Social Security Administration Unified Measurement System

Effective Date: March 3, 2008

73 FR 5619.

SOCIAL SECURITY ADMINISTRATION NOTICE OF SYSTEM OF RECORDS REQUIRED BY THE PRIVACY ACT OF 1974

System number:

    60-0371

System name:

    Social Security Administration Unified Measurement System/

Managerial Cost Accountability (SUMS/MCAS).

Security classification:

    None.

System location:

    Office of Systems, SSA, 6401 Security Boulevard, Baltimore,

Maryland 21235-6401.

Categories of individuals covered by the system:

    SSA employees, individuals who do business with SSA (e.g., Social

Security claimants, beneficiaries, attorney or non-attorney

representatives, and representative payees), the State Disability

Determination Services (DDS) employees and contractors who assist the Agency in administering the Agency's programs.

Categories of records in the system:

    We collect records maintained in SUMS/MCAS for management

information (MI) in administering the Agency's programs to improve

customer service and to produce detailed reports that will assist us in

assessing office, unit, and employee performance. Specifically, it will

contain some or all of the following information about individuals who

do business with SSA: Name, Social Security number (SSN), age, address, and date of birth (DOB), along with other claims related processing information. The system will contain some or all of the following information about our employees, DDS employees, and contractor employees: Name; SSN; personal identification number (PIN); position; function and office codes; access and exit times when logging on any SSA system; and names and locations of the systems (log files).

    The records will consist of information from SSA's mainframe and

web-based computer usage files (log files); payroll and human resource databases; security files including the Internet verification file and Internet enterprise security interface; and programmatic work

measurement data collected from all SSA processing locations.

Authority for Maintenance of the System:

    Section 205(a) of the Social Security Act (42 U.S.C. 405(a)).

    Chief Financial Officers (CFO) Act (1990)--Provides for the

integration and modernization of Federal financial systems and requires development of reporting of cost information.

    Government Performance and Results Act (GPRA) (1993)--GPRA requires development of Agency strategic plans and performance goals, measurement and reporting on actual performance compared to goals, computation of costs and unit costs as key performance indicators, and comparison of costs with outputs and outcomes.

    Government Management Reform Act (GMRA) (1994)--Requires an agency-wide performance and financial statement, an audited statement, and cost information.

    Federal Financial Management Improvement Act (FFMIA) (1996)--

Mandates that agencies establish financial management systems that

comply with Federal standards and requirements. It directs auditors to

report on compliance as part of the review of agency financial

statements.

    Office of Management and Budget (OMB) Standards--Require SSA to implement a modern managerial cost accounting system that satisfies all needs at all managerial decision levels.

Purpose(s):

    SUMS/MCAS includes five interrelated Agency initiatives: (1)

Workload Counts; (2) Performance Measures; (3) Time Allocation; (4)

Customer Service Record; and (5) Managerial Cost Accountability, which will provide a single source for data, collected in a consistent manner to improve the quality, consistency, and accessibility of MI. SUMS/MCAS will enable the Agency to:

     -Improve customer service and enhance the Agency's ability

to monitor customer service;

     -Create a unified work measurement and work power (i.e.,

the amount of time it takes to do one piece of work) identification

system providing simpler access to information for reporting data;

     -Produce detailed reports that will assist us in assessing

office, unit, and employee performance;

    -Consolidate the Agency workload structure and provide data

at any office level, down to a specific employee;

     -Allocate work-time usage information consistently for all

components, workload activities, and the time that it takes to perform work and calculate productivity;

     -Accommodate new workloads in a flexible work-measurement

system by shifting work to locations where capacity exists, improving customer service;

     -Ensure an accurate cost allocation of work performed by

SSA;

     -Manage and account for resources through one uniform

source of MI;

     -Measure outcomes, determine full costs, control resources,

assess performance and provide timely feedback to managers to enhance the Agency's accountability and customer service; and

    - Satisfy government-wide managerial cost accounting

regulations and enable the Agency to link resource expenditures with performance, as required by legislation and other government-wide requirements stated in:

    1. CFO Act of 1990;

    2. GPRA Act of 1993;

    3. GMRA Act of 1994;

    4. FFMIA Act of 1996; and

    5. OMB Standards.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purpose of Such Uses:

    Disclosure may be made for routine uses as indicated below.

    1. To the Office of the President for the purpose of responding to

an individual pursuant to an inquiry received from that individual or

from a third party on his or her behalf.

    2. To a congressional office in response to an inquiry from that

office made at the request of the subject of a record.

    3. To the Department of Justice (DOJ), a court or other tribunal,

or another party before such tribunal when:

    a. SSA, or any component thereof; or

    b. Any SSA employee in his or her official capacity; or

    c. Any SSA employee in his or her individual capacity where DOJ (or

SSA where it is authorized to do so) has agreed to represent the

employee; or

    d. The United States or any agency thereof where SSA determines

that the litigation is likely to affect the operations of SSA or any of its components, is a party to litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court or other tribunal, or another party before such tribunal, is relevant and necessary to the litigation, provided, however, that in each case, SSA determines that such disclosure is compatible with the purpose for which the records were collected.

    4. To the Equal Employment Opportunity Commission when requesting information in connection with investigations into alleged or possible discriminatory practices in the Federal sector, examination of Federal affirmative employment programs, compliance by Federal agencies with the Uniform Guidelines on Employee Selection Procedures, or other functions vested in the Commission.

    5. To the Federal Labor Relations Authority, the General Counsel,

the Federal Mediation and Conciliation Service, the Federal Service

Impasses Panel, or an arbitrator when information is requested in

connection with the investigations of allegations of unfair practices

or of other matters before an arbitrator or the Federal Impasses Panel.

    6. To the Merit Systems Protection Board or the Office of the

Special Counsel in connection with appeals, special studies of the

civil service and other merit systems, review of rules and regulations,

investigation of alleged or possible prohibited personnel practices,

and other such functions promulgated in 5 U.S.C. Chapter 12, or as may be authorized by law.

    7. To contractors and other Federal agencies, as necessary, for the

purpose of assisting SSA in the efficient administration of its

programs. We contemplate disclosing information under this routine use only in situations in which SSA may enter into a contractual or similar agreement with a third party to assist in accomplishing an Agency function relating to this system of records.

    8. To student volunteers, individuals working under a personal

service contract, and other workers who technically do not have the

status of Federal employees, when they are performing work for the SSA, as authorized by law, and they need access to personally identifiable information in SSA records in order to perform their assigned Agency functions.

    9. To General Services Administration and the National Archives and

Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by NARA Act of 1984, information which is not restricted from disclosure by Federal law for the use of those agencies in conducting records management studies.

    10. To Federal, State, and local law enforcement agencies and

private security contractors, as appropriate, information necessary:

          -To enable them to protect the safety of SSA employees and

customers, the security of the SSA workplace, or the operation of SSA facilities, or

          -To assist investigations or prosecutions with respect to

          activities that affect such safety and security or activities that

          disrupt the operation of SSA facilities.

    11. To the Secretary of Health and Human Services or to any State,

we will disclose any record or information requested in writing by the

Secretary for the purpose of administering any program administered by the Secretary, if records or information of such type were so disclosed under applicable rules, regulations, and procedures in effect before the date of enactment of the Social Security Independence and Program Improvements Act of 1994.

    12. To appropriate Federal, State, and local agencies, entities,

and persons when (1) We suspect or confirm that the security or

confidentiality of information in this system of records has been

compromised; (2) we determine that as a result of the suspected or

confirmed compromise there is a risk of harm to economic or property

interests, identity theft or fraud, or harm to the security or

integrity of this system or other systems or programs of SSA that rely

upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and to prevent, minimize, or remedy such harm. We will use this routine use to respond only to those incidents involving an unintentional release of our records.

Policies and Practices for Storing, Retrieving, Accessing, Retaining and Disposing of Records in the System:

Storage:

    We maintain and store records in SUMS/MCAS in electronic and paper form. We keep paper records in locked cabinets or in otherwise secure areas.

Retrievability:

    We retrieve records in SUMS/MCAS by the name, SSN, age, address, and DOB of individuals who do business with SSA (e.g., Social Security claimants, beneficiaries, attorney or non-attorney representatives, and representative payees). We retrieve records in SUMS/MCAS by the name, SSN, PIN, position code, function or office location codes of employees, DDS employees and contractors.

Safeguards:

    Security measures include the use of access codes to enter the

computer system that maintains the data; computerized records will be stored in secured areas that are accessible only to employees who

require the information in performing their official duties. All paper

records will be kept in locked cabinets or in otherwise secure areas.

SSA and DDS employees who have access to the data will be informed of the criminal penalties of the Privacy Act for unauthorized access to or disclosure of information maintained in the system. See 5 U.S.C.

552a(i)(1).

    Contractor personnel having access to data in the system of records

will be required to adhere to SSA rules concerning safeguards, access,

and use of the data.

Retention and Disposal:

    The project will adhere to NARA record retention standards as

outlined in the SUMS/MCAS Global Requirements document. Specific

retention periods follow NC-47-75-7 as shown below:

    (1) Data source extract records housed in the SUMS/MCAS active data warehouse will be retained for 2 full fiscal years plus the current

fiscal year.

    (2) Active detail records and corresponding summary records housed

in the SUMS/MCAS active data warehouse will be retained for 9 full

fiscal years plus the current fiscal year.

    (3) Long term offline archive of summary data housed in the SUMS/

MCAS long term offline archive database will be retained for a total of

50 years or 40 additional years from the time it moves from the active

data warehouse.

    (4) MI housed in the Operational Data Stores (ODS) will be retained

for a maximum of 5 years.

    (5) Reference data housed in reference tables within the active

data warehouse will be maintained in the active data warehouse for 50

years.

System Manager(s) and Address:

    SUMS/MCAS Program Manager, Office of Systems, Social Security

Administration, 6401 Security Boulevard, Baltimore, Maryland 21235-

6401.

Notification Procedure(s):

    An individual may determine if this system contains a record about

him or her by writing to the systems manager(s) at the above address

and providing his or her name, SSN, or other information that may be in the system of records that will identify him or her. An individual

requesting notification of records in person should provide the same

information, as well as provide an identity document, preferably with a

photograph, such as a driver's license, or some other means of

identification. If an individual does not have any identification

documents sufficient to establish his or her identity, the individual

must certify in writing that he or she is the person he or she claims

to be and that he or she understands that the knowing and willful

request for, or acquisition of, a record pertaining to another

individual under false pretenses is a criminal offense.

    If notification is requested by telephone, an individual must

verify his or her identity by providing identifying information that

parallels the record to which notification is being requested. The

individual will be required to submit a request in writing or in

person, if we determine that the identifying information provided by

telephone is insufficient. If an individual is requesting information

by telephone on behalf of another individual, the subject individual

must be connected with SSA and the requesting individual in the same

phone call. SSA will establish the subject individual's identity (his

or her name, SSN, address, date of birth, and place of birth, along

with one other piece of information such as mother's maiden name) and ask for his or her permission to provide the information to the

requesting individual.

    If a request for notification is submitted by mail, an individual

must include a notarized statement to SSA to verify his or her identity

or must certify in the request that he or she is the person he or she

claims to be and that he or she understands that the knowing and

willful request for, or acquisition of, a record pertaining to another

individual under false pretenses is a criminal offense. These

procedures are in accordance with SSA regulations (20 CFR 401.40).

Record Access Procedure(s):

    Same as Notification procedures. Requesters also should reasonably

specify the record contents they are seeking. These procedures are in

accordance with SSA regulations (20 CFR 401.40).

Contesting Record Procedure(s):

    Same as Notification procedures. Requesters should also reasonably

identify the record, specify the information they are contesting, and

state the corrective action sought and the reasons for the correction

with supporting justification showing how the record is untimely,

incomplete, inaccurate, or irrelevant. These procedures are in

accordance with SSA Regulations (20 CFR 401.65).

Record Source Categories:

    The information that SSA will collect and maintain in SUMS/MCAS

will consist of information from SSA's mainframe customer information

control system, system management facility transaction logs, visitor

intake process data extracts, payroll operations data store, position

codes, report office table, Internet verification file, electronic

disability collect system and related applications, customer help and

information programs, Medicare application processing system, Internet enterprise security interface log files, travel manager, processing center, work measurement transaction database, district office weekly report, SSA web-based applications, programmatic processes, and operational data stores.

Systems Exempt from Certain Provisions of the Privacy Act:

    None.