Effective Date: January 11, 2006
(71 F.R. 1849)
SOCIAL SECURITY ADMINISTRATION NOTICE OF SYSTEM OF RECORDS REQUIRED BY
THE PRIVACY ACT OF 1974
SYSTEM NUMBER: 60-0232
System name:
Central Registry
of Individuals Doing Business With SSA (Vendor File), Social Security
Administration, Deputy Commissioner for Finance, Assessment and Management,
Office of Financial Policy Operations.
Security classification:
None.
System Location:
Social Security Administration
Room
2-B-4
Categories of individuals covered by the system:
Individuals
who are the recipients of Federal Domestic Assistance Grants or of contracts
awarded by the Social Security Administration (SSA).
Categories of records in the system:
An index of
names, addresses and Social Security numbers (SSN) of individuals or tax
identification numbers (TIN) or employer identification numbers (EIN) of
employer business entities doing business with SSA. The Central Registry
(Vendor File) (VF) contains banking information, routing and transit numbers
(RTAS) and deposit account numbers (DAN) for direct deposit payments for
vendors. No other personally identifiable data are maintained. The index is
termed public information since data relative to Federal Domestic Assistance
and contracts are public information.
Authority for maintenance of the system:
5
U.S.C. 301.
Purpose(s):
This registry is maintained to provide a
standard code to uniquely identify entities, including individuals, together
with mailing address and other characteristic data, to all principal operating
components, agencies, regional offices and staff offices of SSA. The use of a
single code per entity in all SSA data systems enhances communications with an
entity, as well as diminishing the need to maintain duplicative data and files
at various locations. Major categories of entities in the central registry are
those awarded contracts and grants under Federal Domestic Assistance programs.
Only those persons in SSA with a
“need to know” have access to the published registry and to
the automated records. The Code Book provides a listing of data processing
numbers for grant, contract and financial transactions. These numbers are used
to access the name and address of the individual in the Automated Library
(Central Registry). The information is used for check preparation, reports,
mailings, etc.
Routine uses of records maintained in the system, including categories
of users and the purposes of such uses:
Disclosure may
be made for routine uses as indicated below:
1. To a congressional office in response to
an inquiry from that office made at the request of the subject individual.
2. To the Department of Justice (DOJ), a
court or other tribunal, or another party before such tribunal, when:
(a) The Social Security Administration
(SSA), or any component thereof; or
(b) Any SSA employee in his/her official
capacity; or
(c) Any SSA employee in his/her individual
capacity where DOJ (or SSA, where it is authorized to do so) agreed to
represent the employee; or
(d) The United States or any agency thereof
where SSA determines that the litigation is likely to affect SSA or any of its
components, is a party to the litigation or has an interest in such litigation,
and SSA determines that the use of such records by DOJ, a court or other
tribunal, or another
party before such tribunal, is relevant and necessary to the litigation and
would help in the effective representation of the governmental party, provided
however, that in each case, SSA determines that such disclosure is compatible
with the
purpose for which the
records were collected.
3. To the Department of Justice in the
event the Social Security Administration deems it desirable or necessary, in
determining whether particular records are required to be disclosed under the
Freedom of Information Act for the purpose of obtaining its advice.
4. To a Federal, State or local agency
maintaining civil, criminal or other relevant enforcement records or other
pertinent records, such as current licenses, if necessary to obtain a record
relevant to an Agency decision concerning the hiring or retention of an
employee, the issuance of a security clearance, the letting of a contract, or
the
issuance of a license,
grant or other benefit.
5. To a Federal agency, in response to its
request, in connection with the hiring or retention of an employee, the
issuance of a security clearance, the reporting of an investigation of an
employee, the letting of a contract, or the issuance of a license, grant, or
other benefit by the requesting agency, to the extent that the record is
relevant and necessary to the requesting agency's decision on the matter.
6. To a Federal agency having the power to
subpoena records, for example, the Internal Revenue Service or the Civil Rights
Commission in response to a subpoena for information contained in this system
of records.
7. To officials of labor organizations
recognized under 5 U.S.C. Chapter 71 when relevant and
necessary to their duties of exclusive representation concerning personnel
policies, practices, and matters affecting conditions of employment.
8. To student volunteers, individuals
working under a personal services contract, and other workers who technically
do not have the status of Federal employees, when they are performing work for
the Social Security Administration (SSA), as authorized by law, and they need
access to personally identifiable information in SSA records in order to
perform their assigned Agency functions.
9. To the General Services Administration
and the National Archives Records Administration (NARA) under 44 U.S.C. 2904
and 2906, as amended by the NARA Act of 1984, information which is not
restricted from disclosure by Federal law for the use of those agencies in
conducting records management studies.
10. To contractors and other Federal
agencies, as necessary, for the purpose of assisting the Social Security
Administration (SSA) in the efficient administration of its programs. We will
disclose information under this routine use only in situations in which SSA may
enter into a contractual or similar agreement with a third party to assist in
accomplishing an agency function relating to this system of records.
11. We
may disclose information to appropriate Federal, State, and local agencies,
entities, and persons when (1) we suspect or confirm that the security or
confidentiality of information in this system of records has been compromised;
(2) we determine that as a result of the suspected or confirmed compromise
there is a risk of harm to economic or property interests, identity theft or
fraud, or harm to the security or integrity of this system or other systems or
programs of SSA that rely upon the compromised information; and (3) we
determine that disclosing the information to such agencies, entities, and
persons is necessary to assist in our efforts to respond to the suspected or
confirmed compromise and prevent, minimize, or remedy such harm. SSA will use
this routine use to respond only to those incidents involving an unintentional
release of its records.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
Records are
maintained in automated form (e.g., disc packs and magnetic tapes) and in paper
form (e.g., Hard copy code booklets) at central computer sites.
Retrievability:
Records are
retrieved by either name, SSN or other characteristic
data.
Safeguards:
Only specified
employees have access to the vendor file database. A security profile is
maintained in the computer system to limit and monitor access. Authorized
employees must have a personal identification number (PIN) and password to access
the system and
clearance for the proper
security profile to access the vendor file. Certain functions, such as “Delete”
or “Purge,” cannot be performed unless the vendor file systems administrator
implements the function. Access http://www.socialsecurity.gov/foia/bluebook/
app--g.htm for additional information relating to SSA data
security measures.
Retention and disposal:
Records are
purged from the automated file every two years; only persons actively dealing
with SSA remain on file. Code Books are replaced each year. Inactive books are
destroyed.
System manager(s) and address(es):
Social Security Administration
Office
of Finance
Division of Administrative Payments
2-B-4
Notification procedures:
An individual
can determine if this system contains a record about him/her by writing to the
system manager(s) at the above address and providing his/her name, SSN or other
information that may be in the system of records that will identify him/her. An
individual requesting notification of records in person should provide the same
information, as well as provide an identity document, preferably with a
photograph, such as a driver's license or some other means of identification.
If an individual does not have any identification documents sufficient to
establish his/her identity, the individual must certify in writing that he/she
is the person claimed to be and that he/she understands that the knowing and
willful request for, or acquisition of, a record pertaining to another
individual under false pretenses is a criminal offense. If notification is requested by telephone,
an individual must verify his/her identity by providing identifying information
that parallels information in the record to which notification is being requested.
If it is determined that the identifying information provided by telephone is
insufficient, the individual will be required
to submit a
request in writing or in person. If an individual is requesting information by
telephone on behalf of another individual, the subject individual must be connected
with SSA and the requesting individual in the same phone call.
SSA will establish the subject individual's
identity (his/her name, SSN, address, date of birth and place of birth, along
with one other piece of information, such as mother's maiden name) and ask for
his/her consent in providing information to the requesting individual.
If a request for notification is submitted
by mail, an individual must include a notarized statement to SSA to verify
his/her identity or must certify in the request that he/she is the person
claimed to be and that he/she understands that the knowing and willful request
for, or acquisition of, a record pertaining to another individual under false
pretenses is a criminal offense. These procedures are in accordance with SSA
Regulations (20 CFR 401.40(c)).
Record access procedures:
Same
as Notification procedures. Requesters should also reasonably specify
the record contents being sought. These procedures are in accordance with SSA
Regulations (20 CFR 401.40(c)).
Contesting record procedures:
Same
as Notification procedures. Also, requesters should reasonably
identify the record, specify the information they are contesting and corrective
action sought, and the reasons for the correction, with supporting justification
showing how the record is incomplete,
inaccurate, untimely or
irrelevant. These procedures are in accordance with SSA Regulations (20 CFR
401.65(a)).
Record source categories:
Grant
and Contract documents. Names, SSNs, TINs, RTAS, DANs and addresses
are provided by the individual when applying for a grant or contract from the
SSA.
Systems exempted from certain provisions of the Privacy Act:
None.