SSN Justification

April XX 2013

MEMORANDUM FOR DEFENSE PRIVACY AND CIVIL LIBERTIES OFFICE

THROUGH: OSD/JS PRIVACY OFFICE

SUBJECT: Justification for the use of the Social Security Number (SSN) – Synchronized Pre-Deployment and Operational Tracker - Enterprise Suite (SPOT-ES)

This memorandum is to satisfy the requirements of the Department of Defense

Instruction (DoDI) 1000.30, “Reduction of Social Security Number (SSN) Use Within DoD,”

requiring justification to collect and use the SSN in the SPOT-ES system.

The SPOT-ES consists of three automated information systems: The Synchronized Predeployment and Operational Tracker (SPOT), The Total Operational Picture Support System (TOPSS), and the Joint Asset Movement Management System (JAMMS).

SPOT allows Department of Defense (DoD), Department of State (DoS), U.S. Agency for International Development (USAID) and other Federal Agencies and as well as Combatant Commanders the ability to plan, manage, track, account for, monitor and report on contracts, companies and contractor employees during planning, operation and drawdown of any contingency, peacekeeping, humanitarian or disaster-recovery operation both within and outside of the United States. SPOT is a web-based system providing a repository of military, Government civilian and contractor personnel and contract information for DoD, DoS, USAID and other Federal Agencies as well as Combatant Commanders to centrally manage their deploying, deployed and redeploying assets via a single authoritative source for up-to-date visibility of personnel assets and contract capabilities. The SPOT products are also used as a management tool for statistical analysis, tracking, reporting, evaluating program effectiveness and conducting research.

The Total Operational Picture Support System (TOPSS ) web-based application integrates the information in SPOT to provide trend analysis, widgets and reports from different views based on the user access level and parameters they select to support DoD, DoS, USAID, other Federal Agencies and theater commander requirements.

The Joint Asset Movement Management System (JAMMS) is a stand-alone application that scans identity credentials (primarily held by military, Government civilians and contractors) at key decentralized locations, such as dining facilities, billeting, central issue facilities and aerial ports of debarkation and collects location, time, date and type of government furnished services consumed on the individual.

Use of the SSN within the SPOT-ES system falls under the acceptable use 8, Computer Matching. SPOT is required by 10 U.S.C. 2302, note, Contracts in Iraq and Afghanistan and Private Security Contracts in Areas of Other Significant Military Operations. The suite of SPOT applications require all contractor companies that deploy contractors on behalf of the DoD, DOS, USAID and other Federal Agencies in support of contingency, peacekeeping, humanitarian or disaster recovery missions globally to use their specific processes to build individual contractor employee records in SPOT.. To properly add, edit, access, or validate a record in SPOT-ES requires the use of a unique identifier that can be recognized across all companies and agencies, i.e., the SSN.

Additionally, the use of the SSN within the SPOT-ES falls under the acceptable use 11, Legacy System Interface. Each of the three SPOT-ES applications have manual or automated interfaces with authoritative systems managed by the), Defense Logistics Agency (DLA), Joint Staff, and Program Executive Office for Enterprise Information Systems (PEO EIS). Existing interfaces with these authoritative data repositories transfer the SSN as part of their person-validation process in accordance with current Interface Control Agreements (ICAs). Use of the SSN will continue to serve as the unique identifier between these applications until SPOT-ES and the above mentioned system administrators are able to modify system interfaces to reduce and/or eliminate the use of the SSN. As systems begin to transition away from the use of SSN, the SPOT-ES application will be modified to remove the SSN from the interface.

The SPOT-ES System of Record Notice (SORN) is currently in the process of being transitioned from the Army to DMDC. Additionally, DMDC is in the process of updating the SPOT-ES Privacy Impact Assessment to reflect any changes that occurred during the system’s transition to DMDC.

The DMDC is taking steps to reduce the use and visibility of SSNs in SPOT. Once an individual in SPOT obtains their Common Access Card (CAC), which includes the assigning of a DoD ID Number, the SPOT-ES then uses the DoD ID as the standard identifier when sharing information within the three applications and within the Department. For approved sharing with other Federal, state, or local agencies, the SSN will continue to serve as the unique identifier. As resources become available, DMDC will modify SPOT-ES to display only the DoD ID and/or remove the SSN/ID field altogether for reports that are currently displaying this field. For instances where DMDC receives requests for new ad-hoc reports SPOT-ES personnel analyze each report prior to release and attempt to eliminate the SSN when possible. Steps are currently being taken to mask the SSN completely in all ad-hoc reports. All SPOT-ES data, either at rest or when being transmitted, are encrypted. The SPOT-ES system is secured to protect (PII) in accordance with the Privacy Act of 1974 and DoD 5400.11-R, “Department of Defense Privacy Program.”