[Federal Register Volume 75, Number 249 (Wednesday, December 29, 2010)]
[Notices]
[Pages 82121-82126]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-32565]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION


Privacy Act of 1974, as Amended; Proposed Routine Use

AGENCY: Social Security Administration (SSA).

ACTION: Proposed routine use.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and 
(e)(11)), we are issuing public notice of our intent to add a new 
routine use to our system of records entitled Master Files of Social 
Security Number (SSN) Holders and SSN Applications, 60-0058 (the 
Enumeration System). The routine

[[Page 82122]]

use to the Enumeration System will allow us, upon request of the 
Department of Health and Human Services (HHS), Department of 
Agriculture's National Finance Center (NFC), Office of Personnel 
Management (OPM), and the States, or the States' respective contractors 
or agents that administer the Pre-existing Condition Insurance Plan 
(PCIP) to verify the name, SSN, and date of birth, and confirm whether 
citizenship allegations match information in our records for the 
purposes of determining eligibility for PCIP.
    We discuss the routine use in greater detail in the SUPPLEMENTARY 
INFORMATION section below. We invite public comment on this proposal.

DATES: We filed a report of the routine use with the Chairman of the 
Senate Committee on Homeland Security and Governmental Affairs, the 
Chairman of the House Committee on Oversight and Government Reform, and 
the Director, Office of Information and Regulatory Affairs, Office of 
Management and Budget (OMB) on December 17, 2010. The routine use will 
become effective January 26, 2011 unless we receive comments before 
that date that require further consideration.

ADDRESSES: Interested persons may comment on this publication by 
writing to the Acting Executive Director, Office of Privacy and 
Disclosure, Office of the General Counsel, Social Security 
Administration, Room 3-A-6 Operations Building, 6401 Security 
Boulevard, Baltimore, Maryland 21235-6401 or through the Federal e-
Rulemaking Portal at http://www.regulations.gov. All comments we 
receive will be available for public inspection at the above address 
and will be posted to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Anthony Tookes, Management Analyst, 
Disclosure Policy Development and Services Division 2, Office of 
Privacy and Disclosure, Office of the General Counsel, Social Security 
Administration, 3-A-6 Operations Building, 6401 Security Boulevard, 
Baltimore, Maryland 21235-6401, telephone: (410) 966-0097, e-mail: 
[email protected].

SUPPLEMENTARY INFORMATION:

I. Background and Purpose of the Routine Use

A. Disclosure of Citizenship Data for the Pre-existing Condition 
Insurance Plan

    On March 23, 2010, President Obama signed into law the Affordable 
Care Act of 2010 (Pub. L. 111-148), which requires HHS to establish a 
PCIP that will operate and be in effect from June 21, 2010 until 
January 1, 2014, when each State will have established an American 
Health Benefit Exchange. The PCIP is a temporary health insurance 
program that will provide immediate access to insurance for uninsured 
persons with a pre-existing condition. HHS is responsible for overall 
administration of the PCIP, but may carry out the program through 
contracts with the States and nonprofit entities. For those States that 
have opted not to contract with HHS to establish their own program 
under the PCIP, HHS has delegated PCIP eligibility determination 
authority to NFC and OPM.
    Under the Affordable Care Act, we must verify certain information 
upon request from HHS, States, or their respective contractors or 
agents. We will verify each applicant's name, SSN, and date of birth, 
and confirm whether allegations of citizenship match information in our 
records. HHS, NFC, OPM, and the States, or the States' respective 
contractors or agents administering the PCIP, are responsible for 
resolving any information discrepancies with the applicant. If there is 
a discrepancy with the allegation of citizenship in our records, NFC, 
the States, or the States' respective contractors or agents, will 
notify the applicant or HHS of the discrepancy. If we cannot confirm 
citizenship, HHS, NFC, the States, or the States' respective 
contractors or agents, will verify citizenship with the Department of 
Homeland Security.

II. Proposed New Routine Use

A. Pre-existing Condition Insurance Plan

    The Privacy Act requires that agencies publish in the Federal 
Register, notification of ``each routine use of the records contained 
in the system, including the categories of users and the purpose of 
such use.'' 5 U.S.C. 552a(e)(4)(D). This new routine use, numbered 44, 
for the Enumeration System, will allow disclosure to HHS, NFC, OPM, and 
the States, or the States' contractors or agents charged with 
administering the PCIP. The routine use reads as follows:

    To the Department of Health and Human Services, Department of 
Agriculture's National Finance Center, Office of Personnel 
Management, and the States or the States' respective contractors or 
agents charged with administering the Pre-existing Condition 
Insurance Program (PCIP), to verify personal identification data 
(i.e., name, SSN, and date of birth) and to confirm citizenship 
status information in our records to assist these entities in 
determining applicants' entitlement to benefits under the PCIP.

 III. Compatibility of Routine Use

    We may disclose information when the purpose is compatible with the 
purpose for which we collected the information and when re-disclosure 
is supported by published routine uses (20 CFR 401.150). HHS, NFC, OPM, 
and the States or the States' respective contractors or agents will use 
the information to assist them in determining new applicants' 
entitlement to the benefits under the PCIP. We will assist these 
entities in implementing the PCIP, in order to detect and deter conduct 
that violates section 208(a)(7) of the Social Security Act, and support 
the effective and efficient administration of PCIP by providing 
verification services and citizenship status information to these 
entities and their contractors or agents via this routine use. For 
these reasons, we find that providing SSN verification and citizenship 
confirmation services to HHS, NFC, OPM, States, or their respective 
contractors or agents that administer the PCIP, satifies both the 
statutory and regulatory compatibility requirements.

IV. Effect of the Routine Use on the Rights of Persons

    With this routine use, we can verify identification data for HHS, 
NFC, OPM, the States, or the States' respective contractors or agents. 
They will use the data to assist them in determining applicants' 
entitlement to benefits provided by PCIP. We will adhere to all 
applicable statutory requirements for disclosure, including those under 
the Social Security Act and the Privacy Act. We will disclose SSN 
verification information, including confirming citizenship status 
information in our records, to HHS, NFC, OPM, the States, or the 
States' respective contractors or agents, under written agreements that 
stipulate that they will collect, verify, and re-disclose SSNs and 
related data only as provided for by Federal law. We will also 
safeguard from unauthorized access the data we receive from these 
entities. Thus, we do not anticipate that the routine use will have any 
unwarranted adverse effect on the rights of persons about whom we will 
disclose information.


[[Page 82123]]


    Dated: December 14, 2010.
Michael J. Astrue,
Commissioner.

Social Security Administration

Notice of Proposed New Routine Use; Required by the Privacy Act of 
1974, as Amended

System Number: 60-0058

System name:
    Master Files of Social Security Number (SSN) Holders and SSN 
Applications, Social Security Administration (SSA).

Security Classification:
    None.

System Location:
    SSA, Office of Telecommunications and Systems Operations, 6401 
Security Boulevard, Baltimore, Maryland 21235.

Categories of persons covered by the system:
    This system contains a record of each person who has applied for, 
and to whom we have assigned, a Social Security number (SSN). This 
system also contains records of each person who applied for an SSN, but 
to whom we did not assign one, for one of the following reasons: (1) 
His or her application was supported by documents that we suspect may 
be fraudulent and we are verifying the documents with the issuing 
agency; (2) we have determined the person submitted fraudulent 
documents; (3) we do not suspect fraud, but we need to further verify 
information the person submitted or we need additional supporting 
documents; or (4) we have not yet completed processing the application.

Categories of records in the system:
    We collect applications for SSNs. This system contains all of the 
information we received on the applications for SSNs (e.g., name, date 
and place of birth, sex, both parents' names, and race/ethnicity data). 
If the application for an SSN is for a person under the age of 18, we 
also maintain the SSNs of the parents. The system also contains:
     Changes in the information on the applications the SSN 
holders submit;
     Information from applications supported by evidence we 
suspect or determine to be fraudulent, along with the mailing addresses 
of the persons who filed such applications and descriptions of the 
documentation they submitted;
     Cross-references when multiple numbers have been issued to 
the same person;
     A form code that identifies the Form SS-5 (Application for 
a Social Security Card Number) as the application the person used for 
the initial issuance of an SSN, or for changing the identifying 
information (e.g., a code indicating original issuance of the SSN, or 
that we assigned the person's SSN through our enumeration at birth 
program);
     A citizenship code that identifies the number holder's 
status as a U.S. citizen or the work authorization of a non-citizen;
     A special indicator code that identifies types of 
questionable data or special circumstances concerning an application 
for an SSN (e.g., false identity; illegal alien; scrambled earnings);
     An indication that an SSN was assigned based on 
harassment, abuse, or life endangerment; and
     An indication that a person has filed a benefit claim 
under a particular SSN.

Authority for maintenance of the system:
    Sections 205(a) and 205(c)(2) of the Social Security Act (42 U.S.C. 
405(a) and 405(c)(2)).

Purpose:
    We use information in this system to assign SSNs and for a number 
of administrative purposes:
     For various Old Age, Survivors, and Disability Insurance, 
Supplemental Security Income, and Medicare/Medicaid claims purposes, 
including using the SSN itself as a case control number, as a secondary 
beneficiary cross-reference control number for enforcement purposes, 
for verification of claimant identity factors, and for other claims 
purposes related to establishing benefit entitlement;
     To prevent the processing of an SSN card application for a 
person whose application we identified was supported by evidence that 
either:
    [cir] We suspect may be fraudulent and we are verifying evidence; 
or
    [cir] We determined to be fraudulent information.
    We alert our offices when an applicant who attempts to obtain an 
SSN card visits other offices to find one that might unknowingly accept 
fraudulent documentation;
     As a basic control for retained earnings information;
     As a basic control and data source to prevent us from 
issuing multiple SSNs;
     As a means to identify reported names or SSNs on earnings 
reports;
     For resolution of earnings discrepancy cases; and
     For statistical studies.
    The information also is provided to:
     Our Office of the Inspector General, Office of Audit, for 
auditing benefit payments under Social Security programs;
     The Department of Health and Human Services (DHHS), Office 
of Child Support Enforcement, for locating parents who owe child 
support;
     The National Institute of Occupational Safety and Health 
for epidemiological research studies required by the Occupational 
Safety and Health Act of 1974;
     The DHHS Office of Refugee Resettlement for administering 
Cuban refugee assistance payments;
     The DHHS Centers for Medicare and Medicaid Services (CMS) 
for administering Titles XVIII and XIX claims;
     The Secretary of the Treasury for use in administering 
those provisions of the Internal Revenue Code of 1986 (IRC) that grant 
tax benefits based on support for or residence of children. The IRC 
provisions apply specifically to SSNs that parents provide to us on 
applications for persons who are not yet age 18.

Routine uses of records covered by the system, including categories of 
users and the purposes of such uses:
    Routine use disclosures are as indicated below; however, we will 
not disclose any information defined as ``return or return 
information'' under 26 U.S.C. 6103 of the Internal Revenue Code, unless 
authorized by statute, the Internal Revenue Service (IRS), or IRS 
regulations.
    1. To employers in order to complete their records for reporting 
wages to us pursuant to the Federal Insurance Contributions Act and 
section 218 of the Social Security Act.
    2. To Federal, State, and local entities to assist them with 
administering income maintenance and health-maintenance programs, when 
a Federal statute authorizes them to use the SSN.
    3. To the Department of Justice (DOJ), Federal Bureau of 
Investigation and United States Attorney's Offices, and to the 
Department of Homeland Security, United States Secret Service, for 
investigating and prosecuting violations of the Social Security Act.
    4. To the Department of Homeland Security, United States 
Citizenship and Immigration Services, for identifying and locating 
aliens in the United States pursuant to requests received under section 
290(b) of the Immigration and Nationality Act (8 U.S.C. 1360(b)).
    5. To a contractor for the purpose of collating, evaluating, 
analyzing,

[[Page 82124]]

aggregating, or otherwise refining records. We require the contractor 
to maintain Privacy Act safeguards with respect to such records.
    6. To the Railroad Retirement Board to:
    (a) Administer provisions of the Railroad Retirement and Social 
Security Act relating to railroad employment; and
    (b) Administer the Railroad Unemployment Insurance Act.
    7. To the Department of Energy for its epidemiological research 
study of the long-term effects of low-level radiation exposure, as 
permitted by our regulations at 20 CFR 401.150(c).
    8. To the Department of the Treasury for:
    (a) Tax administration as defined in section 6103 of the IRC (26 
U.S.C. 6103);
    (b) Investigating the alleged theft, forgery, or unlawful 
negotiation of Social Security checks; and
    (c) Administering those sections of the IRC that grant tax benefits 
based on support or residence of children. As required by section 
1090(b) of the Taxpayer Relief Act of 1997, Public Law 105-34, this 
routine use applies specifically to the SSNs of parents shown on an 
application for an SSN for a person who has not yet attained age 18.
    9. To a congressional office in response to an inquiry from that 
office made at the request of the subject of a record or a third party 
on that person's behalf.
    10. To the Department of State for administering the Social 
Security Act in foreign countries through its facilities and services.
    11. To the American Institute, a private corporation under contract 
to the Department of State, for administering the Social Security Act 
on Taiwan through facilities and services of that agency.
    12. To the Department of Veterans Affairs (DVA), Regional Office, 
Manila, Philippines, for administering the Social Security Act in the 
Philippines and other parts of the Asia-Pacific region through 
facilities and services of the DVA, Manila.
    13. To the Department of Labor for:
    (a) Administering provisions of the Black Lung Benefits Act; and
    (b) Conducting studies of the effectiveness of training programs to 
combat poverty.
    14. To Department Veterans Affairs:
    (a) To validate SSNs of compensation recipients/pensioners so that 
DVA can release accurate pension/compensation data to us for Social 
Security program purposes; and
    (b) Upon request, for purposes of determining eligibility for, or 
amount of DVA benefits, or verifying other information with respect 
thereto.
    15. To Federal agencies that use the SSN as a numerical identifier 
in their recordkeeping systems for the purpose of validating SSNs.
    16. To DOJ, a court, other tribunal, or another party before such 
court or tribunal when:
    (a) SSA or any of our components; or
    (b) Any SSA employee in his or her official capacity; or
    (c) Any SSA employee in his or her individual capacity when DOJ (or 
SSA when we are authorized to do so) has agreed to represent the 
employee; or
    (d) The United States or any agency thereof when we determine that 
the litigation is likely to affect the operations of SSA or any of our 
components, is party to litigation or has an interest in such 
litigation, and we determine that the use of such records by DOJ, a 
court, other tribunal, or another party before such court or tribunal 
is relevant and necessary to the litigation. In each case, however, we 
must determine that such disclosure is compatible with the purpose for 
which we collected the records.
    17. To State audit agencies for auditing State supplementation 
payments and Medicaid eligibility considerations.
    18. To the Social Security agency of a foreign country to carry out 
the purpose of an international Social Security agreement entered into 
between the United States and the other country, pursuant to section 
233 of the Social Security Act.
    19. To Federal, State, or local agencies (or agents on their 
behalf) for the purpose of validating SSNs those agencies use to 
administer cash or non-cash income maintenance programs or health 
maintenance programs, including programs under the Social Security Act.
    20. To third party contacts (e.g., State bureaus of vital 
statistics and the Department of Homeland Security) that issue 
documents to persons when the third party has, or is expected to have, 
information that will verify documents when we are unable to determine 
if such documents are authentic.
    21. To DOJ, Criminal Division, Office of Special Investigations, 
upon receipt of a request for information pertaining to the identity 
and location of aliens for the purpose of detecting, investigating, 
and, when appropriate, taking legal action against suspected Nazi war 
criminals in the United States.
    22. To the Selective Service System for the purpose of enforcing 
draft registration pursuant to the provisions of the Military Selective 
Service Act (50 U.S.C. App. 462, as amended by section 916 of Pub. L. 
97-86).
    23. To contractors and other Federal agencies, as necessary, to 
assist us in efficiently administering our programs.
    24. To organizations or agencies, such as prison systems, required 
by Federal law to furnish us with validated SSN information.
    25. To the General Services Administration and the National 
Archives and Records Administration (NARA) under 44 U.S.C. 2904 and 
2906, as amended by the NARA Act of 1984, information that is not 
restricted from disclosure by Federal law for their use in conducting 
records management studies.
    26. To DVA or third parties under contract to DVA to disclose SSNs 
and dates of birth for the purpose of conducting DVA medical research 
and epidemiological studies.
    27. To the Office of Personnel Management (OPM) upon receipt of a 
request from that agency in accordance with 5 U.S.C. 8347(m)(3), to 
disclose SSN information when OPM needs the information to administer 
its pension program for retired Federal Civil Service employees.
    28. To the Department of Education, upon request, to verify SSNs 
that students provide to postsecondary educational institutions, as 
required by Title IV of the Higher Education Act of 1965 (20 U.S.C. 
1091).
    29. To student volunteers, persons working under a personal 
services contract, and others, when they need access to information in 
our records in order to perform their assigned agency duties.
    30. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary:
    (a) To enable them to ensure the safety of our employees and 
customers, the security of our workplace, and the operation of our 
facilities; or
    (b) To assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of our facilities.
    31. To recipients of erroneous Death Master File (DMF) information, 
to disclose corrections to information that resulted in erroneous 
inclusion of persons in the DMF.
    32. To State vital records and statistics agencies, the SSNs of 
newborn children for administering public health and income maintenance 
programs, including conducting statistical studies and evaluation 
projects.
    33. To State motor vehicle administration agencies (MVA), and to

[[Page 82125]]

State agencies charged with administering State identification card 
programs (ICP) for the public, to verify names, dates of birth, and 
Social Security numbers on those persons who apply for, or for whom the 
State issues, driver's licenses or State identification cards.
    34. To entities conducting epidemiological or similar research 
projects, upon request, pursuant to section 1106(d) of the Social 
Security Act (42 U.S.C. 1306(d)), to disclose information as to whether 
a person is alive or deceased, provided that:
    (a) We determine, in consultation with the Department of Health and 
Human Services, that the research may reasonably be expected to 
contribute to a national health interest;
    (b) The requester agrees to reimburse us for the costs of providing 
the information; and
    (c) The requester agrees to comply with any safeguards and 
limitations we specify regarding re-release or re-disclosure of the 
information.
    35. To employers in connection with a pilot program, conducted with 
the Department of Homeland Security under 8 U.S.C. 1324a(d)(4), to test 
methods of verifying that persons are authorized to work in the United 
States. We will inform an employer participating in such pilot program 
that the identifying data (SSN, name, and date of birth) furnished by 
an employer concerning a particular employee match, or do not match, 
the data maintained in this system of records, and when there is such a 
match, that information in this system of records indicates that the 
employee is, or is not, a citizen of the United States.
    36. To a State Bureau of Vital Statistics (BVS) that is authorized 
by States to issue electronic death reports when the State BVS requests 
that we verify the SSN of a person on whom the State will file an 
electronic death report after we verify the SSN.
    37. To the Department of Defense (DOD) to disclose validated SSN 
information and citizenship status information for the purpose of 
assisting DOD in identifying those members of the Armed Forces and 
military enrollees who are aliens or non-citizen nationals who may 
qualify for expedited naturalization or citizenship processing. These 
disclosures will be made pursuant to requests made under section 329 of 
the Immigration and Nationality Act, 8 U.S.C. 1440, as executed by 
Executive Order 13269.
    38. To a Federal, State, or congressional support agency (e.g., 
Congressional Budget Office and the Congressional Research Staff in the 
Library of Congress) for research, evaluation, or statistical studies. 
Such disclosures include, but are not limited to, release of 
information in assessing the extent to which one can predict 
eligibility for Supplemental Security Income (SSI) payments or Social 
Security disability insurance benefits; in examining the distribution 
of Social Security benefits by economic and demographic groups and how 
these differences might be affected by possible changes in policy; 
analyzing the interaction of economic and non-economic variables 
affecting entry and exit events and duration in the Title II Old Age, 
Survivors, and Disability Insurance and the Title XVI SSI disability 
programs; and, analyzing retirement decisions focusing on the role of 
Social Security benefit amounts, automatic benefit recomputation, the 
delayed retirement credit, and the retirement test, but only after we:
    (a) Determine that the routine use does not violate legal 
limitations under which the record was provided, collected, or 
obtained;
    (b) Determine that the purpose for which the proposed use is to be 
made:
    i. Cannot reasonably be accomplished, unless the record is provided 
in a form that identifies persons; and
    ii. Is of sufficient importance to warrant the effect on, or risk 
to, the privacy of the person by such limited additional exposure of 
the record;
    iii. Has reasonable probability that the objective of the use would 
be accomplished;
    iv. Is of importance to the Social Security program or Social 
Security beneficiaries; or
    v. Is of importance to the Social Security program or Social 
Security beneficiaries or is for an epidemiological research project 
that relates to the Social Security program or beneficiaries;
    (c) Require the recipient of information to:
    vi. Establish appropriate administrative, technical, and physical 
safeguards to prevent unauthorized use or disclosure of the record and 
agree to on-site inspection by SSA's personnel, its agents, or by 
independent agents of the recipient agency of those safeguards;
    vii. Remove or destroy the identifying information at the earliest 
time consistent with the purpose of the project, unless the recipient 
receives written authorization from SSA that it is justified, based on 
research objectives, for retaining such information;
    viii. Make no further use of the records except:
    (1) Under emergency circumstances affecting the health and safety 
of any person, following written authorization from us; or
    (2) For disclosure to an identified person approved by us for the 
purpose of auditing the research project;
    ix. Keep the data as a system of statistical records (a statistical 
record is one which is maintained only for statistical and research 
purposes, and which is not used to make any determination about a 
person);
    (d) Secure a written statement by the recipient of the information 
attesting to the recipient's understanding of, and willingness to abide 
by, these provisions.
    39. To State and Territory MVA officials (or agents or contractors 
on their behalf), and to State and Territory chief election officials 
to verify the accuracy of information the State agency provides with 
respect to applications for voter registration, when the applicant 
provides the last four digits of the SSN instead of a driver's license 
number.
    40. To State and Territory MVA officials (or agents or contractors 
on their behalf), and to State and Territory chief election officials, 
under the provisions of section 205(r)(8) of the Social Security Act 
(42 U.S.C. 405(r)(8)), to verify the accuracy of information the State 
agency provides with respect to applications for voter registration for 
those persons who do not have a driver's license number:
    (a) When the applicant provides the last four digits of the SSN, or
    (b) When the applicant provides the full SSN, in accordance with 
section 7 of the Privacy Act (5 U.S.C. 552a note), as described in 
section 303(a)(5)(D) of the Help America Vote Act of 2002. (42 U.S.C. 
15483(a)(5)(D))
    41. To the Secretary of Health and Human Services, or to any State, 
any record or information requested in writing by the Secretary for the 
purpose of administering any program administered by the Secretary, if 
we disclosed records or information of such type under applicable 
rules, regulations, and procedures in effect before the date of 
enactment of the Social Security Independence and Program Improvements 
Act of 1994.
    42. To the appropriate Federal, State, and local agencies, 
entities, and persons when: (1) We suspect or confirm that the security 
or confidentiality of information in this system of records has been 
compromised; (2) we find, as a result of the suspected or confirmed 
compromise, a risk of harm to economic or property interests, risk of 
identity theft or fraud, or harm to the security or integrity of this 
system or our other systems or programs that rely upon the compromised 
information; and (3) we

[[Page 82126]]

determine that disclosing the information to such agencies, entities, 
and persons is necessary to assist in our efforts to respond to the 
suspected or confirmed compromise and prevent, minimize, or remedy such 
harm.
    43. To State agencies charged with administering Medicaid and the 
Children's Health Insurance Program (CHIP) to verify personal 
identification data (e.g., name, SSN, and date of birth) and to 
disclose citizenship status information to assist them in determining 
new applicants' entitlement to benefits provided by the CHIP.
    44. To the Department of Health and Human Services, Department of 
Agriculture's National Finance Center, Office of Personnel Management, 
the States, or the States' respective contractors or agents charged 
with administering the Pre-existing Condition Insurance Program (PCIP) 
to verify personal identification data (e.g., name, SSN, and date of 
birth) and to confirm citizenship status information in our records to 
assist these agencies with determining applicants' entitlement to 
benefits under PCIP.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    We maintain records in this system in paper form (Forms SS-5 
(Application for a Social Security Card), and system generated forms); 
magnetic media (magnetic tape and disc with on-line access); in 
microfilm and microfiche form; and on electronic files (NUMIDENT and 
Alpha-Index).

Retrievability:
    We will retrieve records by both SSN and name. If we deny an 
application because the applicant submitted fraudulent evidence, or if 
we are verifying evidence we suspect to be fraudulent, we will retrieve 
records either by the applicant's name plus month and year of birth, or 
by the applicant's name plus the eleven-digit reference number of the 
disallowed application.

Safeguards:
    We have established safeguards for automated records in accordance 
with our Systems Security Handbook. These safeguards include 
maintaining the magnetic tapes and discs within a secured enclosure 
attended by security guards. Anyone entering or leaving this enclosure 
must have a special badge we issue only to authorized personnel.
    For computerized records, we or our contractors, including 
organizations administering our programs under contractual agreements, 
transmit information electronically between Central Office and Field 
Office locations. Safeguards include a lock/unlock password system, 
exclusive use of leased telephone lines, a terminal-oriented 
transaction matrix, and an audit trail. Only authorized personnel who 
have a need for the records in the performance of their official duties 
may access microfilm, microfiche, and paper files.
    We annually provide to all our employees and contractors 
appropriate security guidance and training that include reminders about 
the need to protect personally identifiable information and the 
criminal penalties that apply to unauthorized access to, or disclosure 
of, personally identifiable information. See 5 U.S.C. 552a(i)(1). 
Furthermore, employees and contractors with access to databases 
maintaining personally identifiable information must sign a sanction 
document annually, acknowledging their accountability for 
inappropriately accessing or disclosing such information.

Retention and disposal:
    We retain most paper forms only until we film and verify them for 
accuracy. We then shred the paper records. We retain electronic and 
updated microfilm and microfiche records indefinitely. We update all 
tape, discs, microfilm, and microfiche files periodically. We erase 
out-of-date magnetic tapes and discs and we shred out-of-date 
microfiches.

System manager and address:
    Director, Division of Enumeration Verification and Death Alerts, 
Office of Earnings, Enumeration, and Administrative Systems, Social 
Security Administration, 6401 Security Boulevard, Baltimore, MD 21235.

Notification procedures:
    Persons can determine if this system contains a record about them 
by writing to the system manager at the above address and providing 
their name, SSN, or other information that may be in this system of 
records that will identify them. Persons requesting notification by 
mail must include a notarized statement to us to verify their identity 
or must certify in the request that they are the person they claim to 
be and that they understand that the knowing and willful request for, 
or acquisition of, a record pertaining to another person under false 
pretenses is a criminal offense.
    Persons requesting notification of records in person must provide 
their name, SSN, or other information that may be in this system of 
records that will identify them, as well as provide an identity 
document, preferably with a photograph, such as a driver's license. 
Persons lacking identification documents sufficient to establish their 
identity must certify in writing that they are the person they claim to 
be and that they understand that the knowing and willful request for, 
or acquisition of, a record pertaining to another person under false 
pretenses is a criminal offense.
    Persons requesting notification by telephone must verify their 
identity by providing identifying information that parallels the 
information in the record about which notification is sought. If we 
determine that the identifying information the person provides by 
telephone is insufficient, we will require the person to submit a 
request in writing or in person. If a person requests information by 
telephone on behalf of another person, the subject person must be on 
the telephone with the requesting person and with us in the same phone 
call. We will establish the subject person's identity (his or her name, 
SSN, address, date of birth, and place of birth, along with one other 
piece of information such as mother's maiden name), and ask for his or 
her consent to provide information to the requesting person. These 
procedures are in accordance with our regulations at 20 CFR 401.40 and 
401.45.

Record access procedures:
    Same as notification procedures. Persons must also reasonably 
specify the record contents they are seeking. These procedures are in 
accordance with our regulations at 20 CFR 401.40(c).

Contesting record procedures:
    Same as notification procedures. Persons must also reasonably 
identify the record, specify the information they are contesting, and 
state the corrective action sought and the reasons for the correction, 
with supporting justification showing how the record is incomplete, 
untimely, inaccurate, or irrelevant. These procedures are in accordance 
with our regulations at 20 CFR 401.65(a).

Record source categories:
    We obtain information in this system from SSN applicants (or 
persons acting on their behalf).

Exemptions claimed for the system:
    None.

[FR Doc. 2010-32565 Filed 12-28-10; 8:45 am]
BILLING CODE P