Browse: Departments   Dates   Agencies  

NOTICE: NOTICES

DOCUMENT ACTION: Proposed New Routine Use for Existing Systems of Records.

SUBJECT CATEGORY: Privacy Act of 1974, as Amended; Alteration to Existing Systems of Records

DATES: We filed a report of the proposed new routine use disclosure with the Chairman of the Senate Committee on Homeland Security and Governmental Affairs, the Chairman of the House Committee on Oversight and Government Reform, and the Director, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB) on November 19, 2007. The proposed routine use will become effective on December 24, 2007, unless we receive comments warranting it not to become effective.

DOCUMENT SUMMARY: As mandated by the Office of Management and Budget (OMB) in Memorandum M0716, recommended by the President's Identity Theft Task Force, and in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and (11)), we are issuing public notice of our intent to establish a new routine use disclosure applicable to SSA's systems of records listed below under section I of the Supplementary Information section. The proposed routine use specifically permits the disclosure of SSA information in connection with response and remediation efforts in the event of an unintentional release of Agency information, otherwise known as a ``data security breach.'' Such a routine use would serve to protect the interests of the people whose information is at risk by allowing us to take appropriate steps to facilitate a timely and effective response to a data breach. It would also help us to improve our ability to prevent, minimize, or remedy any harm that may result from a compromise of data maintained in our systems of records. We invite public comment on this proposal.

SUMMARY: Privacy Act; systems of records,

SUPPLEMENTAL INFORMATION

OMB has mandated and the President's Identity Theft Task Force recommended that Federal agencies develop and publish a routine use for appropriate systems of records that allows for the disclosure of information in connection with the response and remedial efforts in the event of a data breach.

Subsection (b)(3) of the Privacy Act provides that information from an agency's system of records may be disclosed without a subject individual's consent if the disclosure is ``for a routine use as defined in subsection (a)(7) of this section and described under subsection (e)(4)(D) of this section.'' 5 U.S.C. 552a(b)(3). Subsection (a)(7) of the Act states that ``the term `routine use' means, with respect to the disclosure of a record, the use of such record for a purpose which is compatible with the purpose for which it was collected.'' 5 U.S.C. 552a(a)(7). Providing information to help respond to and remediate a breach of Federal data qualifies as a necessary and proper use of information. Such a use is in the best interest of both the individual whose record is at issue and the public.

The Privacy Act requires that agencies publish notification in the Federal Register of ``each routine use of the records contained in the system, including the categories of users and the purpose of such use.'' 5 U.S.C. 552a(e)(4)(D). Based on OMB's recommended language, we have developed the following routine use that we will apply to nearly all of our Privacy Act systems of records,\1\ and that will allow for disclosure to appropriate agencies, entities, and persons under the following circumstances:
\1\ Our Privacy Act systems of records that contain data protected under the Internal Revenue Code (IRC) will not contain this routine use as the IRC does not contain a provision that permits disclosure for this purpose.

We may disclose information to appropriate Federal, State, and local agencies, entities, and persons when (1) we suspect or confirm that the security or confidentiality of information in this system of records has been compromised; (2) we determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs of SSA that rely upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. SSA will use this routine use to respond only to those incidents involving an unintentional release of its records.

In nearly all cases, we will immediately notify affected individuals before informing any other entity. In the rare event that law enforcement needs require us to delay consumer notification, this delay will be limited to the minimum amount of time needed. Timely notification allows individuals the opportunity to minimize or prevent the occurrence of harm.

SSA will establish a new routine use to be included in the following systems of records:
[[Page 69724]]
Federal Register publication date/ System No. and name New routine use citation No. 600001Assignment and Correspondence No. 7...................... 71 FR 1800, 01/11/06. Tracking Act (ACT).
600002Optical System for No. 8...................... 71 FR 1802, 01/11/06. Correspondence Analysis and Response.
600003Attorney Fee File.............. No. 9...................... 71 FR 1803, 01/11/06. 600004Working File of the Appeals No. 6...................... 70 FR 60383, 10/17/05. Council.
600005Administrative Law Judge No. 8...................... 70 FR 60383, 10/17/05. Working File on Claimant Cases.
600006Storage of Hearing Records: No. 8...................... 71 FR 1805, 01/11/06. Tape Cassettes and Audiograph Discs.
600009Hearings and Appeals Case No. 4...................... 65 FR 46997, 08/01/00. Control System.
600010Hearing Office Tracking System No. 6...................... 71 FR 1806, 01/11/06. of Claimant Cases.
600012Listing and Alphabetical Name No. 7...................... 71 FR 1807, 01/11/06. File (Folder) of Vocational Experts,
Medical Experts, and Other Health Care/
NonHealth Care Professionals Experts
(Medicare).
600013Records of Usage of Medical No.7....................... 71 FR 1809, 01/11/06. Experts, Vocational Experts, and Other
Health Care/NonHealth Care
Professionals Experts (Medicare).
600014Curriculum Vitae and No. 8...................... 59 FR 46439, 09/08/94. Professional Qualifications of Medical
Advisors, and Resumes of Vocational
Experts.
600038Employee Building Pass Files... No. 7...................... 59 FR 46439, 09/08/94. 600040Quality Review System.......... No. 14..................... 65 FR 46997, 08/01/00. 600042Quality Review Case Files...... No. 14..................... 65 FR 46997, 08/01/00. 600044National Disability No. 11..................... 71 FR 11810, 01/11/06. Determination Services.
600045Black Lung Payment System...... No. 14..................... 68 FR 15784, 04/01/03. 600046Disability Determination No. 7...................... 71 FR 1812, 01/11/06. Service Consultant's File.
600050Completed Determination Record No. 10..................... 71 FR 1814, 01/11/06. Continuing Disability Determinations.
600057Quality Evaluation Data Records No. 6...................... 65 FR 46997, 08/01/00. 600058Master Files of Social Security No. 42..................... 71 FR 1818, 01/11/06. Number Holders and SSN Applications.
600063Resource Accounting System..... No. 6...................... 59 FR 46439, 09/08/94. 600077Congressional Inquiry File..... No. 7...................... 71 FR 1823, 01/11/06. 600078Public Inquiry Correspondence No. 8...................... 71 FR 1825, 01/11/06. File.
600089Claims Folders System.......... No. 36..................... 71 FR 1829, 01/11/06. 600090Master Beneficiary Record...... No. 38..................... 71 FR 1829, 01/11/06. 600094Recovery of Overpayments, No. 9...................... 70 FR 49354, 08/23/05. Accounting and Reporting.
600103Supplemental Security Income No. 37..................... 71 FR 1829, 01/11/06. Record.
600118NonContributory Military No. 6...................... 71 FR 18334, 01/11/06. Service Reimbursement System.
600159Continuous Work History Sample No. 5...................... 65 FR 46997, 08/01/00. (Statistics).
600186SSA Litigation Tracking System No. 6...................... 70 FR 60383, 10/17/05. New Routine Use No..
600196Disability Studies, Surveys, No. 4...................... 65 FR 46997, 08/01/00. Records and Extracts (Statistics).
600199Extramural Surveys (Statistics) No. 4...................... 71 FR 1835, 01/11/06. 600200Retirement and Survivors No. 4...................... 65 FR 46997, 08/01/00. Studies, Surveys, Records and Extracts
(Statistics).
600202Old Age, Survivors and No. 5...................... 69 FR 11693, 03/11/04. Disability Beneficiary and Worker
Records and Extracts (Statistics).
600203Supplemental Security Income No. 5...................... 65 FR 46997, 08/01/00. Studies, Surveys, Records and Extracts
(Statistics).
600210Record of Individuals No. 7...................... 59 FR 46439, 09/08/94. Authorized Entry to Secured Automated
Data Processing Area.
600211Beneficiary, Family and No. 5...................... 69 FR 11693, 03/11/04. Household Surveys, Records and Extracts
System (Statistics).
600213Quality Review of Hearing/ No. 7...................... 65 FR 46997, 08/01/00. Appellate Process.
600214Personal Identification Number No. 5...................... 59 FR 46441, 09/08/94. File (PINFile).
600218Disability Insurance and No. 7...................... 71 FR 1837, 01/11/06. Supplemental Security Income
Demonstration Projects and Experiments
System.
600219Representative Disqualification/ No. 8...................... 71 FR 1839, 01/11/06. Suspension Information System.
600220Kentucky Birth Records System.. No. 5...................... 59 FR 46439, 09/08/94. 600221Vocational Rehabilitation No. 10..................... 71 FR 1841, 01/11/06. Reimbursement Case Processing System.
600222Master Representative Payee No. 18..................... 71 FR 5399, 02/01/06. File.
600224SSAInitiated Personal Earnings No. 7...................... 59 FR 54004, 10/27/94. and Benefit Estimate Statement
(SIPEBES) History File.
600225SSA Initiated Personal Earnings No. 6...................... 59 FR 54004, 10/27/94. and Benefit Estimate Statement Address
System for Certain Territories.
600228Safety Management Information No. 7...................... 71 FR 1844, 01/11/06. System (SSA Accident, Injury and
Illness Reporting System).
600230Social Security Administration No. 5...................... 71 FR 1846, 01/11/06. Parking Management Record System.
600231Financial Transactions of SSA No. 19..................... 71 FR 1847, 01/11/06. Accounting and Finance Offices.
600232Central Registry of Individuals No. 11..................... 71 FR 1849, 01/11/06. Doing Business With SSA (Vendor File).
600234Employee Assistance Program No. 7...................... 71 FR 1850, 01/11/06. (EAP) Records.
600236Employee Development Program No. 13..................... 71 FR 1853, 01/11/06. Records.
600237Employees' Medical Records..... No. 8...................... 71 FR 1854, 01/11/06. 600238Pay, Leave and Attendance No. 25..................... 71 FR 1856, 01/11/06. Records.
600239Personnel Records in Operating No. 17..................... 71 FR 1859, 01/11/06. Offices.
600241Employee Suggestion Program No. 6...................... 71 FR 1861, 01/11/06. Records New Routine Uses.
600244Administrative Grievances Filed No. 19..................... 71 FR 1862, 01/11/06. Under Part 771 of 5 CFR.
600245Negotiated Grievance Procedure No. 21..................... 71 FR 1864, 01/11/06. Records.
600250Equal Employment Opportunity No. 13..................... 71 FR 1866, 01/11/06. (EEO) Counselor and Investigator
Personnel Records.
600255Plans for Achieving Self No. 19..................... 71 FR 1867, 01/11/06. Support (PASS) Management Information
System.
600259Claims Under the Federal Tort No. 8...................... 71 FR 1869, 01/11/06. Claims Act and Military Personnel and
Civilian Employees' Claim Act.
600262Attorney Applicant Files....... No. 7...................... 71 FR 1871, 01/11/06. 600268Medicare Part B BuyIn No. 9...................... 64 FR 10173, 03/02/99. Information System.
600269Prisoner Update Processing No. 12..................... 64 FR 11076, 03/08/99. System (PUPS).
600270Records of Individuals No. 5...................... 65 FR 77953, 12/13/00. Authorized Entry into Secured Areas by
Digital Lock Systems, Electronic Key
Card Systems or Other Electronic Access
Devices.
[[Page 69725]]
600273Social Security Title VIII No. 15..................... 65 FR 13803, 03/14/00. Special Veterans Benefits Claims
Development and Management Information
System.
600274Litigation Docket and Tracking No. 11..................... 71 FR 1872, 01/11/06. System.
600275Civil Rights Complaints Filed No. 9...................... 71 FR 1874, 01/11/06. by Members of the Public.
600276Social Security No. 6...................... 65 FR 48272, 08/07/00. Administration's (SSA's) Talking and
Listening to Customers (TLC).
600279Social Security No. 7...................... 65 FR 49047, 08/10/00. Administration's (SSA's) Mandate
Against Red Tape (SMART).
600280SSA Administrative Sanctions... No. 6...................... 65 FR 54595, 09/08/00. 600290Social Security No. 7...................... 71 FR 1874, 01/11/06. Administration's Customer PIN/Password
(PPW) Master File System.
600295TickettoWork and Self No. 8...................... 66 FR 17985, 04/04/01. Sufficiency Program Payment Database.
600300TickettoWork Program Manager No. 8...................... 66 FR 32656, 06/15/01. (PM) Management Information System.
600305SSA Mass Transportation Subsidy No. 12..................... 67 FR 44658, 07/03/02. Program System.
600310Medicare Savings Programs No. 8...................... 69 FR 17019, 03/31/04. Information System.
600315Reasonable Accommodation for No. 11..................... 70 FR 62157, 10/28/05. Persons with Disabilities (RAPD).
600318Representative Payee/Misuse No. 8...................... 70 FR 12774, 3/15/05. Restitution Control System (RP/MRCS).
600320Electronic Disability Claim No. 31..................... 68 FR 71210, 12/22/03. File (eDib).
600321Medicare Part D and Part D No. 17..................... 69 FR 77816, 12/28/04. Subsidy File.
600328National Docketing Management No. 16..................... 70 FR 34515, 06/14/05. Information System (NDMIS).
600330eWork.......................... No. 10..................... 68 FR 54037, 09/15/03. 600340eFOIA.......................... No. 11..................... 70 FR 3571, 01/25/03. 600350Visitor Intake Process/Customer No. 9...................... 70 FR 59795, 10/13/05. Service Record (VIP/CSR) System.
600355The NonAttorney Representative No. 11..................... 69 FR 77823, 12/28/04. Prerequisites Process File (NARPPF).
600361Identity Management System No. 15..................... 71 FR 213, 11/03/06. (IDMS).
600370The Representative Payee and No. 6...................... 71 FR 16399, 3/31/06. Beneficiary Survey Data System.

We are not republishing in their entirety the notices of the systems of records to which we are adding the proposed new routine use disclosures. Instead, we are republishing only the identification number, the name of the system of record, the number of the new routine use and the issue of the Federal Register in which the system notice was last published, including the publication date and page number. II. Compatibility of Proposed Routine Use

As mandated by OMB, as recommended by the President's Identity Theft Task Force, and in accordance with the Privacy Act (5 U.S.C. 552a(a)(7) and (b)(3)) and our disclosure regulation (20 CFR part 401), we are permitted to release information under a published routine use for a purpose that is compatible with the purpose for which we collected the information. Section 401.120 of our regulations provides that we will disclose information required by law. Since OMB has mandated the publication of this routine use, the proposed routine use is appropriate and meets the relevant statutory and regulatory criteria. In addition, disclosures to other agencies, entities and persons when needed to respond to an unintentional release are compatible with the reasons we collect the information, as helping to prevent and minimize the potential for harm is consistent with taking appropriate steps to protect information entrusted to us. See 5 U.S.C. 552a(e)(10).
III. Effect of the Proposed Routine Use Disclosure on the Rights of Individuals

The proposed routine use would serve to protect the interests of the people whose information is at risk. We would achieve this protection by taking appropriate steps to facilitate a timely and effective response to a security breach of our data, thereby improving our ability to prevent, minimize, or remedy any harm that may result from a compromise of data maintained in our systems of records. We do not anticipate that the proposed new routine use will have any unwarranted adverse effect on the rights of individuals about whom data will be disclosed.

Dated: November 13, 2007.
Michael J. Astrue,
Commissioner.
[FR Doc. E723875 Filed 12707; 8:45 am]
BILLING CODE 419102P

FOR FURTHER INFORMATION CONTACT Ms. Margo Wagner, Social Insurance Specialist, Disclosure Policy Development and Services Division 2, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, Room 3A6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 212356401, telephone: (410) 9651482, email: margo.wagner@ssa.gov or Mr. Neil Etter, Social Insurance Specialist, Disclosure Policy Development and Services Division 1, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, Room 3A6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 212356401, telephone: (410) 9658028, email: neil.etter@ssa.gov.