[Federal Register Volume 66, Number 146 (Monday, July 30, 2001)]
[Notices]
[Pages 39376-39377]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 01-18907]



[[Page 39376]]

=======================================================================
-----------------------------------------------------------------------

RAILROAD RETIREMENT BOARD


Privacy Act of 1974; Proposed Changes to Systems of Records

AGENCY: Railroad Retirement Board.

ACTION: Notice of proposed new system of records.

-----------------------------------------------------------------------

SUMMARY: The purpose of this document is to give notice of a proposed 
new Privacy Act system of records, RRB-51, Railroad Retirement Board's 
Customer PIN/Password (PPW) Master File System.

DATES: The proposed new system of records shall become effective as 
proposed without further notice on September 10, 2001. Unless comments 
are received before this date which would result in a contrary 
determination.

ADDRESSES: Send comments to Beatrice Ezerski, Secretary to the Board, 
Railroad Retirement Board, 844 North Rush Street, Chicago, Illinois 
60611-2092.

FOR FURTHER INFORMATION CONTACT: LeRoy Blommaert, Privacy Act Officer, 
Railroad Retirement Board, 844 North Rush Street, Chicago, Illinois 
60611-2092, (312) 751-4548.

SUPPLEMENTARY INFORMATION: The proposed Customer PPW Master File System 
will maintain information collected for use in connection with RRB's 
implementation of a personal identification number (PIN)/Password 
system that allows RRB program applicants, claimants, annuitants and 
other customers to transact business with the RRB in an electronic 
business environment.

Background and Purpose of the Proposed System

    The Railroad Retirement Board has a number of electronic 
initiatives underway that support the government mandate directing 
federal agencies to use information technology to offer more efficient 
and accessible service to the public. To support some of its electronic 
initiatives, the RRB, using SSA's system as a model, is creating the 
PPW infrastructure that will allow customers to conduct transactions 
with RRB on a routine basis through the Internet. The PPW 
infrastructure will enable RRB to offer customers a specific suite of 
services that require a PIN/Password system. Using a PPW process, our 
customers will be able to apply for RRB program benefits or view and 
possibly change certain personal record information, such as mailing 
address, through secure online transactions.
    Customers must elect (opt-in) to use the PPW process to conduct 
electronic transactions with RRB. Those who opt-in may include certain 
classes of applicants for RRB benefits, current beneficiaries in pay or 
non-pay status and certain other customers who choose these electronic 
service delivery options to conduct business with RRB. Customers who 
initially choose to use the PPW process may later elect out (opt-out) 
of the system by requesting RRB to block access to their records. RRB 
would disable the PPW capabilities to the records of customers making 
this request, thus blocking any access to the record.

Establishment of the PPW Infrastructure

    The RRB first identified and developed the underlying principles to 
support a PPW business process. These principles intentionally focused 
on the framework to implement a successful PPW process in the various 
electronic applications RRB develops for customer service initiatives. 
For example, the PPW infrastructure is designed to:
    Support all direct customer service delivery by RRB;
    Maximize the level of automation involved in assigning, 
maintaining, and using the PPW services; and
    Minimize the manual intervention of RRB employees in the PPW 
process.

RRB also established authentication requirements for its electronic 
application and transaction processes that the PPW infrastructure is 
designed to support. These authentication requirements allow RRB to 
verify the identify of users on the Internet. The process for RRB 
customers to obtain passwords and the corresponding authentication 
required to use these passwords for a determined set of electronic 
services share a number of principles:
    (1) Customers must opt-in to the PPW process by indicating to RRB 
their interest in establishing a password;
    (2) A customer must have a Password Request Code (PRC) to begin the 
process of establishing a password. A PRC has one purpose--to identify 
a customer who may wish to establish a password.
    (3) PRCs will be electronically generated and assigned to customers 
by RRB and will be accessible only to a limited number of RRB system 
employees who maintain the PPW system.
    (4) PRCs will be sent to customers through the US mail.
RRB-5

System Name:
    RRB-51, Railroad Retirement Board's Customer PIN/Password (PPW) 
Master File System.

System Location
    U.S. Railroad Retirement Board, 844 North Rush Street, Chicago, 
Illinois 60611-2092.

Categories of Individuals Covered by the System:
    All RRB customers (applicants, claimants, annuitants and other 
customers) who elect to conduct transactions with RRB in an electronic 
business environment that requires the PPW infrastructure, as well as 
those customers who elect to block PPW access to RRB electronic 
transactions by requesting RRB to disable their PPW capabilities.

Categories of Records in the System:
    The information includes identifying information such as the 
customer's name, Social Security number (which functions as the 
individual's personal identification number (PIN)) and mailing address. 
The system also maintains the customer's Password Request Code (PRC), 
the password itself, and the authorization level and associated data 
(e.g. effective date of authorization).

Authority for Maintenance of the System:
    Section 2(b)(6) of the Railroad Retirement Act, 45 U.S.C. 
231f(b)(6); and the Government Paperwork Elimination Act.
    On July 20, 2001, the Railroad Retirement Board filed a new system 
report for this system with the House Committee on Government 
Operations, the Senate Committee on Governmental Affairs, and the 
Office of Management and Budget. This was done to comply with Section 3 
of the Privacy Act of 1974 and OMB Circular No. A-130, Appendix I.

    By authority of the Board.
Beatirce Ezerski,
Secretary of the Board.

  

Purpose(s):
    The purpose of this system is to enable RRB customers who wish to 
conduct business with the RRB to do so in a secure environment.

Routine Uses of Records Maintained in the System; including Categories 
of Users and the Purposes of such Uses:
    a. Records may be released to agency employees on a need to know 
basis.
    b. Relevant records relating to an individual may be disclosed to a 
congressional office in response to an inquiry from the congressional 
office made at the request of that individual.
    c. Relevant information may be disclosed to the Office of the 
President

[[Page 39377]]

for responding to an individual pursuant to an inquiry from that 
individual or from a third party in his/her behalf.
    d. Relevant records may be disclosed to representatives of the 
General Services Administration or the National Archives and Records 
Administration who are conducting records management inspections under 
the authority of 44 U.S.C. 2904 and 2906.
    e. Records may be disclosed in response to a request for discovery 
or for the appearance of a witness, to the extent that what is 
disclosed is relevant to the subject matter involved in a pending 
judicial or administrative proceeding and provided that the disclosure 
would be clearly in the furtherance of the interest of the subject 
individual.
    f. Records may be disclosed in a proceeding before a court or 
adjudicative body to the extent that they are relevant and necessary to 
the proceeding and provided that the disclosure would be clearly in the 
furtherance of the interest of the subject individual.
    g. In the event that material in this system indicates a violation 
of law, whether civil, criminal, or regulatory in nature, and whether 
arising by general statute, or by regulation, rule, or order issued 
pursuant thereto, the relevant records may be disclosed to the 
appropriate agency, whether Federal, State, local or foreign, charged 
with the responsibility of investigating or prosecuting such violation 
or charged with enforcing or implementing the statue, rule, regulation, 
or order issued pursuant thereto, provided that disclosure would be to 
an agency engaged in functions related to the administration of the 
Railroad Retirement Act or the Railroad Unemployment Insurance Act or 
provided that disclosure would be clearly in the furtherance of the 
interest of the subject individual.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, 
and Disposing of Records in the System:
Storage:
    Electronic and paper form.

Retrievability:
    Name and Social Security number (which acts as the individual's 
PIN).

Safeguards:
    When not in use by an authorized person, paper records are stored 
in lockable cabinets in a building with security cameras and 24-hour 
security guards. Access to electronic records requires the use of 
restricted passwords.

Retention and disposal:
    These records will be maintained permanently until their official 
retention period is established.

System manager(s) and address:
    Office of Programs--Director of Policy and Systems, U.S. Railroad 
Retirement Board, 844 North Rush Street, Chicago, Illinois 60611-2092.

Notification procedure:
    Requests for information regarding an individual's record should be 
in writing addressed to the Systems Manager identified above, including 
the full name and social security number of the individual. Before 
information about any record will be released, the System Manager may 
require the individual to provide proof of identity or require the 
requester to furnish an authorization from the individual to permit 
release of information.

Record Access Procedures:
    See Notification section above.

Contesting Record Procedures:
    See Notification section above.

Record Source Categories:
    Data for the system are obtained primarily from the individuals to 
whom the record pertains.

Systems Exempted From Certain Provisions of the Act:
    None.

[FR Doc. 01-18907 Filed 7-27-01; 8:45 am]
BILLING CODE 7905-01-M