System of Records Notice for eAuthentication

eAuthentication System of Records.docx

SSA's Public Credentialing and Authentication Process

System of Records Notice for eAuthentication

OMB: 0960-0789

Document [docx]
Download: docx | pdf

2


SOCIAL SECURITY ADMINISTRATION

REPORT OF PRIVACY ACT SYSTEM OF RECORDS:

Central Repository of Electronic Authentication Data Master File, (60-0373)



  1. Background and Purpose of the System of Records


We provide electronic services, such as our automated telephone and Internet applications, to persons doing business with us. When users choose our electronic services, they must provide their personally identifiable information (PII). We use their PII to verify their identities. Upon successful verification, we are able to recognize the users’ identities and authorize them to conduct business with us electronically.


This system of records supports our agency’s objectives to expand electronic services and to provide strong and secure authentication procedures. For security reasons, we must be able to determine, with confidence, persons are who they claim to be each time they choose our electronic services.


  1. Compliance with the Paperwork Reduction Act


The Paperwork Reduction Act controls data collection for this system of records. We are complying with the requirements of this statute.


  1. Authority for Maintenance of the System of Records


Section 205(a) of the Social Security Act; the Government Paperwork Elimination Act (P.L. 105-277); the Internal Revenue Code (26 U.S.C. § 6103(l)(1)(A)); and the Federal Information Security Management Act of 2002 (Title III) of the E-Government Act of 2002 (P.L. 107-347).


  1. Routine Use Disclosures of Data Maintained in the System of Records


In accordance with the Privacy Act (5 U.S.C. §§ 552a(a)(7) and (b)(3)) and our disclosure regulations (20 C.F.R. Part 401), we are proposing to establish routine use disclosures of data that we will maintain in this system of records. We discuss the proposed routine uses and provide an explanation of how each one meets the compatibility requirements of the Privacy Act and our disclosure regulations in the “Supplementary Information” section of the attached preamble.





  1. Evaluation of the Probable or Potential Effects of the System of Records on the Rights of Individuals


We will adhere to all applicable statutory requirements, including those under the Social Security Act and the Privacy Act, in carrying out our responsibilities. Therefore, we do not anticipate that the system of record will have any unwarranted adverse effect on the privacy or other rights of persons.


  1. The Reasons for Individual Retrieval of Records


In order to authenticate persons using our electronic services, we must be able to verify their identities by matching the PII they provide with the data we maintain in this system of records. Accordingly, we will retrieve information from this system of records by a person’s name and other associated identifying information.


  1. A Description of the Steps Taken to Minimize the Risk of Unauthorized Access to the System of Records


We retain electronic files with personal identifiers in secure storage areas accessible only to our authorized employees and contractors who have a need for the information when performing their official duties. Security measures include the use of access codes (personal identification number (PIN) and password) to enter our computer systems that house the data.  We will maintain audit trails of all access to this information in accordance with agency security policy and Federal retention standards.


We annually provide all our employees and contractors with security awareness and training. This training includes the need to protect PII and the criminal penalties that apply to the unauthorized access to, or disclosure of, PII. Employees and contractors with access to databases maintaining PII must also sign a sanction document annually, acknowledging their accountability for inappropriately accessing or disclosing such information.


  1. Supporting Documentation


    1. Preamble and Notice of System of Records - We have attached a copy of the document.

    2. Agency Rules – The system of records does not require any changes to existing agency rules.

    3. Exemptions Requested - We are not requesting any exemptions from specific provisions of the Privacy Act.

    4. Matching Reports - The system of records will not involve any computer matching programs as defined by the Privacy Act.

The agency is currently modifying the SORN in accordance with OMB A-108.


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleREPORT OF NEW SYSTEM OF RECORDS
Author827220
File Modified0000-00-00
File Created2023-08-18

© 2024 OMB.report | Privacy Policy