[Federal Register Volume 70, Number 15 (Tuesday, January 25, 2005)]
[Notices]
[Pages 3571-3574]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 05-1251]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974; as Amended New System of Records and New 
Routine Use Disclosures

AGENCY: Social Security Administration (SSA).

ACTION: Proposed new system of records and proposed routine uses.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and 
(e)(11)), we are issuing public notice of our intent to establish a new 
system of records entitled Electronic Freedom of Information Act 
(eFOIA) System, 60-0340, and routine uses applicable to this system of 
records. The proposed system of records will consist of Freedom of 
Information Act (FOIA) initial requests from individuals and groups of 
individuals and replies from SSA's Freedom of Information Officer; FOIA 
appeals and replies to those appeals; and information associated with 
FOIA initial and appeal requests (e.g., copies of records disclosed or 
withheld). We invite public comments on this proposal.

DATES: We filed a report of the proposed new system of records and 
proposed routine use disclosures with the Chairman of the Senate 
Committee on Homeland Security and Governmental Affairs, the Chairman 
of the House Committee on Government Reform, and the Director, Office 
of Information and Regulatory Affairs, Office of Management and Budget 
(OMB) on January 11, 2005. The proposed system of records and routine 
uses will become effective on February 20, 2005, unless we receive 
comments warranting it not to become effective.

ADDRESSES: Interested individuals may comment on this publication by 
writing to the Executive Director, Office of Public Disclosure, Office 
of the General Counsel, Social Security Administration, Room 3-A-6 
Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235-6401. All comments received will be available for public 
inspection at the above address.

FOR FURTHER INFORMATION CONTACT: Ms. Linda Thibodeaux, Lead Social 
Insurance Specialist, Strategic Issues Team, Office of Public 
Disclosure, Office of the General Counsel, Social Security 
Administration, Room 3-A-6 Operations Building, 6401 Security 
Boulevard, Baltimore, Maryland 21235, e-mail address at 
[email protected], or by telephone at (410) 965-9821.

SUPPLEMENTARY INFORMATION:

I. Background and Purpose of the Proposed eFOIA System

A. General Background

    The Social Security Administration's Freedom of Information Act 
(FOIA) workload has increased rapidly in the last several years and is 
expected to continue increasing in volume. The existing system that is 
used to control and process this workload is antiquated and was not 
designed to interface with other systems that support the functionality 
of the eFOIA System. The proposed eFOIA System is an Internet Web-based 
integrated system that will afford the public an opportunity to make 
FOIA requests via the Internet and uses the Department of Treasury's 
pay.gov service to provide the customer with a fast and effective means 
to pay his or her FOIA fees. In addition, one system allows SSA staff 
to keep current with the growing FOIA workload and more fully comply 
with the provisions of the Electronic Freedom of Information Act 
Amendments of 1996 that amended the FOIA.

B. Collection and Maintenance of the Data for the Proposed New System 
of Records Entitled the eFOIA System

    The information that SSA will collect and maintain in the eFOIA 
System will consist of initial FOIA requests from individuals or groups 
of individuals to SSA's Freedom of Information Officer and copies of 
replies to those requests; copies of FOIA appeal requests; and 
information SSA generates in responding to FOIA initial and appeal 
requests. The information maintained in the proposed eFOIA System will 
be maintained in electronic formats and will include information on all 
FOIA requests. Specifically, it will contain: (1) The requester's name, 
address, control number, and subject matter of the request; (2) 
incoming request; (3) replies to the request; (4) appeals based on the 
replies; and (4) replies to the appeals. We will retrieve information 
from the proposed eFOIA System by using the individual's name and/or 
address, control number assigned to the incoming request and subsequent 
correspondence or subject matter area. Thus the eFOIA System will 
constitute a system of records under the Privacy Act.

II. Proposed Routine Use Disclosures of Data Maintained in the Proposed 
eFOIA System

A. Proposed Routine Use Disclosures

    We are proposing to establish routine uses of information that will 
be

[[Page 3572]]

maintained in the proposed eFOIA System as discussed below.
    1. To the Office of the President for the purpose of responding to 
an individual pursuant to an inquiry received from that individual or 
from a third party on his or her behalf.
    We will disclose information under this routine use only in 
situations in which an individual may contact the Office of the 
President, seeking that Office's assistance in a matter relating to 
information contained in this system of records. Information will be 
disclosed when the Office of the President makes an inquiry and 
indicates that it is acting on behalf of the individual whose record is 
requested.
    2. To a congressional office in response to an inquiry from that 
office made at the request of the subject of a record.
    We will disclose information under this routine use only in 
situations in which an individual may ask his or her congressional 
representative to intercede in a matter relating to information 
contained in this system of records. Information will be disclosed when 
the congressional representative makes an inquiry and indicates that he 
or she is acting on behalf of the individual whose record is requested.
    3. To the Internal Revenue Service (IRS), as necessary for the 
purpose of auditing SSA's compliance with safeguard provisions of the 
Internal Revenue Code (IRC) of 1986, as amended.
    We will disclose information under this routine use only as 
necessary to enable the IRS to audit SSA's compliance with the 
safeguard provisions of the IRC of 1986, as amended.
    4. To the Department of Justice (DOJ) to defend SSA in FOIA 
litigation involving a record maintained in this system of records.
    We will disclose information under this routine use only to DOJ as 
necessary to defend SSA when a member of the public files suit against 
SSA under the FOIA.
    5. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such tribunal when:
    (a) SSA, or any component thereof; or
    (b) any SSA employee in his/her official capacity; or
    (c) any SSA employee in his/her individual capacity where DOJ (or 
SSA where it is authorized to do so) has agreed to represent the 
employee; or
    (d) the United States or any agency thereof where SSA determines 
that the litigation is likely to affect the operation of SSA or any of 
its components, is a party to litigation or has an interest in such 
litigation, and SSA determines that the use of such records by DOJ, a 
court or other tribunal, or another party before such tribunal, is 
relevant and necessary to the litigation, provided, however, that in 
each case, SSA determines that such disclosure is compatible with the 
purpose for which the records were collected.
    We will disclose information under this routine use only as 
necessary to enable DOJ to effectively defend SSA, its components or 
employees, in litigation involving the proposed new system of records 
and ensure that courts and other tribunals have appropriate 
information.
    6. Non-tax return information which is not restricted from 
disclosure by Federal law may be disclosed to the General Services 
Administration (GSA) and the National Archives and Records 
Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by NARA 
Act of 1984, for the use of those agencies in conducting records 
management studies.
    The Administrator of GSA and the Archivist of NARA are charged by 
44 U.S.C. 2904, as amended, with promulgating standards, procedures and 
guidelines regarding record management and conducting records 
management studies. 44 U.S.C. 2906, as amended, provides that GSA and 
NARA are to have access to Federal agencies' records and that agencies 
are to cooperate with GSA and NARA. In carrying out these 
responsibilities, it may be necessary for GSA and NARA to have access 
to this proposed system of records. In such instances, the routine use 
will facilitate disclosure.
    7. To student volunteers, individuals working under a personal 
service contract, and other individuals performing functions for SSA 
but technically not having the status of Agency employees, if they need 
access to the records in order to perform their assigned agency 
functions.
    Under certain Federal statutes, SSA is authorized to use the 
service of volunteers and participants in certain educational, 
training, employment and community service programs. Examples of such 
statutes and programs include: 5 U.S.C. 3111 regarding student 
volunteers and 42 U.S.C. 2753 regarding the College Work-Study Program. 
We contemplate disclosing information under this routine use only when 
SSA uses the services of these individuals, and they need access to 
information in this system to perform their assigned Agency duties.
    8. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary:
     To enable them to protect the safety of SSA employees and 
customers, the security of the SSA workplace, and the operation of SSA 
facilities, or
     To assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of SSA facilities.
    We will disclose information under this routine use to law 
enforcement agencies and private security contractors when information 
is needed to respond to, investigate, or prevent, activities that 
jeopardize the security and safety of SSA customers, employees or 
workplaces or that otherwise disrupt the operation of SSA facilities. 
Information would also be disclosed to assist in the prosecution of 
persons charged with violating Federal or local law in connection with 
such activities.
    9. To contractors and other Federal agencies, as necessary, for the 
purpose of assisting SSA in the efficient administration of its 
programs. We contemplate disclosing information under this routine use 
only in situations in which SSA may enter into a contractual or similar 
agreement with a third party to assist in accomplishing an Agency 
function relating to this system of records.
    We will disclose information under this routine use only in 
situations in which SSA may enter into a contractual agreement or 
similar agreement with a third party to assist in accomplishing an 
Agency function relating to this system of records.
    10. The Commissioner shall disclose to the Secretary of Health and 
Human Services (HHS), or to any State, any record or information 
requested in writing by the Secretary to be so disclosed for the 
purpose of administering any program administered by the Secretary, if 
records or information of such type were so disclosed under applicable 
rules, regulations and procedures in effect before the date of 
enactment of the Social Security Independence and Program Improvements 
Act of 1994.
    We will disclose information under this routine use only when the 
records or information of such type were so disclosed under applicable 
rules, regulations and procedures that were in effect prior to SSA 
becoming independent of HHS.

B. Compatibility of Proposed Routine Uses

    The Privacy Act (5 U.S.C. 552a(b)(3)) and our disclosure 
regulations (20 CFR part 401) permit us to disclose

[[Page 3573]]

information under a published routine use for a purpose that is 
compatible with the purpose for which we collected the information. 
Section 401.150(c) of SSA Regulations permits us to disclose 
information under a routine use where necessary to carry out SSA 
programs. SSA Regulations at Sec. 401.120 provide that we will disclose 
information when a law specifically requires the disclosure. The 
proposed routine uses numbered 1 through 5 and 7 through 10 above will 
ensure SSA's efficient administration of the FOIA. The disclosure that 
would be made under routine use number 6 is required by Federal law. 
Thus, all routine uses are appropriate and meet the relevant statutory 
and regulatory criteria.

III. Records Storage Medium and Safeguards for the Proposed New System 
Entitled the eFOIA System

    SSA will maintain information in the eFOIA System in electronic 
form. Only authorized SSA and contractor personnel who have a need for 
the information in the performance of their official duties will be 
permitted access to the information. We will safeguard the security of 
the information by requiring the use of access codes to enter the 
computer system that will maintain the data and will store computerized 
records in secured areas that are accessible only to employees who 
require the information to perform their official duties.
    Contractor personnel having access to data in the proposed system 
of records will be required to adhere to SSA rules concerning 
safeguards, access and use of the data.
    SSA and contractor personnel having access to the data on this 
system will be informed of the criminal penalties of the Privacy Act 
for unauthorized access to, or disclosure of, information maintained in 
this system. See 5 U.S.C. Sec. 552a(i)(1).

IV. Effect of the Proposed eFOIA System on the Rights of Individuals

    Members of the public have the right under the FOIA to request 
information from Federal agencies. The proposed eFOIA System will 
enable SSA to more effectively and efficiently respond to requesters of 
information and manage SSA's Freedom of Information workload, thereby 
ensuring that individuals' rights under the FOIA are not abridged. 
Additionally, SSA will adhere to all applicable provisions of the 
Privacy Act, and other Federal statutes, that govern our use and 
disclosure of the information that will be maintained in the proposed 
eFOIA System. Thus, we do not anticipate that this proposed system of 
records will have any unwarranted adverse effect on the privacy or 
other rights of individuals who will be covered by the eFOIA System.

    Dated: January 11, 2005.
Jo Anne B. Barnhart,
Commissioner.
Social Security Administration (SSA) Notice of System of Records 
Required by the Privacy Act of 1974; as Amended

System Number:
    60-0340.

System Name:
    Electronic Freedom of Information Act (eFOIA) System, SSA/OGC/OPD.

Security Classification:
    None.

System Location:
    Office of Public Disclosure, Office of the General Counsel, Social 
Security Administration, 6401 Security Boulevard, Baltimore, Maryland 
21235-6401.

Categories of Individuals Covered by the System:
    Individuals, or groups of individuals, who write to the Freedom of 
Information Officer, Social Security Administration.

Categories of Records in the System:
    Copies of Freedom of Information Act (FOIA) initial requests from 
individuals and groups of individuals and replies from SSA's Freedom of 
Information Officer; FOIA appeals and replies to those appeals; and SSA 
records that relate to initial and appeal requests (e.g., copies of 
records that are disclosed and withheld).

Authority for Maintenance of the System:
    The Freedom of Information Act (5 U.S.C. 552).

Purpose(s):
    This system will be used to manage the Agency's FOIA workload. This 
includes assigning work, processing work electronically, tracking the 
status of assignments and providing management information reports 
relating to the FOIA requests received by SSA.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and the Purpose of Such Uses:
    Disclosure may be made for routine uses as indicated below. 
However, disclosure of any information defined as ``return or return 
information'' under 26 U.S.C. 6103 of the Internal Revenue Code (IRC) 
will not be made unless authorized by a statute, the Internal Revenue 
Service (IRS), or IRS regulations.
    1. To the Office of the President for the purpose of responding to 
an individual pursuant to an inquiry received from that individual or 
from a third party on his or her behalf.
    2. To a congressional office in response to an inquiry from that 
office made at the request of the subject of a record.
    3. To the Internal Revenue Service (IRS), as necessary, for the 
purpose of auditing SSA's compliance with safeguard provisions of the 
Internal Revenue Code (IRC) of 1986, as amended.
    4. To the Department of Justice (DOJ) to defend SSA in FOIA 
litigation involving a record maintained in this system of records.
    5. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such tribunal when:
    a. SSA, any component thereof; or
    b. Any SSA employee in his/her official capacity; or
    c. Any SSA employee in his/her individual capacity where DOJ (or 
SSA where it is authorized to do so) has agreed to represent the 
employee; or
    d. The United States or any agency thereof where SSA determines 
that the litigation is likely to affect the operations of SSA or any of 
its components, is a party to litigation or has an interest in such 
litigation, and SSA determines that the use of such records by DOJ, a 
court or other tribunal, or another party before such tribunal, is 
relevant and necessary to the litigation, provided, however, that in 
each case, SSA determines that such disclosure is compatible with the 
purpose for which the records were collected.
    Disclosure of any information defined as ``returns or return 
information'' under 26 U.S.C. 6103 of the Internal Revenue Code (IRC) 
will not be made unless authorized by a statute, the Internal Revenue 
Service (IRS), or IRS regulations.
    6. Non-tax return information which is not restricted from 
disclosure by Federal law may be disclosed to the General Services 
Administration (GSA) and the National Archives and Records 
Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by NARA 
Act of 1984, for the use of those agencies in conducting records 
management studies.
    7. To student volunteers, individuals working under a personal 
service contract, and other individuals performing functions for SSA 
but technically not having the status of Agency employees, if they need 
access

[[Page 3574]]

to the records in order to perform their assigned Agency functions.
    8. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary:
    a. To enable them to protect the safety of SSA employees and 
customers, the security of the SSA workplace, and the operation of SSA 
facilities, or
    b. To assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of SSA facilities.
    9. To contractors and other Federal agencies, as necessary, for the 
purpose of assisting SSA in the efficient administration of its 
programs. We contemplate disclosing information under this routine use 
only in situations in which SSA may enter into a contractual or similar 
agreement with a third party to assist in accomplishing an Agency 
function relating to this system of records.
    10. The Commissioner shall disclose to the Secretary of Health and 
Human Services (HHS), or to any State, any record or information 
requested in writing by the Secretary to be so disclosed for the 
purpose of administering any program administered by the Secretary, if 
records or information of such type were so disclosed under applicable 
rules, regulations and procedures in effect before the date of 
enactment of the Social Security Independence and Program Improvements 
Act of 1994.

Policies and Practices for Storing, Retrieving, Accessing, Retaining 
and Disposing of Records in the System:
Storage:
    Records in this system are maintained and stored in electronic 
form.

Retrievability:
    Records in this system are retrieved by a requester's or third 
party's first name, last name, Social Security Number (SSN), subject 
matter, or control number.

Safeguards:
    Security measures include the use of access codes to enter the 
computer system which will maintain the data, the storage of 
computerized records in secured areas which are accessible only to 
employees who require the information in performing their official 
duties. Any manually maintained records will be kept in locked cabinets 
or in otherwise secure areas. SSA employees who have access to the data 
will be informed of the criminal penalties of the Privacy Act for 
unauthorized access to or disclosure of information maintained in the 
system. See 5 U.S.C. 552a(i)(1).
    Contractor personnel having access to data in the system of records 
will be required to adhere to SSA rules concerning safeguards, access 
and use of the data.

Retention and Disposal:
    Any document related to a FOIA request that has been denied will be 
retained (stored electronically) for six years from the response date. 
Requests that have been granted will be retained for two years from the 
response date. When the time period has elapsed, the case will be 
deleted provided (1) it is a closed case and (2) there are no open 
cases linked to that case. If the case is still open or linked to 
another open case, deletion will be delayed until closure of all cases 
involved.

System Manager(s):
    Freedom of Information Officer, Office of Public Disclosure, Office 
of the General Counsel, Social Security Administration, 6401 Security 
Boulevard, Baltimore, Maryland 21235-6401.

Notification Procedure(s):
    An individual can determine if this system contains a record about 
him/her by writing to the systems manager(s) at the above address and 
providing his/her name, SSN or other information that may be in the 
system of records that will identify him/her. An individual requesting 
notification of records in person should provide the same information, 
as well as provide an identity document, preferably with a photograph, 
such as a driver's license or some other means of identification. If an 
individual does not have any identification documents sufficient to 
establish his/her identity, the individual must certify in writing that 
he/she is the person claimed to be and that he/she understands that the 
knowing and willful request for, or acquisition of, a record pertaining 
to another individual under false pretenses is a criminal offense.
    If notification is requested by telephone, an individual must 
verify his/her identity by providing name, SSN, address, date of birth, 
place of birth, and at least one other piece of identifying information 
that parallels the record to which notification is being requested. If 
it is determined that the identifying information provided by telephone 
is insufficient, the individual will be required to submit a request in 
writing or in person. If an individual is requesting information by 
telephone on behalf of another individual, the subject individual must 
be connected with SSA and the requesting individual in the same phone 
call. SSA will establish the subject individual's identity (his/her 
name, SSN, address, date of birth and place of birth along with one 
other piece of information such as mother's maiden name) and ask for 
his/her permission to provide the information to the requesting 
individual.
    If a request for notification is submitted by mail, an individual 
must include a notarized statement to SSA to verify his/her identity or 
must certify in the request that he/she is the person claimed to be and 
that he/she understands that the knowing and willful request for, or 
acquisition of, a record pertaining to another individual under false 
pretenses is a criminal offense. These procedures are in accordance 
with SSA Regulations (20 CFR 401.40).

Record Access Procedure(s):
    Same as Notification procedures. Requesters also should reasonably 
specify the record contents they are seeking. These procedures are in 
accordance with SSA Regulations (20 CFR 401.50).

Contesting Record Procedure(s):
    Same as Notification procedures. Requesters should also reasonably 
identify the record, specify the information they are contesting, and 
state the corrective action sought and the reasons for the correction 
with supporting justification showing how the record is untimely, 
incomplete, inaccurate, or irrelevant. These procedures are in 
accordance with SSA Regulations (20 CFR 401.65).

Record Source Categories:
    Information is furnished by the inquirer and generated by SSA in 
response to FOIA requests.

Systems Exempt From Certain Provisions of the Privacy Act:
    None.
[FR Doc. 05-1251 Filed 1-24-05; 8:45 am]
BILLING CODE 4191-02-P