[Federal Register Volume 74, Number 194 (Thursday, October 8, 2009)]
[Notices]
[Pages 51940-51943]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-24275]
[[Page 51940]]
=======================================================================
-----------------------------------------------------------------------
SOCIAL SECURITY ADMINISTRATION
Privacy Act of 1974; as Amended Proposed Alteration to an
Existing Privacy Act System of Records, and New Routine Use
AGENCY: Social Security Administration (SSA).
ACTION: Altered system of records and routine use.
-----------------------------------------------------------------------
SUMMARY: We are issuing public notice of our intent to alter an
existing system of records and to add a routine use applicable to this
system of records in accordance with the Privacy Act (5 U.S.C.
552a(e)(4) and (e)(11)). The system of records is entitled the Attorney
and Eligible Direct Pay Non-Attorney (EDPNA) 1099-MISC File (60-0325),
hereinafter referred to as the Appointed Representative File.
We propose the following changes:
Expand the purpose for the Appointed Representative File
system of records to allow us to collect, maintain, and use information
covered by the system of records to administer activities (e.g.,
authentication, registration, payment, monitoring, and termination of
appointment) of appointed representatives.
Expand the category of persons covered by the system of
records to include non-professional persons (e.g., a friend, neighbor,
or minister). In 2010, we will expand the category of persons further
to include firms and other professional entities as representatives.
Expand the category of records we maintain in the system
to include the representative's date of birth, cell phone information,
and assigned representative identification number.
Change the system of records name from the Attorney and
Eligible Direct Pay Non-Attorney (EDPNA) 1099-MISC File to the
Appointed Representative File to more accurately reflect the persons
covered by the system of records. The change also reflects that we have
created a single repository, identified as the Appointed Representative
Database, in which we will maintain all representational data.
Add our data protection routine use to the system of
records to allow us to release information to appropriate entities,
persons, and Federal, State, and local agencies when we suspect or
confirm an unauthorized release of personally identifiable information.
We discuss the altered system of records and new routine use in the
Supplementary Information section below. We invite public comments on
this proposal.
DATES: We filed a report of the altered Appointed Representative File
system of records and new routine use disclosure with the Chairman of
the Senate Committee on Homeland Security and Governmental Affairs, the
Chairman of the House Committee on Oversight and Government Reform, and
the Director, Office of Information and Regulatory Affairs, Office of
Management and Budget (OMB) on September 23, 3009. The altered
Appointed Representative File system of records and new routine use
will become effective on November 6, 2009, unless we receive comments
before that date that would result in a contrary determination.
ADDRESSES: Interested persons may comment on this publication by
writing to the Executive Director, Office of Privacy and Disclosure,
Office of the General Counsel, Social Security Administration, Room 3-
A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland
21235-6401. All comments we receive will be available for public
inspection at the above address.
FOR FURTHER INFORMATION CONTACT: Christine W. Johnson, Social Insurance
Specialist (Senior Analyst), Disclosure Policy Development and Services
Division I, Office of Privacy and Disclosure, Office of the General
Counsel, Social Security Administration, Room 3-A-6 Operations
Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401,
telephone: (410) 965-8563 or e-mail: [email protected].
SUPPLEMENTARY INFORMATION:
I. Background and Purpose of the Appointed Representative File System
of Records
A. General Background
In order to increase the number of disability claims and appeals
filed online, we established the Disability Direct initiative and
created a staggered roll-out process to automate the disability claims
and services process, to the maximum extent possible. Through the
Disability Direct initiative, we will: (1) Simplify the online
application process; (2) establish an automated suite of services for
appointed representatives; and (3) receive application data and medical
records by direct transmission from third parties and medical service
providers. The Disability Direct initiative will improve online
disability claims and appeals to help offset our labor-intensive
disability workload.
On September 8, 2008, we published revisions to the Rules on
Representation of Parties in the Federal Register (See 73 FR 51963
(September 8, 2008)) to make it easier for representatives to do
business with us electronically. We are altering the Appointed
Representative File system of records specifically to implement an
online suite of services for representatives. The online services will
enable us to establish a framework of new business processes and
systems enhancements and to provide comprehensive online services for
representatives who wish to perform services on behalf of our
claimants.
To ensure that we administer the appointed representative business
process in a more efficient and effective manner, we propose to: (1)
Expand the purpose for which we collect, maintain, and use the
information covered by this system of records to include the overall
administration of all representational activities of appointed
representatives; (2) expand the category of persons covered by the
system of records to include non-professional persons (e.g., a friend,
neighbor, or minister); (3) expand the category of records we maintain
in the system to include the representative's date of birth, cell phone
information, and representative identification number; (4) change the
name of the system of records to more accurately reflect the persons
covered by the system of records; and (5) add our data protection
routine use to the system of records.
Our long-standing policy is to recognize only persons as
representatives. However, in the decades since we adopted that policy,
the business practices of claimants' representatives have changed
significantly. For example, many claimants prefer to hire a firm rather
than a single person within a firm. Accordingly, to provide claimants
better flexibility in pursuing matters before us, starting in 2010, we
will recognize firms and other professional entities as
representatives.
We will maintain all information about appointed representatives,
regardless of the category, payment type, or representational status of
the representative, in a single repository identified as the Appointed
Representative Database, covered by the Appointed Representative File
system of records.
B. Discussion of Appointed Representative File System of Records
We believe that the proposed alteration will significantly
strengthen the framework of the appointed representative business
process, as well as our efforts to enhance the infrastructure for
electronic paperless processes. The alteration brings together related
information in a single repository designed to increase
[[Page 51941]]
communication efficiency with other key agency systems. It will also
increase accuracy in the way we administer the representative process.
C. Discussion of New Routine Use
As recommended by the President's Identity Theft Task Force, as
mandated by the Office of Management and Budget (OMB) in Memorandum M-
07-16, and in accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and
(11)), we established a routine use that specifically permits us to
disclose our information when we respond to the unintentional release
of agency information (a data security breach). Such a routine use
serves to protect the interests of the people whose information is at
risk by allowing us to take appropriate steps to facilitate a timely
and effective response to a data breach. (See 72 FR 69723 (December 10,
2007)).
II. Records Storage Medium and Safeguards for the Information Covered
by the Appointed Representative File System of Records
We will maintain, in paper and electronic form, appointed
representative information covered by the Appointed Representative File
system of records. We will keep paper records in locked cabinets or in
other secure areas. We will safeguard the security of the electronic
information covered by the Appointed Representative File system of
records by requiring the use of access codes to enter the computer
system that will house the data.
We annually provide all of our employees and contractors with
appropriate security awareness and training that includes reminders
about the need to protect personally identifiable information and the
criminal penalties that apply to unauthorized access to, or disclosure
of, personally identifiable information. See 5 U.S.C. 552a(i)(1).
Employees and contractors with access to databases maintaining
personally identifiable information must sign a sanction document
annually, acknowledging their accountability for inappropriately
accessing or disclosing such information.
III. Effects of the Appointed Representative File System of Records and
Routine Use Disclosure on the Rights of Individuals
A. Discussion Relating to the Alteration
We propose altering the Appointed Representative File system of
records as part of our responsibilities in continuing to expand our
business processes. We will adhere to all applicable statutory
requirements, including those under the Social Security Act and the
Privacy Act, in carrying out our responsibilities. Therefore, we do not
anticipate that the proposed alteration to this system of records will
have any adverse effect on the privacy or other rights of the persons
covered by the system of records.
B. Discussion Relating to the New Routine Use
The new routine use will serve to protect the interests of persons
whose information could be at risk. We will take appropriate steps to
facilitate a timely and effective response to a security breach of our
data, thereby improving our ability to prevent, minimize, or remedy any
harm that may result from a compromise of data maintained in our system
of records. We do not anticipate that the new routine use will have any
adverse effect on the rights of persons whose data might be disclosed.
IV. Compatibility of Proposed Routine Use
As mandated by OMB, as recommended by the President's Identity
Theft Task Force, and in accordance with the Privacy Act (5 U.S.C.
552a(a)(7) and (b)(3)) and our disclosure regulation (20 CFR Part 401),
we are permitted to release information under a published routine use
for a purpose that is compatible with the purpose for which we
collected the information. Section 401.20 of our regulations provides
that we will disclose information required by law. Since OMB has
mandated its publication, this routine use is appropriate and meets the
relevant statutory and regulatory criteria. In addition, we disclose to
other agencies, entities, and persons, when necessary, to respond to an
unintentional release. These disclosures are compatible with the
reasons we collect the information, as helping to prevent and minimize
the potential for harm is consistent with taking appropriate steps to
protect information entrusted to us. See 5 U.S.C. 552a(e)(10).
Dated: September 23, 2009.
Michael J. Astrue,
Commissioner.
Social Security Administration
Notice of System of Records Required by the Privacy Act of 1974; as
Amended
System Number:
60-0325.
System name:
Appointed Representative File, Social Security Administration
(SSA), Office of Disability Adjudication and Review and Deputy
Commissioner for Retirement and Disability Policy.
Security classification:
None.
System Location:
Social Security Administration, Office of Systems, 6401 Security
Boulevard, Baltimore, Maryland 21235.
Categories of individuals covered by the system:
This system covers all claimants' representatives who are currently
eligible to represent SSA claimants or have represented SSA claimants
in the past at the administrative or court level in SSA matters. A
representative may be any person (e.g., attorney, eligible direct pay
non-attorney, or non-professional such as a friend, neighbor, or
minister), a firm, or other professional entity that provides
representative services, regardless of whether the representative
charges or collects a fee for providing the representational services.
Categories of records in the system:
This system will contain personally identifiable information and
contact information for all appointed representatives. For example, we
collect name (regardless of category, payment type, or representational
status), date of birth, tax identification number (TIN)/Social Security
number (SSN), representative identification number, tax mailing
address, notice address, payment address, telephone numbers (e.g.,
business, fax, and cell phone) and type of representative (i.e.,
attorney, eligible direct pay non-attorney, non-professional, a firm,
or other professional entity).
The system will also contain information about the representative's
legal standing and business affiliations. For example, we collect
current bar and court information (e.g., year admitted, license number,
present standing), sanction-related information (e.g., ``Disqualified
or Suspended,'' and start/stop date of sanction), date the appointment
was signed, termination of service date, business affiliation
information (e.g., sole proprietor or single-member Limited Liability
Company/Limited Liability partnership, partner, or salaried employee),
name and address of the firm or entity, employer identification number
(EIN) of the entity, and banking information.
The system will also maintain relevant claimants' SSNs.
[[Page 51942]]
Authority for maintenance of the system:
Sections 205, 206, 1631(d)(1) and 1631(d)(2) of the Social Security
Act, as amended, sections 6041 and 6045 of the Internal Revenue Code,
and implementing regulations at 26 CFR part 1.
Purpose(s):
By altering the Appointed Representative File system of records, we
will more efficiently collect, maintain, and use information about
appointed representatives, regardless of category, payment type, or
representational status, and strengthen the overall representative
business process. We use information in this system to verify,
document, and organize information about representatives.
Routine uses of records covered by the Appointed Representative File
system of records, including categories of users and the purposes of
such uses:
Routine use disclosures are indicated below; however, we will not
disclose any information defined as ``return or return information''
under 26 U.S.C. 6103 of the Internal Revenue Code (IRC), unless
authorized by the IRC, the Internal Revenue Service (IRS), or IRS
regulations.
1. To the Office of the President in response to an inquiry made at
the request of the subject of the record or a third party on that
person's behalf.
2. To a congressional office in response to an inquiry from that
office made at the request of the subject of the record or a third
party on that person's behalf.
3. To the IRS and to State and local government tax agencies in
response to inquiries regarding receipt of fees we paid directly
starting in calendar year 2007.
4. To the IRS to permit its auditing of our compliance with the
safeguard provisions of the IRC of 1986, as amended.
5. To the Department of Justice (DOJ), a court, other tribunal, or
another party before such court or tribunal when:
(a) SSA or any component thereof;
(b) any SSA employee in his or her official capacity;
(c) any SSA employee in his or her individual capacity when DOJ (or
SSA when we are authorized to do so) has agreed to represent the
employee; or
(d) the United States, or any agency thereof, when we determine
that the litigation is likely to affect the operations of SSA or any of
its components, is a party to litigation or has an interest in such
litigation, and we determine that the use of such records by DOJ, a
court, other tribunal, or another party before such court or tribunal
is relevant and necessary to the litigation. In each case, however, we
must determine that such disclosure is compatible with the purpose for
which we collected the records.
6. To DOJ for:
(a) investigating and prosecuting violations of the Social Security
Act to which criminal penalties attach;
(b) representing the Commissioner; or
(c) investigating issues of fraud or violation of civil rights by
agency officers or employees.
7. To contractors and other Federal agencies, as necessary, to
assist us in efficiently administering our programs. We will disclose
information under this routine use only in situations in which we may
enter into a contractual or similar agreement with a third party to
assist in accomplishing an agency function relating to this system of
records.
8. To student volunteers, persons working under a personal services
contract, and others who are not technically Federal employees, when
they are performing work for us, as authorized by law, and they need
access to information in our records in order to perform their assigned
duties.
9. To Federal, State, and local law enforcement agencies and
private security contractors as appropriate, information as necessary:
(a) to enable them to assure the safety of our employees and
customers, the security of our workplace, and the operation of our
facilities; or
(b) to assist investigations or prosecutions with respect to
activities that affect such safety and security or activities that
disrupt the operation of our facilities.
10. To the General Services Administration and the National
Archives and Records Administration (NARA) under 44 U.S.C. 2904 and
2906, as amended by the NARA Act, information that is not restricted
from disclosure by Federal law for their use in conducting records
management studies.
11. To employers to assist us in collecting debts owed by
claimants' representatives who received an excess or erroneous
representational fee payment and owe a delinquent debt to us.
Disclosure under this routine use is authorized under the Debt
Collection Improvement Act of 1966 (Pub. L. 104-134) and implemented
through administrative wage garnishment provisions of this Act. See 31
U.S.C. 3720D.
12. To employers of claimants' representatives (e.g., law firms,
partnerships, or other business entities) in accordance with the
requirements of sections 6041 and 6045(f) of the IRC as implemented by
the IRS Regulations found at 26 CFR 1.6041-1, and as necessary for us
to carry out the requirements for fee reporting to appointed
representatives.
13. To the appropriate Federal, State, and local agencies,
entities, and persons when: (1) We suspect or confirm that the security
or confidentiality of information in this system of records has been
compromised; (2) we determine that as a result of the suspected or
confirmed compromise there is a risk of harm to economic or property
interests, risk of identity theft or fraud, or harm to the security or
integrity of this system or our other systems or programs that rely
upon the compromised information; and (3) we determine that disclosing
the information to such agencies, entities, and persons is necessary to
assist in our efforts to respond to the suspected or confirmed
compromise and prevent, minimize, or remedy such harm. We will use this
routine use to respond only to those incidents involving an
unintentional release of our records.
We will disclose appointed representative information under this
routine use specifically in connection with response and remediation
efforts in the event of an unintentional release of agency information,
otherwise known as a ``data security breach.'' This routine use will
protect the interests of the people whose information is at risk by
allowing us to take appropriate steps to facilitate a timely and
effective response to a data breach. The routine use will also help us
improve our ability to prevent, minimize, or remedy any harm that may
result from a compromise of data covered in this system of records.
Disclosure to Consumer Reporting Agencies:
Pursuant to 5 U.S.C. 552a(b)(12) of the Privacy Act, we may
disclose information to consumer reporting agencies as defined in the
Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims
Collection Act of 1966 (31 U.S.C. 3701, et seq.), as amended. We will
make the disclosure in accordance with 31 U.S.C. 3711(e) when
authorized by sections 204(f), 808(e), or 1631(b)(4) of the Social
Security Act (42 U.S.C. 404(f), 1008(e), or 1383(b)(4)). We may
disclose under these circumstances to facilitate the collection of
outstanding debts owed to the Federal government, to provide an
incentive for debtors to repay delinquent Federal government debts by
making the debts part of their credit records. The information we
[[Page 51943]]
disclose is limited to the person's name, address, SSN, and other
information necessary to establish the person's identity, the amount,
status, and history of the debt, and the agency or program under which
the debt arose.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
We will store records in this system in paper and electronic form.
Retrievability:
We will retrieve records by SSN, representative identification
number, or alphabetically by the person's name.
Safeguards:
We retain paper and electronic files with personal identifiers in
secure storage areas accessible only to our authorized employees and
contractors. We limit access to data with personal identifiers from
this system to only our authorized personnel who have a need for the
information when performing their official duties.
We provide appropriate security awareness and training annually to
all our employees and contractors that include reminders about the need
to protect personally identifiable information and the criminal
penalties that apply to unauthorized access to, or disclosure of,
personally identifiable information. See 5 U.S.C. 552a(i)(l).
Furthermore, employees and contractors with access to databases
maintaining personally identifiable information must sign a sanction
document annually, acknowledging their accountability for
inappropriately accessing or disclosing such information.
Retention and disposal:
For purposes of records management dispositions authority, we
follow the NARA and Department of Defense (DOD) 5015.2 regulations (DOD
Design Criteria Standard for Electronic Records Management Software
Applications). We will destroy paper and electronic records three years
after the final action is taken.
System manager(s) and address(es):
Deputy Commissioner for Budget, Finance and Management, Social
Security Administration, 6401 Security Boulevard, Baltimore, MD 21235.
Notification procedures:
Persons can determine if this system contains a record about them
by writing to the system manager at the above address to verify their
identity or they must certify in the request that they are the person
they claim to be and understand that the knowing and willful request
for, or acquisition of, a record pertaining to another person under
false pretenses is a criminal offense.
Persons requesting notification of records in person should provide
the same information, as well as provide an identity document,
preferably with a photograph, such as a driver's license. Persons
lacking identification documents sufficient to establish their identity
must certify in writing that they are the person they claim to be and
that they understand that the knowing and willful request for, or
acquisition of, a record pertaining to another person under false
pretenses is a criminal offense.
Persons requesting notification by telephone must verify their
identity by providing identifying information that parallels the
information in the record about which they are requesting notification.
If we determine that the identifying information the person provides by
telephone is insufficient, we will require the person to submit a
request in writing or in person. If a person requests information by
telephone on behalf of another person, the subject person must be on
the telephone with the requesting person and us in the same phone call.
We will establish the subject person's identity (his or her name, SSN,
address, date of birth, and place of birth, along with one other piece
of information such as mother's maiden name) and ask for his or her
consent to provide information to the requesting person. These
procedures are in accordance with SSA Regulations (20 CFR 401.40 and
401.45).
Record access procedures:
Same as notification procedures. Requesters also should reasonably
specify the record contents they are seeking. These procedures are in
accordance with SSA Regulations (20 CFR 401.40(c)).
Contesting record procedures:
Same as notification procedures. Persons also should reasonably
identify the record, specify the information they are contesting, and
state the corrective action sought and the reasons for the correction
with supporting justification showing how the record is incomplete,
untimely, inaccurate, or irrelevant. These procedures are in accordance
with SSA Regulations (20 CFR 401.65(a)).
Record source categories:
We obtain information covered by the Appointed Representative File
system of records from claimant representatives and SSA records, such
as the Master Beneficiary Record, Supplemental Security Record, and
Master Files of Social Security Number (SSN) Holders and SSN
Applications.
Exemptions claimed for the system:
None.
[FR Doc. E9-24275 Filed 10-7-09; 8:45 am]
BILLING CODE P