Privacy Act of 1974; System of Records, 263-267 [2021-28490]

Agencies

• Social Security Administration

[Federal Register Volume 87, Number 2 (Tuesday, January 4, 2022)]
[Notices]
[Pages 263-267]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-28490]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION

[Docket No. SSA-2021-0015]


Privacy Act of 1974; System of Records

AGENCY: Social Security Administration (SSA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, we are issuing 
public notice of our intent to modify an existing system of records 
entitled, Master Files of Social Security Number (SSN) Holders and SSN 
Applications (60-0058), last published on December 29, 2010. This 
notice publishes details of the modified system as set forth below 
under the caption, SUPPLEMENTARY INFORMATION.

DATES: The system of records notice (SORN) is applicable upon its 
publication in today's Federal Register, with the exception of the new 
routine uses, which are effective February 3, 2022. We invite public 
comment on the routine uses or other aspects of this SORN. In 
accordance with the Privacy Act of 1974, we are providing the public a 
30-day period in which to submit comments. Therefore, please submit any 
comments by February 3, 2022.

ADDRESSES: The public, Office of Management and Budget (OMB), and 
Congress may comment on this publication by writing to the Executive 
Director, Office of Privacy and Disclosure, Office of the General 
Counsel, SSA, Room G-401 West High Rise, 6401 Security Boulevard, 
Baltimore, Maryland 21235-6401, or through the Federal e-Rulemaking 
Portal at https://www.regulations.gov. Please reference docket number 
SSA-2021-0015. All comments we receive will be available for public 
inspection at the above address and we will post them to https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Melissa M. Bellitto, Government 
Information Specialist, Privacy Implementation Division, Office of 
Privacy and Disclosure, Office of the General Counsel, SSA, Room G-401 
West High Rise, 6401 Security Boulevard, Baltimore, Maryland 21235-
6401, telephone: (410) 966-5855, email: [email protected].

SUPPLEMENTARY INFORMATION: We are modifying routine uses and adding new 
routine uses to this SORN. We are modifying routine uses:
     Number 1 that permits disclosures to employees (or agents 
on their behalf) to complete records for reporting wages;
     Number 25 that permits disclosures to the Department of 
Education for postsecondary education purposes;
     Number 32 that permits disclosures to the Department of 
Homeland Security for administration of E-Verify; and
     Number 40 that permits disclosures to the Corporation for 
National and Community Service for administration of the National and 
Community Service Act.
    We are clarifying the language in existing routine use numbers 3, 
4, 5, 11, 15, 18, 20, 22, 23, 29, and 47 for easier reading.
    We are adding routine uses that will permit disclosures to 
contractors, cooperative agreement awardees, Federal and State 
agencies, Federal congressional support agencies for research and 
statistical activities that increase knowledge of SSA programs; to 
State agencies or other local protective social service agencies, in 
situations involving suspected abuse, neglect, or exploitation of minor 
children or vulnerable adults; to State vital records agencies who have 
a contract with SSA, when necessary to inform the State vital records 
agency that death information it reported to SSA was determined to be 
erroneous; to the Department of Treasury for disclosure and 
verification of prisoner information for the purposes of tax 
administration, debt collections, and improper payments or collections 
of delinquent debts owed to the United States, as well as to State and 
Federal agencies for conducting statistical and research activities; to 
the Department of Health and Human Services Office of Child Support 
Enforcement for the administration of the Federal Parent Locator 
System; and to the Office of the President in response to an inquiry 
from that office made on behalf of, and at the request of, the subject 
of the record or a third party acting on the subject's behalf.
    In addition, we are also deleting the following routine uses, from 
the prior version of the SORN, published in the Federal Register on 
December 29, 2010 at 75 FR 82121, as they are covered under existing 
routine uses or no longer necessary:
     Number 5--this routine use permitted disclosures to a 
contractor for the purpose of collating, evaluating, analyzing, 
aggregating, or otherwise refining records;
     Number 7--this routine use permitted disclosures to the 
Department of Energy, for its epidemiological research study of the 
long-term effects of low-level radiation exposure, as permitted by SSA 
Regulations 20 CFR 401.150(c);
     Number 26--this routine use permitted disclosures to DVA 
or third parties under contract to DVA to disclose SSNs and dates of 
birth for the purposes of conducting medical research and 
epidemiological studies;
     Number 38 that permits disclosure to Federal, State, or 
congressional support agencies for research, evaluation, or statistical 
studies;
     Number 39--this routine use permitted disclosure to State 
and Territory motor vehicle administration agency officials, and to 
State and Territory chief election officials to verify the accuracy of 
information the State Agency provides with response to applications for 
voter registration; and
     Number 44--this routine use permitted disclosures to the 
Department of Health and Human Services, the Department of 
Agriculture's National Finance Center, the Office of Personnel 
Management, the States, or the States' respective contractors or agents 
charged with administering the Pre-existing Condition Insurance Program 
(PCIP), to verify personal identification data (e.g., name, SSN, and 
date of birth) and to confirm citizenship status information in our 
records to assist these agencies with determining applicants' 
entitlement to benefits under PCIP.
    In addition, we are modifying the notice throughout to correct 
miscellaneous stylistic formatting and typographical errors of the 
previously published notice, and to ensure the language reads 
consistently across multiple systems. We are republishing the entire 
notice for ease of reference.
    In accordance with 5 U.S.C. 552a(r), we have provided a report to 
OMB and Congress on this modified system of records.

Matthew Ramsey,
Executive Director, Office of Privacy and Disclosure, Office of the 
General Counsel.

SYSTEM NAME AND NUMBER:
    Master Files of Social Security Number (SSN) Holders and SSN 
Applications, 60-0058.

SECURITY CLASSIFICATION:
    Unclassified.

[[Page 264]]

SYSTEM LOCATION:
    Social Security Administration, Office of Systems, Office of 
Systems Operations and Hardware Engineering, Robert M. Ball Building, 
6401 Security Boulevard, Baltimore, MD 21235-6401.

SYSTEM MANAGER(S):
    Social Security Administration, Deputy Commissioner for Retirement 
and Disability Policy, Office of Income Security Programs, 6401 
Security Boulevard, Baltimore, MD 21235-6401, (410) 966-5855.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Sections 205(a) and (c)(2) of the Social Security Act (42 U.S.C. 
405(a) and (c)(2)).

PURPOSE(S) OF THE SYSTEM:
    We use information in this system to assign SSNs and for a number 
of administrative and program purposes, including but not limited to: 
For various Old Age, Survivors, and Disability Insurance, Supplemental 
Security Income, and Medicare/Medicaid claims purposes; as a case 
control number; as a secondary beneficiary cross-reference control 
number for enforcement purposes; for verification of individual 
identity factors; and for other claims purposes related to establishing 
benefit entitlement. We use information in this system:
     For the general administration of the Social Security Act 
to ensure the accuracy of enumeration related information in other SSA 
systems;
     to prevent the processing of an SSN card application for a 
person whose application we identified was supported by evidence that 
either:
    [cir] We suspect may be fraudulent and we are verifying evidence, 
or
    [cir] we determined to be fraudulent information;
     to record accurate earnings information to the correct 
individual;
     to prevent issuance of multiple SSNs to a person;
     for resolution of earnings discrepancy cases; and
     for research and statistical activities.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system contains a record of each person who has applied for 
and to whom we have assigned an SSN. This system also contains records 
of each person who applied for an SSN, but to whom we did not assign 
one for one of the following reasons: (1) His or her application was 
supported by documents that we suspect may be fraudulent and we are 
verifying the documents with the issuing agency; (2) we have determined 
the person submitted fraudulent documents; (3) we do not suspect fraud 
but we need to further verify information the person submitted or we 
need additional supporting documents; or (4) we have not yet completed 
processing the application.

CATEGORIES OF RECORDS IN THE SYSTEM:
    We collect applications for SSNs. This system contains all of the 
information we received on the applications for SSNs (e.g., name, date 
and place of birth, sex, both parents' names, reference number, and 
alien registration number) and all information obtained during the 
processing of the SSN request. The system also contains:
     Changes in the information on the applications the SSN 
holders submit;
     information from applications supported by evidence we 
suspect or determine to be fraudulent, along with the mailing addresses 
of the persons who filed such applications and descriptions of the 
documentation they submitted;
     cross-references when multiple numbers have been issued to 
the same person;
     a form code that identifies the Form SS-5 (Application for 
a Social Security Card Number) as the application the person used for 
the initial issuance of an SSN, or for changing the identifying 
information (e.g., a code indicating original issuance of the SSN, or 
that we assigned the person's SSN through our enumeration at birth 
program);
     a citizenship code that identifies the number holder's 
status as a U.S. citizen or the work authorization of a non-citizen;
     a special indicator code that identifies types of 
questionable data or special circumstances concerning an application 
for an SSN (e.g., false identity; illegal alien; scrambled earnings);
     an indication that an SSN was assigned based on 
harassment, abuse, or life endangerment;
     an indication that a person has filed a benefit claim 
under a particular SSN; and
     other indicators needed to process SSN requests.

RECORD SOURCE CATEGORIES:
    We obtain information in this system of records from SSN applicants 
(or persons acting on their behalf), as well as Federal, State, and 
local agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    We will disclose records pursuant to the following routine uses; 
however, we will not disclose any information defined as ``return or 
return information'' under 26 U.S.C. 6103 of the Internal Revenue Code 
(IRC), unless authorized by a statute, the Internal Revenue Service 
(IRS), or IRS regulations.
    1. To employers (or agents on their behalf) in order to complete 
their records for reporting wages to us pursuant to the Federal 
Insurance Contributions Act and section 218 of the Social Security Act.
    2. To Federal, State, and local entities to assist them with 
administering income maintenance and health-maintenance programs, when 
a Federal statute authorizes them to use the SSN.
    3. To the Department of Justice (DOJ) for investigating and 
prosecuting violations of the Social Security Act.
    4. To Department of Homeland Security, upon request, to identify 
and locate aliens in the United States pursuant to section 290(b) of 
the Immigration and Nationality Act (8 U.S.C. 1360(b)).
    5. To the Railroad Retirement Board (RRB), for the purpose of 
administering provisions of the Social Security Act relating to 
railroad employment and for administering the Railroad Unemployment 
Insurance Act.
    6. To the Department of the Treasury, for:
    (a) Tax administration as defined in section 6103 of the IRC (26 
U.S.C. 6103);
    (b) investigating the alleged theft, forgery, or unlawful 
negotiation of Social Security checks; and
    (c) administering those sections of the IRC that grant tax benefits 
based on support or residence of children. As required by section 
1090(b) of the Taxpayer Relief Act of 1997, Public Law 105-34, this 
routine use applies specifically to the SSNs of parents show on an 
application for an SSN for a person who has not yet attained age 18.
    7. To a congressional office in response to an inquiry from that 
office made on behalf of, and at the request of, the subject of the 
record or third party acting on the subject's behalf.
    8. To the Department of State for administering the Social Security 
Act in foreign countries through its facilities and services.
    9. To the American Institute, a private corporation under contract 
to the Department of State, for administering the Social Security Act 
on Taiwan through facilities and services of that agency.

[[Page 265]]

    10. To the Department of Veterans Affairs (DVA), Regional Office, 
Manila, Philippines, for the administration of the Social Security Act 
in the Philippines and other parts of the Asia-Pacific region through 
services and facilities of that agency.
    11. To the Department of Labor for administering provisions of 
Title IV of the Federal Coal Mine Health and Safety Act, as amended by 
the Black Lung Benefits Act, and for studies on the effectiveness of 
training programs to combat poverty.
    12. To DVA:
    (a) To validate SSNs of compensation recipients/pensioners so that 
DVA can release accurate pension/compensation data to us for Social 
Security program purposes; and
    (b) upon request, for purposes of determining eligibility for, or 
amount of DVA benefits, or verifying other information with respect 
thereto.
    13. To Federal agencies that use the SSN as a numerical identifier 
in their record-keeping systems for the purpose of validating SSNs.
    14. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such court or tribunal, when:
    (a) SSA, or any component thereof; or
    (b) any SSA employee in his or her official capacity; or:
    (c) Any SSA employee in his or her individual capacity where DOJ 
(or SSA, where it is authorized to do so) has agreed to represent the 
employee; or
    (d) the United States or any agency thereof where we determine the 
litigation is likely to us or any of its components, is a party to the 
litigation or has an interest in such litigation, and SSA determines 
that the use of such records by DOJ, a court or other tribunal, or 
another party before the tribunal is relevant and necessary to the 
litigation, provided, however, that in each case, we determine that 
such disclosure is compatible with the purpose for which the records 
were collected.
    15. To State audit agencies for the purpose of:
    (a) Auditing State supplementation payments and Medicaid 
eligibility considerations; and
    (b) expenditures of Federal funds by the State in support of the 
Disability Determination Services.
    16. To the Social Security agency of a foreign country to carry out 
the purpose of an international social security agreement entered into 
between the United States and the other country, pursuant to section 
233 of the Social Security Act.
    17. To Federal, State, or local agencies (or agents on their 
behalf), for administering income or health maintenance programs 
including programs under the Social Security Act. Such disclosures 
include the release of information to the following agencies, but are 
not limited to:
    (a) RRB, for administering provisions of the Railroad Retirement 
Act and Social Security Act, relating to railroad employment, and for 
administering provisions of the Railroad Unemployment Insurance Act;
    (b) VA, for administering 38 U.S.C. 1312, and upon request, for 
determining eligibility for, or amount of, veterans' benefits or for 
verifying other information with respect thereto pursuant to 38 U.S.C. 
5106;
    (c) Department of Labor for administering provisions of Title IV of 
the Federal Coal Mine Health and Safety Act, as amended by the Black 
Lung Benefits Act.
    18. To State welfare departments:
    (a) Pursuant to agreements with us, for the administration of State 
supplementation payments;
    (b) for enrollment of welfare beneficiaries for medical insurance 
under section 1843 of the Social Security Act; and
    (c) for conducting independent quality assurance reviews of SSI 
beneficiary records, provided that the agreement for Federal 
administration of the supplementation provides for such an independent 
review.
    19. To third party contacts (e.g., State bureaus of vital 
statistics and the Department of Homeland Security) that issue 
documents to persons when the third party has, or is expected to have, 
information that will verify documents when we are unable to determine 
if such documents are authentic.
    20. To the Department of Justice, Criminal Division, Human Rights 
and Special Prosecutions Section, upon receipt of a request for 
information pertaining to the identity and location of aliens for the 
purpose of detecting, investigating and, where appropriate, taking 
legal action against suspected participants in Nazi persecution, 
genocide, and torture or extra judicial killings in the United States.
    21. To the Selective Service System for the purpose of enforcing 
draft registration pursuant to the provisions of the Military Selective 
Service Act (50 U.S.C. App. 462, as amended by section 916 of Pub. L. 
97-86).
    22. To contractors and other Federal agencies, as necessary, for 
assisting SSA in the efficient administration of its programs. We will 
disclose information under this routine use only in situations in which 
SSA may enter into a contractual or similar agreement with a third 
party to assist in accomplishing an agency function relating to this 
system of records.
    23. To the National Archives and Records Administration (NARA) 
under 44 U.S.C. 2904 and 2906.
    24. To the Office of Personnel Management (OPM) upon receipt of a 
request from that agency in accordance with 5 U.S.C. 8347(m)(3), to 
disclose SSN information when OPM needs the information to administer 
its pension program for retired Federal Civil Service employees.
    25. To the Department of Education, upon request, to verify SSNs 
and to disclose citizenship status concerning applicants who apply to 
postsecondary educational institutions for financial assistance under 
Title IV of the Higher Education Act of 1965 (20 U.S.C. 1091).
    26. To student volunteers, individuals working under a personal 
services contract, and other workers who technically do not have the 
status of Federal employees, when they are performing work for us, as 
authorized by law, and they need access to personally identifiable 
information (PII) in our records in order to perform their assigned 
agency functions.
    27. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary:
    (a) To enable them to ensure the safety of our employees and 
customers, the security of our workplace, and the operation of our 
facilities; or
    (b) to assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of our facilities.
    28. To recipients of erroneous Death Master File (DMF) information, 
to disclose corrections to information that resulted in erroneous 
inclusion of persons in the DMF.
    29. To State vital records and statistics agencies, the SSNs of 
newborn children for administering public health and income maintenance 
programs, including conducting statistical studies and evaluation 
projects.
    30. To State motor vehicle administration agencies (MVA) and to 
State agencies charged with administering State identification card 
programs for the public to verify names, dates of birth, and Social 
Security numbers on those persons who apply for, or for whom the State 
issues, driver's licenses or State identification cards.
    31. To entities conducting epidemiological or similar research

[[Page 266]]

projects, upon request, pursuant to section 1106(d) of the Social 
Security Act (42 U.S.C. 1306(d)), to disclose information as to whether 
a person is alive or deceased, provided that:
    (a) We determine, in consultation with the Department of Health and 
Human Services, that the research may reasonably be expected to 
contribute to a national health interest;
    (b) the requester agrees to reimburse us for the costs of providing 
the information; and
    (c) the requester agrees to comply with any safeguards and 
limitations we specify regarding re-release or re-disclosure of the 
information.
    32. To the Department of Homeland Security (DHS) and to employers 
for the administration of the E-Verify Program, pursuant to Public Law 
104-208, section 404(e). We will inform DHS and the employer 
participating in the E-Verify Program that the identifying data (SSN, 
name, and date of birth) furnished by an employer concerning a 
particular employee matches, or does not match, the data maintained in 
this system of records, and when there is such a match, that 
information in this system of records indicates that the employee is, 
or is not, a citizen of the United States.
    33. To a State Bureau of Vital Statistics (BVS) that is authorized 
by States to issue electronic death reports when the State BVS requests 
that we verify the SSN of a person on whom the State will file an 
electronic death report after we verify the SSN.
    34. To the Department of Defense (DOD) to disclose validated SSN 
information and citizenship status information for the purpose of 
assisting DOD in identifying those members of the Armed Forces and 
military enrollees who are aliens or non-citizen nationals who may 
qualify for expedited naturalization or citizenship processing. These 
disclosures will be made pursuant to requests made under section 329 of 
the Immigration and Nationality Act, 8 U.S.C. 1440, as executed by 
Executive Order 13269.
    35. To contractors, cooperative agreement awardees, State agencies, 
Federal agencies, and Federal congressional support agencies for 
research and statistical activities that are designed to increase 
knowledge about present or alternative Social Security programs; are of 
importance to the Social Security program or the Social Security 
beneficiaries; or are for an epidemiological project that relates to 
the Social Security program or beneficiaries. We will disclose 
information under this routine use pursuant only to a written agreement 
with us.
    36. To State and Territory MVA officials (or agents or contractors 
on their behalf) and State and Territory chief election officials, 
under the provisions of section 205(r)(8) of the Social Security Act 
(42 U.S.C. 405(r)(8)), to verify the accuracy of information the State 
agency provides with respect to applications for voter registration for 
those persons who do not have a driver's license number:
    (a) When the applicant provides the last four digits of the SSN, or
    (b) when the applicant provides the full SSN, in accordance with 
section 7 of the Privacy Act (5 U.S.C. 552a note), as described in 
section 303(a)(5)(D) of the Help America Vote Act of 2002. (42 U.S.C. 
15483(a)(5)(D)).
    37. To the Secretary of Health and Human Services or to any State, 
any record or information requested in writing by the Secretary for the 
purpose of administering any program administered by the Secretary, if 
we disclosed records or information of such type under applicable 
rules, regulations, and procedures in effect before the date of 
enactment of the Social Security Independence and Program Improvements 
Act of 1994.
    38. To appropriate agencies, entities, and persons when:
    (a) SSA suspects or has confirmed that there has been a breach of 
the system of records;
    (b) SSA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, SSA (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and
    (c) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with SSA's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    39. To State agencies charged with administering Medicaid and the 
Children's Health Insurance Program (CHIP) to verify personal 
identification data (e.g., name, SSN, and date of birth) and to 
disclose citizenship status information to assist them in determining 
new applicants' entitlement to benefits provided by the CHIP.
    40. To the Department of Health and Human Services/Centers for 
Medicare and Medicaid Services for the purpose of the administration of 
Insurance Affordability Programs (IAP) and to identify individuals who 
qualify for an exemption from the individual responsibility requirement 
in accordance with the Patient Protection and Affordable Care Act of 
2010 (Pub. L. 111-148), as amended by the Health Care and Education 
Reconciliation Act of 2010 (Pub. L. 111-152). IAPs include a Qualified 
Health Plan through the Exchange, Advance Payments of the Premium Tax 
Credit, Cost Sharing Reductions, Medicaid, the Children's Health 
Insurance Program, and the Basic Health Program.
    41. To the Corporation for National and Community Service, upon 
request, to verify SSNs and to provide citizenship status as recorded 
in our records concerning individuals applying to serve in approved 
national service positions and those designated to receive national 
service education awards under the National and Community Service Act.
    42. To another Federal agency or Federal entity, when SSA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in:
    (a) Responding to a suspected or confirmed breach; or
    (b) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    43. To State and local government agencies, in situations involving 
suspected abuse, neglect, or exploitation of minor children or 
vulnerable adults, to report suspected abuse or determine a victim's 
eligibility for services.
    44. To a State BVS, when it provided SSA information that an 
individual was deceased to notify the State of the error in the record 
so furnished.
    45. To the Department of the Treasury, for purposes of tax 
administration, debt collection, and identifying, preventing, and 
recovering improper payments under federally funded programs and to 
Federal and State agencies for conducting statistical and research 
activities, pursuant to sections 202(x) and 1611(e) of the Social 
Security Act. We will disclose only verified prisoner information 
(e.g., name, SSN, gender code, and date of birth) under this routine 
use.
    46. To the Office of the President in response to an inquiry from 
that office made on behalf of, and at the request of, the subject of 
the record or a third party acting on the subject's behalf.
    47. To the Department of Health and Human Services, Office of Child 
Support Enforcement, as required by section 453(e)(2) and (j)(1) of the 
Social

[[Page 267]]

Security Act for the administration of the Federal Parent Locator 
System.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    We will maintain records in this system in paper and in electronic 
form.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    This system maintains information about individuals by SSN, name, 
date of birth, the agency's internal processing reference number, or 
alien registration number. If we deny an application because the 
applicant submitted fraudulent evidence, or if we are verifying 
evidence we suspect to be fraudulent, we will retrieve records either 
by the applicant's name plus month and year of birth, or by the 
applicant's name plus the eleven-digit reference number of the 
disallowed application.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    In accordance with NARA rules codified at 36 CFR 1225.16, we 
maintain records in accordance with an agency-specific records 
schedule, N1-47-09-02, Enumeration System, item 2, and the approved 
NARA General Records Schedule 4.2, items 020, 050, and 130.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    We retain electronic and paper files containing personal 
identifiers in secure storage areas accessible only by our authorized 
employees and contractors who have a need for the information when 
performing their official duties. Security measures include, but are 
not limited to, the use of codes and profiles, personal identification 
number and password, and personal identification verification cards. We 
restrict access to specific correspondence within the system based on 
assigned roles and authorized users. We keep paper records in cabinets 
within secure areas, with access limited to only those employees who 
have an official need for access in order to perform their duties. We 
use audit mechanisms to record sensitive transactions as an additional 
measure to protect information from unauthorized disclosure or 
modification.
    We annually provide our employees and contractors with appropriate 
security awareness training that includes reminders about the need to 
protect PII and the criminal penalties that apply to unauthorized 
access to, or disclosure of, PII (5 U.S.C. 552a(i)(1)). Furthermore, 
employees and contractors with access to databases maintaining PII must 
annually sign a sanctions document that acknowledges their 
accountability for inappropriately accessing or disclosing such 
information.

RECORD ACCESS PROCEDURES:
    Individuals may submit requests for information about whether this 
system contains a record about them by submitting a written request to 
the system manager at the above address, which includes their name, 
SSN, or other information that may be in this system of records that 
will identify them. Individuals requesting notification of, or access 
to, a record by mail must include: (1) A notarized statement to us to 
verify their identity; or (2) must certify in the request that they are 
the individual they claim to be and that they understand that the 
knowing and willful request for, or acquisition of, a record pertaining 
to another individual under false pretenses is a criminal offense.
    Individuals requesting notification of, or access to, records in 
person must provide their name, SSN, or other information that may be 
in this system of records that will identify them, as well as provide 
an identity document, preferably with a photograph, such as a driver's 
license. Individuals lacking identification documents sufficient to 
establish their identity must certify in writing that they are the 
individual they claim to be and that they understand that the knowing 
and willful request for, or acquisition of, a record pertaining to 
another individual under false pretenses is a criminal offense.
    These procedures are in accordance with our regulations at 20 CFR 
401.40 and 401.45.

CONTESTING RECORD PROCEDURES:
    Same as record access procedures. Individuals should also 
reasonably identify the record, specify the information they are 
contesting, and state the corrective action sought and the reasons for 
the correction with supporting justification showing how the record is 
incomplete, untimely, inaccurate, or irrelevant. These procedures are 
in accordance with our regulations at 20 CFR 401.65(a).

NOTIFICATION PROCEDURES:
    Same as records access procedures. These procedures are in 
accordance with our regulations at 20 CFR 401.40 and 401.45.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    75 FR 82121, Master Files of Social Security Number (SSN) Holders 
and SSN Applications.
    78 FR 40542, Master Files of Social Security Number (SSN) Holders 
and SSN Applications.
    79 FR 8780, Master Files of Social Security Number (SSN) Holders 
and SSN Applications.
    83 FR 31250, Master Files of Social Security Number (SSN) Holders 
and SSN Applications.
    83 FR 31251, Master Files of Social Security Number (SSN) Holders 
and SSN Applications.
    83 FR 54969, Master Files of Social Security Number (SSN) Holders 
and SSN Applications.

[FR Doc. 2021-28490 Filed 1-3-22; 8:45 am]
BILLING CODE 4191-02-P