SOCIAL SECURITY ADMINISTRATION

PRIVACY IMPACT ASSESSMENT

 

 

·         Name of project.

Financial Accounting System

 

·         Unique project identifier.

      016-00-01-01-01-2015-00

 

·         Privacy Impact Assessment Contact.

      Director
      Office of Finance
      Office of Financial Policy and Operations
      Social Security Administration
      6401 Security Boulevard
      Baltimore, MD 21235  

·         Describe the information to be collected, why the information is being collected, the intended use of the information and with whom the information will be shared.  

SSA’s accounting system of record, the Financial Accounting System, was replaced by the Social Security Online Accounting and Reporting System (SSOARS) in fiscal year 2004.  The implementation of SSOARS did not result in any new collection of information.  SSOARS provides a single system for maintaining and processing SSA’s financial records about Agency employees and contractors, as well as members of the public for administrative payments and receivables.  The financial records cover individuals who receive a payment from SSA such as travelers on official business, contractors, vendors and consultants; individuals owing monies to SSA, which include, but are not limited to, those who have been overpaid and who owe SSA a refund and those who have received goods or services from SSA for which there is a charge or fee (e.g., Freedom of Information Act requesters).  

Essentially SSOARS consolidates all of SSA’s administrative accounting, payment and collection activities.  SSOARS records, classifies and summarizes information on SSA’s financial position and operation.  It maintains a variety of financial information including, but not limited to, funding data, commitments, obligations, receivables and payables.   SSOARS provides SSA financial and budget users with more timely information upon which to make decisions.  SSOARS is not accessible to members of the public.

 

We generally disclose information maintained in this system only as necessary to process payments to individuals owed monies by SSA or collect payment from individuals who owe monies to SSA, or as authorized by Federal law (e.g., we share information with the Department of Treasury for check preparation).   

·         Describe the administrative and technological controls that are in place or that are planned to secure the information being collected.

SSOARS has undergone security risk analysis.  This includes an evaluation of security and audit controls proven effective in protecting the information collected, stored and processed by Agency information systems. These include technical, management, and operational controls that permit access to Agency information only to individuals with a “need to know”, and the minimum amount of access to individuals to perform their job functions.  Audit mechanisms are in place to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.

 

Access to SSOARS information will be given only to authorized SSA personnel who have a need for the information in the performance of their official duties.  We will protect the information by requiring employees’ use of unique Personal Identity Numbers to access the information systems that will maintain the data, and we will store computerized records in secure areas that are accessible only to employees who require the information performance of their official duties.  Furthermore, if SSA employees have access to SSA information systems that maintain personal information, they must sign a sanction document annually that acknowledges penalties should they gain unauthorized access to or make an unauthorized disclosure of such information.  

·         Describe the impact on individuals’ privacy rights.

Are individuals afforded an opportunity to decline to provide information? 

We collect information only where we have specific legal authority to do so and this information is collected primarily to administer our responsibilities under the Social Security Act.  When we collect information from individuals, we advise them of our legal authority for requesting the information and explain how they may be affected if they choose not to provide the information.  The individuals can then make an informed decision whether or not to provide the information.

Are individuals afforded an opportunity to consent to only particular uses of the information?

When we collect information from individuals, we advise them of the purposes for which we will use the information.  We further advise them that we will disclose this information without their prior written consent only when we have specific authority in Federal statute (e.g., the Privacy Act) to do so. 

·         Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?  

No.  An existing system of records, Financial Transactions of SSA Accounting and Finance Offices, 60-0231, covers the SSOARS electronic system and it does not require any changes.

 

PIA CONDUCTED BY PRIVACY OFFICER, SSA:

______________________________                    02/23/07____

SIGNATURE                                                          DATE

 

PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:

 

   /S/    Thomas W. Crawley________                          02/27/07____

SIGNATURE                                                           DATE