/s/
Vincent Dormarunno
8/27/08
·
Name of
project.
Internet Social Security Benefits Application (ISBA) Third Party Enhancements
(Third Party ISBA)
·
Unique project
identifier.
RAS-2091 3PISBA
·
Contact name
and telephone number.
Team Leader, Center for Internet Customer Service
Office of Electronic Services
Social Security Administration
(410) 965-8707
·
Describe the
information to be collected, why the information is being collected, the
intended use of the information and with whom the information will be shared.
The Social Security
Administration (SSA) is taking an innovative approach to prepare the Agency for
the growing retirement workload generated from the baby boomers as they become
eligible for retirement beginning in January 2008.
The overarching project that will
provide the platform for automating the adjudication of retirement applications
is known as Ready Retirement.
The initial phase of the Ready Retirement initiative will include
enhancements to the Internet Social Security Benefits Application (ISBA) to
allow third parties (Third Party ISBA) to provide Social Security Retirement,
Disability and Spouse’s benefit information electronically to SSA.
When the
implementation of SSA’s signature proxy process mandated the use of electronic
signatures for online applications, third parties (companies or individuals) who
helped others file for SSA benefits lost the ability to use the ISBA
application. ISBA enhancements for
third parties will restore third parties’ ability to provide application
information electronically to SSA.
Third parties will have the ability to help individuals file an application for
benefits while still meeting legal requirements to obtain a proper signature.
Providing third parties with the ability to assist the claimant in the
application process will reduce the number of paper applications that require
manual processing in field offices, helping save SSA resources.
Making ISBA accessible for third parties will in turn support SSA’s
efforts to increase electronic service delivery options for the public.
How Third Party ISBA Works
Third Party
ISBA will automate the application process for third parties filing on the
claimant’s behalf. To begin the process,
the third party filer accesses SSA’s online retirement benefit application.
The third party filer will then check the requisite choice for
application routes and will be directed to provide Personally Identifiable
Information (PII) relating to him/her.
After providing his/her PII, the third party filer will begin completing
the application for benefits on the claimant’s behalf.
If the third party filer is unable to complete the entire application all
at once, he/she may sign off of the application.
At that point, the third party filer will be provided with a re-entry
number that will permit him/her to sign back on to the application and complete
it at a later date.
In order for
the third party filer to re-enter the application, he/she will need to provide
the re-entry number and the claimant’s Social Security Number (SSN).
Once the third party filer submits the claimant’s benefit application to
SSA, the re-entry number is no longer valid.
The third party filer will not be able to check the status of the claim
once it has been submitted to SSA.
Each time a third party filer begins a new application, he/she will be provided
with a re-entry number to be used in combination with an individual’s SSN to
regain access to the application.
Collection of Information from Third Party
Individuals Who Use ISBA
SSA will collect and
maintain PII from each third party filer.
This information will include the third party filer’s name, relationship
to the claimant, company name, address and day time telephone number.
Initially, the information will be stored in the ISBA data base.
The information will remain in this database until the application is
completed. (If the filer does not
return to the application in a timely manner, SSA will only retain the
information on an incomplete application for six months.)
Once the application is completed, the third party filer’s PII will be
stored in the Remarks section of the Modernized Claims System (MCS).
PII data in the MCS is covered by our Privacy Act system of records
entitled, Claims Folder System
(60-0089).
The third party
filer’s PII cannot be retrieved without the associated PII of the claimant for
whom he/she filed the application.
We generally will use the third party filer’s PII only as necessary for
administrative purposes related to the claimant’s application or when we have
specific authority as authorized by routine
uses or other Privacy Act disclosure exceptions that allow the disclosure of the
information in the applicable Privacy Act system of records.
·
Describe the
administrative and technological controls that are in place or that are planned
to secure the information being collected.
Reducing Potential Risks to Individuals’ Privacy
and Protecting Information Being Collected
The third party
filer must protect the confidentiality of the re-entry number and the claimant’s
SSN during the application process.
To provide further protection, once the application is completed, SSA
deactivates the re-entry number.
The third party filer will not be able to access the application again, as a
first party filer may in order to obtain a status on the application.
The information in an incomplete application is not part of any SSA
Privacy Act system of records.
None of the
information contained in the incomplete application comes from an SSA database
nor is any information from SSA Privacy Act systems of records disclosed to the
third party filer or applicant during the online application process.
The ISBA for third party filers is strictly a data entry process.
Additionally, access to the third party filer’s PII can only be achieved
by accessing an individual claimant’s file.
The system lacks the capability to independently query a third party
filer’s PII.
It is conceivable that someone having personal knowledge of the claimant’s SSN
and the randomly generated re-entry number could fraudulently access an
incomplete application and thereby gain access to the third party PII and the
claimant’s PII. However, we make an
earnest effort to protect access to and prevent unauthorized disclosure of our
records. To reduce those
vulnerabilities and discourage individuals from accessing PII in an incomplete
application, we notify the third party filer that he/she should keep the
re-entry number confidential. The
SSN is not provided on the page with the re-entry number.
At no time does SSA provide the claimant’s SSN to the third party filer.
The third party filer enters the claimant’s SSN and SSA verifies that it
is a valid SSN.
Any effort to obtain personal information about another individual from us under
false pretenses, or without the express consent of the subject of the record, is
an unauthorized access and violates the Privacy Act of 1974. Any individual who
misuses the Third Party ISBA service could be punished by a fine, imprisonment,
or both.
Administrative and Technological Controls that
are in Place
The ISBA Third Party enhancements application has undergone authentication and
security risk analyses. The latter
includes an evaluation of security and audit controls proven to be effective in
protecting the information collected, stored, processed, and transmitted by
Agency information systems. This
includes a 30 minute session time out due to inactivity by the third party
filer. If the SSN and date of birth
do not match after three tries, the record is locked for 24 hours and the user
cannot access the claim. There are
also technical, management, and operational controls that permit access to our
information only to those employees who have an official “need to know”, and the
minimum amount
of access
that allows them to
perform their job functions.
We have audit mechanisms in place to record sensitive transactions as an
additional measure to protect information from unauthorized disclosure or
modification.
SSA employees accessing the data in the ISBA system have Top Secret PINs which
provide audit trails related to their use.
Only SSA employees who have a need to access the information in order to
perform their official duties will have access to the information relating to
the Third Party ISBA application.
The system lacks the ability to query an individual third party filer by his/her
PII. In order to access the third
party filer’s PII, an SSA employee would need to know the individual claimant’s
PII for whom the third party submitted an application.
·
Describe the
impact on individuals’ privacy rights.
Are individuals afforded an opportunity to
decline to provide information?
We collect
information only where we have specific legal authority to do so to administer
our responsibilities under the Social Security Act.
When we collect information from the third party filer, we advise them of
our legal authority for requesting the information, the purpose(s) for which we
will use and disclose the information, and the consequences of not providing any
or all of the requested information.
The third party filer can then make an informed decision whether or not
to provide the information.
Are individuals afforded an opportunity to
consent to only particular uses of the information?
When third party
filers access SSA’s Retirement Benefit Application page, they are afforded the
opportunity to review SSA’s statements relating to the collection of information
from them and the purposes for which we will use the information.
A third party filer cannot proceed with the application until he/she has
acknowledged reviewing the Privacy Act statement.
We further advise them that we will disclose this information without
their prior written consent only when we have specific authority in Federal
statute (e.g., the Privacy Act) to do so.
·
Does the
collection of this information require a new system of records under the Privacy
Act (5 U.S.C. § 552a) or an alteration to an existing system of records?
No, a new system of records is not required for the Third Party enhancements to
ISBA. However, an amendment to the
Claims Folder System
(60-0089) system of records will be needed in order to maintain the PII
relating to the third party filers.
Development of this amendment to the system of records is underway.
PIA CONDUCTED BY PRIVACY OFFICER, SSA:
/s/
Vincent Dormarunno
8/27/08
SIGNATURE
DATE
/s/ David F. Black 9/8/08
SIGNATURE DATE