§Why CasetextPricing

Privacy Act of 1974; System of Records

87 Fed. Reg. 57198 (Sep. 19, 2022)

Privacy Act of 1974; System of Records

Download PDF
Federal RegisterSep 19, 2022
87 Fed. Reg. 57198 (Sep. 19, 2022)

AGENCY:

Administration for Children and Families, Department of Health and Human Services.

ACTION:

Notice of a modified system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, the U.S. Department of Health and Human Services (HHS) is modifying an existing system of records, system number 09-80-0361, titled “OPRE Research and Evaluation Project Records,” that is maintained by the Administration for Children and Families (ACF), Office of Planning, Research & Evaluation (OPRE). The system of records covers any individually identifiable records about individuals that are retrieved by a personal identifier to conduct OPRE research, evaluation, and data projects that study how to improve the economic and social well-being of children and families and/or increase the effectiveness and efficiency of programs inside and outside ACF working towards that goal. Subject individuals include individuals considered for inclusion or included in an OPRE Project; individuals who provide information about those considered or selected for an OPRE Project; and individuals whose information is in a pre-existing dataset evaluated or analyzed as part of an OPRE Project.

DATES:

The modified system of records is applicable October 19, 2022, subject to a 30-day period in which to comment on the new and revised routine uses. Submit any comments by October 19, 2022.

ADDRESSES:

The public should submit written comments by mail or email addressed to: Anita Alford, Senior Official for Privacy, Administration for Children and Families, 330 C St. SW, Washington, DC 20201, or anita.alford@acf.hhs.gov.

FOR FURTHER INFORMATION CONTACT:

General questions about the modified system of records may be submitted by email or telephone to Emily Schmitt at Emily.Schmitt@acf.hhs.gov or (202) 401-5786.

SUPPLEMENTARY INFORMATION:

I. Background on System of Records 09-80-0361, OPRE Research and Evaluation Project Records

The system of records covers individually identifiable records about individuals that are retrieved by a personal identifier to conduct OPRE research, evaluation, and data projects that study how to improve the economic and social well-being of children and families and/or increase the effectiveness and efficiency of programs inside and outside ACF working towards that goal (OPRE Projects). While the results of these studies are generally deidentified and made publicly available, the process of collecting and analyzing the information may, in some instances, require retrieving identifiable records about individuals by personal identifier (for example, to combine or de-duplicate data about the same individual collected at different times or from different sources). The majority of OPRE Projects are conducted without directly retrieving records by personal identifier, so do not involve Privacy Act records.

II. Modifications Made to the System of Records

The updated System of Records Notice (SORN) published in this notice includes the following modifications:

  • The SORN has been reformatted to comply with current format requirements in OMB Circular A-108, issued December 23, 2016. The Circular changed the order and headings of certain SORN sections and added a “SORN History” section.
  • The “System Location” and “System Manager(s)” sections have been updated with current addresses, and the System Manager(s) section now includes an email address.

• The “Authorities” section no longer cites 42 U.S.C. 7103 and 42 U.S.C. 9858 et seq. and the Consolidated Appropriations Act of 2008, and now cites the following in addition to the other previously cited authorities. Some of the newly cited statutes specifically identify when ACF should provide a service or evaluate an activity. The other statutes give ACF the authority to distribute funds; recipients must report information about the individuals assisted via those funds to ACF, which is then used in one or more OPRE Projects.

22 U.S.C. 7104 and 7105 (authorizes the HHS Secretary to provide grants to help victims of human trafficking and educate individuals about human trafficking).

34 U.S.C. 11243 (authorizes the HHS Secretary to carry out research, evaluation, demonstration, and service projects to increase knowledge concerning, and to improve services for, runaway youth and homeless youth);

42 U.S.C. 5105 (authorizes the HHS Secretary to fund a continuous program of research on how to better protect children from child abuse or neglect and improve the well-being of victims of child abuse or neglect);

42 U.S.C. 9844 (authorizes the HHS Secretary, directly or through grants or contracts, to carry out research, demonstrations, and evaluation activities to improve Head Start programs);

42 U.S.C. 10404 (authorizes the HHS Secretary to coordinate Departmental programs to prevent family violence, domestic violence, or dating violence);

42 U.S.C. 1397 et seq. (discusses the administration of the Block Grants to States for Social Services and research connected to those grants);

○ 42 U.S.C. subchapter II-B (authorized Child Care and Development Block Grants in fiscal years (FYs) 2015 through 2020 to fund state child care programs; data funded in prior FYs still exists);

○ 42 U.S.C. subchapter V (authorizes the HHS Secretary to support special projects of regional and national significance and research regarding maternal and child health); and

○ Executive Order (E.O.) 9397 as amended by E.O. 13478 (addresses use of personal identifiers).

  • The “Purpose(s)” section has been revised to add a description of types of OPRE Projects, which are listed as a. through g., and to omit an unnecessary statement that the procedures for collecting information about research subjects in OPRE Projects are reviewed, as appropriate, by Institutional Review Boards and are subject to HHS regulations on research with human subjects, including requirements for informed consent.
  • The “Categories of Individuals” section has been clarified and expanded. Instead of stating that information is about research “participants” and may include information about family members of program participants and service recipients, it encompasses program clients, individuals (such as family members) who provide information about program clients, and sole practitioners who provide services to program clients; and it makes clear that information about them may be from a pre-existing dataset used in an OPRE Project, not necessarily newly collected specifically for the OPRE Project.

• The “Categories of Records” section includes some revised and additional examples of data elements that may be contained in the records; i.e.:

○ “Email address” has been added to the examples of contact information.

○ In the examples of sociodemographic information, “date of birth” has been changed to “age”; “citizenship” has been removed; and the following have been added: tribal affiliation, gender, sexuality, language preferences and proficiencies, responses to assessments and collections ( e.g., surveys and interviews), photographs, voice and video recordings and transcripts, bio-specimens, correspondences, and administrative records.

○ In examples of other information, “income” has been changed to “finances”; “pre-school Head start participation” has been broadened to “other governmental services”; and the following have been added: education; living situation, sexual history, mental and physical health and well-being, criminal activities, risky behaviors ( e.g., illicit drug use), family dynamics ( e.g., beliefs), and disabilities.

  • The “Record Source Categories” section has been reworded but not substantively changed.
  • The “Routine Uses” section includes the following updates:

○ The introduction omits this statement: “In addition, contractors may be restricted by contract from making a disclosure allowed as a routine use or by law without the consent of HHS, of the data subject, or both, unless the disclosure is required by law.”

○ Three existing routine uses have been revised, as follows:

Routine use 2, which authorizes disclosures incident to requesting information, has been revised to change “information” to “records” and to change “research or evaluation” to “OPRE Project.”

Routine use 4, which authorizes disclosures to the Department of Justice or in proceedings, has been revised to omit a statement about compatibility with the original collection purpose, which is redundant because it repeats part of the definition of a routine use.

Routine use 5, which previously authorized disclosures to HHS contractors, has been revised to include HHS grantees and to add, as a condition of disclosure, that the contractor or grantee must be required by the terms of the contract or grant to comply with the Privacy Act.

○ One routine use has been deleted (numbered as 6 in the existing SORN); it authorized disclosures to claims examiners, investigators, arbitrators, etc., at other agencies (including the Office of Personnel Management, Office of Special Counsel, Merit System Protection Board, Federal Labor Relations Authority, Equal Opportunity Commission, and Office of Government Ethics) in administrative grievance, claim, complaint, and appeal cases filed by employees. In the unlikely event that an employee's work, with or responsibility for, records in this system of records were to become an issue in such a case, it should not be necessary to use identifiable records from this system of records for investigation, discovery, evidentiary, settlement, or other purposes in the case.

○ Two new routine uses have been added (numbered as 9 and 10) authorizing disclosures for research that will not impact the record subject and disclosures so that an organization that serves an individual under a federal contract may access information about its services to continue serving the individual.

  • A section headed “Disclosure to Consumer Reporting Agencies” has been removed as unnecessary, because the section merely confirmed that such disclosures are not made from this system of records.
  • The “Storage” section previously stated that, depending on the project, records “may be stored on paper or other hard copy, computers, and networks,” and now states that records “are stored in paper and electronic form.”
  • The “Retrieval” section has been reworded but not substantively changed.
  • The “Retention” section no longer states that identifiers are removed once the analysis is complete. Instead, it now states that a disposition schedule is pending approval by the National Archives and Records Administration (NARA), which proposes that the records be cutoff upon completion of final report or termination of evaluation and be destroyed 5 years after cutoff; and that ACF/OPRE will continue to retain the records indefinitely until the schedule is approved by NARA.
  • The “Safeguards” section, which previously stated that contractors and other record keepers are required to maintain “appropriate” administrative, technical, and physical safeguards and that records are “secured in compliance with Federal requirements” now describes particular administrative, technical, or physical safeguards that are used to protect the records from unauthorized access.

• The “Record Access Procedures,” “Contesting Record Procedures,” and “Notification Procedures” sections have been revised to state that access, amendment, and notification requests “must” (instead of “should”) be in writing and contain identity verification information; to no longer require that requests include “Social Security Number ” (SSN); and to specify how the requester's identity may be verified ( i.e., by a notarized signature or a statement signed under penalty of perjury) instead of stating that verification of identity would be “as described in the Department's Privacy Act regulations.”

Because some of these changes are significant, HHS provided advance notice of the modified system of records to the Office of Management and Budget and Congress as required by 5 U.S.C. 552a(r) and OMB Circular A-108.

Emily P. Dennis,

Acting Deputy Assistant Secretary for Planning, Research, and Evaluation, Administration for Children & Families.

SYSTEM NAME AND NUMBER:

OPRE Research and Evaluation Project Records, 09-80-0361.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

OPRE, ACF, HHS, 330 C St. SW, Washington, DC 20201. A list of contractor sites where system records are maintained is available upon request to the System Manager.

SYSTEM MANAGER(S):

Executive Officer, OPRE, ACF, HHS, 330 C St. SW, Washington, DC 20201, dataq@acf.hhs.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

22 U.S.C. 7104 and 7105 (authorizes the Secretary to provide grants to help victims of human trafficking and educate individuals about human trafficking); 34 U.S.C. 11243 (authorizes the HHS Secretary to carry out research, evaluation, demonstration, and service projects to increase knowledge concerning, and to improve services for, runaway youth and homeless youth); 42 U.S.C. 613 (authorizes the HHS Secretary to conduct research on the effects of temporary assistance to needy families programs and related programs); 42 U.S.C. 628b (authorizes the HHS Secretary to fund a national study about child abuse and neglect); 42 U.S.C. 1310 (authorizes the HHS Secretary to fund research and demonstration projects connected to Social Security Act funded programs); 42 U.S.C. 5105 (authorizes the HHS Secretary to fund a continuous program of research on how to better protect children from child abuse or neglect and improve the well-being of victims of child abuse or neglect); 42 U.S.C. 9836 (authorizes the HHS Secretary to convene an expert panel to develop a Designation Renewal System for Head Start agencies); 42 U.S.C. 9844 (authorizes the HHS Secretary, directly or through grants or contracts, to carry out research, demonstrations, and evaluation activities to improve Head Start programs); 42 U.S.C. 10404 (authorizes the HHS Secretary to coordinate Departmental programs to prevent family violence, domestic violence, or dating violence); 42 U.S.C. 1397 et seq. (discusses the administration of block grants to states for social services and research connected to those grants); 42 U.S.C. subchapter II-B (authorized child care and development block grants in fiscal years (FYs) 2015 through 2020 to fund state child care programs; data funded in prior FYs still exists); 42 U.S.C. subchapter V (authorizes the HHS Secretary to support special projects of regional and national significance and research regarding maternal and child health); 42 U.S.C. 1310 (authorizes the HHS Secretary to fund through grants and contracts the conduct of research and demonstration projects regarding the prevention and reduction of welfare dependency); and Executive Order 9397, as amended by Executive Order 13478 (addresses use of personal identifiers).

PURPOSE(S) OF THE SYSTEM:

The records in this system of records are used for the purpose of conducting OPRE research, evaluation, and data projects that study how to improve the economic and social well-being of children and families and/or increase the effectiveness and efficiency of programs inside and outside ACF working towards that goal (OPRE Projects). Each OPRE Project may involve:

(a) the analysis of data from various sources;

(b) the collection of data through surveys, focus groups, interviews, and other methods;

(c) the provision of technical assistance to organizations;

(d) the evaluation of programs and services;

(e) the provision of services to populations and evaluating their outcomes;

(f) data and capacity building within ACF; and

(g) other research, evaluation, and data related activities.

This work may be supported or accomplished by federal staff or by contractors, vendors, grantees, and other partners.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The system of records contains records about the following categories of individuals:

(a) Individuals who are considered for inclusion or are included in an OPRE Project ( e.g., service recipients, individuals providing services);

(b) Individuals who provide information about those considered or selected for an OPRE Project ( e.g., parents and other relatives, case managers, program managers, alternate points of contact); and

(c) Individuals whose information is in a pre-existing dataset evaluated or analyzed as part of an OPRE Project. This includes administrative datasets created while operating programs such as Temporary Assistance for Needy Families or Head Start.

CATEGORIES OF RECORDS IN THE SYSTEM:

The records maintained about a specific individual will depend on which OPRE Project the individual was considered for or included in and the individual's role in the project. An OPRE Project may collect the individual's identifying information and contact information (name, address(es), telephone number(s), email address(es), SSN); sociodemographic characteristics ( e.g., age, race, ethnicity, tribal affiliation, gender, sexuality); language preferences and proficiencies; responses to assessments and collections ( e.g., surveys and interviews); photographs; voice and video recordings and transcripts; bio-specimens; correspondences; identifiers specific to the applicable project or series of projects in which the individual was involved; and administrative records. It may also collect records about an individual's current and prior finances; education; employment; living situation; sexual history; mental and physical health and well-being; criminal activities; risky behaviors ( e.g., illicit drug use); family dynamics ( e.g., marriage, relationships, and beliefs); disabilities; service utilization; other characteristics; experiences with child welfare and other governmental services; and experiences relevant to ACF's programs.

RECORD SOURCE CATEGORIES:

The sources of records in the system may include: the record subject; HHS; other governmental agencies (federal, state, tribal, and local) and their agents; ACF contractors and grantees; research institutions, foundations, and similar organizations; publicly available documents; commercial sources; individuals who know the record subject ( e.g., relatives, case managers, service providers, and neighbors); and other third parties.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

These routine uses specify circumstances, in addition to those provided by statute in the Privacy Act, under which ACF may release information from the system of records without the record subject's consent.

Each proposed disclosure under these routine uses will be evaluated to ensure it is legally permissible and appropriate. If a OPRE Project received a certificate of confidentiality, these routine uses will not authorize a disclosure barred by the terms of the certificate.

(1) Disclosure for Law Enforcement Purpose

Information may be disclosed to the appropriate federal, state, local, tribal, or foreign agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order, if the information is relevant to a violation or potential violation of civil or criminal law or regulation within the jurisdiction of the receiving entity. However, because this is a research and evaluation system, no information will be disclosed for use in any investigation, prosecution, or other action targeted against any individual who is the subject of the record.

(2) Disclosure Incident to Requesting Records

Records may be disclosed (to the extent necessary to identify the individual, inform the source of the purpose of the request, and identify the type of records requested), to any source from which additional records are requested when necessary to obtain records relevant to the OPRE Project being conducted.

(3) Disclosure to Congressional Office

Information may be disclosed to a congressional office from the record of an individual in response to a written inquiry from the congressional office made at the request of the individual.

(4) Disclosure to Department of Justice or in Proceedings

Information may be disclosed to the Department of Justice, or in a proceeding before a court, adjudicative body, or other administrative body before HHS is authorized to appear, when (a) HHS, or any component thereof; or (b) any employee of HHS in his or her official capacity; or (c) any employee of HHS in his or her individual capacity where the Department of Justice or HHS has agreed to represent the employee; or (d) the United States, if HHS determines that litigation is likely to affect HHS or any of its components; is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice or HHS is deemed by HHS to be relevant and necessary to the litigation.

(5) Disclosure to Contractors and Grantees

Records may be disclosed to a contractor or grantee that (a) is performing or working on a contract or grant for HHS, (b) needs to access the records in the performance of their duties or activities for HHS, and (c) is required by the terms of the contract or grant to comply with the Privacy Act.

(6) Disclosure in Connection with Litigation

Information may be disclosed in connection with litigation or settlement discussions regarding claims by or against HHS, including public filing with a court, to the extent that disclosure of the information is relevant and necessary to the litigation or discussions and except where court orders are otherwise required under 5 U.S.C. 552a(b)(11).

(7) Disclosure in the Event of a Security Breach Experienced by HHS

To appropriate agencies, entities, and persons when (1) HHS suspects or has confirmed that there has been a breach of the system of records; (2) HHS has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, HHS (including its information systems, programs, and operations), the federal government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with HHS's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(8) Disclosure in the Event of a Security Breach Experienced by Another Agency or Entity

To another federal agency or federal entity, when HHS determines that information from the system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the federal government, or national security, resulting from a suspected or confirmed breach.

(9) Disclosure for Research Purposes

Records may be disclosed for a research, evaluation, or data purpose if HHS:

(A) Determines that the use and disclosure does not violate the laws or policies under which the record was collected;

(B) Determines that the purpose cannot be reasonably accomplished unless individually identifiable information is provided;

(C) Determines that the purpose warrants any privacy risk to the individual caused by the disclosure;

(D) Determines that the disclosure will not directly affect the rights, privileges, or benefits of a particular individual.

(E) Requires the recipient to:

1. Establish reasonable administrative, technical, and physical safeguards to prevent unauthorized use or disclosure of the record;

2. Destroy the individually identifiable information as soon as reasonable for that project;

3. Not reuse or redisclose the information except:

(a) in an emergency circumstances affecting the health or safety of an individual,

(b) to another research, evaluation, or data project with written authorization from HHS,

(c) for an audit related to the project, if the individually identifiable information is removed or destroyed at the earliest opportunity consistent with the purpose of the audit, or

(d) when required by law; and

4. Provide HHS a written statement that they understand and will abide by these requirements.

(10) Disclosure to Continue Services

Records about the services an individual received from a grantee as part of an OPRE Project may be shared with that grantee, or successor organizations, to continue serving that individual.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are stored in paper and electronic form.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved by the subject individual's name, SSN, or another personal identifier contained in the records.

POLICIES AND PROCEDURES FOR RETENTION AND DISPOSAL OF RECORDS:

A disposition schedule, DAA-0292-2020-0005, is pending approval by NARA, which proposes at Item 1.3 that the records (background materials for creation of studies and reports) be cut off at the end of the calendar year in which the report is published and destroyed 5 years after cut-off. ACF/OPRE will continue to retain the records indefinitely until the schedule is approved by NARA.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

All record keepers are required to maintain appropriate administrative, technical, and physical safeguards to protect the records from unauthorized access. Administrative controls include training individuals who have access to the records how to handle them appropriately, incident response plans, and limiting access to individuals who need to know the information. Technical controls include the use of antivirus software, vulnerability patching, multi-factor authentication when required, and storing electronic records in encrypted form. Physical controls include storing hard copy records and computer terminals used to access electronic records in physically locked locations when not in use.

RECORD ACCESS PROCEDURES:

Individuals seeking access to records about them in this system of records must submit a written access request to the System Manager identified in the “System Manager(s)” section of this SORN, in accordance with the Department's Privacy Act implementation regulations in 45 CFR. The request must contain the requester's full name, contact information ( i.e., telephone number and/or email address, and current mailing address), and sufficient identifying particulars contained in the records to enable the System Manager to distinguish between records on subject individuals with the same name. In addition, to verify the requester's identity, the request must be signed by the requester, and the signature must be notarized or the request must include the requester's written certification that the requester is the person the requester claims to be and that he/she understands that the knowing and willful request for or acquisition of a record pertaining to an individual under false pretenses is a criminal offense subject to a fine of up to $5,000.

CONTESTING RECORD PROCEDURES:

Individuals seeking to amend a record about them in this system of records must submit a written amendment request to the System Manager identified in the “System Manager(s)” section of this SORN, in accordance with the Department's Privacy Act implementation regulations in 45 CFR. An amendment request must include verification of the requester's identity in the same manner required for an access request and must reasonably identify the record and specify the information being contested, the corrective action sought, and the reasons for requesting the correction, along with supporting information to show how the record is inaccurate, incomplete, untimely, or irrelevant.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether this system of records contains records about them must submit a written notification request to the System Manager identified in the “System Manager(s)” section of this SORN, in accordance with the Department's Privacy Act implementation regulations in 45 CFR and verify their identity in the same manner required for an access request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

80 FR 17893 (April 2, 2015), 83 FR 6591 (Feb. 14, 2018).

[FR Doc. 2022-20139 Filed 9-16-22; 8:45 am]

BILLING CODE 4184-79-P