Social Security Administration (SSA)
Privacy Impact Assessment (PIA)
- Name of
Project.
National 800 Number Network Transfer of Voice Data
Collection System
- Unique Project
Identifier.
N/A.
- Privacy
Impact Assessment Contact.
Center Director, Field
Network and Planning
Office of Telephone
Services
Social Security
Administration
- Description
of the information to be collected, why the information is being
collected, the intended use of the information being collected, and with
whom the information will be shared.
National 800 Number Network (N8NN) Transfer of Voice
Data Collection (TVDC)
The TVDC
is an enhancement to the N8NN’s automated telephone application system that involves
transferring common identity data elements collected from one automated
telephone application to another automated telephone application and to a N8NN agent
(“agent”), if required. The N8NN
automated telephone application system includes many applications that prompt
callers for information to verify the callers’ identity, and to associate the
caller with the appropriate automated telephone application.
This
enhancement to the N8NN automated telephone application system will allow for a
single collection of common identity data elements for use in subsequent automated
application request(s) and/or that may be required by an agent. The TVDC will allow the caller to provide
identity data once rather than multiple times during the call. The system will match the identity
information provided by the caller to the information required for the newly
selected automated telephone application or required by an agent. The caller is only required to provide the
additional identity information that may be required by the next
transaction. The TVDC process reduces the
call handle time and improves the efficiency of the N8NN. As a result, public use of the N8NN will
likely increase and the Agency furthers its goal of improved customer service.
- Collection of Information
TVDC
will require the caller to input identity data elements such as those listed
below:
§
Social Security
Number (SSN)
§
Date of Birth
§
First Name
§
Last Name
§
Mother’s Maiden Name
§
Place of Birth
§
Last Payment Amount
§
Claim Number
§
Password
These
data elements comprise the knowledge-based authentication we use to verify the
identity of a caller who requests certain information from our agents or uses
one of our automated telephone applications.
Some of the N8NN transactions that first require collecting identity information
from callers are listed below:
§
Change of Address
§
Direct Deposit
§
Benefit
Verification
§
Medicare Replacement
Card
§
Claim Status
§
Password
Authorization
§
Screen
Splash/Screen Pop
§
Replacement 1099
We will
collect the information that is required for the transaction(s) that the caller
is requesting. We will match the information
the caller input with information in the appropriate Privacy Act system of
records (SOR) listed below:
§
Master Files of Social Security Number (SSN) Holders
and SSN Application, (60-0058).
§
Claims Development Record, (60-0066)
§
Claims Folders System, (60-0089).
§
Master Beneficiary Record, (60-0090)
§
Medicare Part B Buy-In Information System, (60-0268)
If
we successfully authenticate the caller’s identity, we will provide the caller
with the information he or she is requesting.
If we are unable to authenticate the caller’s identity and the
transaction is being processed by one of the automated telephone applications,
we will ask the caller if he or she would like to speak to an agent to complete
the transaction. If the caller elects to
speak to an agent, the caller will be transferred.
If
we are unable to authenticate the caller’s identity once he or she is
transferred to an agent, we will advise the caller to visit a local field
office for further assistance in completing the transaction.
The
information collected will only be shared with an agent if the caller elects to
speak to one or if we are unable to verify the identity of the caller using one
of our N8NN automated telephone applications.
In either case, the data input by the caller will be shared with an agent. We will not maintain any of the information the
caller input in our system. It is held
encrypted in short-lived memory. When
the call is completed, we delete all of the information collected during the
call. The personally identifiable
information collected cannot be viewed in any system log files.
Describe the administrative and
technological controls that are in place or that are planned to secure the
information being collected.
Reducing
Potential Risks to Individuals’ Privacy and Protecting Information Being
Collected
In
order to mitigate risks, access to SSA record information via the N8NN requires
proper identification. Any caller who
fails the authentication process or who has elected to block all automated
telephone system and Internet access to his or her personal information will be
unable to proceed using the N8NN automated telephone applications. The caller will be offered the option to speak
with an agent. As noted above, SSA
customers can choose to block automated telephone system access.
Administrative
and Technological Controls that are in Place
TVDC
has undergone authentication and security risk analyses. This includes an evaluation of security and
audit controls proven to be effective in protecting the information collected,
stored, processed, and transmitted by our information systems. These include technical, management, and
operational controls that permit access to our information only to users with an
official “need to know.” We have audit
mechanisms in place to record sensitive transactions as an additional measure
to protect information from unauthorized disclosure or modification.
We
protect the information in our systems by requiring employees authorized to
access our systems to use a unique personal identification number (PIN) and
password. In addition, we store the
computerized records in secure areas that are accessible only to employees who
require the information to perform their official duties. Furthermore, all our employees who have
access to our information must sign a sanction document annually that
acknowledges penalties for unauthorized access to, or disclosure of, such
information.
SSA
also has trust agreements with the telecommunications vendor which ensure that
all communications between the vendor and SSA will be transferred within a
secure, virus/worm-free environment.
- Describe
the impact on individuals’ privacy rights.
Are
individuals afforded an opportunity to decline to provide information?
We
collect information only where we have legal authority to do so to administer
our responsibilities under the Social Security Act. When we collect information from individuals,
we advise them of our legal authority for requesting the information, the
purposes for which we will use and disclose the information, and the
consequences of not providing any or all of the requested information. The individual can then make an informed
decision whether or not to provide the information.
Use
of the automated telephone system application is voluntary. Users who choose to use this service must
provide all the requested information necessary to authenticate their identity. Users who have elected to block all automated
telephone system and Internet access to his or her SSA record information are
unable to use the automated telephone system applications and will be offered
the option to speak with an agent and/or to visit the local Social Security
office.
- Are
individuals afforded an opportunity to consent to only particular uses of
the information?
When
we collect information from users, we advise them of the purposes for which we
will use the information. We further
advise them that we will disclose this information without their prior written
consent only when we have specific authority in Federal statue (e.g., the
Privacy Act) to do so.
The
identity information that we will request from the users of this automated
telephone application will be verified against corresponding information already
maintained in our records that was collected at the time the user filed for an
SSN or benefits. We will not use the
information provided by the users of this automated telephone application for
any other purpose, or retain any of the information once the call is
terminated.
- Does
the collection of this information require a new SOR under the Privacy Act
(5 U.S.C. § 552a) or an alteration to an existing SOR?
This
enhancement to the N8NN automated telephone application does not require a new
Privacy Act SOR or an alteration to an existing SOR because there is no new and
permanent collection of identifiable data in this application process. TVDC Telephone System Application uses
information that is collected and maintained for purposes related to other business
processes for which there are currently Privacy Act SOR (60-0058, 60-0066, 60-0089;
PIA CONDUCTED BY PRIVACY
OFFICER, SSA
Sincerely,
______________________________October 10, 2008
Signature Date
PIA CONDUCTED BY THE SENIOR
AGENCY PRIVACY OFFICIAL, SSA
/s/ David F. Black________ October 11, 2008
Signature Date