Accelerated eDib (AeDib)
SOCIAL SECURITY ADMINISTRATION
PRIVACY IMPACT ASSESSMENT
· Name of project.
Accelerated eDib (AeDib)
· Unique project identifier.
· Privacy Impact Assessment Contact.Disability Program Manager
Office of Disability Systems
Social Security Administration
6401 Security Boulevard
Baltimore, MD 21235
· Describe the information to be collected, why the information is being collected, the intended use of the information and with whom the information will be shared.
The eDib claim file contains the name and Social Security number of the claimant or potential claimant for disability benefits and may contain the application for benefits; supporting evidence and documentation for initial and continuing entitlement; payment documentation; correspondence to and from claimants and/or representatives; information about representative payees; and leads information from third parties such as social service agencies, Internal Revenue Service, Veterans Administration and mental institutions.
The eDib claim file also may contain data collected as a result of inquiries or complaints and evaluation and measurement studies of the effectiveness of claims policies. Separate files may be maintained of certain actions, which are entered directly into the electronic processes. These relate to reports of changes of address, work status, and other post-adjudicative reports. We collect information in the eDib claim file only to the extent it is relevant and necessary to administer Social Security programs. Separate abstracts also are maintained for statistical purposes, i.e., disallowances, technical denials, and demographic and statistical information relating to disability decisions.
We generally disclose this information only as necessary to process an individual’s claim for benefits or as authorized by Federal law (e.g., we share information with the Department of Veterans Affairs to administer their programs that are similar to SSA programs).
· Describe the administrative and technological controls that are in place or that are planned to secure the information being collected.
The AeDib applications have undergone risk analyses and have completed System Security Plans on file. These efforts have included the identification and mitigation of risks associated with all aspects of Information Security including unauthorized disclosure of privacy and personal information. Some of the technological controls providing IT security services to this system include access control with denial by default implementation, multi-layer firewall architectures on LAN components, least privilege implementation of user access rights with only proven need to know as the approval criteria and complete auditability of all sensitive transactions with individual accountability.
The eDib Claim File is a repository. Only authorized SSA personnel who have a need for the information in the performance of their official duties will be permitted access to the information. We will safeguard the security of the information by requiring the use of access codes to enter the computer systems that will maintain the data and will store computerized records in secured areas that are accessible only to employees who require the information to perform their official duties. Any manually maintained records will be kept in locked cabinets or in otherwise secure areas. Furthermore, SSA employees having access to SSA databases maintaining personal information must sign a sanction document annually, acknowledging their accountability for making unauthorized access to or disclosure of such information.
· Describe the impact on individuals’ privacy rights.
Are individuals afforded an opportunity to decline to provide information?
We collect information only where we have specific legal authority to do so and this information is collected primarily to administer our responsibilities under the Social Security Act. When we collect information from individuals, we advise them of our legal authority for requesting the information and explain the effect(s) on him/her if they choose not to provide the information. The individual can then make an informed decision of whether to provide the information or not.
The new eDib Claims File will maintain only that information that is necessary for the efficient and effective control and processing of disability applications from the initial phase through the appeals process and includes the CDR process. Security measures will be employed that protect access to and preclude unauthorized disclosure of records in the system.
Are individuals afforded an opportunity to consent to only particular uses of the information?
When we collect information from individuals, we advise them of the purposes for which we will use the information. We further advise them that we will disclose this information without their prior written consent only when we have specific authority in Federal statute (e.g., the Privacy act) to do so.
· Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?
Yes, a new system of records was established on
PIA CONDUCTED BY PRIVACY OFFICER, SSA:
PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:
_/S/ Thomas W. Crawley__________ _09/08/05__