Social Security Administration's Customer PIN/Password (PPW) Master File System, Social Security Administration, Deputy Commissioner for Disability and Income Security Programs
Effective Date: January 11, 2006
(71 F.R. 1876)
SOCIAL SECURITY ADMINISTRATION NOTICE OF SYSTEM OF RECORDS REQUIRED BY THE PRIVACY ACT OF 1974
SYSTEM NUMBER: 60-0290
Social Security Administration's Customer PIN/Password (PPW) Master File System, Social Security Administration, Deputy Commissioner for Disability and Income Security Programs.
Social Security Administration
Office of Systems
Categories of Individuals covered by the system:
All Social Security Administration (SSA) customers (applicants, beneficiaries and other customers) who elect to conduct transactions with SSA in an electronic business environment that requires the PPW infrastructure. This may include customers who elect to block PPW access to SSA electronic transactions by requesting SSA to disable their PPW capabilities.
Categories of records in the system:
The information maintained in this system of records is collected from customers who elect to conduct transactions with SSA in an electronic business environment that requires the PPW infrastructure. The information maintained includes identifying information such as the customer's name, Social Security number (SSN) (which functions as the individual's personal identification number (PIN) and mailing address. The system also maintains the customer's Password Request Code (PRC), the password itself and the authorization level and associated data (e.g., effective date of authorization).
We also maintain transactional data elements necessary to administer and maintain the PPW infrastructure. These include access profile information such as blocked PINs, failed access data, effective date of password and other data linked to the required authentication processes for Internet and automated telephone system applications. The information on this system may also include archived transaction data and historical data.
SSA will also use the data in the proposed system for management information purposes in order to effectively administer the PPW infrastructure used to conduct electronic business with SSA customers. Because we will maintain and retrieve data from the proposed system of records by the customer's SSN (which acts as the individual's PIN), the database will constitute a "system of records'' under the Privacy Act.
Authority for maintenance of the system:
Section 205(a) of the Social Security Act (42 U.S.C. 405), 5 U.S.C. 552a(e)(10), and the Government Paperwork Elimination Act.
The Customer PPW Master File System maintains information collected for use in connection with SSA's implementation of a PIN/Password system that allows Social Security program applicants, beneficiaries, and other customers to conduct business with SSA in an electronic business environment. The system of records is designed to permit entry and retrieval of information associated with maintaining a PPW infrastructure that supports SSA's electronic initiatives requiring a PPW entry process.
Routine uses of records maintained in the system, including categories of users and the purposes of such uses:
Disclosure may be made for routine uses as indicated below:
1. To the Office of the President for the purpose of responding to an individual pursuant to an inquiry received from that individual or from a third party on his or her behalf.
2. To a congressional office in response to an inquiry from that office made at the request of the subject of a record.
3. To the Department of Justice (DOJ), a court or other tribunal or another party before such tribunal when:
(a) The Social Security Administration (SSA), or any component thereof; or
(b) Any SSA employee in his/her official capacity; or
(c) Any SSA employee in his/her individual capacity where DOJ (or SSA where it is authorized to do so) has agreed to represent the employee; or
(d) The United States or any agency thereof where SSA determines that the litigation is likely to affect the operations of SSA or any of its components, is a party to the litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court or other tribunal, or another party before such tribunal, is relevant and
necessary to the litigation, provided, however, that in each case, SSA determines that such disclosure is compatible with the purpose for which the records were collected.
4. To contractors and other Federal agencies, as necessary, for the purpose of assisting the Social Security Administration (SSA) in the efficient administration of its programs. We will disclose information under this routine use only in situations in which SSA may enter into a contractual or similar agreement with a third party to assist in accomplishing an agency functions relating to this system of records.
5. To the General Services Administration and the National Archives Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by the NARA Act of 1984, information which is not restricted from disclosure by Federal law for the use of those agencies in conducting records management studies.
6. To the Secretary of Health and Human Services or to any State, the Commissioner shall disclose any record or information requested in writing by the Secretary for the purpose of administering any program administered by the Secretary, if records or information of such type were so disclosed under applicable rules, regulations and procedures in effect before the date of enactment of the Social Security Independence and Program Improvements Act of 1994.
7. We may disclose information to appropriate Federal, State, and local agencies, entities, and persons when (1) we suspect or confirm that the security or confidentiality of information in this system of records has been compromised; (2) we determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs of SSA that rely upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. SSA will use this routine use to respond only to those incidents involving an unintentional release of its records.
Policies and practices for storing, retrieving, accessing, retaining and disposing of records in the system:
Data are stored in electronic and paper form.
Records in this system are indexed and retrieved by SSN (which acts as the individual's PIN).
Security measures include computer firewall technology, data encryption and other systems security measures to ensure that the PPW system is protected from inappropriate access. The existing SSA firewall architecture ensures that customers are limited only to electronic transactions the Agency determines and will not be able to access SSA's other systems or data.
Security measures also include the use of access codes to enter the database and storage of the electronic records in secured areas which are accessible only to employees who require the information in performing their official duties. The paper records that result from the data base site are kept in locked cabinets or in otherwise secure areas. Contractor personnel having access to data in the system of records are required to adhere to SSA rules concerning safeguards, access, and use of, the data. SSA personnel having access to the data on this system are informed of the criminal penalties of the Privacy Act for unauthorized access to or disclosure of information maintained in this system of records. Access for additional information relating to SSA data security measures.
Retention and disposal:
PPW information maintained in this system is retained until notification of the death of the account holder plus seven years. Means of disposal is appropriate to storage medium (e.g., deletion of individual records from the data base when appropriate or shredding of paper records that are produced from the system).
System manager(s) and address(es):
Social Security Administration
Office of Income Security Programs
An individual can determine if this system contains a record about him/her by writing to the system manager at the above address and providing his/her name, SSN or other information that may be in the system of records that will identify him/her. An individual requesting notification of records in person should provide the same information, as well as provide an identity document, preferably with a photograph, such as a driver's license or some other means of identification. If an individual does not have any identification document sufficient to establish his/her identity, the individual must certify in writing that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.
If notification is requested by telephone, an individual must verify his/her identity by providing identifying information that parallels information in the record to which notification is being requested. If it is determined that the identifying information provided by telephone is insufficient, the individual will be required to submit a request in writing or in person. If an individual is requesting information by telephone on behalf of another individual, the subject individual must be connected with SSA and the requesting individual in the same phone call. SSA will establish the subject individual's identity (his/her name, SSN, address, date of birth and place of birth, along with one other piece of information, such as mother's maiden name) and ask for his/her permission in providing access by telephone to the requesting individual.
If a request for notification is submitted by mail, an individual must include a notarized statement to SSA to verify his/her identity or must certify in the request that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense. These procedures are in accordance with SSA Regulations (20 CFR 401.40(c).)
Record access procedures:
Same as Notification procedures. Requesters should also reasonably specify the record contents being sought. These procedures are in accordance with SSA Regulations (20 CFR 401.40(c)).
Contesting record procedures:
Same as Notification procedures. Requesters should also reasonably identify the record, specify the information they are contesting and the corrective action sought, and the reasons for the correction, with supporting justification showing how the record is untimely, incomplete, inaccurate, or irrelevant. These procedures are in accordance with SSA Regulations (20 CFR 401.65(a)).
Record source categories:
Data for the system are obtained primarily from the individuals to whom the record pertains.
Systems exempted from certain provisions of the Privacy Act: