Social Security Administration
Privacy Impact Assessment
· Name of Project
Benefit Offset National Demonstration (BOND) Project--The BOND Study
· Unique Project Identifier
· Privacy Impact Assessment Contact
BOND Contracting Officer Technical Representative
Office of Program Development and Research
Office of Retirement and Disability Policy
Social Security Administration
6401 Security Boulevard
Baltimore, MD 21235
The Office of Program Development and Research supports a number of demonstration projects (i.e., studies) designed to address the broad needs of beneficiaries with disabilities. These projects help us identify ways to better serve disabled persons including potentially changing our program rules to allow for better coordination among other Federal and state programs from which such persons receive assistance.
The BOND study is a key component of the agency’s Comprehensive Work Opportunities Initiative. In this study, we are testing special program rules for paying disability benefits to certain Social Security Disability Insurance (SSDI) beneficiaries who work. These special program rules are intended to assist SSDI beneficiaries in their efforts to work.
Specifically, we are testing the use of a benefit offset rule that is based on earnings as an alternative to certain rules that we currently apply to SSDI beneficiaries who work. Under the benefit offset rule, we will reduce SSDI benefits by $1 for every $2 that a beneficiary earns above a Substantial Gainful Activity threshold amount. The benefit offset will allow a beneficiary to receive reduced SSDI benefit payments when we would ordinarily stop payments or terminate entitlement under our usual rules because of the beneficiary’s work and earnings.
Our goal in this study is to determine whether the availability of a benefit offset alone, or in combination with enhanced benefits counseling services, will encourage SSDI beneficiaries to return to work or increase their earnings.
We will use three systems to implement and evaluate the BOND study. We contracted with Abt Associates, Inc., and Lockheed Martin to develop these systems and application support services. Abt Associates, Inc. is building a standalone application called the BOND Operations Data System (BODS). The BODS will be externally housed outside SSA’s firewalls at the Integrated Communication Solutions Data Center in Frederick, Maryland. Lockheed Martin is building the BOND Stand-alone System (BSAS) and the BOND Web Services (BWS), which will be housed within SSA’s firewalls.
The BODS is a standalone application. BODS will not interface with our Mainframe systems. BODS will be a linked network of COTS (customize off-the-shelf) solutions and customized components that will support and track the BOND study. BODS will store information needed for the evaluation of the BOND study. BODS will store and manage information and provide security-based access to information for the BSAS. BODS will generate a data file that will be sent via BWS to BSAS regarding earnings calculations.
BOND Web Services is an application that can be accessed over the internet. BWS allows different applications from different sources to communicate with each other without time-consuming custom coding and are not tied to any one operating system or program language. BWS will allow a seamless one-way exchange of data from the BODS to the BSAS.
The BSAS will automate the manual adjustment credit and award process (MADCAP) action(s) for beneficiaries participating in the BOND study. Currently, MADCAP actions are the only process available to reduce SSDI benefits due to earnings. MADCAP actions include, but are not limited to, adjusting the monthly payment amount of beneficiaries participating in the BOND study, automating notices, maintaining a historical database, etc. BSAS will accept data files from BODS via Web Services. The file from BODS will contain information such as beneficiary name, SSN, earnings estimates, non-countable earnings, and dates of employment. BSAS will also capture and store information for query and historical purposes.
· Describe the specific legal authority and/or agreement for the collection of information.
Section 234 [42 U.S.C. 434] [Demonstration Project Authority] of the Social Security Act, as amended, authorizes us to collect and maintain this information. This section directs the Commissioner of SSA to carry out experiments and demonstration projects to determine the relative advantages and disadvantages of, among other items, various alternative methods of treating the work activity of persons receiving benefits based on Title II disability.
· Describe the information we plan to collect, why we will collect the information, how we intend to use the information, and with whom we will share the information.
We will collect and maintain only information that is necessary for the efficient and effective control, processing, and evaluation of the BOND study. We will collect and maintain sensitive personally identifiable information (PII) on BOND study participants (e.g., name, SSN, date of birth, income) along with information about their benefit status and their participation in the BOND study.
We will use data from program surveys, control group members, and from other SSA records in our evaluation of the BOND study. We will use the information we collect and maintain for the BOND study to:
We will share the information we collect and maintain with only our authorized employees and contractors who have a need for the information to perform their official duties in the BOND study. We will only disclose information outside the agency or the contractor (the BOND team) in a personally non-identifiable form, or as otherwise permitted under the Privacy Act or other Federal laws. We will disclose all published research and statistical data in a form whereby the information cannot be associated with a specific person.
We will not disclose any information defined as “return or return information” under 26 U.S.C. § 6103 of the Internal Revenue Code (IRC) unless authorized by statute, the IRC, the Internal Revenue Service (IRS), or IRS regulations.
· Describe the administrative and technological controls we have in place or that we plan to use to secure the information we will collect.
The BOND study is unique in that it has three systems. BODS is externally housed outside the SSA’s firewalls. The BWS and BSAS are housed inside the SSA’s firewalls.
BODS— The BODS system will send data through our firewalls via the BWS to the BSAS. The necessary privacy and security controls required by the National Institute of Standards and Technology (NIST) and SSA are in place for this system.
NIST standards incorporate updated effective practices for information security and best practices that provide broad based and comprehensive safeguards and countermeasures for protecting today’s information systems.
We have developed a System Security Plan (SSP) that includes but is not limited to the security controls required by NIST Special Publication 800-53, Security Controls for Federal Information Systems and Organizations. These security controls include managerial, operational, and technical controls. The SSP also includes an evaluation of security and audit controls proven effective in protecting the information collected, stored, processed, and transmitted by the BODS. We have ensured that the appropriate administrative and technological controls are in place to secure our data that meet our security requirements. We have reviewed and concurred with the policies and procedures that are in place to secure our data.
BWS and BSAS—Both the BSAS and BWS are subsystems of the Integrated Disability Management System, an Agency major system. We have developed a SSP that includes the minimum-security controls required by NIST Special Publication 800-53.
Our security controls include technical, management, and operational controls that permit access to our information only to persons with an official “need to know.” Audit mechanisms are in place to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification. We secure the electronic information by requiring the use of a unique Personal Identification Number and password. We employ security measures to protect access to information and preclude unauthorized disclosure or modification of records in the systems.
We store the computerized records in secure areas that are accessible only to those employees and contractors who require the information to perform their official duties. We provide appropriate security awareness training to all our employees and contractors annually that includes reminders about the need to protect PII and the criminal penalties that apply to unauthorized access to, or disclosure of, PII. See 5 U.S.C. § 552a(i)(1). Furthermore, employees and contractors with access to databases maintaining PII must annually sign a sanction document, acknowledging their accountability for inappropriately accessing or disclosing such information.
· Describe the impact on individuals’ privacy rights. Do we afford people an opportunity to decline to provide information?
Yes. Participants in this study sign a participant agreement. Persons who decline to sign the participant agreement are not in this study. We collect, maintain, and use information only where we have specific legal authority to do so in order to administer our responsibilities under the Social Security Act. When we collect information from persons, we advise them of our legal authority for requesting the information, the purposes for which we will use and disclose the information, and the consequences if they do not provide any or all of the requested information. The persons can then make informed decisions as to whether or not they should provide the information.
· Do we afford people an opportunity to consent to only particular uses of the information?
No. Participants in this study sign a participant agreement that contains a Privacy Act Statement advising them of the purposes for which we will use the information. We further advise participants that we will disclose this information without their prior written consent only when we have specific legal authority to do so (e.g., the Privacy Act). We do not otherwise offer persons an opportunity to determine how and with whom we will share their information.
· Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?
No. The systems that make up the BOND study do not require a new Privacy Act system of records or an alteration to an existing system of records. The information we will collect for the BOND study is covered under an existing Privacy Act System of Records (SOR) entitled, Disability Insurance and Supplemental Security Income Demonstration Projects and Experiments System, (60-0218). We published the SOR and its applicable routine uses in the Federal Register on January 11, 2006 (71 F.R. 1836). The SOR appropriately reflects the information covered as well as the purpose for which we collect, maintain, disclose, and use the information.
PIA CONDUCTED BY SSA PRIVACY OFFICER:
_/s/ Mona Finch__ ______ ___ 1/14/2011_____
PIA REVIEWED BY SSA SENIOR AGENCY PRIVACY OFFICIAL:
/s/ Thomas W. Crawley___ 1/19/2011______