The FOIA at SSA
The Office of Privacy and Disclosure (OPD) is one of the major components within the Office of the General Counsel (OGC). OPD develops and interprets Social Security Administration (SSA) policy governing the collection, use, maintenance, and disclosure of personally identifiable information under the Privacy Act, section 1106 of the Social Security Act, section 6103 of the Internal Revenue Code, and related privacy statutes and regulations. Additionally, OPD develops policy for data exchange agreements governed by the Privacy Act and the Computer Matching and Privacy Protection Act (CMPPA).
OPD also directs all FOIA activities within SSA, including developing FOIA policies and procedures, establishing national guidelines for handling FOIA requests, publishing the Annual Report on FOIA activities, and reviewing FOIA and Privacy Act requests and appeals to determine the proper disclosure of records.
OPD Organizational Structure
SSA employs a “centralized” approach for handling all FOIA requests and appeals submitted to the agency. To accomplish our FOIA mission, OPD’s structure includes four Disclosure Policy Development Divisions, each aligned to specific SSA operations.
How We Process Requests
We receive FOIA requests via the internet, or by fax, email, and U.S. mail.
Regardless of the submission method, we capture all FOIA requests in FOIAonline, the system we use to process the agency’s FOIA requests. We scan and image all paper requests (mail, email, and fax) into FOIAonline. When we enter a request into the system, or when a person submits his/her request directly into FOIAonline, FOIAonline generates an acknowledgement letter. This letter confirms our receipt of the request, and provides a reference number assigned to the case.
Under FOIA, we may charge fees to process certain FOIA requests. FOIAonline allows requesters to pay online for some requests (e.g., requests for a deceased person’s SS-5 and Numident record), which accelerates our responsiveness to the public and reduces our administrative costs.
We strive to handle each request within 20 days from the date we receive it. We process requests under a “first in” “first out” basis. However, sometimes it may take us longer depending on the complexity of the request, the amount of records sought, where the documents are located, and how much other work we have.
A complex request may require us to obtain more information from the requester or from numerous office(s) within SSA. A request may require us to seek paper records that we collectively maintain in multiple geographic locations, or in archived storage.
Prior to releasing records in response to a FOIA request, OPD conducts a thorough internal review to ensure that we apply SSA’s privacy and disclosure rules and FOIA exemptions consistently and accurately. The complexity and nature of each request determines the level of review we require. OPD partners with other SSA components to ensure that the records we produce are responsive to our requester's needs.
SSA continues to strive to improve our capacity and capability to respond to Privacy Act and FOIA requests.
- OPD instituted an in-house FOIA/Privacy Act training program for analysts that focuses on various technical, legal, and “hands-on” issues involved in processing requests. Some of these sessions focus on the administrative processes that arise under FOIA and that can cause unnecessary delay in responding. This training provides a formal platform to emphasize the importance of presumptive disclosure, to discuss recent disclosures, and to examine new possibilities for additional disclosures.
- OPD continues to provide Privacy Act and FOIA training at an agency level through our annual PrivacyDay activities and Sunshine Week initiatives.
OPD maintains a commitment to use technology to enhance our capabilities. In 2017, OPD transitioned to FOIAonline, a browser-based application, to process the agency’s FOIA requests.