Death Alert Control and Update System
· Name of project.
Death Alert Control and Update System
· Unique project identifier.
· Privacy Impact Assessment Contact.Director
Division of Enumeration and Death Alerts
Office of Earnings, Enumeration and Administrative Systems
Social Security Administration
6401 Security Boulevard
Baltimore, MD 21235
· Describe the information to be collected, why the information is being collected, the intended use of the information and with whom the information will be shared.
The Death Alert Control and Update System (DACUS) is a Social Security Administration certified and accredited General Support System that consists of sub-systems that compare death records we receive to the Title II (Retirement, Survivors, Disability Insurance) program’s Master Beneficiary Record (MBR) and the Title XVI (Supplemental Security Income) program’s Supplemental Security Record (SSR). This allows us to identify and prevent erroneous payments after death. We receive death records from external sources, such as the State Bureaus of Vital Statistics (both their electronic death registration (EDR) and non-EDR records), and from internal sources, such as our Daily Update Data Exchange program, which records reports of death from sources other than the States. DACUS collects the names, Social Security numbers (SSN), and dates and places of death from the death records. If conflicting payment or death data is found, and the death report is not a State EDR record, DACUS generates an alert to the appropriate SSA field office for investigation. If the record is a State EDR record, it has been verified, and thus notification is sent to the MBR and SSR so that the appropriate action can be taken by those systems. If no conflicting payment or death data is found, or when conflicts are resolved, death data is sent to the Social Security Number Establishment and Correction system for posting to the NUMIDENT master file.
We disclose the information maintained in this system only as necessary to ensure the payments to individuals end at death, or as authorized by Federal law (e.g., we share information with the Department of Veterans Affairs to administer its programs that are similar to SSA programs). DACUS is not accessible to members of the public.
· Describe the administrative and technological controls that are in place or that are planned to secure the information being collected.
DACUS has undergone authentication and security risk analyses. The latter includes an evaluation of security and audit controls proven to be effective in protecting the information collected, stored, processed, and transmitted by our information systems. These include technical, management, and operational controls that permit access to those users who have an official “need to know.” Audit mechanisms are in place to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.
We protect the information in DACUS by requiring employees who are authorized to access the information system to use a unique Personal Identification Number. In addition, we store the computerized records in secure areas that are accessible to those employees who require the information to perform their official duties. Furthermore, all of our employees who have access to our information systems that maintain personal information must sign a sanction document annually that acknowledges penalties for unauthorized access to, or disclosure of, such information.
· Describe the impact on individuals’ privacy rights.
Are individuals afforded an opportunity to decline to provide information?
Because these individuals are deceased, the Privacy Act does not apply to our collection and maintenance of these records.
Are individuals afforded an opportunity to consent to only particular uses of the information?
· Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?
DACUS in and of itself
does not require a Privacy Act system of records. DACUS uses information that is
collected and maintained for purposes related to other business processes for
which there are currently Privacy Act systems of records in existence.
For example, identification information about deceased individuals (i.e., names
and SSNs) will be authenticated against data elements covered by system of
records, Master Files of SSN Number
Holders and SSN Applications (60-0058). Benefit payment status used by DACUS is
covered by systems of records, Master
Beneficiary Record (60-0090) and the Supplemental
Security Income Record and Special Veterans Benefits (60-0103).
PIA CONDUCTED BY PRIVACY OFFICER, SSA:
______________________________ September 25, 2007
PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:
/S/ Thomas W. Crawley________ September 28, 2007