Privacy Act of 1974, as Amended; Proposed Amended and New Routine Uses, 62866-62872 [E9-28579]

Agencies

• Social Security Administration

[Federal Register Volume 74, Number 229 (Tuesday, December 1, 2009)]
[Notices]
[Pages 62866-62872]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-28579]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974, as Amended; Proposed Amended and New Routine 
Uses

AGENCY: Social Security Administration (SSA).

ACTION: Proposed routine uses.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and 
(e)(11)), we are issuing public notice of our intent to amend one 
routine use and add a new routine use applicable to our system of 
records entitled, Master Files of Social Security Number (SSN) Holders 
and SSN Applications, 60-0058 (the Enumeration System). The two routine 
uses to the Enumeration System will:
    (1) Allow us to verify SSNs and disclose the results to State 
agencies that issue non-driver's license identification documents to 
the public; and
    (2) Allow us to verify the SSN, disclose the results, and provide 
citizenship status information in our records to State agencies that 
administer Medicaid and the State Children's Health Insurance Program 
(CHIP) to assist them in determining new applicants' entitlement to 
benefits provided by the CHIP.
    We discuss the routine uses in greater detail in the Supplementary 
Information

[[Page 62867]]

section below. We invite public comment on this proposal.

DATES: We filed a report of the routine uses with the Chairman of the 
Senate Committee on Homeland Security and Governmental Affairs, the 
Chairman of the House Committee on Oversight and Government Reform, and 
the Director, Office of Information and Regulatory Affairs, Office of 
Management and Budget (OMB) on November 20, 2009. The routine uses will 
become effective on December 29, 2009 unless we receive comments before 
that date that would result in a contrary determination.

ADDRESSES: Interested persons may comment on this publication by 
writing to the Executive Director, Office of Privacy and Disclosure, 
Office of the General Counsel, Social Security Administration, Room 3-
A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235-6401. All comments we receive will be available for public 
inspection at the above address.

FOR FURTHER INFORMATION CONTACT: Talya Harris, Social Insurance 
Specialist, Disclosure Policy Development and Services Division 2, 
Office of Privacy and Disclosure, Office of the General Counsel, Social 
Security Administration, 3-A-6 Operations Building, 6401 Security 
Boulevard, Baltimore, Maryland 21235-6401, telephone: (410) 965-6176, 
e-mail: talya.harris@ssa.gov.

SUPPLEMENTARY INFORMATION: 

I. Background and Purpose of the Routine Uses

A. Disclosure of SSN Verifications for State Identification Card 
Programs

    The Social Security Act (Act) authorizes State Motor Vehicle 
Administration agencies (MVAs) to use the SSN to administer laws 
relating to issuing driver's licenses and non-driver identity cards. 
Sections 205(c)(2)(C)(i) and 205(r)(8) of the Act, 42 U.S.C. 
405(c)(2)(C)(i) and 405(r)(8). The Act permits the use of the SSN as a 
means for verifying personal information of the applicants. State MVA 
agencies may also require any person to furnish his or her SSN to the 
State MVA agency or to any agency having administrative responsibility 
for the driver's license or identity card programs. To support this 
requirement, we currently have a routine use that allows us to verify 
the SSN and disclose the results to State MVA agencies so that States 
can verify the information that they collect as part of their driver's 
license programs. Under the existing routine use, State MVA agencies 
may also use this information to issue identification cards for 
applicants who do not apply for driver's licenses. However, some States 
have identification card programs (ICP) for the public administered by 
agencies other than their MVAs. These agencies need to receive the same 
information to verify the information on people who apply for 
identification cards. To support this need, we are amending the 
existing routine use to allow us to disclose the results of the SSN 
verification to State agencies that administer ICPs for the public.

B. Disclosure of Citizenship Data for the State Children's Health 
Insurance Program

    On February 4, 2009, President Obama signed the Children's Health 
Insurance Program (CHIP) Reauthorization Act of 2009 (Pub. L. 111-3). 
This legislation allows States to subsidize premiums for employer-
provided group health coverage for eligible children and families. 
Section 211 gives States the option to verify citizenship information 
with us for purposes of establishing CHIP eligibility. State agencies 
that administer the CHIP may submit the applicant's name, SSN, and date 
of birth (DOB) to us to verify. We will confirm whether new CHIP 
applicants' declarations of citizenship are consistent with the 
information in our records by verifying the submitted names, SSNs, and 
DOBs against our Enumeration System records and provide those 
verification results, including indicator codes of citizenship data 
that may be part of the record. State agencies administering the CHIP 
are responsible for resolving any discrepancies with the applicant. If 
the investigation indicates there is a discrepant SSN in our records, 
State agencies will direct those applicants to one of our local offices 
for assistance.

II. Proposed Amended and New Routine Uses

A. State Identification Card Programs

    As described above, we already verify SSNs for State MVAs under an 
existing routine use in the Enumeration System. To comply with the 
Privacy Act, we will amend routine use number 33 to allow us to 
disclose SSN verification information to State agencies that also 
administer ICPs for the public. The amended routine use reads:

    To State motor vehicle administration agencies (MVA) and to 
State agencies charged with administering State identification card 
programs (ICP) for the public to verify names, dates of birth, and 
Social Security numbers on those persons who apply for, or for whom 
the State issues, driver's licenses or State identification cards. 
When we verify this information, we will indicate whether the 
information the State MVA or ICP provides matches or does not match 
the records covered by this system of records. We will also indicate 
which information the State submits does not match our records. If 
the information does not match our records, we will not disclose the 
actual information in our records.

B. State Children's Health Insurance Program

    The Privacy Act requires that agencies publish a notice in the 
Federal Register of ``each routine use of the records contained in the 
system, including the categories of users and the purpose of such 
use.'' 5 U.S.C. 552a(e)(4)(D). We developed the following routine use, 
number 43, for the Enumeration System that will allow us to disclose 
information to the appropriate State agencies charged with 
administering CHIP. The routine use reads:

    To State agencies charged with administering Medicaid and the 
Children's Health Insurance Program (CHIP) to verify personal 
identification data (i.e., name, SSN, and date of birth) and to 
disclose citizenship status information in our records to assist 
these agencies with determining new applicants' entitlement to 
benefits provided by the CHIP.

III. Compatibility of Routine Uses

    We can disclose information when the disclosure is required by law 
(20 CFR 401.120). Section 205(c)(2)(C)(i) of the Social Security Act 
permits States to collect the SSN to administer their driver's license 
and ICP programs and section 205(r)(8) allows us to verify information 
for State MVAs. In addition, section 211 of the CHIP Reauthorization 
Act of 2009 specifically allows States to verify assertions of 
citizenship with us.
    We can also disclose information when the purpose is compatible 
with the purpose for which we collected the information and is 
supported by published routine uses (20 CFR 401.150). Individuals can 
use driver's licenses and identification cards the MVAs and other State 
agencies administering ICPs issue to establish their identity for 
Federal, State, and local benefit program purposes. Disclosures for the 
CHIP are also compatible because the State agencies will use the 
information to assist in determining new applicants' entitlement to the 
benefits the program provides. For these reasons, we find that 
verifying the SSN for State MVAs and other State agencies that 
administer ICPs for the public and verifying the citizenship status 
information in our records to State agencies charged with administering 
the CHIP serve both the

[[Page 62868]]

statutory and compatibility requirements to permit these routine use 
disclosures.

IV. Effect of the Routine Uses on the Rights of Individuals

    The routine uses will permit us to verify the identification data 
used by State MVAs, other State agencies charged with administering 
ICPs for the public, and State agencies administering the CHIP. We will 
adhere to all applicable statutory requirements for disclosure, 
including those under the Social Security Act and the Privacy Act. We 
will disclose SSN verification information, including disclosure of 
citizenship status information in our records to the CHIP agencies, 
only under written agreements that stipulate that the States will 
collect, verify, and redisclose information we disclose only as 
provided for by Federal law. We will also safeguard from unauthorized 
access the data we receive from these entities to verify. Thus, we do 
not anticipate that the routine uses will have any unwarranted adverse 
effect on the rights of persons about whom we will disclose 
information.

    Dated: November 20, 2009.
Michael J. Astrue,
Commissioner.

Social Security Administration

Notice of Proposed Amended and New Routine Uses Required by the Privacy 
Act of 1974, as Amended

System Number:
    60-0058.

System name:
    Master Files of Social Security Number (SSN) Holders and SSN 
Applications, Social Security Administration (SSA).

Security Classification:
    None.

System Location:
    SSA, Office of Telecommunications and Systems Operations, 6401 
Security Boulevard Baltimore, Maryland 21235.

Categories of individuals covered by the system:
    This system contains a record of each person who has applied for 
and to whom we have assigned a Social Security Number (SSN). This 
system also contains records of each person who applied for an SSN, but 
to whom we did not assign one because: (1) his or her application was 
supported by documents that we suspect may be fraudulent and we are 
verifying the documents with the issuing agency; (2) we have determined 
the person submitted fraudulent documents; (3) we do not suspect fraud 
but we need to further verify information the person submitted or we 
need additional supporting documents; or (4) we have not yet completed 
processing the application.

Categories of records in the system:
    This system contains all of the information received on 
applications for SSNs (e.g., name, date and place of birth, sex, both 
parents' names, and race/ethnic data). In the case of an application 
for an SSN for an individual who has not yet attained the age of 18, we 
also maintain the SSNs of the parents. We also collect:
     Changes in the information on the applications the SSN 
holders submit;
     Information from applications supported by evidence we 
suspect or determine to be fraudulent, along with the mailing addresses 
of the persons who filed such applications and descriptions of the 
documentation they submitted;
     Cross-references when multiple numbers have been issued to 
the same individual;
     A form code that identifies the Form SS-5 (Application for 
a Social Security Number) as the application the person used for the 
initial issuance of an SSN, or for changing the identifying information 
(e.g., a code indicating original issuance of the SSN, or that we 
assigned the person's SSN through our enumeration at birth program);
     A citizenship code that identifies the number holder 
status as a U.S. citizen or the work authorization of a non-citizen;
     A special indicator code that identifies type or 
questionable data or special circumstance concerning an application for 
an SSN (e.g., false identity; illegal alien; scrambled earnings;
     An SSN assigned based on harassment, abuse, or life 
endangerment); and
     An indication that a person has filed a benefit claim 
under a particular SSN.

Authority for maintenance of the system:
    Sections 205(a) and 205(c)(2) of the Social Security Act (42 U.S.C. 
Sec. Sec.  405(a) and 405(c)(2)).

Purpose:
    We use information in this system to assign SSNs. We also use the 
information for a number of administrative purposes:
     For various Old Age, Survivors, and Disability Insurance, 
Supplemental Security Income, and Medicare/Medicaid claims purposes 
including using the SSN itself as a case control number, as a secondary 
beneficiary cross-reference control number for enforcement purposes, 
for verification of claimant identity factors, and for other claims 
purposes related to establishing benefit entitlement;
     As a basic control for retained earnings information;
     As a basic control and data source to prevent us from 
issuing multiple SSNs;
     As the means to identify reported names or SSNs on 
earnings reports;
     For resolution of earnings discrepancy cases;
     For statistical studies;
    The information is also used:
     By our Office of the Inspector General, Office of Audit, 
for auditing benefit payments under Social Security programs;
     By the Department of Health and Human Services (DHHS), 
Office of Child Support Enforcement for locating parents who owe child 
support;
     By the National Institute of Occupational Safety and 
Health for epidemiological research studies required by the 
Occupational Safety and Health Act of 1974;
     By the DHHS Office of Refugee Resettlement for 
administering Cuban refugee assistance payments;
     By the DHHS Centers for Medicare and Medicaid Services 
(CMS) for administering Titles XVIII and XIX claims;
     By the Secretary of the Treasury for use in administering 
those sections of the Internal Revenue Code of 1986 that grant tax 
benefits based on support or residence of children. These provisions 
apply specifically to SSNs parents provide on applications for persons 
who are not yet age 18; and
     To prevent the processing of an SSN card application for a 
person whose application we identified was supported by evidence that 
either:
    [cir] We suspect may be fraudulent and we are verifying it, or,
    [cir] We determined the person submitted fraudulent information.
    We alert our offices when an applicant who attempts to obtain an 
SSN card visits other offices to find one that might unwittingly accept 
fraudulent documentation.

Routine uses of records covered by the system, including categories of 
users and the purposes of such uses:
    Routine use disclosures are as indicated below; however, we will 
not disclose any information defined as ``return or return 
information'' under 26

[[Page 62869]]

U.S.C. 6103 of the Internal Revenue Code (IRC) unless authorized by 
statute, the Internal Revenue Service (IRS), or IRS regulations.
    1. To employers in order to complete their records for reporting 
wages to us pursuant to the Federal Insurance Contributions Act and 
section 218 of the Social Security Act.
    2. To Federal, State, and local entities to assist them with 
administering income maintenance and health-maintenance programs, when 
a Federal statute authorizes them to use the SSN.
    3. To the Department of Justice, Federal Bureau of Investigation 
and United States Attorneys Offices, and to the Department of Homeland 
Security, United States Secret Service, for investigating and 
prosecuting violations of the Social Security Act.
    4. To the Department of Homeland Security, United States 
Citizenship and Immigration Services, for identifying and locating 
aliens in the United States pursuant to requests received under section 
290(b) of the Immigration and Nationality Act (8 U.S.C. 1360(b)).
    5. To a contractor for the purpose of collating, evaluating, 
analyzing, aggregating, or otherwise refining records when we contract 
with a private firm. We will require the contractor to maintain Privacy 
Act safeguards with respect to such records.
    6. To the Railroad Retirement Board to:
    (a) Administer provisions of the Railroad Retirement and Social 
Security Act relating to railroad employment; and
    (b) Administer the Railroad Unemployment Insurance Act.
    7. To the Department of Energy for its epidemiological research 
study of the long-term effects of low-level radiation exposure, as 
permitted by our regulations at 20 CFR 401.150(c).
    8. To the Department of the Treasury for:
    (a) Tax administration as defined in section 6103 of the IRC (26 
U.S.C. 6103);
    (b) Investigating the alleged theft, forgery, or unlawful 
negotiation of Social Security checks; and
    (c) Administering those sections of the IRC that grant tax benefits 
based on support or residence of children. As required by section 
1090(b) of the Taxpayer Relief Act of 1997, Pub. L. 105-34, this 
routine use applies specifically to the SSNs of parents shown on an 
application for an SSN for a person who has not yet attained age 18.
    9. To a congressional office in response to an inquiry from that 
office made at the request of the subject of a record or a third party 
on that person's behalf.
    10. To the Department of State for administering the Social 
Security Act in foreign countries through facilities and services of 
that agency.
    11. To the American Institute, a private corporation under contract 
to the Department of State, for administering the Social Security Act 
on Taiwan through facilities and services of that agency.
    12. To the Department of Veterans Affairs (DVA), Regional Office, 
Manila, Philippines, for administering the Social Security Act in the 
Philippines and other parts of the Asia-Pacific region through 
facilities and services of that agency.
    13. To the Department of Labor for:
    (a) Administering provisions of the Black Lung Benefits Act; and
    (b) Conducting studies of the effectiveness of training programs to 
combat poverty.
    14. To DVA:
    (a) To validate SSNs of compensation recipients/pensioners in order 
to provide the release of accurate pension/compensation data by DVA to 
us for Social Security program purposes; and
    (b) Upon request, for purposes of determining eligibility for, or 
amount of DVA benefits, or verifying other information with respect 
thereto.
    15. To Federal agencies that use the SSN as a numerical identifier 
in their record-keeping systems, for the purpose of validating SSNs.
    16. To the Department of Justice (DOJ), a court, other tribunal, or 
another party before such court or tribunal when:
    (a) SSA or any of our components; or
    (b) Any SSA employee in his or her official capacity; or
    (c) Any SSA employee in his or her individual capacity when DOJ (or 
SSA when we are authorized to do so) has agreed to represent the 
employee; or
    (d) The United States or any agency thereof when we determine that 
the litigation is likely to affect the operations of SSA or any of our 
components, is party to litigation or has an interest in such 
litigation, and we determine that the use of such records by DOJ, a 
court, other tribunal, or another party before such court or tribunal 
is relevant and necessary to the litigation. In each case, however, we 
must determine that such disclosure is compatible with the purpose for 
which we collected the records.
    17. To State audit agencies for auditing State supplementation 
payments and Medicaid eligibility considerations.
    18. To the social security agency of a foreign country to carry out 
the purpose of an international social security agreement entered into 
between the United States and the other country, pursuant to section 
233 of the Social Security Act.
    19. To Federal, State, or local agencies (or agents on their 
behalf) for the purpose of validating SSNs those agencies use to 
administer cash or non-cash income maintenance programs or health 
maintenance programs, including programs under the Social Security Act.
    20. To third party contacts (e.g., State bureaus of vital 
statistics and the Department of Homeland Security) that issue 
documents to individuals when the party to be contacted has, or is 
expected to have, information that will verify documents when we are 
unable to determine if such documents are authentic.
    21. To DOJ, Criminal Division, Office of Special Investigations, 
upon receipt of a request for information pertaining to the identity 
and location of aliens for the purpose of detecting, investigating, 
and, when appropriate, taking legal action against suspected Nazi war 
criminals in the United States.
    22. To the Selective Service System for the purpose of enforcing 
draft registration pursuant to the provisions of the Military Selective 
Service Act (50 U.S.C. App. Sec.  462, as amended by section 916 of 
Pub. L. 97-86).
    23. To contractors and other Federal agencies, as necessary, to 
assist us in efficiently administering our programs. We will disclose 
information under this routine use only in situations in which we may 
enter a contractual or similar agreement with a third party to assist 
in accomplishing an agency function relating to this system of records.
    24. To organizations or agencies such as prison systems required by 
Federal law to furnish us with validated SSN information.
    25. To the General Services Administration and the National 
Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 
2906, as amended by the NARA Act of 1984, information that is not 
restricted from disclosure by Federal law for the their use in 
conducting records management studies.
    26. To DVA or third parties under contract to DVA to disclose SSNs 
and dates of birth for the purpose of conducting DVA medical research 
and epidemiological studies.
    27. To the Office of Personnel Management (OPM) upon receipt of a 
request from that agency in accordance with 5 U.S.C. 8347(m)(3), to 
disclose SSN information when OPM needs the information to administer 
its pension

[[Page 62870]]

program for retired Federal Civil Service employees.
    28. To the Department of Education, upon request, to verify SSNs 
that students provide to postsecondary educational institutions, as 
required by Title IV of the Higher Education Act of 1965 (20 U.S.C. 
1091).
    29. To student volunteers, persons working under a personal 
services contract, and others who are not technically Federal 
employees, when they need access to information in our records in order 
to perform their assigned agency duties.
    30. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary:
    (a) To enable them to ensure the safety of our employees and 
customers, the security of our workplace, and the operation of our 
facilities; or
    (b) To assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of our facilities.
    31. To recipients of erroneous Death Master File (DMF) information, 
to disclose corrections to information that resulted in erroneous 
inclusion of persons in the DMF.
    32. To State vital records and statistics agencies, the SSNs of 
newborn children for administering public health and income maintenance 
programs, including conducting statistical studies and evaluation 
projects.
    33. To State motor vehicle administration agencies (MVA) and to 
State agencies charged with administering State identification card 
programs (ICP) for the public to verify names, dates of birth, and 
Social Security numbers on those persons who apply for, or for whom the 
State issues, driver's licenses or State identification cards. When we 
verify this information, we will indicate whether the information the 
State MVA or ICP provides matches or does not match the records covered 
by this system of records. We will also indicate which information the 
State submits does not match our records. If the information does not 
match our records, we will not disclose the actual information in our 
records.
    34. To entities conducting epidemiological or similar research 
projects, upon request, to disclose information as to whether a person 
is alive or deceased pursuant to section 1106(d) of the Social Security 
Act (42 U.S.C. 1306(d)), provided that:
    (a) We determine, in consultation with the Department of Health and 
Human Services, that the research may reasonably be expected to 
contribute to a national health interest;
    (b) The requester agrees to reimburse us for the costs of providing 
the information; and
    (c) The requester agrees to comply with any safeguards and 
limitations we specify regarding re-release or re-disclosure of the 
information.
    35. To employers in connection with a pilot program, conducted with 
the Department of Homeland Security under 8 U.S.C. 1324a(d)(4), to test 
methods of verifying that persons are authorized to work in the United 
States. We will inform an employer participating in such pilot program 
that the identifying data (SSN, name, and date of birth) furnished by 
an employer concerning a particular employee match, or do not match, 
the data maintained in this system of records, and when there is such a 
match, that information in this system of records indicates that the 
employee is, or is not, a citizen of the United States.
    36. To a State bureau of vital statistics (BVS) that is authorized 
by States to issue electronic death reports when the State BVS requests 
that we verify the SSN of a person on whom the State will file an 
electronic death report after we verify the SSN.
    37. To the Department of Defense (DOD) to disclose validated SSN 
information and citizenship status information for the purpose of 
assisting DOD in identifying those members of the Armed Forces and 
military enrollees who are aliens or non-citizen nationals that may 
qualify for expedited naturalization or citizenship processing. These 
disclosures will be made pursuant to requests made under section 329 of 
the Immigration and Nationality Act, 8 U.S.C. 1440, as executed by 
Executive Order 13269.
    38. To a Federal, State, or congressional support agency (e.g., 
Congressional Budget Office and the Congressional Research Staff in the 
Library of Congress) for research, evaluation, or statistical studies. 
Such disclosures include, but are not limited to, release of 
information in assessing the extent to which one can predict 
eligibility for Supplemental Security Income (SSI) payments or Social 
Security disability insurance benefits; examining the distribution of 
Social Security benefits by economic and demographic groups and how 
these differences might be affected by possible changes in policy; 
analyzing the interaction of economic and non-economic variables 
affecting entry and exit events and duration in the Title II Old Age, 
Survivors, and Disability Insurance and the Title XVI SSI disability 
programs; and, analyzing retirement decisions focusing on the role of 
Social Security benefit amounts, automatic benefit recomputation, the 
delayed retirement credit, and the retirement test, if we:
    (a) Determine that the routine use does not violate legal 
limitations under which the record was provided, collected, or 
obtained;
    (b) Determines that the purpose for which the proposed use is to be 
made:
    i. Cannot reasonably be accomplished unless the record is provided 
in a form that identifies persons;
    ii. Is of sufficient importance to warrant the effect on, or risk 
to, the privacy of the person which such limited additional exposure of 
the record might bring;
    iii. Has reasonable probability that the objective of the use would 
be accomplished;
    iv. Is of importance to the Social Security program or the Social 
Security beneficiaries; or
    v. Is of importance to the Social Security program or the Social 
Security beneficiaries or is for an epidemiological research project 
that relates to the Social Security program or beneficiaries;
    (c) Requires the recipient of information to:
    i. Establish appropriate administrative, technical, and physical 
safeguards to prevent unauthorized use or disclosure of the record and 
agree to on-site inspection by SSA's personnel, its agents, or by 
independent agents of the recipient agency of those safeguards;
    ii. Remove or destroy the information that enables the person to be 
identified at the earliest time at which removal or destruction can be 
accomplished consistent with the purpose of the project, unless the 
recipient receives written authorization from SSA that it is justified, 
based on research objectives, for retaining such information;
    iii. Make no further use of the records except:
    (1) Under emergency circumstances affecting the health and safety 
of any person, following written authorization from us; or
    (2) For disclosure to an identified person approved by us for the 
purpose of auditing the research project;
    iv. Keep the data as a system of statistical records. A statistical 
record is one which is maintained only for statistical and research 
purposes and which is not used to make any determination about a 
person;
    (d) Secures a written statement by the recipient of the information 
attesting to the recipient's understanding of, and

[[Page 62871]]

willingness to abide by, these provisions.
    39. To State and Territory MVA officials (or agents or contractors 
on their behalf) and State and Territory chief election officials to 
verify the accuracy of information the State agency provides with 
respect to applications for voter registration, when the applicant 
provides the last four digits of the SSN instead of a driver's license 
number.
    40. To State and Territory MVA officials (or agents or contractors 
on their behalf) and State and Territory chief election officials, 
under the provisions of section 205(r)(8) of the Social Security Act 
(42 U.S.C. 405(r)(8)), to verify the accuracy of information the State 
agency provides with respect to applications for voter registration for 
those persons who do not have a driver's license number:
    (a) When the applicant provides the last four digits of the SSN, or
    (b) When the applicant provides the full SSN, in accordance with 
section 7 of the Privacy Act (5 U.S.C. 552a note), as described in 
section 303(a)(5)(D) of the Help America Vote Act of 2002. (42 U.S.C. 
15483(a)(5)(D).
    41. To the Secretary of Health and Human Services or to any State, 
we will disclose any record or information requested in writing by the 
Secretary for the purpose of administering any program administered by 
the Secretary, if we disclosed records or information of such type 
under applicable rules, regulations, and procedures in effect before 
the date of enactment of the Social Security Independence and Program 
Improvements Act of 1994.
    42. To the appropriate Federal, State, and local agencies, 
entities, and persons when: (1) We suspect or confirm that the security 
or confidentiality of information in this system of records has been 
compromised; (2) we determine that as a result of the suspected or 
confirmed compromise there is a risk of harm to economic or property 
interests, risk of identity theft or fraud, or harm to the security or 
integrity of this system or our other systems or programs that rely 
upon the compromised information; and (3) we determine that disclosing 
the information to such agencies, entities, and persons is necessary to 
assist in our efforts to respond to the suspected or confirmed 
compromise and prevent, minimize, or remedy such harm. We will use this 
routine use to respond only to those incidents involving an 
unintentional release of its records.
    43. To State agencies charged with administering Medicaid and the 
Children's Health Insurance Program (CHIP) to verify personal 
identification data (i.e., name, SSN, and date of birth) and to 
disclose citizenship status information to assist them in determining 
new applicants' entitlement to benefits provided by the CHIP.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    We maintain records in this system in paper form (Forms SS-5 
(Application for a Social Security Card), and system generated forms); 
magnetic media (magnetic tape and disc with on-line access); in 
microfilm and microfiche form, and on electronic files (NUMIDENT and 
Alpha-Index).

Retrievability:
    We will retrieve records by both SSN and name. If we deny an 
application because the applicant submitted fraudulent evidence, or if 
we are verifying evidence we suspect to be fraudulent, we will retrieve 
records either by the applicant's name plus month and year of birth, or 
by the applicant's name plus the eleven-digit reference number of the 
disallowed application.

Safeguards:
    We have established safeguards for automated records in accordance 
with our Systems Security Handbook. These safeguards include 
maintaining the magnetic tapes and discs within a secured enclosure 
attended by security guards. Anyone entering or leaving this enclosure 
must have a special badge we issue only to authorized personnel.
    For computerized records we transmit electronically between Central 
Office and Field Office locations, including organizations 
administering our programs under contractual agreements, safeguards 
include a lock/unlock password system, exclusive use of leased 
telephone lines, a terminal-oriented transaction matrix, and an audit 
trail. Only authorized personnel who have a need for the records in the 
performance of their official duties may access microfilm, microfiche, 
and paper files.
    We annually provide appropriate security guidance and training to 
all our employees and contractors that include reminders about the need 
to protect personally identifiable information and the criminal 
penalties that apply to unauthorized access to, or disclosure of, 
personally identifiable information. See 5 U.S.C. 552a(i)(1). 
Furthermore, employees and contractors with access to databases 
maintaining personally identifiable information must annually sign a 
sanction document, acknowledging their accountability for 
inappropriately accessing or disclosing such information.

Retention and disposal:
    We retain most paper forms only until we film and verify them for 
accuracy. We then shred the paper records. We retain electronic, as 
well as updated microfilm and microfiche records indefinitely. We 
update all tape, discs, microfilm, and microfiche files periodically. 
We erase out-of-date magnetic tapes and discs and we shred out-of-date 
microfiches.

System manager and address:
    Director, Division of Enumeration Verification and Death Alerts, 
Office of Earnings, Enumeration, and Administrative Systems, Social 
Security Administration, 6401 Security Boulevard, Baltimore, MD 21235.

Notification procedures:
    Persons can determine if this system contains a record about them 
by writing to the system manager at the above address and providing 
their name, SSN, or other information that may be in this system of 
records that will identify them. Persons requesting notification by 
mail must include a notarized statement to us to verify their identity 
or must certify in the request that they are the person they claim to 
be and that they understand that the knowing and willful request for, 
or acquisition of, a record pertaining to another person under false 
pretenses is a criminal offense.
    Persons requesting notification of records in person must provide 
their name, SSN, or other information that may be in this system of 
records that will identify them, as well as provide an identity 
document, preferably with a photograph, such as a driver's license. 
Persons lacking identification documents sufficient to establish their 
identity must certify in writing that they are the person they claim to 
be and that they understand that the knowing and willful request for, 
or acquisition of, a record pertaining to another person under false 
pretenses is a criminal offense.
    Persons requesting notification by telephone must verify their 
identity by providing identifying information that parallels the 
information in the record about which notification is sought. If we 
determine that the identifying information the person provides by 
telephone is insufficient, we will require the person to submit a 
request in writing or in person. If a person requests information by 
telephone on behalf of another person, the subject

[[Page 62872]]

person must be on the telephone with the requesting person and with us 
in the same phone call. We will establish the subject person's identity 
(his or her name, SSN, address, date of birth, and place of birth, 
along with one other piece of information such as mother's maiden 
name), and ask for his or her consent to provide information to the 
requesting person. These procedures are in accordance with our 
regulations at 20 CFR 401.40 and 401.45.

Record access procedures:
    Same as notification procedures. Persons must also reasonably 
specify the record contents they are seeking. These procedures are in 
accordance with our regulations at 20 CFR 401.40(c).

Contesting record procedures:
    Same as notification procedures. Persons must also reasonably 
identify the record, specify the information they are contesting, and 
state the corrective action sought, and the reasons for the correction 
with supporting justification showing how the record is incomplete, 
untimely, inaccurate, or irrelevant. These procedures are in accordance 
with our regulations at 20 CFR 401.65(a).

Record source categories:
    We obtain information in this system from SSN applicants (or 
persons acting on their behalf) and generate it internally. We assign 
the SSN to persons as a result of the system's internal process.

Exemptions claimed for the system:
    None.

[FR Doc. E9-28579 Filed 11-30-09; 8:45 am]
BILLING CODE P