Privacy Home / Privacy Impact Assessments (PIAs) / iAppeals – (Internet Appeals and Disability Report)

iAppeals – (Internet Appeals and Disability Report)

·         Name of project

      iAppeals – (Internet Appeals and Disability Report)

·         Unique project identifier

PID 5400

·         Privacy Impact Assessment Contact

Office of Electronic Services

Social Security Administration

6401 Security Boulevard

Baltimore, MD 21235

·         Background

In response to the public's requests for more Internet electronic services and the requirements of the Government Paperwork Elimination Act of 1998, we have created the iAppeals Internet application electronic service.  iAppeals allows most claimants who are appealing the medical decisions on both Title II and Title XVI disability claims to complete and submit the following appeal forms online:

·         i561 (Request for Reconsideration)

·         i501 (Request for Hearing By Administrative Law Judge)

·         i3441 (Disability Report Appeal)

The iAppeals Internet application electronic service also incorporates instructions and self-help available online. 

·         Describe the information we plan to collect, why we will collect the information, how we intend to use the information, and with whom we will share the information.

We will collect and maintain the claimant’s name, Social Security number (SSN), and date of birth, and date of notice of decision.  To assist us verifying the claimant’s identity and before we grant the claimant online access to iAppeals, we also may collect knowledge-based authentication data, which is information the claimant provides to us or that we already maintain in our existing Privacy Act system of records.  We will collect only that information necessary to verify the claimant’s identity.  We will link any newly collected information with information we previously collected when the claimant filed for an SSN.  The data we maintain also may include archived transaction and historical data.

We will disclose information collected and maintained in this system only to our employees and contractors who require the information to perform their official duties; to the subject of the record; and to other persons pursuant to an applicable routine use provision as authorized by the Privacy Act, or as otherwise permitted by Federal law.  For example, under a Privacy Act routine use, we can disclose information to contractors, as necessary, to assist us in efficiently administering our programs.

We will not disclose any information defined as “return or return information” under

26 U.S.C. § 6103 of the Internal Revenue Code (IRC) unless authorized by statute, the IRC, the Internal Revenue Service (IRS), or IRS regulations.

·         Describe the administrative and technological controls we have in place or that we plan to use to secure the information we will collect.

Our security includes technical, management, and operational controls that permit access to our information only to persons with an official “need to know.”  We maintain electronic files with personal identifiers in secure storage areas.  Security measures include the use of access codes (personal identification number and password) to enter our computer systems that house the data.  Audit mechanisms are in place to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.

We provide appropriate security awareness and training annually to all our employees and contractors that includes reminders about the need to protect personally identifiable information (PII) and the criminal penalties that apply to unauthorized access to, or disclosure of, PII.  See 5 U.S.C. § 552a(i)(1).  Furthermore, employees and contractors with access to databases maintaining PII must sign a sanction document annually that acknowledges their accountability for inappropriately accessing or disclosing such information.

·         Describe the impact on persons’ privacy rights.  Do we afford people an opportunity to decline to provide information? 

Yes.  We have legal authority to collect this information to administer our responsibilities under the Social Security Act.  When we collect information from claimants wishing to do business with us through iAppeals, we use our Privacy Act Statement to advise them of our legal authority for requesting the information and explain the possible effects if they choose not to provide the information.  Claimants can then make an informed decision whether or not to provide the information.

·         Do we afford people an opportunity to consent to only particular uses of the information?

No.  When we collect a person’s information, we advise that person of the purposes for which we will use the information.  We further advise the person that we will disclose the information without written prior consent only when we have specific legal authority to do so (e.g., the Privacy Act of 1974).  We do not otherwise offer persons an opportunity to determine how and with whom we share their information.

·         Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?

No.  The Master Files of Social Security Number (SSN) Holders and SSN Applications (60-0058) and the Central Repository of Electronic Authentication Data Master File (60-0373) Privacy Act systems of records (SORs) cover the information we collect for this Internet application electronic service.  These SORs are available at http://www.ssa.gov/privacy/sorn/60-0058.htm and http://www.ssa.gov/privacy/sorn/60-0373.htm.

/s/ Dawn S. Wiggins                                                November 14, 2011

SIGNATURE                                                          DATE

PIA REVIEWED BY SSA SENIOR AGENCY PRIVACY OFFICIAL:

/s/ David F. Black                                                    November 16, 2011             

SIGNATURE                                                          DATE