[Federal Register Volume 74, Number 194 (Thursday, October 8, 2009)] [Notices] [Pages 51940-51943] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: E9-24275] [[Page 51940]] ======================================================================= ----------------------------------------------------------------------- SOCIAL SECURITY ADMINISTRATION Privacy Act of 1974; as Amended Proposed Alteration to an Existing Privacy Act System of Records, and New Routine Use AGENCY: Social Security Administration (SSA). ACTION: Altered system of records and routine use. ----------------------------------------------------------------------- SUMMARY: We are issuing public notice of our intent to alter an existing system of records and to add a routine use applicable to this system of records in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and (e)(11)). The system of records is entitled the Attorney and Eligible Direct Pay Non-Attorney (EDPNA) 1099-MISC File (60-0325), hereinafter referred to as the Appointed Representative File. We propose the following changes:Expand the purpose for the Appointed Representative File system of records to allow us to collect, maintain, and use information covered by the system of records to administer activities (e.g., authentication, registration, payment, monitoring, and termination of appointment) of appointed representatives. Expand the category of persons covered by the system of records to include non-professional persons (e.g., a friend, neighbor, or minister). In 2010, we will expand the category of persons further to include firms and other professional entities as representatives. Expand the category of records we maintain in the system to include the representative's date of birth, cell phone information, and assigned representative identification number. Change the system of records name from the Attorney and Eligible Direct Pay Non-Attorney (EDPNA) 1099-MISC File to the Appointed Representative File to more accurately reflect the persons covered by the system of records. The change also reflects that we have created a single repository, identified as the Appointed Representative Database, in which we will maintain all representational data. Add our data protection routine use to the system of records to allow us to release information to appropriate entities, persons, and Federal, State, and local agencies when we suspect or confirm an unauthorized release of personally identifiable information. We discuss the altered system of records and new routine use in the Supplementary Information section below. We invite public comments on this proposal. DATES: We filed a report of the altered Appointed Representative File system of records and new routine use disclosure with the Chairman of the Senate Committee on Homeland Security and Governmental Affairs, the Chairman of the House Committee on Oversight and Government Reform, and the Director, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB) on September 23, 3009. The altered Appointed Representative File system of records and new routine use will become effective on November 6, 2009, unless we receive comments before that date that would result in a contrary determination. ADDRESSES: Interested persons may comment on this publication by writing to the Executive Director, Office of Privacy and Disclosure, Office of the General Counsel, Social Security Administration, Room 3- A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401. All comments we receive will be available for public inspection at the above address. FOR FURTHER INFORMATION CONTACT: Christine W. Johnson, Social Insurance Specialist (Senior Analyst), Disclosure Policy Development and Services Division I, Office of Privacy and Disclosure, Office of the General Counsel, Social Security Administration, Room 3-A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, telephone: (410) 965-8563 or e-mail: [email protected]. SUPPLEMENTARY INFORMATION: I. Background and Purpose of the Appointed Representative File System of Records A. General Background In order to increase the number of disability claims and appeals filed online, we established the Disability Direct initiative and created a staggered roll-out process to automate the disability claims and services process, to the maximum extent possible. Through the Disability Direct initiative, we will: (1) Simplify the online application process; (2) establish an automated suite of services for appointed representatives; and (3) receive application data and medical records by direct transmission from third parties and medical service providers. The Disability Direct initiative will improve online disability claims and appeals to help offset our labor-intensive disability workload. On September 8, 2008, we published revisions to the Rules on Representation of Parties in the Federal Register (See 73 FR 51963 (September 8, 2008)) to make it easier for representatives to do business with us electronically. We are altering the Appointed Representative File system of records specifically to implement an online suite of services for representatives. The online services will enable us to establish a framework of new business processes and systems enhancements and to provide comprehensive online services for representatives who wish to perform services on behalf of our claimants. To ensure that we administer the appointed representative business process in a more efficient and effective manner, we propose to: (1) Expand the purpose for which we collect, maintain, and use the information covered by this system of records to include the overall administration of all representational activities of appointed representatives; (2) expand the category of persons covered by the system of records to include non-professional persons (e.g., a friend, neighbor, or minister); (3) expand the category of records we maintain in the system to include the representative's date of birth, cell phone information, and representative identification number; (4) change the name of the system of records to more accurately reflect the persons covered by the system of records; and (5) add our data protection routine use to the system of records. Our long-standing policy is to recognize only persons as representatives. However, in the decades since we adopted that policy, the business practices of claimants' representatives have changed significantly. For example, many claimants prefer to hire a firm rather than a single person within a firm. Accordingly, to provide claimants better flexibility in pursuing matters before us, starting in 2010, we will recognize firms and other professional entities as representatives. We will maintain all information about appointed representatives, regardless of the category, payment type, or representational status of the representative, in a single repository identified as the Appointed Representative Database, covered by the Appointed Representative File system of records. B. Discussion of Appointed Representative File System of Records We believe that the proposed alteration will significantly strengthen the framework of the appointed representative business process, as well as our efforts to enhance the infrastructure for electronic paperless processes. The alteration brings together related information in a single repository designed to increase [[Page 51941]] communication efficiency with other key agency systems. It will also increase accuracy in the way we administer the representative process. C. Discussion of New Routine Use As recommended by the President's Identity Theft Task Force, as mandated by the Office of Management and Budget (OMB) in Memorandum M- 07-16, and in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and (11)), we established a routine use that specifically permits us to disclose our information when we respond to the unintentional release of agency information (a data security breach). Such a routine use serves to protect the interests of the people whose information is at risk by allowing us to take appropriate steps to facilitate a timely and effective response to a data breach. (See 72 FR 69723 (December 10, 2007)). II. Records Storage Medium and Safeguards for the Information Covered by the Appointed Representative File System of Records We will maintain, in paper and electronic form, appointed representative information covered by the Appointed Representative File system of records. We will keep paper records in locked cabinets or in other secure areas. We will safeguard the security of the electronic information covered by the Appointed Representative File system of records by requiring the use of access codes to enter the computer system that will house the data. We annually provide all of our employees and contractors with appropriate security awareness and training that includes reminders about the need to protect personally identifiable information and the criminal penalties that apply to unauthorized access to, or disclosure of, personally identifiable information. See 5 U.S.C. 552a(i)(1). Employees and contractors with access to databases maintaining personally identifiable information must sign a sanction document annually, acknowledging their accountability for inappropriately accessing or disclosing such information. III. Effects of the Appointed Representative File System of Records and Routine Use Disclosure on the Rights of Individuals A. Discussion Relating to the Alteration We propose altering the Appointed Representative File system of records as part of our responsibilities in continuing to expand our business processes. We will adhere to all applicable statutory requirements, including those under the Social Security Act and the Privacy Act, in carrying out our responsibilities. Therefore, we do not anticipate that the proposed alteration to this system of records will have any adverse effect on the privacy or other rights of the persons covered by the system of records. B. Discussion Relating to the New Routine Use The new routine use will serve to protect the interests of persons whose information could be at risk. We will take appropriate steps to facilitate a timely and effective response to a security breach of our data, thereby improving our ability to prevent, minimize, or remedy any harm that may result from a compromise of data maintained in our system of records. We do not anticipate that the new routine use will have any adverse effect on the rights of persons whose data might be disclosed. IV. Compatibility of Proposed Routine Use As mandated by OMB, as recommended by the President's Identity Theft Task Force, and in accordance with the Privacy Act (5 U.S.C. 552a(a)(7) and (b)(3)) and our disclosure regulation (20 CFR Part 401), we are permitted to release information under a published routine use for a purpose that is compatible with the purpose for which we collected the information. Section 401.20 of our regulations provides that we will disclose information required by law. Since OMB has mandated its publication, this routine use is appropriate and meets the relevant statutory and regulatory criteria. In addition, we disclose to other agencies, entities, and persons, when necessary, to respond to an unintentional release. These disclosures are compatible with the reasons we collect the information, as helping to prevent and minimize the potential for harm is consistent with taking appropriate steps to protect information entrusted to us. See 5 U.S.C. 552a(e)(10). Dated: September 23, 2009. Michael J. Astrue, Commissioner. Social Security Administration Notice of System of Records Required by the Privacy Act of 1974; as Amended System Number: 60-0325. System name: Appointed Representative File, Social Security Administration (SSA), Office of Disability Adjudication and Review and Deputy Commissioner for Retirement and Disability Policy. Security classification: None. System Location: Social Security Administration, Office of Systems, 6401 Security Boulevard, Baltimore, Maryland 21235. Categories of individuals covered by the system: This system covers all claimants' representatives who are currently eligible to represent SSA claimants or have represented SSA claimants in the past at the administrative or court level in SSA matters. A representative may be any person (e.g., attorney, eligible direct pay non-attorney, or non-professional such as a friend, neighbor, or minister), a firm, or other professional entity that provides representative services, regardless of whether the representative charges or collects a fee for providing the representational services. Categories of records in the system: This system will contain personally identifiable information and contact information for all appointed representatives. For example, we collect name (regardless of category, payment type, or representational status), date of birth, tax identification number (TIN)/Social Security number (SSN), representative identification number, tax mailing address, notice address, payment address, telephone numbers (e.g., business, fax, and cell phone) and type of representative (i.e., attorney, eligible direct pay non-attorney, non-professional, a firm, or other professional entity). The system will also contain information about the representative's legal standing and business affiliations. For example, we collect current bar and court information (e.g., year admitted, license number, present standing), sanction-related information (e.g., ``Disqualified or Suspended,'' and start/stop date of sanction), date the appointment was signed, termination of service date, business affiliation information (e.g., sole proprietor or single-member Limited Liability Company/Limited Liability partnership, partner, or salaried employee), name and address of the firm or entity, employer identification number (EIN) of the entity, and banking information. The system will also maintain relevant claimants' SSNs. [[Page 51942]] Authority for maintenance of the system: Sections 205, 206, 1631(d)(1) and 1631(d)(2) of the Social Security Act, as amended, sections 6041 and 6045 of the Internal Revenue Code, and implementing regulations at 26 CFR part 1. Purpose(s): By altering the Appointed Representative File system of records, we will more efficiently collect, maintain, and use information about appointed representatives, regardless of category, payment type, or representational status, and strengthen the overall representative business process. We use information in this system to verify, document, and organize information about representatives. Routine uses of records covered by the Appointed Representative File system of records, including categories of users and the purposes of such uses: Routine use disclosures are indicated below; however, we will not disclose any information defined as ``return or return information'' under 26 U.S.C. 6103 of the Internal Revenue Code (IRC), unless authorized by the IRC, the Internal Revenue Service (IRS), or IRS regulations. 1. To the Office of the President in response to an inquiry made at the request of the subject of the record or a third party on that person's behalf. 2. To a congressional office in response to an inquiry from that office made at the request of the subject of the record or a third party on that person's behalf. 3. To the IRS and to State and local government tax agencies in response to inquiries regarding receipt of fees we paid directly starting in calendar year 2007. 4. To the IRS to permit its auditing of our compliance with the safeguard provisions of the IRC of 1986, as amended. 5. To the Department of Justice (DOJ), a court, other tribunal, or another party before such court or tribunal when: (a) SSA or any component thereof; (b) any SSA employee in his or her official capacity; (c) any SSA employee in his or her individual capacity when DOJ (or SSA when we are authorized to do so) has agreed to represent the employee; or (d) the United States, or any agency thereof, when we determine that the litigation is likely to affect the operations of SSA or any of its components, is a party to litigation or has an interest in such litigation, and we determine that the use of such records by DOJ, a court, other tribunal, or another party before such court or tribunal is relevant and necessary to the litigation. In each case, however, we must determine that such disclosure is compatible with the purpose for which we collected the records. 6. To DOJ for: (a) investigating and prosecuting violations of the Social Security Act to which criminal penalties attach; (b) representing the Commissioner; or (c) investigating issues of fraud or violation of civil rights by agency officers or employees. 7. To contractors and other Federal agencies, as necessary, to assist us in efficiently administering our programs. We will disclose information under this routine use only in situations in which we may enter into a contractual or similar agreement with a third party to assist in accomplishing an agency function relating to this system of records. 8. To student volunteers, persons working under a personal services contract, and others who are not technically Federal employees, when they are performing work for us, as authorized by law, and they need access to information in our records in order to perform their assigned duties. 9. To Federal, State, and local law enforcement agencies and private security contractors as appropriate, information as necessary: (a) to enable them to assure the safety of our employees and customers, the security of our workplace, and the operation of our facilities; or (b) to assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupt the operation of our facilities. 10. To the General Services Administration and the National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by the NARA Act, information that is not restricted from disclosure by Federal law for their use in conducting records management studies. 11. To employers to assist us in collecting debts owed by claimants' representatives who received an excess or erroneous representational fee payment and owe a delinquent debt to us. Disclosure under this routine use is authorized under the Debt Collection Improvement Act of 1966 (Pub. L. 104-134) and implemented through administrative wage garnishment provisions of this Act. See 31 U.S.C. 3720D. 12. To employers of claimants' representatives (e.g., law firms, partnerships, or other business entities) in accordance with the requirements of sections 6041 and 6045(f) of the IRC as implemented by the IRS Regulations found at 26 CFR 1.6041-1, and as necessary for us to carry out the requirements for fee reporting to appointed representatives. 13. To the appropriate Federal, State, and local agencies, entities, and persons when: (1) We suspect or confirm that the security or confidentiality of information in this system of records has been compromised; (2) we determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, risk of identity theft or fraud, or harm to the security or integrity of this system or our other systems or programs that rely upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. We will use this routine use to respond only to those incidents involving an unintentional release of our records. We will disclose appointed representative information under this routine use specifically in connection with response and remediation efforts in the event of an unintentional release of agency information, otherwise known as a ``data security breach.'' This routine use will protect the interests of the people whose information is at risk by allowing us to take appropriate steps to facilitate a timely and effective response to a data breach. The routine use will also help us improve our ability to prevent, minimize, or remedy any harm that may result from a compromise of data covered in this system of records. Disclosure to Consumer Reporting Agencies: Pursuant to 5 U.S.C. 552a(b)(12) of the Privacy Act, we may disclose information to consumer reporting agencies as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966 (31 U.S.C. 3701, et seq.), as amended. We will make the disclosure in accordance with 31 U.S.C. 3711(e) when authorized by sections 204(f), 808(e), or 1631(b)(4) of the Social Security Act (42 U.S.C. 404(f), 1008(e), or 1383(b)(4)). We may disclose under these circumstances to facilitate the collection of outstanding debts owed to the Federal government, to provide an incentive for debtors to repay delinquent Federal government debts by making the debts part of their credit records. The information we [[Page 51943]] disclose is limited to the person's name, address, SSN, and other information necessary to establish the person's identity, the amount, status, and history of the debt, and the agency or program under which the debt arose. Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system: Storage: We will store records in this system in paper and electronic form. Retrievability: We will retrieve records by SSN, representative identification number, or alphabetically by the person's name. Safeguards: We retain paper and electronic files with personal identifiers in secure storage areas accessible only to our authorized employees and contractors. We limit access to data with personal identifiers from this system to only our authorized personnel who have a need for the information when performing their official duties. We provide appropriate security awareness and training annually to all our employees and contractors that include reminders about the need to protect personally identifiable information and the criminal penalties that apply to unauthorized access to, or disclosure of, personally identifiable information. See 5 U.S.C. 552a(i)(l). Furthermore, employees and contractors with access to databases maintaining personally identifiable information must sign a sanction document annually, acknowledging their accountability for inappropriately accessing or disclosing such information. Retention and disposal: For purposes of records management dispositions authority, we follow the NARA and Department of Defense (DOD) 5015.2 regulations (DOD Design Criteria Standard for Electronic Records Management Software Applications). We will destroy paper and electronic records three years after the final action is taken. System manager(s) and address(es): Deputy Commissioner for Budget, Finance and Management, Social Security Administration, 6401 Security Boulevard, Baltimore, MD 21235. Notification procedures: Persons can determine if this system contains a record about them by writing to the system manager at the above address to verify their identity or they must certify in the request that they are the person they claim to be and understand that the knowing and willful request for, or acquisition of, a record pertaining to another person under false pretenses is a criminal offense. Persons requesting notification of records in person should provide the same information, as well as provide an identity document, preferably with a photograph, such as a driver's license. Persons lacking identification documents sufficient to establish their identity must certify in writing that they are the person they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record pertaining to another person under false pretenses is a criminal offense. Persons requesting notification by telephone must verify their identity by providing identifying information that parallels the information in the record about which they are requesting notification. If we determine that the identifying information the person provides by telephone is insufficient, we will require the person to submit a request in writing or in person. If a person requests information by telephone on behalf of another person, the subject person must be on the telephone with the requesting person and us in the same phone call. We will establish the subject person's identity (his or her name, SSN, address, date of birth, and place of birth, along with one other piece of information such as mother's maiden name) and ask for his or her consent to provide information to the requesting person. These procedures are in accordance with SSA Regulations (20 CFR 401.40 and 401.45). Record access procedures: Same as notification procedures. Requesters also should reasonably specify the record contents they are seeking. These procedures are in accordance with SSA Regulations (20 CFR 401.40(c)). Contesting record procedures: Same as notification procedures. Persons also should reasonably identify the record, specify the information they are contesting, and state the corrective action sought and the reasons for the correction with supporting justification showing how the record is incomplete, untimely, inaccurate, or irrelevant. These procedures are in accordance with SSA Regulations (20 CFR 401.65(a)). Record source categories: We obtain information covered by the Appointed Representative File system of records from claimant representatives and SSA records, such as the Master Beneficiary Record, Supplemental Security Record, and Master Files of Social Security Number (SSN) Holders and SSN Applications. Exemptions claimed for the system: None. [FR Doc. E9-24275 Filed 10-7-09; 8:45 am] BILLING CODE P