89 FR 250 pgs. 107185-107189 - Privacy Act of 1974; System of Records
Type: NOTICEVolume: 89Number: 250Pages: 107185 - 107189
Pages: 107185, 107186, 107187, 107188, 107189Docket number: [Docket No. SSA-2024-0046]
FR document: [FR Doc. 2024-31131 Filed 12-30-24; 8:45 am]
Agency: Social Security Administration
Official PDF Version: PDF Version
[top]
SOCIAL SECURITY ADMINISTRATION
[Docket No. SSA-2024-0046]
Privacy Act of 1974; System of Records
AGENCY:
Social Security Administration (SSA).
ACTION:
Notice of a modified system of records.
SUMMARY:
In accordance with the Privacy Act of 1974, we are issuing public notice of our intent to modify an existing system of records entitled, Master Files of Social Security Number (SSN) Holders and SSN Applications (60-0058), last published on January 4, 2022. This notice publishes details of the modified system as set forth below under the caption, SUPPLEMENTARY INFORMATION .
DATES:
The system of records notice (SORN) is applicable upon its publication in today's Federal Register , with the exception of the new routine use, which is effective January 30, 2025.
We invite public comment on the routine uses or other aspects of this SORN. In accordance with the Privacy Act of 1974, we are providing the public a 30-day period in which to submit comments. Therefore, please submit any comments by January 30, 2025.
ADDRESSES:
The public, Office of Management and Budget (OMB), and Congress may comment on this publication by writing to the Executive Director, Office of Privacy and Disclosure, Office of the General Counsel, SSA, Room G-401 West High Rise, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, or through the Federal e-Rulemaking Portal at http://www.regulations.gov. Please reference docket number SSA-2024-0046. All comments we receive will be available for public inspection at the above address and we will post them to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT:
Tristin Dorsey, Government Information Specialist, Privacy Implementation Division, Office of Privacy and Disclosure, Office of the General Counsel, SSA, Room G-401 West High Rise, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, telephone: (410) 966-5855, email: OGC.OPD.SORN@ssa.gov.
SUPPLEMENTARY INFORMATION:
[top] We are clarifying the system location to recognize that we may also maintain records in a cloud-based environment. We are revising the categories of individuals covered by the system and routine use No. 14 to incorporate gender-inclusive language, in support of
In addition, we are revising the policies and practices for retention and disposal of records to reflect the accurate retention and disposal schedules. We are modifying the administrative, technical, and physical safeguards for easier reading. We are modifying the notice throughout to correct miscellaneous stylistic formatting and typographical errors of the previously published notice, and to ensure the language reads consistently across multiple systems. We are republishing the entire notice for ease of reference.
In accordance with 5 U.S.C. 552a(r), we have provided a report to OMB and Congress on this modified system of records.
Matthew Ramsey,
Executive Director, Office of Privacy and Disclosure, Office of the General Counsel.
SYSTEM NAME AND NUMBER:
Master Files of Social Security Number (SSN) Holders and SSN Applications (60-0058)
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Social Security Administration, Office of Systems, Office of Systems Operations and Hardware Engineering, Robert M. Ball Building, 6401 Security Boulevard, Baltimore, MD 21235-6401.
Information is also located in additional locations in connection with cloud-based services and as backup for business continuity purposes.
SYSTEM MANAGER(S):
Social Security Administration, Deputy Commissioner for Retirement and Disability Policy, Office of Income Security Programs, 6401 Security Boulevard, Baltimore, MD 21235-6401, (410) 966-5855.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Sections 205(a) and 205(c)(2) of the Social Security Act, as amended.
PURPOSE(S) OF THE SYSTEM:
We use information in this system to assign SSNs and for a number of administrative and program purposes, including but not limited to: for various Old Age, Survivors, and Disability Insurance, Supplemental Security Income, and Medicare/Medicaid claims purposes; as a case control number; as a secondary beneficiary cross-reference control number for enforcement purposes; for verification of individual identity factors; and for other claims purposes related to establishing benefit entitlement. We use information in this system:
• for the general administration of the Social Security Act to ensure the accuracy of enumeration related information in other SSA systems;
• to prevent the processing of an SSN card application for a person whose application we identified was supported by evidence that either:
? we suspect may be fraudulent and we are verifying evidence, or
? we determined to be fraudulent information;
• to record accurate earnings information to the correct individual;
• to prevent issuance of multiple SSNs to a person;
• for resolution of earnings discrepancy cases; and
• for research and statistical activities.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
This system contains a record of each person who has applied for and to whom we have assigned an SSN. This system also contains records of each person who applied for an SSN, but to whom we did not assign one for one of the following reasons: (1) their application was supported by documents that we suspect may be fraudulent and we are verifying the documents with the issuing agency; (2) we have determined the person submitted fraudulent documents; (3) we do not suspect fraud but we need to further verify information the person submitted or we need additional supporting documents; or (4) we have not yet completed processing the application.
CATEGORIES OF RECORDS IN THE SYSTEM:
We collect applications for SSNs. This system contains all of the information we received on the applications for SSNs ( e.g., name, date and place of birth, sex identification, both parents' names, reference number, and alien registration number) and all information obtained during the processing of the SSN request. The system also contains:
• changes in the information on the applications the SSN holders submit;
• information from applications supported by evidence we suspect or determine to be fraudulent, along with the mailing addresses of the persons who filed such applications and descriptions of the documentation they submitted;
• cross-references when multiple numbers have been issued to the same person;
• a form code that identifies the Form SS-5 (Application for a Social Security Card Number) as the application the person used for the initial issuance of an SSN, or for changing the identifying information ( e.g., a code indicating original issuance of the SSN, or that we assigned the person's SSN through our enumeration at birth program);
• a citizenship code that identifies the number holder's status as a U.S. citizen or the work authorization of a non-citizen;
• a special indicator code that identifies types of questionable data or special circumstances concerning an application for an SSN ( e.g., false identity; illegal alien; scrambled earnings);
• an indication that an SSN was assigned based on harassment, abuse, or life endangerment;
• an indication that a person has filed a benefit claim under a particular SSN; and
• other indicators needed to process SSN requests.
RECORD SOURCE CATEGORIES:
We obtain information in this system of records from SSN applicants (or persons acting on their behalf), as well as Federal, State, and local agencies.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
We will disclose records pursuant to the following routine uses; however, we will not disclose any information defined as "return or return information" under 26 U.S.C. 6103 of the Internal Revenue Code (IRC), unless authorized by a statute, the Internal Revenue Service (IRS), or IRS regulations.
1. To employers (or agents on their behalf) in order to complete their records for reporting wages to us pursuant to the Federal Insurance Contributions Act and section 218 of the Social Security Act.
[top] 2. To Federal, State, and local entities to assist them with administering income maintenance and health-maintenance programs, when a Federal statute authorizes them to use the SSN.
3. To the Department of Justice (DOJ) for investigating and prosecuting violations of the Social Security Act.
4. To Department of Homeland Security (DHS), upon request, to identify and locate aliens in the United States pursuant to section 290(b) of the Immigration and Nationality Act (8 U.S.C. 1360(b)).
5. To the Railroad Retirement Board (RRB), for the purpose of administering provisions of the Social Security Act relating to railroad employment and for administering the Railroad Unemployment Insurance Act.
6. To the Department of the Treasury, for:
(a) tax administration as defined in section 6103 of the IRC (26 U.S.C. 6103);
(b) investigating the alleged theft, forgery, or unlawful negotiation of Social Security checks; and
(c) administering those sections of the IRC that grant tax benefits based on support or residence of children. As required by section 1090(b) of the Taxpayer Relief Act of 1997, Public Law 105-34, this routine use applies specifically to the SSNs of parents show on an application for an SSN for a person who has not yet attained age 18.
7. To a congressional office in response to an inquiry from that office made on behalf of, and at the request of, the subject of the record or third party acting on the subject's behalf.
8. To the Department of State (DOS) for administering the Social Security Act in foreign countries through its facilities and services.
9. To the American Institute, a private corporation under contract to DOS, for administering the Social Security Act on Taiwan through facilities and services of that agency.
10. To the Department of Veterans Affairs (DVA), Regional Office, Manila, Philippines, for the administration of the Social Security Act in the Philippines and other parts of the Asia-Pacific region through services and facilities of that agency.
11. To the Department of Labor (DOL) for administering provisions of Title IV of the Federal Coal Mine Health and Safety Act, as amended by the Black Lung Benefits Act, and for studies on the effectiveness of training programs to combat poverty.
12. To DVA:
(a) to validate SSNs of compensation recipients/pensioners so that DVA can release accurate pension/compensation data to us for Social Security program purposes; and
(b) upon request, for purposes of determining eligibility for, or amount of DVA benefits, or verifying other information with respect thereto.
13. To Federal agencies that use the SSN as a numerical identifier in their record-keeping systems for the purpose of validating SSNs.
14. To DOJ, a court or other tribunal, or another party before such court or tribunal, when:
(a) SSA, or any component thereof; or
(b) any SSA employee in their official capacity; or:
(c) any SSA employee in their individual capacity where DOJ (or SSA, where it is authorized to do so) has agreed to represent the employee; or
(d) the United States or any agency thereof where we determine the litigation is likely to affect SSA or any of its components, is a party to the litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court or other tribunal, or another party before the tribunal is relevant and necessary to the litigation, provided, however, that in each case, we determine that such disclosure is compatible with the purpose for which the records were collected.
15. To State audit agencies for the purpose of:
(a) auditing State supplementation payments and Medicaid eligibility considerations; and
(b) expenditures of Federal funds by the State in support of the Disability Determination Services.
16. To the Social Security agency of a foreign country to carry out the purpose of an international social security agreement entered into between the United States and the other country, pursuant to section 233 of the Social Security Act.
17. To Federal, State, or local agencies (or agents on their behalf), for administering income or health maintenance programs including programs under the Social Security Act. Such disclosures include the release of information to the following agencies, but are not limited to:
(a) RRB, for administering provisions of the Railroad Retirement Act and Social Security Act, relating to railroad employment, and for administering provisions of the Railroad Unemployment Insurance Act;
(b) DVA, for administering 38 U.S.C. 1312, and upon request, for determining eligibility for, or amount of, veterans' benefits or for verifying other information with respect thereto pursuant to 38 U.S.C. 5106;
(c) DOL, for administering provisions of Title IV of the Federal Coal Mine Health and Safety Act, as amended by the Black Lung Benefits Act.
18. To State welfare departments:
(a) pursuant to agreements with us, for the administration of State supplementation payments;
(b) for enrollment of welfare beneficiaries for medical insurance under section 1843 of the Social Security Act; and
(c) for conducting independent quality assurance reviews of SSI beneficiary records, provided that the agreement for Federal administration of the supplementation provides for such an independent review.
19. To third party contacts ( e.g., State bureaus of vital statistics and DHS) that issue documents to persons when the third party has, or is expected to have, information that will verify documents when we are unable to determine if such documents are authentic.
20. To DOJ, Criminal Division, Human Rights and Special Prosecutions Section, upon receipt of a request for information pertaining to the identity and location of aliens for the purpose of detecting, investigating and, where appropriate, taking legal action against suspected participants in Nazi persecution, genocide, and torture or extra judicial killings in the United States.
21. To the Selective Service System for the purpose of enforcing draft registration pursuant to the provisions of the Military Selective Service Act (50 U.S.C. App. §?462, as amended by section 916 of Pub. L. 97-86).
22. To contractors and other Federal agencies, as necessary, for assisting SSA in the efficient administration of its programs. We will disclose information under this routine use only in situations in which SSA may enter into a contractual or similar agreement with a third party to assist in accomplishing an agency function relating to this system of records.
23. To the National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 2906.
24. To the Office of Personnel Management (OPM) upon receipt of a request from that agency in accordance with 5 U.S.C. 8347(m)(3), to disclose SSN information when OPM needs the information to administer its pension program for retired Federal Civil Service employees.
25. To the Department of Education, upon request, to verify SSNs and to disclose citizenship status concerning applicants who apply to postsecondary educational institutions for financial assistance under Title IV of the Higher Education Act of 1965 (20 U.S.C. 1091).
[top] 26. To student volunteers, individuals working under a personal services contract, and other workers who technically do not have the status of
27. To Federal, State, and local law enforcement agencies and private security contractors, as appropriate, information necessary:
(a) to enable them to ensure the safety of our employees and customers, the security of our workplace, and the operation of our facilities; or
(b) to assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupt the operation of our facilities.
28. To recipients of erroneous Death Master File (DMF) information, to disclose corrections to information that resulted in erroneous inclusion of persons in the DMF.
29. To State vital records and statistics agencies, the SSNs of newborn children for administering public health and income maintenance programs, including conducting statistical studies and evaluation projects.
30. To State motor vehicle administration agencies (MVA) and to State agencies charged with administering State identification card programs for the public to verify names, dates of birth, and Social Security numbers on those persons who apply for, or for whom the State issues, driver's licenses or State identification cards.
31. To entities conducting epidemiological or similar research projects, upon request, pursuant to section 1106(d) of the Social Security Act (42 U.S.C. 1306(d)), to disclose information as to whether a person is alive or deceased, provided that:
(a) we determine, in consultation with the Department of Health and Human Services (HHS), that the research may reasonably be expected to contribute to a national health interest;
(b) the requester agrees to reimburse us for the costs of providing the information; and
(c) the requester agrees to comply with any safeguards and limitations we specify regarding re-release or re-disclosure of the information.
32. To DHS and to employers for the administration of the E-Verify Program, pursuant to Public Law 104-208, section 404(e). We will inform DHS and the employer participating in the E-Verify Program that the identifying data (SSN, name, and date of birth) furnished by an employer concerning a particular employee matches, or does not match, the data maintained in this system of records, and when there is such a match, that information in this system of records indicates that the employee is, or is not, a citizen of the United States.
33. To a State Bureau of Vital Statistics (BVS) that is authorized by States to issue electronic death reports when the State BVS requests that we verify the SSN of a person on whom the State will file an electronic death report after we verify the SSN.
34. To the Department of Defense (DOD) to disclose validated SSN information and citizenship status information for the purpose of assisting DOD in identifying those members of the Armed Forces and military enrollees who are aliens or non-citizen nationals who may qualify for expedited naturalization or citizenship processing. These disclosures will be made pursuant to requests made under section 329 of the Immigration and Nationality Act, 8 U.S.C. 1440, as executed by Executive Order 13269.
35. To contractors, cooperative agreement awardees, State agencies, Federal agencies, and Federal congressional support agencies for research and statistical activities that are designed to increase knowledge about present or alternative Social Security programs; are of importance to the Social Security program or the Social Security beneficiaries; or are for an epidemiological project that relates to the Social Security program or beneficiaries. We will disclose information under this routine use pursuant only to a written agreement with us.
36. To State and Territory MVA officials (or agents or contractors on their behalf) and State and Territory chief election officials, under the provisions of section 205(r)(8) of the Social Security Act (42 U.S.C. 405(r)(8)), to verify the accuracy of information the State agency provides with respect to applications for voter registration for those persons who do not have a driver's license number:
(a) when the applicant provides the last four digits of the SSN, or
(b) when the applicant provides the full SSN, in accordance with section 7 of the Privacy Act (5 U.S.C. 552a note), as described in section 303(a)(5)(D) of the Help America Vote Act of 2002. (42 U.S.C. 15483(a)(5)(D)).
37. To the Secretary of HHS or to any State, any record or information requested in writing by the Secretary for the purpose of administering any program administered by the Secretary, if we disclosed records or information of such type under applicable rules, regulations, and procedures in effect before the date of enactment of the Social Security Independence and Program Improvements Act of 1994.
38. To appropriate agencies, entities, and persons when:
(a) SSA suspects or has confirmed that there has been a breach of the system of records;
(b) SSA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, SSA (including its information systems, programs, and operations), the Federal Government, or national security; and
(c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with SSA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
39. To State agencies charged with administering Medicaid and the Children's Health Insurance Program (CHIP) to verify personal identification data ( e.g., name, SSN, and date of birth) and to disclose citizenship status information to assist them in determining new applicants' entitlement to benefits provided by the CHIP.
40. To HHS, Centers for Medicare and Medicaid Services, for the purpose of the administration of Insurance Affordability Programs (IAP) and to identify individuals who qualify for an exemption from the individual responsibility requirement in accordance with the Patient Protection and Affordable Care Act of 2010 (Pub. L. 111-148), as amended by the Health Care and Education Reconciliation Act of 2010 (Pub. L. 111-152). IAPs include a Qualified Health Plan through the Exchange, Advance Payments of the Premium Tax Credit, Cost Sharing Reductions, Medicaid, the Children's Health Insurance Program, and the Basic Health Program.
41. To the Corporation for National and Community Service, upon request, to verify SSNs and to provide citizenship status as recorded in our records concerning individuals applying to serve in approved national service positions and those designated to receive national service education awards under the National and Community Service Act.
42. To another Federal agency or Federal entity, when SSA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in:
(a) responding to a suspected or confirmed breach; or
[top] (b) preventing, minimizing, or remedying the risk of harm to
43. To State and local government agencies, in situations involving suspected abuse, neglect, or exploitation of minor children or vulnerable adults, to report suspected abuse or determine a victim's eligibility for services.
44. To a State BVS, when it provided SSA information that an individual was deceased to notify the State of the error in the record so furnished.
45. To the Department of the Treasury, for purposes of tax administration, debt collection, and identifying, preventing, and recovering improper payments under federally funded programs and to Federal and State agencies for conducting statistical and research activities, pursuant to sections 202(x) and 1611(e) of the Social Security Act. We will disclose only verified prisoner information ( e.g., name, SSN, gender code, and date of birth) under this routine use.
46 To the Office of the President, in response to an inquiry from that office made on behalf of, and at the request of, the subject of the record or a third party acting on the subject's behalf.
47. To HHS, Office of Child Support Enforcement, as required by section 453(e)(2) and (j)(1) of the Social Security Act for the administration of the Federal Parent Locator System.
48. To proper applicants submitting an application for a Social Security Card, when the proper applicant establishes that the number holder is physically or mentally unable to file for a Social Security card on their own behalf and provides evidence of custody or legal relationship for the number holder, we may provide the number holder's SSN.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
We will maintain records in this system in paper and in electronic form.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
This system maintains information about individuals by SSN, name, date of birth, the agency's internal processing reference number, or alien registration number. If we deny an application because the applicant submitted fraudulent evidence, or if we are verifying evidence we suspect to be fraudulent, we will retrieve records either by the applicant's name plus month and year of birth, or by the applicant's name plus the eleven-digit reference number of the disallowed application.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
In accordance with NARA rules codified at 36 CFR 1225.16, we maintain records in accordance with NARA-approved agency-specific records schedule, N1-47-09-02, item 2, and NARA's General Records Schedule (GRS) 4.2, items 020 and 050, and GRS 5.2, item 010.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
We retain electronic and paper files containing personal identifiers in secure storage areas accessible only by authorized individuals, including our employees and contractors, who have a need for the information when performing their official duties. Security measures include, but are not limited to, the use of codes and profiles, personal identification number and password, and personal identification verification cards. We restrict access to specific correspondence within the system based on assigned roles and authorized users. We keep paper records in cabinets within secure areas, with access limited to only those employees who have an official need for access in order to perform their duties. We use audit mechanisms to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.
We annually provide authorized individuals, including our employees and contractors, with appropriate security awareness training that includes reminders about the need to protect PII and the criminal penalties that apply to unauthorized access to, or disclosure of, PII (5 U.S.C. 552a(i)(1)). Furthermore, authorized individuals with access to databases maintaining PII must annually sign a sanctions document that acknowledges their accountability for inappropriately accessing or disclosing such information.
RECORD ACCESS PROCEDURES:
Individuals may submit requests for information about whether this system contains a record about them by submitting a written request to the system manager at the above address, which includes their name, SSN, or other information that may be in this system of records that will identify them. Individuals requesting notification of, or access to, a record by mail must include: (1) a notarized statement to us to verify their identity; or (2) must certify in the request that they are the individual they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.
Individuals requesting notification of, or access to, records in person must provide their name, SSN, or other information that may be in this system of records that will identify them, as well as provide an identity document, preferably with a photograph, such as a driver's license. Individuals lacking identification documents sufficient to establish their identity must certify in writing that they are the individual they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.
These procedures are in accordance with our regulations at 20 CFR 401.40 and 401.45.
CONTESTING RECORD PROCEDURES:
Same as record access procedures. Individuals should also reasonably identify the record, specify the information they are contesting, and state the corrective action sought and the reasons for the correction with supporting justification showing how the record is incomplete, untimely, inaccurate, or irrelevant. These procedures are in accordance with our regulations at 20 CFR 401.65(a).
NOTIFICATION PROCEDURES:
Same as records access procedures. These procedures are in accordance with our regulations at 20 CFR 401.40 and 401.45.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
87 FR 263 (January 4, 2022), Master Files of Social Security Number (SSN) Holders and SSN Applications.
[FR Doc. 2024-31131 Filed 12-30-24; 8:45 am]
BILLING CODE 4191-02-P