Privacy Act of 1974, as Amended; Proposed System of Records and Routine Use Disclosures, 79065-79068 [2010-31700]

Download as PDF Federal Register / Vol. 75, No. 242 / Friday, December 17, 2010 / Notices SMALL BUSINESS ADMINISTRATION Emergence Capital Partners SBIC, L.P. License No. 09/79–0454; Notice Seeking Exemption Under Section 312 of the Small Business Investment Act, Conflicts of Interest Notice is hereby given that Emergence Capital Partners SBIC, L.P., 160 Bovet Road, Suite 300, San Mateo, CA 94402, a Federal Licensee under the Small Business Investment Act of 1958, as amended (‘‘the Act’’), in connection with the financing of a small concern, has sought an exemption under Section 312 of the Act and Section 107.730, Financings which Constitute Conflicts of Interest of the Small Business Administration (‘‘SBA’’) Rules and Regulations (13 CFR 107.730). Emergence Capital Partners SBIC, L.P. proposes to provide equity financing to Intacct Corporation, 125 S. Market Street, Suite 600, San Jose, California 95113. The financing is contemplated for working capital and general operating purposes. The financing is brought within the purview of § 107.730(a)(1) of the Regulations because Emergence Capital Partners, L.P. and Emergence Capital Associates, L.P., Associates of Emergence Capital Partners SBIC, L.P., own more than ten percent of Intacct Corporation. Therefore, Intacct Corporation is considered an Associate of Emergence Capital Partners SBIC, L.P. and this transaction is considered Financing an Associate, requiring prior SBA approval. Notice is hereby given that any interested person may submit written comments on the transaction within 15 days of the date of this publication to the Associate Administrator for Investment, U.S. Small Business Administration, 409 Third Street, SW., Washington, DC 20416. Dated: December 3, 2010. Sean J. Greene, Associate Administrator for Investment. [FR Doc. 2010–31675 Filed 12–16–10; 8:45 am] BILLING CODE 8025–01–M emcdonald on DSK2BSOYB1PROD with NOTICES SOCIAL SECURITY ADMINISTRATION SUPPLEMENTARY INFORMATION: Privacy Act of 1974, as Amended; Proposed System of Records and Routine Use Disclosures AGENCY: I. Background and Purpose of the eAuthentication File Social Security Administration (SSA). Proposed system of records and routine uses. ACTION: In accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and SUMMARY: VerDate Mar<15>2010 16:45 Dec 16, 2010 Jkt 223001 (e)(11)), we are issuing public notice of our intent to establish a system of records, the Central Repository of Electronic Authentication Data Master File (hereinafter referred to as the eAuthentication File) and its applicable routine uses. The e-Authentication File will maintain personally identifiable information (PII) we collect and use to verify the identity of persons using our electronic services. We discuss the eAuthentication File and its routine use disclosures in the Supplementary Information section below. We invite public comments on the eAuthentication File. DATES: We filed a report of the eAuthentication File and its applicable routine use disclosures with the Chairman of the Senate Committee on Homeland Security and Governmental Affairs, the Chairman of the House Committee on Oversight and Government Reform, and the Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB) on December 8, 2010. The e-Authentication File and applicable routine uses will become effective on January 13, 2010, unless we receive comments before that date that require further consideration. ADDRESSES: Interested persons may comment on this publication by writing to the Executive Director, Office of Privacy and Disclosure, Office of the General Counsel, Social Security Administration, 3–A–6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235–6401 or through the Federal e-Rulemaking Portal at https://www.regulations.gov. All comments we receive will be available for public inspection at the above address, and we will post them to https://www.regulations.gov. FOR FURTHER INFORMATION CONTACT: Neil Etter, Social Insurance Specialist, Disclosure Policy Development and Services Division I, Office of Privacy and Disclosure, Office of the General Counsel, Social Security Administration, 3–A–6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235–6401, telephone: (410) 965–8028, e-mail: neil.etter@ssa.gov. A. General Background We provide electronic services, such as our automated telephone and Internet applications, for persons doing business with us. When users choose our electronic services, they must provide PO 00000 Frm 00101 Fmt 4703 Sfmt 4703 79065 their PII. We use their PII to verify their identities. Upon successful verification, we are able to recognize the users’ identities and authorize them to conduct business with us electronically. The e-Authentication File supports our agency’s objectives to expand electronic services and to provide strong and secure authentication procedures. For security reasons, we must be able to determine, with confidence, persons are who they claim to be each time they choose our electronic services. The eAuthentication File will capture the data we need to verify users’ identities. B. Collection and Maintenance of the Data Covered by the e-Authentication File We will collect and maintain the users’ PII in the e-Authentication File. The PII may include the users’ name, address, date of birth, Social Security number (SSN), phone number, and other types of identity information (e.g., address information of persons from the W–2 and Schedule Self Employed (SE) forms we receive electronically for our programmatic purposes as permitted by 26 U.S.C. 6103(l)(1)(A)). We may also collect knowledge-based authentication data, which is information users establish with us or that we already maintain in existing Privacy Act systems of records. We will maintain the data necessary to administer and maintain our eAuthentication infrastructure. This includes management and profile information, such as blocked accounts, failed access data, effective date of passwords, and other data that allows us to evaluate the system’s effectiveness. The data we maintain also may include archived transaction data and historical data. II. Routine Use Disclosures of Data Covered by the e-Authentication File A. Routine Use Disclosures We propose to establish the following routine use disclosures of information from the e-Authentication File: 1. To the Office of the President in response to a request the Office of the President made at the request of the subject of a record or a third party acting on the subject’s behalf. We will disclose information under this routine use only when the Office of the President indicates it is requesting the record on behalf of the subject of the record or a third party acting on the subject’s behalf. 2. To a congressional office in response to a request from that office made at the request of the subject of the record or a third party acting on the subject’s behalf. E:\FR\FM\17DEN1.SGM 17DEN1 emcdonald on DSK2BSOYB1PROD with NOTICES 79066 Federal Register / Vol. 75, No. 242 / Friday, December 17, 2010 / Notices We will disclose information under this routine use only when a member of Congress, or member of his or her staff indicates he or she is requesting the record on behalf of the subject of the record or a third party acting on the subject’s behalf. 3. To the Department of Justice (DOJ), a court or other tribunal, or another party before such a court or other tribunal when: (a) SSA or any of our components; or (b) Any SSA employee in his or her official capacity; or (c) Any SSA employee in his or her individual capacity when DOJ (or SSA) has agreed to represent the employee; or (d) The United States or any agency thereof when we determine that the litigation is likely to affect the operations of SSA or any of our components, is a party to litigation or has an interest in such litigation, and we determine that the use of such records by DOJ, a court, other tribunal, or another party before such tribunal is relevant and necessary to the litigation. In each case, however, we must determine that such disclosure is compatible with the purpose for which we collected the records. We will disclose information under this routine use as necessary to enable the DOJ to defend us, our components, or our employees in litigation, when we determine use of information covered by the e-Authentication File is relevant and necessary to the litigation and compatible with the purpose for which we collected the information. We will also disclose information to ensure that courts, other tribunals, and parties before such courts or tribunals, have appropriate information that we determine is relevant and necessary. 4. To other Federal agencies and our contractors, including external data sources, to assist us in efficiently administering our programs. We will disclose information under this routine use only in situations where we have a contractual agreement or similar agreement with a third party to assist in accomplishing our work relating to information covered by the eAuthentication File. Under this routine use, we may disclose information to a contractor to assist us in advancing, testing, and evaluating our authentication procedures for our electronic services. 5. To student volunteers, persons working under a personal services contract, and others when they need access to information in our records in order to perform their assigned agency duties. VerDate Mar<15>2010 16:45 Dec 16, 2010 Jkt 223001 We will disclose information under this routine use only when we use the services of student volunteers, persons working under a personal services contract, and others in educational, training, employment, and community service programs when they need access to information covered by the eAuthentication File to perform their assigned agency duties. 6. To the Department of Justice for: (a) Investigating and prosecuting violations of the Social Security Act to which criminal penalties attach; and (b) Representing the Commissioner; or (c) Investigating issues of fraud or violation of civil rights by agency officers or employees. We will disclose information under this routine use only as necessary to enable DOJ to represent us in matters for these purposes. 7. To the General Services Administration (GSA) and the National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by the NARA Act of 1984, when the information is for records management purposes. We will disclose information under this routine use only when it is necessary for GSA and NARA to have access to the information covered by the e-Authentication File. The Administrator of GSA and the Archivist of NARA are authorized by Title 44 U.S.C. 2904, as amended, to promulgate standards, procedures, and guidelines regarding records management and to conduct records management studies. Title 44 U.S.C. 2906, as amended, provides that agencies are to cooperate with GSA and NARA as GSA and NARA are authorized to inspect Federal agencies’ records for records management purposes. 8. To appropriate Federal, State, and local agencies, entities, and persons when: (a) We suspect or confirm a compromise of security or confidentiality of information; (b) We determine that, as a result of the suspected or confirmed compromise, there is a risk of harm to economic or property interests, risk of identity theft or fraud, or risk of harm to the security or integrity of this system or other systems or programs that rely upon the compromised information; and (c) We determine that disclosing the information to such agencies, entities, and persons will assist us in our efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy any harm. We will disclose information under this routine use specifically in connection with response and PO 00000 Frm 00102 Fmt 4703 Sfmt 4703 remediation efforts in the event of an unintentional release of agency information (otherwise known as a data breach). With this routine use, we can protect the interests of the people whose information is at risk by responding timely and effectively to a data breach. The routine use will also help us improve our ability to prevent, minimize, or remedy any harm that may result from a data breach. B. Compatibility of Routine Uses We can disclose information for routine uses one through six when it is necessary to carry out our programs or other programs similar to ours or when the disclosure is supported by a published routine use (20 CFR 401.150). We can also disclose information when the disclosure is required by law (20 CFR 401.120). Federal law requires the disclosures that we make under routine uses seven and eight to the extent another Federal law does not prohibit the disclosure. All routine uses in the eAuthentication File are compatible with the relevant statutory and regulatory criteria. III. Records Storage Medium and Safeguards for the Information Covered by the e-Authentication File We will maintain, in electronic form, all information covered by the eAuthentication File. We will safeguard the security of the electronic information covered by the eAuthentication File by requiring the use of access codes (personal identification number (PIN) and password) to enter the computer system that will house the data. We will maintain audit trails of all access to this information in accordance with agency security policy and Federal retention standards. We will permit access to the information covered by the e-Authentication File only to our authorized employees and contractors who require the information to perform their official duties. We annually provide all our employees and contractors with security awareness and training. This includes the need to protect PII and the criminal penalties that apply to an unauthorized access to, or disclosure of, PII. Employees and contractors with access to databases maintaining PII must also sign a sanction document annually, acknowledging their accountability for inappropriately accessing or disclosing such information. IV. Effects of the e-Authentication File on the Rights of Persons We will use safeguards to protect the confidentiality of all PII in our possession. We will ensure that all E:\FR\FM\17DEN1.SGM 17DEN1 Federal Register / Vol. 75, No. 242 / Friday, December 17, 2010 / Notices contractors or others acting on our behalf are obliged to do the same. We will adhere to the provisions of the Privacy Act and other applicable Federal statutes that govern our use and disclosure of information that the eAuthentication File covers. We will disclose information under the routine uses only as necessary to accomplish the stated purposes. We do not anticipate that the e-Authentication File or its applicable routine use disclosures will have any unwarranted adverse effect on the privacy or other rights of persons. Dated: November 30, 2010. Michael J. Astrue, Commissioner. Social Security Administration Notice of System of Records Required by the Privacy Act of 1974, as Amended System number: 60–0373 SYSTEM NAME: Central Repository of Electronic Authentication Data Master File. None. SYSTEM LOCATION: Social Security Administration (SSA), Office of Systems, 6401 Security Boulevard, Baltimore, Maryland 21235. CATEGORIES OF PERSONS COVERED BY THE SYSTEM: Persons conducting business with us through our electronic services. emcdonald on DSK2BSOYB1PROD with NOTICES CATEGORIES OF RECORDS IN THE SYSTEM: We will collect and maintain the users’ personally identifiable information (PII) in this system of records. The PII may include the users’ name, address, date of birth, Social Security number (SSN), phone number, and other types of identity information (e.g., address information of persons from the W–2 and Schedule Self Employed (SE) forms we receive electronically for our programmatic purposes as permitted by 26 U.S.C. 6103(l)(1)(A)). We may also collect knowledge-based authentication data, which is information users establish with us or that we already maintain in existing Privacy Act systems of records. We will maintain the data necessary to administer and maintain our eAuthentication infrastructure. This includes management and profile information, such as blocked accounts, failed access data, effective date of passwords, and other data that allows us 19:12 Dec 16, 2010 Jkt 223001 AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Section 205(a) of the Social Security Act; the Government Paperwork Elimination Act (Pub. L. 105–277); the Internal Revenue Code (26 U.S.C. 6103(l)(1)(A)); and the Federal Information Security Management Act of 2002 (Title III) of the E-Government Act of 2002 (Pub. L. 107–347). PURPOSE(S): This system of records supports our agency’s objectives to expand electronic services, such as our automated telephone and Internet application. This system of records also supports our agency’s commitment to strong and secure authentication procedures by properly maintaining PII we collect from persons to verify their identities. For security reasons, we must be able to determine, with confidence, persons are who they claim to be each time they choose our electronic services. ROUTINE USES OF RECORDS COVERED BY THIS SYSTEM OF RECORDS, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: SECURITY CLASSIFICATION: VerDate Mar<15>2010 to evaluate the system’s effectiveness. The data we maintain also may include archived transaction data and historical data. Routine use disclosures are indicated below; however, we will not disclose any information defined as ‘‘return or return information’’ under 26 U.S.C. 6103 of the Internal Revenue Code (IRC), unless the IRC, the Internal Revenue Service (IRS), or IRS regulations authorize us to do so. 1. To the Office of the President in response to a request the Office of the President made at the request of the subject of the record or a third party acting on the subject’s behalf. 2. To a congressional office in response to a request from that office made at the request of the subject of the record or a third party acting on the subject’s behalf. 3. To the Department of Justice (DOJ), a court, other tribunal, or another party before such court or tribunal when: (a) SSA or any of our components; or (b) Any SSA employee in his or her official capacity; or (c) Any SSA employee in his or her individual capacity when DOJ (or SSA) has agreed to represent the employee; or (d) The United States or any agency thereof when we determine that the litigation is likely to affect the operations of SSA or any of our components, is a party to litigation or has an interest in such litigation, and we determine that the use of such records by DOJ, a court, other tribunal, or another party before such tribunal is PO 00000 Frm 00103 Fmt 4703 Sfmt 4703 79067 relevant and necessary to the litigation. In each case, we must determine that such disclosures are compatible with the purpose for which we collected the records. 4. To other Federal agencies and our contractors, including external data sources, to assist us in administering our programs. 5. To student volunteers, persons working under a personal services contract, and others when they need access to information in our records in order to perform their assigned agency duties. 6. To the Department of Justice for: (a) Investigating and prosecuting violations of the Social Security Act to which criminal penalties attach; and (b) Representing the Commissioner; or (c) Investigating issues of fraud or violation of civil rights by agency officers or employees. 7. To the General Services Administration and the National Archives and Records Administration under 44 U.S.C. 2904 and 2906, as amended by the NARA Act of 1984, when the information is for records management purposes. 8. To appropriate Federal, State, and local agencies, entities, and persons when: (a) We suspect or confirm a compromise of security or confidentiality of information; (b) We determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, risk of identity theft or fraud, or harm to the security or integrity of this system or other systems or programs that rely upon the compromised information; and (c) We determine that disclosing the information to such agencies, entities, and persons will assist us in our efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THIS SYSTEM OF RECORDS: STORAGE: We will store records in this system of records in electronic form. RETRIEVABILITY: We will retrieve records in this system of records by a person’s name and associated identifying information. SAFEGUARDS: We retain electronic files with personal identifiers in secure storage areas accessible only to our authorized E:\FR\FM\17DEN1.SGM 17DEN1 79068 Federal Register / Vol. 75, No. 242 / Friday, December 17, 2010 / Notices employees and contractors who have a need for the information when performing their official duties. Security measures include the use of access codes (personal identification number (PIN) and password) to enter our computer systems that house the data. We annually provide all our employees and contractors with security awareness and training. This includes the need to protect PII and the criminal penalties that apply to an unauthorized access to, or disclosure of, PII. Employees and contractors with access to databases maintaining PII must also sign a sanction document annually, acknowledging their accountability for inappropriately accessing or disclosing such information. RETENTION AND DISPOSAL: We maintain records in SSA headquarters within the Office of Open Government. We will maintain records in this system of records until seven years after the notification of the death of the account holder. After that time, we will delete the person’s records from the database. providing identifying information that parallels the information in the record about which they are requesting notification. If we determine that the identifying information the person provides by telephone is insufficient, we will require the person to submit a request in writing or in person. If a person requests information by telephone on behalf of another person, the subject person must be on the telephone with the requesting person and us in the same phone call. We will establish the subject person’s identity (his or her name, SSN, address, date of birth, and place of birth, along with one other piece of information such as mother’s maiden name) and ask for his or her consent to provide information to the requesting person. These procedures are in accordance with our regulations at 20 CFR 401.40 and 401.45. RECORD ACCESS PROCEDURES: Same as notification procedures. Persons also should reasonably specify the record contents they are seeking. These procedures are in accordance with our regulations (20 CFR 401.40(c)). SYSTEM MANAGER(S) AND ADDRESS: CONTESTING RECORD PROCEDURES: Office of the Chief Information Officer, Office of Open Government, Social Security Administration, 6401 Security Boulevard, Baltimore, MD 21235. Same as notification procedures. Persons also should reasonably identify the record, specify the information they are contesting, and state the corrective action sought and the reasons for the correction with supporting justification showing how the record is incomplete, untimely, inaccurate, or irrelevant. These procedures are in accordance with our regulations (20 CFR 401.65(a)). emcdonald on DSK2BSOYB1PROD with NOTICES NOTIFICATION PROCEDURES: Persons can determine if this system contains a record about them by writing to the system manager at the above address and providing their name, SSN, or other information in this system of records that will identify them. Persons requesting notification by mail must include a notarized statement to us to verify their identity or must certify in the request that they are the person they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record pertaining to another person under false pretenses is a criminal offense. Persons requesting notification of records in person must provide the same information, as well as provide an identity document, preferably with a photograph, such as a driver’s license. Persons lacking identification documents sufficient to establish their identity must certify in writing that they are the person they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record pertaining to another person under false pretenses is a criminal offense. Persons requesting notification by telephone must verify their identity by VerDate Mar<15>2010 16:45 Dec 16, 2010 Jkt 223001 RECORD SOURCE CATEGORIES: We obtain information in this system of records primarily from the person to whom the record pertains. We may also include information from electronic W– 2 and electronic Schedule SE forms for members of the public. SYSTEM EXEMPTED FROM CERTAIN PROVISIONS OF THE PRIVACY ACT: None. [FR Doc. 2010–31700 Filed 12–16–10; 8:45 am] BILLING CODE P DEPARTMENT OF STATE [Public Notice: 7270] 60-Day Notice of Proposed Information Collection: Form- DS–1950, Department of State Application for Employment, OMB Control Number 1405–0139 Notice of request for public comments. ACTION: PO 00000 Frm 00104 Fmt 4703 Sfmt 4703 The Department of State is seeking Office of Management and Budget (OMB) approval for the information collection described below. The purpose of this notice is to allow 60 days for public comment in the Federal Register preceding submission to OMB. We are conducting this process in accordance with the Paperwork Reduction Act of 1995. • Title of Information Collection: Department of State Application for Employment. • OMB Control Number: 1405–0139. • Type of Request: Extension of a currently approved collection. • Originating Office: Bureau of Human Resources, Office of Recruitment, Examination, Employment (HR/REE) • Form Number: DS–1950. • Respondents: U.S. Citizens seeking entry into certain Department of State Foreign Service positions. • Estimated Number of Respondents: 3,000. • Estimated Number of Responses: 3,000. • Average Hours Per Response: 30 minutes. • Total Estimated Burden: 1,500. • Frequency: On Occasion. • Obligation to Respond: Required to Obtain a Benefit. DATES: The Department will accept comments from the public up to 60 days from December 17, 2010. ADDRESSES: You may submit comments by any of the following methods: • E-mail: mooreme1@state.gov. • Mail (paper, disk, or CD–ROM submissions): U.S. Department of State—SA–1, HR/REE/REC Room 518H, Attention: Marvin Moore, 2401 E Street, NW., Washington DC 20522. You must include the DS form number (if applicable), information collection title, and OMB control number in any correspondence. • If you have access to the Internet, you may view and comment on this notice by going to: https:// www.regulations.gov/search/Regs/ home.html#home. FOR FURTHER INFORMATION CONTACT: Direct requests for additional information regarding the collection listed in this notice, including requests for copies of the proposed information collection and supporting documents, to Marvin E. Moore, Bureau of Human Resources, Recruitment Division, Student Programs, U.S. Department of State, Washington, DC 20522, who may be reached on 202–261–8885 or by email at MooreME1@state.gov. SUPPLEMENTARY INFORMATION: We are soliciting public comments to permit the Department to: SUMMARY: E:\FR\FM\17DEN1.SGM 17DEN1

Agencies

[Federal Register Volume 75, Number 242 (Friday, December 17, 2010)]
[Notices]
[Pages 79065-79068]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2010-31700]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974, as Amended; Proposed System of Records and 
Routine Use Disclosures

AGENCY: Social Security Administration (SSA).

ACTION: Proposed system of records and routine uses.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and 
(e)(11)), we are issuing public notice of our intent to establish a 
system of records, the Central Repository of Electronic Authentication 
Data Master File (hereinafter referred to as the e-Authentication File) 
and its applicable routine uses. The e-Authentication File will 
maintain personally identifiable information (PII) we collect and use 
to verify the identity of persons using our electronic services. We 
discuss the e-Authentication File and its routine use disclosures in 
the Supplementary Information section below. We invite public comments 
on the e-Authentication File.

DATES: We filed a report of the e-Authentication File and its 
applicable routine use disclosures with the Chairman of the Senate 
Committee on Homeland Security and Governmental Affairs, the Chairman 
of the House Committee on Oversight and Government Reform, and the 
Administrator, Office of Information and Regulatory Affairs, Office of 
Management and Budget (OMB) on December 8, 2010. The e-Authentication 
File and applicable routine uses will become effective on January 13, 
2010, unless we receive comments before that date that require further 
consideration.

ADDRESSES: Interested persons may comment on this publication by 
writing to the Executive Director, Office of Privacy and Disclosure, 
Office of the General Counsel, Social Security Administration, 3-A-6 
Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235-6401 or through the Federal e-Rulemaking Portal at https://www.regulations.gov. All comments we receive will be available for 
public inspection at the above address, and we will post them to https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Neil Etter, Social Insurance 
Specialist, Disclosure Policy Development and Services Division I, 
Office of Privacy and Disclosure, Office of the General Counsel, Social 
Security Administration, 3-A-6 Operations Building, 6401 Security 
Boulevard, Baltimore, Maryland 21235-6401, telephone: (410) 965-8028, 
e-mail: neil.etter@ssa.gov.

SUPPLEMENTARY INFORMATION:

I. Background and Purpose of the e-Authentication File

A. General Background

    We provide electronic services, such as our automated telephone and 
Internet applications, for persons doing business with us. When users 
choose our electronic services, they must provide their PII. We use 
their PII to verify their identities. Upon successful verification, we 
are able to recognize the users' identities and authorize them to 
conduct business with us electronically.
    The e-Authentication File supports our agency's objectives to 
expand electronic services and to provide strong and secure 
authentication procedures. For security reasons, we must be able to 
determine, with confidence, persons are who they claim to be each time 
they choose our electronic services. The e-Authentication File will 
capture the data we need to verify users' identities.

B. Collection and Maintenance of the Data Covered by the e-
Authentication File

    We will collect and maintain the users' PII in the e-Authentication 
File. The PII may include the users' name, address, date of birth, 
Social Security number (SSN), phone number, and other types of identity 
information (e.g., address information of persons from the W-2 and 
Schedule Self Employed (SE) forms we receive electronically for our 
programmatic purposes as permitted by 26 U.S.C. 6103(l)(1)(A)). We may 
also collect knowledge-based authentication data, which is information 
users establish with us or that we already maintain in existing Privacy 
Act systems of records.
    We will maintain the data necessary to administer and maintain our 
e-Authentication infrastructure. This includes management and profile 
information, such as blocked accounts, failed access data, effective 
date of passwords, and other data that allows us to evaluate the 
system's effectiveness. The data we maintain also may include archived 
transaction data and historical data.

II. Routine Use Disclosures of Data Covered by the e-Authentication 
File

A. Routine Use Disclosures

    We propose to establish the following routine use disclosures of 
information from the e-Authentication File:
    1. To the Office of the President in response to a request the 
Office of the President made at the request of the subject of a record 
or a third party acting on the subject's behalf.
    We will disclose information under this routine use only when the 
Office of the President indicates it is requesting the record on behalf 
of the subject of the record or a third party acting on the subject's 
behalf.
    2. To a congressional office in response to a request from that 
office made at the request of the subject of the record or a third 
party acting on the subject's behalf.

[[Page 79066]]

    We will disclose information under this routine use only when a 
member of Congress, or member of his or her staff indicates he or she 
is requesting the record on behalf of the subject of the record or a 
third party acting on the subject's behalf.
    3. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such a court or other tribunal when:
    (a) SSA or any of our components; or
    (b) Any SSA employee in his or her official capacity; or
    (c) Any SSA employee in his or her individual capacity when DOJ (or 
SSA) has agreed to represent the employee; or
    (d) The United States or any agency thereof when we determine that 
the litigation is likely to affect the operations of SSA or any of our 
components,

is a party to litigation or has an interest in such litigation, and we 
determine that the use of such records by DOJ, a court, other tribunal, 
or another party before such tribunal is relevant and necessary to the 
litigation. In each case, however, we must determine that such 
disclosure is compatible with the purpose for which we collected the 
records.
    We will disclose information under this routine use as necessary to 
enable the DOJ to defend us, our components, or our employees in 
litigation, when we determine use of information covered by the e-
Authentication File is relevant and necessary to the litigation and 
compatible with the purpose for which we collected the information. We 
will also disclose information to ensure that courts, other tribunals, 
and parties before such courts or tribunals, have appropriate 
information that we determine is relevant and necessary.
    4. To other Federal agencies and our contractors, including 
external data sources, to assist us in efficiently administering our 
programs.
    We will disclose information under this routine use only in 
situations where we have a contractual agreement or similar agreement 
with a third party to assist in accomplishing our work relating to 
information covered by the e-Authentication File. Under this routine 
use, we may disclose information to a contractor to assist us in 
advancing, testing, and evaluating our authentication procedures for 
our electronic services.
    5. To student volunteers, persons working under a personal services 
contract, and others when they need access to information in our 
records in order to perform their assigned agency duties.
    We will disclose information under this routine use only when we 
use the services of student volunteers, persons working under a 
personal services contract, and others in educational, training, 
employment, and community service programs when they need access to 
information covered by the e-Authentication File to perform their 
assigned agency duties.
    6. To the Department of Justice for:
    (a) Investigating and prosecuting violations of the Social Security 
Act to which criminal penalties attach; and
    (b) Representing the Commissioner; or
    (c) Investigating issues of fraud or violation of civil rights by 
agency officers or employees.
    We will disclose information under this routine use only as 
necessary to enable DOJ to represent us in matters for these purposes.
    7. To the General Services Administration (GSA) and the National 
Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 
2906, as amended by the NARA Act of 1984, when the information is for 
records management purposes.
    We will disclose information under this routine use only when it is 
necessary for GSA and NARA to have access to the information covered by 
the e-Authentication File. The Administrator of GSA and the Archivist 
of NARA are authorized by Title 44 U.S.C. 2904, as amended, to 
promulgate standards, procedures, and guidelines regarding records 
management and to conduct records management studies. Title 44 U.S.C. 
2906, as amended, provides that agencies are to cooperate with GSA and 
NARA as GSA and NARA are authorized to inspect Federal agencies' 
records for records management purposes.
    8. To appropriate Federal, State, and local agencies, entities, and 
persons when:
    (a) We suspect or confirm a compromise of security or 
confidentiality of information;
    (b) We determine that, as a result of the suspected or confirmed 
compromise, there is a risk of harm to economic or property interests, 
risk of identity theft or fraud, or risk of harm to the security or 
integrity of this system or other systems or programs that rely upon 
the compromised information; and
    (c) We determine that disclosing the information to such agencies, 
entities, and persons will assist us in our efforts to respond to the 
suspected or confirmed compromise and prevent, minimize, or remedy any 
harm.
    We will disclose information under this routine use specifically in 
connection with response and remediation efforts in the event of an 
unintentional release of agency information (otherwise known as a data 
breach). With this routine use, we can protect the interests of the 
people whose information is at risk by responding timely and 
effectively to a data breach. The routine use will also help us improve 
our ability to prevent, minimize, or remedy any harm that may result 
from a data breach.

B. Compatibility of Routine Uses

    We can disclose information for routine uses one through six when 
it is necessary to carry out our programs or other programs similar to 
ours or when the disclosure is supported by a published routine use (20 
CFR 401.150). We can also disclose information when the disclosure is 
required by law (20 CFR 401.120). Federal law requires the disclosures 
that we make under routine uses seven and eight to the extent another 
Federal law does not prohibit the disclosure. All routine uses in the 
e-Authentication File are compatible with the relevant statutory and 
regulatory criteria.

III. Records Storage Medium and Safeguards for the Information Covered 
by the e-Authentication File

    We will maintain, in electronic form, all information covered by 
the e-Authentication File. We will safeguard the security of the 
electronic information covered by the e-Authentication File by 
requiring the use of access codes (personal identification number (PIN) 
and password) to enter the computer system that will house the data. We 
will maintain audit trails of all access to this information in 
accordance with agency security policy and Federal retention standards. 
We will permit access to the information covered by the e-
Authentication File only to our authorized employees and contractors 
who require the information to perform their official duties.
    We annually provide all our employees and contractors with security 
awareness and training. This includes the need to protect PII and the 
criminal penalties that apply to an unauthorized access to, or 
disclosure of, PII. Employees and contractors with access to databases 
maintaining PII must also sign a sanction document annually, 
acknowledging their accountability for inappropriately accessing or 
disclosing such information.

IV. Effects of the e-Authentication File on the Rights of Persons

    We will use safeguards to protect the confidentiality of all PII in 
our possession. We will ensure that all

[[Page 79067]]

contractors or others acting on our behalf are obliged to do the same. 
We will adhere to the provisions of the Privacy Act and other 
applicable Federal statutes that govern our use and disclosure of 
information that the e-Authentication File covers. We will disclose 
information under the routine uses only as necessary to accomplish the 
stated purposes. We do not anticipate that the e-Authentication File or 
its applicable routine use disclosures will have any unwarranted 
adverse effect on the privacy or other rights of persons.

    Dated: November 30, 2010.
Michael J. Astrue,
Commissioner.

Social Security Administration

Notice of System of Records

Required by the Privacy Act of 1974, as Amended

System number:
    60-0373

System name:
    Central Repository of Electronic Authentication Data Master File.

Security classification:
    None.

System Location:
    Social Security Administration (SSA), Office of Systems, 6401 
Security Boulevard, Baltimore, Maryland 21235.

Categories of persons covered by the system:
    Persons conducting business with us through our electronic 
services.

Categories of records in the system:
    We will collect and maintain the users' personally identifiable 
information (PII) in this system of records. The PII may include the 
users' name, address, date of birth, Social Security number (SSN), 
phone number, and other types of identity information (e.g., address 
information of persons from the W-2 and Schedule Self Employed (SE) 
forms we receive electronically for our programmatic purposes as 
permitted by 26 U.S.C. 6103(l)(1)(A)). We may also collect knowledge-
based authentication data, which is information users establish with us 
or that we already maintain in existing Privacy Act systems of records.
    We will maintain the data necessary to administer and maintain our 
e-Authentication infrastructure. This includes management and profile 
information, such as blocked accounts, failed access data, effective 
date of passwords, and other data that allows us to evaluate the 
system's effectiveness. The data we maintain also may include archived 
transaction data and historical data.

Authority for maintenance of the system:
    Section 205(a) of the Social Security Act; the Government Paperwork 
Elimination Act (Pub. L. 105-277); the Internal Revenue Code (26 U.S.C. 
6103(l)(1)(A)); and the Federal Information Security Management Act of 
2002 (Title III) of the E-Government Act of 2002 (Pub. L. 107-347).

Purpose(s):
    This system of records supports our agency's objectives to expand 
electronic services, such as our automated telephone and Internet 
application. This system of records also supports our agency's 
commitment to strong and secure authentication procedures by properly 
maintaining PII we collect from persons to verify their identities. For 
security reasons, we must be able to determine, with confidence, 
persons are who they claim to be each time they choose our electronic 
services.

Routine uses of records covered by this system of records, including 
categories of users and the purposes of such uses:
    Routine use disclosures are indicated below; however, we will not 
disclose any information defined as ``return or return information'' 
under 26 U.S.C. 6103 of the Internal Revenue Code (IRC), unless the 
IRC, the Internal Revenue Service (IRS), or IRS regulations authorize 
us to do so.
    1. To the Office of the President in response to a request the 
Office of the President made at the request of the subject of the 
record or a third party acting on the subject's behalf.
    2. To a congressional office in response to a request from that 
office made at the request of the subject of the record or a third 
party acting on the subject's behalf.
    3. To the Department of Justice (DOJ), a court, other tribunal, or 
another party before such court or tribunal when:
    (a) SSA or any of our components; or
    (b) Any SSA employee in his or her official capacity; or
    (c) Any SSA employee in his or her individual capacity when DOJ (or 
SSA) has agreed to represent the employee; or
    (d) The United States or any agency thereof when we determine that 
the litigation is likely to affect the operations of SSA or any of our 
components, is a party to litigation or has an interest in such 
litigation, and we determine that the use of such records by DOJ, a 
court, other tribunal, or another party before such tribunal is 
relevant and necessary to the litigation. In each case, we must 
determine that such disclosures are compatible with the purpose for 
which we collected the records.
    4. To other Federal agencies and our contractors, including 
external data sources, to assist us in administering our programs.
    5. To student volunteers, persons working under a personal services 
contract, and others when they need access to information in our 
records in order to perform their assigned agency duties.
    6. To the Department of Justice for:
    (a) Investigating and prosecuting violations of the Social Security 
Act to which criminal penalties attach; and
    (b) Representing the Commissioner; or
    (c) Investigating issues of fraud or violation of civil rights by 
agency officers or employees.
    7. To the General Services Administration and the National Archives 
and Records Administration under 44 U.S.C. 2904 and 2906, as amended by 
the NARA Act of 1984, when the information is for records management 
purposes.
    8. To appropriate Federal, State, and local agencies, entities, and 
persons when:
    (a) We suspect or confirm a compromise of security or 
confidentiality of information;
    (b) We determine that as a result of the suspected or confirmed 
compromise there is a risk of harm to economic or property interests, 
risk of identity theft or fraud, or harm to the security or integrity 
of this system or other systems or programs that rely upon the 
compromised information; and
    (c) We determine that disclosing the information to such agencies, 
entities, and persons will assist us in our efforts to respond to the 
suspected or confirmed compromise and prevent, minimize, or remedy such 
harm.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in this system of records:
Storage:
    We will store records in this system of records in electronic form.

Retrievability:
    We will retrieve records in this system of records by a person's 
name and associated identifying information.

Safeguards:
    We retain electronic files with personal identifiers in secure 
storage areas accessible only to our authorized

[[Page 79068]]

employees and contractors who have a need for the information when 
performing their official duties. Security measures include the use of 
access codes (personal identification number (PIN) and password) to 
enter our computer systems that house the data.
    We annually provide all our employees and contractors with security 
awareness and training. This includes the need to protect PII and the 
criminal penalties that apply to an unauthorized access to, or 
disclosure of, PII. Employees and contractors with access to databases 
maintaining PII must also sign a sanction document annually, 
acknowledging their accountability for inappropriately accessing or 
disclosing such information.

Retention and disposal:
    We maintain records in SSA headquarters within the Office of Open 
Government. We will maintain records in this system of records until 
seven years after the notification of the death of the account holder. 
After that time, we will delete the person's records from the database.

System manager(s) and address:
    Office of the Chief Information Officer, Office of Open Government, 
Social Security Administration, 6401 Security Boulevard, Baltimore, MD 
21235.

Notification procedures:
    Persons can determine if this system contains a record about them 
by writing to the system manager at the above address and providing 
their name, SSN, or other information in this system of records that 
will identify them. Persons requesting notification by mail must 
include a notarized statement to us to verify their identity or must 
certify in the request that they are the person they claim to be and 
that they understand that the knowing and willful request for, or 
acquisition of, a record pertaining to another person under false 
pretenses is a criminal offense.
    Persons requesting notification of records in person must provide 
the same information, as well as provide an identity document, 
preferably with a photograph, such as a driver's license. Persons 
lacking identification documents sufficient to establish their identity 
must certify in writing that they are the person they claim to be and 
that they understand that the knowing and willful request for, or 
acquisition of, a record pertaining to another person under false 
pretenses is a criminal offense.
    Persons requesting notification by telephone must verify their 
identity by providing identifying information that parallels the 
information in the record about which they are requesting notification. 
If we determine that the identifying information the person provides by 
telephone is insufficient, we will require the person to submit a 
request in writing or in person. If a person requests information by 
telephone on behalf of another person, the subject person must be on 
the telephone with the requesting person and us in the same phone call. 
We will establish the subject person's identity (his or her name, SSN, 
address, date of birth, and place of birth, along with one other piece 
of information such as mother's maiden name) and ask for his or her 
consent to provide information to the requesting person. These 
procedures are in accordance with our regulations at 20 CFR 401.40 and 
401.45.

Record access procedures:
    Same as notification procedures. Persons also should reasonably 
specify the record contents they are seeking. These procedures are in 
accordance with our regulations (20 CFR 401.40(c)).

Contesting record procedures:
    Same as notification procedures. Persons also should reasonably 
identify the record, specify the information they are contesting, and 
state the corrective action sought and the reasons for the correction 
with supporting justification showing how the record is incomplete, 
untimely, inaccurate, or irrelevant. These procedures are in accordance 
with our regulations (20 CFR 401.65(a)).

Record source categories:
    We obtain information in this system of records primarily from the 
person to whom the record pertains. We may also include information 
from electronic W-2 and electronic Schedule SE forms for members of the 
public.

System exempted from certain provisions of the Privacy Act:
    None.

[FR Doc. 2010-31700 Filed 12-16-10; 8:45 am]
BILLING CODE P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.