Effective Date: January 25, 2003
(70 F.R. 3571)
SOCIAL SECURITY ADMINISTRATION NOTICE OF SYSTEM OF RECORDS REQUIRED BY
THE PRIVACY ACT OF 1974
System number: 60-0340
System name:
Electronic
Freedom of Information Act (eFOIA) System,
SSA/OGC/OPD.
Security classification:
None.
System location:
Office of Public
Disclosure
Office of the
General Counsel
Social Security
Administration
Categories of individuals covered by the system:
Individuals, or groups of
individuals, who write to the Freedom of Information Officer, Social Security
Administration.
Categories of records in the system:
Copies of
Freedom of Information Act (FOIA) initial requests from individuals and groups
of individuals and replies from SSA’s Freedom of
Information Officer; FOIA appeals and replies to those appeals; and SSA records
that relate to initial and appeal requests (e.g., copies of records that are
disclosed and withheld).
Authority for maintenance of the system:
The
Freedom of Information Act (5 U.S.C. § 552).
Purpose(s):
This system will
be used to manage the Agency’s FOIA workload.
This includes assigning work, processing work electronically, tracking
the status of assignments and providing management information reports relating
to the FOIA requests received by SSA.
Routine uses of records maintained in the system, including categories
of users and the purpose of such uses:
Disclosure may
be made for routine uses as indicated below.
However, disclosure
of any information defined as “return or return information” under 26 U.S.C. §
6103 of the Internal Revenue Code (IRC) will not be made unless authorized by a
statute, the Internal Revenue Service (IRS), or IRS regulations.
1) To the Office of the President for the
purpose of responding to an individual pursuant to an inquiry received from
that individual or from a third party on his or her behalf.
2) To a congressional office in response to an
inquiry from that office made at the request of the subject of a record.
3) To the Internal Revenue Service (IRS), as
necessary, for the purpose of auditing SSA's
compliance with safeguard provisions of the Internal Revenue Code (IRC) of
1986, as amended.
4) To the Department of Justice (DOJ) to defend
SSA in FOIA litigation involving a record maintained in this system of records.
5) To the Department of Justice (DOJ), a court
or other tribunal, or another party before such tribunal when:
a) SSA, any
component thereof; or
b) any SSA employee in his/her official capacity; or
c) any SSA employee in his/her individual capacity where DOJ
(or SSA where it is authorized to do so) has agreed to represent the employee;
or
d) the United
States or any agency thereof where SSA determines that the litigation is likely
to affect the operations of SSA or any of its components, is a party to
litigation or has an interest in such litigation, and SSA determines that the
use of such records by DOJ, a court or other tribunal, or another party before
such tribunal, is relevant and necessary to the litigation, provided, however,
that in each case, SSA determines that such disclosure is compatible with the
purpose for which the records were collected.
6) Disclosure of any information defined as
“returns or return information” under 26
U.S.C. § 6103 of the Internal Revenue Code (IRC) will not be made unless
authorized by a statute, the Internal Revenue Service (IRS), or IRS
regulations.
7) Non-tax return information which is not
restricted from disclosure by Federal law may be disclosed to the General
Services Administration (GSA) and the National Archives and Records
Administration (NARA) under 44 U.S.C. § 2904 and § 2906, as amended by NARA Act
of 1984, for the use of those agencies in conducting records management studies.
8) To student volunteers, individuals working
under a personal service contract, and other individuals performing functions
for SSA but technically not having the status of Agency employees, if they need
access to the records in order to perform their assigned Agency functions.
9) To Federal, State, and local law enforcement
agencies and private security contractors, as appropriate, information
necessary:
-To enable them
to protect the safety of SSA employees and customers, the security of the SSA
workplace, and the operation of SSA facilities, or
-To assist
investigations or prosecutions with respect to activities that affect such
safety and security or activities that disrupt the
operation of SSA facilities.
10) To contractors and other Federal agencies, as
necessary, for the purpose of assisting SSA in the efficient administration of
its programs. We contemplate disclosing
information under this routine use only in situations in which SSA may enter
into a contractual or similar agreement with a third party to assist in
accomplishing an Agency function relating to this system of records.
11) The Commissioner shall disclose to the
Secretary of Health and Human Services (HHS), or to any State, any record or
information requested in writing by the Secretary to be so disclosed for the
purpose of administering any program administered by the Secretary, if records
or information of such type were so disclosed under applicable rules,
regulations and procedures in effect before the date of enactment of the Social
Security Independence and Program Improvements Act of 1994.
** We may
disclose information to appropriate Federal, State, and local agencies,
entities, and persons when (1) we suspect or confirm that the security or
confidentiality of information in this system of records has been compromised;
(2) we determine that as a result of the suspected or confirmed compromise
there is a risk of harm to economic or property interests, identity theft or
fraud, or harm to the security or integrity of this system or other systems or
programs of SSA that rely upon the compromised information; and (3) we
determine that disclosing the information to such agencies, entities, and
persons is necessary to assist in our efforts to respond to the suspected or confirmed
compromise and prevent, minimize, or remedy such harm. SSA will use this
routine use to respond only to those incidents involving an unintentional
release of its records.
Policies and practices for storing, retrieving, accessing, retaining
and disposing of records in the system:
Storage:
Records in this
system are maintained and stored in electronic form.
Retrievability:
Records in this
system are retrieved by a requester’s or third party’s first name, last name,
Social Security Number (SSN), subject matter, or control number.
Safeguards:
Security
measures include the use of access codes to enter the computer system which
will maintain the data, the storage of computerized records in secured areas
which are accessible only to employees who require the information in
performing their official duties. Any
manually maintained records will be kept in locked cabinets or in otherwise
secure areas. SSA employees who have
access to the data will be informed of the criminal penalties of the Privacy
Act for unauthorized access to or disclosure of information maintained in the
system. See 5 U.S.C. § 552a(i)(1).
Contractor
personnel having access to data in the system of records will be required to
adhere to SSA rules concerning safeguards, access and use of the data.
Retention and disposal:
Any document
related to a FOIA request that has been denied will be retained (stored
electronically) for six years from the response date. Requests that have been granted will be
retained for two years from the response date.
When the time period has elapsed, the case will be deleted provided (1)
it is a closed case and (2) there are no open cases linked to that case. If the case is still open or linked to
another open case, deletion will be delayed until closure of all cases
involved.
System manager(s):
Freedom of
Information Officer
Office of Public
Disclosure
Office of the
General Counsel
Social Security
Administration
Notification procedure(s):
An individual
can determine if this system contains a record about him/her by writing to the
systems manager(s) at the above address and providing his/her name, SSN or
other information that may be in the system of records that will identify
him/her. An individual requesting
notification of records in person should provide the same information, as well
as provide an identity document, preferably with a photograph, such as a
driver’s license or some other means of identification. If an individual does not have any
identification documents sufficient to establish his/her identity, the
individual must certify in writing that he/she is the person claimed to be and
that he/she understands that the knowing and willful request for, or
acquisition of, a record pertaining to another individual under false pretenses
is a criminal offense.
If notification
is requested by telephone, an individual must verify his/her identity by
providing name, SSN, address, date of birth, place of birth, and at least one
other piece of identifying information that parallels the record to which
notification is being requested. If it is determined that the identifying information provided by
telephone is insufficient, the individual will be required to submit a request
in writing or in person. If an
individual is requesting information by telephone on behalf of another
individual, the subject individual must be connected with SSA and the
requesting individual in the same phone call.
SSA will establish the subject individual’s identity (his/her name, SSN,
address, date of birth and place of birth along with one other piece of
information such as mother’s maiden name) and ask for his/her permission to
provide the information to the requesting individual.
If a request for
notification is submitted by mail, an individual must include a notarized
statement to SSA to verify his/her identity or must certify in the request that
he/she is the person claimed to be and that he/she understands that the knowing
and willful request for, or acquisition of, a record pertaining to another
individual under false pretenses is a criminal offense. These procedures are in accordance with SSA
Regulations (20 C.F.R. § 401.40).
Record access procedure(s):
Same
as Notification procedures.
Requesters also should reasonably specify the record contents they are
seeking. These procedures are in
accordance with SSA Regulations (20 C.F.R. § 401.50).
Contesting record procedure(s):
Same
as Notification procedures.
Requesters should also reasonably identify the record, specify the
information they are contesting, and state the corrective action sought and the
reasons for the correction with supporting justification showing how the record
is untimely, incomplete, inaccurate, or irrelevant. These procedures are in accordance with SSA
Regulations (20 C.F.R. § 401.65).
Record source categories:
Information is
furnished by the inquirer and generated by SSA in response to FOIA requests.
Systems exempt from certain provisions of the Privacy Act:
None.