.6041-1, and as necessary for us 
to carry out the requirements for fee reporting to appointed 
representatives.
    13. To the appropriate Federal, State, and local agencies, 
entities, and persons when: (1) We suspect or confirm that the security 
or confidentiality of information in this system of records has been 
compromised; (2) we determine that as a result of the suspected or 
confirmed compromise there is a risk of harm to economic or property 
interests, risk of identity theft or fraud, or harm to the security or 
integrity of this system or our other systems or programs that rely 
upon the compromised information; and (3) we determine that disclosing 
the information to such agencies, entities, and persons is necessary to 
assist in our efforts to respond to the suspected or confirmed 
compromise and prevent, minimize, or remedy such harm. We will use this 
routine use to respond only to those incidents involving an 
unintentional release of our records.
    We will disclose appointed representative information under this 
routine use specifically in connection with response and remediation 
efforts in the event of an unintentional release of agency information, 
otherwise known as a ``data security breach.'' This routine use will 
protect the interests of the people whose information is at risk by 
allowing us to take appropriate steps to facilitate a timely and 
effective response to a data breach. The routine use will also help us 
improve our ability to prevent, minimize, or remedy any harm that may 
result from a compromise of data covered in this system of records.

Disclosure to Consumer Reporting Agencies:
    Pursuant to 5 U.S.C. 552a(b)(12) of the Privacy Act, we may 
disclose information to consumer reporting agencies as defined in the 
Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims 
Collection Act of 1966 (31 U.S.C. 3701, et seq.), as amended. We will 
make the disclosure in accordance with 31 U.S.C. 3711(e) when 
authorized by sections 204(f), 808(e), or 1631(b)(4) of the Social 
Security Act (42 U.S.C. 404(f), 1008(e), or 1383(b)(4)). We may 
disclose under these circumstances to facilitate the collection of 
outstanding debts owed to the Federal government, to provide an 
incentive for debtors to repay delinquent Federal government debts by 
making the debts part of their credit records. The information we

[[Page 51943]]

disclose is limited to the person's name, address, SSN, and other 
information necessary to establish the person's identity, the amount, 
status, and history of the debt, and the agency or program under which 
the debt arose.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    We will store records in this system in paper and electronic form.

Retrievability:
    We will retrieve records by SSN, representative identification 
number, or alphabetically by the person's name.

Safeguards:
    We retain paper and electronic files with personal identifiers in 
secure storage areas accessible only to our authorized employees and 
contractors. We limit access to data with personal identifiers from 
this system to only our authorized personnel who have a need for the 
information when performing their official duties.
    We provide appropriate security awareness and training annually to 
all our employees and contractors that include reminders about the need 
to protect personally identifiable information and the criminal 
penalties that apply to unauthorized access to, or disclosure of, 
personally identifiable information. See 5 U.S.C. 552a(i)(l). 
Furthermore, employees and contractors with access to databases 
maintaining personally identifiable information must sign a sanction 
document annually, acknowledging their accountability for 
inappropriately accessing or disclosing such information.

Retention and disposal:
    For purposes of records management dispositions authority, we 
follow the NARA and Department of Defense (DOD) 5015.2 regulations (DOD 
Design Criteria Standard for Electronic Records Management Software 
Applications). We will destroy paper and electronic records three years 
after the final action is taken.

System manager(s) and address(es):
    Deputy Commissioner for Budget, Finance and Management, Social 
Security Administration, 6401 Security Boulevard, Baltimore, MD 21235.

Notification procedures:
    Persons can determine if this system contains a record about them 
by writing to the system manager at the above address to verify their 
identity or they must certify in the request that they are the person 
they claim to be and understand that the knowing and willful request 
for, or acquisition of, a record pertaining to another person under 
false pretenses is a criminal offense.
    Persons requesting notification of records in person should provide 
the same information, as well as provide an identity document, 
preferably with a photograph, such as a driver's license. Persons 
lacking identification documents sufficient to establish their identity 
must certify in writing that they are the person they claim to be and 
that they understand that the knowing and willful request for, or 
acquisition of, a record pertaining to another person under false 
pretenses is a criminal offense.
    Persons requesting notification by telephone must verify their 
identity by providing identifying information that parallels the 
information in the record about which they are requesting notification. 
If we determine that the identifying information the person provides by 
telephone is insufficient, we will require the person to submit a 
request in writing or in person. If a person requests information by 
telephone on behalf of another person, the subject person must be on 
the telephone with the requesting person and us in the same phone call. 
We will establish the subject person's identity (his or her name, SSN, 
address, date of birth, and place of birth, along with one other piece 
of information such as mother's maiden name) and ask for his or her 
consent to provide information to the requesting person. These 
procedures are in accordance with SSA Regulations (20 CFR 401.40 and 
401.45).

Record access procedures:
    Same as notification procedures. Requesters also should reasonably 
specify the record contents they are seeking. These procedures are in 
accordance with SSA Regulations (20 CFR 401.40(c)).

Contesting record procedures:
    Same as notification procedures. Persons also should reasonably 
identify the record, specify the information they are contesting, and 
state the corrective action sought and the reasons for the correction 
with supporting justification showing how the record is incomplete, 
untimely, inaccurate, or irrelevant. These procedures are in accordance 
with SSA Regulations (20 CFR 401.65(a)).

Record source categories:
    We obtain information covered by the Appointed Representative File 
system of records from claimant representatives and SSA records, such 
as the Master Beneficiary Record, Supplemental Security Record, and 
Master Files of Social Security Number (SSN) Holders and SSN 
Applications.

Exemptions claimed for the system:
    None.

[FR Doc. E9-24275 Filed 10-7-09; 8:45 am]
BILLING CODE P