Privacy Act of 1974; System of Records, 55226-55228 [2018-23943]

Download as PDF 55226 Federal Register / Vol. 83, No. 213 / Friday, November 2, 2018 / Notices 695(e)(3), SBA is designating ‘‘Opportunity Zones’’ as additional areas for which the higher portfolio average described in paragraph (3) above would apply. An Opportunity Zone is an economically distressed community that has been nominated by the State and certified by the Secretary of the U.S. Treasury as a community in which new investments, under certain conditions, may be eligible for preferential tax treatment. More information and a list of Opportunity Zones for all States are available at https://www.cdfifund.gov/Pages/ Opportunity-Zones.aspx. SBA has determined that the changes described in this Notice should apply immediately to any 504 Loan that is approved on or after November 2, 2018 in order to give CDCs and small business applicants the benefits of these changes as soon as possible and because neither the new job creation/retention requirements nor the additional areas designated for application of the higher portfolio average will adversely affect either CDCs or their small business applicants. SBA invites public comments on these new job creation or preservation standards and the designation of additional areas for application of the higher portfolio average described above. Please clearly identify paper and electronic comments as ‘‘Public Comments on 504 Loan Program’s Job Opportunity Requirements, Docket No. SBA–2018–0010’’ and submit them by one of the methods identified in the ADDRESSES section of this document. SBA will consider the comments and determine whether any revisions are necessary. Authority: 15 U.S.C. 695(d); 13 CFR 120.829(a) and 120.861. Dated: October 29, 2018. Linda E. McMahon, Administrator. [FR Doc. 2018–24033 Filed 11–1–18; 8:45 am] BILLING CODE 8025–01–P SOCIAL SECURITY ADMINISTRATION [Docket No. SSA–2018–0062] Privacy Act of 1974; System of Records Office of the Commissioner, Social Security Administration (SSA). ACTION: Notice of a modified system of records. AGENCY: In accordance with the Privacy Act, we are issuing public notice of our intent to modify an existing system of records entitled, SUMMARY: VerDate Sep<11>2014 17:57 Nov 01, 2018 Jkt 247001 Assignment and Correspondence Tracking (ACT) System (60–0001), last published in full on January 11, 2006. This notice publishes details of the proposed updates as set forth below under the caption, SUPPLEMENTARY INFORMATION. The system of records notice (SORN) is applicable upon its publication in today’s Federal Register, with the exception of the routine uses, which are effective December 3, 2018. We invite public comment on the routine uses or other aspects of this SORN. In accordance with 5 U.S.C. 552a(e)(4) and (e)(11), the public is given a 30-day period in which to submit comments. Therefore, please submit any comments by December 3, 2018. DATES: The public, Office of Management and Budget (OMB), and Congress may comment on this publication by writing to the Executive Director, Office of Privacy and Disclosure, Office of the General Counsel, SSA, Room G–401 West High Rise, 6401 Security Boulevard, Baltimore, Maryland 21235–6401, or through the Federal e-Rulemaking Portal at http://www.regulations.gov, please reference docket number SSA–2018– 0062. All comments we receive will be available for public inspection at the above address and we will post them to http://www.regulations.gov. FOR FURTHER INFORMATION CONTACT: Tristin Dorsey, Government Information Specialist, Privacy Implementation Division, Office of Privacy and Disclosure, Office of the General Counsel, SSA, Room G–401 West High Rise, 6401 Security Boulevard, Baltimore, Maryland 21235–6401, telephone: (410) 965–2950, email: tristin.dorsey@ssa.gov. SUPPLEMENTARY INFORMATION: We are modifying the system of records name from ACT System, SSA, Office of the Commissioner, to the Electronic Management of Assignments and Correspondence (EMAC) to accurately reflect the system name, hereinafter referred to as EMAC. We are also modifying the notice throughout to correct miscellaneous stylistic formatting and typographical errors of the previously published Notice, and to ensure the language reads consistently across multiple systems. We are modifying the system manager to clarify the name of the office and specifying in the categories of records that correspondence may be received in all agency offices. We are revising the categories of individuals and explaining how the records are retrieved. We are ADDRESSES: PO 00000 Frm 00085 Fmt 4703 Sfmt 4703 also adding new routine uses to clarify that records may be provided to the Department of Treasury, Internal Revenue Service (IRS), for auditing purposes, to contractors and other Federal agencies for the purpose of assisting SSA in the efficient administration of its programs, and to other Federal agencies and entities for the purpose of assisting in breach responses. The entire notice is being republished for ease of reference. In accordance with 5 U.S.C. 552a(r), we have provided a report to OMB and Congress on this new system of records. Dated: October 25, 2018. Mary Zimmerman, Acting Executive Director, Office of Privacy and Disclosure, Office of the General Counsel. SYSTEM NAME AND NUMBER Electronic Management of Assignments and Correspondence, 60– 0001. SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: Social Security Administration, Office of the Commissioner, Robert M. Ball Building, 6401 Security Boulevard, Baltimore, Maryland 21235–6401. SYSTEM MANAGER(S): Social Security Administration, Chief of Staff, Office of the Commissioner, Robert M. Ball Building, 6401 Security Boulevard, Baltimore, MD 21235–6401, OC.Controls@ssa.gov. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Sections 205 and 1631 of the Social Security Act, as amended (42 U.S.C. 405) and (42 U.S.C. 1383). PURPOSE(S) OF THE SYSTEM: We will use the information in this system to assist us in supporting agency objectives to track, manage, and respond to external correspondence received from members of the public, the media, the White House, Congress, and other Federal agencies that require information or a response from SSA. We will also use this system to track and manage correspondence and assignments within SSA, and use the system to make assignments to agency employees to respond to the external requests. The system is an internal webbased system allowing authorized employees at all organizational levels to electronically access, create, assign, and process correspondence from the receipt of an inquiry through its completed response. E:\FR\FM\02NON1.SGM 02NON1 Federal Register / Vol. 83, No. 213 / Friday, November 2, 2018 / Notices CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Individuals who request information directly from us (e.g., Social Security beneficiaries or individuals inquiring on their behalf), the media, the White House, Congress, or other Federal agency point of contact information, SSA employees who initiate actions from within the system, and on SSA employees who submit responses to the external requests from individuals. CATEGORIES OF RECORDS IN THE SYSTEM: This system maintains incoming or outgoing correspondence received, created, or compiled in response to external or internal requests for information, or assignments by individuals within or external to the agency. Information in the correspondence may include the name of the claimant; the name of the individual submitting the inquiry; the date of the correspondence; the date received in SSA; the SSA component responsible for responding to the inquiry; and a description of the inquiry or action needed. RECORD SOURCE CATEGORIES: We obtain information in this system of records primarily from the authorized employees who scan the correspondence into the system, create the assignments, and respond to inquiries. This system does not pull information from other agency systems. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: We will disclose records pursuant to the following routine uses; however, we will not disclose any information defined as ‘‘return or return information’’ under 26 U.S.C. 6103 of the Internal Revenue Code (IRC), unless authorized by a statute, the Internal Revenue Service (IRS), or IRS regulations. 1. To a congressional office in response to an inquiry from that office made on behalf of, and at the request of, the subject of the record or a third party acting on the subject’s behalf. 2. To the Office of the President in response to an inquiry received from that office made on behalf of, and at the request of, the subject of record or a third party acting on the subject’s behalf. 3. To the National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 2906. 4. To the Department of Justice (DOJ), a court or other tribunal, or another party before such court or tribunal, when VerDate Sep<11>2014 17:57 Nov 01, 2018 Jkt 247001 (a) SSA, or any component thereof; or (b) any SSA employee in his/her official capacity; or (c) any SSA employee in his/her individual capacity where DOJ (or SSA where it is authorized to do so) has agreed to represent the employee; or (d) the United States or any agency thereof where SSA determines the litigation is likely to affect SSA or any of its components, is a party to the litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court or other tribunal, or another party before such tribunal, is relevant and necessary to the litigation, provided, however, that in each case, the agency determines that disclosure of the records to DOJ, court or other tribunal, or another party is a use of the information contained in the records that is compatible with the purpose for which the records were collected. 5. To student volunteers, individuals working under a personal services contract, and other workers who technically do not have the status of Federal employees, when they are performing work for SSA, as authorized by law, and they need access to PII in SSA records in order to perform their assigned agency functions. 6. To Federal, State and local law enforcement agencies and private security contractors as appropriate, information necessary: (a) To enable them to protect the safety of SSA employees and customers, the security of SSA workplace, and the operation of SSA facilities; or (b) to assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupt the operation of SSA facilities. 7. To appropriate agencies, entities, and persons when: (a) SSA suspects or has confirmed that there has been a breach of this system of records; (b) SSA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, SSA (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with SSA’s efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. 8. To the IRS, Department of Treasury, for the purpose of auditing SSA’s compliance with the safeguard PO 00000 Frm 00086 Fmt 4703 Sfmt 4703 55227 provisions of the IRC of 1986, as amended. 9. To contractors and other Federal agencies, as necessary, for the purpose of assisting SSA in the efficient administration of its programs. We will disclose information under this routine use only in situations in which SSA may enter into a contractual or similar agreement with a third party to assist in accomplishing an agency function relating to this system of records. 10. To another Federal agency or Federal entity, when SSA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in: (a) Responding to a suspected or confirmed breach; or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: We will maintain records in this system in paper and electronic form. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: We will retrieve records in this system by the requestor’s name, subject of control/assignment, or control/ assignment description. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: These records are currently unscheduled. We retain records in accordance with NARA approved records schedules. In accordance with NARA rules codified at 36 CFR 1225.16, we maintain unscheduled records until NARA approves an agency-specific records schedule or publishes a corresponding General Records Schedule. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: We retain electronic and paper records with personal identifiers in secure storage areas accessible only by our authorized employees and contractors who have a need for the information when performing their official duties. Security measures include, but are not limited to, the use of codes and profiles, personal identification number and password, and personal identification verification cards. We restrict access to specific correspondence within the system based on assigned roles and authorized users assigned to specific component level E:\FR\FM\02NON1.SGM 02NON1 55228 Federal Register / Vol. 83, No. 213 / Friday, November 2, 2018 / Notices groups. We keep paper records in cabinets within secure areas, with access limited to only those employees who have an official need for access in order to perform their duties. We annually provide our employees and contractors with appropriate security awareness training that includes reminders about the need to protect PII and the criminal penalties that apply to unauthorized access to, or disclosure of, PII (5 U.S.C. 552a(i)(1)). Furthermore, employees and contractors with access to databases maintaining PII must sign a sanctions document annually acknowledging their accountability for inappropriately accessing or disclosing such information. RECORD ACCESS PROCEDURES: CONTESTING RECORD PROCEDURES: Same as record access procedures. Individuals should also reasonably identify the record, specify the information they are contesting, and state the corrective action sought and the reasons for the correction with supporting justification showing how the record is incomplete, untimely, inaccurate, or irrelevant. These 17:57 Nov 01, 2018 NOTIFICATION PROCEDURES: Same as record access procedures. These procedures are in accordance with our regulations at 20 CFR 401.40 and 401.45. EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. HISTORY: 71 FR 1800, Assignment and Correspondence Tracking (ACT) System. [FR Doc. 2018–23943 Filed 11–1–18; 8:45 am] BILLING CODE P SOCIAL SECURITY ADMINISTRATION Individuals may submit requests for information about whether this system contains a record about them by submitting a written request to the system manager at the above address, which includes their name or other information that may be in this system of records that will identify them. Individuals requesting notification of, or access to, a record by mail must include: (1) A notarized statement to us to verify their identity; or (2) must certify in the request that they are the individual they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense. Individuals requesting notification of, or access to, records in person must provide their name or other information that may be in this system of records that will identify them, as well as provide an identity document, preferably with a photograph, such as a driver’s license. Individuals lacking identification documents sufficient to establish their identity must certify in writing that they are the individual they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense. These procedures are in accordance with our regulations at 20 CFR 401.40 and 401.45. VerDate Sep<11>2014 procedures are in accordance with our regulations at 20 CFR 401.65(a). Jkt 247001 [Docket No. SSA–2018–0060] Privacy Act of 1974; System of Records Office of Retirement and Disability Policy, Office of Income Security Programs, Social Security Administration (SSA). ACTION: Notice of a modified system of records. AGENCY: In accordance with the Privacy Act, we are issuing public notice of our intent to modify an existing system of records, entitled Master Representative Payee File (60– 0222), last published in full on April 22, 2013. This notice publishes details of the modified system as set forth under the caption, SUPPLEMENTARY INFORMATION. SUMMARY: The system of records notice (SORN) is applicable upon its publication in today’s Federal Register, with the exception of the new routine uses, which are effective December 3, 2018. We invite public comment on the routine uses or other aspects of this SORN. In accordance with 5 U.S.C. 552a(e)(4) and (e)(11), the public is given a 30-day period in which to submit comments. Therefore, please submit any comments by December 3, 2018. DATES: The public, Office of Management and Budget (OMB), and Congress may comment on this publication by writing to the Executive Director, Office of Privacy and Disclosure, Office of the General Counsel, SSA, Room G–401 West High Rise, 6401 Security Boulevard, Baltimore, Maryland 21235–6401, or through the Federal e-Rulemaking Portal at http://www.regulations.gov, please reference docket number SSA–2018– ADDRESSES: PO 00000 Frm 00087 Fmt 4703 Sfmt 4703 0060. All comments we receive will be available for public inspection at the above address and we will post them to http://www.regulations.gov. FOR FURTHER INFORMATION CONTACT: Andrea Huseth, Government Information Specialist, Disclosure and Data Support Division, Office of Privacy and Disclosure, Office of the General Counsel, SSA, Room G–401 West High Rise, 6401 Security Boulevard, Baltimore, Maryland 21235–6401, telephone: (410) 965–6868, email: andrea.huseth@ssa.gov and Tristin Dorsey, Government Information Specialist, Privacy Implementation Division, Office of Privacy and Disclosure, Office of the General Counsel, SSA, Room G–401 West High Rise, 6401 Security Boulevard, Baltimore, Maryland 21235–6401, telephone: (410) 965–2950, email: tristin.dorsey@ssa.gov. SUPPLEMENTARY INFORMATION: Social Security’s representative payee program provides financial management for Social Security beneficiaries, Supplemental Security Income (SSI) recipients, and Special Veterans Benefits recipients who are incapable of managing their benefits or payments. The representative payee’s primary responsibility is to use the beneficiary’s benefits or recipient’s payments for the beneficiary’s or recipient’s current and foreseeable needs. The Strengthening Protections for Social Security Beneficiaries Act of 2018 (H.R. 4547, Pub. L. 115–165, hereafter referred to as Pub. L. 115–165) directs SSA to conduct background investigations on certain representative payees at least once every five years. Routine use #19 currently allows for the disclosure of representative payee information to third parties to obtain criminal history information. As of 2013, SSA’s policy was to make such disclosures via routine use #19 at the time a representative payee applied to become a representative payee. We are notifying all current representative payees and future representative payee applicants (with some exceptions, discussed below) that SSA will begin, in accordance with Public Law 115–165, making such disclosures under routine use #19 both at the time of application and on a continuing basis at least once every five years. Beginning in 2019 for all current representative payees, SSA will make disclosures under routine use #19, and will do so at least once every five years. We may, however, exempt certain close family members serving as representative payees (including but not limited to the custodial parent of a minor beneficiary/recipient, spouse of a E:\FR\FM\02NON1.SGM 02NON1

Agencies

[Federal Register Volume 83, Number 213 (Friday, November 2, 2018)]
[Notices]
[Pages 55226-55228]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-23943]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION

[Docket No. SSA-2018-0062]


Privacy Act of 1974; System of Records

AGENCY: Office of the Commissioner, Social Security Administration 
(SSA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act, we are issuing public 
notice of our intent to modify an existing system of records entitled, 
Assignment and Correspondence Tracking (ACT) System (60-0001), last 
published in full on January 11, 2006. This notice publishes details of 
the proposed updates as set forth below under the caption, 
SUPPLEMENTARY INFORMATION.

DATES: The system of records notice (SORN) is applicable upon its 
publication in today's Federal Register, with the exception of the 
routine uses, which are effective December 3, 2018. We invite public 
comment on the routine uses or other aspects of this SORN. In 
accordance with 5 U.S.C. 552a(e)(4) and (e)(11), the public is given a 
30-day period in which to submit comments. Therefore, please submit any 
comments by December 3, 2018.

ADDRESSES: The public, Office of Management and Budget (OMB), and 
Congress may comment on this publication by writing to the Executive 
Director, Office of Privacy and Disclosure, Office of the General 
Counsel, SSA, Room G-401 West High Rise, 6401 Security Boulevard, 
Baltimore, Maryland 21235-6401, or through the Federal e-Rulemaking 
Portal at http://www.regulations.gov, please reference docket number 
SSA-2018-0062. All comments we receive will be available for public 
inspection at the above address and we will post them to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Tristin Dorsey, Government Information 
Specialist, Privacy Implementation Division, Office of Privacy and 
Disclosure, Office of the General Counsel, SSA, Room G-401 West High 
Rise, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, 
telephone: (410) 965-2950, email: [email protected].

SUPPLEMENTARY INFORMATION: We are modifying the system of records name 
from ACT System, SSA, Office of the Commissioner, to the Electronic 
Management of Assignments and Correspondence (EMAC) to accurately 
reflect the system name, hereinafter referred to as EMAC. We are also 
modifying the notice throughout to correct miscellaneous stylistic 
formatting and typographical errors of the previously published Notice, 
and to ensure the language reads consistently across multiple systems.
    We are modifying the system manager to clarify the name of the 
office and specifying in the categories of records that correspondence 
may be received in all agency offices. We are revising the categories 
of individuals and explaining how the records are retrieved. We are 
also adding new routine uses to clarify that records may be provided to 
the Department of Treasury, Internal Revenue Service (IRS), for 
auditing purposes, to contractors and other Federal agencies for the 
purpose of assisting SSA in the efficient administration of its 
programs, and to other Federal agencies and entities for the purpose of 
assisting in breach responses. The entire notice is being republished 
for ease of reference.
    In accordance with 5 U.S.C. 552a(r), we have provided a report to 
OMB and Congress on this new system of records.

    Dated: October 25, 2018.
Mary Zimmerman,
Acting Executive Director, Office of Privacy and Disclosure, Office of 
the General Counsel.
SYSTEM NAME AND NUMBER
    Electronic Management of Assignments and Correspondence, 60-0001.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Social Security Administration, Office of the Commissioner, Robert 
M. Ball Building, 6401 Security Boulevard, Baltimore, Maryland 21235-
6401.

SYSTEM MANAGER(S):
    Social Security Administration, Chief of Staff, Office of the 
Commissioner, Robert M. Ball Building, 6401 Security Boulevard, 
Baltimore, MD 21235-6401, [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Sections 205 and 1631 of the Social Security Act, as amended (42 
U.S.C. 405) and (42 U.S.C. 1383).

PURPOSE(S) OF THE SYSTEM:
    We will use the information in this system to assist us in 
supporting agency objectives to track, manage, and respond to external 
correspondence received from members of the public, the media, the 
White House, Congress, and other Federal agencies that require 
information or a response from SSA. We will also use this system to 
track and manage correspondence and assignments within SSA, and use the 
system to make assignments to agency employees to respond to the 
external requests. The system is an internal web-based system allowing 
authorized employees at all organizational levels to electronically 
access, create, assign, and process correspondence from the receipt of 
an inquiry through its completed response.

[[Page 55227]]

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who request information directly from us (e.g., Social 
Security beneficiaries or individuals inquiring on their behalf), the 
media, the White House, Congress, or other Federal agency point of 
contact information, SSA employees who initiate actions from within the 
system, and on SSA employees who submit responses to the external 
requests from individuals.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system maintains incoming or outgoing correspondence received, 
created, or compiled in response to external or internal requests for 
information, or assignments by individuals within or external to the 
agency. Information in the correspondence may include the name of the 
claimant; the name of the individual submitting the inquiry; the date 
of the correspondence; the date received in SSA; the SSA component 
responsible for responding to the inquiry; and a description of the 
inquiry or action needed.

RECORD SOURCE CATEGORIES:
    We obtain information in this system of records primarily from the 
authorized employees who scan the correspondence into the system, 
create the assignments, and respond to inquiries. This system does not 
pull information from other agency systems.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    We will disclose records pursuant to the following routine uses; 
however, we will not disclose any information defined as ``return or 
return information'' under 26 U.S.C. 6103 of the Internal Revenue Code 
(IRC), unless authorized by a statute, the Internal Revenue Service 
(IRS), or IRS regulations.
    1. To a congressional office in response to an inquiry from that 
office made on behalf of, and at the request of, the subject of the 
record or a third party acting on the subject's behalf.
    2. To the Office of the President in response to an inquiry 
received from that office made on behalf of, and at the request of, the 
subject of record or a third party acting on the subject's behalf.
    3. To the National Archives and Records Administration (NARA) under 
44 U.S.C. 2904 and 2906.
    4. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such court or tribunal, when
    (a) SSA, or any component thereof; or
    (b) any SSA employee in his/her official capacity; or
    (c) any SSA employee in his/her individual capacity where DOJ (or 
SSA where it is authorized to do so) has agreed to represent the 
employee; or
    (d) the United States or any agency thereof where SSA determines 
the litigation is likely to affect SSA or any of its components,

    is a party to the litigation or has an interest in such litigation, 
and SSA determines that the use of such records by DOJ, a court or 
other tribunal, or another party before such tribunal, is relevant and 
necessary to the litigation, provided, however, that in each case, the 
agency determines that disclosure of the records to DOJ, court or other 
tribunal, or another party is a use of the information contained in the 
records that is compatible with the purpose for which the records were 
collected.
    5. To student volunteers, individuals working under a personal 
services contract, and other workers who technically do not have the 
status of Federal employees, when they are performing work for SSA, as 
authorized by law, and they need access to PII in SSA records in order 
to perform their assigned agency functions.
    6. To Federal, State and local law enforcement agencies and private 
security contractors as appropriate, information necessary:
    (a) To enable them to protect the safety of SSA employees and 
customers, the security of SSA workplace, and the operation of SSA 
facilities; or
    (b) to assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of SSA facilities.
    7. To appropriate agencies, entities, and persons when:
    (a) SSA suspects or has confirmed that there has been a breach of 
this system of records;
    (b) SSA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, SSA (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and
    (c) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with SSA's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    8. To the IRS, Department of Treasury, for the purpose of auditing 
SSA's compliance with the safeguard provisions of the IRC of 1986, as 
amended.
    9. To contractors and other Federal agencies, as necessary, for the 
purpose of assisting SSA in the efficient administration of its 
programs. We will disclose information under this routine use only in 
situations in which SSA may enter into a contractual or similar 
agreement with a third party to assist in accomplishing an agency 
function relating to this system of records.
    10. To another Federal agency or Federal entity, when SSA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in:
    (a) Responding to a suspected or confirmed breach; or
    (b) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    We will maintain records in this system in paper and electronic 
form.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    We will retrieve records in this system by the requestor's name, 
subject of control/assignment, or control/assignment description.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    These records are currently unscheduled. We retain records in 
accordance with NARA approved records schedules. In accordance with 
NARA rules codified at 36 CFR 1225.16, we maintain unscheduled records 
until NARA approves an agency-specific records schedule or publishes a 
corresponding General Records Schedule.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    We retain electronic and paper records with personal identifiers in 
secure storage areas accessible only by our authorized employees and 
contractors who have a need for the information when performing their 
official duties. Security measures include, but are not limited to, the 
use of codes and profiles, personal identification number and password, 
and personal identification verification cards. We restrict access to 
specific correspondence within the system based on assigned roles and 
authorized users assigned to specific component level

[[Page 55228]]

groups. We keep paper records in cabinets within secure areas, with 
access limited to only those employees who have an official need for 
access in order to perform their duties.
    We annually provide our employees and contractors with appropriate 
security awareness training that includes reminders about the need to 
protect PII and the criminal penalties that apply to unauthorized 
access to, or disclosure of, PII (5 U.S.C. 552a(i)(1)). Furthermore, 
employees and contractors with access to databases maintaining PII must 
sign a sanctions document annually acknowledging their accountability 
for inappropriately accessing or disclosing such information.

RECORD ACCESS PROCEDURES:
    Individuals may submit requests for information about whether this 
system contains a record about them by submitting a written request to 
the system manager at the above address, which includes their name or 
other information that may be in this system of records that will 
identify them. Individuals requesting notification of, or access to, a 
record by mail must include: (1) A notarized statement to us to verify 
their identity; or (2) must certify in the request that they are the 
individual they claim to be and that they understand that the knowing 
and willful request for, or acquisition of, a record pertaining to 
another individual under false pretenses is a criminal offense.
    Individuals requesting notification of, or access to, records in 
person must provide their name or other information that may be in this 
system of records that will identify them, as well as provide an 
identity document, preferably with a photograph, such as a driver's 
license. Individuals lacking identification documents sufficient to 
establish their identity must certify in writing that they are the 
individual they claim to be and that they understand that the knowing 
and willful request for, or acquisition of, a record pertaining to 
another individual under false pretenses is a criminal offense.
    These procedures are in accordance with our regulations at 20 CFR 
401.40 and 401.45.

CONTESTING RECORD PROCEDURES:
    Same as record access procedures. Individuals should also 
reasonably identify the record, specify the information they are 
contesting, and state the corrective action sought and the reasons for 
the correction with supporting justification showing how the record is 
incomplete, untimely, inaccurate, or irrelevant. These procedures are 
in accordance with our regulations at 20 CFR 401.65(a).

NOTIFICATION PROCEDURES:
    Same as record access procedures. These procedures are in 
accordance with our regulations at 20 CFR 401.40 and 401.45.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    71 FR 1800, Assignment and Correspondence Tracking (ACT) System.

[FR Doc. 2018-23943 Filed 11-1-18; 8:45 am]
 BILLING CODE P