[Federal Register Volume 75, Number 133 (Tuesday, July 13, 2010)]
[Notices]
[Pages 40014-40019]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-17021]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974, as Amended; Proposed System of Records and 
Routine Use Disclosures

AGENCY: Social Security Administration (SSA).

ACTION: Proposed System of Records and Routine Uses.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and 
(e)(11)) we are issuing public notice of our intent to establish a 
system of records and routine use disclosures. The system of records is 
the Economic Recovery List (ERL) Database (60-0372), hereinafter 
referred to as the ERL Database. We will use information covered by the 
system of records to:
     Determine persons eligible for the one-time payment under 
provisions of the American Recovery and Reinvestment Act of 2009 (ARRA) 
or any similar subsequent payments authorized under the ARRA or other 
legislation;
     Prevent duplicate payments to those who qualify under more 
than one criterion;
     Record post-payment actions for Title II and Title XVI of 
the Social Security Act Economic Recovery Payments (ERP); and
     Provide management information (MI) for the Title II and 
Title XVI ERPs.
    We discuss the system of records and routine use disclosures in the 
Supplementary Information section below. We invite public comments on 
this proposal.

[[Page 40015]]


DATES: We filed a report of the system of records and routine use 
disclosures with the Chairman of the Senate Committee on Homeland 
Security and Governmental Affairs, the Chairman of the House Committee 
on Oversight and Government Reform, and the Administrator, Office of 
Information and Regulatory Affairs, Office of Management and Budget 
(OMB) on June 30, 2010. The system of records and routine uses will 
become effective on August 8, 2010, unless we receive comments before 
that date that would result in a contrary determination.

ADDRESSES: Interested persons may comment on this publication by 
writing to the Executive Director, Office of Privacy and Disclosure, 
Office of the General Counsel, Social Security Administration, 3-A-6 
Operations Building, 6401 Security Boulevard, Baltimore, Maryland 
21235-6401, or through the Federal e-Rulemaking Portal at http://www.regulations.gov. All comments we receive will be available for 
public inspection at the above address and will be posted to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Matthew Olsen, Senior Analyst, 
Disclosure Policy Development and Services Division I, Office of 
Privacy and Disclosure, Office of the General Counsel, Social Security 
Administration, 3-A-6 Operations Building, 6401 Security Boulevard, 
Baltimore, Maryland 21235-6401, telephone: (410) 965-6213, e-mail: 
[email protected].

SUPPLEMENTARY INFORMATION:

I. Background and Purpose of the ERL Database System of Records

A. General Background

    A provision of the ARRA of 2009 authorizes a one-time ERP of $250 
to persons receiving benefits under Title II or Title XVI of the Social 
Security Act, as well as persons receiving benefits from the Railroad 
Retirement Board (RRB) or the Department of Veterans Affairs, Veterans 
Benefits Administration (VBA). Persons entitled under multiple programs 
may receive only one payment.
    The ERL Database will create a list of persons eligible for an ERP 
under Title II or Title XVI, eliminating any duplicate payments. We 
will then receive data from RRB on potential persons eligible in their 
system, and match these to the ERL Database based on the Clients' Own 
Social Security Number (COSSN) file.
    Based on the match of the RRB-eligible COSSN file, we will identify 
the person as eligible for a unique RRB payment, or as duplicating a 
payment made by either Title II or Title XVI. We will update the ERL 
Database identifying the additional subset of those receiving RRB 
benefits.
    We will use the updated ERL Database in subsequent matching 
processes for persons eligible from the VBA. We will send a one-for-one 
response back to the RRB identifying each RRB eligible person as 
already paid by Title II/Title XVI, or a person eligible for whom RRB 
should submit to the Department of the Treasury (DOT), for payment. We 
will repeat this process with data provided by the VBA.
    The ERL Database will contain a record for each Title II, Title 
XVI, RRB, and VBA person eligible for the ERP, including the agency 
under which each person qualified. SSA, RRB, and VBA will each submit 
its own subset(s) of persons eligible to DOT to issue the ERP. If, 
between when a person is determined eligible and issuance of the 
payment that person has died, the ERL Database may contain information 
identifying a reissuance was made in care of the estate of the 
deceased.

B. Collection and Maintenance of the Data Covered by the ERL Database 
System of Records

    We will collect and maintain information that will be housed in the 
ERL Database from existing internal systems that maintain information 
on persons receiving benefits under Title II and Title XVI of the 
Social Security Act. We will add additional information from RRB and 
VBA systems which similarly maintain information on persons receiving 
those respective benefits. We will maintain the information in this 
system of records in electronic format.
    We will collect information for Title II and Title XVI 
beneficiaries such as: SSN; claim account number; beneficiary 
identification code; reason for non-payment; and post-payment 
information such as DOT Offset Payment (TOP), returned payment, non-
receipt claims, reclamation claims, limited payability data, and the 
name of an executor or other person qualified to receive payment, tax 
identification number, and mailing address for reissuance of payment to 
the estate of the deceased if, between the determination that a person 
is eligible and the issuance of payment that person has died. For 
payments made by RRB or VBA, we will collect the SSN in the system. For 
all payments we will collect in the system the agency that qualified 
the person to receive the payment. We will retrieve information covered 
by the system of records by using the beneficiary's SSN, claim account 
number, or beneficiary identification code. As a result, the ERL 
Database information collection is a system of records as defined by 
the Privacy Act.

II. Routine Use Disclosures of Data Covered by the ERL Database System 
of Records

A. Routine Use Disclosures

    We propose to establish the following routine uses of information 
that will be covered by the ERL Database system of records.
1. To the Department of the Treasury (DOT) To Prepare Checks or 
Payments It Will Send to Those Persons Eligible for the One-Time 
Payment, or Similar Payments Subsequently Authorized Under the ARRA or 
Other Legislation
    We will disclose information under this routine use to allow DOT to 
prepare the checks and payments to those persons receiving an ERP.
2. To the DOT To Allow the Department To Recover Debts to the Federal 
Government Under the Treasury Offset Program
    We will disclose information under this routine use to allow for 
the recovery of debt to the Federal government under the Treasury 
Offset Program, as mandated in the ARRA
3. To the Internal Revenue Service (IRS) To Allow for the 
Administration of the Make Work Pay Credit
    We will disclose information under this routine use to the IRS to 
allow the Service to administer the Make Work Pay credit, specifically 
to ensure proper offset of the credit when a person also receives an 
ERP, as mandated by the ARRA
4. To the Office of the President in Response to an Inquiry From That 
Office Made at the Request of the Subject of the Record or a Third 
Party on That Person's Behalf
    We will disclose information under this routine use only when the 
Office of the President makes an inquiry relating to information 
contained in this system of records and indicates that it is requesting 
the record on behalf of the person
5. To a Congressional Office in Response to an Inquiry From That Office 
Made at the Request of the Subject of a Record or a Third Party on That 
Person's Behalf
    We will disclose information under this routine use only when a 
member of Congress, or member of his or her staff,

[[Page 40016]]

makes an inquiry relating to information contained in this system of 
records and indicates that it is requesting the record on behalf of the 
person.
6. To the Department of Justice (DOJ), a Court, Other Tribunal, or 
Another Party Before Such Court or Tribunal When:
    (a) The agency or any of our components; or
    (b) Any agency employee in his or her official capacity; or
    (c) Any agency employee in his or her individual capacity when DOJ 
(or the agency when we are authorized to do so) has agreed to represent 
the employee; or
    (d) The United States or any agency thereof when we determine that 
the litigation is likely to affect our operations or any of its 
components, is party to the litigation or has an interest in such 
litigation, and we determine that the use of such records by DOJ, a 
court, other tribunal, or another party before such court or tribunal 
is relevant and necessary to the litigation. In each case, however, we 
must determine that such disclosure is compatible with the purpose for 
which we collected the records.
    We will disclose information under this routine use only as 
necessary to enable DOJ to defend us, our components, or our employees 
in litigation when the use of information covered by this system of 
records is relevant and necessary to the litigation and compatible with 
the purpose of the information collection. We will also disclose 
information to ensure that courts, other tribunals, and parties before 
such courts or tribunals, have appropriate information when relevant 
and necessary.
7. To Contractors and Other Federal Agencies, as Necessary, To Assist 
Us in Efficiently Administering Our Programs
    We will disclose information under this routine use only in 
situations where we enter into a contractual agreement or similar 
agreement with a third party to assist in accomplishing an agency 
function relating to information covered by the ERL Database system of 
records.
8. To Student Volunteers, Persons Working Under a Personal Services 
Contract, and Others Who Are Not Technically Federal Employees, When 
They Are Performing Work for Us as Authorized by Law, and They Need 
Access to Information in Our Records in order To Perform Their Assigned 
Agency Duties
    We will disclose information under this routine use only when we 
use the services of student volunteers and participants in certain 
educational, training, employment, and community service programs when 
they need access to information covered by this system of records to 
perform their assigned agency duties.
9. To the Railroad Retirement Board (RRB) and the Department of 
Veterans Affairs, Veterans Benefits Administration (VBA), To Identify 
Persons Who Qualify for a Payment as a Beneficiary From More Than One 
Agency
    We will disclose information under this routine use to the RRB and 
VBA so that they have a list of those persons eligible for a payment, 
and who have not already qualified as a beneficiary of another agency's 
programs.
10. To the Appropriate Federal, State, and Local Agencies, Entities, 
and Persons When:
    (a) We suspect or confirm that the security or confidentiality of 
information in this system of records has been compromised;
    (b) We determine that as a result of the suspected or confirmed 
compromise there is a risk of harm to economic or property interests, 
risk of identity theft or fraud, or harm to the security or integrity 
of this system or our other systems or programs that rely upon the 
compromised information; and
    (c) We determine that disclosing the information to such agencies, 
entities, and persons is necessary to assist in our efforts to respond 
to the suspected or confirmed compromise and prevent, minimize, or 
remedy such harm. We will use this routine use to respond only to those 
incidents involving an unintentional release of our records.
    We will disclose information under this routine use specifically in 
connection with response and remediation efforts in the event of an 
unintentional release of agency information, otherwise known as a 
``data security breach.'' This routine use will protect the interests 
of the people whose information is at risk by allowing us to take 
appropriate steps to facilitate a timely and effective response to a 
data breach. The routine use will also help us improve our ability to 
prevent, minimize, or remedy any harm that may result from a compromise 
of data covered by this system of records.
11. To Federal, State, and Local Law Enforcement Agencies and Private 
Security Contractors, as Appropriate, Information Necessary:
    (a) To enable them to ensure the safety of our employees and 
customers, the security of our workplace, and the operation of our 
facilities; or
    (b) To assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of our facilities.
    We will disclose information under this routine use to law 
enforcement agencies and private security contractors when information 
is needed to respond to, investigate, or prevent activities that 
jeopardize the security and safety of the public, employees, or 
workplaces, or that otherwise disrupt the operation of our facilities. 
Information will also be disclosed to assist in the prosecution of 
persons charged with violating a Federal, State, or local law in 
connection with such activities.
12. To the General Services Administration (GSA) and the National 
Archives and Records Administration (NARA) Under 44 U.S.C. 2904 and 
2906, as Amended by the NARA Act, Information That Is Not Restricted 
From Disclosure by Federal Law, for Their Use in Conducting Records 
Management Studies
    We will disclose information under this routine use only when it is 
necessary for GSA and NARA to have access to the information covered by 
this system of records. The administrator of GSA and the Archivist of 
NARA are authorized by Title 44 U.S.C. 2904, as amended, to promulgate 
standards, procedures, and guidelines regarding records management and 
to conduct records management studies. Title 44 U.S.C. 2906, as 
amended, provides that GSA and NARA are authorized to inspect Federal 
agencies' records for records management purposed and that agencies are 
to cooperate with GSA and NARA.

B. Compatibility of Proposed Routine Uses

    We can disclose information when the disclosure is required by law 
(20 CFR 401.120). We can also disclose information when the purpose is 
compatible with the purpose for which we collect the information and 
the disclosure is supported by a published routine use (20 CFR 
401.150). The disclosures under our routine uses (numbers one through 
twelve) will ensure that we efficiently perform our functions relating 
to the purpose and administration of the ERL Database system of 
records. Federal law requires the disclosures that we make under 
routine use numbers ten and eleven. We will disclose information under 
these two routine uses to the extent another

[[Page 40017]]

Federal law does not prohibit the disclosure. For example, the Internal 
Revenue Code generally prohibits us from disclosing tax return 
information that we receive to maintain a person's earnings records. 
Therefore, all routine uses are appropriate and meet the relevant 
statutory and regulatory criteria.

III. Records Storage Medium and Safeguards for the Information Covered 
by the ERL Database System of Records

    We will maintain information in the ERL Database system of records 
in electronic form. We will safeguard the security of the electronic 
information covered by the ERL Database system of records by requiring 
the use of access codes to enter the computer system that will house 
the data. We will permit only our authorized employees and contractors 
who require the information to perform their official duties to access 
the information covered by the ERL Database system of records.
    We annually provide all our employees and contractors with 
appropriate security awareness and training that includes reminders 
about the need to protect personally identifiable information and the 
criminal penalties that apply to unauthorized access to, or disclosure 
of, personally identifiable information. See 5 U.S.C. 552a(i)(1). 
Furthermore, employees and contractors with access to databases 
maintaining personally identifiable information must sign a sanction 
document annually, acknowledging their accountability for 
inappropriately accessing or disclosing such information.

IV. Effects of the ERL Database System of Records on the Rights of 
Individuals

    We will maintain information in the ERL Database only that is 
necessary to carry out our official functions under the Social Security 
Act and other applicable Federal statutes. We will use security 
measures that protect access to, and preclude unauthorized disclosure 
of, records in this system of records. Additionally, we will adhere to 
all statutory requirements, including those under the Social Security 
Act and the Privacy Act, in carrying out our responsibilities. We 
employ safeguards to protect all personal information in our possession 
as well as the confidentiality of the information. We will disclose 
information under the routine uses discussed above only as necessary to 
accomplish the stated purposes. Therefore, we do not anticipate that 
this system of records and its routine use disclosures will have any 
unwarranted adverse effect on the privacy or other rights of persons.

    Dated: June 30, 2010.
Michael J. Astrue,
Commissioner.
SYSTEM NUMBER: 60-0372

SYSTEM NAME:
    Economic Recovery List (ERL) Database, Social Security 
Administration.

SYSTEM CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Social Security Administration, Office of Retirement and Survivors 
Insurance Systems, 6401 Security Boulevard, Baltimore, Maryland 21235.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Persons receiving benefits under Title II and XVI of the Social 
Security Act, as well as those covered by the Railroad Retirement Board 
(RRB) and the Department of Veterans Affairs, Veterans Benefits 
Administration (VBA). Executors or other persons qualified to receive a 
decedent's payment in the event that, between when a person is 
determined eligible and issuance of the payment, that person has died.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system will contain information regarding the payees and 
payments made under provisions of the American Recovery and 
Reinvestment Act of 2009 (ARRA) or other similar legislation. For Title 
II and Title XVI beneficiaries, this system will contain the person's 
Social Security number (SSN), claim account number, beneficiary 
identification code, reason for non-payment, and post-payment 
information such as the Treasury Offset Payment (TOP), returned 
payment, non-receipt claims, reclamation claims, limited payability 
data, and the name of an executor or other person qualified to receive 
payment, tax identification number, and mailing address for reissuance 
of payment to the estate of the deceased if, between the determination 
that a person is eligible and the issuance of payment that person has 
died. For payments made by RRB and VBA, the system will contain the 
person's SSN. For all payments the system will contain the agency that 
qualified the person to receive the payment.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title II, Section 2201, Subtitle C of the ARRA.

PURPOSE(S):
    We will use data in this system to determine persons eligible for a 
one-time payment under the ARRA, or any subsequent payments authorized 
under an amendment to or legislation similar to the ARRA, and to 
prevent duplicate payments to those who qualify under more than one 
criterion.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Routine use disclosures are as indicated below.
    1. To the Department of the Treasury (DOT) to prepare checks or 
payments it will send to those persons eligible for the one-time 
payment, or similar payments subsequently authorized under the ARRA or 
other legislation.
    2. To the DOT to allow the Department to recover debts to the 
Federal government under the Treasury Offset Program.
    3. To the Internal Revenue Service to allow for administration of 
the Make Work Pay credit.
    4. To the Office of the President in response to an inquiry from 
that office made at the request of the subject of the record or a third 
party on that person's behalf.
    5. To a congressional office in response to an inquiry from that 
office made at the request of the subject of a record or a third party 
on that person's behalf.
    6. To the Department of Justice (DOJ), a court, other tribunal, or 
another party before such court or tribunal when:
    (a) The agency or any of our components; or
    (b) Any agency employee in his or her official capacity; or
    (c) Any agency employee in his or her individual capacity when DOJ 
(or the agency when we are authorized to do so) has agreed to represent 
the employee; or
    (d) The United States or any agency thereof when we determine that 
the litigation is likely to affect our operations or any of its 
components, is party to the litigation or has an interest in such 
litigation, and we determine that the use of such records by DOJ, a 
court, other tribunal, or another party before such court or tribunal 
is relevant and necessary to the litigation. In each case, however, we 
must determine that such disclosure is compatible with the purpose for 
which we collected the records.
    7. To our contractors and other Federal agencies, as necessary, to 
assist us in efficiently administering our programs.
    8. To student volunteers, persons working under a personal services

[[Page 40018]]

contract, and others who are not technically Federal employees, when 
they are performing work for us as authorized by law, and they need 
access to information in our records in order to perform their assigned 
agency duties.
    9. To the Railroad Retirement Board and Department of Veterans 
Affairs, Veterans Benefits Administration, to identify persons who 
qualify for a payment as a beneficiary from more than one agency.
    10. To the appropriate Federal, State, and local agencies, 
entities, and persons when:
    (a) We suspect or confirm that the security or confidentiality of 
information in this system of records has been compromised;
    (b) We determine that as a result of the suspected or confirmed 
compromise there is a risk of harm to economic or property interests, 
risk of identity theft or fraud, or harm to the security or integrity 
of this system or our other systems or programs that rely upon the 
compromised information; and
    (c) We determine that disclosing the information to such agencies, 
entities, and persons is necessary to assist in our efforts to respond 
to the suspected or confirmed compromise and prevent, minimize, or 
remedy such harm. We will use this routine use to respond only to those 
incidents involving an unintentional release of our records.
    11. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary:
    a. To enable them to ensure the safety of our employees and 
customers, the security of our workplace, and the operation of our 
facilities; or
    b. To assist investigations or prosecutions with respect to 
activities that affect such safety, security, or activities that 
disrupt the operation of our facilities.
    12. To the General Services Administration and the National 
Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 
2906, as amended by the NARA Act, information that is not restricted 
from disclosure by Federal law for their use in conducting records 
management studies.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    We maintain and store records in this system in electronic form.

RETRIEVABILITY:
    We retrieve records by beneficiary Social Security number, claim 
account number, or beneficiary identification code.

SAFEGUARDS:
    We retain electronic files with personal identifiers in secure 
storage areas accessible only to our authorized employees and 
contractors who have a need for the information when performing their 
official duties. Security measures include the use of access codes 
(personal identification number (PIN) and password) to enter our 
computer systems that house the data.
    We annually provide all our employees and contractors with 
appropriate security awareness and training that includes reminders 
about the need to protect personally identifiable information and the 
criminal penalties that apply to unauthorized access to, or disclosure 
of, personally identifiable information (5 U.S.C. 552a(i)(l)). 
Furthermore, employees and contractors with access to databases 
maintaining personally identifiable information must sign a sanction 
document annually, acknowledging their accountability for 
inappropriately accessing or disclosing such information.

RETENTION AND DISPOSAL:
    We maintain records in SSA headquarters within the Office of 
Retirement and Survivors Insurance Systems. We will maintain these 
records for seven years, pending application of an appropriate General 
Records Schedule, or approval by NARA, of the proposed retention.

SYSTEM MANAGER(S) AND ADDRESS:
    Project Manager, Office of Retirement and Survivors Insurance 
Systems, Social Security Administration, 6401 Security Boulevard, 
Baltimore, Maryland 21235-6401.

NOTIFICATION PROCEDURES:
    Persons can determine if this system contains a record about them 
by writing to the system manager at the above address and providing 
their name, SSN, or other information in this system of records that 
will identify them. Persons requesting notification by mail must 
include a notarized statement to us to verify their identity or must 
certify in the request that they are the person they claim to be and 
that they understand that the knowing and willful request for, or 
acquisition of, a record pertaining to another person under false 
pretenses is a criminal offense.
    Persons requesting notification of records in person must provide 
the same information, as well as provide an identity document, 
preferably with a photograph, such as a driver's license. Persons 
lacking identification documents sufficient to establish their identity 
must certify in writing that they are the person they claim to be and 
that they understand that the knowing and willful request for, or 
acquisition of, a record pertaining to another person under false 
pretenses is a criminal offense.
    Persons requesting notification by telephone must verify their 
identity by providing identifying information that parallels the 
information in the record about which they are requesting notification. 
If we determine that the identifying information the person provides by 
telephone is insufficient, we will require the person to submit a 
request in writing or in person. If a person requests information by 
telephone on behalf of another person, the subject person must be on 
the telephone with the requesting person and us in the same phone call. 
We will establish the subject person's identity (his or her name, SSN, 
address, date of birth, and place of birth, along with one other piece 
of information such as mother's maiden name) and ask for his or her 
consent to provide information to the requesting person. These 
procedures are in accordance with our regulations at 20 CFR 401.40 and 
401.45.

RECORD ACCESS PROCEDURES:
    Same as notification procedures. Persons also should reasonably 
specify the record contents they are seeking. These procedures are in 
accordance with our regulations (20 CFR 401.40(c)).

CONTESTING RECORD PROCEDURES:
    Same as notification procedures. Persons also should reasonably 
identify the record, specify the information they are contesting, and 
state the corrective action sought and the reasons for the correction 
with supporting justification showing how the record is incomplete, 
untimely, inaccurate, or irrelevant. These procedures are in accordance 
with our regulations (20 CFR 401.65(a)).

RECORD SOURCE CATEGORIES:
    We obtain data covered by this system of records from information 
in our existing systems of records (e.g., the Master Beneficiary 
Record, 60-0090 and Supplemental Security Income Record and Special 
Veterans Benefits, 60-0103), as well as from systems of records of the 
Railroad Retirement Board and Veterans Benefits Administration. We may 
also obtain data from an executor or other person qualified to receive 
a decedent's payment in the event that, between when a person is 
determined eligible

[[Page 40019]]

and the issuance of payment, that person has died.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE PRIVACY ACT:
None.

[FR Doc. 2010-17021 Filed 7-12-10; 8:45 am]
BILLING CODE P