Enterprise Wide Mainframe & Distributed Network Telecommunications Services System
· Name of project.
· Unique project identifier.
· Privacy Impact Assessment Contact.
Division of Telecommunications Security and Standards
Office of Telecommunications and Systems Operations
Office of Systems
Social Security Administration
· Describe the information to be collected, why the information is being collected, the intended use of the information and with whom the information will be shared.
The Enterprise Wide Mainframe & Distributed Network Telecommunications Services (EWANS) System is a Social Security Administration (SSA) certified and accredited General Support System consisting of several sub-systems that provide the infrastructure for SSA’s production environments to support its other thirteen General Support Systems (GSS) as well as its six Major Applications (MA) and their subsystems. Across these environments, all of the Agency’s applications covered by its GSSs and MAs are processed or supported (e.g., Title II and XVI programmatic applications such as initial and post-entitlement claims processing, etc.; enumeration; earnings record maintenance; financial; and administrative applications). SSA’s GSSs and MAs are identified below:
General Support Systems
2. Comprehensive Integrity Review Process
3. Death Alert Control and Update System
4. Debt Management System
5. Falcon Data Entry System
6. Human Resources Management Information System
7. Integrated Client Data Base System
8. Integrated Disability Management System
9. LENEL Security Access System
10. Quality Assurance System
11. Recovery of Overpayments, Accounting and Reporting System
12. Social Security Administration Unified Measurement System/Managerial Cost Accountability System
13. Social Security Online Accounting and Reporting System
Record Maintenance System
2. Electronic Disability System
3. Retirement, Survivors, Disability Insurance Accounting System
4. Social Security Number Establishment and Correction System
5. Supplemental Security Income Record Maintenance System
6. Title II System
The EWANS System provides the baseline infrastructure and security, and serves as the authoritative source for granting access to SSA’s network and resources. Within the EWANS System is the mainframe user repository, called TOP SECRET, which grants access and permissions for all SSA employees and contractors that require SSA systems access. In order to process and grant access to SSA’s system resources, an SSA management official files a Form SSA-120 “Application for Access to SSA Systems” that contains the user’s name and Social Security Number (SSN). This information is entered into TOP SECRET, which serves as the authoritative source for granting access. Users are then issued a unique Personal Identification Number (PIN).
The EWANS System does not in and of itself use, collect, or maintain personal information about members of the public. The various other GSSs and MAs that perform the Agency’s programmatic and administrative work, for which SSA has conducted and published Privacy Impact Assessments, cover the use, collection, maintenance, and dissemination of the public’s information.
We will disclose the personal information maintained in this system only as necessary to SSA management officials and systems security employees who require the information in performing their official duties, to the individual that the information pertains as permitted by the Privacy Act, or as otherwise permitted by Federal law. EWANS is accessible to members of the public only to the extent that it provides the platform that runs the SSA Internet web site by which the public can access SSA’s online resources covered by the various Agency GSSs and MAs. The TOP SECRET repository, which is part of EWANS containing the users’ PINs is not accessible to members of the public.
· Describe the administrative and technological controls that are in place or that are planned to secure the information being collected.
The EWANS System has undergone authentication and security risk assessments. The latter includes an evaluation of security and audit controls proven to be effective in protecting the information collected, stored, processed, and transmitted by our information systems. These include technical, management, and operational controls that permit access to those users who have an official “need to know.” Audit mechanisms are in place to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.
The EWANS System contains personal information (name and SSN) for Agency employees and contractors that require systems access. We protect the applications and systems covered by the EWANS System by requiring employees who are authorized to access the information system to use a unique PIN. In addition, we store the computerized records applicable to the applications and systems covered by the EWANS System in secure areas and access is approved and granted to those employees who require it to perform their official duties. Furthermore, all of our employees who have access to our information systems that maintain personal information must sign a sanction document annually that acknowledges penalties for unauthorized access to, or disclosure of, such information.
· Describe the impact on individuals’ privacy rights.
Are individuals afforded an opportunity to decline to provide information?
We collect information only where we have specific legal authority to do so in order to administer our responsibilities under the Social Security Act. When we collect personal information from individuals, including employees and contractors, we advise them of our legal authority for requesting the information, the purposes for which we will use and disclose the information, and the consequences of their not providing any or all of the requested information. The individuals can then make informed decisions as to whether or not they should provide the information.
Are individuals afforded an opportunity to consent to only particular uses of the information?
When we collect information from individuals, including employees and contractors, we advise them of the purposes for which we will use the information. We further advise them that we will disclose this information without their prior written consent only when we have specific legal authority to do so (e.g., the Privacy Act).
· Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?
No. EWANS is covered by an existing system of records, Personal Identification Number File (60-0214), and it does not require any alterations.
PIA CONDUCTED BY PRIVACY OFFICER, SSA:
September 5, 2008__
PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:
/s/ David F. Black________ September 8, 2008__