SSA Organizational Manual: Chapter S9 - The Office of the General Counsel

1. Mission
   1. The Office of the General Counsel advises the Commissioner on legal matters, is responsible for providing all legal advice to the Commissioner, Deputy Commissioner, and all subordinate organizational components (except OIG) of SSA in connection with the operation and administration of SSA. The Office also develops and implements SSA’s privacy and disclosure policies under the Freedom of Information Act, the Privacy Act of 1974, and other privacy and disclosure laws and guidelines.
2. Organization
   1. The General Counsel (S9).
   2. The Deputy General Counsel (S9).
   3. The Immediate Office of the General Counsel (S9A)
      1. The Ethics Law Staff (S9A-5).
   4. The Office of Program Law (S9E).
   5. The Office of Privacy and Disclosure (S9H).
   6. The Office of Legal Operations. (S9J).
   7. The Offices of General Law (S9K-S9N).
   8. The Offices of Program Litigation (S9P-S9V)
3. Functions
   1. The General Counsel (S9) is directly responsible to the Commissioner for carrying out the OGC mission and providing general supervision to the major components of OGC. The General Counsel serves as the Senior Agency Official for Privacy and the Chief Freedom of Information Act Officer.
   2. The Deputy General Counsel (S9) assists the General Counsel in carrying out his/her responsibilities and performs other duties as the General Counsel may prescribe. The Deputy General Counsel with oversight and responsibility for general law matters directly oversees the Offices of General Law, the Office of Privacy and Disclosure, and the Office of Legal Operations. The Deputy General Counsel with oversight and responsibility for program law and litigation directly oversees the Office of Program Law and the Offices of Program Litigation. The Deputy General Counsel with oversight and responsibility over program law and litigation also serves as the Designated Agency Ethics Official (DAEO) and oversees the Ethics Law Staff, with responsibility for coordinating and managing the Social Security Administration’s (SSA’s) ethics program. The Designated Agency Ethics Official (DAEO) and the Alternate DAEO oversee all ethics issues with an emphasis on the education and enforcement of the Standards of Ethical Conduct for Employees of the Executive Branch, the Hatch Act, and related ethics regulations. In the event of the General Counsel’s absence or disability, or in the event of a vacancy in the position of General Counsel, the Deputy General Counsel with oversight and responsibility for program law and litigation acts for him/her unless the Commissioner directs otherwise.
   3. The Immediate Office of the General Counsel (S9A).
      1. The Ethics Law Staff (ELS) (S9A-5) is responsible for providing a full range of legal advice and services to the Commissioner, all regional components and every Headquarters component of the Agency regarding ethics laws, regulations and policies. ELS also provides legal ethics guidance to all employees of the Agency. ELS is responsible for interpretation, implementation, and enforcement of ethics related laws, regulations, and policies by the agency. This includes issuance of legal opinions regarding employee and management ethical obligations; establishment of agency rules and processes for an effective agency ethics program; review and comment of proposed ethics legislation; and direction and support in preparation of cases involving ethics violation before administrative bodies or courts.
   4. The Office of Program Law (OPL) (S9E) is responsible for providing a full range of legal services and advice to the Commissioner and to every component related to the operation and administration of the various programs the Social Security Administration (SSA) administers under the Social Security Act, including the Old-Age and Survivors Insurance, Disability Insurance, Special Veterans Benefits, and Supplemental Security Income programs, as well as those aspects of the Medicare program that SSA administers.
      
      OPLW is responsible for drafting and reviewing SSA regulations, Federal Register materials, and legal instruments within OPLW’s areas of responsibility; proposals for legislation and specifications for such proposed legislation; reports and letters to congressional committees, the Office of Management and Budget, and others on proposed legislation and legislative matters; and proposed testimony of SSA officials before Congress. OPLW also provides legal advice and opinions to SSA’s headquarters and regional components with respect to matters within its areas of responsibility.
      
      OPLW also supports program-related litigation nationwide by providing advice to the Offices of Program Litigation in connection with SSA’s program litigation workload and to the Offices of General Law in connection with program-related complex litigation.
   5. The Office of Privacy and Disclosure (S9H). The Office of Privacy and Disclosure (S9H) develops and interprets SSA policy related to the agency’s collection, use, maintenance and disclosure of information, to ensure compliance with: section 1106 of the Social Security Act, the Privacy Act of 1974; the Freedom of Information Act (FOIA); section 6103 of the Internal Revenue Code; the privacy provisions of the E-Government Act of 2002 and the Federal Information Security Management Act; and other applicable privacy and disclosure statutes and regulations and administration policies. To further its mission, OPD develops national guidelines and oversees the agency’s responses to FOIA requests; provides guidance and advice regarding the appropriate disclosure of agency information under the agency’s policies; and ensures necessary privacy protections are built into new systems and processes developed to deliver more efficient service to agency customers. OPD also drafts and manages Computer Matching and Privacy Protection Act (CMPPA) agreements and other agreements governing information sharing.
   6. The Office of Legal Operations (OLO) (S9J) develops and improves policies, processes, systems, and data to support OGC staff to (1) improve legal advocacy and advice; (2) inform the development and evaluation of litigation strategy; and (3) identify areas where the agency’s decision-making or policy could be improved to provide better service to claimants and beneficiaries. Provides financial resources, human resources, and critical business and legal operations to support OGC’s organizational and technological infrastructure.
   7. The Offices of General Law (OGL) (S9K - S9N) provide all legal services to the Commissioner and every Headquarters component of the Agency on all non-program legal issues affecting the Agency’s operations and employees with an emphasis on labor and employment law advice and litigation, other complex litigation with potential broad implications, contract formation, administration and litigation, E-Discovery, as well as appropriations and property management.
      
      OGL also provides legal advice on the provision of legal services incident to the agency’s duties and responsibilities under the Privacy Act, the Freedom of Information Act and related statutes. OGL acts as the agency’s Claims and Touhy officer.
   8. The Offices of Program Litigation (OPLT) (S9P – S9V) represent the Commissioner in all program litigation in 94 district courts and 12 circuit courts nationwide. In coordination with the Department of Justice, each office is responsible for all program litigation cases that arise in one or more circuits, including developing legal strategies to maximize results, advocating cohesively on behalf of the agency in court, and providing consistent legal advice and guidance to the agency on matters related to program litigation. OPLT is also responsible for overseeing program integrity workloads, including fraud prosecution and bankruptcy.

Subchapter S9H - Office of Privacy and Disclosure

1. Mission
   1. The Office of Privacy and Disclosure (OPD) (S9H) develops and interprets SSA policy related to the agency’s collection, use, maintenance and disclosure of information to ensure compliance with: section 1106 of the Social Security Act; the Privacy Act of 1974; the Freedom of Information Act (FOIA); section 6103 of the Internal Revenue Code; the privacy provisions of the E-Government Act 2002 and the Federal Information Security Management Act; and other applicable privacy and disclosure statutes, regulations, and administration policies. To further its mission, OPD develops national guidelines and oversees the agency’s responses to FOIA requests; provides guidance and advice regarding the appropriate disclosure of agency information under the agency’s policies; ensures necessary privacy protections are built into new systems and processes developed to deliver more efficient service to agency customers; and develops policy and procedures for preventing and responding to potential breaches of personally identifiable information (PII). OPD also drafts and manages Computer Matching and Privacy Protection Act (CMPPA) agreements and other agreements governing information sharing.
2. Organization
   1. The Executive Director for Privacy and Disclosure (S9H)
   2. The Deputy Executive Director for Privacy and Disclosure (S9H)
   3. The Immediate Office of the Executive Director for Privacy and Disclosure (S9H)
   4. The Disclosure and Data Support Division (S9HA)
   5. The Privacy Implementation Division (S9HB)
   6. The FOIA and Transparancy Division (S9HC)
   7. The Electronic Interchange and LIaison Division (S9HE)
   8. The Breach Division (S9HG)
3. Functions
   1. The Executive Director for Privacy and Disclosure (S9H) is directly responsible to the General Counsel for carrying out the OPD mission and providing general supervision to the components of OPD.
   2. The Deputy Executive Director for Privacy and Disclosure (S9H) assists the Executive Director in carrying out the other duties as the Executive Director may prescribe. The Deputy Executive Director for Public Disclosure also serves as SSA’s Freedom of Information Officer and Privacy Officer. The Principal Privacy Compliance Advisor (PPCA) reports directly to the Executive Director of OPD, who, under the guidance of the Senior Agency Official for Privacy (SAOP), is accountable for the overall privacy compliance program. The PPCA serves as a senior technical advisor and the principal advocate for developing and facilitating technical agency compliance with privacy law and policy to synchronize the protection of privacy in the collection, maintenance, use, sharing, and storage of personal information about individuals, while simultaneously facilitating SSA programs and activities.
   3. The Immediate Office of the Executive Director for Privacy and Disclosure (S9H) provides the Executive Director and Deputy Executive Director with administrative staff assistance, technology leadership, planning, and customer relations support on the full range of their responsibilities, which includes strategic and tactical planning to include priorities and objectives to ensure compliance with privacy law and policy, resulting in improved protection practices with the collection, maintenance, use, sharing, and storage of personal and sensitive agency information.
   4. The Disclosure and Data Support Division (S9HA)
      1. Provides guidance and services to SSA Regional and Headquarters components to resolve questions of whether Agency employees may disclose personal information from Agency records.
      2. Provides guidance on questions arising under other disclosure statutes.
      3. Responds to requests for personal information pursuant to a law enforcement request.
      4. Develops, manages, and tracks policy and emerging trends related to alldisclosure and data exchange issues throughout Headquarters and the Regions.
      5. Provides support on FOIA requests and appeals, and Privacy Act appeals.
   5. The Privacy Implementation Division (S9HB).
      1. Identifies and ensures that all programs and systems comply with privacy requirements contained in the FISMA certification and accreditation process and the OMB 300 budget submission.
      2. Develops privacy implementation documentation for Agency systems and programs, i.e., privacy threshold analyses, privacy impact assessments, and systems of records notices.
      3. Reviews Agency technology business process descriptions, project scope agreements and software development and procurement plans for privacy issues.
      4. Develops and implements a risk management framework for mitigating privacy risks and ensuring compliance, for all data collections, throughout the information lifecycle, including developing and considering creative solutions to mitigating risks while achieving key mission objectives and working to meet client expectations.
      5. Prepares notices, manages privacy incidents, and the agency’s non-cyber and cyber-related data breach reporting, and supports the agency’s response to cyber-related data breach incidents.
      6. Develops, manages, and tracks policy and emerging trends related to all privacyissues throughout Headquarters and the Regions.
      7. Provides support on FOIA requests and appeals, and Privacy Act appeals.
   6. The FOIA and Transparency Division (S9HC)
      1. Develops national guidelines related to FOIA and coordinates, directs, and provides guidance on FOIA policies and procedures throughout OPD, other Headquarters components, and the Regions.
      2. Responds to simple and complex FOIA requests and appeals, coordinates office-wide FOIA processes, and handles collection of responsive materials.
      3. Carries out FOIA-related Open Government initiatives.
      4. Coordinates and directs any internal or external FOIA reports.
      5. Plans, directs, and manages use of the eFOIA processing system.
      6. Supports the FOIA Officer in the coordination of FOIA-related litigation
      7. Develops, manages, and tracks policy and emerging trends related to FOIA throughout Headquarters and the Regions.
      8. Provides support on FOIA requests and appeals, and Privacy Act appeals.
   7. The Electronic Interchange and Liaison Division (S9HE)
      1. Negotiates and manages matching agreements that are subject to the CMPPA and similar information exchange agreements.
      2. Provides leadership to the Agency’s Data Integrity Board (DIB) on CMPPA processes that include advising the DIB.
      3. Develops, manages and tracks policy and emerging trends related to all data exchanges, including the CMPPA throughout Headquarters and the Regions.
      4. Oversees the maintenance of the Electronic Data Exchange System Tracking System.
      5. Provides support on FOIA requests and appeals, and Privacy Act appeals.
   8. The Breach Division (S9HG)
      1. Develops, documents, and disseminates agency policy and procedures for reporting suspected or confirmed information losses that contain personally identifiable information (PII) or federal tax information.
      2. Develops and maintains the agency’s Breach Response Plan in accordance with applicable laws, regulations, and guidance.
      3. Oversees the monitoring and maintenance of the agency’s PII Loss Reporting Tool, including providing support to Breach Response Coordinators with the completion of Risk of Harm Assessments to determine appropriate remediation efforts, such as notifying affected individuals, oversight entities, and the issuance of credit monitoring.
      4. Oversees the development and implementation of role-based training for Breach Response Coordinators and other relevant agency personnel.
      5. Oversees the management of the agency’s Blanket Purchase Agreement for credit monitoring services for individuals impacted by PII or FTI losses.
      6. Develops reports and executive dashboards comprised of breach-related key performance indicators (KPIs) based on requirements set forth by OMB, FISMA, and other relevant laws or statutes.
      7. Collaborates with the Office of Information Security to develop and facilitate Tabletop exercises with relevant agency personnel (e.g., Breach Response Coordinators, Breach Response Team, etc.) to test the effectiveness of and make necessary changes to agency policies and plans.
      8. Provides support on privacy assessments, FOIA requests and appeals, and Privacy Act appeals.

Subchapter S9J - Office of Legal Operations

1. Mission
   1. The Office of Legal Operations (OLO) develops and improves policies, processes, systems and data to support OGC to (1) improve legal advocacy and advice; (2) inform the development and evaluation of litigation strategy; and (3) identify areas where the agency’s decision-making or policy could be improved to provide better service to claimants and beneficiaries. Provides financial resources, human resources, and critical business and legal operations to support OGC’s organizational and technological infrastructure.
2. Organization
   1. The Executive Director for Legal Operations (S9J)
   2. The Deputy Executive Director for Legal Operations (S9J)
   3. The Division of Legal Support Services (S9JA)    
   4. The Division of IT Infrastructure Support (S9JB)
   5. The Division of Data and Business Intelligence (S9JC)
   6. The Division of Business Support Services (S9JE)
3. Functions
   1. The Executive Director for Legal Operations is directly responsible to the General Counsel for carrying out the OLO mission and providing general supervision to the divisions of OLO.
   2. The Deputy Executive Director for Legal Operations assists in carrying out the Executive Director’s responsibilities and performs other duties as the Executive Director may prescribe.
   3. The Division of Legal Support Services (S9JA)
      1. Provides operational support and training for legal issues.
      2. Promotes nationwide consistency in the administration of SSA’s civil and criminal Special Assistant United States Attorney programs.
      3. Coordinates and oversees OGC’s records management, including records retention and archiving.
      4. Coordinates and oversees recruitment of legal professionals with an emphasis on diversity, equity, and inclusion.
      5. Provides nationwide legal administrative support.
   4. The Division of IT Infrastructure Support (S9JB)
      1. Oversees and coordinates information technology infrastructure and initiatives.
      2. Serves as liaison with the Office of Systems.
      3. Provides information technology oversight and guidance, coordinating OGC system needs and interests with other components and organizations.
      4. Ensures OGC’s systems operations appropriately interface or integrate with SSA’s systems operations.
      5. Leads development and implementation of critical infrastructure protection, security measures, and other controls to prepare for and mitigate consequences.
   5. The Division of Data and Business Intelligence (S9JC)
      1. Manages OGC’s data collection and management information systems.
      2. Analyzes data and produces business intelligence and management information reports for OGC executives and managers nationwide.
      3. Conducts evaluations to assess program operations to improve SSA and OGC policies and results and enhance the Agency’s service to the public.
      4. Coordinates and integrates the full scope of software development projects and initiatives used to manage OGC’s nationwide operation.
      5. Provides support, as needed, with IT operations.
   6. The Division of Business Support Services (S9JE)
      1. Coordinates and oversees human resource program management and policymaking for OGC.
      2. Develops and implements standard operating procedures and requirements, as well as SSA’s administrative procedures, for OGC nationwide.
      3. Coordinates and oversees OGC’s facilities management functions and continuity of operations nationwide.
      4. Formulates, executes, and monitors the component’s budget plans and spending.
      5. Controls component’s staffing ceilings and funding limits and prepares component allocations and FTEs.
      6. Analyzes and monitors component productivity in relation to the component’s budget and spending.