[Federal Register Volume 85, Number 232 (Wednesday, December 2, 2020)]
[Notices]
[Pages 77478-77480]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-26535]


=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION

[Docket No. SSA-2020-0030]


Privacy Act of 1974; System of Records

AGENCY: Office of Research, Demonstration, and Employment Support, 
Office of Retirement and Disability Policy, Social Security 
Administration (SSA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act, we are issuing public 
notice of our intent to modify an existing system of records entitled, 
Disability Analysis File (DAF) and the National Beneficiary Survey 
(NBS) Data System (60-0382), last published on December 21, 2018. This 
notice publishes details of the modified system as set forth below 
under the caption, SUPPLEMENTARY INFORMATION.

DATES: The system of records notice (SORN) is applicable upon its 
publication in today's Federal Register, with the exception of the new 
routine uses, which are effective January 4, 2021. We invite public 
comment on the routine uses or other aspects of this SORN. In 
accordance with 5 U.S.C. 552a(e)(4) and (e)(11), we are providing the 
public a 30-day period in which to submit comments. Therefore, please 
submit any comments by January 4, 2021.

ADDRESSES: The public, Office of Management and Budget (OMB), and 
Congress may comment on this publication by writing to the Executive 
Director, Office of Privacy and Disclosure, Office of the General 
Counsel, SSA, Room G-401 West High Rise, 6401 Security Boulevard, 
Baltimore, Maryland 21235-6401, or through the Federal e-Rulemaking 
Portal at http://www.regulations.gov. Please reference docket number 
SSA-2020-0030. All comments we receive will be available for public 
inspection at the above address and we will post them to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Talya White, Government Information 
Specialist, Privacy Implementation Division, Office of Privacy and 
Disclosure, Office of the General Counsel, SSA, Room G-401 West High 
Rise, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, 
telephone: (410) 966-5855, email: [email protected] and Tristin 
Dorsey, Government Information Specialist, Privacy Implementation 
Division, Office of Privacy and Disclosure, Office of the General 
Counsel, SSA, Room G-401 West High Rise, 6401 Security Boulevard, 
Baltimore, Maryland 21235-6401, telephone: (410) 966-5855, email: 
[email protected].

SUPPLEMENTARY INFORMATION: We are modifying the language in routine use 
No. 3 to clarify the type of access authorized to organizations and 
agencies for research and statistical activities.
    In addition, we are adding a new routine use to permit disclosures 
to the Census Bureau, for the purpose of providing SSA-approved 
organizations and agencies access to DAF-NBS records at Census Bureau 
Federal Statistical Research Data Centers for authorized research and 
statistics activities. We are also updating the records retention and 
disposal schedule.
    Lastly, we are modifying the notice throughout to correct 
miscellaneous stylistic formatting and typographical errors of the 
previously published notice, and to ensure the language reads 
consistently across multiple systems. We are republishing the entire 
notice for ease of reference.
    In accordance with 5 U.S.C. 552a(r), we have provided a report to 
OMB and Congress on this modified system of records.

Matthew Ramsey,
Executive Director, Office of Privacy and Disclosure, Office of the 
General Counsel.

SYSTEM NAME AND NUMBER:
    Disability Analysis File (DAF) and the National Beneficiary Survey 
(NBS) Data System, 60-0382.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Social Security Administration, Office of Retirement and Disability 
Policy, Office of Research, Demonstration, and Employment Support, 6401 
Security Boulevard, Baltimore, Maryland 21235.

SYSTEM MANAGER(S):
    Social Security Administration, Deputy Commissioner for Retirement 
and Disability Policy, Office of Research, Demonstration, and 
Employment Support, 6401 Security Boulevard, Baltimore, Maryland 21235, 
(410) 966-5855.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Sections 234, 1106, and 1110 of the Social Security Act, as 
amended, and SSA Regulations (20 CFR 401.165).

PURPOSE(S) OF THE SYSTEM:
    We will use the information in this system to perform research 
about SSDI and/or SSI beneficiaries. We may also grant outside 
researchers access to information in this system when conducting SSA-
approved research. Researchers and statisticians use the data to 
perform in-depth research including, but not limited to, examining the 
medical, economic, and social consequences of limitations in work

[[Page 77479]]

activity for individuals with disabilities and their families; program 
planning and evaluation; evaluation of proposals for policy and 
legislative changes; and to determine the characteristics of program 
applicants and benefit recipients.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system maintains information about past, present, and 
potential beneficiaries (e.g., denied applicants) of SSDI and SSI, as 
well as, State Vocational Rehabilitation programs.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system consists of records that include name; Social Security 
number (SSN); socioeconomic data (e.g., education, work, and earnings); 
demographics (e.g., date of birth, date of death, sex, and state of 
residence); medical characteristics (e.g., number of limitations, self-
reported health, mental health score); disability characteristics 
(e.g., primary diagnosis code and dual eligibility); information 
concerning subjects (e.g., health, self-reported health status, work 
experience, and family relationships); benefits (e.g., combined SSI and 
SSDI); and use of medical and rehabilitative services (e.g., agency 
closure type and service use).

RECORD SOURCE CATEGORIES:
    We obtain information in this system of records from existing SSA 
systems of records, including but not limited to 60-0050, Completed 
Determination Record--Continuing Disability Determinations; 60-0058, 
Master File of Social Security Number (SSN) Holders and SSN 
Applications; 60-0090, Master Beneficiary Record; 60-0103, Supplemental 
Security Income Record and Special Veterans Benefits; 60-0221, 
Vocational Rehabilitation Reimbursement Case Processing System; 60-
0295, Ticket-to-Work and Self-Sufficiency Program Payment Database; and 
60-0320, Electronic Disability (eDIB) Claim File.
    The system also contains data from system of records 60-0059, 
Earnings Recording and Self-Employment Income System. Only SSA staff 
have access to data from the Earnings Recording and Self-Employment 
Income System.
    We also obtain information in this system of records from other 
Federal agencies (e.g., the U.S. Census Bureau and U.S. Department of 
Education (e.g., the Rehabilitation Services Administration, for 
vocational rehabilitation program applicant or participant data)); 
surveys (e.g., the National Beneficiary Survey); and other extramural 
research conducted under agreements, contracts, and grants between SSA 
and other agencies or entities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    We will disclose records pursuant to the following routine uses; 
however, we will not disclose any information defined as ``return or 
return information'' under 26 U.S.C. 6103 of the Internal Revenue Code 
(IRC), unless authorized by a statute, the Internal Revenue Service 
(IRS), or IRS regulations.
    1. To contractors and other Federal agencies, as necessary, for the 
purpose of assisting SSA in the efficient administration of its 
programs. We will disclose information under this routine use only in 
situations in which we may enter into a contractual or similar 
agreement with a third party to assist in accomplishing an agency 
function relating to this system of records.
    2. To contractors, cooperative agreement awardees, State agencies, 
Federal agencies, and Federal congressional support agencies for 
research and statistical activities that are designed to increase 
knowledge about present or alternative Social Security programs; are of 
importance to the Social Security program or beneficiaries; or are for 
an epidemiological project that relates to the Social Security program 
or beneficiaries. We will disclose information under this routine use 
pursuant only to a written agreement with SSA.
    3. To organizations and agencies that have been granted access to 
DAF-NBS records onsite at SSA or offsite at Census Bureau Federal 
Statistical Research Data Centers for research and statistics 
activities that are designed to increase knowledge about present or 
alternative Social Security programs; are of importance to the Social 
Security program or the Social Security beneficiaries; or are for an 
epidemiological project that relates to the Social Security program or 
beneficiaries. We will disclose information under this routine use 
pursuant only to a written agreement between the organization or agency 
and SSA.
    4. To student volunteers, individuals working under a personal 
services contract, and other workers who technically do not have the 
status of Federal employees, when they are performing work for SSA, as 
authorized by law, and they need access to personally identifiable 
information (PII) in SSA records in order to perform their assigned 
agency functions.
    5. To a congressional office in response to an inquiry from that 
office made on behalf of, and at the request of, the subject of the 
record or third party acting on the subject's behalf.
    6. To the Office of the President, in response to an inquiry from 
that office made on behalf of, and at the request of, the subject of 
record or a third party acting on the subject's behalf.
    7. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such court or tribunal, when:
    (a) SSA, or any component thereof; or
    (b) any SSA employee in his or her official capacity; or
    (c) any SSA employee in his or her individual capacity where DOJ 
(or SSA where it is authorized to do so) has agreed to represent the 
employee; or
    (d) the United States or any agency thereof where we determine the 
litigation is likely to affect SSA or any of its components, is a party 
to the litigation or has an interest in such litigation, and we 
determine that the use of such records by DOJ, a court or other 
tribunal, or another party before the tribunal is relevant and 
necessary to the litigation, provided, however, that in each case, we 
determine that such disclosure is compatible with the purpose for which 
the records were collected.
    8. To Federal, State and local law enforcement agencies and private 
security contractors, as appropriate, information necessary:
    (a) To enable them to protect the safety of SSA employees and 
customers, the security of the SSA workplace, and the operation of our 
facilities; or
    (b) to assist in investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of our facilities.
    9. To the National Archives and Records Administration (NARA) under 
44 U.S.C. 2904 and 2906.
    10. To appropriate agencies, entities, and persons when:
    (a) SSA suspects or has confirmed that there has been a breach of 
the system of records;
    (b) SSA has determined that as a result of the suspected or 
confirmed breach, there is a risk of harm to individuals, SSA 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and
    (c) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connections with SSA's efforts to 
respond to the suspected or confirmed

[[Page 77480]]

breach or to prevent, minimize, or remedy such harm.
    11. To another Federal agency or Federal entity, when we determine 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in:
    (a) Responding to a suspected or confirmed breach; or
    (b) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    12. To the Census Bureau, for the purpose of providing SSA-approved 
organizations and agencies access to DAF-NBS records at Census Bureau 
Federal Statistical Research Data Centers for authorized research and 
statistics activities.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    We will maintain records in this system in paper form (e.g., 
questionnaire forms, computer printouts) and in electronic form (e.g., 
magnetic tape and disc).

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    We will retrieve records in this system by case number or SSN. We 
will also retrieve records by socioeconomic, demographic, medical, and 
disability characteristics.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    In accordance with NARA rules codified at 36 CFR 1225.16, we 
maintain records in accordance with agency-specific records schedule 
NC1-47-78-21, item I.A.3.a.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    We retain electronic and paper files with personal identifiers in 
secure storage areas accessible only by our authorized employees and 
contractors who have a need for the information when performing their 
official duties. Security measures include the use of codes and 
profiles, personal identification number and password, and personal 
identification verification cards. We keep paper records in locked 
cabinets within secure areas, with access limited to only those 
employees who have an official need for access in order to perform 
their duties. To the maximum extent consistent with the approved 
research needs, we purge personal identifiers from micro-data files 
prepared for purposes of research and subject these files to procedural 
safeguards to assure anonymity.
    We annually provide our employees and contractors with appropriate 
security awareness training that includes reminders about the need to 
protect PII and the criminal penalties that apply to unauthorized 
access to, or disclosure of, PII (5 U.S.C. 552a(i)(1)). Furthermore, 
employees and contractors with access to databases maintaining PII must 
sign a sanctions document annually, acknowledging their accountability 
for inappropriately accessing or disclosing such information.
    In addition, all external researchers accessing the DAF-NBS system 
of records will be required to complete the appropriate security 
awareness training, which includes reminders about the need to protect 
PII and the criminal penalties that apply to unauthorized access to, or 
disclosure of, PII.

RECORD ACCESS PROCEDURES:
    Individuals may submit requests for notification of, or access to, 
information about them contained in this system by submitting a written 
request to the system manager at the above address, which includes 
their name, SSN, or other information that may be in this system of 
records that will identify them. Individuals requesting notification 
of, or access to, a record by mail must include (1) a notarized 
statement to verify their identity or (2) must certify in the request 
that they are the individual they claim to be and that they understand 
that the knowing and willful request for, or acquisition of, a record 
pertaining to another individual under false pretenses is a criminal 
offense.
    Individuals requesting notification of, or access to, records may 
also make an in-person request by providing their name, SSN, or other 
information that may be in this system of records that will identify 
them, as well as provide an identifying document, preferably with a 
photograph, such as a driver's license. Individuals lacking 
identification documents sufficient to establish their identity must 
certify in writing that they are the individual they claim to be and 
that they understand that the knowing and willful request for, 
acquisition of, a record pertaining to another individual under false 
pretenses is a criminal offense. These procedures are in accordance 
with our regulations at 20 CFR 401.40 and 401.45.

CONTESTING RECORD PROCEDURES:
    Same as record access procedures. Individuals should also 
reasonably identify the record, specify the information they are 
contesting, and state the corrective action sought and the reasons for 
the correction with supporting justification showing how the record is 
incomplete, untimely, inaccurate, or irrelevant. These procedures are 
in accordance with our regulations at 20 CFR 401.65(a).

NOTIFICATION PROCEDURES:
    Same as record access procedures. These procedures are in 
accordance with our regulations at 20 CFR 401.40 and 401.45.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    83 FR 65779, Disability Analysis File (DAF) and National 
Beneficiary Survey (NBS) Data System.

[FR Doc. 2020-26535 Filed 12-1-20; 8:45 am]
BILLING CODE 4191-02-P