SOCIAL SECURITY ADMINISTRATION NOTICE OF SYSTEM OF RECORDS REQUIRED BY THE
PRIVACY ACT OF 1974
System number:
60-0210
System name:
Record of Individuals Authorized Entry to Secured Automated Data Processing
Area, SSA/DCFAM/OFM
System classification:
None.
System location:
Social Security Administration
Office of Systems Operations
6201 Security Boulevard
Baltimore , Maryland 21235
Categories of individuals covered by the system:
Employees, vendors and contractors with a legitimate need who are authorized
entry to the secured Automated Data Processing (ADP) areas.
Categories of records in the system:
The Logiplex Security Access System (LSAS) monitors and controls access/egress
to all areas of the National Computer Center (NCC). The LSAS contains the
name, badge number, employer name, access level, and unique 5-digit number.
The LSAS determines that the correct 5-digit number was entered for the card
presented to the card reader and that the individual is authorized access to
that area. The LSAS includes unauthorized attempts to enter a protected
zone or attempts to tamper with security sensors.
Authority for maintenance of the system:
5 U.S.C. 552a(e)(10) of the Privacy Act.
Purpose(s):
This system is the basic system which the Social Security Administration (SSA)
uses to safeguard personal and sensitive records about individuals.
Records in the system are used to restrict access to SSA's computer facility and
other secured areas which house the records.
Data in the system also are used for management purposes to ensure the security
of the computer facility and secured areas and to verify time and attendance
when employee fraud or abuse is suspected.
Routine uses of records maintained in the system, including categories of users
and the purposes of such uses:
Disclosure may be made for routine uses as indicated below. However,
disclosure of any information constituting “returns or return information”
within the scope of the Internal Revenue Code will not be disclosed unless
disclosure is authorized by that statute.
1. To a congressional office
in response to an inquiry from that office made at the request of the subject of
a record.
2.
To the Department of Justice (DOJ), a court or other tribunal, or
another party before
such tribunal when:
(a)
SSA, or any component thereof; or
(b)
any SSA employee in his/her official capacity; or
(c)
any SSA employee in his/her individual capacity where DOJ (or SSA where it is
authorized to do so) has agreed to represent the employee; or
(d) the United States or any agency thereof where SSA determines that the
litigation is likely to affect the operations of SSA or any of its components,
is a party to litigation or has an interest in such litigation,
and SSA determines that the
use of such records by DOJ, the court or other tribunal is relevant and
necessary to the litigation, provided, however, that in each case, SSA
determines that such disclosure is compatible with the purpose for which the
records were collected.
Wage and other information which are subject to the disclosure provisions of the
Internal Revenue Code (IRC) (26 U.S.C. § 6103) will not be disclosed under this
routine use unless disclosure is expressly permitted by the IRC.
3. To the Internal Revenue
Service (IRS), as necessary, for the purpose of auditing the SSA's compliance
with safeguard provisions of the IRC of 1986, as amended.
4. Information may be
disclosed to contractors and other Federal agencies, as necessary, for the
purpose of assisting SSA in the efficient administration of its programs.
We contemplate disclosing information under this routine use only in situations
in which SSA may enter a contractual or similar agreement with a third party to
assist in accomplishing an agency function relating to this system of records.
5. Non-tax return
information which is not restricted from disclosure byFederal law may be
disclosed to the General Service Administration (GSA) and the National Archives
and Records Administration (NARA) for the purpose of conducting records
management studies with respect to their duties and responsibilities under 44
U.S.C. § 2904 and § 2906, as amended by the NARA Act.
6. To student volunteers and
other workers, who technically do not have the status of Federal employees, when
they are performing work for SSA as authorized by law, and they need access to
personally identifiable information in SSA records in order to perform their
assigned Agency functions.
7. We
may disclose information to appropriate Federal, State, and local agencies,
entities, and persons when (1) we suspect or confirm that the security or
confidentiality of information in this system of records has been compromised;
(2) we determine that as a result of the suspected or confirmed compromise there
is a risk of harm to economic or property interests, identity theft or fraud, or
harm to the security or integrity of this system or other systems or programs of
SSA that rely upon the compromised information; and (3) we determine that
disclosing the information to such agencies, entities, and persons is necessary
to assist in our efforts to respond to the suspected or confirmed compromise and
prevent, minimize, or remedy such harm. SSA will use this routine use to respond
only to those incidents involving an unintentional release of its records.
Policies and practices for storing, retrieving, accessing, retaining and
disposing of records in the system:
Storage:
Records in this system are stored in magnetic media (e.g., magnetic disc) and in
paper form.
Retrievability:
Magnetic media records are retrieved by name, badge number and the unique
five‑digit identifying number; paper records are retrieved alphabetically by
name.
Safeguards:
SSA maintains computerized records in a highly secured room within the secured
area and hard copy records in a locked room. Only authorized security
personnel and the directors within the Office of Systems Operations (OSO) (or
their authorized representatives) have access to these records. SSA has
established system security for this system in accordance with the Systems
Security Handbook. (See Appendix G for additional information relating to
safeguards SSA employs to protect personal information.)
Retention and disposal:
SSA retains records in this system for up to 3 years following expiration of an
individual's authority to enter the secured area. SSA destroys paper
records by shredding. When an individual is no longer authorized, SSA
deletes information from magnetic media immediately.
System manager(s) and address:
Social Security Administration
Deputy Commissioner
Finance, Assessment and Management
6401 Security Boulevard
Baltimore , Maryland 21235
Notification procedure:
An individual can determine if this system contains a record about him/her by
writing to the systems manager(s) at the above address and providing his/her
name, SSN or other information that may be in the system of records that will
identify him/her. An individual requesting notification of records in
person should provide the same information, as well as provide an identity
document, preferably with a photograph, such as a driver’s license or some other
means of identification, such as a voter registration card, credit card, etc.
If an individual does not have any identification documents sufficient to
establish his/her identity, the individual must certify in writing that he/she
is the person claimed to be and that he/she understands that the knowing and
willful request for, or acquisition of, a record pertaining to another
individual under false pretenses is a criminal offense.
If notification is requested by telephone, an individual must verify his/her
identity by providing identifying information that parallels the record to which
notification is being requested. If it is determined that the identifying
information provided by telephone is insufficient, the individual will be
required to submit a request in writing or in person. If an individual is
requesting information by telephone on behalf of another individual, the subject
individual must be connected with SSA and the requesting individual in the same
phone call. SSA will establish the subject individual’s identity (his/her
name, SSN, address, date of birth and place of birth along with one other piece
of information such as mother’s maiden name) and ask for his/her consent in
providing information to the requesting individual.
If a request for notification is submitted by mail, an individual must include a
notarized statement to SSA to verify his/her identity or must certify in the
request that he/she is the person claimed to be and that he/she understands that
the knowing and willful request for, or acquisition of, a record pertaining to
another individual under false pretenses is a criminal offense. These
procedures are in accordance with SSA Regulations (20 CFR § 401.40).
Record access procedures:
Same as notification procedures. Requesters should also reasonably specify the
record contents being sought. These access procedures are in accordance
with SSA Regulations (20 CFR 401.40(c)).
Contesting record procedures:
Same as notification procedures. Requesters should also reasonably identify the
record, specify the information they are contesting and state the corrective
action sought and the reasons for the correction with supporting justification
showing how the record is incomplete, untimely, inaccurate or irrelevant.
These procedures are in accordance with SSA Regulations (20 CFR 401.65(a)).
Record source categories:
SSA obtains information in this system from the individuals who are covered by
the system.
Systems exempted from certain provisions of the Privacy Act:
None.