Privacy Act of 1974; System of Records, 19588-19591 [2018-09362]
Download as PDF
<![CDATA[
19588
Federal Register / Vol. 83, No. 86 / Thursday, May 3, 2018 / Notices
utilizing the proposed 7:00 a.m. ET
activation time.35 The Exchange notes
that members may cancel their inactive
orders with RTFY or SCAN routing
order attributes at any time prior to the
time the order activates, which would
allow members to react to conditions
that may cause them to violate their best
execution obligations to their customers
should the orders activate and
execute.36 The Exchange also notes that
members may cancel their active orders
with RTFY or SCAN routing order
attributes and enter new orders at
another time that the members believe
will satisfy their best execution
obligations.37 The Commission notes
that Exchange members’ use of the
proposed 7:00 a.m. ET activation time
must be consistent with their best
execution obligations.
provisions of 5 U.S.C. 552, will be
available for website viewing and
printing in the Commission’s Public
Reference Room, 100 F Street NE,
Washington, DC 20549, on official
business days between the hours of
10:00 a.m. and 3:00 p.m. Copies of the
filing also will be available for
inspection and copying at the principal
office of the Exchange. All comments
received will be posted without change.
Persons submitting comments are
cautioned that we do not redact or edit
personal identifying information from
comment submissions. You should
submit only information that you wish
to make available publicly. All
submissions should refer to File
Number SR–NASDAQ–2017–088 and
should be submitted on or before May
24, 2018.
IV. Solicitation of Comments on
Amendment No. 2 to the Proposed Rule
Change
Interested persons are invited to
submit written data, views, and
arguments concerning whether
Amendment No. 2 is consistent with the
Act. Comments may be submitted by
any of the following methods:
V. Accelerated Approval of Proposed
Rule Change, as Modified by
Amendment No. 2
The Commission finds good cause to
approve the proposed rule change, as
modified by Amendment No. 2, prior to
the thirtieth day after the date of
publication of notice of the filing of
Amendment No. 2 in the Federal
Register. As noted above, in
Amendment No. 2, the Exchange
narrowed the proposal from allowing
members to activate orders with RTFY
or SCAN routing order attributes at any
time during Pre-Market Hours, to
specifically allowing members to
activate these orders at 7:00 a.m. ET,
which is similar to existing
functionalities on certain other
exchanges. Moreover, Amendment No. 2
provided additional explanation
regarding the potential benefits of a 7:00
a.m. ET activation time. Accordingly,
the Commission finds good cause,
pursuant to Section 19(b)(2) of the
Act,38 to approve the proposed rule
change, as modified by Amendment No.
2, on an accelerated basis.
sradovich on DSK3GMQ082PROD with NOTICES
Electronic Comments
• Use the Commission’s internet
comment form (https://www.sec.gov/
rules/sro.shtml); or
• Send an email to rule-comments@
sec.gov. Please include File Number SR–
NASDAQ–2017–088 on the subject line.
Paper Comments
• Send paper comments in triplicate
to Secretary, Securities and Exchange
Commission, 100 F Street NE,
Washington, DC 20549–1090.
All submissions should refer to File
Number SR–NASDAQ–2017–088. This
file number should be included on the
subject line if email is used. To help the
Commission process and review your
comments more efficiently, please use
only one method. The Commission will
post all comments on the Commission’s
internet website (https://www.sec.gov/
rules/sro.shtml). Copies of the
submission, all subsequent
amendments, all written statements
with respect to the proposed rule
change that are filed with the
Commission, and all written
communications relating to the
proposed rule change between the
Commission and any person, other than
those that may be withheld from the
public in accordance with the
id. at 8–10.
id. at 8.
37 See id.
VI. Conclusion
It is therefore ordered, pursuant to
Section 19(b)(2) of the Act,39 that the
proposed rule change (SR–NASDAQ–
2017–088), as modified by Amendment
No. 2, be, and hereby is, approved on an
accelerated basis.
For the Commission, by the Division of
Trading and Markets, pursuant to delegated
authority.40
Robert W. Errett,
Deputy Secretary.
[FR Doc. 2018–09341 Filed 5–2–18; 8:45 am]
BILLING CODE 8011–01–P
35 See
38 15
36 See
39 Id.
VerDate Sep<11>2014
17:29 May 02, 2018
40 17
Jkt 244001
PO 00000
U.S.C. 78s(b)(2).
CFR 200.30–3(a)(12).
Frm 00068
Fmt 4703
Sfmt 4703
SOCIAL SECURITY ADMINISTRATION
[Docket No. SSA–2018–0012]
Privacy Act of 1974; System of
Records
Office of Analytics, Review,
and Oversight, Social Security
Administration (SSA).
ACTION: Notice of a new system of
records.
AGENCY:
In accordance with the
Privacy Act, we are issuing public
notice of our intent to establish a new
system of records entitled, Anti-Fraud
Enterprise Solution (AFES) (60–0388),
hereinafter called the AFES Record
System. The AFES Record System is an
agency-wide and overarching system
that includes the ability to detect,
prevent, and mitigate fraud in SSA’s
programs. The AFES Record System
will collect and maintain personally
identifiable information (PII) to assist in
identifying suspicious or potentially
fraudulent activities performed by
individuals across all the agency’s
programs and service delivery methods.
This notice publishes details of the
system as set forth under the caption,
SUPPLEMENTARY INFORMATION.
DATES: The system of records notice
(SORN) is applicable upon its
publication in today’s Federal Register,
with the exception of the routine uses,
which are effective June 4, 2018. We
invite public comment on the routine
uses or other aspects of this SORN. In
accordance with 5 U.S.C. 552a(e)(4) and
(e)(11), the public is given a 30-day
period in which to submit comments.
Therefore, please submit any comments
by June 4, 2018.
ADDRESSES: The public, Office of
Management and Budget (OMB), and
Congress may comment on this
publication by writing to the Executive
Director, Office of Privacy and
Disclosure, Office of the General
Counsel, SSA, Room G–401 West High
Rise, 6401 Security Boulevard,
Baltimore, Maryland 21235–6401, or
through the Federal e-Rulemaking Portal
at https://www.regulations.gov, please
reference docket number SSA–2018–
0012. All comments we receive will be
available for public inspection at the
above address and we will post them to
https://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Neil
Etter, Government Information
Specialist, Privacy Implementation
Division, Office of Privacy and
Disclosure, Office of the General
Counsel, SSA, Room G–401 West High
Rise, 6401 Security Boulevard,
Baltimore, Maryland 21235–6401,
SUMMARY:
E:\FR\FM\03MYN1.SGM
03MYN1
Federal Register / Vol. 83, No. 86 / Thursday, May 3, 2018 / Notices
telephone: (410) 965–8028, email:
Neil.Etter@ssa.gov.
SUPPLEMENTARY INFORMATION: We are
establishing the AFES Record System to
support our objectives that will
‘‘Strengthen the Integrity of Our
Programs,’’ specifically to protect the
public’s data, provide secure online
services, and increase payment
accuracy. The AFES Record System will
provide us with access to a single
repository of data that currently resides
across many different SSA systems of
records. We will use the PII in the AFES
Record System to employ advanced data
analytics solutions to identify patterns
indicative of fraud, improve the
functionality of data-driven fraud
activations, conduct real-time risk
analysis, and integrate developing
technology into our anti-fraud business
processes. This solution will also
provide true business intelligence to
agency leadership with assistance in
data-driven anti-fraud decision-making.
We will use the records in the AFES
Record System to detect indications of
fraud in all SSA’s programs and
operations initiated by individuals
outside of SSA or internal to SSA (e.g.,
SSA employees).
In accordance with 5 U.S.C. 552a(r),
we provided a report to OMB and
Congress on this new system of records.
Dated: February 14, 2018.
Mary Ann Zimmerman,
Acting Executive Director, Office of Privacy
and Disclosure, Office of the General Counsel.
SYSTEM NAME AND NUMBER
Anti-Fraud Enterprise Solution
(AFES), 60–0388.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Social Security Administration, Office
of Analytics, Review, and Oversight,
Office of Anti-Fraud Programs, Robert
M. Ball Building, 6401 Security
Boulevard, Baltimore, MD 21235.
sradovich on DSK3GMQ082PROD with NOTICES
SYSTEM MANAGER(S):
Chief Fraud Prevention Officer, Social
Security Administration, Office of
Analytics, Review, and Oversight, Office
of Anti-Fraud Programs, Robert M. Ball
Building, 6401 Security Boulevard,
Baltimore, MD 21235,
dcaro.oafp.controls@ssa.gov.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
General authority to maintain the
system is contained in Sections 205(a)
and 702(a)(5) of the Social Security Act,
as amended (42 U.S.C. 405(a) and
902(a)(5)), and the Fraud Reduction and
VerDate Sep<11>2014
17:29 May 02, 2018
Jkt 244001
Data Analytics Act of 2015 (Pub. L. 114–
186).
PURPOSE(S) OF THE SYSTEM:
The records maintained in the AFES
Record System are necessary to detect,
prevent, mitigate, and track the
likelihood of fraudulent activity in
SSA’s programs and operations. We will
use the AFES Record System to identify
patterns of fraud and to improve datadriven fraud activations and real-time
analysis. We may use the results of
these data analysis activities, including
fraud leads and vulnerabilities, in our
fraud investigations and other activities
to support program and operational
improvements.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
This system covers individuals who
are relevant to suspicious or potentially
fraudulent activities connected with
Social Security programs and
operations, including but not limited to
the subjects of an investigation, Social
Security applicants and beneficiaries,
representative payees, appointed
representatives, complainants, key
witnesses, and current or former
employees, contractors, or agents.
CATEGORIES OF RECORDS IN THE SYSTEM:
We will collect and maintain
information in connection with our
review of all suspicious or potentially
fraudulent activities in Social Security
programs and operations. We will also
collect and maintain SSA and Non-SSA
breach information, including data
generated internally or received from
businesses with whom SSA has a
relationship or government entities or
partners.
The AFES Record System includes
records on individuals that it obtains
from other SSA systems of records and
will maintain information such as:
Enumeration Information: This
information may include name, Social
Security number (SSN), date of birth,
parent name(s), address, and place of
birth.
Earnings Information: This
information may include yearly
earnings and quarters of coverage
information.
Social Security Benefit Information:
This information may include disability
status, benefit payment amount, data
relating to the computation, appointed
representative, and representative
payee.
Representative Payee Information:
This information may include names,
SSNs, and addresses of representative
payees and relationship with the
beneficiary.
PO 00000
Frm 00069
Fmt 4703
Sfmt 4703
19589
Persons Conducting Business With Us
Through Electronic Services: This
information may include name, address,
date of birth, SSN, knowledge-based
authentication data, and blocked
accounts.
Employee Information: This
information may include personal
identification number (PIN), employee
name, job title, SSN about our
employees, contractors, or agents.
RECORD SOURCE CATEGORIES:
We obtain information in this system
from individuals (i.e., the public and
SSA staff), other Government agencies,
and private entities. The largest record
sources for the AFES Record System is
information the agency collects and
maintains for purposes related to other
business processes that have established
systems of records, such as the Master
Files of SSN Holders and SSN
Applications (60–0058), the Claims
Folders Systems (60–0089), the Master
Beneficiary Record (60–0090), the
Supplemental Security Income Record
and Special Veterans Benefits (60–
0103), the Personal Identification
Number File (60–0214), the Master
Representative Payee File (60–0222),
and the Central Repository of Electronic
Authentication Data Master File (60–
0373). The AFES Record System may
pull any relevant information from any
SSA system of records. For a full listing
of our system of records notices that
could provide information to the AFES
Record System, please see the Privacy
Program section of SSA’s website.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES:
We will disclose records pursuant to
the following routine uses; however, we
will not disclose any information
defined as ‘‘return or return
information’’ under 26 U.S.C. 6103 of
the Internal Revenue Code (IRC), unless
authorized by statute, the Internal
Revenue Service (IRS), or IRS
regulations.
1. To any agency, person, or entity in
the course of an SSA investigation to the
extent necessary to obtain or to verify
information pertinent to an SSA fraud
investigation.
2. To a congressional office in
response to an inquiry from that office
made on behalf of, and at the request of,
the subject of the record or a third party
acting on the subject’s behalf.
3. To the Office of the President in
response to an inquiry received from
that office made on behalf of, and at the
request of, the subject of record or a
third party acting on the subject’s
behalf.
E:\FR\FM\03MYN1.SGM
03MYN1
sradovich on DSK3GMQ082PROD with NOTICES
19590
Federal Register / Vol. 83, No. 86 / Thursday, May 3, 2018 / Notices
4. To the Department of Justice (DOJ),
a court or other tribunal, or another
party before such court or tribunal,
when:
(a) SSA, or any component thereof; or
(b) any SSA employee in his/her
official capacity; or:
(c) any SSA employee in his/her
individual capacity where DOJ (or SSA
where it is authorized to do so) has
agreed to represent the employee; or
(d) the United States or any agency
thereof where SSA determines the
litigation is likely to SSA or any of its
components,
is a party to the litigation or has an
interest in such litigation, and SSA
determines that the use of such records
by DOJ, a court or other tribunal, or
another party before the tribunal is
relevant and necessary to the litigation,
provided, however, that in each case,
the agency determines that disclosure of
the records to DOJ, court or other
tribunal, or another party is a use of the
information contained in the records
that is compatible with the purpose for
which the records were collected.
5. To contractors and other Federal
agencies, as necessary, for the purpose
of assisting SSA in the efficient
administration of its programs. We will
disclose information under this routine
use only in situations in which SSA
may enter into a contractual or similar
agreement with a third party to assist in
accomplishing an agency function
relating to this system of records.
6. To student volunteers, individuals
working under a personal services
contract, and other workers who
technically do not have the status of
Federal employees, when they are
performing work for SSA, as authorized
by law, and they need access to PII in
SSA records in order to perform their
assigned agency functions.
7. To Federal, State, and local law
enforcement agencies and private
security contractors, as appropriate,
information necessary:
(a) To enable them to protect the
safety of SSA employees and customers,
the security of the SSA workplace, and
the operation of SSA facilities, or
(b) to assist in investigations or
prosecutions with respect to activities
that affect such safety and security or
activities that disrupt the operation of
SSA facilities.
8. To the National Archives and
Records Administration (NARA) under
44 U.S.C. 2904 and 2906.
9. To appropriate agencies, entities,
and persons when:
(a) SSA suspects or has confirmed
that there has been a breach of the
system of records;
VerDate Sep<11>2014
17:29 May 02, 2018
Jkt 244001
(b) SSA has determined that as a
result of the suspected or confirmed
breach there is a risk of harm to
individuals, SSA (including its
information systems, programs, and
operations), the Federal Government, or
national security; and
(c) the disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with SSA’s efforts to
respond to the suspected or confirmed
breach or to prevent, minimize, or
remedy such harm.
10. To another Federal agency or
Federal entity, when SSA determines
that information from this system of
records is reasonably necessary to assist
the recipient agency or entity in:
(a) Responding to suspected or
confirmed breach; or
(b) preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including its information
systems, programs, and operations), the
Federal Government, or national
security, resulting from a suspected or
confirmed breach.
11. To the Equal Employment
Opportunity Commission when
requested in connection with
investigation into alleged or possible
discriminatory practices in the Federal
sector, examination of Federal
affirmative employment programs,
compliance by Federal agencies with
the Uniform Guidelines on Employee
Selection Procedures, or other functions
vested in the Commission.
12. To the Office of Personnel
Management, Merit Systems Protection
Board, or the Office of Special Counsel
in connection with appeals, special
studies of the civil service and other
merit systems, review of rules and
regulations, investigations of alleged or
possible prohibited personnel practices,
and other such functions promulgated
in 5 U.S.C. Chapter 12, or as may be
required by law.
13. To the Federal Labor Relations
Authority, the Office of the Special
Counsel, the Federal Mediation and
Conciliation Service, the Federal
Service Impasses Panel, or an arbitrator
requesting information in connection
with the investigations of allegations of
unfair practices, matters before an
arbitrator or the Federal Service
Impasses Panel.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
We will maintain records in this
system in paper and electronic form.
PO 00000
Frm 00070
Fmt 4703
Sfmt 4703
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
We will retrieve records by the
individual’s name, SSN, as well as
internal transaction identifiers (e.g.,
transaction identification for the
Internet Claim application, transaction
identification for an electronic online
Direct Deposit change, etc.). Information
from these retrieved records that
matches across other agency systems of
records will also create a linkage to
retrieve those records, because the
system is able to show key connections
or overlaps based on similar information
stored in different data sources at the
agency.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
These records are currently
unscheduled. We will retain the records
in accordance with NARA approved
records schedules. In accordance with
NARA rules codified at 36 CFR 1225.16,
we maintain unscheduled records until
NARA approves an agency-specific
records schedule or publishes a
corresponding General Records
Schedule.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
We retain electronic and paper files
containing personal identifiers in secure
storage areas accessible only by our
authorized employees who have a need
for the information when performing
their official duties. Security measures
include, but are not limited to, the use
of codes and profiles, personal
identification number and password,
and personal identification verification
cards. We restrict access to specific
correspondence within the system based
on assigned roles and authorized users.
We maintain electronic files with
personal identifiers in secure storage
areas. We will use audit mechanisms to
record sensitive transactions as an
additional measure to protect
information from unauthorized
disclosure or modification. We keep
paper records in cabinets within secure
areas, with access limited to only those
employees who have an official need for
access in order to perform their duties.
We annually provide our employees
and contractors with appropriate
security awareness training that
includes reminders about the need to
protect PII and the criminal penalties
that apply to unauthorized access to, or
disclosure of PII. See 5 U.S.C. 552a(i)(1).
Furthermore, employees and contractors
with access to databases maintaining PII
must annually sign a sanction document
that acknowledges their accountability
E:\FR\FM\03MYN1.SGM
03MYN1
Federal Register / Vol. 83, No. 86 / Thursday, May 3, 2018 / Notices
for inappropriately accessing or
disclosing such information.
DEPARTMENT OF STATE
[Public Notice 10404]
RECORD ACCESS PROCEDURES:
Individuals may submit requests for
information about whether this system
contains a record about them by
submitting a written request to the
system manager at the above address,
which includes their name, SSN, or
other information that may be in this
system of records that will identify
them. Individuals requesting
notification of, or access to, a record by
mail must include: (1) A notarized
statement to us to verify their identity;
or (2) must certify in the request that
they are the individual they claim to be
and that they understand that the
knowing and willful request for, or
acquisition of, a record pertaining to
another individual under false pretenses
is a criminal offense.
Individuals requesting notification of,
or access to, records in person must
provide their name, SSN, or other
information that may be in this system
of records that will identify them, as
well as provide an identity document,
preferably with a photograph, such as a
driver’s license. Individuals lacking
identification documents sufficient to
establish their identity must certify in
writing that they are the individual they
claim to be and that they understand
that the knowing and willful request for,
or acquisition of, a record pertaining to
another individual under false pretenses
is a criminal offense.
These procedures are in accordance
with our regulations at 20 CFR 401.40
and 401.45.
CONTESTING RECORD PROCEDURES:
Same as record access procedures.
Individuals should also reasonably
identify the record, specify the
information they are contesting, and
state the corrective action sought and
the reasons for the correction with
supporting justification showing how
the record is incomplete, untimely,
inaccurate, or irrelevant. These
procedures are in accordance with our
regulations at 20 CFR 401.65(a).
NOTIFICATION PROCEDURES:
sradovich on DSK3GMQ082PROD with NOTICES
Same as record access procedures.
These procedures are in accordance
with our regulations at 20 CFR 401.40
and 401.45.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
[FR Doc. 2018–09362 Filed 5–2–18; 8:45 am]
BILLING CODE P
VerDate Sep<11>2014
17:29 May 02, 2018
Jkt 244001
United States-Morocco Working Group
on Environmental Cooperation Meeting
and Public Session
Department of State.
Announcement of meetings;
solicitation of suggestions; invitation to
public session.
AGENCY:
ACTION:
The Department of State is
providing notice that the governments
of the United States and Kingdom of
Morocco (the governments) intend to
hold a meeting of the United StatesMorocco Working Group on
Environmental Cooperation (Working
Group) and a public session in Rabat,
Morocco, on May 11, 2018, to discuss
implementation of the Joint Statement
on Environmental Cooperation (Joint
Statement).
During the meetings, the governments
will discuss how the United States and
Morocco can work together to protect
and conserve the environment, highlight
past bilateral environmental
cooperation, review activities under the
2014–2017 Plan of Action, and approve
a 2018–2021 Plan of Action.
The Department of State invites
members of the public to submit written
suggestions on items to include on the
meeting agenda and in the 2018–2021
Plan of Action. The Department of State
also invites interested persons to attend
a public session where the public will
have the opportunity to ask about
implementation of the Joint Statement.
DATES: The public session will be held
on May 11, 2018, in Rabat, Morocco.
Suggestions on the meeting agenda and/
or the 2018–2021 Plan of Action should
be provided no later than May 8, 2018,
to facilitate consideration.
ADDRESSES: Those interested in
attending the public session should
email Eloise Canfield at CanfieldME@
state.gov to find out the time and
location of the session. Suggestions on
the meeting agenda and/or the 2018–
2021 Plan of Action should be emailed
to CanfieldME@state.gov or faxed to
Eloise Canfield at (202) 647–5947, with
the subject line ‘‘United States-Morocco
Environmental Cooperation.’’
FOR FURTHER INFORMATION CONTACT:
Eloise Canfield, (202) 647–4750 or
CanfieldME@state.gov.
SUPPLEMENTARY INFORMATION: In the
Joint Statement, the governments of the
United States and Morocco indicate
their intent ‘‘to pursue efforts to
enhance bilateral environmental
cooperation . . . .’’ In paragraph 5 of
the Joint Statement, the governments
SUMMARY:
PO 00000
Frm 00071
Fmt 4703
Sfmt 4703
19591
established the Working Group to
coordinate and review environmental
cooperation activities. As envisioned in
the Joint Statement, the Working Group
develops Plans of Action, reviews and
assesses cooperative environmental
activities pursuant to the Plan of Action,
recommends ways to improve such
cooperation, and undertakes such other
activities as may seem appropriate to
the governments.
Through this notice, the United States
is soliciting the views of the public with
respect to the 2018–2021 Plan of Action.
Members of the public, including NGOs,
educational institutions, private sector
enterprises, and all other interested
persons are invited to submit written
suggestions regarding items for
inclusion in the meeting agendas or in
the 2018–2021 Plan of Action. Please
include your full name and identify any
organization or group you represent. We
encourage submitters to refer to:
• United States-Morocco Joint
Statement on Environmental
Cooperation;
• 2014–2017 Plan of Action Pursuant
to the United States-Morocco Joint
Statement on Environmental
Cooperation;
These documents are available at:
https://www.state.gov/e/oes/eqt/trade/
morocco/index.htm.
Brian P. Doherty,
Director, Office of Environmental Quality and
Transboundary Issues, Department of State.
[FR Doc. 2018–09378 Filed 5–2–18; 8:45 am]
BILLING CODE 4710–09–P
SURFACE TRANSPORTATION BOARD
[Docket No. AB 1256]
Boston and Maine Corporation &
Springfield Terminal Railway
Company—Adverse Discontinuance of
Operating Authority—MilfordBennington Railroad Company, Inc.
On April 13, 2018, Boston and Maine
Corporation and the Springfield
Terminal Railway Company
(collectively, Pan Am) filed an
application under 49 U.S.C. 10903
requesting that the Surface
Transportation Board (the Board)
authorize the third-party, or ‘‘adverse,’’
discontinuance of operating authority
held by Milford-Bennington Railroad
Company, Inc. (MBR) over
approximately 5.36 miles of rail line on
the Hillsborough Branch from milepost
11.00 to milepost 16.36 in southern New
Hampshire (the Line). The Line
traverses United States Postal Service
Zip Codes 03055 and 03086.
E:\FR\FM\03MYN1.SGM
03MYN1
]]>Agencies
[Federal Register Volume 83, Number 86 (Thursday, May 3, 2018)]
[Notices]
[Pages 19588-19591]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-09362]
=======================================================================
-----------------------------------------------------------------------
SOCIAL SECURITY ADMINISTRATION
[Docket No. SSA-2018-0012]
Privacy Act of 1974; System of Records
AGENCY: Office of Analytics, Review, and Oversight, Social Security
Administration (SSA).
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act, we are issuing public
notice of our intent to establish a new system of records entitled,
Anti-Fraud Enterprise Solution (AFES) (60-0388), hereinafter called the
AFES Record System. The AFES Record System is an agency-wide and
overarching system that includes the ability to detect, prevent, and
mitigate fraud in SSA's programs. The AFES Record System will collect
and maintain personally identifiable information (PII) to assist in
identifying suspicious or potentially fraudulent activities performed
by individuals across all the agency's programs and service delivery
methods. This notice publishes details of the system as set forth under
the caption, SUPPLEMENTARY INFORMATION.
DATES: The system of records notice (SORN) is applicable upon its
publication in today's Federal Register, with the exception of the
routine uses, which are effective June 4, 2018. We invite public
comment on the routine uses or other aspects of this SORN. In
accordance with 5 U.S.C. 552a(e)(4) and (e)(11), the public is given a
30-day period in which to submit comments. Therefore, please submit any
comments by June 4, 2018.
ADDRESSES: The public, Office of Management and Budget (OMB), and
Congress may comment on this publication by writing to the Executive
Director, Office of Privacy and Disclosure, Office of the General
Counsel, SSA, Room G-401 West High Rise, 6401 Security Boulevard,
Baltimore, Maryland 21235-6401, or through the Federal e-Rulemaking
Portal at https://www.regulations.gov, please reference docket number
SSA-2018-0012. All comments we receive will be available for public
inspection at the above address and we will post them to https://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Neil Etter, Government Information
Specialist, Privacy Implementation Division, Office of Privacy and
Disclosure, Office of the General Counsel, SSA, Room G-401 West High
Rise, 6401 Security Boulevard, Baltimore, Maryland 21235-6401,
[[Page 19589]]
telephone: (410) 965-8028, email: [email protected].
SUPPLEMENTARY INFORMATION: We are establishing the AFES Record System
to support our objectives that will ``Strengthen the Integrity of Our
Programs,'' specifically to protect the public's data, provide secure
online services, and increase payment accuracy. The AFES Record System
will provide us with access to a single repository of data that
currently resides across many different SSA systems of records. We will
use the PII in the AFES Record System to employ advanced data analytics
solutions to identify patterns indicative of fraud, improve the
functionality of data-driven fraud activations, conduct real-time risk
analysis, and integrate developing technology into our anti-fraud
business processes. This solution will also provide true business
intelligence to agency leadership with assistance in data-driven anti-
fraud decision-making. We will use the records in the AFES Record
System to detect indications of fraud in all SSA's programs and
operations initiated by individuals outside of SSA or internal to SSA
(e.g., SSA employees).
In accordance with 5 U.S.C. 552a(r), we provided a report to OMB
and Congress on this new system of records.
Dated: February 14, 2018.
Mary Ann Zimmerman,
Acting Executive Director, Office of Privacy and Disclosure, Office of
the General Counsel.
SYSTEM NAME AND NUMBER
Anti-Fraud Enterprise Solution (AFES), 60-0388.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Social Security Administration, Office of Analytics, Review, and
Oversight, Office of Anti-Fraud Programs, Robert M. Ball Building, 6401
Security Boulevard, Baltimore, MD 21235.
SYSTEM MANAGER(S):
Chief Fraud Prevention Officer, Social Security Administration,
Office of Analytics, Review, and Oversight, Office of Anti-Fraud
Programs, Robert M. Ball Building, 6401 Security Boulevard, Baltimore,
MD 21235, [email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
General authority to maintain the system is contained in Sections
205(a) and 702(a)(5) of the Social Security Act, as amended (42 U.S.C.
405(a) and 902(a)(5)), and the Fraud Reduction and Data Analytics Act
of 2015 (Pub. L. 114-186).
PURPOSE(S) OF THE SYSTEM:
The records maintained in the AFES Record System are necessary to
detect, prevent, mitigate, and track the likelihood of fraudulent
activity in SSA's programs and operations. We will use the AFES Record
System to identify patterns of fraud and to improve data-driven fraud
activations and real-time analysis. We may use the results of these
data analysis activities, including fraud leads and vulnerabilities, in
our fraud investigations and other activities to support program and
operational improvements.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
This system covers individuals who are relevant to suspicious or
potentially fraudulent activities connected with Social Security
programs and operations, including but not limited to the subjects of
an investigation, Social Security applicants and beneficiaries,
representative payees, appointed representatives, complainants, key
witnesses, and current or former employees, contractors, or agents.
CATEGORIES OF RECORDS IN THE SYSTEM:
We will collect and maintain information in connection with our
review of all suspicious or potentially fraudulent activities in Social
Security programs and operations. We will also collect and maintain SSA
and Non-SSA breach information, including data generated internally or
received from businesses with whom SSA has a relationship or government
entities or partners.
The AFES Record System includes records on individuals that it
obtains from other SSA systems of records and will maintain information
such as:
Enumeration Information: This information may include name, Social
Security number (SSN), date of birth, parent name(s), address, and
place of birth.
Earnings Information: This information may include yearly earnings
and quarters of coverage information.
Social Security Benefit Information: This information may include
disability status, benefit payment amount, data relating to the
computation, appointed representative, and representative payee.
Representative Payee Information: This information may include
names, SSNs, and addresses of representative payees and relationship
with the beneficiary.
Persons Conducting Business With Us Through Electronic Services:
This information may include name, address, date of birth, SSN,
knowledge-based authentication data, and blocked accounts.
Employee Information: This information may include personal
identification number (PIN), employee name, job title, SSN about our
employees, contractors, or agents.
RECORD SOURCE CATEGORIES:
We obtain information in this system from individuals (i.e., the
public and SSA staff), other Government agencies, and private entities.
The largest record sources for the AFES Record System is information
the agency collects and maintains for purposes related to other
business processes that have established systems of records, such as
the Master Files of SSN Holders and SSN Applications (60-0058), the
Claims Folders Systems (60-0089), the Master Beneficiary Record (60-
0090), the Supplemental Security Income Record and Special Veterans
Benefits (60-0103), the Personal Identification Number File (60-0214),
the Master Representative Payee File (60-0222), and the Central
Repository of Electronic Authentication Data Master File (60-0373). The
AFES Record System may pull any relevant information from any SSA
system of records. For a full listing of our system of records notices
that could provide information to the AFES Record System, please see
the Privacy Program section of SSA's website.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
We will disclose records pursuant to the following routine uses;
however, we will not disclose any information defined as ``return or
return information'' under 26 U.S.C. 6103 of the Internal Revenue Code
(IRC), unless authorized by statute, the Internal Revenue Service
(IRS), or IRS regulations.
1. To any agency, person, or entity in the course of an SSA
investigation to the extent necessary to obtain or to verify
information pertinent to an SSA fraud investigation.
2. To a congressional office in response to an inquiry from that
office made on behalf of, and at the request of, the subject of the
record or a third party acting on the subject's behalf.
3. To the Office of the President in response to an inquiry
received from that office made on behalf of, and at the request of, the
subject of record or a third party acting on the subject's behalf.
[[Page 19590]]
4. To the Department of Justice (DOJ), a court or other tribunal,
or another party before such court or tribunal, when:
(a) SSA, or any component thereof; or
(b) any SSA employee in his/her official capacity; or:
(c) any SSA employee in his/her individual capacity where DOJ (or
SSA where it is authorized to do so) has agreed to represent the
employee; or
(d) the United States or any agency thereof where SSA determines
the litigation is likely to SSA or any of its components,
is a party to the litigation or has an interest in such litigation,
and SSA determines that the use of such records by DOJ, a court or
other tribunal, or another party before the tribunal is relevant and
necessary to the litigation, provided, however, that in each case, the
agency determines that disclosure of the records to DOJ, court or other
tribunal, or another party is a use of the information contained in the
records that is compatible with the purpose for which the records were
collected.
5. To contractors and other Federal agencies, as necessary, for the
purpose of assisting SSA in the efficient administration of its
programs. We will disclose information under this routine use only in
situations in which SSA may enter into a contractual or similar
agreement with a third party to assist in accomplishing an agency
function relating to this system of records.
6. To student volunteers, individuals working under a personal
services contract, and other workers who technically do not have the
status of Federal employees, when they are performing work for SSA, as
authorized by law, and they need access to PII in SSA records in order
to perform their assigned agency functions.
7. To Federal, State, and local law enforcement agencies and
private security contractors, as appropriate, information necessary:
(a) To enable them to protect the safety of SSA employees and
customers, the security of the SSA workplace, and the operation of SSA
facilities, or
(b) to assist in investigations or prosecutions with respect to
activities that affect such safety and security or activities that
disrupt the operation of SSA facilities.
8. To the National Archives and Records Administration (NARA) under
44 U.S.C. 2904 and 2906.
9. To appropriate agencies, entities, and persons when:
(a) SSA suspects or has confirmed that there has been a breach of
the system of records;
(b) SSA has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, SSA (including
its information systems, programs, and operations), the Federal
Government, or national security; and
(c) the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with SSA's efforts to
respond to the suspected or confirmed breach or to prevent, minimize,
or remedy such harm.
10. To another Federal agency or Federal entity, when SSA
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in:
(a) Responding to suspected or confirmed breach; or
(b) preventing, minimizing, or remedying the risk of harm to
individuals, the recipient agency or entity (including its information
systems, programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
11. To the Equal Employment Opportunity Commission when requested
in connection with investigation into alleged or possible
discriminatory practices in the Federal sector, examination of Federal
affirmative employment programs, compliance by Federal agencies with
the Uniform Guidelines on Employee Selection Procedures, or other
functions vested in the Commission.
12. To the Office of Personnel Management, Merit Systems Protection
Board, or the Office of Special Counsel in connection with appeals,
special studies of the civil service and other merit systems, review of
rules and regulations, investigations of alleged or possible prohibited
personnel practices, and other such functions promulgated in 5 U.S.C.
Chapter 12, or as may be required by law.
13. To the Federal Labor Relations Authority, the Office of the
Special Counsel, the Federal Mediation and Conciliation Service, the
Federal Service Impasses Panel, or an arbitrator requesting information
in connection with the investigations of allegations of unfair
practices, matters before an arbitrator or the Federal Service Impasses
Panel.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
We will maintain records in this system in paper and electronic
form.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
We will retrieve records by the individual's name, SSN, as well as
internal transaction identifiers (e.g., transaction identification for
the Internet Claim application, transaction identification for an
electronic online Direct Deposit change, etc.). Information from these
retrieved records that matches across other agency systems of records
will also create a linkage to retrieve those records, because the
system is able to show key connections or overlaps based on similar
information stored in different data sources at the agency.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
These records are currently unscheduled. We will retain the records
in accordance with NARA approved records schedules. In accordance with
NARA rules codified at 36 CFR 1225.16, we maintain unscheduled records
until NARA approves an agency-specific records schedule or publishes a
corresponding General Records Schedule.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
We retain electronic and paper files containing personal
identifiers in secure storage areas accessible only by our authorized
employees who have a need for the information when performing their
official duties. Security measures include, but are not limited to, the
use of codes and profiles, personal identification number and password,
and personal identification verification cards. We restrict access to
specific correspondence within the system based on assigned roles and
authorized users. We maintain electronic files with personal
identifiers in secure storage areas. We will use audit mechanisms to
record sensitive transactions as an additional measure to protect
information from unauthorized disclosure or modification. We keep paper
records in cabinets within secure areas, with access limited to only
those employees who have an official need for access in order to
perform their duties.
We annually provide our employees and contractors with appropriate
security awareness training that includes reminders about the need to
protect PII and the criminal penalties that apply to unauthorized
access to, or disclosure of PII. See 5 U.S.C. 552a(i)(1). Furthermore,
employees and contractors with access to databases maintaining PII must
annually sign a sanction document that acknowledges their
accountability
[[Page 19591]]
for inappropriately accessing or disclosing such information.
RECORD ACCESS PROCEDURES:
Individuals may submit requests for information about whether this
system contains a record about them by submitting a written request to
the system manager at the above address, which includes their name,
SSN, or other information that may be in this system of records that
will identify them. Individuals requesting notification of, or access
to, a record by mail must include: (1) A notarized statement to us to
verify their identity; or (2) must certify in the request that they are
the individual they claim to be and that they understand that the
knowing and willful request for, or acquisition of, a record pertaining
to another individual under false pretenses is a criminal offense.
Individuals requesting notification of, or access to, records in
person must provide their name, SSN, or other information that may be
in this system of records that will identify them, as well as provide
an identity document, preferably with a photograph, such as a driver's
license. Individuals lacking identification documents sufficient to
establish their identity must certify in writing that they are the
individual they claim to be and that they understand that the knowing
and willful request for, or acquisition of, a record pertaining to
another individual under false pretenses is a criminal offense.
These procedures are in accordance with our regulations at 20 CFR
401.40 and 401.45.
CONTESTING RECORD PROCEDURES:
Same as record access procedures. Individuals should also
reasonably identify the record, specify the information they are
contesting, and state the corrective action sought and the reasons for
the correction with supporting justification showing how the record is
incomplete, untimely, inaccurate, or irrelevant. These procedures are
in accordance with our regulations at 20 CFR 401.65(a).
NOTIFICATION PROCEDURES:
Same as record access procedures. These procedures are in
accordance with our regulations at 20 CFR 401.40 and 401.45.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
[FR Doc. 2018-09362 Filed 5-2-18; 8:45 am]
BILLING CODE P
