Effective Date: January 11, 2006
(71 F.R. 1800)
SOCIAL SECURITY ADMINISTRATION NOTICE OF SYSTEM OF RECORDS REQUIRED BY THE PRIVACY ACT OF 1974
SYSTEM NUMBER: 60-0001
System name:
Assignment and Correspondence Tracking (ACT) System, Social Security Administration, Office of the Commissioner.
Security classification:
None.
System Location:
Social Security Administration
Office of the Commissioner
Categories of individuals covered by the system:
Any individual or entity that makes a request or writes to the Commissioner of Social Security and receives a direct response from the Commissioner.
Categories of records in the system:
The Commissioner's incoming personal requests and correspondence and responses to such correspondence.
Authority for maintenance of the system:
Section 205 of the Social Security Act (42 U.S.C. 405).
Purpose(s):
This system is established for tracking incoming correspondence and reference when replying to subsequent inquiries.
Routine uses of records maintained in the system, including categories of users and the purposes of such uses:
Disclosure may be made for routine uses as indicated below. However, disclosure of any information defined as ``return or return information'' under 26 U.S.C. 6103 of the Internal Revenue Code will not be disclosed unless authorized by a statute, the Internal Revenue Service (IRS), or IRS regulations.
1. To a congressional office in response to an inquiry from that office made at the request of the subject of a record.
2. To the Office of the President for the purpose of responding to an individual pursuant to an inquiry received from that individual or from a third party on his/her behalf.
3. To the General Services Administration and the National Archives Records Administration (NARA) under 44 U.S.C. 2904 and 2906, as amended by the NARA Act of 1984, information which is not restricted from disclosure by Federal law for the use of those agencies in conducting records management studies.
4. To the Department of Justice (DOJ), a court or other tribunal, or another party before such tribunal when:
(a) The Social Security Administration (SSA), or any component thereof; or
(b) Any SSA employee in his/her official capacity; or
(c) Any SSA employee in his/her individual capacity where DOJ (or SSA where it is authorized to do so) has agreed to represent the employee; or
(d) The United States or any agency thereof where SSA determines that the litigation is likely to affect the operations of SSA or any of its components, is a party to the litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court or other tribunal, or another party before such tribunal, is relevant and necessary to the litigation, provided, however, that in each case, SSA determines that such disclosure is compatible with the purpose for which the records were collected.
5. To student volunteers, individuals working under a personal services contract, and other workers who technically do not have the status of Federal employees, when they are performing work for the Social Security Administration (SSA), as authorized by law, and they need access to personally identifiable information in SSA records in order to perform their assigned Agency functions.
6. To Federal, State, and local law enforcement agencies and private security contractors, as appropriate, information necessary:
(a) To enable them to protect the safety of Social Security Administration (SSA) employees and customers, the security of the SSA workplace and the operation of SSA facilities; or
(b) To assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupt the operation of SSA facilities.
7. We may disclose information to appropriate Federal, State, and local agencies, entities, and persons when (1) we suspect or confirm that the security or confidentiality of information in this system of records has been compromised; (2) we determine that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs of SSA that rely upon the compromised information; and (3) we determine that disclosing the information to such agencies, entities, and persons is necessary to assist in our efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. SSA will use this routine use to respond only to those incidents involving an unintentional release of its records.
Policies for storing, retrieving, accessing, retaining, and disposing of records in the system:
Storage:
Records in this system are stored in paper form and in magnetic media (e.g., magnetic tape and disc).
Retrievability:
Records in this system are indexed and retrieved by the name of the correspondent.
Safeguards:
Safeguards for automated records have been established in accordance with the Systems Security Handbook. This includes maintaining the records in a secured enclosure attended by security guards. Anyone entering or leaving the enclosure must have a special badge issued only to authorized personnel. Access to specific records in this system is limited to members of the Office of the Commissioner. Also, employees are periodically briefed on Privacy Act requirements and Social Security Administration (SSA) rules, including the criminal sanctions for unauthorized disclosure of, or access to, personal records. Access http://www.socialsecurity.gov/foia/bluebook/app_g.htm for additional information relating to SSA data security measures.
Retention and disposal:
General correspondence is archived after 3 years. Paper files are destroyed by shredding when deemed appropriate. Computer files are archived after 3 years.
System manager(s) and address(es):
Director, Office of Executive Operations
Social Security Administration
Notification procedures:
An individual can determine if this system contains a record about him/her by writing to the system manager(s) at the above address and providing his/her name, SSN or other information that may be in the system of records that will identify him/her. An individual requesting notification of records in person should provide the same information, as well as provide an identity document, preferably with a photograph, such as a driver's license or some other means of identification. If an individual does not have any identification documents sufficient to establish his/her identity, the individual must certify in writing that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.
If notification is requested by telephone, an individual must verify his/her identity by providing identifying information that parallels information in the record to which notification is being requested. If it is determined that the identifying information provided by telephone is insufficient, the individual will be required to submit a request in writing or in person. If an individual is requesting information by telephone on behalf of another individual, the subject individual must be connected with SSA and the requesting individual in the same phone call. SSA will establish the subject individual's identity (his/her name, SSN, address, date of birth and place of birth, along with one other piece of information, such as mother's maiden name) and ask for his/her consent in providing information to the requesting individual.
If a request for notification is submitted by mail, an individual must include a notarized statement to SSA to verify his/her identity or must certify in the request that he/she is the person claimed to be and that he/she understands that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense. These procedures are in accordance with SSA Regulations (20 CFR 401.40(c)).
Record access procedures:
Same as Notification procedures. Also, requesters should reasonably specify the record contents being sought. These procedures are in accordance with SSA Regulations (20 CFR 401.40(c)).
Contesting record procedures:
Same as Notification procedures. Also, requesters should reasonably identify the record, specify the information they are contesting and the corrective action sought, and the reasons for the correction, with supporting justification showing how the record is untimely, incomplete, inaccurate or irrelevant. These procedures are in accordance with SSA Regulations (20 CFR 401.65(a)).
Record source categories:
Incoming correspondence and responses to the correspondence.
System exempted from certain provisions of the Privacy Act:
None.