· Name of project.
· Unique project identifier.
· Privacy Impact Assessment Contact.
Paperless Project Manager
Division of Electronic Document Management Systems
Office of Enterprise Support, Architecture and Engineering
Social Security Administration
6401 Security Boulevard
Baltimore, MD 21235
· Describe the information to be collected, why the information is being collected, the intended use of the information and with whom the information will be shared.
The Paperless Processing Centers project will not result in any new collection of information. Instead, it involves converting existing paper records into an electronic form. These paper records include the basic information SSA collects to determine entitlement to benefits under Social Security programs. We generally disclose this information only as necessary to process an individual’s claim for benefits or as authorized by Federal law (e.g., we share information with the Department of Veterans Affairs to administer their programs that are similar to SSA programs).
· Describe the administrative and technological controls that are in place or that are planned to secure the information being collected.
In order to ensure that the electronic housing of these converted paper records is controlled in a manner consistent with previous security controls, there is comprehensive IT Security Policy that provides technological and administrative controls over this process. Logical access is strictly limited to need to know and is supported by a separation of duties policy and strict adherence to least privilege access allowances. This means that access to these records is restricted to those employees who have a need for the records in order to perform their official duties.
Additional access controls include the use of armed security guards that control entrances and exits to buildings housing the records and the use of access controls such as personal identification numbers and passwords to gain access to records that are maintained electronically.
· Describe the impact on individuals’ privacy rights.
Are individuals afforded an opportunity to decline to provide information?
We collect information only where we have specific legal authority to do so and this information is collected primarily to administer our responsibilities under the Social Security Act. When we collect information from individuals, we advise them of our legal authority for requesting the information and explain the effect(s) on him/her if they choose not to provide the information. The individual can then make an informed decision of whether to provide the information or not.
Are individuals afforded an opportunity to consent to only particular uses of the information?
When we collect information from individuals, we advise them of the purposes for which we will use the information. We further advise them that we will disclose this information without their prior written consent only when we have specific authority in Federal statute (e.g., the Privacy Act) to do so.
· Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?
No, the authority for SSA to maintain these electronic records that result from the conversion of the existing paper records is an existing system of records entitled, Claims Folders System (60-0089). There are a number of Agency projects underway that will lead to a new system of records to cover a generic electronic folder. The new generic folder will replace the existing Claims Folders System. However, until these other projects come to fruition, we will continue to operate under the existing Claims Folders System.
PIA CONDUCTED BY PRIVACY OFFICER, SSA:
______________________________ _09/02/05 _
PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:
_/S/ Thomas W. Crawley__________ _09/08/05__