Falcon Data Entry System
· Name of project.
Falcon Data Entry System
· Unique project identifier.
· Privacy Impact Assessment Contact.
Division of Software Implementation
Office of Automation Support
Social Security Administration
6401 Security Boulevard
Baltimore, MD 21235
· Describe the information to be collected, why the information is being collected, the intended use of the information and with whom the information will be shared.
FALCON Data Entry System (FALCON)
is a Social Security Administration (SSA) certified and accredited General
Support System consisting of several sub-systems. Essentially, FALCON is an off-the-shelf
product that has been modified for SSA purposes. It is used solely in SSA’s processing centers
to enter (correct or update) mass amounts of information via manual data
entry. This data is passed to other
Agency systems whereby they can process appropriate required actions. As such, the FALCON screens become intrinsic
parts of those systems. In most
instances, the data could be entered in the systems in other ways, but the
processing centers prefer to use FALCON. The bulk of the data entered using FALCON either corrects or updates
payment-related records housed in the other systems. The other systems track or record beneficiary
and/or recipient payments, overpayments, underpayments, non-receipts of
payment, stop payments and returned payments. FALCON also can be used to correct or update records in a system that
tracks beneficiary and recipient class action lawsuits against SSA, although it
has not been used for this purpose in recent years. FALCON is one of the data entry systems used
to correct erroneous data identified during the normal course of maintaining
beneficiary and recipient records in SSA’s systems. In addition, SSA may obtain updated information
on beneficiaries and recipients in the normal course of business. This information may be entered using FALCON
screens in order to correct or update other systems.
The information keyed using FALCON is collected and maintained for purposes related to other business processes. We generally disclose the information under those other processes only as necessary to process an individual’s claim for benefits, ensure the proper payment of benefits, or as authorized by Federal law. FALCON is not accessible to members of the public.
· Describe the administrative and technological controls that are in place or that are planned to secure the information being collected.
FALCON has undergone authentication and security risk analyses. The latter includes an evaluation of security and audit controls proven to be effective in protecting the information collected, stored, processed, and transmitted by our information systems. These include technical, management, and operational controls that permit access to those users who have an official “need to know.” Audit mechanisms are in place to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.
We protect the information in FALCON by requiring employees who are authorized to access the information system to use a unique Personal Identification Number. In addition, we store the computerized records in secure areas that are accessible to those employees who require the information to perform their official duties. Furthermore, all of our employees who have access to our information systems that maintain personal information must sign a sanction document annually that acknowledges penalties for unauthorized access to, or disclosure of, such information.
· Describe the impact on individuals’ privacy rights.
Are individuals afforded an opportunity to decline to provide information?
We collect information only where we have specific legal authority to do so in order to administer our responsibilities under the Social Security Act. When we collect personal information from individuals, we advise them of our legal authority for requesting the information, the purposes for which we will use and disclose the information, and the consequences of their not providing any or all of the requested information. The individuals can then make informed decisions as to whether or not they should provide the information.
Are individuals afforded an opportunity to consent to only particular uses of the information?
When we collect information from individuals, we advise them of the purposes for which we will use the information. We further advise them that we will disclose this information without their prior written consent only when we have specific legal authority to do so
(e.g., the Privacy Act).
· Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?
FALCON does not require a new Privacy Act system of records or an alteration to an existing system of records. FALCON uses information that is collected and maintained for purposes related to other business processes for which there are currently Privacy Act systems of records in existence. For example, benefit payment data in FALCON is covered by systems of records, such as the Master Beneficiary Record (60-0090), Recovery of Overpayments Accounting and Reporting (60-0094), and the Supplemental Security Income Record and Special Veterans Benefits (60-0103).
PIA CONDUCTED BY PRIVACY OFFICER, SSA:
______________________________ September 25, 2007
PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:
/S/ Thomas W. Crawley________ September 27, 2007