Prisoner Update Processing System (PUPS), SSA/OPB

Effective Date: March 8, 1999 
(64 F.R. 11076)

System number:  60-0269

System Name: 

Prisoner Update Processing System (PUPS), SSA/OPB

Security Classification:


System Location: 

Social Security Administration 
Office of Systems Operations 
6401 Security Boulevard 
Baltimore, MD  21235

Categories of individuals covered by the system:  

Persons reported to the Social Security Administration, under Privacy Act computer matching agreements as well as certain informal reporting arrangements, as confined in certain institutions.   Certain data regarding confined individuals is reported to SSA under agreements which are, along with any information exchanged pursuant to the agreements, wholly exempt from the Privacy Act's requirements.  See section 1611(e)(1)(I) of the Social Security Act (Act), 42 U.S.C. 1386(e)(i)(I).  The records in the system will  include those of individuals reported by jails, prisons, other penal institutions or correctional facilities, certain mental health institutions and various third parties, including media sources.   The records included will be those of Retirement, Survivors, or Disability Insurance (RSDI) and Supplemental Security Income (SSI) beneficiaries, as well as non-beneficiaries who may have claims in some stage of SSA's adjudicative process.

Categories of records in the system: 

PUPS will contain all identifying information requested by SSA and supplied by the reporting source, including the individual's name, Social Security number, date of birth, sex, date of conviction, date of confinement, release date, inmate status code, and such other information as may be supplied or acquired during the benefit suspension or reinstatement process.

Authority for maintenance of the system: 

Sections 202(x)(1) and 1611(e)(1) of the Act.


PUPS will record inmate information in support of the above cited provisions mandating nonpayment of RSDI and SSI benefits to certain confined individuals.  All information on the system will be maintained under each affected individual's Social Security number.  The PUPS system will expedite the handling of inmate reports in SSA field offices, and provide a control mechanism for any inmate or confinement alerts generated by SSA's computer matching programs or by informal reports to SSA regarding an individual's confinement.  It will facilitate the suspension of benefits to appropriate individuals, and the reinstatement of benefits to beneficiaries when such individuals are released from confinement.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses: 

Disclosure may be made for routine uses as indicated below:

1.   Disclosure to third-party contacts in situations where the party to be contacted has, or is expected to have, information relating to the individual's eligibility for, or entitlement to, benefits under a Social Security program when the data are needed to establish the validity of evidence or to verify the accuracy of information presented by the individual, and it concerns one or more of the following:

                (a) his or her eligibility for benefits under a Social Security program;

                (b) the amount of his or her benefit payment;

(c)  any case in which the evidence is being reviewed as a result of suspected fraud, concern for program integrity, quality appraisal, or evaluation and measurement activities.

2.   Disclosure to third-party contacts where necessary to establish or verify information presented by representative payees or payee applicants.

3.   Disclosure to the Department of Justice (DOJ) for:

(a) investigating and prosecuting violations of the Act to which criminal penalties attach;

                (b) representing the Commissioner of Social Security;

(c) investigating issues of fraud by agency officers or employees, or violations of civil rights.

4.   Disclosure to the Office of the President for the purpose of responding to an individual pursuant to an inquiry received from that individual or from a third party on his/her behalf.

5.   Disclosure to a congressional office in response to an inquiry from that office made at the request of the subject of a record.

6.   Disclosure in response to legal process or interrogatories relating to the enforcement of an individual's child support or alimony obligations, as required under sections 459 and 461 of the Act.

7.   Disclosure to Federal, State, or local agencies, (or agents on their behalf) for administering income-maintenance or health-maintenance programs (including programs under the Act).

8.   Disclosure to third-party contacts (including private collection agencies under contract to SSA) for the purpose of assisting SSA in recovering overpayments.

9.   Disclosure to contractors and other Federal agencies, as necessary, for the purpose of assisting SSA in the efficient administration of its programs.

10.  Disclosure to DOJ, a court or other tribunal, or other third party before such tribunal when:

                (a) SSA, or any component thereof; or

                (b) Any SSA employee in his/her official capacity; or

(c)  Any SSA employee in his/her individual capacity where DOJ (or SSA where it is authorized to do so) has agreed to represent the employee; or

(d) the United States or any agency thereof where SSA determines that the litigation is likely to affect the operations of SSA or any of its components;

        is a party to litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, the court or other tribunal is relevant and necessary to the litigation, provided, however, that in each case, SSA determines that such disclosure is compatible with the purpose for which the records were collected.

11.                    Non-tax return information which is not restricted from disclosure by federal law may be disclosed to the General Services Administration (GSA) and the National Archives and Records Management (NARA) under 44 U.S.C. § 2904 and § 2906, as amended by NARA Act of 1984, for the use of those agencies in conducting records management studies.

12.  We may disclose information to appropriate Federal, State, and local agencies, entities, and persons when (1) we suspect or confirm that the security or confidentiality of information in this system of records has been compromised; (2) we determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs of SSA that rely upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. SSA will use this routine use to respond only to those incidents involving an unintentional release of its records.

Policies and practices for storing, retrieving, accessing, retaining and disposing of records in the system:


Records are stored in magnetic media (e.g., magnetic tape and magnetic diskette).


Records in this system are indexed and retrieved by SSN.


Security measures include the use of access codes to enter the computer system which will maintain the data, and storage of the computerized records in secured areas which are accessible only to employees who require the information in performing their official duties.  SSA personnel who have access to the data will be informed of the criminal penalties of the Privacy Act for unauthorized access to or disclosure of information maintained in this system.  For records electronically transmitted between SSA's central office and field office locations, safeguards include a lock/unlock password system, exclusive use of leased telephone lines, a terminal oriented transaction matrix and secured printers.

Retention and disposal: 

SSA will retain PUPS records for the period of time required for any processing related to the relevant data exchange and then, within 12 months, will either return the records to the source or destroy the records, unless the records must be retained in individual claim folders for documentation purposes and/or to meet evidentiary requirements.  In that instance, the records eventually will be retired to the Federal Records Center and destroyed, in accordance with the applicable Federal Records Retention Schedule (44 U.S.C. 3303a) and any other relevant standards established by SSA and the National Archives and Records Administration.

System manager and address: 

Division of Payment Policy 
Office of Program Benefits 
Social Security Administration 
6401 Security Boulevard 
Baltimore, Maryland  21235

Notification procedure:

An individual can determine if this system contains a record about him/her by writing to the systems manager(s) at the above address and providing his/her name, SSN or other information that may be in the system of records that will identify him/her.  An individual requesting notification of records in person should provide the same information, as well as provide an identity document, preferably with a photograph, such as a driver’s license or some other means of identification, such as a voter registration card, credit card, etc.  If an individual does not have any identification documents sufficient to establish his/her identity, the individual must certify in writing that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.

If notification is requested by telephone, an individual must verify his/her identity by providing identifying information that parallels the record to which notification is being requested.  If it is determined that the identifying information provided by telephone is insufficient, the individual will be required to submit a request in writing or in person.  If an individual is requesting information by telephone on behalf of another individual, the subject individual must be connected with SSA and the requesting individual in the same phone call.  SSA will establish the subject individual’s identity (his/her name, SSN, address, date of birth and place of birth along with one other piece of information such as mother’s maiden name) and ask for his/her consent in providing information to the requesting individual.

If a request for notification is submitted by mail, an individual must include a notarized statement to SSA to verify his/her identity or must certify in the request that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.  These procedures are in accordance with SSA Regulations (20 CFR § 401.40).

Record access procedures:  

Same as notification procedures.  Requesters should also reasonably specify the record contents being sought.  These procedures are in accordance with SSA Regulations 20 CFR Section 401.45.

Contesting record procedures: 

Same as notification procedures.  Requesters should also reasonably identify the record, specify the information they are contesting and state the corrective action sought and the reasons for the correction with supporting justification showing their reasons for believing that the record should be amended.  These procedures are in accordance with SSA Regulations 20 CFR Section 401.65.

Record source categories: 

Data for the PUPS are secured primarily from various facilities with which SSA has appropriate arrangements for reporting of such information including jails, prisons, other penal institutions or correctional facilities, departments or divisions of corrections or correctional services, and certain mental health facilities.  Data is also reported by individuals and certain other third party sources, such as news media, etc.

Systems exempted from certain provisions of the Privacy Act: