AGENCY:

Social Security Administration (SSA).

ACTION:

Notice of a modified system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, we are issuing public notice of our intent to modify an existing system of records entitled, Race and Ethnicity Collection System (60–0104), last published on August 24, 2009. This notice publishes details of the modified system as set forth below under the caption, SUPPLEMENTARY INFORMATION .

DATES:

The system of records notice (SORN) is applicable upon its publication in today's Federal Register , with the exception of the new routine uses, which are effective December 1, 2023.

We invite public comment on the routine uses or other aspects of this SORN. In accordance with the Privacy Act of 1974, we are providing the public a 30-day period in which to submit comments. Therefore, please submit any comments by December 1, 2023.

ADDRESSES:

The public, Office of Management and Budget (OMB), and Congress may comment on this publication by writing to the Executive Director, Office of Privacy and Disclosure, Office of the General Counsel, SSA, Room G–401 West High Rise, 6401 Security Boulevard, Baltimore, Maryland 21235–6401, or through the Federal e-Rulemaking Portal at http://www.regulations.gov. Please reference docket number SSA–2023–0028. All comments we receive will be available for public inspection at the above address, and we will post them to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

Elisa Vasta, Government Information Specialist, Privacy Implementation Division, Office of Privacy and Disclosure, Office of the General Counsel, SSA, Room G–401 West High Rise, 6401 Security Boulevard, Baltimore, Maryland 21235–6401, telephone: (410) 966–5855, email: elisa.vasta@ssa.gov and Tristin Dorsey, Government Information Specialist, Privacy Implementation Division, Office of Privacy and Disclosure, Office of the General Counsel, SSA, Room G–401 West High Rise, 6401 Security Boulevard, Baltimore, Maryland 21235–6401, telephone: (410) 966–5855, email: tristin.dorsey@ssa.gov.

SUPPLEMENTARY INFORMATION:

We are modifying the system of records name from “Race and Ethnicity Collection System (RECS), Social Security Administration (SSA)” to “Race and Ethnicity Collection System (RECS)” to accurately reflect the system. We are clarifying the system location to recognize that we may also maintain records in a cloud-based environment. We are updating the system manager to reflect the accurate SSA office. We are updating the authority for the maintenance of the system to include sections 205(a) and 1110 of the Social Security Act. We are clarifying the purpose of the system to reflect SSA will use the information for research and statistical purposes.

In addition, we are clarifying the categories of individuals covered by the system and the categories of records maintained in the system for easier reading. We are expanding the record source categories to include individuals who utilize our electronic enumeration processes, existing SSA system of records, 60–0058—Master Files of Social Security Number (SSN) Holders and SSN Applications, and records generated by SSA internal processes. We are revising routine use No. 3 to incorporate gender-inclusive language, in support of Executive Order 13988, Preventing and Combating Discrimination on the Basis of Gender Identity or Sexual Orientation. For routine use No. 4, we are expanding it to recognize disclosures to contractors and cooperative agreement awardees, and we are clarifying the purpose of the disclosure is for SSA program evaluation, research, and statistical reporting purposes. We are removing the list of technical requirements, but note that when we disclose under this routine use, we will still require a written agreement, which includes safeguards as we determine are appropriate and necessary.

We are clarifying the purpose for which SSA will disclose information in routine use No. 5, for consistency with language present in all SSA SORNs. We are modifying routine use Nos. 7 and 8 for easier reading. We are also adding a routine use to permit disclosures to the Centers for Medicare and Medicaid Services, if records or information were disclosed under applicable rules, regulations, and procedures in effect prior to the date of enactment for the Social Security Independence and Program Improvements Act of 1994.

Lastly, we are clarifying in the policies and practices for the storage of records that SSA will maintain records in electronic form only. We are updating the records retention and disposal schedule. We are modifying the administrative, technical, and physical safeguards for easier reading. We are modifying the record access procedures to remove references to telephone, for consistency with agency access regulations. We are modifying the notice throughout to correct miscellaneous stylistic formatting and typographical errors of the previously published notice, and to ensure the language reads consistently across multiple systems. We are republishing the entire notice for ease of reference.

In accordance with 5 U.S.C. 552a(r), we have provided a report to OMB and Congress on this modified system of records.

SYSTEM NAME AND NUMBER:

Race and Ethnicity Collection System (RECS), 60–0104.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Social Security Administration, Office of Systems, Office of Systems Operations and Hardware Engineering, 6401 Security Boulevard, Baltimore, MD 21235–6401.

Information is also located in additional locations in connection with cloud-based services for business continuity purposes.

SYSTEM MANAGER(S):

Social Security Administration, Deputy Commissioner for Systems, Office of Enterprise Information Systems, 6401 Security Boulevard, Baltimore, MD 21235–6401, (410) 966–5855.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Sections 205(a), 702, 704, and 1110 of the Social Security Act, as amended.

PURPOSE(S) OF THE SYSTEM:

We will use information in this system for research and statistical purposes only, to help us ensure all SSA customers are treated equitably.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system maintains information on individuals for whom we have collected race and ethnicity information.

CATEGORIES OF RECORDS IN THE SYSTEM:

This system maintains records on individuals including, but not limited to, SSN; race and ethnicity data in accordance with Federal standards; and an indicator code identifying data source ( e.g., Social Security Number Application Process, Enumeration at Birth).

RECORD SOURCE CATEGORIES:

We obtain information in this system from the individual to whom the record pertains; individuals who utilize our electronic enumeration processes; and an existing SSA system of records, Master Files of SSN Holders and SSN Applications, 60–0058.

ROUTINE USES OF RECORDS COVERED BY THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

We will disclose records pursuant to the following routine uses; however, we will not disclose any information defined as “return or return information” under 26 U.S.C. 6103 of the Internal Revenue Code (IRC), unless authorized by a statute, the Internal Revenue Service (IRS), or IRS regulations.

1. To the Office of the President, in response to an inquiry from that office made at the request of the subject of the record or a third party on that person's behalf.

2. To a congressional office in response to an inquiry from that office made at the request of the subject of a Start Printed Page 75082 record or a third party on that person's behalf.

3. To the Department of Justice (DOJ), a court or other tribunal, or another party before such court or tribunal when:

(a) SSA, or any component thereof;

(b) any SSA employee in their official capacity;

(c) any SSA employee in their individual capacity when DOJ (or SSA, where it is authorized to do so) has agreed to represent the employee; or

(d) the United States or any agency thereof when we determine that the litigation is likely to affect SSA or any of our components, SSA is a party to the litigation or has an interest in such litigation, and SSA determines that the use of such records by DOJ, a court or other tribunal, or another party before the tribunal is relevant and necessary to the litigation, provided, however, that in each case, we determine that such disclosure is compatible with the purpose for which the records were collected.

4. To contractors, cooperative agreement awardees, Federal agencies, State agencies, or a congressional support agency for SSA program evaluation, research, and statistical reporting purposes. We will disclose information under this routine use pursuant only to a written agreement, which sets forth the required safeguards as we determine are necessary and appropriate.

5. To contractors and other Federal agencies, as necessary, for assisting SSA in the efficient administration of its programs. We will disclose information under this routine use only in situations in which SSA may enter into a contractual or similar agreement with a third party to assist in accomplishing an agency function relating to this system of records.

6. To student volunteers, individuals working under a personal services contract, and others who technically do not have the status of Federal employees, when they are performing work for us, as authorized by law, and they need access to personally identifiable information (PII) in our records in order to perform their assigned agency functions.

7. To the National Archives Records Administration (NARA) under 44 U.S.C. 2904 and 2906.

8. To appropriate agencies, entities, and persons when:

(a) SSA suspects or has confirmed that there has been a breach of the system of records;

(b) SSA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, SSA (including its information systems, programs, and operations), the Federal Government, or national security; and

(c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with SSA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

9. To Federal, State, and local law enforcement agencies and private security contractors, as appropriate, information necessary:

(a) to enable them to ensure the safety of our employees and customers, the security of our workplace, and the operation of our facilities; or

(b) to assist investigations or prosecutions with respect to activities that affect such safety and security or activities that disrupt the operation of our facilities.

10. To another Federal agency or Federal entity, when we determine that information from this system of records is reasonably necessary to assist the recipient agency or entity in:

(a) responding to a suspected or confirmed breach; or

(b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

11. To the Centers for Medicare and Medicaid Services, as required by section 704(e) of the Social Security Act, records or information needed for research and statistical activities if the records or information are of such type that were disclosed under applicable rules, regulations, and procedures in effect before the date of enactment of the Social Security Independence and Program Improvements Act of 1994.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

We will maintain records in this system in electronic form.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

We will retrieve records in this system by SSN.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

In accordance with NARA rules codified at 36 CFR 1225.16, we maintain records in accordance with General Records Schedule (GRS) 3.1: General Technology Management Records, item 012 and GRS 5.2: Transitory and Intermediary Records, item 020.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

We retain electronic files containing personal identifiers in secure storage areas accessible only by authorized individuals, including our employees and contractors, who have a need for the information when performing their official duties. Security measures include, but are not limited to, the use of codes and profiles, personal identification numbers and passwords, and personal identification verification cards. We restrict access to specific correspondence within the system based on assigned roles and authorized users. We use audit mechanisms to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification. To the maximum extent consistent with approved research needs, we purge personal identifiers from microdata files prepared for purposes of research and subject these files to procedural safeguards to assure anonymity.

We annually provide authorized individuals, including our employees and contractors, with appropriate security awareness training that includes reminders about the need to protect PII and the criminal penalties that apply to unauthorized access to, or disclosure of, PII (5 U.S.C. 552a(i)(1)). Furthermore, authorized individuals with access to databases maintaining PII must annually sign a sanctions document that acknowledges their accountability for inappropriately accessing or disclosing such information.

RECORD ACCESS PROCEDURES:

Individuals may submit requests for information about whether this system contains a record about them by submitting a written request to the system manager at the above address, which includes their name, SSN, or other information that may be in this system of records that will identify them. Individuals requesting notification of, or access to, a record by mail must include: (1) a notarized statement to us to verify their identity; or (2) must certify in the request that they are the individual they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.

Individuals requesting notification of, or access to, records in person must provide their name, SSN, or other information that may be in this system of records that will identify them, as well as provide an identity document, Start Printed Page 75083 preferably with a photograph, such as a driver's license. Individuals lacking identification documents sufficient to establish their identity must certify in writing that they are the individual they claim to be and that they understand that the knowing and willful request for, or acquisition of, a record pertaining to another individual under false pretenses is a criminal offense.

These procedures are in accordance with our regulations at 20 CFR 401.40 and 401.45.

CONTESTING RECORD PROCEDURES:

Same as record access procedures. Individuals should also reasonably identify the record, specify the information they are contesting, and state the corrective action sought and the reasons for the correction with supporting justification showing how the record is incomplete, untimely, inaccurate, or irrelevant. These procedures are in accordance with our regulations at 20 CFR 401.65(a).

NOTIFICATION PROCEDURES:

Same as record access procedures. These procedures are in accordance with our regulations at 20 CFR 401.40 and 401.45.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

HISTORY:

74 FR 42727, Race and Ethnicity Collection System.

83 FR 54969, Race and Ethnicity Collection System.