[Federal Register Volume 72, Number 241 (Monday, December 17, 2007)]
[Notices]
[Pages 71470-71474]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E7-24391]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974, as Amended; Alterations to Existing System 
of Records, Including New Routine Use

AGENCY: Social Security Administration (SSA).

[[Page 71471]]


ACTION: Altered System of Records and New Routine Use.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and 
(e)(11)), we are issuing public notice of our intent to alter an 
existing system of records entitled, the Visitor Intake Process/
Customer Service Record (VIP/CSR) System, 60-0350. The proposed 
alterations will result in the following changes to the VIP/CSR System:
    (1) Expansion of the categories of individuals covered by the VIP/
CSR System;
    (2) Expansion of the categories of records maintained in the VIP/
CSR System;
    (3) Expansion of the purposes for which we use the VIP/CSR System; 
and
    (4) Amendment of the record source categories covered by the VIP/
CSR System.
    We are also establishing a new routine use for disclosure of 
information maintained in the VIP/CSR System.
    The proposed alterations and new routine use are discussed in the 
SUPPLEMENTARY INFORMATION section below. We invite public comment on 
this proposal.

DATES: We filed a report of the proposed alterations and new routine 
use disclosure with the Chairman of the Senate Committee on Homeland 
Security and Governmental Affairs, the Chairman of the House Committee 
on Government Reform, and the Director, Office of Information and 
Regulatory Affairs, Office of Management and Budget (OMB) on November 
13, 2007. The proposed altered system of records, including the 
proposed new routine use applicable to the system, will become 
effective on December 23, 2007, unless we receive comments warranting 
them not to become effective.

ADDRESSES: Interested individuals may comment on this publication by 
writing to the Deputy Executive Director, Office of Public Disclosure, 
Office of the General Counsel, Social Security Administration, Room 3-
A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235-6401. All comments received will be available for public 
inspection at the above address.

FOR FURTHER INFORMATION CONTACT: Contact Earlene Whitworth Hill, Social 
Insurance Specialist, Office of Public Disclosure, Office of the 
General Counsel, Social Security Administration, in Room 3-A-6 
Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235-6401, telephone at (410) 965-1817, e-mail: 
[email protected].

SUPPLEMENTARY INFORMATION:

I. Background and Purpose of the Proposed Alterations to the VIP/CSR 
System of Records

A. General Background

    Social Security provides a variety of services to the general 
public in connection with various programs under the Social Security 
Act. This activity requires personal interaction between our employees 
and the public on many occasions. We originally published a notice of 
the VIP/CSR System in the Federal Register (FR) at 67 FR 63489 on 
October 11, 2002. At that time, we used information in the VIP/CSR 
System for management information and administrative purposes, such as 
tracking scheduled appointments and monitoring visitor information in 
our field offices, and for programmatic purposes associated with 
individuals' claims for benefits under programs we administer. On 
October 13, 2005, we published a notice of alterations and a new 
routine use applicable to the VIP/CSR System at 70 FR 59794. The 
alterations to the VIP/CSR System allowed us to maintain information 
that would alert employees in our offices if a member of the public 
takes action, or threatens to take action, that affects the security 
and safety of our employees, security guards, visitors, facilities, or 
records. We are now making additional alterations to the VIP/CSR System 
as discussed below.

B. Proposed Alterations

    SSA believes that a threat exists to the safety and security of SSA 
employees, security personnel, visitors, and facilities when a 
beneficiary, claimant, attorney or non-attorney representative, or 
representative payee commits, or attempts to commit, a violent crime 
for which a court has issued an arrest warrant and the individual is 
not in the custody of a law enforcement agency, and we reasonably 
believe that the individual will contact SSA for a business-related 
purpose. We consider this to be the case even when an individual has 
not threatened or committed an act of violence directly against one of 
our employees, visitors, or facilities. For example, we could have a 
situation in which a beneficiary commits or attempts to commit a 
violent crime against his Social Security representative payee and an 
arrest warrant is issued for the beneficiary. As a result, it is likely 
that the beneficiary will contact or visit an SSA office somewhere in 
the United States in order to designate a new representative payee. If 
the defendant flees in order to avoid apprehension, he or she may 
contact or visit SSA in order to conduct other business matters such as 
a change of address, change method of payment to direct payment, change 
in direct deposit, payment of an underpayment, payment of benefit 
check, or to act on a scheduled appointment. Such contact could pose a 
threat to anyone present in the office, as well as the facility itself.
    To assist us in protecting the safety and security of our 
employees, visitors, and facilities, we have developed a VIP/CSR System 
High Risk Alert functionality that will alert our offices about these 
potentially dangerous situations. We will maintain information about 
individuals only when:
     A court has issued an arrest warrant for the individual 
who is charged with committing, or attempting to commit, a violent 
crime and he or she is not in the custody of law enforcement 
authorities; and
     SSA management officials have a reasonable expectation 
that the individual will visit or contact us for a business matter 
(e.g., request a change of address, change of representative payee, 
direct payment of benefits, change in direct deposit, payment of an 
underpayment, payment of a benefit check, or the individual has a 
scheduled appointment); and
     SSA management officials have verified the identity of the 
individual who is under investigation with law enforcement and have 
determined that this individual is the same individual with whom we may 
have contact.
    Since we want to ensure that information is entered into the VIP/
CSR System only as we describe above, before we enter information into 
the system, the appropriate Social Security field office (FO) manager, 
Area Director, and Assistant Regional Commissioner, Management and 
Operations Support, will be required to review the facts to determine 
if the case meets the criteria listed above. Once our management 
concludes that all factors are present, the case will be entered in the 
VIP/CSR System as a High Risk Alert.
    Once information is entered in the VIP/CSR System, at a minimum, 
the FO manager will confirm, every 30 days with the appropriate law 
enforcement officials who have jurisdiction over the case, that the 
individual identified still presents a danger to SSA employees, 
visitors, or facilities. If it is determined that the individual no 
longer presents a danger, the High Risk Alert will be deleted. 
Situations that would meet the criteria for deletion are:
     The individual is in the custody of law enforcement; or

[[Page 71472]]

     The individual is no longer a suspect or has been 
exonerated; or
     The individual is deceased.
    The SSA Regional Center for Security and Integrity and the Division 
of Systems Security and Program Integrity will maintain a list of all 
High Risk Alert cases that have been entered into VIP/CSR System and 
will monitor the list to ensure that we are regularly reviewing cases.
    We will issue operating instructions for our management officials' 
use to ensure that the changes to the VIP/CSR System are implemented as 
we describe above.
    Before we can implement the changes discussed above, we must make 
the following alterations to the VIP/CSR System:
    i. Amend the categories of individuals section of the notice of the 
VIP/CSR System to include our beneficiaries, claimants, attorney or 
non-attorney representatives, or representative payees who commit, or 
attempt to commit, a violent crime, have an outstanding arrest warrant, 
and who we reasonably believe will attempt to contact one of our 
facilities to conduct program business;
    ii. Amend the categories of records section of the notice of the 
VIP/CSR System to include a High Risk Alert indicator and identifying 
information about the individuals described in item B.i above, such as 
their name and/or Social Security number (SSN), date of birth, 
information pertaining to the specific nature of the crime, and 
information pertaining to the date, time, and the location of the 
crime;
    iii. Amend the purpose(s) section of the notice of the VIP/CSR 
System to describe that we will use information in the VIP/CSR System 
for the purposes described in items B.i and B.ii above; and
    iv. Amend the record source categories section of the notice of the 
VIP/CSR System to identify law enforcement officials as the source of 
the warrant information that will be maintained in the VIP/CSR System.

II. New Routine Use

A. Discussion

    As described above, we will maintain information in the VIP/CSR 
System about the new category of individuals (i.e., claimants, 
beneficiaries, attorney or non-attorney representatives, or 
representative payees) who commits, or attempts to commit, a violent 
crime, have an outstanding arrest warrant, and who we reasonably 
believe will attempt to contact one of our facilities to conduct 
program business, only as long as the individual poses a threat to the 
security and safety of our employees, visitors to our offices, and our 
facilities. As discussed above, at a minimum, the FO manager will 
confirm every 30 days with the law enforcement officials who have 
jurisdiction over the cases that the individual identified still 
presents a danger to our employees, visitors, or facilities. This 
confirmation will require us to disclose some basic information about 
the individual for whom the warrant was issued. To comply with the 
Privacy Act, we are establishing the following routine use, which 
appears as routine use number 8 in the notice of the VIP/CSR System 
below. The routine use provides for disclosure:

    To the appropriate law enforcement official, the Social Security 
Administration (SSA) may disclose information regarding a Social 
Security beneficiary, claimant, attorney or non-attorney 
representative, or representative payee who is the subject of an 
outstanding arrest warrant for having committed, or having attempted 
to commit, a violent crime for the purposes of determining whether 
SSA should include an individual's information in the VIP/CSR System 
or remove an individual's information from the system because he/she 
no longer meets the criteria (i.e., the individual is in the custody 
of law enforcement, is no longer a suspect or has been exonerated, 
or is deceased).

B. Compatibility of Routine Use

    The Privacy Act (5 U.S.C. 552a(a)(7) and (b)(3)) and SSA's 
disclosure regulation (20 CFR Part 401) permit us to disclose 
information under a published routine use for a purpose that is 
compatible with the purpose for which we collected the information. 
Section 401.150(c) of the regulation permits us to disclose information 
under a routine use, where necessary, to carry out SSA programs. The 
routine use we are proposing will allow disclosures that assist in 
ensuring that our places of business are safe and secure for both 
customers and employees, and that our employees can perform their 
duties without fear of intimidation or injury. Thus, the routine use is 
appropriate and meets the relevant statutory and regulatory criteria.

III. Housekeeping Change

    We are making the following housekeeping changes to the VIP/CSR 
System notice to make it accurate and up-to-date.
    1. Categories of records in the system: We are revising the wording 
of item 7 in this section so that it clearly identifies to whom the 
records pertain.
    2. Routine uses of records maintained in the system, including 
categories of users and the purposes of such uses: We have revised the 
wording of routine use number 6. We have not made any substantive 
changes to the routine use.
    3. Safeguards: We are deleting the text ``or alternate 
participants,'' which was inadvertently included in this section of the 
notice.
    4. Retention and disposal: We have revised the retention dates so 
that they adhere to the General Records Schedule issued by National 
Archives and Records Administration (NARA).

IV. Effect of the Proposed VIP/CSR System Alterations and Routine Use 
on the Rights of Individuals

    The proposed alterations and routine use applicable to the VIP/CSR 
System will assist us in carrying out our responsibility to protect the 
safety and security of our employees, visitors to Social Security 
offices, and SSA facilities. We will collect, maintain, use, and 
disclose only the minimum information necessary to accomplish this 
purpose. Further, we will adhere to all applicable statutory 
requirements when doing so, including those under the Social Security 
Act and Privacy Act. Thus, we do not anticipate that the alterations 
and routine use will have an unwarranted effect on the rights of 
individuals.

    Dated: November 13, 2007.
Michael J. Astrue,
Commissioner.
SYSTEM NUMBER:
    60-0350.

SYSTEM NAME:
    Visitor Intake Process/Customer Service Record (VIP/CSR) System.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Social Security Administration, Office of Systems, 6401 Security 
Boulevard, Baltimore, Maryland 21235.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system covers visitors to the Social Security Administration 
(SSA) field offices (FO) for various purposes (see ``Purpose(s)'' 
section below); individuals who have threatened an act of violence, 
commit, or attempt to commit, a violent crime against an SSA employee, 
a visitor to any SSA office conducting business or another individual 
accompanying such visitor, or to any SSA office; and SSA beneficiaries, 
claimants, attorney or non-attorney representatives, or representative 
payees who commit, or

[[Page 71473]]

attempt to commit, a violent crime, have an outstanding arrest warrant, 
and who we reasonably believe will attempt to contact one of our 
facilities to conduct program business.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system contains the following information about each visitor:
    (1) Visitor information, such as Social Security number, full name 
and date of birth, when such information is provided by the visitor;
    (2) Visitor information, such as the time the visitor entered and 
left the office, an assigned group number, number of interviews 
associated with the visit and remarks associated with the visit;
    (3) Appointment information, such as date and time of appointment, 
source of appointment and appointment unit number (unit establishing 
appointment);
    (4) Notice information, such as close-out notice type (e.g., title 
II 6-month closeout letter, title XVI SSA-L991) and close-out notice 
date/time when sent;
    (5) Interview information, such as each occurrence, subject of 
interview, estimated waiting time, preferred language, type of 
translator, the number of the interview in the queue, interview 
disposition (e.g., completed, deleted, left without service), interview 
priority, start and ending time and name of interviewer;
    (6) SSN, full name and relationship to claimant or beneficiary, 
when such information is provided;
    (7) ``High Risk'' alert information about individuals who take 
action, or threaten to take action, that affects the security and 
safety of our employees, security guards, visitors, facilities, or 
records; i.e., personal information about the visitor such as name, 
SSN, date of birth, specific nature of the threat or act of violence, 
the date, time, and location of the threat or act of violence;
    (8) Source of the report from the SSA-3114-U4; and
    (9) ``High Risk'' alert information about beneficiaries, claimants, 
attorney or non-attorney representatives, or representative payees who 
commit, or attempt to commit, a violent crime, have an outstanding 
arrest warrant, and who we reasonably believe will attempt to contact 
one of our facilities to conduct program business; i.e., personal 
information about the individuals such as name, SSN, date of birth, 
information pertaining to the specific nature of the crime, and the 
date, time, and location of the crime.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Sections 222, 223, 225, 1611, 1615, 1631 and 1633 of the Social 
Security Act (42 U.S.C. 422, 423, 425, 1382, 1382d, 1383 and 1383b); 
the Federal Records Act of 1950 (Pub. L. 81-754, 64 Stat. 583), as 
amended.

PURPOSE(S):
    Information in VIP/CSR System is used to:
     Provide a means of collecting waiting time data on all in-
office interviews in SSA FOs;
     Provide management information on other aspects of all in-
office interviews in SSA FOs;
     Provide a source for customer service record data 
collection for such interviews and capture discrete data about the 
volume and nature of inquiries to support management decisions in the 
areas of process improvement and resource allocation;
     Provide a means of collecting information about 
individuals who have threatened an act of violence and/or have 
committed an act of violence against an SSA employee, or a visitor to 
any SSA office conducting business, and/or to any SSA office;
     Generate a timely ``High Risk'' alert to alert intake 
employees of an individual who may pose a security risk, including a 
``High Risk'' alert for Social Security beneficiaries, claimants, 
attorney or non-attorney representatives, or representative payees who 
commit, or attempt to commit, a violent crime, have an outstanding 
arrest warrant, and who we reasonably believe will attempt to contact 
one of our facilities to conduct program business;
     Provide a standard approach to ensure the safety of SSA 
employees, visitors, security personnel, and facilities.
    The information collected from visitors to SSA FOs will be used for 
filing claims for benefits under title II, transacting post-entitlement 
actions if currently entitled to benefits under title II, filing claims 
for benefits under title XVI, transacting post-eligibility actions if 
currently eligible for benefits under title XVI, obtaining an SSN, 
transacting other actions related to a SSN, or other actions or queries 
that may require an interview at SSA.
    The information collected from the ``High Risk'' alert will be used 
to advise the intake employees at any SSA office of the potential 
security risk and to use extra caution when dealing with the individual 
who is before them and/or who has scheduled an appointment. The ``High 
Risk'' alert will include personal information about the visitor such 
as name, SSN, date of birth, specific nature of the threat or act of 
violence, and the date, time, and location of the threat or act of 
violence.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Disclosures may be made for routine uses as indicated below.
    1. To the Office of the President for the purpose of responding to 
an individual pursuant to an inquiry received from that individual or 
from a third party on his or her behalf.
    2. To a congressional office in response to an inquiry from that 
office made at the request of the subject of a record.
    3. To the Department of Justice (DOJ), a court, or other tribunal, 
or other party before such tribunal when:
    (a) The Social Security Administration (SSA), or any component 
thereof, or
    (b) Any SSA employee in his or her official capacity; or
    (c) Any SSA employee in his or her individual capacity where DOJ 
(or SSA where it is authorized to do so) has agreed to represent the 
employee; or
    (d) The United States, or any agency thereof, where SSA determines 
that the litigation is likely to affect the operations of SSA or any of 
its components is party to litigation or has an interest in such 
litigation, and SSA determines that the use of such records by DOJ, a 
court, or other tribunal is relevant and necessary to the litigation, 
provided, however, that in each case, SSA determines that such 
disclosure is compatible with the purpose for which the records were 
collected.
    4. To contractors and other Federal agencies, as necessary, to 
assist the Social Security Administration in the efficient 
administration of its programs.
    5. To student volunteers, individuals working under a personal 
services contract, and other individuals performing functions for the 
Social Security Administration, but technically not having the status 
of Agency employees, if they need access to the records in order to 
perform their assigned Agency functions.
    6. To the General Services Administration and National Archives and 
Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended 
by the NARA Act of 1984, information that is not restricted from 
disclosure by Federal law for the use of those agencies in conducting 
records management studies.
    7. To Federal, State, and local law enforcement agencies and 
private security contractors as appropriate, information necessary:
    (a) To enable them to protect the safety of Social Security 
Administration (SSA) employees and customers, the

[[Page 71474]]

security of the SSA workplace and the operation of SSA facilities, or
    (b) To assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupts the operation of SSA facilities.
    8. To the appropriate law enforcement official, the Social Security 
Administration (SSA) may disclose information regarding a Social 
Security beneficiary, claimant, attorney or non-attorney 
representative, or representative payee who is the subject of an 
outstanding arrest warrant for having committed, or having attempted to 
commit, a violent crime for the purposes of determining whether SSA 
should include an individual's information in the VIP/CSR System or 
remove an individual's information from the system because he or she no 
longer meets the criteria (i.e., the individual is in the custody of 
law enforcement, is no longer a suspect or has been exonerated, or is 
deceased).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records in this system are maintained in both electronic and paper 
form (e.g., magnetic tape and disc and microfilm).

RETRIEVABILITY:
    Records in this system will be retrieved by the individual's SSN 
and/or name.

SAFEGUARDS:
    Security measures include the use of access codes to enter in the 
computer system, which will maintain the data and storage of the 
computerized records in secured areas that are accessible only to 
employees who require the information in performing their official 
duties. SSA employees who have access to the data will be informed of 
the criminal penalties of the Privacy Act for unauthorized access to or 
disclosure of information maintained in the system. See 5 U.S.C. 
552a(i)(1).
    Contractor personnel and/or alternate participants having access to 
data in the system of records will be required to adhere to SSA rules 
concerning safeguards, access and use of the data.

RETENTION AND DISPOSAL:
    Records in the Visitor Intake Process/Customer Service Record (VIP/
CSR) System ``High Risk'' file will be retained for five years in 
accordance with Section E of NC-47-76-12. The means of disposal of the 
information in the Visitor Intake Process/Customer Service Record (VIP/
CSR) System ``High Risk'' file will be appropriate to the storage 
medium (e.g., deletion of individual electronic records or shredding of 
paper records). Additionally, management officials will have the 
ability to delete records from the ``High Risk'' file electronic 
database.

SYSTEM MANAGER(S) AND ADDRESS(ES):
    Deputy Commissioner, Office of Systems, Social Security 
Administration, 6401 Security Boulevard, Baltimore, Maryland 21235.

NOTIFICATION PROCEDURE(S):
    An individual can determine if this system contains a record about 
him or her by writing to the system manager(s) at the above address and 
providing his or her name, SSN, or other information that may be in the 
system of records that will identify him or her. An individual 
requesting notification of records in person should provide the same 
information, as well as provide an identity document, preferably with a 
photograph, such as a driver's license. If an individual does not have 
identification documents sufficient to establish his or her identity, 
the individual must certify in writing that he or she is the person 
claimed to be and that he or she understands that knowing and willful 
request for, or acquisition of, a record pertaining to another 
individual under false pretenses is a criminal offense.
    If notification is requested by telephone, an individual must 
verify his or her identity by providing identifying information that 
parallels the record to which notification is being requested. If it is 
determined the identifying information provided by telephone is 
insufficient, the individual will be required to submit a request in 
writing or in person. If an individual is requesting information by 
telephone on behalf of another individual, the subject individual must 
be connected with SSA and the requesting individual in the same phone 
call. SSA will establish the subject individual's identity (his or her 
name, SSN, address, date of birth and place of birth, along with one 
other piece of information such as mother's maiden name), and ask for 
his or her consent in providing information to the requesting 
individual.
    If a request for notification is submitted by mail, an individual 
must include a notarized statement to SSA to verify his or her identity 
or must certify in the request that he or she is the person claimed to 
be and that he or she understands that the knowing and willful request 
for, or acquisition of, a record pertaining to another individual under 
false pretenses is a criminal offense. These procedures are in 
accordance with SSA Regulations (20 CFR 401.40).

RECORD ACCESS PROCEDURE(S):
    Same as Notification procedure(s). Requesters also should 
reasonably specify the record contents they are seeking. These 
procedures are in accordance with SSA Regulations (20 CFR 401.40).

CONTESTING RECORD PROCEDURE(S):
    Same as Notification procedures. Requesters also should reasonably 
identify the record, specify the information they are contesting, and 
state the corrective action sought, and the reasons for the correction, 
with supporting justification showing how the record is untimely, 
incomplete, inaccurate or irrelevant. These procedures are in 
accordance with SSA Regulations (20 CFR 401.65).

RECORD SOURCE CATEGORIES:
    Information in this system of records is obtained from information 
collected from individuals interviewed in person in SSA FOs, from 
existing systems of records, such as the Claims Folders System, 60-
0089; Master Beneficiary Record, 60-0090, Supplemental Security Income 
Record and Special Veterans Benefits, 60-0103; from information 
generated by SSA, such as computer date/time stamps at various points 
in the interview process; and from law enforcement.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE PRIVACY ACT:
    None.

[FR Doc. E7-24391 Filed 12-14-07; 8:45 am]
BILLING CODE 4191-02-P