Social Security Administration
Privacy Impact Assessment (PIA)
- Name of
Project.
National 800-Number Claims Status
- Unique
project identifier.
#2093NCLA
·
Privacy Impact Assessment Contact.
Center
Director
Field
Network and Planning
Office
of Telephone Services
Social
Security Administration
- Description
of the information to be collected, why the information is being
collected, the intended use of the information being collected, and with
whom the information will be shared.
National 800-Number Claim Status Automated Telephone
System Application
This
automated telephone system application will allow Title II claimants who have
filed for benefits (Social Security Retirement, Spouse’s, or Disability) to
receive the status of their claim(s) filed:
(1) in the Social Security field office (FO); (2) over the telephone; or
(3) online, with the automated telephone portion of SSA’s National 800-Number using
interactive voice recognition or the touchtone feature. In order to use
this application, the users must have first filed an application for Title II benefits,
provided enough information to get the process started, and received an 8-digit
numeric confirmation number.
We provide a confirmation number when a person files a claim for
Title II benefits:
1.
In the
FO and the individual states that he
or she would like to use the internet or the telephone to get the status of his
or her claim. The system will generate a
confirmation number and the Claims Representative will print a copy of the
confirmation number and give it to the claimant; or
2.
Over
the telephone with a Social Security
Claims Representative and the individual states that he or she would like to
use the internet or the telephone to get the status of his or her claim. The system will generate and mail a
confirmation number to the individual’s mailing address; or
3.
Online at the Social Security website. The confirmation number is generated automatically.
Collection
of Information
This
automated telephone system application requires that the user input his or her Social
Security number (SSN), date of birth (DOB), and an 8-digit numeric confirmation
number.
We
will use a knowledge-based process to verify the identity of the user, and use the
confirmation number to associate that user with the appropriate claim. To this end, we will match the SSN and DOB
information with information in our Privacy Act system of records entitled, Master Files of Social Security Number (SSN)
Holders and SSN Applications, (60-0058), to verify the caller’s identity. Once
we verify the identity, we will match the confirmation number with information
in our Privacy Act system of records entitled, Claims Folders System, (60-0089) to determine the appropriate claim
on which the user is requesting a status.
If we verify the user’s identity, we will associate the verified
identity information with the appropriate SSA records and we will provide the individual
the status of his or her claim.
The information
collected in this telephone application will not be shared
nor will we maintain any of the data elements input by the user. It is held encrypted in short-lived
memory. When the call is completed, we
delete all of the information collected during the call.
Describe the administrative and
technological controls that are in place or that are planned to secure the
information being collected.
Reducing
Potential Risks to Individuals’ Privacy and Protecting Information Being
Collected
In
order to mitigate risks, access to the actual claim status requires an exact
match of the SSN and confirmation number.
Users who fail the authentication process, users who do not have a confirmation
number, and those beneficiaries who have blocked all automated telephone system
and Internet access to their personal information will be unable to use this automated
telephone system application. The user
will be offered the option to speak with an agent.
Administrative
and Technological Controls that are in Place
The
automated telephone system that houses the claim status application has
undergone authentication and security risk analyses. This process includes an evaluation of
security and audit controls proven to be effective in protecting the
information collected, stored, processed, and transmitted by our information
systems. These include technical,
management, and operational controls that permit access to our information only
to users with and official “need to know.” Audit
mechanisms are in place to record sensitive transactions as an additional
measure to protect information from unauthorized disclosure or modification.
We
protect information in our systems by requiring individuals who are authorized
to access information contained in our systems to use a unique personal identification
number. In addition, we store the
computerized records in secure areas that are accessible only to those employees
who require the information to perform their official duties. All of our employees who have access to our systems
that maintain personal information must sign a sanction document annually that
acknowledges penalties for unauthorized access to, or disclosure of such
information.
SSA
also has trust agreements with the telecommunications vendor, which ensure that
all communications between the vendor and SSA will be transferred within a
secure, virus worm-free environment.
- Describe
the impact on individuals’ privacy rights.
Are
individuals afforded an opportunity to decline to provide information?
We
collect information only where we have legal authority to do so to administer
our responsibilities under the Social Security Act. When we collect information from individuals,
we advise them of our legal authority for requesting the information, the
purposes for which we will use and disclose the information, and the
consequences of not providing any or all of the requested information. The users can then make an informed decision
whether or not to provide the information.
Use
of this automated telephone system claim status application is voluntary. Users who choose to use this service must
provide all the requested data elements necessary to verify their identity, and
have a confirmation number in order to receive the claim status. Users who fail the authentication process,
users who do not have a confirmation number, or users who have blocked all
automated telephone system and Internet access to their personal information, are
unable to use this automated telephone system claim status application and will
be offered the option to speak with an agent.
- Are
individuals afforded an opportunity to consent to only particular uses of
the information?
When
we collect information from users, we advise them of the purposes for which we
will use the information. We further
advise them that we will disclose this information without their prior written
consent only when we have specific authority in Federal statue (e.g., the
Privacy Act) to do so.
The
identity information that we will request from the users of this automated
telephone application will be verified against corresponding information
already maintained in our records that was collected at the time the user filed
for an SSN or benefits. We will not use
the information provided by the users of this automated telephone application
for any other purpose, or retain any of the information once the call is
terminated.
- Does
the collection of this information require a new system of records under
the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system
of records?
This
automated telephone application does not require a new Privacy Act system of
records or an alteration to an existing system of records because there is no
new and permanent collection of identifiable data in this application process. The Claims Status Telephone System Application
uses information that is collected and maintained for purposes related to other
business processes for which there are currently Privacy Act systems of records
(60-0058 and 60-0089).
PIA CONDUCTED BY PRIVACY OFFICER, SSA
______________________ February 7, 2008
Signature Date
PIA REVIEWED BY THE SENIOR AGENCY PRIVACY OFFICIAL,
SSA
/s/ David F. Black________ February 15, 2008
Signature Date