SOCIAL SECURITY ADMINISTRATION

PRIVACY IMPACT ASSESSMENT

·         Name of project.

Open Government Citizen Engagement Tool

·         Unique project identifier.

N/A

·         Privacy Impact Assessment Contact.

Office of Open Government

Office of the Chief Information Officer

6401 Security Blvd.

Baltimore, MD  21235

·         Background.

On December 8, 2009, the Office of Management and Budget (OMB) published an Open Government Directive requiring Federal agencies to launch an Open Government Web page that incorporates a public feedback mechanism. In response to this requirement, the Social Security Administration (SSA) chose a citizen engagement tool powered by IdeaScale.com.  The IdeaScale dialog tool allows the public to submit ideas, comments, and votes regarding our Open Government Plan.

An “idea” is simply a suggestion that a member of the public submits on how to improve our Open Government Plan.  “Comments” reflect the thoughts that the public has on various ideas.  Additionally, the IdeaScale tool allows the public to submit “UP” or “DOWN” votes on ideas.

Any member of the public can visit SSA’s Open Government Web site and view our Open Government Plan.  They can also view ideas about the plan, view comments on those ideas, and view any votes that the public has made on ideas.  However, in order to actively participate in the dialogue by posting an idea, responding to an idea, or voting on an idea, the public must use the IdeaScale tool.  In order to use the tool, IdeaScale requires members of the public to provide registration information.

·         Describe the information we plan to collect, why we will collect the information, how we intend to use the information, and with whom we will share the information.

We will permit IdeaScale to collect and store the following registration data:

1.      A valid, working email address provided by the person wishing to register, and

2.      On a voluntary basis, the person wishing to register may provide a chosen first name, a chosen last name, and a Zip code.

Neither we nor IdeaScale collect other personal information, other than that which a person chooses to provide as part of the registration process. We will not make personal information available to anyone unless it is required by law or as otherwise described in our Privacy Policy. We will not sell, rent, exchange, or otherwise disclose any of this information about our site visitors, nor will we export the data regarding email addresses or first and last name, if entered, for any reason other than if required by law or to help remedy repeated abusive behavior on the site.

IdeaScale uses email addresses only as a means of identifying a user of the dialogue.  We may use Zip codes on an aggregate basis for purposes of metrics (such as identifying the number of responses from various regions of the country).

·         Describe the administrative and technological controls that we have in place or that we plan to secure the information we will collect.

Our administrators and moderators will have access to the ideas and comments that a participant voluntarily submitted, as this tool is a public dialogue intended for transparent uses. Moderators can delete inappropriate ideas and comments from the dialogue.

Only our system administrators have access to the file of email addresses, first and last names, and Zip codes.  We safeguard the security of the information in the IdeaScale tool by requiring User IDs and passwords for any authorized personnel (IdeaScale or SSA) wishing to gain access to the data.  We limit users’ access to only the information they need to perform their job functions.  We annually provide appropriate security awareness training to all our employees and contractors that include reminders about the need to protect personally identifiable information and the criminal penalties that apply to unauthorized access to, or disclosure of, personally identifiable information.  See 5 U.S.C. § 552a(i)(1).  Furthermore, employees and contractors with access to databases maintaining personally identifiable information must annually sign a sanction document, acknowledging their accountability for inappropriately accessing or disclosing such information.

·         Describe the impact on people’s privacy rights.  Do we afford people an opportunity to decline to provide information? 

Yes.  Members of the public may decline to provide registration data.  Registration is purely voluntary.  If a person makes an informed decision not to provide registration data, they can still view our Open Government Web pages and read ideas and comments regarding our Open Government Plan.  However, they will not be able to submit ideas, or comments on ideas, or vote on ideas.

·         Do we afford people an opportunity to consent to only particular uses of the information?

Yes.  Members of the public must provide registration data if they wish to submit ideas, comments, or votes.  The IdeaScale tool stores the registration data.  IdeaScale uses the information to recognize returning participants so they do not have to log in each time they visit the site.  IdeaScale makes no other use of the information and as we describe above, participants may change the settings on their Web browser in order to block IdeaScale from recognizing the participant as a returning user.  If participants change their browser, they will need to log in each time they visit our Open Government site.

·         Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?

No.  Ideas and comments will not be stored under, or retrieved by, any personal identifier, such as an e-mail address.  Thus, the data collected on this site will not technically be stored in a system of records under the Privacy Act of 1974.  While not covered by the Privacy Act, to the extent participant’s comments or ideas and related information are within our control, that information is covered under our privacy regulation at 20 C.F.R. Part 401( http://www.ssa.gov/OP_Home/cfr20/401/401-0000.htm).

PIA CONDUCTED BY PRIVACY OFFICER, SSA:

/s/ Dawn S. Wiggins________________                               April 5, 2010            SIGNATURE                                                             DATE

PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:

/s/ David F. Black_________________                                 April 5, 2010            SIGNATURE                                                             DATE


Privacy Policy