Privacy Act of 1974; System of Records, 67106-67109 [2022-24174]

Agencies

• Social Security Administration

[Federal Register Volume 87, Number 214 (Monday, November 7, 2022)]
[Notices]
[Pages 67106-67109]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-24174]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION

[Docket No. SSA-2022-0031]


Privacy Act of 1974; System of Records

AGENCY: Social Security Administration (SSA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, we are issuing 
public notice of our intent to modify an

[[Page 67107]]

existing system of records entitled, Visitor Intake Process--Customer 
Service Record System (60-0350), last published on December 17, 2007. 
This notice publishes details of the modified system as set forth below 
under the caption, SUPPLEMENTARY INFORMATION.

DATES: The system of records notice (SORN) is applicable upon its 
publication in today's Federal Register, with the exception of the new 
routine uses, which are effective December 7, 2022. We invite public 
comment on the routine uses or other aspects of this SORN. In 
accordance with the Privacy Act of 1974, we are providing the public a 
30-day period in which to submit comments. Therefore, please submit any 
comments by December 7, 2022.

ADDRESSES: The public, Office of Management and Budget (OMB), and 
Congress may comment on this publication by writing to the Executive 
Director, Office of Privacy and Disclosure, Office of the General 
Counsel, SSA, Room G-401 West High Rise, 6401 Security Boulevard, 
Baltimore, Maryland 21235-6401, or through the Federal e-Rulemaking 
Portal at https://www.regulations.gov. Please reference docket number 
SSA-2022-0031. All comments we receive will be available for public 
inspection at the above address and we will post them to https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Tristin Dorsey, Government Information 
Specialist, Privacy Implementation Division, Office of Privacy and 
Disclosure, Office of the General Counsel, SSA, Room G-401 West High 
Rise, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, 
telephone: (410) 966-5855, email: [email protected] and Elisa 
Vasta, Government Information Specialist, Privacy Implementation 
Division, Office of Privacy and Disclosure, Office of the General 
Counsel, SSA, Room G-401 West High Rise, 6401 Security Boulevard, 
Baltimore, Maryland 21235-6401, telephone: (410) 966-5855, email: 
[email protected].

SUPPLEMENTARY INFORMATION: We are modifying the system of records name 
from ``Visitor Intake Process--Customer Service Record System'' to 
``Appointments, Visitor Information, and Customer Service Record 
System'' to accurately reflect the system. We are clarifying the system 
location to recognize that we may also maintain records in a cloud-
based environment. We are also modifying the authority for maintenance 
of the system to include section 205(a) of the Social Security Act. We 
are expanding the purposes for which SSA may use the information in the 
system to include establishing, rescheduling, and cancelling 
appointments and tracking opt-in and opt-out of electronic messaging 
selections.
    In addition, we are clarifying the categories of individuals 
covered by the system and the categories of records maintained in the 
system for easier reading. We are expanding the record source 
categories to include individuals who schedule, reschedule, or cancel 
appointments and additional existing SSA systems of records. We are 
revising routine uses No. 3 and 8 to incorporate gender-inclusive 
language, in support of E.O. 13988, Preventing and Combating 
Discrimination on the Basis of Gender Identity or Sexual Orientation. 
We are also adding three new routine uses to permit disclosures to 
appropriate agencies, entities, and persons to assist us in addressing 
a suspected or confirmed breach; to third parties when an individual 
involved with a request needs assistance to communicate because of a 
hearing impairment or a language barrier (e.g., to interpreters, 
telecommunications relay system operators); and to contractors, 
cooperative agreement awardees, Federal and State agencies, and Federal 
congressional support agencies for research and statistical activities. 
In the past, we disclosed information from this system of records to 
the entities listed above under our efficient administration routine 
use. We are establishing this new routine use to distinguish 
disclosures that we make specifically for research purposes.
    Lastly, we are clarifying in the policies and practices for the 
storage of records that SSA will maintain records in electronic form 
only. We are modifying the policies and practices for the retrieval of 
records to clarify that we will also retrieve records by date of birth 
and internal agency processing reference numbers. We are modifying 
record access procedures to remove references to telephone, for 
consistency with agency access regulations. We are also modifying the 
notice throughout to correct miscellaneous stylistic formatting and 
typographical errors of the previously published notice, and to ensure 
the language reads consistently across multiple systems. We are 
republishing the entire notice for ease of reference.
    In accordance with 5 U.S.C. 552a(r), we have provided a report to 
OMB and Congress on this modified system of records.

Matthew Ramsey,
Executive Director, Office of Privacy and Disclosure, Office of the 
General Counsel.

SYSTEM NAME AND NUMBER:
    Appointments, Visitor Information, and Customer Service Record 
System, 60-0350

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Social Security Administration, Office of Systems, Robert M. Ball 
Building, 6401 Security Boulevard, Baltimore, MD 21235-6401.
    Information is also located in additional locations in connection 
with cloud-based services and kept at an additional location as backup 
for business continuity purposes.

SYSTEM MANAGER(S):
    Social Security Administration, Deputy Commissioner for Systems, 
6401 Security Boulevard, Baltimore, MD 21235-6401, (410) 966-5855.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Sections 205(a), 222, 223, 225, 1611, 1615, 1631, and 1633 of the 
Social Security Act, as amended; and the Federal Records Act of 1950, 
as amended.

PURPOSE(S) OF THE SYSTEM:
    We use the information in this system of records to:
     Provide management information on interviews;
     Provide a source for customer service record data 
collection for interviews and capture discrete data about the volume 
and nature of inquiries to support management decisions in the areas of 
process improvement and resource allocation;
     Assist with filing claims for benefits under titles II 
and/or XVI; transacting post-entitlement actions, if currently entitled 
to benefits under titles II and/or XVI; and transacting applications 
for a Social Security number (SSN) and other actions related to an SSN;
     Establish, reschedule, or cancel appointments; or other 
actions or queries that may require an interview at SSA;
     Track opt-in and opt-out of electronic messaging 
selections; and
     Provide a means of collecting information, and generating 
``High Risk'' alerts, when applicable, concerning individuals we 
reasonably believe will attempt to contact one of our facilities and 
may pose a security risk, including

[[Page 67108]]

individuals who attempt, threaten, or commit an act of violence or a 
violent crime, or have an outstanding arrest warrant. We will use 
information collected from the ``High Risk'' alert to advise the intake 
employees at any SSA office that the potential security risk may 
require them to use extra caution when dealing with the individual who 
is before them and/or who has scheduled an appointment. This 
information allows us to create a standard approach to ensure the 
safety of SSA employees, visitors, security personnel, and facilities.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system maintains information about individuals who visit an 
SSA office, including those conducting business with SSA and 
individuals that may accompany such visitor; individuals who establish, 
reschedule, or cancel an appointment with SSA (e.g., applicants, 
claimants, beneficiaries, recipients, third-party assistors, attorneys, 
non-attorney representatives, and representative payees); and 
individuals we reasonably believe will attempt to contact one of our 
facilities to conduct business and may pose a security risk, including 
those who attempt, threaten, or commit an act of violence or a violent 
crime or have an outstanding arrest warrant.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system maintains records on visitors including, but not 
limited to:
     Visitor information, such as SSN; name; date of birth; 
relationship to the applicant or beneficiary; mailing address; email 
address; telephone number; the time the visitor entered and left the 
office; an assigned group number; and the number of interviews and any 
remarks associated with the visit;
     Appointment information, such as date, time, type, and 
source of appointment; appointment unit number (unit establishing 
appointment); length of the appointment; internal agency processing 
reference numbers (e.g., transaction number or unique identifier); opt-
in and opt-out of electronic messaging selections; and name of office 
facilitating the appointment;
     Notice information, such as close-out notice type (e.g., 
title II 6-month closeout letter, title XVI SSA-L991) and date/time 
sent;
     Confirmations of scheduled, rescheduled, and cancelled 
appointments;
     Interview information, such as each occurrence; subject of 
interview; waiting time; preferred language; type of translator; the 
number of the interviews pending in the queue; interview disposition 
(e.g., completed, deleted, left without service); interview priority; 
start and end time; and name of interviewer;
     ``High Risk'' alert information about individuals we 
reasonably believe will attempt to contact one of our facilities and 
may pose a security risk, including individuals who attempt, threaten, 
or commit an act of violence or a violent crime or have an outstanding 
arrest warrant (e.g., name, SSN, date of birth, specific nature of the 
threat or act of violence, and the date, time, and location of the 
threat or act of violence); and
     Source of the report from the Automated Incident Reporting 
System.

RECORD SOURCE CATEGORIES:
    We obtain information in this system from individuals who schedule, 
reschedule, or cancel appointments, visit, or participate in interviews 
at SSA, which may include applicants, claimants, beneficiaries, 
appointed representatives, representative payees, and third parties; 
local, State, and Federal agencies; SSA-generated information, such as 
computer date/time stamps at various points in the interview process; 
and additional existing SSA systems of records such as the Master Files 
of SSN Holders and SSN Applications, 60-0058; Claims Folders System, 
60-0089; Master Beneficiary Record, 60-0090; Supplemental Security 
Income Record and Special Veterans Benefits, 60-0103; Pay, Leave, and 
Attendance Records, 60-0238; Personnel Records in Operating Offices, 
60-0239; Electronic Disability Claim File, 60-0320; Requests for 
Accommodations from Members of the Public (RAMP), 60-0378; and Social 
Security Administration Violence Evaluation and Reporting System, 60-
0379.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    We will disclose records pursuant to the following routine uses; 
however, we will not disclose any information defined as ``return or 
return information'' under 26 U.S.C. 6103 of the Internal Revenue Code 
(IRC), unless authorized by a statute, the Internal Revenue Service 
(IRS), or IRS regulations.
    1. To the Office of the President, in response to an inquiry from 
that office made on behalf of, and at the request of, the subject of 
the record or a third party acting on the subject's behalf.
    2. To a congressional office in response to an inquiry from that 
office made on behalf of, and at the request of, the subject of the 
record or third party acting on the subject's behalf.
    3. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such court or tribunal, when:
    (a) SSA, or any component thereof; or
    (b) any SSA employee in their official capacity; or:
    (c) any SSA employee in their individual capacity where DOJ (or 
SSA, where it is authorized to do so) has agreed to represent the 
employee; or
    (d) the United States or any agency thereof where we determine the 
litigation is likely to affect SSA or any of its components, SSA is a 
party to the litigation or has an interest in such litigation, and SSA 
determines that the use of such records by DOJ, a court or other 
tribunal, or another party before the tribunal is relevant and 
necessary to the litigation, provided, however, that in each case, we 
determine that such disclosure is compatible with the purpose for which 
the records were collected.
    4. To contractors and other Federal agencies, as necessary, for 
assisting SSA in the efficient administration of its programs. We will 
disclose information under this routine use only in situations in which 
SSA may enter into a contractual or similar agreement with a third 
party to assist in accomplishing an agency function relating to this 
system of records.
    5. To student volunteers, individuals working under a personal 
services contract, and other workers who technically do not have the 
status of Federal employees, when they are performing work for us, as 
authorized by law, and they need access to personally identifiable 
information (PII) in our records in order to perform their assigned 
agency functions.
    6. To the National Archives and Records Administration (NARA) under 
44 U.S.C. 2904 and 2906.
    7. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary:
    (a) to enable them to ensure the safety of our employees and 
customers, the security of our workplace, and the operation of our 
facilities; or
    (b) to assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of our facilities.
    8. To the appropriate law enforcement official, SSA may disclose 
information regarding a Social Security beneficiary,

[[Page 67109]]

claimant, attorney, non-attorney representative, or representative 
payee who is the subject of an outstanding arrest warrant for having 
committed, or having attempted to commit, a violent crime for the 
purposes of determining whether SSA should include an individual's 
information in this system or remove an individual's information from 
the system because they no longer meet the criteria (e.g., the 
individual is in custody of law enforcement, is no longer a suspect, 
has been exonerated, or is deceased).
    9. To another Federal agency or Federal entity, when we determine 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in:
    (a) responding to a suspected or confirmed breach; or
    (b) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    10. To appropriate agencies, entities, and persons when:
    (a) SSA suspects or has confirmed that there has been a breach of 
the system of records;
    (b) SSA has determined that, as a result of the suspected or 
confirmed breach, there is a risk of harm to individuals, SSA 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and
    (c) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with SSA's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    11. To third parties when an individual involved with a request 
needs assistance to communicate because of a hearing impairment or a 
language barrier (e.g., to interpreters, telecommunications relay 
system operators).
    12. To contractors, cooperative agreement awardees, State agencies, 
Federal agencies, and Federal congressional support agencies for 
research and statistical activities that are designed to increase 
knowledge about present or alternative Social Security programs; are of 
importance to the Social Security program or beneficiaries; or are for 
an epidemiological project that relates to the Social Security program 
or beneficiaries. We will disclose information under this routine use 
pursuant only to a written agreement between the organization or agency 
and SSA.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    We maintain records in this system in electronic form.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    We will retrieve records by SSN, name, date of birth, and internal 
agency processing reference numbers.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    In accordance with NARA rules codified at 36 CFR 1225.16, we 
maintain records in accordance with approved NARA General Records 
Schedule (GRS) 3.1, item 011 and GRS 6.5, item 010.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    We retain electronic files containing personal identifiers in 
secure storage areas accessible only by our authorized employees and 
contractors who have a need for the information when performing their 
official duties. Security measures include, but are not limited to, the 
use of codes and profiles, personal identification numbers and 
passwords, and personal identification verification cards. We restrict 
access to specific correspondence within the system based on assigned 
roles and authorized users. We use audit mechanisms to record sensitive 
transactions as an additional measure to protect information from 
unauthorized disclosure or modification.
    We annually provide our employees and contractors with appropriate 
security awareness training that includes reminders about the need to 
protect PII and the criminal penalties that apply to unauthorized 
access to, or disclosure of, PII (5 U.S.C. 552a(i)(1)). Furthermore, 
employees and contractors with access to databases maintaining PII must 
annually sign a sanctions document that acknowledges their 
accountability for inappropriately accessing or disclosing such 
information.

RECORD ACCESS PROCEDURES:
    Individuals may submit requests for information about whether this 
system contains a record about them by submitting a written request to 
the system manager at the above address, which includes their name, 
SSN, or other information that may be in this system of records that 
will identify them. Individuals requesting notification of, or access 
to, a record by mail must include: (1) a notarized statement to us to 
verify their identity; or (2) must certify in the request that they are 
the individual they claim to be and that they understand that the 
knowing and willful request for, or acquisition of, a record pertaining 
to another individual under false pretenses is a criminal offense.
    Individuals requesting notification of, or access to, records in 
person must provide their name, SSN, or other information that may be 
in this system of records that will identify them, as well as provide 
an identity document, preferably with a photograph, such as a driver's 
license. Individuals lacking identification documents sufficient to 
establish their identity must certify in writing that they are the 
individual they claim to be and that they understand that the knowing 
and willful request for, or acquisition of, a record pertaining to 
another individual under false pretenses is a criminal offense.
    These procedures are in accordance with our regulations at 20 CFR 
401.40 and 401.45.

CONTESTING RECORD PROCEDURES:
    Same as record access procedures. Individuals should also 
reasonably identify the record, specify the information they are 
contesting, and state the corrective action sought and the reasons for 
the correction with supporting justification showing how the record is 
incomplete, untimely, inaccurate, or irrelevant. These procedures are 
in accordance with our regulations at 20 CFR 401.65(a).

NOTIFICATION PROCEDURES:
    Same as records access procedures. These procedures are in 
accordance with our regulations at 20 CFR 401.40 and 401.45.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    72 FR 71470, Visitor Intake Process--Customer Service Record 
System.
    83 FR 54969, Visitor Intake Process--Customer Service Record 
System.

[FR Doc. 2022-24174 Filed 11-4-22; 8:45 am]
BILLING CODE 4191-02-P