Privacy Act of 1974; System of Records

Issuing agencies

Abstract

In accordance with the Privacy Act of 1974, we are issuing public notice of our intent to modify an existing system of records entitled, Race and Ethnicity Collection System (60-0104), last published on November 1, 2023. This notice publishes details of the modified system as set forth below under the caption, SUPPLEMENTARY INFORMATION.

Full Text

<html>
<head>
<title>Federal Register, Volume 90 Issue 159 (Wednesday, August 20, 2025)</title>
</head>
<body><pre>
[Federal Register Volume 90, Number 159 (Wednesday, August 20, 2025)]
[Notices]
[Pages 40692-40694]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-15842]


-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION

[Docket No. SSA-2025-0015]


Privacy Act of 1974; System of Records

AGENCY: Social Security Administration (SSA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, we are issuing 
public notice of our intent to modify an existing system of records 
entitled, Race and Ethnicity Collection System (60-0104), last 
published on November 1, 2023. This notice publishes details of the 
modified system as set forth below under the caption, SUPPLEMENTARY 
INFORMATION.

DATES: The system of records notice (SORN) is applicable upon its 
publication in today's Federal Register, with the exception of the new 
routine use, which is effective September 19, 2025.
    We invite public comment on the routine uses or other aspects of 
this SORN. In accordance with the Privacy Act of 1974, we are providing 
the public a 30-day period in which to submit comments. Therefore, 
please submit any comments by September 19, 2025.

ADDRESSES: The public, Office of Management and Budget (OMB), and 
Congress may comment on this publication by writing to the Executive 
Director, Office of Privacy and Disclosure, Office of the General 
Counsel, SSA, Room G-401 West High Rise, 6401 Security Boulevard, 
Baltimore, Maryland 21235-6401, or through the Federal e-Rulemaking 
Portal at <a href="http://www.regulations.gov">http://www.regulations.gov</a>. Please reference docket number 
SSA-2025-0015. All comments we receive will be available for public 
inspection at the above address, and we will post them to <a href="http://www.regulations.gov">http://www.regulations.gov</a>.

FOR FURTHER INFORMATION CONTACT: Tristin Dorsey, Government Information 
Specialist, Privacy Implementation Division, Office of Privacy and 
Disclosure, Office of the General Counsel, SSA, Room G-401 West High 
Rise, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, 
telephone: (410) 966-5855, email: <a href="/cdn-cgi/l/email-protection#044b43472a4b54402a574b564a447777652a636b72"><span class="__cf_email__" data-cfemail="c7888084e9889783e99488958987b4b4a6e9a0a8b1">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: We are updating the system location and 
manager to reflect the accurate SSA office. We are modifying the 
purpose of the system and routine use Nos. 2 and 3 for easier reading. 
We are modifying the notice throughout to correct miscellaneous 
stylistic formatting and typographical errors of the previously 
published notice, and to ensure the language reads consistently across 
multiple systems. We are republishing the entire notice for ease of 
reference.
    In accordance with 5 U.S.C. 552a(r), we have provided a report to 
OMB and Congress on this modified system of records.

Matthew Ramsey,
Executive Director, Office of Privacy and Disclosure, Office of the 
General Counsel.

SYSTEM NAME AND NUMBER:
    Race and Ethnicity Collection System (RECS), 60-0104.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Social Security Administration, Office of the Chief Information 
Officer, Office of Systems Operations and Hardware Engineering, 6401 
Security Boulevard, Baltimore, MD 21235-6401.
    Information is also located in additional locations in connection 
with cloud-based services for business continuity purposes.

SYSTEM MANAGER(S):
    Social Security Administration, Chief Information Officer, Office 
of the Chief Information Officer, Office of Enterprise Information 
Systems, 6401 Security Boulevard, Baltimore, MD 21235-6401, (410) 966-
5855.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Sections 205(a), 702, 704, and 1110 of the Social Security Act, as 
amended.

PURPOSE(S) OF THE SYSTEM:
    We will use information in this system for program evaluation, 
research, and statistical purposes.

[[Page 40693]]

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system maintains information on individuals for whom we have 
collected race and ethnicity information.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system maintains records on individuals including, but not 
limited to, Social Security number (SSN); race and ethnicity data in 
accordance with Federal standards; and an indicator code identifying 
data source (e.g., Social Security Number Application Process, 
Enumeration at Birth).

RECORD SOURCE CATEGORIES:
    We obtain information in this system from the individual to whom 
the record pertains; individuals who utilize our electronic enumeration 
processes; and an existing SSA system of records, Master Files of SSN 
Holders and SSN Applications, 60-0058.

ROUTINE USES OF RECORDS COVERED BY THE SYSTEM, INCLUDING CATEGORIES OF 
USERS AND THE PURPOSES OF SUCH USES:
    We will disclose records pursuant to the following routine uses; 
however, we will not disclose any information defined as ``return or 
return information'' under 26 U.S.C. 6103 of the Internal Revenue Code 
(IRC), unless authorized by a statute, the Internal Revenue Service 
(IRS), or IRS regulations.
    1. To the Office of the President, in response to an inquiry from 
that office made at the request of the subject of the record or a third 
party on that person's behalf.
    2. To a congressional office in response to an inquiry from that 
office made at the request of the subject of a record.
    3. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such court or tribunal when:
    (a) SSA, or any component thereof;
    (b) any SSA employee in the employee's official capacity;
    (c) any SSA employee in the employee's individual capacity when DOJ 
(or SSA, where it is authorized to do so) has agreed to represent the 
employee; or
    (d) the United States or any agency thereof when we determine that 
the litigation is likely to affect SSA or any of our components, SSA is 
a party to the litigation or has an interest in such litigation, and 
SSA determines that the use of such records by DOJ, a court or other 
tribunal, or another party before the tribunal is relevant and 
necessary to the litigation, provided, however, that in each case, we 
determine that such disclosure is compatible with the purpose for which 
the records were collected.
    4. To contractors, cooperative agreement awardees, Federal 
agencies, State agencies, or a congressional support agency for SSA 
program evaluation, research, and statistical reporting purposes. We 
will disclose information under this routine use pursuant only to a 
written agreement, which sets forth the required safeguards as we 
determine are necessary and appropriate.
    5. To contractors and other Federal agencies, as necessary, for 
assisting SSA in the efficient administration of its programs. We will 
disclose information under this routine use only in situations in which 
SSA may enter into a contractual or similar agreement with a third 
party to assist in accomplishing an agency function relating to this 
system of records.
    6. To student volunteers, individuals working under a personal 
services contract, and others who technically do not have the status of 
Federal employees, when they are performing work for us, as authorized 
by law, and they need access to personally identifiable information 
(PII) in our records in order to perform their assigned agency 
functions.
    7. To the National Archives Records Administration (NARA) under 44 
U.S.C. 2904 and 2906.
    8. To appropriate agencies, entities, and persons when:
    (a) SSA suspects or has confirmed that there has been a breach of 
the system of records;
    (b) SSA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, SSA (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and
    (c) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with SSA's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    9. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, information necessary:
    (a) to enable them to ensure the safety of our employees and 
customers, the security of our workplace, and the operation of our 
facilities; or
    (b) to assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of our facilities.
    10. To another Federal agency or Federal entity, when we determine 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in:
    (a) responding to a suspected or confirmed breach; or
    (b) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    11. To the Centers for Medicare and Medicaid Services, as required 
by section 704(e) of the Social Security Act, records or information 
needed for research and statistical activities if the records or 
information are of such type that were disclosed under applicable 
rules, regulations, and procedures in effect before the date of 
enactment of the Social Security Independence and Program Improvements 
Act of 1994.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    We will maintain records in this system in electronic form.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    We will retrieve records in this system by SSN.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    In accordance with NARA rules codified at 36 CFR 1225.16, we 
maintain records in accordance with General Records Schedule (GRS) 3.1: 
General Technology Management Records, item 012 and GRS 5.2: Transitory 
and Intermediary Records, item 020.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    We retain electronic files containing personal identifiers in 
secure storage areas accessible only by authorized individuals, 
including our employees and contractors, who have a need for the 
information when performing their official duties. Security measures 
include, but are not limited to, the use of codes and profiles, 
personal identification numbers and passwords, and personal 
identification verification cards. We restrict access to specific 
correspondence within the system based on assigned roles and authorized 
users. We use audit mechanisms to record sensitive transactions as an 
additional measure to protect information from unauthorized disclosure 
or modification. To the maximum extent consistent with approved 
research needs, we purge personal identifiers

[[Page 40694]]

from microdata files prepared for purposes of research and subject 
these files to procedural safeguards to assure anonymity.
    We annually provide authorized individuals, including our employees 
and contractors, with appropriate security awareness training that 
includes reminders about the need to protect PII and the criminal 
penalties that apply to unauthorized access to, or disclosure of, PII 
(5 U.S.C. 552a(i)(1)). Furthermore, authorized individuals with access 
to databases maintaining PII must annually sign a sanctions document 
that acknowledges their accountability for inappropriately accessing or 
disclosing such information.

RECORD ACCESS PROCEDURES:
    Individuals may submit requests for information about whether this 
system contains a record about them by submitting a written request to 
the system manager at the above address, which includes their name, 
SSN, or other information that may be in this system of records that 
will identify them. Individuals requesting notification of, or access 
to, a record by mail must include: (1) a notarized statement to us to 
verify their identity; or (2) must certify in the request that they are 
the individual they claim to be and that they understand that the 
knowing and willful request for, or acquisition of, a record pertaining 
to another individual under false pretenses is a criminal offense.
    Individuals requesting notification of, or access to, records in 
person must provide their name, SSN, or other information that may be 
in this system of records that will identify them, as well as provide 
an identity document, preferably with a photograph, such as a driver's 
license. Individuals lacking identification documents sufficient to 
establish their identity must certify in writing that they are the 
individual they claim to be and that they understand that the knowing 
and willful request for, or acquisition of, a record pertaining to 
another individual under false pretenses is a criminal offense.
    These procedures are in accordance with our regulations at 20 CFR 
401.40 and 401.45.

CONTESTING RECORD PROCEDURES:
    Same as record access procedures. Individuals should also 
reasonably identify the record, specify the information they are 
contesting, and state the corrective action sought and the reasons for 
the correction with supporting justification showing how the record is 
incomplete, untimely, inaccurate, or irrelevant. These procedures are 
in accordance with our regulations at 20 CFR 401.65(a).

NOTIFICATION PROCEDURES:
    Same as record access procedures. These procedures are in 
accordance with our regulations at 20 CFR 401.40 and 401.45.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.

HISTORY:
    88 FR 75080 (November 1, 2023), Race and Ethnicity Collection 
System.

[FR Doc. 2025-15842 Filed 8-19-25; 8:45 am]
BILLING CODE 4191-02-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>