Privacy Act of 1974; System of Records

Issuing agencies

Abstract

In accordance with the Privacy Act of 1974, we are issuing public notice of our intent to modify an existing system of records entitled, Freedom of Information Act (FOIA) and Privacy Act Record Request and Appeal System (60-0340), last published on July 13, 2016. This notice publishes details of the modified system as set forth below under the caption, SUPPLEMENTARY INFORMATION.

Full Text

<html>
<head>
<title>Federal Register, Volume 90 Issue 220 (Tuesday, November 18, 2025)</title>
</head>
<body><pre>
[Federal Register Volume 90, Number 220 (Tuesday, November 18, 2025)]
[Notices]
[Pages 51803-51805]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2025-20201]



[[Page 51803]]

=======================================================================
-----------------------------------------------------------------------

SOCIAL SECURITY ADMINISTRATION

[Docket No. SSA-2024-0015]


Privacy Act of 1974; System of Records

AGENCY: Social Security Administration (SSA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, we are issuing 
public notice of our intent to modify an existing system of records 
entitled, Freedom of Information Act (FOIA) and Privacy Act Record 
Request and Appeal System (60-0340), last published on July 13, 2016. 
This notice publishes details of the modified system as set forth below 
under the caption, SUPPLEMENTARY INFORMATION.

DATES: The system of records notice (SORN) is applicable upon its 
publication in today's Federal Register, with the exception of the new 
routine uses, which are effective December 18, 2025.
    We invite public comment on the routine uses or other aspects of 
this SORN. In accordance with the Privacy Act of 1974, we are providing 
the public a 30-day period in which to submit comments. Therefore, 
please submit any comments by December 18, 2025.

ADDRESSES: The public, Office of Management and Budget (OMB), and 
Congress may comment on this publication by writing to the Executive 
Director, Office of Privacy and Disclosure, Office of the General 
Counsel, SSA, Room G-401 West High Rise, 6401 Security Boulevard, 
Baltimore, Maryland 21235-6401, or through the Federal e-Rulemaking 
Portal at <a href="https://www.regulations.gov">https://www.regulations.gov</a>. Please reference docket number 
SSA-2024-0015. All comments we receive will be available for public 
inspection at the above address and we will post them to <a href="https://www.regulations.gov">https://www.regulations.gov</a>.

FOR FURTHER INFORMATION CONTACT: Tristin Dorsey, Government Information 
Specialist, Privacy Implementation Division, Office of Privacy and 
Disclosure, Office of the General Counsel, SSA, Room G-401 West High 
Rise, 6401 Security Boulevard, Baltimore, Maryland 21235-6401, 
telephone: (410) 966-5855, email: <a href="/cdn-cgi/l/email-protection#743b33375a3b24305a273b263a340707155a131b02"><span class="__cf_email__" data-cfemail="0d424a4e23425d49235e425f434d7e7e6c236a627b">[email&#160;protected]</span></a>.

SUPPLEMENTARY INFORMATION: We are clarifying the system location to 
recognize that we may also maintain records in a cloud-based 
environment. We are updating the authorities for the maintenance of the 
system to remove references to SSA regulations. We are clarifying the 
purpose of the system for easier reading. We are revising routine use 
Nos. 2, 3, 4, and 9 for easier reading. We are adding a new routine use 
that will permit disclosures to third parties, when an individual 
involved with a request needs assistance to communicate because of a 
hearing impairment or a language barrier (e.g., to interpreters, 
telecommunications relay system operators).
    In addition, we are modifying the policies and practices for the 
storage of records to clarify that SSA will maintain electronic records 
only. We are updating the records retention and disposal schedules. We 
are modifying the administrative, technical, and physical safeguards 
for easier reading. We are modifying the record access procedures to 
remove references to telephone, for consistency with agency access 
procedures.
    Lastly, we are modifying the notice throughout to correct 
miscellaneous stylistic formatting and typographical errors of the 
previously published notice, and to ensure the language reads 
consistently across multiple systems. We are republishing the entire 
notice for ease of reference.
    In accordance with 5 U.S.C. 552a(r), we have provided a report to 
OMB and Congress on this modified system of records.

Matthew Ramsey,
Executive Director, Office of Privacy and Disclosure, Office of the 
General Counsel.

SYSTEM NAME AND NUMBER:
    Freedom of Information Act (FOIA) and Privacy Act Record Request 
and Appeal System, 60-0340.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Social Security Administration, Office of Law and Policy, Office of 
the General Counsel, Office of Privacy and Disclosure, 6401 Security 
Boulevard, Baltimore, Maryland 21235-6401.
    Social Security Administration, Office of Operations, Office of 
Central Operations, Division of Earnings and Business Services, 6100 
Wabash Avenue, Baltimore, Maryland 21290-3022.
    Regional offices in receipt of original request (See Appendix C at 
<a href="https://www.ssa.gov/privacy/sorn/app_c.htm">https://www.ssa.gov/privacy/sorn/app_c.htm</a> for address information).
    Information is also located in additional locations in connection 
with cloud-based services for business continuity purposes.

SYSTEM MANAGER(S):
    Social Security Administration, Freedom of Information Officer, 
Office of Law and Policy, Office of the General Counsel, Office of 
Privacy and Disclosure, 6401 Security Boulevard, Baltimore, MD 21235-
6401, (410) 966-5855.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Section 1106 of the Social Security Act, as amended (42 U.S.C. 
1306); Freedom of Information Act, as amended (5 U.S.C. 552); Privacy 
Act of 1974, as amended (5 U.S.C. 552a); and Records Management by 
Federal Agencies, as amended (44 U.S.C. 3101).

PURPOSE(S) OF THE SYSTEM:
    We will use the information in this system to process requests and 
administrative appeals under the FOIA and the Privacy Act; support 
agency participation in litigation arising from requests and appeals; 
assign, process, and track workloads; and provide management 
information reports.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system maintains information about individuals who submit FOIA 
or Privacy Act requests, including but not limited to Privacy Act 
access requests, amendments, and administrative appeals to SSA; FOIA 
requests and appeals; individuals whose request for records have been 
referred to SSA by other agencies; individuals who submit inquiries to 
SSA regarding federal agency compliance with the FOIA; attorneys 
representing individuals submitting records requests and appeals; 
individuals who are the subject of such requests and appeals; and SSA 
personnel assigned to handle such requests and appeals.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system consists of records received, created, or compiled in 
response to FOIA and Privacy Act requests or administrative appeals. 
This may include original requests and administrative appeals; 
responses to such requests and administrative appeals; all related 
memoranda, correspondence, notes, and other related or supporting 
documentation; and copies of requested records relating to original 
requests and administrative appeals. This system also consists of 
records related to inquiries submitted to SSA regarding federal agency 
compliance with the FOIA, and all records related to resolution of such 
inquiries.

[[Page 51804]]

RECORD SOURCE CATEGORIES:
    We obtain information in this system of records from individuals 
who submit Privacy Act requests or FOIA requests, primarily from the 
person to whom the record pertains; third parties, such as legal 
guardians, appointed representatives, and representative payees; and 
local, State, and Federal agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    We will disclose records pursuant to the following routine uses; 
however, we will not disclose any information defined as ``return or 
return information'' under 26 U.S.C. 6103 of the Internal Revenue Code 
(IRC), unless authorized by a statute, the Internal Revenue Service 
(IRS), or IRS regulations.
    1. To the Office of the President, in response to an inquiry 
received from that office made on behalf of, and at the request of, the 
subject of record or a third party acting on the subject's behalf.
    2. To a congressional office, in response to an inquiry from that 
office made on behalf of, and at the request of, the subject of the 
record.
    3. To the Department of the Treasury, IRS, for the purpose of 
auditing SSA's compliance with the safeguard provisions of the IRC of 
1986, as amended.
    4. To the Department of Justice (DOJ), a court or other tribunal, 
or another party before such court or tribunal, when:
    (a) SSA, or any component thereof; or
    (b) any SSA employee in the employee's official capacity; or
    (c) any SSA employee in the employee's individual capacity where 
DOJ (or SSA where it is authorized to do so) has agreed to represent 
the employee; or
    (d) the United States or any agency thereof where SSA determines 
the litigation is likely to affect SSA or any of its components, SSA is 
a party to the litigation or has an interest in such litigation, and 
SSA determines that the use of such records by DOJ, a court or other 
tribunal, or another party before the tribunal, is relevant and 
necessary to the litigation, provided, however, that in each case, we 
determine that such disclosure is compatible with the purpose for which 
the records were collected.
    5. To the National Archives and Records Administration (NARA) under 
44 U.S.C. 2904 and 2906.
    6. To student volunteers, individuals working under a personal 
service contract, and other workers who technically do not have the 
status of Federal employees, when they are performing work for us, as 
authorized by law, and they need access to personally identifiable 
information (PII) in our records in order to perform their assigned 
agency functions.
    7. To Federal, State, and local law enforcement agencies and 
private security contractors, as appropriate, when information is 
necessary:
    (a) to enable them to protect the safety of SSA employees and 
customers, the security of the SSA workplace, and the operation of our 
facilities, or
    (b) to assist investigations or prosecutions with respect to 
activities that affect such safety and security or activities that 
disrupt the operation of our facilities.
    8. To contractors and other Federal agencies, as necessary, for the 
purpose of assisting SSA in the efficient administration of our 
programs. We will disclose information under this routine use only in 
situations in which we may enter into a contractual or similar 
agreement to obtain assistance in accomplishing an SSA function 
relating to this system of records.
    9. To appropriate agencies, entities, and persons when:
    (a) SSA suspects or has confirmed that there has been a breach of 
the system of records;
    (b) SSA has determined that, as a result of the suspected or 
confirmed breach, there is a risk of harm to individuals, SSA 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and
    (c) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with SSA's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    10. To NARA, Office of Government Information Services (OGIS), to 
the extent necessary to fulfill its responsibilities in 5 U.S.C. 552(h) 
to review administrative agency policies, procedures, and compliance 
with the FOIA, and to facilitate OGIS' offering of mediation services 
to resolve disputes between persons making FOIA requests and 
administrative agencies.
    11. To another Federal agency or Federal entity, when SSA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in:
    (a) responding to a suspected or confirmed breach; or
    (b) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    12. To third parties when an individual involved with a request 
needs assistance to communicate because of a hearing impairment or a 
language barrier (e.g., to interpreters, telecommunications relay 
system operators).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    We will maintain records in this system in electronic form.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    We will retrieve records in this system by the name and Social 
Security number (SSN) of the requester or appellant; case number 
assigned to the request or appeal; name of attorney representing the 
requester or appellant; the name of an individual who is the subject of 
such a request or appeal; or subject matter.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    In accordance with NARA rules codified at 36 CFR 1225.16, we 
maintain records in accordance with approved NARA General Records 
Schedule (GRS) 3.1, item 012, and GRS 4.2.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    We retain electronic files containing personal identifiers in 
secure storage areas accessible only by authorized employees, including 
our employees and contractors, who have a need for the information when 
performing their official duties. Security measures include, but are 
not limited to, the use of codes and profiles, personal identification 
number and password, and personal identification verification cards. We 
restrict access to specific correspondence within the system based on 
assigned roles and authorized users. We use audit mechanisms to record 
sensitive transactions as an additional measure to protect information 
from unauthorized disclosure or modification.
    We annually provide authorized individuals, including our employees 
and contractors, with appropriate security awareness training that 
includes reminders about the need to protect PII and the criminal 
penalties that apply to unauthorized access to, or disclosure of, PII 
(5 U.S.C. 552a(i)(1)). Furthermore, authorized individuals with access 
to databases maintaining PII

[[Page 51805]]

must annually sign a sanctions document that acknowledges their 
accountability for inappropriately accessing or disclosing such 
information.

RECORD ACCESS PROCEDURES:
    Individuals may submit requests for information about whether this 
system contains a record about them by submitting a written request to 
the system manager at the above address, which includes their name, 
SSN, or other information that may be in this system of records that 
will identify them. Individuals requesting notification of, or access 
to, a record by mail must include: (1) a notarized statement to us to 
verify their identity; or (2) must certify in the request that they are 
the individual they claim to be and that they understand that the 
knowing and willful request for, or acquisition of, a record pertaining 
to another individual under false pretenses is a criminal offense.
    Individuals requesting notification of, or access to, records in 
person must provide their name, SSN, or other information that may be 
in this system of records that will identify them, as well as provide 
an identity document, preferably with a photograph, such as a driver's 
license. Individuals lacking identification documents sufficient to 
establish their identity must certify in writing that they are the 
individual they claim to be and that they understand that the knowing 
and willful request for, or acquisition of, a record pertaining to 
another individual under false pretenses is a criminal offense.
    These procedures are in accordance with our regulations at 20 CFR 
401.40 and 401.45.

CONTESTING RECORD PROCEDURES:
    Same as record access procedures. Individuals should also 
reasonably identify the record, specify the information they are 
contesting, and state the corrective action sought, and the reasons for 
the correction with supporting justification showing how the record is 
incomplete, untimely, inaccurate, or irrelevant. These procedures are 
in accordance with our regulations at 20 CFR 401.65(a).

NOTIFICATION PROCEDURES:
    Same as records access procedures. These procedures are in 
accordance with our regulations at 20 CFR 401.40 and 401.45.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    81 FR 45352 (July 13, 2016), FOIA and Privacy Act Record Request 
and Appeal System.
    83 FR 54969 (November 1, 2018), FOIA and Privacy Act Record Request 
and Appeal System.

[FR Doc. 2025-20201 Filed 11-17-25; 8:45 am]
BILLING CODE 4191-02-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>