Railroad Retirement Board.
Notice of proposed new system of records.
The purpose of this document is to give notice of a proposed new Privacy Act system of records, RRB-51, Railroad Retirement Board's Customer PIN/Password (PPW) Master File System.
The proposed new system of records shall become effective as proposed without further notice on September 10, 2001. Unless comments are received before this date which would result in a contrary determination.
Send comments to Beatrice Ezerski, Secretary to the Board, Railroad Retirement Board, 844 North Rush Street, Chicago, Illinois 60611-2092.Start Further Info
FOR FURTHER INFORMATION CONTACT:
LeRoy Blommaert, Privacy Act Officer, Railroad Retirement Board, 844 North Rush Street, Chicago, Illinois 60611-2092, (312) 751-4548.End Further Info End Preamble Start Supplemental Information
The proposed Customer PPW Master File System will maintain information collected for use in connection with RRB's implementation of a personal identification number (PIN)/Password system that allows RRB program applicants, claimants, annuitants and other customers to transact business with the RRB in an electronic business environment.
Background and Purpose of the Proposed System
The Railroad Retirement Board has a number of electronic initiatives underway that support the government mandate directing federal agencies to use information technology to offer more efficient and accessible service to the public. To support some of its electronic initiatives, the RRB, using SSA's system as a model, is creating the PPW infrastructure that will allow customers to conduct transactions with RRB on a routine basis through the Internet. The PPW infrastructure will enable RRB to offer customers a specific suite of services that require a PIN/Password system. Using a PPW process, our customers will be able to apply for RRB program benefits or view and possibly change certain personal record information, such as mailing address, through secure online transactions.
Customers must elect (opt-in) to use the PPW process to conduct electronic transactions with RRB. Those who opt-in may include certain classes of applicants for RRB benefits, current beneficiaries in pay or non-pay status and certain other customers who choose these electronic service delivery options to conduct business with RRB. Customers who initially choose to use the PPW process may later elect out (opt-out) of the system by requesting RRB to block access to their records. RRB would disable the PPW capabilities to the records of customers making this request, thus blocking any access to the record.
Establishment of the PPW Infrastructure
The RRB first identified and developed the underlying principles to support a PPW business process. These principles intentionally focused on the framework to implement a successful PPW process in the various electronic applications RRB develops for customer service initiatives. For example, the PPW infrastructure is designed to:
Support all direct customer service delivery by RRB;
Maximize the level of automation involved in assigning, maintaining, and using the PPW services; and
Minimize the manual intervention of RRB employees in the PPW process.
RRB also established authentication requirements for its electronic application and transaction processes that the PPW infrastructure is designed to support. These authentication requirements allow RRB to verify the identify of users on the Internet. The process for RRB customers to obtain passwords and the corresponding authentication required to use these passwords for a determined set of electronic services share a number of principles:
(1) Customers must opt-in to the PPW process by indicating to RRB their interest in establishing a password;
(2) A customer must have a Password Request Code (PRC) to begin the process of establishing a password. A PRC has one purpose—to identify a customer who may wish to establish a password.
(3) PRCs will be electronically generated and assigned to customers by RRB and will be accessible only to a limited number of RRB system employees who maintain the PPW system.
(4) PRCs will be sent to customers through the US mail.
RRB-51, Railroad Retirement Board's Customer PIN/Password (PPW) Master File System.
U.S. Railroad Retirement Board, 844 North Rush Street, Chicago, Illinois 60611-2092.
Categories of Individuals Covered by the System:
All RRB customers (applicants, claimants, annuitants and other customers) who elect to conduct transactions with RRB in an electronic business environment that requires the PPW infrastructure, as well as those customers who elect to block PPW access to RRB electronic transactions by requesting RRB to disable their PPW capabilities.
Categories of Records in the System:
The information includes identifying information such as the customer's name, Social Security number (which functions as the individual's personal identification number (PIN)) and mailing address. The system also maintains the customer's Password Request Code (PRC), the password itself, and the authorization level and associated data (e.g. effective date of authorization).
Authority for Maintenance of the System:
Section 2(b)(6) of the Railroad Retirement Act, 45 U.S.C. 231f(b)(6); and the Government Paperwork Elimination Act.
On July 20, 2001, the Railroad Retirement Board filed a new system report for this system with the House Committee on Government Operations, the Senate Committee on Governmental Affairs, and the Office of Management and Budget. This was done to comply with Section 3 of the Privacy Act of 1974 and OMB Circular No. A-130, Appendix I.Start Signature
By authority of the Board.
Secretary of the Board.
The purpose of this system is to enable RRB customers who wish to conduct business with the RRB to do so in a secure environment.
Routine Uses of Records Maintained in the System; including Categories of Users and the Purposes of such Uses:
a. Records may be released to agency employees on a need to know basis.
b. Relevant records relating to an individual may be disclosed to a congressional office in response to an inquiry from the congressional office made at the request of that individual.
c. Relevant information may be disclosed to the Office of the President Start Printed Page 39377for responding to an individual pursuant to an inquiry from that individual or from a third party in his/her behalf.
d. Relevant records may be disclosed to representatives of the General Services Administration or the National Archives and Records Administration who are conducting records management inspections under the authority of 44 U.S.C. 2904 and 2906.
e. Records may be disclosed in response to a request for discovery or for the appearance of a witness, to the extent that what is disclosed is relevant to the subject matter involved in a pending judicial or administrative proceeding and provided that the disclosure would be clearly in the furtherance of the interest of the subject individual.
f. Records may be disclosed in a proceeding before a court or adjudicative body to the extent that they are relevant and necessary to the proceeding and provided that the disclosure would be clearly in the furtherance of the interest of the subject individual.
g. In the event that material in this system indicates a violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute, or by regulation, rule, or order issued pursuant thereto, the relevant records may be disclosed to the appropriate agency, whether Federal, State, local or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statue, rule, regulation, or order issued pursuant thereto, provided that disclosure would be to an agency engaged in functions related to the administration of the Railroad Retirement Act or the Railroad Unemployment Insurance Act or provided that disclosure would be clearly in the furtherance of the interest of the subject individual.
Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:
Electronic and paper form.
Name and Social Security number (which acts as the individual's PIN).
When not in use by an authorized person, paper records are stored in lockable cabinets in a building with security cameras and 24-hour security guards. Access to electronic records requires the use of restricted passwords.
Retention and disposal:
These records will be maintained permanently until their official retention period is established.
System manager(s) and address:
Office of Programs—Director of Policy and Systems, U.S. Railroad Retirement Board, 844 North Rush Street, Chicago, Illinois 60611-2092.
Requests for information regarding an individual's record should be in writing addressed to the Systems Manager identified above, including the full name and social security number of the individual. Before information about any record will be released, the System Manager may require the individual to provide proof of identity or require the requester to furnish an authorization from the individual to permit release of information.
Record Access Procedures:
See Notification section above.
Contesting Record Procedures:
See Notification section above.
Record Source Categories:
Data for the system are obtained primarily from the individuals to whom the record pertains.
Systems Exempted From Certain Provisions of the Act:
None.End Supplemental Information
[FR Doc. 01-18907 Filed 7-27-01; 8:45 am]
BILLING CODE 7905-01-M