[Federal Register Volume 90, Number 33 (Thursday, February 20, 2025)]
[Notices]
[Pages 10025-10029]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2025-02850]
=======================================================================
-----------------------------------------------------------------------
SOCIAL SECURITY ADMINISTRATION
[Docket No. SSA-2024-0046]
Privacy Act of 1974; System of Records; Correction
AGENCY: Social Security Administration (SSA).
ACTION: Notice of a modified system of records; correction.
-----------------------------------------------------------------------
SUMMARY: We published a document in the Federal Register revisiting our
rules on December 31, 2024. In accordance with the Privacy Act of 1974
and the Executive Order 14168, Defending Women from Gender Ideology
Extremism and Restoring Biological Truth to the Federal Government, we
are re-issuing public notice of our intent to modify an existing system
of records entitled, Master Files of Social Security Number (SSN)
Holders and SSN Applications (60-0058). This notice publishes details
of the modified system as set forth below under the caption,
SUPPLEMENTARY INFORMATION.
DATES: The system of records notice (SORN) is applicable upon its
publication in today's Federal Register, with the exception of the new
routine uses, which are effective March 24, 2025.
We invite public comment on the routine uses or other aspects of
this SORN. In accordance with the Privacy Act of 1974, we are providing
the public a 30-day period in which to submit comments. Therefore,
please submit any comments by March 24, 2025.
ADDRESSES: The public, Office of Management and Budget (OMB), and
Congress may comment on this publication by writing to the Executive
Director, Office of Privacy and Disclosure, Office of the General
Counsel, SSA, Room G-401 West High Rise, 6401 Security Boulevard,
Baltimore, Maryland 21235-6401, or through the Federal e-Rulemaking
Portal at http://www.regulations.gov. Please reference docket number
SSA-2024-0046. All comments we receive will be available for public
inspection at the above address and we will post them to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Tristin Dorsey, Government Information
Specialist, Privacy Implementation Division, Office of Privacy and
Disclosure, Office of the General Counsel, SSA, Room G-401 West High
Rise, 6401 Security Boulevard, Baltimore, Maryland 21235-6401,
telephone: (410) 966-5855, email: [email protected].
SUPPLEMENTARY INFORMATION: We are clarifying the system location to
recognize that we may also maintain records in a cloud-based
environment. We are revising existing routine use Nos. 4, 8, 9, 11, 14,
17, 19, 20, 32, 37, 40, and 47 for easier reading. We are revising the
categories of individuals covered by the system and existing routine
use No. 45 to remove gender references, in compliance with Executive
Order 14168, Defending Women from Gender Ideology Extremism and
Restoring Biological Truth to the Federal Government. We are also
adding a new routine use that permits disclosure to proper applicants
who submit a Social Security card application when the proper
applicants
[[Page 10026]]
establish that the number holders are physically or mentally unable to
file for a Social Security card on their own behalf and provide
evidence of custody or legal relationship for the number holders.
In addition, we are revising the policies and practices for
retention and disposal of records to reflect the accurate retention and
disposal schedules. We are modifying the administrative, technical, and
physical safeguards for easier reading. We are modifying the notice
throughout to correct miscellaneous stylistic formatting and
typographical errors of the previously published notice, and to ensure
the language reads consistently across multiple systems. We are
republishing the entire notice for ease of reference.
In accordance with 5 U.S.C. 552a(r), we have provided a report to
OMB and Congress on this modified system of records.
Matthew Ramsey,
Executive Director, Office of Privacy and Disclosure, Office of the
General Counsel.
System Name and Number:
Master Files of Social Security Number (SSN) Holders and SSN
Applications, 60-0058
Security Classification:
Unclassified.
System Location:
Social Security Administration, Office of Systems, Office of
Systems Operations and Hardware Engineering, Robert M. Ball Building,
6401 Security Boulevard, Baltimore, MD 21235-6401.
Information is also located in additional locations in connection
with cloud-based services and as backup for business continuity
purposes.
System Manager(s):
Social Security Administration, Deputy Commissioner for Retirement
and Disability Policy, Office of Income Security Programs, 6401
Security Boulevard, Baltimore, MD 21235-6401, (410) 966-5855.
Authority for Maintenance of the System:
Sections 205(a) and 205(c)(2) of the Social Security Act, as
amended.
Purpose(s) of the System:
We use information in this system to assign SSNs and for a number
of administrative and program purposes, including but not limited to:
for various Old Age, Survivors, and Disability Insurance (OASDI),
Supplemental Security Income (SSI), and Medicare/Medicaid claims
purposes; as a case control number; as a secondary beneficiary cross-
reference control number for enforcement purposes; for verification of
individual identity factors; and for other claims purposes related to
establishing benefit entitlement. We use information in this system:
for the general administration of the Social Security Act
to ensure the accuracy of enumeration related information in other SSA
systems;
to prevent the processing of an SSN card application for a
person whose application we identified was supported by evidence that
either:
[cir] we suspect may be fraudulent and we are verifying evidence,
or
[cir] we determined to be fraudulent information;
to record accurate earnings information to the correct
individual;
to prevent issuance of multiple SSNs to a person;
for resolution of earnings discrepancy cases; and
for research and statistical activities.
Categories of Individuals Covered by the System:
This system contains a record of each person who has applied for
and to whom we have assigned an SSN. This system also contains records
of each person who applied for an SSN, but to whom we did not assign
one for one of the following reasons: (1) the application was supported
by documents that we suspect may be fraudulent and we are verifying the
documents with the issuing agency; (2) we have determined the person
submitted fraudulent documents; (3) we do not suspect fraud but we need
to further verify information the person submitted or we need
additional supporting documents; or (4) we have not yet completed
processing the application.
Categories of Records in the System:
We collect applications for SSNs. This system contains all of the
information we received on the applications for SSNs (e.g., name, date
and place of birth, sex identification, both parents' names, reference
number, and alien registration number) and all information obtained
during the processing of the SSN request. The system also contains:
changes in the information on the applications the SSN
holders submit;
information from applications supported by evidence we
suspect or determine to be fraudulent, along with the mailing addresses
of the persons who filed such applications and descriptions of the
documentation they submitted;
cross-references when multiple numbers have been issued to
the same person;
a form code that identifies the Form SS-5 (Application for
a Social Security Card Number) as the application the person used for
the initial issuance of an SSN, or for changing the identifying
information (e.g., a code indicating original issuance of the SSN, or
that we assigned the person's SSN through our enumeration at birth
program);
a citizenship code that identifies the number holder's
status as a U.S. citizen or the work authorization of a non-citizen;
a special indicator code that identifies types of
questionable data or special circumstances concerning an application
for an SSN (e.g., false identity; illegal alien; scrambled earnings);
an indication that an SSN was assigned based on
harassment, abuse, or life endangerment;
an indication that a person has filed a benefit claim
under a particular SSN; and
other indicators needed to process SSN requests.
Record Source Categories:
We obtain information in this system of records from SSN applicants
(or persons acting on their behalf), as well as Federal, State, and
local agencies.
Routine Uses of Records Maintained in the System, Including Categories
of Users and Purposes of Such Uses:
We will disclose records pursuant to the following routine uses;
however, we will not disclose any information defined as ``return or
return information'' under 26 U.S.C. 6103 of the Internal Revenue Code
(IRC), unless authorized by a statute, the Internal Revenue Service
(IRS), or IRS regulations.
1. To employers (or agents on their behalf) in order to complete
their records for reporting wages to us pursuant to the Federal
Insurance Contributions Act and section 218 of the Social Security Act.
2. To Federal, State, and local entities to assist them with
administering income maintenance and health-maintenance programs, when
a Federal statute authorizes them to use the SSN.
3. To the Department of Justice (DOJ) for investigating and
prosecuting violations of the Social Security Act.
4. To Department of Homeland Security (DHS), upon request, to
identify and locate aliens in the United States pursuant to section
290(b) of the Immigration and Nationality Act (8 U.S.C. 1360(b)).
[[Page 10027]]
5. To the Railroad Retirement Board (RRB), for the purpose of
administering provisions of the Social Security Act relating to
railroad employment and for administering the Railroad Unemployment
Insurance Act.
6. To the Department of the Treasury (USDT), for:
(a) tax administration as defined in section 6103 of the IRC (26
U.S.C. 6103);
(b) investigating the alleged theft, forgery, or unlawful
negotiation of Social Security checks; and
(c) administering those sections of the IRC that grant tax benefits
based on support or residence of children. As required by section
1090(b) of the Taxpayer Relief Act of 1997, Public Law 105-34, this
routine use applies specifically to the SSNs of parents shown on an
application for an SSN for a person who has not yet attained age 18.
7. To a congressional office in response to an inquiry from that
office made on behalf of, and at the request of, the subject of the
record or third party acting on the subject's behalf.
8. To the Department of State (DOS) for administering the Social
Security Act in foreign countries through its facilities and services.
9. To the American Institute, a private corporation under contract
to DOS, for administering the Social Security Act in Taiwan through
facilities and services of that agency.
10. To the Department of Veterans Affairs (DVA), Regional Office,
Manila, Philippines, for the administration of the Social Security Act
in the Philippines and other parts of the Asia-Pacific region through
services and facilities of that agency.
11. To the Department of Labor (DOL) for administering provisions
of Title IV of the Federal Coal Mine Health and Safety Act, as amended
by the Black Lung Benefits Act, and for studies on the effectiveness of
training programs to combat poverty.
12. To DVA:
(a) to validate SSNs of compensation recipients/pensioners so that
DVA can release accurate pension/compensation data to us for Social
Security program purposes; and
(b) upon request, for purposes of determining eligibility for, or
amount of DVA benefits, or verifying other information with respect
thereto.
13. To Federal agencies that use the SSN as a numerical identifier
in their record-keeping systems for the purpose of validating SSNs.
14. To DOJ, a court or other tribunal, or another party before such
court or tribunal, when:
(a) SSA, or any component thereof; or
(b) any SSA employee in the employee's official capacity; or
(c) any SSA employee in the employee's individual capacity where
DOJ (or SSA, where it is authorized to do so) has agreed to represent
the employee; or
(d) the United States or any agency thereof where we determine the
litigation is likely to affect SSA or any of its components, is a party
to the litigation or has an interest in such litigation, and SSA
determines that the use of such records by DOJ, a court or other
tribunal, or another party before the tribunal is relevant and
necessary to the litigation, provided, however, that in each case, we
determine that such disclosure is compatible with the purpose for which
the records were collected.
15. To State audit agencies for the purpose of:
(a) auditing State supplementation payments and Medicaid
eligibility considerations; and
(b) expenditures of Federal funds by the State in support of the
Disability Determination Services.
16. To the Social Security agency of a foreign country to carry out
the purpose of an international social security agreement entered into
between the United States and the other country, pursuant to section
233 of the Social Security Act.
17. To Federal, State, or local agencies (or agents on their
behalf), for administering income or health maintenance programs
including programs under the Social Security Act. Such disclosures
include the release of information to the following agencies, but are
not limited to:
(a) RRB, for administering provisions of the Railroad Retirement
Act and Social Security Act, relating to railroad employment, and for
administering provisions of the Railroad Unemployment Insurance Act;
(b) DVA, for administering 38 U.S.C. 1312, and upon request, for
determining eligibility for, or amount of, veterans' benefits or for
verifying other information with respect thereto pursuant to 38 U.S.C.
5106;
(c) DOL, for administering provisions of Title IV of the Federal
Coal Mine Health and Safety Act, as amended by the Black Lung Benefits
Act.
18. To State welfare departments:
(a) pursuant to agreements with us, for the administration of State
supplementation payments;
(b) for enrollment of welfare beneficiaries for medical insurance
under section 1843 of the Social Security Act; and
(c) for conducting independent quality assurance reviews of SSI
beneficiary records, provided that the agreement for Federal
administration of the supplementation provides for such an independent
review.
19. To third party contacts (e.g., State bureaus of vital
statistics and DHS) that issue documents to persons when the third
party has, or is expected to have, information that will verify
documents when we are unable to determine if such documents are
authentic.
20. To DOJ, Criminal Division, Human Rights and Special
Prosecutions Section, upon receipt of a request for information
pertaining to the identity and location of aliens for the purpose of
detecting, investigating and, where appropriate, taking legal action
against suspected participants in Nazi persecution, genocide, and
torture or extra judicial killings in the United States.
21. To the Selective Service System for the purpose of enforcing
draft registration pursuant to the provisions of the Military Selective
Service Act (50 U.S.C. App. Sec. 462, as amended by section 916 of
Pub. L. 97-86).
22. To contractors and other Federal agencies, as necessary, for
assisting SSA in the efficient administration of its programs. We will
disclose information under this routine use only in situations in which
SSA may enter into a contractual or similar agreement with a third
party to assist in accomplishing an agency function relating to this
system of records.
23. To the National Archives and Records Administration (NARA)
under 44 U.S.C. 2904 and 2906.
24. To the Office of Personnel Management (OPM) upon receipt of a
request from that agency in accordance with 5 U.S.C. 8347(m)(3), to
disclose SSN information when OPM needs the information to administer
its pension program for retired Federal Civil Service employees.
25. To the Department of Education (ED), upon request, to verify
SSNs and to disclose citizenship status concerning applicants who apply
to postsecondary educational institutions for financial assistance
under Title IV of the Higher Education Act of 1965 (20 U.S.C. 1091).
26. To student volunteers, individuals working under a personal
services contract, and other workers who technically do not have the
status of Federal employees, when they are performing work for us, as
authorized by law, and they need access to personally identifiable
information (PII) in our records in order to perform their assigned
agency functions.
[[Page 10028]]
27. To Federal, State, and local law enforcement agencies and
private security contractors, as appropriate, information necessary:
(a) to enable them to ensure the safety of our employees and
customers, the security of our workplace, and the operation of our
facilities; or
(b) to assist investigations or prosecutions with respect to
activities that affect such safety and security or activities that
disrupt the operation of our facilities.
28. To recipients of erroneous Death Master File (DMF) information,
to disclose corrections to information that resulted in erroneous
inclusion of persons in the DMF.
29. To State vital records and statistics agencies, the SSNs of
newborn children for administering public health and income maintenance
programs, including conducting statistical studies and evaluation
projects.
30. To State motor vehicle administration agencies (MVA) and to
State agencies charged with administering State identification card
programs for the public to verify names, dates of birth, and Social
Security numbers on those persons who apply for, or for whom the State
issues, driver's licenses or State identification cards.
31. To entities conducting epidemiological or similar research
projects, upon request, pursuant to section 1106(d) of the Social
Security Act (42 U.S.C. 1306(d)), to disclose information as to whether
a person is alive or deceased, provided that:
(a) we determine, in consultation with the Department of Health and
Human Services (HHS), that the research may reasonably be expected to
contribute to a national health interest;
(b) the requester agrees to reimburse us for the costs of providing
the information; and
(c) the requester agrees to comply with any safeguards and
limitations we specify regarding re-release or re-disclosure of the
information.
32. To DHS and to employers for the administration of the E-Verify
Program, pursuant to Public Law 104-208, section 404(e). We will inform
DHS and the employer participating in the E-Verify Program that the
identifying data (SSN, name, and date of birth) furnished by an
employer concerning a particular employee matches, or does not match,
the data maintained in this system of records, and when there is such a
match, that information in this system of records indicates that the
employee is, or is not, a citizen of the United States.
33. To a State Bureau of Vital Statistics (BVS) that is authorized
by States to issue electronic death reports when the State BVS requests
that we verify the SSN of a person on whom the State will file an
electronic death report after we verify the SSN.
34. To the Department of Defense (DOD) to disclose validated SSN
information and citizenship status information for the purpose of
assisting DOD in identifying those members of the Armed Forces and
military enrollees who are aliens or non-citizen nationals who may
qualify for expedited naturalization or citizenship processing. These
disclosures will be made pursuant to requests made under section 329 of
the Immigration and Nationality Act, 8 U.S.C. 1440, as executed by
Executive Order 13269.
35. To contractors, cooperative agreement awardees, State agencies,
Federal agencies, and Federal congressional support agencies for
research and statistical activities that are designed to increase
knowledge about present or alternative Social Security programs; are of
importance to the Social Security program or the Social Security
beneficiaries; or are for an epidemiological project that relates to
the Social Security program or beneficiaries. We will disclose
information under this routine use pursuant only to a written agreement
with us.
36. To State and Territory MVA officials (or agents or contractors
on their behalf) and State and Territory chief election officials,
under the provisions of section 205(r)(8) of the Social Security Act
(42 U.S.C. 405(r)(8)), to verify the accuracy of information the State
agency provides with respect to applications for voter registration for
those persons who do not have a driver's license number:
(a) when the applicant provides the last four digits of the SSN, or
(b) when the applicant provides the full SSN, in accordance with
section 7 of the Privacy Act (5 U.S.C. 552a note), as described in
section 303(a)(5)(D) of the Help America Vote Act of 2002. (42 U.S.C.
15483(a)(5)(D)).
37. To the Secretary of HHS or to any State, any record or
information requested in writing by the Secretary for the purpose of
administering any program administered by the Secretary, if we
disclosed records or information of such type under applicable rules,
regulations, and procedures in effect before the date of enactment of
the Social Security Independence and Program Improvements Act of 1994.
38. To appropriate agencies, entities, and persons when:
(a) SSA suspects or has confirmed that there has been a breach of
the system of records;
(b) SSA has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, SSA (including
its information systems, programs, and operations), the Federal
Government, or national security; and
(c) the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with SSA's efforts to
respond to the suspected or confirmed breach or to prevent, minimize,
or remedy such harm.
39. To State agencies charged with administering Medicaid and the
Children's Health Insurance Program (CHIP) to verify personal
identification data (e.g., name, SSN, and date of birth) and to
disclose citizenship status information to assist them in determining
new applicants' entitlement to benefits provided by the CHIP.
40. To HHS, Centers for Medicare and Medicaid Services (CMS), for
the purpose of the administration of Insurance Affordability Programs
(IAP) and to identify individuals who qualify for an exemption from the
individual responsibility requirement in accordance with the Patient
Protection and Affordable Care Act of 2010 (Pub. L. 111-148), as
amended by the Health Care and Education Reconciliation Act of 2010
(Pub. L. 111-152). IAPs include a Qualified Health Plan through the
Exchange, Advance Payments of the Premium Tax Credit, Cost Sharing
Reductions, Medicaid, CHIP, and the Basic Health Program.
41. To the Corporation for National and Community Service, upon
request, to verify SSNs and to provide citizenship status as recorded
in our records concerning individuals applying to serve in approved
national service positions and those designated to receive national
service education awards under the National and Community Service Act.
42. To another Federal agency or Federal entity, when SSA
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in:
(a) responding to a suspected or confirmed breach; or
(b) preventing, minimizing, or remedying the risk of harm to
individuals, the recipient agency or entity (including its information
systems, programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
[[Page 10029]]
43. To State and local government agencies, in situations involving
suspected abuse, neglect, or exploitation of minor children or
vulnerable adults, to report suspected abuse or determine a victim's
eligibility for services.
44. To a State BVS, when it provided SSA information that an
individual was deceased to notify the State of the error in the record
so furnished.
45. To USDT, for purposes of tax administration, debt collection,
and identifying, preventing, and recovering improper payments under
federally funded programs and to Federal and State agencies for
conducting statistical and research activities, pursuant to sections
202(x) and 1611(e) of the Social Security Act. We will disclose only
verified prisoner information (e.g., name, SSN, sex code, and date of
birth) under this routine use.
46. To the Office of the President, in response to an inquiry from
that office made on behalf of, and at the request of, the subject of
the record or a third party acting on the subject's behalf.
47. To HHS, Office of Child Support Enforcement, as required by
section 453(e)(2) and (j)(1) of the Social Security Act for the
administration of the Federal Parent Locator System.
48. To proper applicants submitting an application for a Social
Security Card, when the proper applicants establish that the number
holders are physically or mentally unable to file for a Social Security
card on their own behalf and provide evidence of custody or legal
relationship for the number holders, we may provide the number holders'
SSN.
Policies and Practices for Storage of Records:
We will maintain records in this system in paper and in electronic
form.
Policies and Practices for Retrieval of Records:
This system maintains information about individuals by SSN, name,
date of birth, the agency's internal processing reference number, or
alien registration number. If we deny an application because the
applicant submitted fraudulent evidence, or if we are verifying
evidence we suspect to be fraudulent, we will retrieve records either
by the applicant's name plus month and year of birth, or by the
applicant's name plus the eleven-digit reference number of the
disallowed application.
Policies and Practices for Retention and Disposal of Records:
In accordance with NARA rules codified at 36 CFR 1225.16, we
maintain records in accordance with NARA-approved agency-specific
records schedule, N1-47-09-02, item 2, and NARA's General Records
Schedule (GRS) 4.2, items 020 and 050, and GRS 5.2, item 010.
Administrative, Technical, and Physical Safeguards:
We retain electronic and paper files containing personal
identifiers in secure storage areas accessible only by authorized
individuals, including our employees and contractors, who have a need
for the information when performing their official duties. Security
measures include, but are not limited to, the use of codes and
profiles, personal identification number and password, and personal
identification verification cards. We restrict access to specific
correspondence within the system based on assigned roles and authorized
users. We keep paper records in cabinets within secure areas, with
access limited to only those employees who have an official need for
access in order to perform their duties. We use audit mechanisms to
record sensitive transactions as an additional measure to protect
information from unauthorized disclosure or modification.
We annually provide authorized individuals, including our employees
and contractors, with appropriate security awareness training that
includes reminders about the need to protect PII and the criminal
penalties that apply to unauthorized access to, or disclosure of, PII
(5 U.S.C. 552a(i)(1)). Furthermore, authorized individuals with access
to databases maintaining PII must annually sign a sanctions document
that acknowledges their accountability for inappropriately accessing or
disclosing such information.
Record Access Procedures:
Individuals may submit requests for information about whether this
system contains a record about them by submitting a written request to
the system manager at the above address, which includes their name,
SSN, or other information that may be in this system of records that
will identify them. Individuals requesting notification of, or access
to, a record by mail must include: (1) a notarized statement to us to
verify their identity; or (2) must certify in the request that they are
the individual they claim to be and that they understand that the
knowing and willful request for, or acquisition of, a record pertaining
to another individual under false pretenses is a criminal offense.
Individuals requesting notification of, or access to, records in
person must provide their name, SSN, or other information that may be
in this system of records that will identify them, as well as provide
an identity document, preferably with a photograph, such as a driver's
license. Individuals lacking identification documents sufficient to
establish their identity must certify in writing that they are the
individual they claim to be and that they understand that the knowing
and willful request for, or acquisition of, a record pertaining to
another individual under false pretenses is a criminal offense.
These procedures are in accordance with our regulations at 20 CFR
401.40 and 401.45.
Contesting Record Procedures:
Same as record access procedures. Individuals should also
reasonably identify the record, specify the information they are
contesting, and state the corrective action sought and the reasons for
the correction with supporting justification showing how the record is
incomplete, untimely, inaccurate, or irrelevant. These procedures are
in accordance with our regulations at 20 CFR 401.65(a).
Notification Procedures:
Same as records access procedures. These procedures are in
accordance with our regulations at 20 CFR 401.40 and 401.45.
Exemptions Promulgated for the System
None.
History:
89 FR 107185 (December 31, 2024), Master Files of SSN Holders and
SSN Applications.
[FR Doc. 2025-02850 Filed 2-19-25; 8:45 am]
BILLING CODE 4191-02-P