Privacy Act of 1974, as Amended; Alterations to Existing System of Records and New Routine Use Disclosure

AGENCY:

Social Security Administration (SSA).

ACTION:

Altered System of Records and Proposed New Routine Use.

SUMMARY:

In accordance with the Privacy Act (5 U.S.C. 552a(e)(4) and (e)(11)), we are issuing public notice of our intent to alter an existing system of records entitled the Visitor Intake Process/Customer Service Record (VIP/CSR) System, 60-0350. The proposed alterations will result in the following changes to the VIP/CSR system of records:

(1) Expansion of the categories of individuals covered by the VIP/CSR system of records to include individuals who visit any SSA office or who may contact any SSA office by telephone and/or by e-mail and who attempt or commit a violent act or make threats of violence towards an SSA employee, any individual visiting an SSA office conducting business, or any SSA office; and recording identifying information about the individual within the Visitor Intake Process/Customer Service Record (VIP/CSR) system.

(2) Expansion of the categories of records maintained in the VIP/CSR system of records to include identifying information about the new category of individuals that will be maintained in the VIP/CSR system of records, and a “High Risk” alert indicator based on type of threat or act of violence perpetrated by the individual.

(3) Expansion of the purposes for which SSA uses information maintained in the VIP/CSR system of records to include use of the system to alert employees in a Social Security office when an individual attempted or committed a violent act or made threats of violence towards an SSA employee, any individual visiting an SSA office conducting business, or any SSA office ; and

(4) A proposed new routine use disclosure applicable to information in the VIP/CSR system of records providing for the release of information to law enforcement agencies and private security contractors to protect the safety of SSA employees and customers, the security of the SSA workplace and the operation of SSA facilities, or to assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupts the operation of SSA facilities.

All of the proposed alterations are discussed in the Supplementary Information section below. We invite public comment on this proposal.

DATES:

We filed a report of the proposed new routine use disclosures with the Chairman of the Senate Committee on Homeland Security and Governmental Affairs, the Chairman of the House Committee on Government Reform, and the Director, Office of Information and Regulatory Affairs, Office of Management and Budget (OMB) on October 3, 2005. The proposed altered system of records, including the proposed new routine use respective to the system, will become effective on November 12, 2005, unless we receive comments warranting them not to become effective.

ADDRESSES:

Interested individuals may comment on this publication by writing to the Deputy Executive Director, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, Room 3-A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401. All comments received will be available for public inspection at the above address.

FOR FURTHER INFORMATION:

Contact Earlene Whitworth Hill, Social Insurance Specialist, Office of Public Disclosure, Office of the General Counsel, Social Security Administration, in Room 3-A-6 Operations Building, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, telephone at (410) 965-1817, e-mail: earlene.whitworth.hill@ssa.gov.

SUPPLEMENTARY INFORMATION:

I. Background and Purpose of the Proposed Alterations to the VIP/CSR System of Records

A. General Background

SSA originally published a notice of the VIP/CSR system of records in the Federal Register at 67 FR 63489, October 11, 2002. SSA uses information in the VIP/CSR system of records for management information and administrative purposes, such as tracking scheduled appointments and monitoring visitor information, and for programmatic purposes associated with individuals' claims for benefits under programs administered by SSA. We are making several alterations to the VIP/CSR system of records as discussed below.

B. Discussion of Proposed Alterations to the VIP/CSR System of Records

SSA provides a variety of services to the general public in connection with various programs under the Social Security Act. This involves personal interaction between SSA employees and the public on many occasions. At times, individuals with whom SSA employees must interact make threats or commit acts of violence against SSA employees. On these occasions, appropriate measures are employed to ensure the safety of our employees and the public. These measures include using security guards to maintain order in Social Security offices and contacting law enforcement officials, as necessary.

However, we have never had a reliable means of ensuring that our employees in one office would have knowledge of an incident involving an individual in another office. We are developing a “High Risk” alert to assist in protecting the safety of our employees, individuals conducting business with SSA and other individuals accompanying such individuals, and SSA facilities. We are proposing to implement the “High Risk” alert by making alterations to the VIP/CSR system of records to allow the electronic maintenance of the “High Risk” alert indicator as a part of the VIP/CSR system of records. This will enable SSA employees at any SSA office to be aware of the potential security risks and to use extra caution when dealing with an individual who is identified in the VIP/CSR system of records as having made a threat or committed an act of violence against an SSA employee, a member of the public conducting business at an SSA facility, or an SSA facility. The specific changes to the VIP/CSR system of records are discussed below.

1. Expansion of the Categories of Individuals Covered by the VIP/CSR System of Records

We are adding a new category of individuals to the VIP/CSR system of records to include information about individuals who contact any SSA office in person, by telephone, or by mail and make a threat, or commit an act of violence, against an SSA employee, individuals conducting business with SSA or other individuals accompanying such individuals, or any SSA office.

2. Expansion of the Categories of Records Maintained in the VIP/CSR System of Records

We are expanding the categories of records covered by the VIP/CSR system of records to include the following “High Risk” alert information about an individual who makes a threat or commits an act of violence against an SSA employee, individuals conducting business with SSA or other individuals accompanying such individuals, or any SSA office:

• Identifying information such as the individual's name and/or Social Security number, and date of birth;
• Information pertaining to the specific nature of the threat or act of violence; and
• Information pertaining to the date and time, and the location of the threat or act of violence.

3. Expansion of the Purpose(s) of the VIP/CSR System of Records

We are expanding the purposes for which we use the information maintained in the VIP/CSR system to include a “High Risk” alert. The alert information will assist SSA employees in identifying individuals who have threatened an act of violence or who have committed an act of violence against an SSA employee, a visitor to any SSA office, or any SSA office.

II. Proposed New Routine Use Disclosure of Data Maintained in the VIP/CSR System of Records

A. Establishment of New Routine Use

We are proposing to establish a new routine use which allows disclosure of information maintained in the Visitor Intake Process/Customer Service Record system to law enforcement agencies and private security contractors.

Federal, State, and local law enforcement agencies, and private security contractors, have responsibility for preventing, handling, monitoring and investigating incidents that affect the safety and security of SSA employees, customers, and workplaces, or otherwise disrupt SSA operations. Prosecution of persons involved in these activities for violation of Federal or local laws may also be appropriate. SSA managers of most SSA leased facilities have to rely primarily on local law enforcement authorities and private security contractors to meet the protective security needs of customers, employees and workplaces.

The new routine use in the VIP/CSR system of records, numbered 7, provides for disclosure of information:

To Federal, State, and local law enforcement agencies and private security contractors, as appropriate, information necessary:

(a) To enable them to protect the safety of SSA employees and customers, the security of the SSA workplace and the operation of SSA facilities, or

(b) To assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupts the operation of SSA facilities.

B. Compatibility of Proposed New Routine Use Disclosure

The Privacy Act (5 U.S.C. 552a(a)(7) and (b)(3)) and SSA's disclosure regulation (20 CFR part 401) permit us to disclose information under a published routine use for a purpose that is compatible with the purpose for which we collected the information. Section 401.150(c) of the regulation permits us to disclose information under a routine use, where necessary, to carry out SSA programs or assist other agencies in administering similar programs. In order for SSA to carry out its programs, it must ensure that its places of business are safe and secure for both customers and employees, that premises and property are safe from theft and damages, that employees can perform their duties without fear of intimidation or injury, and that SSA can prevent and appropriately deal with disruptions in the operation of its facilities. In so far as disclosure to law enforcement agencies and private security contractors will help to accomplish these objectives, the disclosures are an integral part of our program administration responsibilities. Thus, the proposed new routine use disclosure is appropriate and meets the relevant statutory and regulatory criteria.

III. Effect of the Proposed Alterations to the VIP/CSR System of Records

The proposed alterations and new routine use disclosure to the Visitor Intake Process/Customer Service Record (VIP/CSR) System pertain to SSA's responsibilities in collecting, maintaining, and disclosing information about individuals who have threatened an act of violence and/or who have committed an act of violence against an SSA employee, a visitor to any SSA office, and to any SSA office. We will adhere to all applicable statutory requirements, including those under the Social Security Act and the Privacy Act, in carrying out our responsibilities. Therefore, we do not anticipate that the proposed alterations and new routine use disclosure will have an unwarranted adverse effect on the right of individuals.

SYSTEM NUMBER: 60-0350.

System name:

Visitor Intake Process/Customer Service Record (VIP/CSR) System.

Security classification:

None.

System location:

Social Security Administration, Office of Systems, 6401 Security Boulevard, Baltimore, Maryland 21235.

Categories of individuals covered by the system:

This system covers visitors to the Social Security Administration (SSA) field offices (FOs) for various purposes (see “Purpose(s)” section below) and individuals who have threatened an act of violence or have committed an act of violence against an SSA employee, a visitor to any SSA office conducting business or another individual accompanying such visitor, or to any SSA office.

Categories of records in the system:

This system contains the following information about each visitor: (1) Visitor information such as Social Security number (SSN), full name and date of birth, when such information is provided by the visitor; (2) visit information such as the time visitor entered and left the office, an assigned group number, number of interviews associated with the visit and remarks associated with the visit; (3) appointment information such as date/time of appointment, source of appointment and appointment unit number (unit establishing appointment); (4) notice information such as close-out notice type (e.g., title II 6-month closeout letter, title XVI SSA-L991) and close-out notice date/time when sent; (5) interview information such as each occurrence, subject of interview, estimated waiting time, preferred language, type of translator, number of interview in queue, interview disposition (e.g., completed, deleted, left without service), interview priority, start and ending time and name of interviewer; (6) SSN, full name and relationship to claimant/beneficiary, when such information is provided; (7) “High Risk” alert information; i.e., personal information about the visitor such as name, SSN, date of birth, specific nature of the threat or act of violence, the date and time, and the location of the threat or act of violence; and (8) source of the report from the SSA-3114-U4.

Authority for maintenance of the system:

Sections 222, 223, 225, 1611, 1615, 1631 and 1633 of the Social Security Act (42 U.S.C. 422, 423, 425, 1382, 1382d, 1383 and 1383b); the Federal Records Act of 1950 (Pub. L. 81-754, 64 Stat. 583), as amended.

Purpose(s):

Information in this system will be used to:

• Provide a means of collecting waiting time data on all in-office interviews in SSA FOs;
• Provide management information on other aspects of all in-office interviews in SSA FOs;
• Provide a source for customer service record data collection for such interviews, and
• Capture discrete data about the volume and nature of inquiries to support management decisions in the areas of process improvement and resource allocation.
• Provide a means of collecting information about individuals who have threatened an act of violence and/or have committed an act of violence against an SSA employee, or a visitor to any SSA office conducting business, and/or to any SSA office.
• Generate a timely “High Risk” alert to the intake employees of the possibility of an individual who possibly pose a security risk.
• Provide a standard approach to insuring the safety of SSA employees, visitors to any SSA office conducting business, and/or to any SSA office.

The information collected from visitors to SSA FOs will be used for filing claims for benefits under title II, transacting post-entitlement actions if currently entitled to benefits under title II, filing claims for benefits under title XVI, transacting post-eligibility actions if currently eligible for benefits under title XVI, obtaining an SSN, transacting other actions related to a SSN, or other actions/queries that may require an interview at SSA.

The information collected from the “High Risk” alert will be used to advise the intake employee at any SSA office of the potential security risk and to use extra caution when dealing with the individual that is before them and/or who has scheduled an appointment. The “High Risk” alert will include personal information about the visitor such as name, SSN, date of birth, specific nature of the threat or act of violence, the date and time, and the location of the threat or act of violence.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

Disclosures may be made for routine uses as indicated below.

1. To the Office of the President for the purpose of responding to an individual pursuant to an inquiry received from that individual or from a third party on his or her behalf.

2. To a congressional office in response to an inquiry from that office made at the request of the subject of a record.

3. To the Department of Justice (DOJ), a court, or other tribunal, or other party before such tribunal when:

(a) SSA, or any component thereof, or

(b) Any SSA employee in his/her official capacity; or

(c) Any SSA employee in his/her individual capacity where DOJ (or SSA Where it is authorized to do so) has agreed to represent the employee; or

(d) The United States or any agency thereof where SSA determines that the litigation is likely to affect the operations of SSA or any of its components is party to litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court, or other tribunal is relevant and necessary to the litigation, provided, however, that in each case, SSA determines that such disclosure is compatible with the purpose for which the records were collected.

4. To contractors and other Federal agencies, as necessary, to assist SSA in the efficient administration of its programs.

5. To student volunteers, individuals working under a personal services contract, and other individuals performing functions for SSA but technically not having the status of agency employees, if they need access to the records in order to perform their assigned agency functions.

6. Non-tax return information which is not restricted from disclosure by Federal law may be disclosed to the General Services Administration (GSA) and the National Archives and Records Administration (NARA) under 44 U.S.C. 2904 and § 2906, as amended by NARA Act of 1984, for the use of those agencies in conducting records management studies.

7. To Federal, State, and local law enforcement agencies and private security contractors as appropriate, information necessary:

(a) To enable them to protect the safety of SSA employees and customers, the security of the SSA workplace and the operation of SSA facilities, or

(b) To assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupt the operation of SSA facilities.

Policies and Practices for Storing, Retrieving, Accessing, Retaining and Disposing of Records in the System:

Storage:

Records in this system are maintained in both electronic and paper form (e.g., magnetic tape and disc and microfilm).

Retrievability:

Records in this system will be retrieved by the individual's SSN and/or name.

Safeguards:

Security measures include the use of access codes to enter the computer system which will maintain the data, and storage of the computerized records in secured areas which are accessible only to employees who require the information in performing their official duties. SSA employees who have access to the data will be informed of the criminal penalties of the Privacy Act for unauthorized access to or disclosure of information maintained in the system. See 5 U.S.C. 552a(i)(1).

Contractor personnel and/or alternate participants having access to data in the system of records will be required to adhere to SSA rules concerning safeguards, access and use of the data.

Retention and disposal:

Records in the Visitor Intake Process/Customer Service Record (VIP/CSR) System “High Risk” file will be retained for three years. The means of disposal of the information in the Visitor Intake Process/Customer Service Record (VIP/CSR) System “High Risk” file will be appropriate to the storage medium (e.g., deletion of individual electronic records or shredding of paper records). In addition, management officials will have the ability to delete records from the “High Risk” file electronic database.

Records in the Visitor Intake Process/Customer Service Record (VIP/CSR) System are retained for one year when they pertain to documents provided by and returned to an individual, denial of requests for confidential information, release of confidential information to an authorized third party, and undeliverable material. Records are maintained for four years when they contain information and evidence pertaining to Social Security coverage, wage, and self-employment determinations, or when they affect future claims development. Additional information collected, such as waiting time information, may be retained for longer periods for purposes of analysis and process improvement, without regard to individual records.

The means of disposal of the information in this system will be appropriate to the storage medium (e.g., deletion of individual electronic records or shredding of paper records).

system manager(s) and address(es):

Deputy Commissioner, Office of Systems, Social Security Administration, 6401 Security Boulevard, Baltimore, Maryland 21235.

notification procedure(s):

An individual can determine if this system contains a record about him/her by writing to the system manager(s) at the above address and providing his/her name, SSN, or other information that may be in the system of records that will identify him/her. An individual requesting notification of records in person should provide the same information, as well as provide an identity document, preferably with a photograph, such as a driver's license. If an individual does not have identification documents sufficient to establish his/her identity, the individual must certify in writing that he/she is the person claimed to be and that he/she understands that knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.

If notification is requested by telephone, an individual must verify his/her identity by providing identifying information that parallels the record to which notification is being requested. If it is determined the identifying information provided by telephone is insufficient, the individual will be required to submit a request in writing or in person. If an individual is requesting information by telephone on behalf of another individual, the subject individual must be connected with SSA and the requesting individual in the same phone call. SSA will establish the subject individual's identity (his/her name, SSN, address, date of birth and place of birth, along with one other piece of information such as mother's maiden name), and ask for his/her consent in providing information to the requesting individual.

If a request for notification is submitted by mail, an individual must include a notarized statement to SSA to verify his/her identity or must certify in the request that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense. These procedures are in accordance with SSA Regulations (20 CFR 401.40).

record access procedure(s):

Same as “Notification” procedure(s). Requesters also should reasonably specify the record contents they are seeking. These procedures are in accordance with SSA Regulations (20 CFR 401.50).

Contesting record procedure(s):

Same as “Notification” procedures. Requesters also should reasonably identify the record, specify the information they are contesting, and state the corrective action sought, and the reasons for the correction, with supporting justification showing how the record is untimely, incomplete, inaccurate or irrelevant. These procedures are in accordance with SSA Regulations (20 CFR 401.65).

Record source categories:

Information in this system of records is obtained from information collected from individuals interviewed in person in SSA FOs, from existing systems of records, such as the Claims Folders System, (60-0089), Master Beneficiary Record, (60-0090), Supplemental Security Income Record and Special Veterans Benefits, (60-0103), and from information generated by SSA, such as computer date/time stamps at various points in the interview process.

Systems exempted from certain provisions of the Privacy Act:

None.