Privacy Act of 1974; System of Records, 19588-19591 [2018-09362]

Download as PDF 19588 Federal Register / Vol. 83, No. 86 / Thursday, May 3, 2018 / Notices utilizing the proposed 7:00 a.m. ET activation time.35 The Exchange notes that members may cancel their inactive orders with RTFY or SCAN routing order attributes at any time prior to the time the order activates, which would allow members to react to conditions that may cause them to violate their best execution obligations to their customers should the orders activate and execute.36 The Exchange also notes that members may cancel their active orders with RTFY or SCAN routing order attributes and enter new orders at another time that the members believe will satisfy their best execution obligations.37 The Commission notes that Exchange members’ use of the proposed 7:00 a.m. ET activation time must be consistent with their best execution obligations. provisions of 5 U.S.C. 552, will be available for website viewing and printing in the Commission’s Public Reference Room, 100 F Street NE, Washington, DC 20549, on official business days between the hours of 10:00 a.m. and 3:00 p.m. Copies of the filing also will be available for inspection and copying at the principal office of the Exchange. All comments received will be posted without change. Persons submitting comments are cautioned that we do not redact or edit personal identifying information from comment submissions. You should submit only information that you wish to make available publicly. All submissions should refer to File Number SR–NASDAQ–2017–088 and should be submitted on or before May 24, 2018. IV. Solicitation of Comments on Amendment No. 2 to the Proposed Rule Change Interested persons are invited to submit written data, views, and arguments concerning whether Amendment No. 2 is consistent with the Act. Comments may be submitted by any of the following methods: V. Accelerated Approval of Proposed Rule Change, as Modified by Amendment No. 2 The Commission finds good cause to approve the proposed rule change, as modified by Amendment No. 2, prior to the thirtieth day after the date of publication of notice of the filing of Amendment No. 2 in the Federal Register. As noted above, in Amendment No. 2, the Exchange narrowed the proposal from allowing members to activate orders with RTFY or SCAN routing order attributes at any time during Pre-Market Hours, to specifically allowing members to activate these orders at 7:00 a.m. ET, which is similar to existing functionalities on certain other exchanges. Moreover, Amendment No. 2 provided additional explanation regarding the potential benefits of a 7:00 a.m. ET activation time. Accordingly, the Commission finds good cause, pursuant to Section 19(b)(2) of the Act,38 to approve the proposed rule change, as modified by Amendment No. 2, on an accelerated basis. sradovich on DSK3GMQ082PROD with NOTICES Electronic Comments • Use the Commission’s internet comment form (http://www.sec.gov/ rules/sro.shtml); or • Send an email to rule-comments@ sec.gov. Please include File Number SR– NASDAQ–2017–088 on the subject line. Paper Comments • Send paper comments in triplicate to Secretary, Securities and Exchange Commission, 100 F Street NE, Washington, DC 20549–1090. All submissions should refer to File Number SR–NASDAQ–2017–088. This file number should be included on the subject line if email is used. To help the Commission process and review your comments more efficiently, please use only one method. The Commission will post all comments on the Commission’s internet website (http://www.sec.gov/ rules/sro.shtml). Copies of the submission, all subsequent amendments, all written statements with respect to the proposed rule change that are filed with the Commission, and all written communications relating to the proposed rule change between the Commission and any person, other than those that may be withheld from the public in accordance with the id. at 8–10. id. at 8. 37 See id. VI. Conclusion It is therefore ordered, pursuant to Section 19(b)(2) of the Act,39 that the proposed rule change (SR–NASDAQ– 2017–088), as modified by Amendment No. 2, be, and hereby is, approved on an accelerated basis. For the Commission, by the Division of Trading and Markets, pursuant to delegated authority.40 Robert W. Errett, Deputy Secretary. [FR Doc. 2018–09341 Filed 5–2–18; 8:45 am] BILLING CODE 8011–01–P 35 See 38 15 36 See 39 Id. VerDate Sep<11>2014 17:29 May 02, 2018 40 17 Jkt 244001 PO 00000 U.S.C. 78s(b)(2). CFR 200.30–3(a)(12). Frm 00068 Fmt 4703 Sfmt 4703 SOCIAL SECURITY ADMINISTRATION [Docket No. SSA–2018–0012] Privacy Act of 1974; System of Records Office of Analytics, Review, and Oversight, Social Security Administration (SSA). ACTION: Notice of a new system of records. AGENCY: In accordance with the Privacy Act, we are issuing public notice of our intent to establish a new system of records entitled, Anti-Fraud Enterprise Solution (AFES) (60–0388), hereinafter called the AFES Record System. The AFES Record System is an agency-wide and overarching system that includes the ability to detect, prevent, and mitigate fraud in SSA’s programs. The AFES Record System will collect and maintain personally identifiable information (PII) to assist in identifying suspicious or potentially fraudulent activities performed by individuals across all the agency’s programs and service delivery methods. This notice publishes details of the system as set forth under the caption, SUPPLEMENTARY INFORMATION. DATES: The system of records notice (SORN) is applicable upon its publication in today’s Federal Register, with the exception of the routine uses, which are effective June 4, 2018. We invite public comment on the routine uses or other aspects of this SORN. In accordance with 5 U.S.C. 552a(e)(4) and (e)(11), the public is given a 30-day period in which to submit comments. Therefore, please submit any comments by June 4, 2018. ADDRESSES: The public, Office of Management and Budget (OMB), and Congress may comment on this publication by writing to the Executive Director, Office of Privacy and Disclosure, Office of the General Counsel, SSA, Room G–401 West High Rise, 6401 Security Boulevard, Baltimore, Maryland 21235–6401, or through the Federal e-Rulemaking Portal at http://www.regulations.gov, please reference docket number SSA–2018– 0012. All comments we receive will be available for public inspection at the above address and we will post them to http://www.regulations.gov. FOR FURTHER INFORMATION CONTACT: Neil Etter, Government Information Specialist, Privacy Implementation Division, Office of Privacy and Disclosure, Office of the General Counsel, SSA, Room G–401 West High Rise, 6401 Security Boulevard, Baltimore, Maryland 21235–6401, SUMMARY: E:\FR\FM\03MYN1.SGM 03MYN1 Federal Register / Vol. 83, No. 86 / Thursday, May 3, 2018 / Notices telephone: (410) 965–8028, email: Neil.Etter@ssa.gov. SUPPLEMENTARY INFORMATION: We are establishing the AFES Record System to support our objectives that will ‘‘Strengthen the Integrity of Our Programs,’’ specifically to protect the public’s data, provide secure online services, and increase payment accuracy. The AFES Record System will provide us with access to a single repository of data that currently resides across many different SSA systems of records. We will use the PII in the AFES Record System to employ advanced data analytics solutions to identify patterns indicative of fraud, improve the functionality of data-driven fraud activations, conduct real-time risk analysis, and integrate developing technology into our anti-fraud business processes. This solution will also provide true business intelligence to agency leadership with assistance in data-driven anti-fraud decision-making. We will use the records in the AFES Record System to detect indications of fraud in all SSA’s programs and operations initiated by individuals outside of SSA or internal to SSA (e.g., SSA employees). In accordance with 5 U.S.C. 552a(r), we provided a report to OMB and Congress on this new system of records. Dated: February 14, 2018. Mary Ann Zimmerman, Acting Executive Director, Office of Privacy and Disclosure, Office of the General Counsel. SYSTEM NAME AND NUMBER Anti-Fraud Enterprise Solution (AFES), 60–0388. SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: Social Security Administration, Office of Analytics, Review, and Oversight, Office of Anti-Fraud Programs, Robert M. Ball Building, 6401 Security Boulevard, Baltimore, MD 21235. sradovich on DSK3GMQ082PROD with NOTICES SYSTEM MANAGER(S): Chief Fraud Prevention Officer, Social Security Administration, Office of Analytics, Review, and Oversight, Office of Anti-Fraud Programs, Robert M. Ball Building, 6401 Security Boulevard, Baltimore, MD 21235, dcaro.oafp.controls@ssa.gov. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: General authority to maintain the system is contained in Sections 205(a) and 702(a)(5) of the Social Security Act, as amended (42 U.S.C. 405(a) and 902(a)(5)), and the Fraud Reduction and VerDate Sep<11>2014 17:29 May 02, 2018 Jkt 244001 Data Analytics Act of 2015 (Pub. L. 114– 186). PURPOSE(S) OF THE SYSTEM: The records maintained in the AFES Record System are necessary to detect, prevent, mitigate, and track the likelihood of fraudulent activity in SSA’s programs and operations. We will use the AFES Record System to identify patterns of fraud and to improve datadriven fraud activations and real-time analysis. We may use the results of these data analysis activities, including fraud leads and vulnerabilities, in our fraud investigations and other activities to support program and operational improvements. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: This system covers individuals who are relevant to suspicious or potentially fraudulent activities connected with Social Security programs and operations, including but not limited to the subjects of an investigation, Social Security applicants and beneficiaries, representative payees, appointed representatives, complainants, key witnesses, and current or former employees, contractors, or agents. CATEGORIES OF RECORDS IN THE SYSTEM: We will collect and maintain information in connection with our review of all suspicious or potentially fraudulent activities in Social Security programs and operations. We will also collect and maintain SSA and Non-SSA breach information, including data generated internally or received from businesses with whom SSA has a relationship or government entities or partners. The AFES Record System includes records on individuals that it obtains from other SSA systems of records and will maintain information such as: Enumeration Information: This information may include name, Social Security number (SSN), date of birth, parent name(s), address, and place of birth. Earnings Information: This information may include yearly earnings and quarters of coverage information. Social Security Benefit Information: This information may include disability status, benefit payment amount, data relating to the computation, appointed representative, and representative payee. Representative Payee Information: This information may include names, SSNs, and addresses of representative payees and relationship with the beneficiary. PO 00000 Frm 00069 Fmt 4703 Sfmt 4703 19589 Persons Conducting Business With Us Through Electronic Services: This information may include name, address, date of birth, SSN, knowledge-based authentication data, and blocked accounts. Employee Information: This information may include personal identification number (PIN), employee name, job title, SSN about our employees, contractors, or agents. RECORD SOURCE CATEGORIES: We obtain information in this system from individuals (i.e., the public and SSA staff), other Government agencies, and private entities. The largest record sources for the AFES Record System is information the agency collects and maintains for purposes related to other business processes that have established systems of records, such as the Master Files of SSN Holders and SSN Applications (60–0058), the Claims Folders Systems (60–0089), the Master Beneficiary Record (60–0090), the Supplemental Security Income Record and Special Veterans Benefits (60– 0103), the Personal Identification Number File (60–0214), the Master Representative Payee File (60–0222), and the Central Repository of Electronic Authentication Data Master File (60– 0373). The AFES Record System may pull any relevant information from any SSA system of records. For a full listing of our system of records notices that could provide information to the AFES Record System, please see the Privacy Program section of SSA’s website. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: We will disclose records pursuant to the following routine uses; however, we will not disclose any information defined as ‘‘return or return information’’ under 26 U.S.C. 6103 of the Internal Revenue Code (IRC), unless authorized by statute, the Internal Revenue Service (IRS), or IRS regulations. 1. To any agency, person, or entity in the course of an SSA investigation to the extent necessary to obtain or to verify information pertinent to an SSA fraud investigation. 2. To a congressional office in response to an inquiry from that office made on behalf of, and at the request of, the subject of the record or a third party acting on the subject’s behalf. 3. To the Office of the President in response to an inquiry received from that office made on behalf of, and at the request of, the subject of record or a third party acting on the subject’s behalf. E:\FR\FM\03MYN1.SGM 03MYN1 sradovich on DSK3GMQ082PROD with NOTICES 19590 Federal Register / Vol. 83, No. 86 / Thursday, May 3, 2018 / Notices 4. To the Department of Justice (DOJ), a court or other tribunal, or another party before such court or tribunal, when: (a) SSA, or any component thereof; or (b) any SSA employee in his/her official capacity; or: (c) any SSA employee in his/her individual capacity where DOJ (or SSA where it is authorized to do so) has agreed to represent the employee; or (d) the United States or any agency thereof where SSA determines the litigation is likely to SSA or any of its components, is a party to the litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court or other tribunal, or another party before the tribunal is relevant and necessary to the litigation, provided, however, that in each case, the agency determines that disclosure of the records to DOJ, court or other tribunal, or another party is a use of the information contained in the records that is compatible with the purpose for which the records were collected. 5. To contractors and other Federal agencies, as necessary, for the purpose of assisting SSA in the efficient administration of its programs. We will disclose information under this routine use only in situations in which SSA may enter into a contractual or similar agreement with a third party to assist in accomplishing an agency function relating to this system of records. 6. To student volunteers, individuals working under a personal services contract, and other workers who technically do not have the status of Federal employees, when they are performing work for SSA, as authorized by law, and they need access to PII in SSA records in order to perform their assigned agency functions. 7. To Federal, State, and local law enforcement agencies and private security contractors, as appropriate, information necessary: (a) To enable them to protect the safety of SSA employees and customers, the security of the SSA workplace, and the operation of SSA facilities, or (b) to assist in investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupt the operation of SSA facilities. 8. To the National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 2906. 9. To appropriate agencies, entities, and persons when: (a) SSA suspects or has confirmed that there has been a breach of the system of records; VerDate Sep<11>2014 17:29 May 02, 2018 Jkt 244001 (b) SSA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, SSA (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with SSA’s efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. 10. To another Federal agency or Federal entity, when SSA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in: (a) Responding to suspected or confirmed breach; or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. 11. To the Equal Employment Opportunity Commission when requested in connection with investigation into alleged or possible discriminatory practices in the Federal sector, examination of Federal affirmative employment programs, compliance by Federal agencies with the Uniform Guidelines on Employee Selection Procedures, or other functions vested in the Commission. 12. To the Office of Personnel Management, Merit Systems Protection Board, or the Office of Special Counsel in connection with appeals, special studies of the civil service and other merit systems, review of rules and regulations, investigations of alleged or possible prohibited personnel practices, and other such functions promulgated in 5 U.S.C. Chapter 12, or as may be required by law. 13. To the Federal Labor Relations Authority, the Office of the Special Counsel, the Federal Mediation and Conciliation Service, the Federal Service Impasses Panel, or an arbitrator requesting information in connection with the investigations of allegations of unfair practices, matters before an arbitrator or the Federal Service Impasses Panel. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: We will maintain records in this system in paper and electronic form. PO 00000 Frm 00070 Fmt 4703 Sfmt 4703 POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: We will retrieve records by the individual’s name, SSN, as well as internal transaction identifiers (e.g., transaction identification for the Internet Claim application, transaction identification for an electronic online Direct Deposit change, etc.). Information from these retrieved records that matches across other agency systems of records will also create a linkage to retrieve those records, because the system is able to show key connections or overlaps based on similar information stored in different data sources at the agency. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: These records are currently unscheduled. We will retain the records in accordance with NARA approved records schedules. In accordance with NARA rules codified at 36 CFR 1225.16, we maintain unscheduled records until NARA approves an agency-specific records schedule or publishes a corresponding General Records Schedule. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: We retain electronic and paper files containing personal identifiers in secure storage areas accessible only by our authorized employees who have a need for the information when performing their official duties. Security measures include, but are not limited to, the use of codes and profiles, personal identification number and password, and personal identification verification cards. We restrict access to specific correspondence within the system based on assigned roles and authorized users. We maintain electronic files with personal identifiers in secure storage areas. We will use audit mechanisms to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification. We keep paper records in cabinets within secure areas, with access limited to only those employees who have an official need for access in order to perform their duties. We annually provide our employees and contractors with appropriate security awareness training that includes reminders about the need to protect PII and the criminal penalties that apply to unauthorized access to, or disclosure of PII. See 5 U.S.C. 552a(i)(1). Furthermore, employees and contractors with access to databases maintaining PII must annually sign a sanction document that acknowledges their accountability E:\FR\FM\03MYN1.SGM 03MYN1 Federal Register / Vol. 83, No. 86 / Thursday, May 3, 2018 / Notices for inappropriately accessing or disclosing such information. DEPARTMENT OF STATE [Public Notice 10404] RECORD ACCESS PROCEDURES: Individuals may submit requests for information about whether this system contains a record about them by submitting a written request to the system manager at the above address, which includes their name, SSN, or other information that may be in this system of records that will identify them. Individuals requesting notification of, or access to, a record by mail must include: (1) A notarized statement to us to verify their identity; or (2) must certify in the request that they are the individual they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense. Individuals requesting notification of, or access to, records in person must provide their name, SSN, or other information that may be in this system of records that will identify them, as well as provide an identity document, preferably with a photograph, such as a driver’s license. Individuals lacking identification documents sufficient to establish their identity must certify in writing that they are the individual they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense. These procedures are in accordance with our regulations at 20 CFR 401.40 and 401.45. CONTESTING RECORD PROCEDURES: Same as record access procedures. Individuals should also reasonably identify the record, specify the information they are contesting, and state the corrective action sought and the reasons for the correction with supporting justification showing how the record is incomplete, untimely, inaccurate, or irrelevant. These procedures are in accordance with our regulations at 20 CFR 401.65(a). NOTIFICATION PROCEDURES: sradovich on DSK3GMQ082PROD with NOTICES Same as record access procedures. These procedures are in accordance with our regulations at 20 CFR 401.40 and 401.45. EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. HISTORY: None. [FR Doc. 2018–09362 Filed 5–2–18; 8:45 am] BILLING CODE P VerDate Sep<11>2014 17:29 May 02, 2018 Jkt 244001 United States-Morocco Working Group on Environmental Cooperation Meeting and Public Session Department of State. Announcement of meetings; solicitation of suggestions; invitation to public session. AGENCY: ACTION: The Department of State is providing notice that the governments of the United States and Kingdom of Morocco (the governments) intend to hold a meeting of the United StatesMorocco Working Group on Environmental Cooperation (Working Group) and a public session in Rabat, Morocco, on May 11, 2018, to discuss implementation of the Joint Statement on Environmental Cooperation (Joint Statement). During the meetings, the governments will discuss how the United States and Morocco can work together to protect and conserve the environment, highlight past bilateral environmental cooperation, review activities under the 2014–2017 Plan of Action, and approve a 2018–2021 Plan of Action. The Department of State invites members of the public to submit written suggestions on items to include on the meeting agenda and in the 2018–2021 Plan of Action. The Department of State also invites interested persons to attend a public session where the public will have the opportunity to ask about implementation of the Joint Statement. DATES: The public session will be held on May 11, 2018, in Rabat, Morocco. Suggestions on the meeting agenda and/ or the 2018–2021 Plan of Action should be provided no later than May 8, 2018, to facilitate consideration. ADDRESSES: Those interested in attending the public session should email Eloise Canfield at CanfieldME@ state.gov to find out the time and location of the session. Suggestions on the meeting agenda and/or the 2018– 2021 Plan of Action should be emailed to CanfieldME@state.gov or faxed to Eloise Canfield at (202) 647–5947, with the subject line ‘‘United States-Morocco Environmental Cooperation.’’ FOR FURTHER INFORMATION CONTACT: Eloise Canfield, (202) 647–4750 or CanfieldME@state.gov. SUPPLEMENTARY INFORMATION: In the Joint Statement, the governments of the United States and Morocco indicate their intent ‘‘to pursue efforts to enhance bilateral environmental cooperation . . . .’’ In paragraph 5 of the Joint Statement, the governments SUMMARY: PO 00000 Frm 00071 Fmt 4703 Sfmt 4703 19591 established the Working Group to coordinate and review environmental cooperation activities. As envisioned in the Joint Statement, the Working Group develops Plans of Action, reviews and assesses cooperative environmental activities pursuant to the Plan of Action, recommends ways to improve such cooperation, and undertakes such other activities as may seem appropriate to the governments. Through this notice, the United States is soliciting the views of the public with respect to the 2018–2021 Plan of Action. Members of the public, including NGOs, educational institutions, private sector enterprises, and all other interested persons are invited to submit written suggestions regarding items for inclusion in the meeting agendas or in the 2018–2021 Plan of Action. Please include your full name and identify any organization or group you represent. We encourage submitters to refer to: • United States-Morocco Joint Statement on Environmental Cooperation; • 2014–2017 Plan of Action Pursuant to the United States-Morocco Joint Statement on Environmental Cooperation; These documents are available at: http://www.state.gov/e/oes/eqt/trade/ morocco/index.htm. Brian P. Doherty, Director, Office of Environmental Quality and Transboundary Issues, Department of State. [FR Doc. 2018–09378 Filed 5–2–18; 8:45 am] BILLING CODE 4710–09–P SURFACE TRANSPORTATION BOARD [Docket No. AB 1256] Boston and Maine Corporation & Springfield Terminal Railway Company—Adverse Discontinuance of Operating Authority—MilfordBennington Railroad Company, Inc. On April 13, 2018, Boston and Maine Corporation and the Springfield Terminal Railway Company (collectively, Pan Am) filed an application under 49 U.S.C. 10903 requesting that the Surface Transportation Board (the Board) authorize the third-party, or ‘‘adverse,’’ discontinuance of operating authority held by Milford-Bennington Railroad Company, Inc. (MBR) over approximately 5.36 miles of rail line on the Hillsborough Branch from milepost 11.00 to milepost 16.36 in southern New Hampshire (the Line). The Line traverses United States Postal Service Zip Codes 03055 and 03086. E:\FR\FM\03MYN1.SGM 03MYN1

Agencies

[Federal Register Volume 83, Number 86 (Thursday, May 3, 2018)]
[Notices]
[Pages 19588-19591]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-09362]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION

[Docket No. SSA-2018-0012]


Privacy Act of 1974; System of Records

AGENCY: Office of Analytics, Review, and Oversight, Social Security 
Administration (SSA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act, we are issuing public 
notice of our intent to establish a new system of records entitled, 
Anti-Fraud Enterprise Solution (AFES) (60-0388), hereinafter called the 
AFES Record System. The AFES Record System is an agency-wide and 
overarching system that includes the ability to detect, prevent, and 
mitigate fraud in SSA's programs. The AFES Record System will collect 
and maintain personally identifiable information (PII) to assist in 
identifying suspicious or potentially fraudulent activities performed 
by individuals across all the agency's programs and service delivery 
methods. This notice publishes details of the system as set forth under 
the caption, SUPPLEMENTARY INFORMATION.

DATES: The system of records notice (SORN) is applicable upon its 
publication in today's Federal Register, with the exception of the 
routine uses, which are effective June 4, 2018. We invite public 
comment on the routine uses or other aspects of this SORN. In 
accordance with 5 U.S.C. 552a(e)(4) and (e)(11), the public is given a 
30-day period in which to submit comments. Therefore, please submit any 
comments by June 4, 2018.

ADDRESSES: The public, Office of Management and Budget (OMB), and 
Congress may comment on this publication by writing to the Executive 
Director, Office of Privacy and Disclosure, Office of the General 
Counsel, SSA, Room G-401 West High Rise, 6401 Security Boulevard, 
Baltimore, Maryland 21235-6401, or through the Federal e-Rulemaking 
Portal at http://www.regulations.gov, please reference docket number 
SSA-2018-0012. All comments we receive will be available for public 
inspection at the above address and we will post them to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Neil Etter, Government Information 
Specialist, Privacy Implementation Division, Office of Privacy and 
Disclosure, Office of the General Counsel, SSA, Room G-401 West High 
Rise, 6401 Security Boulevard, Baltimore, Maryland 21235-6401,

[[Page 19589]]

telephone: (410) 965-8028, email: [email protected].

SUPPLEMENTARY INFORMATION: We are establishing the AFES Record System 
to support our objectives that will ``Strengthen the Integrity of Our 
Programs,'' specifically to protect the public's data, provide secure 
online services, and increase payment accuracy. The AFES Record System 
will provide us with access to a single repository of data that 
currently resides across many different SSA systems of records. We will 
use the PII in the AFES Record System to employ advanced data analytics 
solutions to identify patterns indicative of fraud, improve the 
functionality of data-driven fraud activations, conduct real-time risk 
analysis, and integrate developing technology into our anti-fraud 
business processes. This solution will also provide true business 
intelligence to agency leadership with assistance in data-driven anti-
fraud decision-making. We will use the records in the AFES Record 
System to detect indications of fraud in all SSA's programs and 
operations initiated by individuals outside of SSA or internal to SSA 
(e.g., SSA employees).
    In accordance with 5 U.S.C. 552a(r), we provided a report to OMB 
and Congress on this new system of records.

    Dated: February 14, 2018.
Mary Ann Zimmerman,
Acting Executive Director, Office of Privacy and Disclosure, Office of 
the General Counsel.
SYSTEM NAME AND NUMBER
    Anti-Fraud Enterprise Solution (AFES), 60-0388.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Social Security Administration, Office of Analytics, Review, and 
Oversight, Office of Anti-Fraud Programs, Robert M. Ball Building, 6401 
Security Boulevard, Baltimore, MD 21235.

SYSTEM MANAGER(S):
    Chief Fraud Prevention Officer, Social Security Administration, 
Office of Analytics, Review, and Oversight, Office of Anti-Fraud 
Programs, Robert M. Ball Building, 6401 Security Boulevard, Baltimore, 
MD 21235, [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    General authority to maintain the system is contained in Sections 
205(a) and 702(a)(5) of the Social Security Act, as amended (42 U.S.C. 
405(a) and 902(a)(5)), and the Fraud Reduction and Data Analytics Act 
of 2015 (Pub. L. 114-186).

PURPOSE(S) OF THE SYSTEM:
    The records maintained in the AFES Record System are necessary to 
detect, prevent, mitigate, and track the likelihood of fraudulent 
activity in SSA's programs and operations. We will use the AFES Record 
System to identify patterns of fraud and to improve data-driven fraud 
activations and real-time analysis. We may use the results of these 
data analysis activities, including fraud leads and vulnerabilities, in 
our fraud investigations and other activities to support program and 
operational improvements.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system covers individuals who are relevant to suspicious or 
potentially fraudulent activities connected with Social Security 
programs and operations, including but not limited to the subjects of 
an investigation, Social Security applicants and beneficiaries, 
representative payees, appointed representatives, complainants, key 
witnesses, and current or former employees, contractors, or agents.

CATEGORIES OF RECORDS IN THE SYSTEM:
    We will collect and maintain information in connection with our 
review of all suspicious or potentially fraudulent activities in Social 
Security programs and operations. We will also collect and maintain SSA 
and Non-SSA breach information, including data generated internally or 
received from businesses with whom SSA has a relationship or government 
entities or partners.
    The AFES Record System includes records on individuals that it 
obtains from other SSA systems of records and will maintain information 
such as:
    Enumeration Information: This information may include name, Social 
Security number (SSN), date of birth, parent name(s), address, and 
place of birth.
    Earnings Information: This information may include yearly earnings 
and quarters of coverage information.
    Social Security Benefit Information: This information may include 
disability status, benefit payment amount, data relating to the 
computation, appointed representative, and representative payee.
    Representative Payee Information: This information may include 
names, SSNs, and addresses of representative payees and relationship 
with the beneficiary.
    Persons Conducting Business With Us Through Electronic Services: 
This information may include name, address, date of birth, SSN, 
knowledge-based authentication data, and blocked accounts.
    Employee Information: This information may include personal 
identification number (PIN), employee name, job title, SSN about our 
employees, contractors, or agents.

RECORD SOURCE CATEGORIES:
    We obtain information in this system from individuals (i.e., the 
public and SSA staff), other Government agencies, and private entities. 
The largest record sources for the AFES Record System is information 
the agency collects and maintains for purposes related to other 
business processes that have established systems of records, such as 
the Master Files of SSN Holders and SSN Applications (60-0058), the 
Claims Folders Systems (60-0089), the Master Beneficiary Record (60-
0090), the Supplemental Security Income Record and Special Veterans 
Benefits (60-0103), the Personal Identification Number File (60-0214), 
the Master Representative Payee File (60-0222), and the Central 
Repository of Electronic Authentication Data Master File (60-0373). The 
AFES Record System may pull any relevant information from any SSA 
system of records. For a full listing of our system of records notices 
that could provide information to the AFES Record System, please see 
the Privacy Program section of SSA's website.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    We will disclose records pursuant to the following routine uses; 
however, we will not disclose any information defined as ``return or 
return information'' under 26 U.S.C. 6103 of the Internal Revenue Code 
(IRC), unless authorized by statute, the Internal Revenue Service 
(IRS), or IRS regulations.
    1. To any agency, person, or entity in the course of an SSA 
investigation to the extent necessary to obtain or to verify 
information pertinent to an SSA fraud investigation.
    2. To a congressional office in response to an inquiry from that 
office made on behalf of, and at the request of, the subject of the 
record or a third party acting on the subject's behalf.
    3. To the Office of the President in response to an inquiry 
received from that office made on behalf of, and at the request of, the 
subject of record or a third party acting on the subject's behalf.

[[Page 19590]]

    4. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such court or tribunal, when:
    (a) SSA, or any component thereof; or
    (b) any SSA employee in his/her official capacity; or:
    (c) any SSA employee in his/her individual capacity where DOJ (or 
SSA where it is authorized to do so) has agreed to represent the 
employee; or
    (d) the United States or any agency thereof where SSA determines 
the litigation is likely to SSA or any of its components,

    is a party to the litigation or has an interest in such litigation, 
and SSA determines that the use of such records by DOJ, a court or 
other tribunal, or another party before the tribunal is relevant and 
necessary to the litigation, provided, however, that in each case, the 
agency determines that disclosure of the records to DOJ, court or other 
tribunal, or another party is a use of the information contained in the 
records that is compatible with the purpose for which the records were 
collected.
    5. To contractors and other Federal agencies, as necessary, for the 
purpose of assisting SSA in the efficient administration of its 
programs. We will disclose information under this routine use only in 
situations in which SSA may enter into a contractual or similar 
agreement with a third party to assist in accomplishing an agency 
function relating to this system of records.
    6. To student volunteers, individuals working under a personal 
services contract, and other workers who technically do not have the 
status of Federal employees, when they are performing work for SSA, as 
authorized by law, and they need access to PII in SSA records in order 
to perform their assigned agency functions.
    7. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary:
    (a) To enable them to protect the safety of SSA employees and 
customers, the security of the SSA workplace, and the operation of SSA 
facilities, or
    (b) to assist in investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of SSA facilities.
    8. To the National Archives and Records Administration (NARA) under 
44 U.S.C. 2904 and 2906.
    9. To appropriate agencies, entities, and persons when:
    (a) SSA suspects or has confirmed that there has been a breach of 
the system of records;
    (b) SSA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, SSA (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and
    (c) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with SSA's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    10. To another Federal agency or Federal entity, when SSA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in:
    (a) Responding to suspected or confirmed breach; or
    (b) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    11. To the Equal Employment Opportunity Commission when requested 
in connection with investigation into alleged or possible 
discriminatory practices in the Federal sector, examination of Federal 
affirmative employment programs, compliance by Federal agencies with 
the Uniform Guidelines on Employee Selection Procedures, or other 
functions vested in the Commission.
    12. To the Office of Personnel Management, Merit Systems Protection 
Board, or the Office of Special Counsel in connection with appeals, 
special studies of the civil service and other merit systems, review of 
rules and regulations, investigations of alleged or possible prohibited 
personnel practices, and other such functions promulgated in 5 U.S.C. 
Chapter 12, or as may be required by law.
    13. To the Federal Labor Relations Authority, the Office of the 
Special Counsel, the Federal Mediation and Conciliation Service, the 
Federal Service Impasses Panel, or an arbitrator requesting information 
in connection with the investigations of allegations of unfair 
practices, matters before an arbitrator or the Federal Service Impasses 
Panel.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    We will maintain records in this system in paper and electronic 
form.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    We will retrieve records by the individual's name, SSN, as well as 
internal transaction identifiers (e.g., transaction identification for 
the Internet Claim application, transaction identification for an 
electronic online Direct Deposit change, etc.). Information from these 
retrieved records that matches across other agency systems of records 
will also create a linkage to retrieve those records, because the 
system is able to show key connections or overlaps based on similar 
information stored in different data sources at the agency.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    These records are currently unscheduled. We will retain the records 
in accordance with NARA approved records schedules. In accordance with 
NARA rules codified at 36 CFR 1225.16, we maintain unscheduled records 
until NARA approves an agency-specific records schedule or publishes a 
corresponding General Records Schedule.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    We retain electronic and paper files containing personal 
identifiers in secure storage areas accessible only by our authorized 
employees who have a need for the information when performing their 
official duties. Security measures include, but are not limited to, the 
use of codes and profiles, personal identification number and password, 
and personal identification verification cards. We restrict access to 
specific correspondence within the system based on assigned roles and 
authorized users. We maintain electronic files with personal 
identifiers in secure storage areas. We will use audit mechanisms to 
record sensitive transactions as an additional measure to protect 
information from unauthorized disclosure or modification. We keep paper 
records in cabinets within secure areas, with access limited to only 
those employees who have an official need for access in order to 
perform their duties.
    We annually provide our employees and contractors with appropriate 
security awareness training that includes reminders about the need to 
protect PII and the criminal penalties that apply to unauthorized 
access to, or disclosure of PII. See 5 U.S.C. 552a(i)(1). Furthermore, 
employees and contractors with access to databases maintaining PII must 
annually sign a sanction document that acknowledges their 
accountability

[[Page 19591]]

for inappropriately accessing or disclosing such information.

RECORD ACCESS PROCEDURES:
    Individuals may submit requests for information about whether this 
system contains a record about them by submitting a written request to 
the system manager at the above address, which includes their name, 
SSN, or other information that may be in this system of records that 
will identify them. Individuals requesting notification of, or access 
to, a record by mail must include: (1) A notarized statement to us to 
verify their identity; or (2) must certify in the request that they are 
the individual they claim to be and that they understand that the 
knowing and willful request for, or acquisition of, a record pertaining 
to another individual under false pretenses is a criminal offense.
    Individuals requesting notification of, or access to, records in 
person must provide their name, SSN, or other information that may be 
in this system of records that will identify them, as well as provide 
an identity document, preferably with a photograph, such as a driver's 
license. Individuals lacking identification documents sufficient to 
establish their identity must certify in writing that they are the 
individual they claim to be and that they understand that the knowing 
and willful request for, or acquisition of, a record pertaining to 
another individual under false pretenses is a criminal offense.
    These procedures are in accordance with our regulations at 20 CFR 
401.40 and 401.45.

CONTESTING RECORD PROCEDURES:
    Same as record access procedures. Individuals should also 
reasonably identify the record, specify the information they are 
contesting, and state the corrective action sought and the reasons for 
the correction with supporting justification showing how the record is 
incomplete, untimely, inaccurate, or irrelevant. These procedures are 
in accordance with our regulations at 20 CFR 401.65(a).

NOTIFICATION PROCEDURES:
    Same as record access procedures. These procedures are in 
accordance with our regulations at 20 CFR 401.40 and 401.45.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

[FR Doc. 2018-09362 Filed 5-2-18; 8:45 am]
BILLING CODE P