[Federal Register Volume 84, Number 72 (Monday, April 15, 2019)]
[Notices]
[Pages 15275-15277]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-07455]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION

[Docket No. SSA-2018-0056]


Privacy Act of 1974; System of Records

AGENCY: Office of Security and Emergency Preparedness, Deputy 
Commissioner for Budget, Finance, and Management, Social Security 
Administration (SSA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act, we are issuing public 
notice of our intent to establish a new system of records entitled, 
Mass Emergency Notification System (MENS) (60-0386), hereinafter called 
the MENS Record System. This notice publishes details of the new system 
as set forth under the caption, SUPPLEMENTARY INFORMATION.

DATES: The system of records notice (SORN) is applicable upon its 
publication in today's Federal Register, with the exception of the 
routine uses, which are effective May 15, 2019. We invite public 
comment on the routine uses or other aspects of this SORN. In 
accordance with 5 U.S.C. 552a(e)(4) and (e)(11), the public is given a 
30-day period in which to submit comments. Therefore, please submit any 
comments by May 15, 2019.

ADDRESSES: The public, Office of Management and Budget (OMB), and 
Congress may comment on this publication by writing to the Executive 
Director, Office of Privacy and Disclosure, Office of the General 
Counsel, SSA, Room G-401 West High Rise, 6401 Security Boulevard, 
Baltimore, Maryland 21235-6401, or through the Federal e-Rulemaking 
Portal at http://www.regulations.gov, please reference docket number 
SSA-2018-0056. All comments we receive will be available for public 
inspection at the above address and we will post them to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Anthony Tookes, Government Information 
Specialist, Privacy Implementation Division, Office of Privacy and 
Disclosure, Office of the General Counsel, SSA, Room G-401 West High 
Rise, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, 
telephone: (410) 966-0097, email: [email protected].

SUPPLEMENTARY INFORMATION: We are establishing the MENS Record System 
to cover information we collect about our employees, contractors, and 
others who may be affected by emergency situations at an SSA site or 
property and may be notified about such situations through MENS. We are 
transforming and modernizing agency emergency communications. The MENS 
Record system will enable us to quickly notify individuals of any 
emergency or urgent situation that occurs in an area that the affected 
individual works or frequents or at another site or property for which 
the individual has an interest in receiving notifications from the 
system.
    In accordance with 5 U.S.C. 552a(r), we have provided a report to 
OMB and Congress on this new system of records.

Mary Zimmerman,
Acting Executive Director, Office of Privacy and Disclosure, Office of 
the General Counsel.
SYSTEM NAME AND NUMBER

Mass Emergency Notification System (MENS), 60-0383

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Social Security Administration, Deputy Commissioner for the Office 
of Budget, Finance, and Management, Office of Security and Emergency 
Preparedness, 6401 Security Boulevard, Baltimore, MD 21235.

SYSTEM MANAGER(S):
    Social Security Administration, Deputy Commissioner for the Office 
of Budget, Finance, and Management, Office of Security and Emergency 
Preparedness, 6401 Security Boulevard, Baltimore, MD 21235, 
[email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Homeland Security Presidential Directive 5; Occupational Safety and 
Health Administration Act of 1970; Title 41 CFR Sections 101-20.103-4 
and 102-74.230.

PURPOSE(S) OF THE SYSTEM:
    We will use the information in this system to collect and store 
personal contact information and to notify SSA employees, contractors, 
and any others who may be affected by emergency situations at an SSA 
site or property.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Current SSA employees, contractors, and any others who may be 
affected by emergency or urgent situations at an SSA site or property 
(e.g., non-employee parents of children at an SSA child care facility).

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system maintains contact information and other information 
necessary to provide notice through the

[[Page 15276]]

MENS Record System, such as the individual's name, personal telephone 
number, personal email address, official business phone number, 
official business email address, and official business location.

RECORD SOURCE CATEGORIES:
    We obtain information in this system from individuals who 
voluntarily register for MENS. In addition, we obtain information from 
the Personal Identity Verification Card Management System and the SSA 
Human Resources Operational Datastore database.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    We will disclose records pursuant to the following routine uses; 
however, we will not disclose any information defined as ``return or 
return information'' under 26 U.S.C. 6103 of the Internal Revenue Code 
(IRC), unless authorized by statute, the Internal Revenue Service 
(IRS), or IRS regulations.
    1. To a congressional office in response to an inquiry from that 
office made on behalf of, and at the request of, the subject of the 
record or third party acting on the subject's behalf.
    2. To the Office of the President in response to an inquiry from 
that office made on behalf of, and at the request of, the subject of 
the record or a third party acting on the subject's behalf.
    3. To the National Archives and Records Administration (NARA) under 
44 U.S.C. 2904 and 2906.
    4. To appropriate agencies, entities, and persons when:
    (a) SSA suspects or has confirmed that there has been a breach of 
the system of records;
    (b) SSA has determined that as a result of the suspected or 
confirmed breach, there is a risk of harm to individuals, SSA 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and
    (c) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connections with SSA's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    5. To another Federal agency or Federal entity, when SSA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in:
    (a) responding to a suspected or confirmed breach; or
    (b) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    6. To disclose information to officials of labor organizations 
recognized under 5 U.S.C. Chapter 71 when relevant and necessary to 
their duties of exclusive representation concerning personnel policies, 
practices, and matters affecting working conditions.
    7. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such court or tribunal, when:
    (a) SSA, or any component thereof; or
    (b) any SSA employee in his/her official capacity; or
    (c) any SSA employee in his/her individual capacity where DOJ (or 
SSA, where it is authorized to do so) has agreed to represent the 
employee; or
    (d) the United States or any agency thereof where SSA determines 
the litigation is likely to affect SSA or any of its components, is a 
party to the litigation or has an interest in such litigation, and SSA 
determines that the use of such records by DOJ, a court or other 
tribunal, or another party before the tribunal is relevant and 
necessary to the litigation, provided, however, that in each case, the 
agency determines that disclosure of the records to DOJ, court or other 
tribunal, or another party is a use of the information contained in the 
records that is compatible with the purpose for which the records were 
collected.
    8. To Federal, State and local law enforcement agencies and private 
security contractors, as appropriate, information necessary:
    (a) to enable them to protect the safety of SSA employees and 
customers, the security of the SSA workplace, the operation of SSA 
facilities, or
    (b) to assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operations of SSA facilities.
    9. To the Equal Employment Opportunity Commission (EEOC) when 
requested in connection with investigations into alleged or possible 
discriminatory practices in the Federal sector, examination of Federal 
affirmative employment programs, compliance by Federal agencies with 
the Uniform Guidelines on Employee Selection Procedures, or other 
functions vested in the Commission.
    10. To the Office of Personnel Management (OPM), the Merit Systems 
Protection Board, or the Office of Special Counsel in connection with 
appeals, special studies, of the civil service and other merit systems, 
review of rules and regulations, investigations of alleged or possible 
prohibited practices, and other such functions promulgated in 5 U.S.C. 
Chapter 12, or as may be required by law.
    11. To contractors and other Federal agencies, as necessary, for 
the purpose of assisting SSA in the efficient administration of its 
programs. We disclose information under this routine use only in 
situations in which SSA may enter into a contractual or similar 
agreement with a third party to assist in accomplishing an agency 
function relating to this system of records.
    12. To student volunteers, individuals working under a personal 
services contract, and other workers who technically do not have the 
status of Federal employees when they are performing work for SSA, as 
authorized by law, and they need access to personally identifiable 
information (PII) in SSA records in order to perform their assigned 
agency functions.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    We maintain records in this system in paper and electronic form.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    We will retrieve records by the individual's name and SSA-provided 
email address.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    We retain records in accordance with NARA approved records 
schedules. We maintain these records under General Records Schedule 
(GRS) 5.3 Continuity and Emergency Planning Records, Item 020--Employee 
Emergency Contact Information. The emergency contact information 
records used to account for and maintain communication with personnel 
during emergencies, office dismissal, and closure situations. Records 
include name and emergency contact information such as phone numbers 
and addresses. Records may also include other information on employees 
such as responsibilities assigned to the individual during an emergency 
situation. The disposition instruction requires destoying when 
superseded or obsolete, or upon separation or transfer of employee. The 
disposition authority is DAA-GRS-2016-0004-0002.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    We retain electronic and paper files with personal identifiers in 
secure storage areas accessible only by our

[[Page 15277]]

authorized employees and contractors who have a need for the 
information when performing their official duties. Security measures 
include, but are not limited to, the use of codes and profiles, 
personal identification number and password, and personal 
identification verification cards. We keep paper records in locked 
cabinets within secure areas, with access limited to only those 
employees who have an official need for access in order to perform 
their duties.
    We annually provide our employees and contractors with appropriate 
security awareness training that includes reminders about the need to 
protect PII and the criminal penalties that apply to unauthorized 
access to, or disclosure of, PII (5 U.S.C. 552a(i)(1)). Furthermore, 
employees and contractors with access to databases maintaining PII must 
sign a sanctions document annually, acknowledging their accountability 
for inappropriately accessing or disclosing such information.

RECORD ACCESS PROCEDURES:
    Individuals may submit requests for information about whether this 
system contains a record about them by submitting a written request to 
the system manager at the above address, which includes their name, 
Social Security number (SSN), or other information that may be in this 
system of records that will identify them. Individuals requesting 
notification of, or access to, a record by mail must include: (1) A 
notarized statement to us to verify their identity; or (2) must certify 
in the request that they are the individual they claim to be and that 
they understand that the knowing and willful request for, or 
acquisition of, a record pertaining to another individual under false 
pretenses is a criminal offense.
    Individuals requesting notification of, or access to, records in 
person must provide their name, SSN, or other information that may be 
in this system of records that will identify them, as well as provide 
an identity document, preferably with a photograph, such as a driver's 
license. Individuals lacking identification documents sufficient to 
establish their identity must certify in writing that they are the 
individual they claim to be and that they understand that the knowing 
and willful request for, or acquisition of, a record pertaining to 
another individual under false pretenses is a criminal offense.
    These procedures are in accordance with our regulations at 20 CFR 
401.40 and 401.45.

CONTESTING RECORD PROCEDURES:
    Same as record access procedures. Individuals should also 
reasonably identify the record, specify the information they are 
contesting, and state the corrective action sought and the reasons for 
the correction with supporting justification showing how the record is 
incomplete, untimely, inaccurate, or irrelevant. These procedures are 
in accordance with our regulations at 20 CFR 401.65(a).

NOTIFICATION PROCEDURES:
    Same as record access procedures. These procedures are in 
accordance with our regulations at 20 CFR 401.40 and 401.45.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.
[FR Doc. 2019-07455 Filed 4-12-19; 8:45 am]
 BILLING CODE 4191-02-P