Report of Proposed New Privacy Act System of Records - Central Repository of Electronic Authentication Data Master File (60-0373)

SOCIAL SECURITY ADMIISTRATIO
REPORT OF PROPOSED EW PRIVACY ACT SYSTEM OF RECORDS:
Central Repository of Electronic Authentication Data Master File, (60-0373)

I. Background and Purpose of the System of Records
We provide electronic services, such as our automated telephone and Internet
applications, to persons doing business with us. When users choose our electronic
services, they must provide their personally identifiable information (PII). We
use their PII to verify their identities. Upon successful verification, we are able to
recognize the users’ identities and authorize them to conduct business with us
electronically.
This system of records supports our agency’s objectives to expand electronic
services and to provide strong and secure authentication procedures. For security
reasons, we must be able to determine, with confidence, persons are who they
claim to be each time they choose our electronic services.
II. Compliance with the Paperwork Reduction Act
The Paperwork Reduction Act controls data collection for this system of records.
We are complying with the requirements of this statute.
III. Authority for Maintenance of the System of Records
Section 205(a) of the Social Security Act; the Government Paperwork Elimination
Act (P.L. 105-277); the Internal Revenue Code (26 U.S.C. § 6103(l)(1)(A)); and
the Federal Information Security Management Act of 2002 (Title III) of the
E-Government Act of 2002 (P.L. 107-347).
IV. Routine Use Disclosures of Data Maintained in the System of Records
In accordance with the Privacy Act (5 U.S.C. §§ 552a(a)(7) and (b)(3)) and our
disclosure regulations (20 C.F.R. Part 401), we are proposing to establish routine
use disclosures of data that we will maintain in this system of records. We
discuss the proposed routine uses and provide an explanation of how each one
meets the compatibility requirements of the Privacy Act and our disclosure
regulations in the “Supplementary Information” section of the attached preamble.
V. Evaluation of the Probable or Potential Effects of the System of Records on
the Rights of Individuals
We will adhere to all applicable statutory requirements, including those under the
Social Security Act and the Privacy Act, in carrying out our responsibilities.

2
Therefore, we do not anticipate that the system of record will have any
unwarranted adverse effect on the privacy or other rights of persons.
VI. The Reasons for Individual Retrieval of Records
In order to authenticate persons using our electronic services, we must be able to
verify their identities by matching the PII they provide with the data we maintain
in this system of records. Accordingly, we will retrieve information from this
system of records by a person’s name and other associated identifying
information.
VII. A Description of the Steps Taken to Minimize the Risk of Unauthorized
Access to the System of Records
We retain electronic files with personal identifiers in secure storage areas
accessible only to our authorized employees and contractors who have a need for
the information when performing their official duties. Security measures include
the use of access codes (personal identification number (PIN) and password) to
enter our computer systems that house the data. We will maintain audit trails of
all access to this information in accordance with agency security policy and
Federal retention standards.
We annually provide all our employees and contractors with security awareness
and training. This training includes the need to protect PII and the criminal
penalties that apply to the unauthorized access to, or disclosure of, PII.
Employees and contractors with access to databases maintaining PII must also
sign a sanction document annually, acknowledging their accountability for
inappropriately accessing or disclosing such information.
VIII. Supporting Documentation
A. Preamble and otice of System of Records - We have attached a copy of
the document.
B. Agency Rules – The system of records does not require any changes to
existing agency rules.
C. Exemptions Requested - We are not requesting any exemptions from
specific provisions of the Privacy Act.
D. Matching Reports - The system of records will not involve any computer
matching programs as defined by the Privacy Act.