Old Age, Survivors and Disability Beneficiary and Worker Records and Extracts (Statistics), SSA/ORES

Effective Date: March 11, 2004 
(69 F.R. 11693)


System number: 60-0202

System name: 

Old Age, Survivors and Disability Beneficiary and Worker Records and Extracts (Statistics), SSA/ORES

Security classification: 


System location: 

Social Security Administration 
Office of Research, Evaluation and Statistics 
6401 Security Boulevard  
Baltimore, Maryland  21235 

Contractor sites: 

Addresses may be obtained by writing to the system manager at the address below.

Categories of individuals covered by the system: 

Groups of applicants for and recipients of Old-Age, Survivors and Disability Insurance (OASDI) and Black Lung benefits or their representative payees; persons with taxable earnings; persons issued SSNs.  Most files are samples of selected subgroups.

Categories of records in the system: 

Socioeconomic, demographic, medical and disability characteristics, earnings, employment history, income‑maintenance and health‑care benefits, disallowances, or custody and use of medical and rehabilitative services.

Authority for maintenance of the system: 

Section 1110 of the Social Security Act (42 U.S.C § 1310).


The purpose of this system is to obtain research and statistical information about Social Security workers and beneficiaries for use in various research and publication projects.  A one percent sample file is used to improve the timeliness and topical coverage of OASDI statistics.  Without identifiers, it is used for analysis by SSA's Office of the Actuary and the Congressional Budget Office.

Statistical tables and analyses are prepared for various government agencies and for the public covering program data and racial distribution of selected population segments. 

Routine uses of records maintained in the system, including categories of users and the purposes of such uses: 

Disclosure may be made for routine uses as indicated below:

1. To a congressional office in response to an inquiry from that office made at the request of the subject of a record.

2. To a contractor under contract to SSA, or under contract to another agency with funds provided by SSA, for the performance of research and statistical activities directly related to this system of records.

3.  Non-tax return information which is not restricted from disclosure by Federal law may be disclosed to the General Services Administration (GSA) and the National Archives and Records Administration (NARA) for the purpose of conducting records management studies with respect to their duties and responsibilities under 44 U.S.C. § 2904 and § 2906, as amended by NARA Act of 1984.

4.  Disclosure may be made to a Federal, State, or congressional support agency (e.g., Congressional Budget Office and the Congressional Research Staff in the Library of Congress) for research, evaluation, or statistical studies.  Such disclosures include, but are not limited to, release of information in assessing the extent to which one can predict eligibility for Supplemental Security Income (SSI) payments or Social Security disability insurance (SSDI) benefits; examining the distribution of Social Security benefits by economic and demographic groups and how these differences might be affected by possible changes in policy; analyzing the interaction of economic and non-economic variables affecting entry and exit events and duration in the Title II Old Age, Survivors, and Disability Insurance and the Title XVI SSI disability programs; and analyzing retirement decisions focusing on the role of Social Security benefit amounts, automatic benefit recomputation, the delayed retirement credit, and the retirement test, if SSA:

a.      Determines that the routine use does not violate legal limitations under which the record was provided, collected, or obtained;

b.      Determines that the purpose for which the proposed use is to be made:

(i)                 Cannot reasonably be accomplished unless the record is provided in a form that identifies individuals;

(ii)               Is of sufficient importance to warrant the effect on, or risk to, the privacy of the individual which such limited additional exposure of the record might bring;

(iii)             There is reasonable probability that the objective of the use would be accomplished;

(iv)             Is of importance to the Social Security program or the Social Security beneficiaries or is for an epidemiological research project that relates to the Social Security program or beneficiaries;

c.      Requires the recipient of information to:

(i)                 Establish appropriate administrative, technical, and physical safeguards to prevent unauthorized use or disclosure of the record and agree to on-site inspection by SSA’s personnel, its agents, or by independent agents of the recipient agency of those safeguards;

(ii)               Remove or destroy the information that enables the individual to be identified at the earliest time at which removal or destruction can be accomplished consistent with the purpose of the project, unless the recipient receives written authorization from SSA that it is justified, based on research objectives, for retaining such information;

(iii)             Make no further use of the records except:

(a)   Under emergency circumstances affecting the health and safety of any   individual following written authorization from SSA;

(b)   For disclosure to an identified person approved by SSA for the purpose of auditing the research project;

(iv)             Keep the data as a system of statistical records.  A statistical record is one which is maintained only for statistical and research purposes and which is not used to make any determination about an individual;

d.    Secures a written statement by the recipient of the information attesting to the recipient’s understanding of, and willingness to abide by, these provisions.

        5.  We may disclose information to appropriate Federal, State, and local agencies, entities, and persons when (1) we suspect or confirm that the security or confidentiality of information in this system of records has been compromised; (2) we determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs of SSA that rely upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. SSA will use this routine use to respond only to those incidents involving an unintentional release of its records.

Policies and practices for storing, retrieving, accessing, retaining and disposing of records in the system:


Data may be stored in paper form (e.g., hardcopy questionnaires and computer printouts) and in magnetic media (e.g., magnetic tape).


Files are indexed and retrieved by SSN.


Safeguards are established in accordance with the Systems Security Handbook.  Employees having access to records have been notified of criminal sanctions for unauthorized disclosure of information about individual.

Magnetic tapes or other files with personal identifiers are retained in secured storage areas accessible only to authorized personnel. 

Microdata files prepared for purposes of research and analysis are purged of personal identifiers and are subject to procedural safeguards to assure anonymity.  (See Appendix G to this publication for additional information relating to safeguards SSA employs to protect personal information.)

Retention and disposal: 

Records with identifiers will be held in secure storage areas and will be disposed of as soon as they are determined to be no longer needed for SSA analysis.  Means of disposal will be appropriate to the record storage medium; e.g., erasure of tapes, shredding of printouts, etc.

As long as identifiable records exist, a periodic review will be made at least every 2 years to determine the need for their retention.

System manager(s) and address: 

Associate Commissioner 
Office of Research, Evaluation and Statistics 
Social Security Administration 
6401 Security Boulevard 
Baltimore, Maryland 21235

Notification procedure: 

This system contains limited data selected for statistical analysis.  Individuals inquiring about their records in SSA programs should consult other SSA systems of records which contain more detailed information. 

An individual can determine if this system contains a record about him/her by writing to the systems manager(s) at the above address and providing his/her name, SSN or other information that may be in the system of records that will identify him/her.  An individual requesting notification of records in person should provide the same information, as well as provide an identity document, preferably with a photograph, such as a driver’s license or some other means of identification, such as a voter registration card, credit card, etc.  If an individual does not have any identification documents sufficient to establish his/her identity, the individual must certify in writing that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.

If notification is requested by telephone, an individual must verify his/her identity by providing identifying information that parallels the record to which notification is being requested.  If it is determined that the identifying information provided by telephone is insufficient, the individual will be required to submit a request in writing or in person.  If an individual is requesting information by telephone on behalf of another individual, the subject individual must be connected with SSA and the requesting individual in the same phone call.  SSA will establish the subject individual’s identity (his/her name, SSN, address, date of birth and place of birth along with one other piece of information such as mother’s maiden name) and ask for his/her consent in providing information to the requesting individual.

If a request for notification is submitted by mail, an individual must include a notarized statement to SSA to verify his/her identity or must certify in the request that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.  These procedures are in accordance with SSA Regulations (20 CFR § 401.40).

Record access procedures: 

Same as notification procedures. Requesters should also reasonably specify the record contents being sought.  These procedures are in accordance with SSA Regulations (20 CFR 401.40(c)).

Contesting record procedures: 

Same as notification procedures. Requesters should also reasonably identify the record, specify the information they are contesting and state the corrective action sought and the reasons for the correction with supporting justification showing how the record is incomplete, untimely, inaccurate or irrevelant.  These procedures are in accordance with SSA Regulations (20 CFR 401.65(a)).

Record source categories:  

Records are derived from other SSA systems; e.g., Earnings Record (60-0059) and MBR (60‑0090); other SSA records related to earnings/applications for or payment of benefits; (for selected employers) lists of persons working in covered employment and from the HCFA Health Insurance Master Record (09‑70‑0502).  For projects performed for outside requesters under reimbursement contracts, records are furnished by the requester.

Systems exempted from certain provisions of the Privacy Act: