Privacy Act of 1974; as Amended Proposed Alteration to an Existing Privacy Act System of Records, and New Routine Use, 51940-51943 [E9-24275]

Download as PDF 51940 Federal Register / Vol. 74, No. 194 / Thursday, October 8, 2009 / Notices SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974; as Amended Proposed Alteration to an Existing Privacy Act System of Records, and New Routine Use AGENCY: Social Security Administration (SSA). mstockstill on DSKH9S0YB1PROD with NOTICES ACTION: Altered system of records and routine use. SUMMARY: We are issuing public notice of our intent to alter an existing system of records and to add a routine use applicable to this system of records in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and (e)(11)). The system of records is entitled the Attorney and Eligible Direct Pay NonAttorney (EDPNA) 1099–MISC File (60– 0325), hereinafter referred to as the Appointed Representative File. We propose the following changes: • Expand the purpose for the Appointed Representative File system of records to allow us to collect, maintain, and use information covered by the system of records to administer activities (e.g., authentication, registration, payment, monitoring, and termination of appointment) of appointed representatives. • Expand the category of persons covered by the system of records to include non-professional persons (e.g., a friend, neighbor, or minister). In 2010, we will expand the category of persons further to include firms and other professional entities as representatives. • Expand the category of records we maintain in the system to include the representative’s date of birth, cell phone information, and assigned representative identification number. • Change the system of records name from the Attorney and Eligible Direct Pay Non-Attorney (EDPNA) 1099–MISC File to the Appointed Representative File to more accurately reflect the persons covered by the system of records. The change also reflects that we have created a single repository, identified as the Appointed Representative Database, in which we will maintain all representational data. • Add our data protection routine use to the system of records to allow us to release information to appropriate entities, persons, and Federal, State, and local agencies when we suspect or confirm an unauthorized release of personally identifiable information. We discuss the altered system of records and new routine use in the Supplementary Information section below. We invite public comments on this proposal. DATES: We filed a report of the altered Appointed Representative File system of VerDate Nov<24>2008 18:31 Oct 07, 2009 Jkt 220001 records and new routine use disclosure with the Chairman of the Senate Committee on Homeland Security and Governmental Affairs, the Chairman of the House Committee on Oversight and Government Reform, and the Director, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB) on September 23, 3009. The altered Appointed Representative File system of records and new routine use will become effective on November 6, 2009, unless we receive comments before that date that would result in a contrary determination. ADDRESSES: Interested persons may comment on this publication by writing to the Executive Director, Office of Privacy and Disclosure, Office of the General Counsel, Social Security Administration, Room 3–A–6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235– 6401. All comments we receive will be available for public inspection at the above address. FOR FURTHER INFORMATION CONTACT: Christine W. Johnson, Social Insurance Specialist (Senior Analyst), Disclosure Policy Development and Services Division I, Office of Privacy and Disclosure, Office of the General Counsel, Social Security Administration, Room 3–A–6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235– 6401, telephone: (410) 965–8563 or email: chris.w.johnson@ssa.gov. SUPPLEMENTARY INFORMATION: I. Background and Purpose of the Appointed Representative File System of Records A. General Background In order to increase the number of disability claims and appeals filed online, we established the Disability Direct initiative and created a staggered roll-out process to automate the disability claims and services process, to the maximum extent possible. Through the Disability Direct initiative, we will: (1) Simplify the online application process; (2) establish an automated suite of services for appointed representatives; and (3) receive application data and medical records by direct transmission from third parties and medical service providers. The Disability Direct initiative will improve online disability claims and appeals to help offset our labor-intensive disability workload. On September 8, 2008, we published revisions to the Rules on Representation of Parties in the Federal Register (See 73 FR 51963 (September 8, 2008)) to make it easier for representatives to do PO 00000 Frm 00111 Fmt 4703 Sfmt 4703 business with us electronically. We are altering the Appointed Representative File system of records specifically to implement an online suite of services for representatives. The online services will enable us to establish a framework of new business processes and systems enhancements and to provide comprehensive online services for representatives who wish to perform services on behalf of our claimants. To ensure that we administer the appointed representative business process in a more efficient and effective manner, we propose to: (1) Expand the purpose for which we collect, maintain, and use the information covered by this system of records to include the overall administration of all representational activities of appointed representatives; (2) expand the category of persons covered by the system of records to include non-professional persons (e.g., a friend, neighbor, or minister); (3) expand the category of records we maintain in the system to include the representative’s date of birth, cell phone information, and representative identification number; (4) change the name of the system of records to more accurately reflect the persons covered by the system of records; and (5) add our data protection routine use to the system of records. Our long-standing policy is to recognize only persons as representatives. However, in the decades since we adopted that policy, the business practices of claimants’ representatives have changed significantly. For example, many claimants prefer to hire a firm rather than a single person within a firm. Accordingly, to provide claimants better flexibility in pursuing matters before us, starting in 2010, we will recognize firms and other professional entities as representatives. We will maintain all information about appointed representatives, regardless of the category, payment type, or representational status of the representative, in a single repository identified as the Appointed Representative Database, covered by the Appointed Representative File system of records. B. Discussion of Appointed Representative File System of Records We believe that the proposed alteration will significantly strengthen the framework of the appointed representative business process, as well as our efforts to enhance the infrastructure for electronic paperless processes. The alteration brings together related information in a single repository designed to increase E:\FR\FM\08OCN1.SGM 08OCN1 Federal Register / Vol. 74, No. 194 / Thursday, October 8, 2009 / Notices communication efficiency with other key agency systems. It will also increase accuracy in the way we administer the representative process. C. Discussion of New Routine Use As recommended by the President’s Identity Theft Task Force, as mandated by the Office of Management and Budget (OMB) in Memorandum M–07– 16, and in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and (11)), we established a routine use that specifically permits us to disclose our information when we respond to the unintentional release of agency information (a data security breach). Such a routine use serves to protect the interests of the people whose information is at risk by allowing us to take appropriate steps to facilitate a timely and effective response to a data breach. (See 72 FR 69723 (December 10, 2007)). II. Records Storage Medium and Safeguards for the Information Covered by the Appointed Representative File System of Records mstockstill on DSKH9S0YB1PROD with NOTICES We will maintain, in paper and electronic form, appointed representative information covered by the Appointed Representative File system of records. We will keep paper records in locked cabinets or in other secure areas. We will safeguard the security of the electronic information covered by the Appointed Representative File system of records by requiring the use of access codes to enter the computer system that will house the data. We annually provide all of our employees and contractors with appropriate security awareness and training that includes reminders about the need to protect personally identifiable information and the criminal penalties that apply to unauthorized access to, or disclosure of, personally identifiable information. See 5 U.S.C. 552a(i)(1). Employees and contractors with access to databases maintaining personally identifiable information must sign a sanction document annually, acknowledging their accountability for inappropriately accessing or disclosing such information. III. Effects of the Appointed Representative File System of Records and Routine Use Disclosure on the Rights of Individuals A. Discussion Relating to the Alteration We propose altering the Appointed Representative File system of records as part of our responsibilities in continuing VerDate Nov<24>2008 18:31 Oct 07, 2009 Jkt 220001 51941 to expand our business processes. We will adhere to all applicable statutory requirements, including those under the Social Security Act and the Privacy Act, in carrying out our responsibilities. Therefore, we do not anticipate that the proposed alteration to this system of records will have any adverse effect on the privacy or other rights of the persons covered by the system of records. SYSTEM NAME: B. Discussion Relating to the New Routine Use Social Security Administration, Office of Systems, 6401 Security Boulevard, Baltimore, Maryland 21235. The new routine use will serve to protect the interests of persons whose information could be at risk. We will take appropriate steps to facilitate a timely and effective response to a security breach of our data, thereby improving our ability to prevent, minimize, or remedy any harm that may result from a compromise of data maintained in our system of records. We do not anticipate that the new routine use will have any adverse effect on the rights of persons whose data might be disclosed. IV. Compatibility of Proposed Routine Use As mandated by OMB, as recommended by the President’s Identity Theft Task Force, and in accordance with the Privacy Act (5 U.S.C. 552a(a)(7) and (b)(3)) and our disclosure regulation (20 CFR Part 401), we are permitted to release information under a published routine use for a purpose that is compatible with the purpose for which we collected the information. Section 401.20 of our regulations provides that we will disclose information required by law. Since OMB has mandated its publication, this routine use is appropriate and meets the relevant statutory and regulatory criteria. In addition, we disclose to other agencies, entities, and persons, when necessary, to respond to an unintentional release. These disclosures are compatible with the reasons we collect the information, as helping to prevent and minimize the potential for harm is consistent with taking appropriate steps to protect information entrusted to us. See 5 U.S.C. 552a(e)(10). Dated: September 23, 2009. Michael J. Astrue, Commissioner. Social Security Administration Notice of System of Records Required by the Privacy Act of 1974; as Amended System Number: PO 00000 60–0325. Frm 00112 Fmt 4703 Sfmt 4703 Appointed Representative File, Social Security Administration (SSA), Office of Disability Adjudication and Review and Deputy Commissioner for Retirement and Disability Policy. SECURITY CLASSIFICATION: None. SYSTEM LOCATION: CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: This system covers all claimants’ representatives who are currently eligible to represent SSA claimants or have represented SSA claimants in the past at the administrative or court level in SSA matters. A representative may be any person (e.g., attorney, eligible direct pay non-attorney, or non-professional such as a friend, neighbor, or minister), a firm, or other professional entity that provides representative services, regardless of whether the representative charges or collects a fee for providing the representational services. CATEGORIES OF RECORDS IN THE SYSTEM: This system will contain personally identifiable information and contact information for all appointed representatives. For example, we collect name (regardless of category, payment type, or representational status), date of birth, tax identification number (TIN)/ Social Security number (SSN), representative identification number, tax mailing address, notice address, payment address, telephone numbers (e.g., business, fax, and cell phone) and type of representative (i.e., attorney, eligible direct pay non-attorney, nonprofessional, a firm, or other professional entity). The system will also contain information about the representative’s legal standing and business affiliations. For example, we collect current bar and court information (e.g., year admitted, license number, present standing), sanction-related information (e.g., ‘‘Disqualified or Suspended,’’ and start/ stop date of sanction), date the appointment was signed, termination of service date, business affiliation information (e.g., sole proprietor or single-member Limited Liability Company/Limited Liability partnership, partner, or salaried employee), name and address of the firm or entity, employer identification number (EIN) of the entity, and banking information. The system will also maintain relevant claimants’ SSNs. E:\FR\FM\08OCN1.SGM 08OCN1 51942 Federal Register / Vol. 74, No. 194 / Thursday, October 8, 2009 / Notices AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Sections 205, 206, 1631(d)(1) and 1631(d)(2) of the Social Security Act, as amended, sections 6041 and 6045 of the Internal Revenue Code, and implementing regulations at 26 CFR part 1. PURPOSE(S): By altering the Appointed Representative File system of records, we will more efficiently collect, maintain, and use information about appointed representatives, regardless of category, payment type, or representational status, and strengthen the overall representative business process. We use information in this system to verify, document, and organize information about representatives. mstockstill on DSKH9S0YB1PROD with NOTICES ROUTINE USES OF RECORDS COVERED BY THE APPOINTED REPRESENTATIVE FILE SYSTEM OF RECORDS, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: Routine use disclosures are indicated below; however, we will not disclose any information defined as ‘‘return or return information’’ under 26 U.S.C. 6103 of the Internal Revenue Code (IRC), unless authorized by the IRC, the Internal Revenue Service (IRS), or IRS regulations. 1. To the Office of the President in response to an inquiry made at the request of the subject of the record or a third party on that person’s behalf. 2. To a congressional office in response to an inquiry from that office made at the request of the subject of the record or a third party on that person’s behalf. 3. To the IRS and to State and local government tax agencies in response to inquiries regarding receipt of fees we paid directly starting in calendar year 2007. 4. To the IRS to permit its auditing of our compliance with the safeguard provisions of the IRC of 1986, as amended. 5. To the Department of Justice (DOJ), a court, other tribunal, or another party before such court or tribunal when: (a) SSA or any component thereof; (b) any SSA employee in his or her official capacity; (c) any SSA employee in his or her individual capacity when DOJ (or SSA when we are authorized to do so) has agreed to represent the employee; or (d) the United States, or any agency thereof, when we determine that the litigation is likely to affect the operations of SSA or any of its components, is a party to litigation or has an interest in such litigation, and we determine that the use of such records VerDate Nov<24>2008 18:31 Oct 07, 2009 Jkt 220001 by DOJ, a court, other tribunal, or another party before such court or tribunal is relevant and necessary to the litigation. In each case, however, we must determine that such disclosure is compatible with the purpose for which we collected the records. 6. To DOJ for: (a) investigating and prosecuting violations of the Social Security Act to which criminal penalties attach; (b) representing the Commissioner; or (c) investigating issues of fraud or violation of civil rights by agency officers or employees. 7. To contractors and other Federal agencies, as necessary, to assist us in efficiently administering our programs. We will disclose information under this routine use only in situations in which we may enter into a contractual or similar agreement with a third party to assist in accomplishing an agency function relating to this system of records. 8. To student volunteers, persons working under a personal services contract, and others who are not technically Federal employees, when they are performing work for us, as authorized by law, and they need access to information in our records in order to perform their assigned duties. 9. To Federal, State, and local law enforcement agencies and private security contractors as appropriate, information as necessary: (a) to enable them to assure the safety of our employees and customers, the security of our workplace, and the operation of our facilities; or (b) to assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupt the operation of our facilities. 10. To the General Services Administration and the National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by the NARA Act, information that is not restricted from disclosure by Federal law for their use in conducting records management studies. 11. To employers to assist us in collecting debts owed by claimants’ representatives who received an excess or erroneous representational fee payment and owe a delinquent debt to us. Disclosure under this routine use is authorized under the Debt Collection Improvement Act of 1966 (Pub. L. 104– 134) and implemented through administrative wage garnishment provisions of this Act. See 31 U.S.C. 3720D. 12. To employers of claimants’ representatives (e.g., law firms, PO 00000 Frm 00113 Fmt 4703 Sfmt 4703 partnerships, or other business entities) in accordance with the requirements of sections 6041 and 6045(f) of the IRC as implemented by the IRS Regulations found at 26 CFR 1.6041–1, and as necessary for us to carry out the requirements for fee reporting to appointed representatives. 13. To the appropriate Federal, State, and local agencies, entities, and persons when: (1) We suspect or confirm that the security or confidentiality of information in this system of records has been compromised; (2) we determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, risk of identity theft or fraud, or harm to the security or integrity of this system or our other systems or programs that rely upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. We will use this routine use to respond only to those incidents involving an unintentional release of our records. We will disclose appointed representative information under this routine use specifically in connection with response and remediation efforts in the event of an unintentional release of agency information, otherwise known as a ‘‘data security breach.’’ This routine use will protect the interests of the people whose information is at risk by allowing us to take appropriate steps to facilitate a timely and effective response to a data breach. The routine use will also help us improve our ability to prevent, minimize, or remedy any harm that may result from a compromise of data covered in this system of records. DISCLOSURE TO CONSUMER REPORTING AGENCIES: Pursuant to 5 U.S.C. 552a(b)(12) of the Privacy Act, we may disclose information to consumer reporting agencies as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966 (31 U.S.C. 3701, et seq.), as amended. We will make the disclosure in accordance with 31 U.S.C. 3711(e) when authorized by sections 204(f), 808(e), or 1631(b)(4) of the Social Security Act (42 U.S.C. 404(f), 1008(e), or 1383(b)(4)). We may disclose under these circumstances to facilitate the collection of outstanding debts owed to the Federal government, to provide an incentive for debtors to repay delinquent Federal government debts by making the debts part of their credit records. The information we E:\FR\FM\08OCN1.SGM 08OCN1 Federal Register / Vol. 74, No. 194 / Thursday, October 8, 2009 / Notices disclose is limited to the person’s name, address, SSN, and other information necessary to establish the person’s identity, the amount, status, and history of the debt, and the agency or program under which the debt arose. POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE: We will store records in this system in paper and electronic form. RETRIEVABILITY: We will retrieve records by SSN, representative identification number, or alphabetically by the person’s name. SAFEGUARDS: We retain paper and electronic files with personal identifiers in secure storage areas accessible only to our authorized employees and contractors. We limit access to data with personal identifiers from this system to only our authorized personnel who have a need for the information when performing their official duties. We provide appropriate security awareness and training annually to all our employees and contractors that include reminders about the need to protect personally identifiable information and the criminal penalties that apply to unauthorized access to, or disclosure of, personally identifiable information. See 5 U.S.C. 552a(i)(l). Furthermore, employees and contractors with access to databases maintaining personally identifiable information must sign a sanction document annually, acknowledging their accountability for inappropriately accessing or disclosing such information. RETENTION AND DISPOSAL: For purposes of records management dispositions authority, we follow the NARA and Department of Defense (DOD) 5015.2 regulations (DOD Design Criteria Standard for Electronic Records Management Software Applications). We will destroy paper and electronic records three years after the final action is taken. mstockstill on DSKH9S0YB1PROD with NOTICES SYSTEM MANAGER(S) AND ADDRESS(ES): Deputy Commissioner for Budget, Finance and Management, Social Security Administration, 6401 Security Boulevard, Baltimore, MD 21235. NOTIFICATION PROCEDURES: Persons can determine if this system contains a record about them by writing to the system manager at the above address to verify their identity or they must certify in the request that they are the person they claim to be and VerDate Nov<24>2008 18:31 Oct 07, 2009 Jkt 220001 understand that the knowing and willful request for, or acquisition of, a record pertaining to another person under false pretenses is a criminal offense. Persons requesting notification of records in person should provide the same information, as well as provide an identity document, preferably with a photograph, such as a driver’s license. Persons lacking identification documents sufficient to establish their identity must certify in writing that they are the person they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record pertaining to another person under false pretenses is a criminal offense. Persons requesting notification by telephone must verify their identity by providing identifying information that parallels the information in the record about which they are requesting notification. If we determine that the identifying information the person provides by telephone is insufficient, we will require the person to submit a request in writing or in person. If a person requests information by telephone on behalf of another person, the subject person must be on the telephone with the requesting person and us in the same phone call. We will establish the subject person’s identity (his or her name, SSN, address, date of birth, and place of birth, along with one other piece of information such as mother’s maiden name) and ask for his or her consent to provide information to the requesting person. These procedures are in accordance with SSA Regulations (20 CFR 401.40 and 401.45). RECORD ACCESS PROCEDURES: Same as notification procedures. Requesters also should reasonably specify the record contents they are seeking. These procedures are in accordance with SSA Regulations (20 CFR 401.40(c)). CONTESTING RECORD PROCEDURES: Same as notification procedures. Persons also should reasonably identify the record, specify the information they are contesting, and state the corrective action sought and the reasons for the correction with supporting justification showing how the record is incomplete, untimely, inaccurate, or irrelevant. These procedures are in accordance with SSA Regulations (20 CFR 401.65(a)). RECORD SOURCE CATEGORIES: We obtain information covered by the Appointed Representative File system of records from claimant representatives and SSA records, such as the Master PO 00000 Frm 00114 Fmt 4703 Sfmt 4703 51943 Beneficiary Record, Supplemental Security Record, and Master Files of Social Security Number (SSN) Holders and SSN Applications. EXEMPTIONS CLAIMED FOR THE SYSTEM: None. [FR Doc. E9–24275 Filed 10–7–09; 8:45 am] BILLING CODE P DEPARTMENT OF TRANSPORTATION National Highway Traffic Safety Administration [Docket No. NHTSA–2009–0161] Notice 1 Receipt of Petition for Decision That Nonconforming 2009 Harley Davidson FX, FL, XL and VR Series Motorcycles Are Eligible for Importation AGENCY: National Highway Traffic Safety Administration, DOT ACTION: Notice of receipt of petition for decision that nonconforming 2009 Harley Davidson FX, FL, XL and VR Series Motorcycles are eligible for importation. SUMMARY: This document announces receipt by the National Highway Traffic Safety Administration (NHTSA) of a petition for a decision that 2009 Harley Davidson FX, FL, XL and VR Series Motorcycles that were not originally manufactured to comply with all applicable Federal motor vehicle safety standards (FMVSS) are eligible for importation into the United States because (1) they are substantially similar to vehicles that were originally manufactured for sale in the United States and that were certified by their manufacturer as complying with the safety standards, and (2) they are capable of being readily altered to conform to the standards. DATES: The closing date for comments on the petition is November 9, 2009. ADDRESSES: Comments should refer to the docket and notice numbers above and be submitted by any of the following methods: • Federal eRulemaking Portal: Go to http://www.regulations.gov. Follow the online instructions for submitting comments. • Mail: Docket Management Facility: U.S. Department of Transportation, 1200 New Jersey Avenue SE., West Building Ground Floor, Room W12–140, Washington, DC 20590–0001. • Hand Delivery or Courier: West Building Ground Floor, Room W12–140, 1200 New Jersey Avenue SE., between 9 a.m. and 5 p.m. ET, Monday through Friday, except Federal holidays. E:\FR\FM\08OCN1.SGM 08OCN1

Agencies

[Federal Register Volume 74, Number 194 (Thursday, October 8, 2009)]
[Notices]
[Pages 51940-51943]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-24275]



[[Page 51940]]

=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974; as Amended Proposed Alteration to an 
Existing Privacy Act System of Records, and New Routine Use

AGENCY: Social Security Administration (SSA).

ACTION: Altered system of records and routine use.

-----------------------------------------------------------------------

SUMMARY: We are issuing public notice of our intent to alter an 
existing system of records and to add a routine use applicable to this 
system of records in accordance with the Privacy Act (5 U.S.C. 
552a(e)(4) and (e)(11)). The system of records is entitled the Attorney 
and Eligible Direct Pay Non-Attorney (EDPNA) 1099-MISC File (60-0325), 
hereinafter referred to as the Appointed Representative File.
    We propose the following changes:
     Expand the purpose for the Appointed Representative File 
system of records to allow us to collect, maintain, and use information 
covered by the system of records to administer activities (e.g., 
authentication, registration, payment, monitoring, and termination of 
appointment) of appointed representatives.
     Expand the category of persons covered by the system of 
records to include non-professional persons (e.g., a friend, neighbor, 
or minister). In 2010, we will expand the category of persons further 
to include firms and other professional entities as representatives.
     Expand the category of records we maintain in the system 
to include the representative's date of birth, cell phone information, 
and assigned representative identification number.
     Change the system of records name from the Attorney and 
Eligible Direct Pay Non-Attorney (EDPNA) 1099-MISC File to the 
Appointed Representative File to more accurately reflect the persons 
covered by the system of records. The change also reflects that we have 
created a single repository, identified as the Appointed Representative 
Database, in which we will maintain all representational data.
     Add our data protection routine use to the system of 
records to allow us to release information to appropriate entities, 
persons, and Federal, State, and local agencies when we suspect or 
confirm an unauthorized release of personally identifiable information.
    We discuss the altered system of records and new routine use in the 
Supplementary Information section below. We invite public comments on 
this proposal.

DATES: We filed a report of the altered Appointed Representative File 
system of records and new routine use disclosure with the Chairman of 
the Senate Committee on Homeland Security and Governmental Affairs, the 
Chairman of the House Committee on Oversight and Government Reform, and 
the Director, Office of Information and Regulatory Affairs, Office of 
Management and Budget (OMB) on September 23, 3009. The altered 
Appointed Representative File system of records and new routine use 
will become effective on November 6, 2009, unless we receive comments 
before that date that would result in a contrary determination.

ADDRESSES: Interested persons may comment on this publication by 
writing to the Executive Director, Office of Privacy and Disclosure, 
Office of the General Counsel, Social Security Administration, Room 3-
A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235-6401. All comments we receive will be available for public 
inspection at the above address.

FOR FURTHER INFORMATION CONTACT: Christine W. Johnson, Social Insurance 
Specialist (Senior Analyst), Disclosure Policy Development and Services 
Division I, Office of Privacy and Disclosure, Office of the General 
Counsel, Social Security Administration, Room 3-A-6 Operations 
Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, 
telephone: (410) 965-8563 or e-mail: chris.w.johnson@ssa.gov.

SUPPLEMENTARY INFORMATION:

I. Background and Purpose of the Appointed Representative File System 
of Records

A. General Background

    In order to increase the number of disability claims and appeals 
filed online, we established the Disability Direct initiative and 
created a staggered roll-out process to automate the disability claims 
and services process, to the maximum extent possible. Through the 
Disability Direct initiative, we will: (1) Simplify the online 
application process; (2) establish an automated suite of services for 
appointed representatives; and (3) receive application data and medical 
records by direct transmission from third parties and medical service 
providers. The Disability Direct initiative will improve online 
disability claims and appeals to help offset our labor-intensive 
disability workload.
    On September 8, 2008, we published revisions to the Rules on 
Representation of Parties in the Federal Register (See 73 FR 51963 
(September 8, 2008)) to make it easier for representatives to do 
business with us electronically. We are altering the Appointed 
Representative File system of records specifically to implement an 
online suite of services for representatives. The online services will 
enable us to establish a framework of new business processes and 
systems enhancements and to provide comprehensive online services for 
representatives who wish to perform services on behalf of our 
claimants.
    To ensure that we administer the appointed representative business 
process in a more efficient and effective manner, we propose to: (1) 
Expand the purpose for which we collect, maintain, and use the 
information covered by this system of records to include the overall 
administration of all representational activities of appointed 
representatives; (2) expand the category of persons covered by the 
system of records to include non-professional persons (e.g., a friend, 
neighbor, or minister); (3) expand the category of records we maintain 
in the system to include the representative's date of birth, cell phone 
information, and representative identification number; (4) change the 
name of the system of records to more accurately reflect the persons 
covered by the system of records; and (5) add our data protection 
routine use to the system of records.
    Our long-standing policy is to recognize only persons as 
representatives. However, in the decades since we adopted that policy, 
the business practices of claimants' representatives have changed 
significantly. For example, many claimants prefer to hire a firm rather 
than a single person within a firm. Accordingly, to provide claimants 
better flexibility in pursuing matters before us, starting in 2010, we 
will recognize firms and other professional entities as 
representatives.
    We will maintain all information about appointed representatives, 
regardless of the category, payment type, or representational status of 
the representative, in a single repository identified as the Appointed 
Representative Database, covered by the Appointed Representative File 
system of records.

B. Discussion of Appointed Representative File System of Records

    We believe that the proposed alteration will significantly 
strengthen the framework of the appointed representative business 
process, as well as our efforts to enhance the infrastructure for 
electronic paperless processes. The alteration brings together related 
information in a single repository designed to increase

[[Page 51941]]

communication efficiency with other key agency systems. It will also 
increase accuracy in the way we administer the representative process.

C. Discussion of New Routine Use

    As recommended by the President's Identity Theft Task Force, as 
mandated by the Office of Management and Budget (OMB) in Memorandum M-
07-16, and in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and 
(11)), we established a routine use that specifically permits us to 
disclose our information when we respond to the unintentional release 
of agency information (a data security breach). Such a routine use 
serves to protect the interests of the people whose information is at 
risk by allowing us to take appropriate steps to facilitate a timely 
and effective response to a data breach. (See 72 FR 69723 (December 10, 
2007)).

II. Records Storage Medium and Safeguards for the Information Covered 
by the Appointed Representative File System of Records

    We will maintain, in paper and electronic form, appointed 
representative information covered by the Appointed Representative File 
system of records. We will keep paper records in locked cabinets or in 
other secure areas. We will safeguard the security of the electronic 
information covered by the Appointed Representative File system of 
records by requiring the use of access codes to enter the computer 
system that will house the data.
    We annually provide all of our employees and contractors with 
appropriate security awareness and training that includes reminders 
about the need to protect personally identifiable information and the 
criminal penalties that apply to unauthorized access to, or disclosure 
of, personally identifiable information. See 5 U.S.C. 552a(i)(1). 
Employees and contractors with access to databases maintaining 
personally identifiable information must sign a sanction document 
annually, acknowledging their accountability for inappropriately 
accessing or disclosing such information.

III. Effects of the Appointed Representative File System of Records and 
Routine Use Disclosure on the Rights of Individuals

A. Discussion Relating to the Alteration

    We propose altering the Appointed Representative File system of 
records as part of our responsibilities in continuing to expand our 
business processes. We will adhere to all applicable statutory 
requirements, including those under the Social Security Act and the 
Privacy Act, in carrying out our responsibilities. Therefore, we do not 
anticipate that the proposed alteration to this system of records will 
have any adverse effect on the privacy or other rights of the persons 
covered by the system of records.

B. Discussion Relating to the New Routine Use

    The new routine use will serve to protect the interests of persons 
whose information could be at risk. We will take appropriate steps to 
facilitate a timely and effective response to a security breach of our 
data, thereby improving our ability to prevent, minimize, or remedy any 
harm that may result from a compromise of data maintained in our system 
of records. We do not anticipate that the new routine use will have any 
adverse effect on the rights of persons whose data might be disclosed.

IV. Compatibility of Proposed Routine Use

    As mandated by OMB, as recommended by the President's Identity 
Theft Task Force, and in accordance with the Privacy Act (5 U.S.C. 
552a(a)(7) and (b)(3)) and our disclosure regulation (20 CFR Part 401), 
we are permitted to release information under a published routine use 
for a purpose that is compatible with the purpose for which we 
collected the information. Section 401.20 of our regulations provides 
that we will disclose information required by law. Since OMB has 
mandated its publication, this routine use is appropriate and meets the 
relevant statutory and regulatory criteria. In addition, we disclose to 
other agencies, entities, and persons, when necessary, to respond to an 
unintentional release. These disclosures are compatible with the 
reasons we collect the information, as helping to prevent and minimize 
the potential for harm is consistent with taking appropriate steps to 
protect information entrusted to us. See 5 U.S.C. 552a(e)(10).

    Dated: September 23, 2009.
Michael J. Astrue,
Commissioner.

Social Security Administration

Notice of System of Records Required by the Privacy Act of 1974; as 
Amended

System Number:
    60-0325.

System name:
    Appointed Representative File, Social Security Administration 
(SSA), Office of Disability Adjudication and Review and Deputy 
Commissioner for Retirement and Disability Policy.

Security classification:
    None.

System Location:
    Social Security Administration, Office of Systems, 6401 Security 
Boulevard, Baltimore, Maryland 21235.

Categories of individuals covered by the system:
    This system covers all claimants' representatives who are currently 
eligible to represent SSA claimants or have represented SSA claimants 
in the past at the administrative or court level in SSA matters. A 
representative may be any person (e.g., attorney, eligible direct pay 
non-attorney, or non-professional such as a friend, neighbor, or 
minister), a firm, or other professional entity that provides 
representative services, regardless of whether the representative 
charges or collects a fee for providing the representational services.

Categories of records in the system:
    This system will contain personally identifiable information and 
contact information for all appointed representatives. For example, we 
collect name (regardless of category, payment type, or representational 
status), date of birth, tax identification number (TIN)/Social Security 
number (SSN), representative identification number, tax mailing 
address, notice address, payment address, telephone numbers (e.g., 
business, fax, and cell phone) and type of representative (i.e., 
attorney, eligible direct pay non-attorney, non-professional, a firm, 
or other professional entity).
    The system will also contain information about the representative's 
legal standing and business affiliations. For example, we collect 
current bar and court information (e.g., year admitted, license number, 
present standing), sanction-related information (e.g., ``Disqualified 
or Suspended,'' and start/stop date of sanction), date the appointment 
was signed, termination of service date, business affiliation 
information (e.g., sole proprietor or single-member Limited Liability 
Company/Limited Liability partnership, partner, or salaried employee), 
name and address of the firm or entity, employer identification number 
(EIN) of the entity, and banking information.
    The system will also maintain relevant claimants' SSNs.

[[Page 51942]]

Authority for maintenance of the system:
    Sections 205, 206, 1631(d)(1) and 1631(d)(2) of the Social Security 
Act, as amended, sections 6041 and 6045 of the Internal Revenue Code, 
and implementing regulations at 26 CFR part 1.

Purpose(s):
    By altering the Appointed Representative File system of records, we 
will more efficiently collect, maintain, and use information about 
appointed representatives, regardless of category, payment type, or 
representational status, and strengthen the overall representative 
business process. We use information in this system to verify, 
document, and organize information about representatives.

Routine uses of records covered by the Appointed Representative File 
system of records, including categories of users and the purposes of 
such uses:
    Routine use disclosures are indicated below; however, we will not 
disclose any information defined as ``return or return information'' 
under 26 U.S.C. 6103 of the Internal Revenue Code (IRC), unless 
authorized by the IRC, the Internal Revenue Service (IRS), or IRS 
regulations.
    1. To the Office of the President in response to an inquiry made at 
the request of the subject of the record or a third party on that 
person's behalf.
    2. To a congressional office in response to an inquiry from that 
office made at the request of the subject of the record or a third 
party on that person's behalf.
    3. To the IRS and to State and local government tax agencies in 
response to inquiries regarding receipt of fees we paid directly 
starting in calendar year 2007.
    4. To the IRS to permit its auditing of our compliance with the 
safeguard provisions of the IRC of 1986, as amended.
    5. To the Department of Justice (DOJ), a court, other tribunal, or 
another party before such court or tribunal when:
    (a) SSA or any component thereof;
    (b) any SSA employee in his or her official capacity;
    (c) any SSA employee in his or her individual capacity when DOJ (or 
SSA when we are authorized to do so) has agreed to represent the 
employee; or
    (d) the United States, or any agency thereof, when we determine 
that the litigation is likely to affect the operations of SSA or any of 
its components, is a party to litigation or has an interest in such 
litigation, and we determine that the use of such records by DOJ, a 
court, other tribunal, or another party before such court or tribunal 
is relevant and necessary to the litigation. In each case, however, we 
must determine that such disclosure is compatible with the purpose for 
which we collected the records.
    6. To DOJ for:
    (a) investigating and prosecuting violations of the Social Security 
Act to which criminal penalties attach;
    (b) representing the Commissioner; or
    (c) investigating issues of fraud or violation of civil rights by 
agency officers or employees.
    7. To contractors and other Federal agencies, as necessary, to 
assist us in efficiently administering our programs. We will disclose 
information under this routine use only in situations in which we may 
enter into a contractual or similar agreement with a third party to 
assist in accomplishing an agency function relating to this system of 
records.
    8. To student volunteers, persons working under a personal services 
contract, and others who are not technically Federal employees, when 
they are performing work for us, as authorized by law, and they need 
access to information in our records in order to perform their assigned 
duties.
    9. To Federal, State, and local law enforcement agencies and 
private security contractors as appropriate, information as necessary:
    (a) to enable them to assure the safety of our employees and 
customers, the security of our workplace, and the operation of our 
facilities; or
    (b) to assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of our facilities.
    10. To the General Services Administration and the National 
Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 
2906, as amended by the NARA Act, information that is not restricted 
from disclosure by Federal law for their use in conducting records 
management studies.
    11. To employers to assist us in collecting debts owed by 
claimants' representatives who received an excess or erroneous 
representational fee payment and owe a delinquent debt to us. 
Disclosure under this routine use is authorized under the Debt 
Collection Improvement Act of 1966 (Pub. L. 104-134) and implemented 
through administrative wage garnishment provisions of this Act. See 31 
U.S.C. 3720D.
    12. To employers of claimants' representatives (e.g., law firms, 
partnerships, or other business entities) in accordance with the 
requirements of sections 6041 and 6045(f) of the IRC as implemented by 
the IRS Regulations found at 26 CFR 1.6041-1, and as necessary for us 
to carry out the requirements for fee reporting to appointed 
representatives.
    13. To the appropriate Federal, State, and local agencies, 
entities, and persons when: (1) We suspect or confirm that the security 
or confidentiality of information in this system of records has been 
compromised; (2) we determine that as a result of the suspected or 
confirmed compromise there is a risk of harm to economic or property 
interests, risk of identity theft or fraud, or harm to the security or 
integrity of this system or our other systems or programs that rely 
upon the compromised information; and (3) we determine that disclosing 
the information to such agencies, entities, and persons is necessary to 
assist in our efforts to respond to the suspected or confirmed 
compromise and prevent, minimize, or remedy such harm. We will use this 
routine use to respond only to those incidents involving an 
unintentional release of our records.
    We will disclose appointed representative information under this 
routine use specifically in connection with response and remediation 
efforts in the event of an unintentional release of agency information, 
otherwise known as a ``data security breach.'' This routine use will 
protect the interests of the people whose information is at risk by 
allowing us to take appropriate steps to facilitate a timely and 
effective response to a data breach. The routine use will also help us 
improve our ability to prevent, minimize, or remedy any harm that may 
result from a compromise of data covered in this system of records.

Disclosure to Consumer Reporting Agencies:
    Pursuant to 5 U.S.C. 552a(b)(12) of the Privacy Act, we may 
disclose information to consumer reporting agencies as defined in the 
Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims 
Collection Act of 1966 (31 U.S.C. 3701, et seq.), as amended. We will 
make the disclosure in accordance with 31 U.S.C. 3711(e) when 
authorized by sections 204(f), 808(e), or 1631(b)(4) of the Social 
Security Act (42 U.S.C. 404(f), 1008(e), or 1383(b)(4)). We may 
disclose under these circumstances to facilitate the collection of 
outstanding debts owed to the Federal government, to provide an 
incentive for debtors to repay delinquent Federal government debts by 
making the debts part of their credit records. The information we

[[Page 51943]]

disclose is limited to the person's name, address, SSN, and other 
information necessary to establish the person's identity, the amount, 
status, and history of the debt, and the agency or program under which 
the debt arose.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    We will store records in this system in paper and electronic form.

Retrievability:
    We will retrieve records by SSN, representative identification 
number, or alphabetically by the person's name.

Safeguards:
    We retain paper and electronic files with personal identifiers in 
secure storage areas accessible only to our authorized employees and 
contractors. We limit access to data with personal identifiers from 
this system to only our authorized personnel who have a need for the 
information when performing their official duties.
    We provide appropriate security awareness and training annually to 
all our employees and contractors that include reminders about the need 
to protect personally identifiable information and the criminal 
penalties that apply to unauthorized access to, or disclosure of, 
personally identifiable information. See 5 U.S.C. 552a(i)(l). 
Furthermore, employees and contractors with access to databases 
maintaining personally identifiable information must sign a sanction 
document annually, acknowledging their accountability for 
inappropriately accessing or disclosing such information.

Retention and disposal:
    For purposes of records management dispositions authority, we 
follow the NARA and Department of Defense (DOD) 5015.2 regulations (DOD 
Design Criteria Standard for Electronic Records Management Software 
Applications). We will destroy paper and electronic records three years 
after the final action is taken.

System manager(s) and address(es):
    Deputy Commissioner for Budget, Finance and Management, Social 
Security Administration, 6401 Security Boulevard, Baltimore, MD 21235.

Notification procedures:
    Persons can determine if this system contains a record about them 
by writing to the system manager at the above address to verify their 
identity or they must certify in the request that they are the person 
they claim to be and understand that the knowing and willful request 
for, or acquisition of, a record pertaining to another person under 
false pretenses is a criminal offense.
    Persons requesting notification of records in person should provide 
the same information, as well as provide an identity document, 
preferably with a photograph, such as a driver's license. Persons 
lacking identification documents sufficient to establish their identity 
must certify in writing that they are the person they claim to be and 
that they understand that the knowing and willful request for, or 
acquisition of, a record pertaining to another person under false 
pretenses is a criminal offense.
    Persons requesting notification by telephone must verify their 
identity by providing identifying information that parallels the 
information in the record about which they are requesting notification. 
If we determine that the identifying information the person provides by 
telephone is insufficient, we will require the person to submit a 
request in writing or in person. If a person requests information by 
telephone on behalf of another person, the subject person must be on 
the telephone with the requesting person and us in the same phone call. 
We will establish the subject person's identity (his or her name, SSN, 
address, date of birth, and place of birth, along with one other piece 
of information such as mother's maiden name) and ask for his or her 
consent to provide information to the requesting person. These 
procedures are in accordance with SSA Regulations (20 CFR 401.40 and 
401.45).

Record access procedures:
    Same as notification procedures. Requesters also should reasonably 
specify the record contents they are seeking. These procedures are in 
accordance with SSA Regulations (20 CFR 401.40(c)).

Contesting record procedures:
    Same as notification procedures. Persons also should reasonably 
identify the record, specify the information they are contesting, and 
state the corrective action sought and the reasons for the correction 
with supporting justification showing how the record is incomplete, 
untimely, inaccurate, or irrelevant. These procedures are in accordance 
with SSA Regulations (20 CFR 401.65(a)).

Record source categories:
    We obtain information covered by the Appointed Representative File 
system of records from claimant representatives and SSA records, such 
as the Master Beneficiary Record, Supplemental Security Record, and 
Master Files of Social Security Number (SSN) Holders and SSN 
Applications.

Exemptions claimed for the system:
    None.

[FR Doc. E9-24275 Filed 10-7-09; 8:45 am]
BILLING CODE P