Social Security Administration (SSA)

Privacy Impact Assessment (PIA)

            National 800 Number Network Transfer of Voice Data Collection System

      N/A.

Center Director, Field Network and Planning

Office of Telephone Services

Social Security Administration

6401 Security Boulevard

Baltimore, MD 21235

            National 800 Number Network (N8NN) Transfer of Voice Data Collection (TVDC)

The TVDC is an enhancement to the N8NN’s automated telephone application system that involves transferring common identity data elements collected from one automated telephone application to another automated telephone application and to a N8NN agent (“agent”), if required.  The N8NN automated telephone application system includes many applications that prompt callers for information to verify the callers’ identity, and to associate the caller with the appropriate automated telephone application. 

This enhancement to the N8NN automated telephone application system will allow for a single collection of common identity data elements for use in subsequent automated application request(s) and/or that may be required by an agent.  The TVDC will allow the caller to provide identity data once rather than multiple times during the call.  The system will match the identity information provided by the caller to the information required for the newly selected automated telephone application or required by an agent.  The caller is only required to provide the additional identity information that may be required by the next transaction.  The TVDC process reduces the call handle time and improves the efficiency of the N8NN.  As a result, public use of the N8NN will likely increase and the Agency furthers its goal of improved customer service.

TVDC will require the caller to input identity data elements such as those listed below:

§         Social Security Number (SSN)

§         Date of Birth

§         First Name

§         Last Name

§         Mother’s Maiden Name

§         Place of Birth

§         Last Payment Amount

§         Claim Number

§         Password

These data elements comprise the knowledge-based authentication we use to verify the identity of a caller who requests certain information from our agents or uses one of our automated telephone applications.  Some of the N8NN transactions that first require collecting identity information from callers are listed below:

§         Change of Address

§         Direct Deposit

§         Benefit Verification

§         Medicare Replacement Card

§         Claim Status

§         Password Authorization

§         Screen Splash/Screen Pop

§         Replacement 1099

We will collect the information that is required for the transaction(s) that the caller is requesting.  We will match the information the caller input with information in the appropriate Privacy Act system of records (SOR) listed below:

§         Master Files of Social Security Number (SSN) Holders and SSN Application, (60-0058).

§         Claims Development Record, (60-0066)

§         Claims Folders System, (60-0089).

§         Master Beneficiary Record, (60-0090)

§         Medicare Part B Buy-In Information System, (60-0268)

If we successfully authenticate the caller’s identity, we will provide the caller with the information he or she is requesting.  If we are unable to authenticate the caller’s identity and the transaction is being processed by one of the automated telephone applications, we will ask the caller if he or she would like to speak to an agent to complete the transaction.  If the caller elects to speak to an agent, the caller will be transferred.

If we are unable to authenticate the caller’s identity once he or she is transferred to an agent, we will advise the caller to visit a local field office for further assistance in completing the transaction.

The information collected will only be shared with an agent if the caller elects to speak to one or if we are unable to verify the identity of the caller using one of our N8NN automated telephone applications.  In either case, the data input by the caller will be shared with an agent.  We will not maintain any of the information the caller input in our system.  It is held encrypted in short-lived memory.  When the call is completed, we delete all of the information collected during the call.  The personally identifiable information collected cannot be viewed in any system log files. 

Describe the administrative and technological controls that are in place or that are planned to secure the information being collected.

Reducing Potential Risks to Individuals’ Privacy and Protecting Information Being Collected

In order to mitigate risks, access to SSA record information via the N8NN requires proper identification.  Any caller who fails the authentication process or who has elected to block all automated telephone system and Internet access to his or her personal information will be unable to proceed using the N8NN automated telephone applications.  The caller will be offered the option to speak with an agent.  As noted above, SSA customers can choose to block automated telephone system access.

Administrative and Technological Controls that are in Place

TVDC has undergone authentication and security risk analyses.  This includes an evaluation of security and audit controls proven to be effective in protecting the information collected, stored, processed, and transmitted by our information systems.  These include technical, management, and operational controls that permit access to our information only to users with an official “need to know.”  We have audit mechanisms in place to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.

We protect the information in our systems by requiring employees authorized to access our systems to use a unique personal identification number (PIN) and password.  In addition, we store the computerized records in secure areas that are accessible only to employees who require the information to perform their official duties.  Furthermore, all our employees who have access to our information must sign a sanction document annually that acknowledges penalties for unauthorized access to, or disclosure of, such information.

SSA also has trust agreements with the telecommunications vendor which ensure that all communications between the vendor and SSA will be transferred within a secure, virus/worm-free environment.

      Are individuals afforded an opportunity to decline to provide information?

We collect information only where we have legal authority to do so to administer our responsibilities under the Social Security Act.  When we collect information from individuals, we advise them of our legal authority for requesting the information, the purposes for which we will use and disclose the information, and the consequences of not providing any or all of the requested information.  The individual can then make an informed decision whether or not to provide the information.

Use of the automated telephone system application is voluntary.  Users who choose to use this service must provide all the requested information necessary to authenticate their identity.  Users who have elected to block all automated telephone system and Internet access to his or her SSA record information are unable to use the automated telephone system applications and will be offered the option to speak with an agent and/or to visit the local Social Security office.

When we collect information from users, we advise them of the purposes for which we will use the information.  We further advise them that we will disclose this information without their prior written consent only when we have specific authority in Federal statue (e.g., the Privacy Act) to do so.

The identity information that we will request from the users of this automated telephone application will be verified against corresponding information already maintained in our records that was collected at the time the user filed for an SSN or benefits.  We will not use the information provided by the users of this automated telephone application for any other purpose, or retain any of the information once the call is terminated.

This enhancement to the N8NN automated telephone application does not require a new Privacy Act SOR or an alteration to an existing SOR because there is no new and permanent collection of identifiable data in this application process.  TVDC Telephone System Application uses information that is collected and maintained for purposes related to other business processes for which there are currently Privacy Act SOR (60-0058, 60-0066, 60-0089; 60-0090, and 60-0268).

PIA CONDUCTED BY PRIVACY OFFICER, SSA

Sincerely,

Privacy Officer Vince Dormarunno Signature

______________________________October 10, 2008

Signature                                             Date

PIA CONDUCTED BY THE SENIOR AGENCY PRIVACY OFFICIAL, SSA

 /s/ David F. Black________                          October 11, 2008

Signature                                                         Date


Privacy Policy