Social Security Administration
Office of the Inspector General
Privacy Impact Assessment (PIA)
Title of System or Information Collection: National Investigative Case Management System (NICMS)
Contact name and telephone number: Michael Arbuco, (410) 966-1162
Is this System or Information Collection new or is an existing one being modified?
The information that will be collected is covered under an existing electronic Privacy Act system of records, OIG-001 – Criminal Investigative Files of the Inspector General, SSA/OIG and OIG-002 – Civil and Administrative Investigative Files of the Inspector General, SSA/OIG. 60 FR 19619 (April 19, 1995). This PIA addresses a new electronic system for the collection of investigative and related information designed to provide greater flexibility and ease of information access and does not change the actual information collected or the reason we collect it.
Unique Project Identifier Number: R320040710
OMB Information Collection Approval Number and Expiration Date: N/A
1. Provide an overview of the system or collection and indicate the legislation authorizing this activity.
The OIG National Investigative Case Management System is a centralized information system supporting the OIG’s mission. See http://www.ssa.gov/oig/about/mission.htm (OIG Mission Statement). The Inspector General Act of 1978, as amended (IG Act), authorizes the Inspectors General “to make such investigations and reports relating to the administration of the programs and operations of the applicable establishment as are, in the judgment of the Inspector General, necessary or desirable." 5 U.S.C. App. 3, § 6(a)(2). The system is maintained for the purpose of documenting, tracking, and reporting OIG’s investigative activities.
NICMS documents OIG review of allegations and complaints concerning SSA programs and operations; aids in civil and criminal prosecutions, civil monetary penalty actions, and other litigation relating to OIG investigations; tracks investigative and litigation activities; documents the activities which were the subject of investigations; facilitates the reporting of results of OIG investigations to other SSA components for their use in operating and evaluating SSA programs, including administrative sanction proceedings (see 42 U.S.C. § 1320a-8a); and serves as a repository and source for information necessary to fulfill statutory reporting requirements. See 5 U.S.C. App. 3 § 5.
2. Describe the information the agency will collect and how the agency will use the collected information. Explain how the data collected are the minimum necessary to accomplish the purpose for this effort.
Categories of individuals covered by the system: Individuals relevant to OIG’s investigative activities, including but not limited to the subjects of an investigation, complainants, and key witnesses where necessary for documentary identification purposes.
Categories of records in the system: Criminal investigative records; civil and administrative investigative records
3. Explain why the information is being collected.
This system contains information required to effectively and efficiently execute the mission of the OIG. This includes supporting investigative management activities and day-to-day administrative management needs.
4. Identify with whom the agency will share the collected information.
uses for OIG record systems OIG-001 and OIG-002 are published in the Federal
Register at 60 FR 19619 (April 19, 1995)(incorporating by reference
57 FR 43190 (Sept. 30, 1982), 55 FR 46248 (Nov. 2, 1990)). Disclosures from NICMS will comply with the
existing systems notices.
5. Describe how the information will be obtained, from whom it will be collected, what the suppliers of information and the subjects will be told about the information collection, and how this message will be conveyed to them (e.g., written notice, electronic notice if a web-based collection, etc.). Describe any opportunities for individuals to decline to provide information or to consent to particular uses of the information and how individuals can grant consent.
The OIG obtains information from a wide variety of sources during the conduct of its activities, including information from SSA and other Federal, State, and local agencies, witnesses, complainants and other nongovernmental sources. See 60 FR 19619 (April 19, 1995)(incorporating by reference 57 FR 43190 (Sept. 30, 1982), 55 FR 46248 (Nov. 2, 1990)). We collect information only where we have specific legal authority to do so and this information is collected primarily to meet our responsibilities under the Inspector General Act.
Individuals rights relating to the records systems documented in NICMS are set out in the Privacy Act, 5 U.S.C. § 552a. Pursuant to subsection § (j)(2) of the Privacy Act, 5 U.S.C. § 552a(j)(2), the Inspector General for Social Security has exempted the criminal investigative files from certain provisions of the Privacy Act. See 55 FR 46248 (Nov. 2, 1990) (incorporated by reference in 60 FR 19619 (April 19, 1995)). In addition, the Inspector General for Social Security has exempted the civil and administrative investigative files from certain provisions of the Privacy Act pursuant to 5 U.S.C. § 552a(k)(2). See 20 C.F.R. § 401.85(b)(2)(ii)(D).
6. Describe security measures in place to protect the information.
Records are maintained in a restricted area and accessed only by SSA OIG personnel. Access within OIG is strictly limited to authorized staff members. Technological controls include multi-layer firewall architectures on LAN components. We will safeguard the security of information by requiring the use of access codes to enter the computer systems that will maintain the data and will store computerized records in secured areas that are accessible only to employees who require the information to perform their official duties. OIG is in the process of conducting risk analyses of NICMS and preparing a System Security Plan. These efforts include the identification and mitigation of risks associated with all aspects of information security including unauthorized disclosure of privacy and personal information. OIG intends to secure Certification and Accreditation of the system before it is implemented. The security certification is being conducted in accordance with Office of Management and Budget Circular A-130, Appendix III, Security of Federal Automated Information Resources, NIST Special Publication 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems, and SSA policy on security certification and accreditation.
All employees are given instructions on the sensitivity of such NICSM files and the restrictions on disclosure. Access within SSA OIG is strictly limited to employees on a need-to-know basis. All computer files and printed listings are safeguarded in accordance with the provisions of the National Institute of Standards and Technology Federal Information Processing Standards 31 and applicable Social Security Administration security guidelines. Any manually maintained records will be kept in locked cabinets or in otherwise secure areas. Furthermore, SSA OIG employees having access to SSA OIG databases maintaining personal information must sign a sanction document annually, acknowledging their accountability for making unauthorized access to or disclosure of such information.
7. Describe plans for retention and destruction of data collected.
In accordance with the OIG Records Retention Schedule, investigative files and associated media are retained for a minimum of 5 years from the end of the fiscal year in which the associated investigation is closed. There may be certain factors, such as a subsequent investigation, which would necessitate retaining investigative files for longer periods.
whether a system of records is being created under section 552a of Title 5,
The information that will be collected is covered under existing Privacy Act record systems: OIG-001 – Criminal Investigative Files of the Inspector General, SSA/OIG , and OIG-002 – Civil and Administrative Investigative Files of the Inspector General, SSA/OIG. 60 FR 19619 (April 19, 1995). This PIA addresses the method we use to collect the information in NICMS, and does not change the actual information collected or the reason we collect it.
Judy Ringle Michael Arbuco Robert Meekins
Attorney-Adviser Director, Software Deputy Assistant Inspector for Development and Support Executive Operations
Date: 01/25/05 Date: 01/25/05 Date: 01/25/05