Access to Financial Institution Info FY07
· Name of project
Access to Financial Institution Information
· Unique project identifier.
· Privacy Impact Assessment Contact.
Division of Data Management
Office of Quality Data Management
Office of Quality Performance
Social Security Administration
6401 Security Boulevard
Baltimore, MD 21235
· Describe the information to be collected, why the information is being collected, the intended use of the information and with whom the information will be shared.
The Access to Financial Institution Information project will not result in any new collection of information. Instead, it involves going from a paper-based process to an electronic process. The project involves the verification of income and assets for applicants for and recipients of supplemental security income (SSI) payments, including those held in financial institutions (FI). We generally disclose this information only as necessary to process an individuals claim for benefits or as authorized by Federal law (e.g., we share information with the Department of Veterans Affairs to administer their programs that are similar to SSA programs).
· Describe the administrative and technological controls that are in place or that are planned to secure the information being collected.
Information processed and stored by this application resides behind multi-layer firewall protection in an environment controlled by security software and technology based upon need to know access and least privilege policy. Risk analyses of financial processing environments are required and all security controls undergo rigid testing and verification procedures detailed in SSAs lifecycle program and IT Security Policy.
Access to these records is restricted to those employees who have a need for the records in order to perform their official duties. Access controls include personal identification numbers and passwords to gain access to electronic records.
· Describe the impact on individuals privacy rights.
Are individuals afforded an opportunity to decline to provide information?
We collect information only where we have specific legal authority to do so and this information is collected primarily to administer our responsibilities under the Social Security Act. When we collect information from individuals, we advise them of our legal authority for requesting the information and explain the effect(s) on him/her if they choose not to provide the information. The individual can then make an informed decision of whether to provide the information or not.
Are individuals afforded an opportunity to consent to only particular uses of the information?
When we collect information from individuals, we advise them of the purposes for which we will use the information. We further advise them that we will disclose this information without their prior written consent only when we have specific authority in Federal statute (e.g., the Privacy Act) to do so.
Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. 552a) or an alteration to an existing system of records?
No, this is a change in the method we use to collect the information and does not change the actual information collected or the reason we collect it. The information that will be collected is covered under an existing electronic Privacy Act system of records, Supplemental Security Income Record and Special Veterans Benefits
PIA CONDUCTED BY PRIVACY OFFICER, SSA:
PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:
_/S/ Thomas W. Crawley____________ 09/08/05__