Privacy Home / Privacy Impact Assessments (PIAs) / Title II Redesign

Title II Redesign

·         Name of project.

      Title II Redesign

·         Unique project identifier.

      016-00-01-02-01-2045-00-112-036

·         Privacy Impact Assessment Contact.

      Director
      Division of Title II Eligibility
      Office of Retirement and Survivors Insurance Systems
      Social Security Administration
      6401 Security Boulevard
      Baltimore, MD 21235    

·         Describe the information to be collected, why the information is being collected, the intended use of the information and with whom the information will be shared.

The Title II Redesign project will not result in any new collection of information.  Instead, it will combine a number of separate systems in order to provide a single system for processing virtually all title II initial claims and client initiated post-entitlement actions in an online interactive mode.  These existing systems maintain the basic information SSA collects to determine entitlement to benefits under Social Security programs and includes personal identification data about individuals such as names, dates of birth, Social Security numbers, marital status, etc.  Other information includes earnings data and Supplemental Security Income for the Aged, Blind and Disabled (SSI) data, data from the Centers for Medicare and Medicaid Services (CMS) for Medicare considerations and data from the Railroad Retirement Board.  We generally disclose this information only as necessary to process an individual’s claim for benefits or as authorized by Federal law (e.g., we share information with the Department of Veterans Affairs to administer their programs that are similar to SSA programs). 

·         Describe the administrative and technological controls that are in place or that are planned to secure the information being collected.

Title II Redesign is a collection and consolidation of existing processes that have previously undergone risk analyses and have IT Security Plans in place.  These include security and audit controls proven effective in protecting the information collected and processed by the applications.  These controls include access control technologies and policies enforcing protection by default and access based upon least privilege and need to know.  All processing occurs behind multi-layer firewall protection with a complete audit trail of sensitive transactions to protect information from unauthorized disclosure or modification.

Access to these records is restricted to those employees who have a need for the records in order to perform their official duties.  Access controls include the use of armed security guards that control entrances and exits to buildings housing the records and the use of access controls such as personal identification numbers and passwords to gain access to records that are maintained electronically.

·         Describe the impact on individuals’ privacy rights.

Are individuals afforded an opportunity to decline to provide information? 

We collect information only where we have specific legal authority to do so and this information is collected primarily to administer our responsibilities under the Social Security Act.  When we collect information from individuals, we advise them of our legal authority for requesting the information and explain the effect(s) on him/her if they choose not to provide the information.  The individual can then make an informed decision of whether to provide the information or not.

Are individuals afforded an opportunity to consent to only particular uses of the information?

When we collect information from individuals, we advise them of the purposes for which we will use the information.  We further advise them that we will disclose this information without their prior written consent only when we have specific authority in Federal statute (e.g., the Privacy Act) to do so.

·         Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?

Since SSA’s title II claims process requires information that is collected and maintained for purposes related to other business processes, there are currently Privacy Act systems of records in existence.  This project is essentially a technical design that replaces old transaction processing software with a new set of streamlined code that supports existing SSA business processes.

PIA CONDUCTED BY PRIVACY OFFICER, SSA:

Privacy Officer Jonathan Cantor Signature               

______________________________                       _09/02/05 _

SIGNATURE                                                                  DATE

 

PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:

_/S/ Thomas W. Crawley__________                      _09/08/05__

SIGNATURE                                                                    DATE