SOCIAL
SECURITY ADMINISTRATION
PRIVACY
IMPACT ASSESSMENT
·
Name of
project.
Consent
Based Social Security Number Verification System (CBSV)
·
Unique project
identifier.
4294-R501
·
Contact name
and telephone number.
CBSV
Project Leader
Office
of Public Service and Operations Support
Social
Security Administration
410-965-5969
·
Describe the
information to be collected, why the information is being collected, the
intended use of the information and with whom the information will be shared.
In recent years, entities other than government
agencies and employers who report wages to us to whom we can disclose
information without consent have requested record data such as Social Security
Number (SSN) verifications. In such
cases, we have honored these requests based on the subject of the record’s written
consent. Due to the increasing demand
for such services, the work associated with handling these requests has grown
and presents us with ongoing resource challenges. The CBSV initiative is one phase of our long
term strategy to satisfy high volume requests by developing a centralized and
automated process for providing SSN verifications. The process requires written
consent of the number holder and we will charge applicable fees to the
Requesting Party, whether a business or government agency, for providing this
information. We are developing two
Internet application interfaces and a webservice interface to automate the CBSV
service for third party requesters whether business-based or governmental. We will provide access to CBSV through our
Business Services Online (BSO) service. BSO
is a suite of Internet services for businesses and employers who exchange
information with us.
For
individuals who register to use the system and request verifications:
The Internet applications and webservice for CBSV will automate
significant parts of the process. We are
automating the registration process, the data submittal of the SSNs to be
verified, and the retrieval of the verification results. Such a process requires a reliable
registration and authentication protocol.
To begin the CBSV registration process, the authorized employee users
of the Requesting Party log into the BSO website and complete a registration
screen with their personal information (specified below) and company
affiliation. After we verify this
information with our records, we will assign each CBSV user a BSO User ID and the
user will self-select a password. SSA’s
Office of Central Operations (OCO) personnel search the BSO Registration
database for the User ID and match it to an already-submitted Form SSA-88. The Form SSA-88 is a form completed and signed
by a company official authorizing the specific employee to use CBSV. Once OCO
personnel verify that the Requesting Party has completed the CBSV user agreement
process with SSA, a unique activation code will be mailed to the designated
company official to distribute to the authorized CBSV user. After the company official provides the CBSV
user the activation code, the users will return to BSO and enter their User IDs,
passwords, and access codes to finalize the registration process. Thereafter, each authorized CBSV Internet
application user will enter the User ID and password to submit requests in
either batch mode format or up to 10 requests for real-time response.
Requesting Parties will also be given the option to build a compatible
webservice platform for submitting requests to us that will return real-time
responses. The webservice platform will
have equivalent authentication and security standards.
We will collect and maintain personally identifying information
(PII) from each authorized employee registering to use the CBSV application. This information includes data such as name,
SSN, date of birth, and the associated User ID and password used to access the CBSV
application. This information will be part
of a larger database of registered employee users associated with the BSO suite
of services and will be used primarily for management and audit information
purposes in order to effectively administer the CBSV application and ensure the
authorized and appropriate use of the application. We
generally will use this information only as necessary for these administrative
purposes or as authorized by routine uses or other Privacy Act disclosure
exceptions that allow the disclosure of the information in the applicable
Privacy Act system of records.
For individuals who authorize the
verification of their SSNs:
Individuals
authorizing the verification of their SSNs sign a SSA-89 standardized consent
form which requests name, SSN, and date of birth. We use this information to verify for the Requesting
Party whether the data matches or does not match our records. As specified in the language of the consent,
the verified SSN information may only be used for the purpose delineated on the
form. The CBSV user agreement also
prohibits the Requesting Party’s resale and/or redisclosure of the verified SSN
information. The only other authorized use of the information is for audit
review purposes to ensure the Requesting Party’s compliance with our consent
requirements and other obligations as outlined in the CBSV user agreement.
·
Describe the
administrative and technological controls that are in place or that are planned
to secure the information being collected.
Reducing
Potential Risks to Individuals’ Privacy and Protecting Information Being
Collected
The Requesting Party must protect the
confidentiality of the consent forms and the information contained on them and protect the associated record
of SSN verifications. This mandate includes requiring the Requesting Party to
retain the consent form either on paper or electronically for a period of seven
years from the date of verification. We
also require the Requesting Party to protect the consent forms from loss or destruction by taking certain security measures
specified in the user agreement.
CBSV
users should only request data from us if the Requesting Party has authorized them
to act on the Requesting Party’s behalf and the users have secured signed consent
forms from the individuals whose SSNs are being submitted for
verification. There is the possibility
that individuals who are not authorized to use the CBSV application might try
to gain access to it to get SSN verifications under false pretenses. It is also conceivable that someone having
personal knowledge of the authorized CBSV user or someone attempting to steal his/her
User ID and password could fraudulently obtain verifications of SSNs. However, any effort to obtain personal
information about another individual from us under false pretenses, or without
the express consent of the subject of the record, is an unauthorized access and
violates the criminal provisions of the Privacy Act of 1974.
We
make an earnest effort to protect access to, and prevent unauthorized
disclosure of, records. CBSV returns
only the last four digits of the submitted SSN in the response to help mitigate
these risks. To further reduce those
vulnerabilities and discourage individuals from getting an unauthorized
disclosure from the CBSV application, (i.e., under false pretenses), the
Requesting Party’s designated company official must sign an attestation
statement indicating he/she understands the Privacy Act restrictions relating
to the use of this service and must complete a pre-approval form providing the
names and SSNs of any employees authorized to use the CBSV service. Any individual who misuses the CBSV service could
be punished by a fine, imprisonment, or both.
Administrative
and Technological Controls that are in Place
As outlined in the CBSV user agreement, the
Requesting Party must comply with our system security guidelines to ensure the
technical security of the data being received.
The Requesting Party will also be subject to a periodic audit conducted
by an independent private sector Certified Public Accountant who will report
findings to us. We may also make onsite
inspections of the Requesting Party’s place of business to ensure compliance
with all of these requirements.
The
CBSV application, and the BSO system in which it resides, have undergone
authentication and security risk analyses.
The latter includes an evaluation of security and audit controls proven
to be effective in protecting the information collected, stored, processed, and
transmitted by Agency information systems.
These include technical, management, and operational controls that
permit access to our information only to our employees with a “need to know,”
and the minimum amount of access that allows them to perform their job
functions. Audit
mechanisms are in place to record sensitive transactions as an additional
measure to protect information from unauthorized disclosure or modification.
We
will protect the information in the CBSV application by requiring our employees who are authorized to
access the information system that produces the CBSV application to use a
unique User ID. In addition, we store
the computerized records in secure areas that are accessible only to employees who require the information
to perform their official duties.
Furthermore, all our employees who have access to our information
systems that maintain personal information must sign a sanction document
annually that acknowledges penalties for unauthorized access to, or disclosure
of, such information.
·
Describe the
impact on individuals’ privacy rights.
Are
individuals afforded an opportunity to decline to provide information?
For
individuals who register to use the system:
We collect information only when we have specific
legal authority to do so to administer our responsibilities under the Social
Security Act. When we collect
information from CBSV users, we advise them of our legal authority for
requesting the information, the purpose(s) for which we will use and disclose
the information, and the consequences to them of not providing any or all of
the requested information. The CBSV users
can then make an informed decision whether or not to provide the information.
CBSV users who elect not to provide this information
will not be able to register to use the CBSV application for their respective
companies because the system is designed in such a way to associate a unique
PIN and password to each registrant. This
notification concerning the voluntary nature of providing personal information
is provided during the online registration process.
For
individuals who authorize the verification of their SSNs:
Individuals may elect not to sign the consent
authorizing the verification of their SSNs.
Are
individuals afforded an opportunity to consent to only particular uses of the
information?
For
individuals who register to use the system:
When we collect information from users who register for
the CBSV application, we advise them of the purposes for which we will use the
information. We further advise them that
we will disclose this information without their prior written consent only when
we have specific authority in Federal statute (e.g., the Privacy Act) to do so.
For
individuals who authorize the verification of their SSNs:
As noted above, individuals whose SSNs are verified
must consent to the verification. The
use of this verified SSN information by the Requesting Party is limited to the
purpose specified on the consent form.
The consent is only valid for ninety days, unless indicated otherwise by
the authorizing individual.
·
Does the
collection of this information require a new system of records under the
Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of
records?
Yes,
a new system of records is required for the BSO system that will register CBSV
users and maintain associated PII about them. Development of this system of
records is underway.
A
new system of records is not required for those individuals authorizing the
verification of their SSNs since the information captured on the consent is not
maintained in a manner that constitutes a system of records under the Privacy
Act.
PIA
CONDUCTED BY PRIVACY OFFICER, SSA:
_______________________
_________________________ _______11/05/08_____
SIGNATURE DATE
PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:
/s/ David Black _______11/05/08_____
SIGNATURE DATE