[Federal Register Volume 85, Number 83 (Wednesday, April 29, 2020)]
[Notices]
[Pages 23880-23882]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-09074]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION

[Docket No. SSA-2019-0043]


Privacy Act of 1974; System of Records

AGENCY: Office of Privacy and Disclosure, Office of the General 
Counsel, Social Security Administration (SSA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act, we are issuing public 
notice of our intent to modify an existing system of records entitled, 
Parking Management Record System, 60-0230, last published in full 
January 11, 2006. This notice publishes details of the modified system 
as set forth under the caption, SUPPLEMENTARY INFORMATION.

DATES: The system of records notice (SORN) is applicable upon its 
publication in today's Federal Register, with the exception of the new 
routine uses, which are effective May 29, 2020. We invite public 
comment on the routine uses or other aspects of this SORN. In 
accordance with 5 U.S.C. 552a(e)(4) and (e)(11), the public is given a 
30-day period in which to submit comments. Therefore, please submit any 
comments by May 29, 2020.

ADDRESSES: The public, Office of Management and Budget (OMB), and 
Congress may comment on this publication by writing to the Executive 
Director, Office of Privacy and Disclosure, Office of the General 
Counsel, Social Security Administration, Room G-401 West High Rise, 
6401 Security Boulevard, Baltimore, Maryland 21235-6401, or through the 
Federal e-Rulemaking Portal at http://www.regulations.gov, please 
reference docket number SSA-2019-0043. All comments we receive will be 
available for public inspection at the above address and we will post 
them to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Elizabeth Boorstein, Government 
Information Specialist, Privacy Implementation Division, Office of 
Privacy and Disclosure, Office of the General Counsel, SSA, Room G-401 
West High Rise, 6401 Security Boulevard, Baltimore, Maryland 21235-
6401, telephone: (410) 966-5855, email: [email protected].

SUPPLEMENTARY INFORMATION: We are modifying the existing system of 
record notice to reflect changes to the process for applying for 
parking on SSA properties; the categories and types of records captured 
within this system; and for the storage and retrieval of parking policy 
violations.
    We are also modifying the notice throughout to correct 
miscellaneous stylistic formatting and typographical errors of the 
previously published notice, and to ensure the language reads 
consistently across multiple systems. We are republishing the entire 
notice for ease of reference.
    In accordance with 5 U.S.C. 552a(r), we provided a report to OMB 
and Congress on this modified system of records.

Matthew Ramsey,
Executive Director, Office of Privacy and Disclosure, Office of the 
General Counsel.

SYSTEM NAME AND NUMBER:
    Social Security Administration (SSA), Parking Management Record 
System, 60-0230

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Social Security Administration, Office of Security and Emergency 
Preparedness, Parking and Credentialing Office, 1501 Robert M. Ball 
Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401.
    Information is also located in additional locations in connection 
with cloud-based services and kept at an additional location as backup 
for business continuity purposes.

SYSTEM MANAGER(S):
    Director, Office of Security Administration and Project Management, 
Social Security Administration, 1501 Robert M. Ball Building, 6401 
Security Boulevard, Baltimore, Maryland 21235-6401, (410) 966-5855.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Federal Property and Administrative Services Act of 1949, as 
amended, (see 40 U.S.C. 101, 121, and 41 CFR 102-74.265-310 and 41 CFR 
102-74.430)

PURPOSE(S) OF THE SYSTEM:
    The purpose of the SSA Parking Management System is to facilitate 
and enforce SSA parking policies. The SSA Parking Management System 
will capture vehicle and owner information on SSA employees, 
contractors, interns, and visitors to SSA facilities who apply for a 
parking permit, who have assignment of space for parking, and who park 
on SSA-controlled property and on property assigned to SSA by the 
General Services Administration or any other agency. This system will 
also capture information about those who violate SSA Parking Policy, 
including parking violation citations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    All Headquarters SSA employees as well as any visitors, carpool 
members, contractors, vendors or building tenants utilizing SSA 
Headquarters parking facilities.

[[Page 23881]]

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system includes all documentation in support of parking 
applications or assignment of parking, such as vehicle owner name, 
Social Security number (SSN), vehicle registration number (license 
plate), state of vehicle registration, vehicle make, model, color. For 
those that received a parking citation by violating SSA Parking Policy, 
this also includes vehicle owner home address.

RECORD SOURCE CATEGORIES:
    Records are developed from the individual during the parking 
assignment application process or at the issuance of parking citations 
due to parking infractions.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Disclosure may be made for routine use as indicated below:
    1. To a congressional office in response to an inquiry from that 
office made on behalf of, and at the request of, the subject of the 
record or a third party acting on the subject's behalf.
    2. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such tribunal, when:
    a. SSA, or any component thereof; or
    b. any SSA employee in his/her official capacity; or
    c. any SSA employee in his/her individual capacity where DOJ (or 
SSA where it is authorized to do so) has agreed to represent the 
employee; or
    d. the United States or any agency thereof where SSA determines 
that there is litigation likely to affect the operations of SSA or any 
of its components, is a party to the litigation or has an interest in 
such litigation, and SSA determines that the use of such records by 
DOJ, a court or other tribunal, or another party before tribunal, is 
relevant and necessary to the litigation, provided, however, that in 
each case, SSA determines that such disclosure is compatible with the 
purpose(s) for which the records were collected.
    3. To student volunteers, individuals working under a personal 
services contract, and other workers who technically do not have the 
status of Federal employees, when they are performing work for SSA, as 
authorized by law, and they need access to personally identifiable 
information (PII) in SSA records in order to perform their assigned 
agency functions.
    4. To the National Archives Records Administration under 44 U.S.C. 
2904 and 2906.
    5. To appropriate agencies, entities, and persons when: (a) SSA 
suspects or has confirmed that there has been a breach of this system 
of records; (b) SSA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, SSA (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (c) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with SSA's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    6. To another Federal agency or Federal entity, when SSA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in: (a) Responding to a suspected 
or confirmed breach; or (b) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security resulting from a suspected or 
confirmed breach.
    7. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary: 
(a) To enable them to protect the safety of SSA employees and 
customers, the security of the SSA workplace and the operation of SSA 
facilities; or (b) to assist investigations or prosecutions with 
respect to activities that affect such safety and security, or 
activities that disrupt the operation of SSA facilities.
    8. To the Office of Personnel Management, the Merit Systems 
Protection Board, or the Office of the Special Counsel when information 
is requested in connection with appeals, special studies of the civil 
service and other merit systems, review of those agencies' rules and 
regulations, investigation of alleged or possible prohibited personnel 
practices, and for such other function of these agencies as may be 
authorized by law, e.g., 5 U.S.C. 1205 and 1206.
    9. To the Equal Employment Opportunity Commission when requested in 
connection with investigations into alleged or possible discriminatory 
practices in the Federal sector, examination of Federal affirmative 
employment programs, compliance by Federal agencies with the Uniform 
Guidelines on Employee Selection Procedures, or other functions vested 
in the Commission.
    10. To the Federal Labor Relations Authority, its General Counsel, 
the Federal Mediation and Conciliation Service, the Federal Service 
Impasses Panel, or an arbitrator when information is requested in 
connection with investigations of allegations of unfair practices, 
matters before an arbitrator or the Federal Service Impasses Panel.
    11. To officials of labor organizations recognized under 5 U.S.C. 
Chapter 71 when relevant and necessary to their duties of exclusive 
representation concerning personnel policies, practices, and matters 
affecting conditions of employment.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Initial parking applications (form SSA-391) are maintained in paper 
form; these forms are used by employees and contractors who have yet to 
access SSA systems and are completed prior to their official duty start 
date. Parking citation records are maintained in an electronic format 
using the parking citation system.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by vehicle owner name, vehicle registration 
number (license plate), state of vehicle registration, vehicle make, 
model, or color.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Superseded materials are maintained by the SSA Office of Security 
Administration and Project Management for historical purposes and the 
control purpose has been met and the records are then destroyed per 
General Records Schedule 01-1 (001): The record retention is 
temporary--destroy when 3 years old, but longer retention is authorized 
if needed for business use. Superseded materials are maintained by the 
SSA Protective Security Officer for historical purposes and the control 
purpose has been met and the records are then destroyed.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    We retain electronic and paper files with personal identifiers in 
secure storage areas accessible only by our authorized employees and 
contractors who have a need for the information when performing their 
official duties. Security measures include the use of codes and 
profiles, personal identification number and password, and personal 
identification verification cards. Further, management grants specific 
personnel access authority to the parking citation system; parking 
enforcement officers are the only personnel allowed to electronically 
upload parking citations. We keep paper records in locked cabinets 
within secure

[[Page 23882]]

areas, with access limited to only those employees who have an official 
need for access in order to perform their duties. We annually provide 
our employees and contractors with appropriate security awareness 
training that includes reminders about the need to protect PII and the 
criminal penalties that apply to unauthorized access to, or disclosure 
of, PII (e.g., 5 U.S.C. 552a(i)(1)). Furthermore, employees and 
contractors with access to databases maintaining PII must sign a 
sanctions document annually, acknowledging their accountability for 
inappropriately accessing or disclosing such information.

RECORD ACCESS PROCEDURES:
    Individuals requesting notification of, or access to, a record by 
mail must include a notarized statement to us to verify their identity 
or must certify in the request that they are the individual they claim 
to be and that they understand that the knowing and willful request 
for, or acquisition of, a record pertaining to another individual under 
false pretenses is a criminal offense.
    Individuals requesting notification of, or access to, records in 
person must provide their name, SSN, or other information that may be 
in this system of records that will identify them, as well as provide 
an identity document, preferably with a photograph, such as a driver's 
license. Individuals lacking identification documents sufficient to 
establish their identity must certify in writing that they are the 
individual they claim to be and that they understand that the knowing 
and willful request for, or acquisition of, a record pertaining to 
another individual under false pretenses is a criminal offense. These 
procedures are in accordance with our regulations at 20 CFR 401.40 and 
401.45.

CONTESTING RECORD PROCEDURES:
    Same as Notification procedures. Also, requesters should reasonably 
identify the record, specify the information they are contesting and 
the corrective action sought, and the reasons for the correction, with 
supporting justification showing how the record is incomplete, 
untimely, inaccurate or irrelevant. These procedures are in accordance 
with SSA regulations (20 CFR 401.65(a)).

NOTIFICATION PROCEDURES:
    An individual can determine if this system contains a record about 
him/her by writing to the system manager(s) at the above address and 
providing his/her name, SSN or other information that may be in the 
system of records that will identify him/her. An individual requesting 
notification of records in person should provide the same information, 
as well as provide an identity document, preferably with a photograph, 
such as a driver's license or some other means of identification. If an 
individual does not have any identification documents sufficient to 
establish his/her identity, the individual must certify in writing that 
he/she is the person claimed to be and that he/she understands that the 
knowing and willful request for, or acquisition of, a record pertaining 
to another individual under false pretenses is a criminal offense.
    If notification is requested by telephone, an individual must 
verify his/her identity by providing identifying information that 
parallels information in the record to which notification is being 
requested. If it is determined that the identifying information 
provided by telephone is insufficient, the individual will be required 
to submit a request in writing or in person. If an individual is 
requesting information by telephone on behalf of another individual, 
the subject individual must be connected with SSA and the requesting 
individual in the same phone call. SSA will establish the subject 
individual's identity (his/her name, SSN, address, date of birth and 
place of birth, along with one other piece of information, such as 
mother's maiden name) and ask for his/her consent in providing 
information to the requesting individual.
    If a request for notification is submitted by mail, an individual 
must include a notarized statement to SSA to verify his/her identity or 
must certify in the request that he/she is the person claimed to be and 
that he/she understands that the knowing and willful request for, or 
acquisition of, a record pertaining to another individual under false 
pretenses is a criminal offense. These procedures are in accordance 
with SSA regulations (20 CFR 401.40).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    17 FR 1846, Social Security Administration Parking Management 
Record System.
    72 FR 69723, Social Security Administration Parking Management 
Record System.
    83 FR 54969, Social Security Administration Parking Management 
Record System.
[FR Doc. 2020-09074 Filed 4-28-20; 8:45 am]
BILLING CODE 4191-02-P