DTA is the real-time access of certain Social Security Administration (SSA) electronic databases by another Federal agency. SSA provides DTA so that agencies can quickly obtain agreed upon data about SSA beneficiaries to administer their programs. We only consider providing DTA when other methods of data exchange will not suffice.

Federal laws govern disclosure of the information, or data, contained in SSA’s systems of records. When evaluating whether we can grant DTA, SSA will consider if Federal laws authorize SSA to disclose the requested data to the requesting agency, and whether the requesting agency has a business need for the data.

SSA’s Office of the General Counsel (OGC) determines whether we have legal authority to disclose the data and enter into an agreement with the requesting agency. For information about SSA’s disclosure policy, refer to subchapter GN 03301.000.

SSA approves an agency for DTA, if the following actions are completed:

1. 1. 

   The requestor completes and submits Form SSA-157 (Data Exchange Request Form (DXRF) Request for Information from SSA) to the Office of Data Exchange and International Agreements (ODXIA). An ODXIA agreement liaison assists the requestor through the application process. For more information about requesting a data exchange, visit our Data Exchange website;

2. 2. 

   OGC determines that SSA has legal authority to provide data to the requesting agency and that there are no privacy or disclosure concerns with the requested access;

3. 3. 

   The requestor completes a business needs assessment, which identifies the:

   • •

     user profile(s),

   • •

     requested queries,

   • •

     requested data elements, and

   • •

     business reason(s) and purpose for requesting access.

4. 4. 

   The requestor submits an individual Form SSA-120 (Application for Access to SSA Systems), to the Office of Information Security (OIS) designating each employee who will access SSA’s systems via DTA;

5. 5. 

   The requestor submits form SSA-222 (Social Security Administration (SSA) Security Awareness Contractor Personnel Security Certification) if the requesting agency’s designated employee is an agency contractor; and

6. 6. 

   OIS assigns a personal identification number (PIN) to the designated employee(s) at the requesting agency, provided OIS approves the SSA-120, and the SSA-222, if required.

   IMPORTANT: SSA attaches the employee’s personally identifiable information to the PIN to capture a record of all transactions performed under the assigned PIN. The PIN File complies with the Privacy Act. See Authority for Maintenance of the System in Section 205(a) of the Social Security Act and 5 U.S.C. 552a(e)(10).

SSA and the requesting agency must sign the required agreements before providing DTA:

1. 1. 

   A legal agreement identifying the terms and conditions of the direct access;

2. 2. 

   A security agreement identifying the external agency’s system requirements, which ensures security and confidentiality of SSA’s data; and

3. 3. 

   A financial agreement identifying the external agency’s financial responsibilities for obtaining and maintaining DTA (NOTE: A financial agreement may not be required for some agencies.).

The requesting agency and its employees must adhere to the terms and conditions of the established agreements; otherwise, DTA may be suspended or terminated.

SSA and the DTA partnering agency will comply with the requirements of all federal laws and statues as they apply to the electronic storage, transport of records between agencies, and the internal processing of records received by either agency.

SSA reserves the right to conduct onsite inspections to monitor the DTA partnering agency’s compliance with these requirements during the term, or any extension of this agreement, to ensure that the partnering agency maintains adequate safeguards.