Privacy Act of 1974; System of Records, 3550-3562 [2022-01066]

Agencies

• DEPARTMENT OF HEALTH AND HUMAN SERVICES
• Administration for Children and Families

[Federal Register Volume 87, Number 15 (Monday, January 24, 2022)]
[Notices]
[Pages 3550-3562]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-01066]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Administration for Children and Families


Privacy Act of 1974; System of Records

AGENCY: Administration for Children and Families, Department of Health 
and Human Services.

ACTION: Notice of modified systems of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974,

[[Page 3551]]

as amended, the Department of Health and Human Services (HHS) is 
modifying three systems of records maintained by the Administration for 
Children and Families (ACF), Office of Child Support Enforcement 
(OCSE): System Number 09-80-0381, ``OCSE National Directory of New 
Hires, HHS/ACF/OCSE''; System No. 09-80-0383, ``OCSE Debtor File, HHS/
ACF/OCSE''; and System No. 09-80-0387, ``Federal Parent Locator Service 
Child Support Services Portal, HHS/ACF/OCSE'' (now renamed ``Child 
Support Portal Registration Records, HHS/ACF/OCSE'').

DATES: This Notice is applicable January 24, 2022, subject to a 30-day 
period in which to comment on the new and revised routine uses, 
described below. Please submit any comments by February 23, 2022.

ADDRESSES: The public should address written comments by mail or email 
to: Anita Alford, Senior Official for Privacy, Administration for 
Children and Families, 330 C St. SW, Washington, DC 20201, or 
[email protected].

FOR FURTHER INFORMATION CONTACT: General questions about these systems 
of records should be submitted by mail or email to Venkata Kondapolu, 
Acting Director, Division of Federal Systems, Office of Child Support 
Enforcement, at 330 C St. SW, 5th Floor, Washington, DC 20201, 
[email protected] or 202-260-4712.

SUPPLEMENTARY INFORMATION:

I. Explanation of Changes to 09-80-0381, OCSE National Directory of New 
Hires

    This system of records covers records about newly hired employees, 
including employer, wage, unemployment compensation, and income 
withholding information for child support enforcement. The System of 
Records Notice (SORN) has been modified as follows:
     Address information in the System Location and System 
Manager sections has been updated.
     The Authority section has been updated to include 42 
U.S.C. 652(n), 653(a)(2), 653(c)(5), and 659a(c)(2).
     The Purpose section has been revised to include these 
additional purpose specifications:
    [cir] Assisting tribal child support programs.
    [cir] Supporting establishment and enforcement of child and medical 
support orders.
    [cir] Supporting collection of non-tax debts owed to the federal 
government and administration of the tax code.
     The Categories of Individuals section now includes the 
following:
    [cir] Independent contractors as part of category 3.
    [cir] Tribal IV-D child support enforcement agencies as part of 
category 5.
     The Categories of Records section now includes references 
to the following:
    [cir] Independent contractors as part of record category 3.
    [cir] Tribal IV-D child support enforcement agencies as part of 
record category 6.
    [cir] Medical support records as part of record category 6, 
including an explanation that such records contain health care coverage 
provider information, third party provider information, professional 
employer organization information, and pension plan provider 
information.
     The Record Source Categories section now includes the 
following:
    [cir] Health Plan Administrators, both employers and the health 
plan administrators may be sources of health care coverage information 
submitted in response to a National Medical Support Notice.
     The Routine Uses section has been updated as follows:
    [cir] The opening paragraph has been revised to remove an 
unnecessary statement that each disclosure must be compatible with the 
purpose for which the records were collected (the statement is 
redundant because this is how a routine use is defined in 5 U.S.C. 
552a(a)(7)), and to add a statement that ``ACF will prohibit 
redisclosures, or may permit only certain redisclosures, as required or 
authorized by law.''
    [cir] Routine use 1 has been revised to clarify that the persons 
authorized to be disclosure recipients under 42 U.S.C. 653(c) include 
agents and attorneys of ``Indian Tribes or Tribal organizations'' (in 
case not understood to be included in the description ``agents and 
attorneys of states''); to include, in the description of agents and 
attorneys, a reference to ``plan[s] approved under title IV-D of the 
Social Security Act;'' to remove, from descriptions of court orders, 
references to ``custody'' and ``visitation'' (i.e., to refer only to 
``support'' and ``maintenance''); and to add a fifth category of 
disclosure recipient, i.e., an entity designated as a Central Authority 
for child support enforcement in a foreign reciprocating country or a 
foreign treaty country, as authorized by amendments made to 42 U.S.C. 
653(c) by the Preventing Sex Trafficking and Strengthening Families Act 
of 2014, Public Law 113-183, September 29, 2014.
    [cir] Routine use 4 has been revised to include foreign treaty 
countries as disclosure recipients, pursuant to 42 U.S.C. 652(n) and 
653(c)(5).
    [cir] Routine use 7 has been revised to include Tribal IV-D child 
support enforcement agencies as disclosure recipients.
    [cir] Routine use 9 has been revised to permit disclosures to the 
Commissioner of Social Security for an additional purpose, i.e., 
administering the Ticket to Work program.
    [cir] The heading for routine use 15 has been revised to read 
``Disclosure to State Agency for Supplemental Nutrition Assistance 
Program Purposes'' to mirror changes to the heading of subsection 42 
U.S.C. 653(j)(10) made by the Agricultural Act of 2014, Public Law 113-
79, February 7, 2014.
    [cir] Routine use 16 has been revised to cite 42 U.S.C. 653 
(instead of only 42 U.S.C. 653(j)) and to no longer include an 
unnecessarily detailed description of the benefits, compensation, or 
services that are the subject of the disclosures made to the Secretary 
of Veterans Affairs under 42 U.S.C. 653.
    [cir] Routine uses 17 and 18 have been revised to omit redundant 
wording, i.e., the disclosure must be compatible with the purpose for 
which the records were collected (the wording is redundant because this 
is how a routine use is defined in 5 U.S.C. 552a(a)(7)); and the 
wording of routine use 18 (authorizing disclosures in litigation or 
other proceedings) has been simplified.
    [cir] Routine use 19 has been revised to require that the 
constituent request, which is the subject of the disclosure, must be a 
``written'' request.
    [cir] The security breach-related routine use that was previously 
numbered as routine use 21 and was revised February 14, 2018, (see 83 
FR 6591) is now numbered as routine use 21(a); a second security 
breach-related routine use that was added in the notice on February 14, 
2018, is now numbered as routine use 21(b).
    [cir] A note has been added at the end of the Routine Uses section, 
explaining that most of the disclosures the Privacy Act at 5 U.S.C. 
552a(b) permits to be made without publishing a routine use are not, in 
fact, permissible for NDNH data, due to access restrictions stated in 
the NDNH statute at 42 U.S.C. 653(l), but ACF may lawfully disclose 
NDNH data to the Comptroller General without the data subject's 
consent, as permitted by 5 U.S.C. 552a(b)(10), and will make such 
disclosures when requested by the Comptroller General, because such 
disclosures are required by 31 U.S.C. 721 notwithstanding the access 
restrictions imposed by the NDNH statute.

[[Page 3552]]

     A section that followed the Routine Uses section that 
stated disclosures are not made to consumer reporting agencies has been 
removed as unnecessary to include.
     The Policies and Practices for Retention and Disposal of 
Records section has been updated to identify the applicable National 
Archives and Records Administration (NARA)-approved disposition 
schedule, N1-292-10-2.
     The Administrative, Technical, and Physical Safeguards 
section has been updated to include information about the use of cloud 
service providers and to state that authorized persons' access to the 
records is role-based.
     The procedures for making access, amendment, and 
notification requests now explain how to provide verification of 
identity (instead of stating that identity must be verified in 
accordance with HHS' Privacy Act regulations) and list date of birth 
and social security number (SSN) as examples of identifying particulars 
to include for the purpose of distinguishing between records on 
individuals with the same name (instead of indicating that SSN should 
be included in every request).

II. Explanation of Changes to 09-80-0383, OCSE Debtor File

    This system of records covers records about individuals owing past 
due child support and individuals claiming or receiving insurance 
claims, settlements, awards, and payments or other periodic or lump-sum 
state or federal benefits. The following modifications have been made:
     Address information in the System Location and System 
Manager sections has been updated.
     In the Purpose section, one statutory reference has been 
updated to reflect that 42 U.S.C. 652(l) was redesignated as 42 U.S.C. 
652(m).
     The Categories of Individuals section has been clarified 
to specifically mention ``federal tax refunds and federal 
administrative payments'' as examples of income or benefits, in the 
description of ``additional individuals receiving income or benefits.''
     The Categories of Records section has been revised to add 
date of birth, place of birth, and mailing address as data elements 
within record category 1.
     The Routine Uses section has been updated as follows:
    [cir] The opening paragraph and routine uses 11 and 12 have been 
revised to remove an unnecessary statement, ``the disclosures must be 
compatible with the purpose for which the records were collected.'' 
This statement is redundant, because this is how a routine use is 
defined in 5 U.S.C. 552a(a)(7)); and the wording of routine use 12 
(authorizing disclosures in litigation or other proceedings) has been 
simplified.
    [cir] Routine uses 4 and 8 have been revised to update a statutory 
citation (due to a redesignation, 42 U.S.C. 652(l), which is now 42 
U.S.C. 652(m)).
    [cir] Routine use 14 has been revised to require that the 
constituent request, which is the subject of the disclosure, must be a 
``written'' request.
    [cir] The security breach-related routine use that was previously 
numbered as routine use 15 and was revised on February 14, 2018 (see 83 
FR 6591) is now numbered as routine use 15(a); and a second security 
breach-related routine use that was added in the same notice on 
February 14, 2018, is now numbered as routine use 15(b).
     A section that followed the Routine Uses section, which 
stated that disclosures are not made to consumer reporting agencies, 
has been removed as unnecessary to include.
     The Policies and Practices for Retention and Disposal of 
Records section has been updated to state that ``[u]pon approval of a 
disposition schedule by the National Archives and Records 
Administration (NARA)'' the records will be deleted when OCSE 
determines that the records are no longer needed.
     The Administrative, Technical, and Physical Safeguards 
section has been updated to include information about the use of cloud 
service providers and to state that authorized persons' access to the 
records is role-based.
     The procedures for making access, amendment, and 
notification requests now explain how to provide verification of 
identity (instead of stating that identity must be verified in 
accordance with HHS' Privacy Act regulations) and list date of birth 
and SSN as examples of identifying particulars to include for the 
purpose of distinguishing between records on individuals with the same 
name (instead of indicating that SSN should be included in every 
request).

III. Explanation of Changes to 09-80-0387, Child Support Portal 
Registration Records

    This system of records covers records OCSE uses to maintain and 
verify information about individuals who are legally authorized, and 
have been given access privileges by OCSE, to use the Child Support 
Portal. The Child Support Portal enables these authorized users to 
submit and exchange information and to access select, highly 
confidential child support enforcement case information maintained in 
other OCSE Systems of Records for authorized purposes. The following 
modifications have been made:
     The system of records name has been changed from ``Federal 
Parent Locator Service Child Support Services Portal'' to ``Child 
Support Portal Registration Records,'' and revisions have been made 
throughout the SORN to clarify that the scope of the system of records 
is limited to registration records about individuals who register for 
access to use the Child Support Portal's services. (There are no 
records in the portal; the portal is used to submit records to and 
access records in other OCSE systems of records.)
     Address information in the System Location and System 
Manager sections has been updated.
     The Purpose section has been revised to clarify that 
``OCSE personnel and contractors'' use the registration records to 
validate registrants' and their affiliated organizations' eligibility 
for access, to authenticate their identity, and to state these 
additional purpose specifications (purposes for individuals registering 
to access the Child Support Portal):
    [cir] OCSE personnel register to use the Child Support Portal to 
submit, request, and receive child support program reporting 
information that does not include personally identifiable information 
(PII), such as state plan and program self-assessment reports.
    [cir] OCSE contractors register to use the Child Support Portal to 
perform system administrative support functions.
    [cir] Employers' representatives register to use the Child Support 
Portal to submit employer identifying and contact information, and 
employee status changes; provide lump sum payment information and a 
list of states in which the employer operates; and to designate a 
single reporting state for the National Directory of New Hires.
    [cir] Financial institutions' and insurers' representatives 
register to use the Child Support Portal to provide information about 
financial assets and potential insurance payouts for child support 
obligors.
    [cir] States' and tribes' representatives register to use the Child 
Support Portal to submit and access child support case information 
regarding child support obligor location, income, assets, and other 
inter-jurisdictional case information; state and tribal child support 
agencies use the Child Support Portal to submit federally required 
reports.
     The Categories of Individuals section that describes 
categories of registrants, has been revised to:
    [cir] Add employees of tribal agencies, and change ``employees'' of 
employers,

[[Page 3553]]

insurance companies, and financial institutions to ``representatives 
and contractors'' of those entities.
    [cir] Include a summary of the purposes for which individuals 
register to access the Child Support Portal, as ``for the purpose(s) of 
submitting or accessing information to process child support cases'' 
(instead of repeating particular purposes, such as those now stated in 
the Purpose(s) section).
     The Categories of Records section has been revised to:
    [cir] List additional data elements collected at the time of portal 
access registration, including user name or ID number, business 
function, workload identifier, employer, county of employment, 
telephone number, telephone service provider, tribal affiliation, email 
address, name of employer, selected security questions and responses, 
and individual passwords for access to the Child Support Portal.
     The Routine Uses section has been updated as follows:
    [cir] A statement about tax information has been removed as not 
applicable to the user registration records covered in this system of 
records.
    [cir] The opening paragraph and routine use 1 have been revised to 
remove an unnecessary statement that disclosures must be compatible 
with the purpose for which the records were collected (the statement is 
redundant, because this is how a routine use is defined in 5 U.S.C. 
552a(a)(7)); and the wording of routine use 1 (authorizing disclosures 
in litigation or other proceedings) has been simplified.
    [cir] Routine use 2 has been revised to require that the 
constituent request, which is the subject of the disclosure, must be a 
``written'' request.
    [cir] The security breach-related routine use that was previously 
numbered as routine use 4 and was revised February 14, 2018 (see 83 FR 
6591) is now numbered as routine use 4(a); a second security breach-
related routine use that was added in that same notice on February 14, 
2018, is now numbered as routine use 4(b).
    [cir] A statement that disclosures are not made to consumer 
reporting agencies, which was previously numbered as routine use 5, has 
been removed.
     The Policies and Practices for Retention and Disposal of 
Records section has been updated to state that ``[u]pon approval of a 
disposition schedule by the National Archives and Records 
Administration (NARA)'' the records will be deleted when OCSE 
determines that the records are no longer needed.
     The Administrative, Technical, and Physical Safeguards 
section has been updated to:
    [cir] Include information about the use of cloud service providers.
    [cir] Clarify that the records consist of user registration 
records.
    [cir] Describe the personnel authorized to access the records and 
state that their access is role-based.
    [cir] Add information about how the facility where records are 
stored is physically protected.
     The procedures for making access, amendment, and 
notification requests now explain how to provide verification of 
identity (instead of stating that identity must be verified in 
accordance with HHS' Privacy Act regulations) and list date of birth 
and SSN as examples of identifying particulars to include for the 
purpose of distinguishing between records on individuals with the same 
name (instead of indicating that SSN should be included in every 
request).

Venkata Kondapolu,
Acting Director, Division of Federal Systems, Office of Child Support 
Enforcement, Administration for Children and Families, U.S. Department 
of Health and Human Services.

SYSTEM NAME AND NUMBER:
    OCSE National Directory of New Hires, HHS/ACF/OCSE, 09-80-0381.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Office of Child Support Enforcement, Administration for Children 
and Families, 330 C St. SW, 5th Floor, Washington, DC 20201.

SYSTEM MANAGER(S):
    Acting Director, Division of Federal Systems, Office of Child 
Support Enforcement, Administration for Children and Families, 
Department of Health and Human Services, 330 C St. SW, 5th Floor, 
Washington, DC 20201, or [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 652(a)(9), 652(n), 653(a)(1) and (2), 653(c)(5), 653(i), 
and 659a(c)(2).

PURPOSE(S) OF THE SYSTEM:
    The Office of Child Support Enforcement (OCSE) uses the NDNH 
primarily to assist states and Indian tribes or tribal organizations to 
locate parents; establish paternity and child support orders, including 
the establishment of medical support; and enforce child support and 
medical support orders. The NDNH is also used to support the following 
programs as specified in sections 453 and 463 of the Social Security 
Act (42 U.S.C. 653, 663): Temporary Assistance for Needy Families 
(TANF), child and family services, foster care and adoption assistance; 
to establish or verify eligibility of applicants for, or beneficiaries 
of, federal and state benefit programs; to recoup payments or 
delinquent debts under benefit programs and non-tax debts owed to the 
federal government; for administration of the tax code; and for certain 
research purposes likely to contribute to achieving the purposes of the 
TANF program or the federal/state/tribal child support program.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    (1) Individuals who are newly hired ``employees'' within the 
meaning of chapter 24 of the Internal Revenue Code of 1986, 26 U.S.C. 
3401, whose employers have furnished specified information to a State 
Directory of New Hires which, in turn, has furnished such information 
to the NDNH pursuant to 42 U.S.C. 653a(g)(2)(A).
    (2) Individuals who are federal government employees whose 
employers have furnished specified information to the NDNH pursuant to 
42 U.S.C. 653(n) and 653a(b)(1)(c). This category does not include 
individuals who are employees of a department, agency, or 
instrumentality performing intelligence or counterintelligence 
functions, if the head of such department, agency, or instrumentality 
has determined that filing such a report could endanger the safety of 
the employee or compromise an ongoing investigation or intelligence 
mission.
    (3) Individuals to whom unemployment compensation or wages have 
been paid, and about whom the State Directory of New Hires has 
furnished such information to the NDNH pursuant to 42 U.S.C. 653(e)(3) 
and 653a(g)(2)(B). Such individuals may include independent 
contractors, in accordance with state law.
    (4) Individuals whose information is contained within input records 
furnished by an authorized state or federal agency for matching to 
obtain employment, wage, or unemployment compensation information 
pertaining to those individuals for purposes of establishing or 
verifying eligibility of applicants for, or beneficiaries of, federal 
or state benefit programs, such as those funded under 42 U.S.C. 601 
through 619 (Title IV-A of the Social Security Act, TANF). Other 
individuals whose information is contained within input records 
furnished for authorized matching are listed in the routine uses 
section of this system of records notice.

[[Page 3554]]

    (5) Individuals involved in child support cases whose information 
is collected and disseminated to and from employers (and other payers 
of income) and state or Tribal IV-D child support enforcement agencies, 
courts, and other authorized entities for enforcement of child support 
orders by withholding of income.

CATEGORIES OF RECORDS IN THE SYSTEM:
    (1) Records pertaining to newly hired employees furnished by a 
State Directory of New Hires pursuant to 42 U.S.C. 653a(g)(2)(A). 
Records in the system are the name, address, SSN or Taxpayer 
Identification Number (TIN), and date of hire of the employee; the 
name, address, and federal identification number of the employer of 
such employee; and, at the option of the state, the date of birth or 
state of hire of the employee.
    (2) Records pertaining to newly hired employees furnished by a 
federal department, agency, or instrumentality pursuant to 42 U.S.C. 
653a(b)(1)(C), including the name, address, SSN (or TIN), and date of 
hire of the employee; and the name, address, and employer 
identification number of the employer. A Department of Defense status 
code, if available, is also included in the records.
    (3) Records furnished by a State Directory of New Hires pertaining 
to wages and unemployment compensation paid to individuals pursuant to 
42 U.S.C. 653a(g)(2)(B). Such records may also pertain to independent 
contractors, in accordance with state law.
    (4) Records furnished by a federal department, agency, or 
instrumentality pertaining to wages paid to individuals pursuant to 42 
U.S.C. 653(n), and wage and unemployment compensation records obtained 
pursuant to an agreement with the Department of Labor pursuant to 42 
U.S.C. 653(e)(3).
    (5) Input records furnished by a state or federal agency or other 
entity for authorized matching with the NDNH.
    (6) Records collected from employers and other income sources 
pertaining to income withholding and medical support, including 
additional information, such as the following: termination date, final 
payment date and amount, contact information, children's names, health 
care coverage provider information (such as provider and contact name, 
federal employer identification number (FEIN), address, phone and fax 
numbers), third party provider information (such as payroll services 
providers), professional employer organization information (such as 
employer outsourced employee management), pension plan provider 
information, lump sum income information, order information, past due 
support information, amounts to withhold, and instructions for 
withholding.

RECORD SOURCE CATEGORIES:
    Information is obtained from departments, agencies, or 
instrumentalities of the United States or any state; from entities 
authorized to match to receive NDNH information; and from health plan 
administrators, employers, and other income sources.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    These routine uses specify circumstances under which ACF may 
disclose information from this system of records without the consent of 
the data subject. Each proposed disclosure of information under these 
routine uses will be evaluated to ensure that the disclosure is legally 
permissible. When ACF makes a disclosure under a routine use, ACF will 
prohibit redisclosures, or may permit only certain redisclosures, as 
required or authorized by law. Any information defined as ``return'' or 
``return information'' under 26 U.S.C. 6103 (Internal Revenue Code) 
will not be disclosed unless authorized by a statute, the Internal 
Revenue Service (IRS), or IRS regulations.
    (1) Disclosure for Child Support Purposes.
    Pursuant to 42 U.S.C. 653(a)(2), 653(b)(1)(A), and 653(c), 
information about the location of an individual or information that 
would facilitate the discovery of the location of an individual or 
identifying information about the individual may be disclosed, upon 
request filed in accordance with law, to an ``authorized person'' for 
the purpose of establishing parentage or establishing, setting the 
amount of, modifying, or enforcing child support obligations. Other 
information that may be disclosed is information about an individual's 
wages (or other income) from, and benefits of, employment or other 
income and benefit sources, and information on the type, status, 
location, and amount of any assets of, or debts owed by or to, the 
individual. An ``authorized person'' is defined under 42 U.S.C. 653(c) 
as follows: (1) Any agent or attorney of any state or Indian Tribe or 
Tribal organization (as defined in 25 U.S.C. 5304(e) and (l)), having 
in effect a plan approved under title IV-D of the Social Security Act 
who has the duty or authority under such plans to seek, or to recover 
any amounts owed as child and spousal support (including, when 
authorized under the state plan, any official of a political 
subdivision); (2) the court that has authority to issue an order, or to 
serve as the initiating court in an action to seek an order against a 
noncustodial parent for the support and maintenance of a child, or any 
agent of such court; (3) the resident parent, legal guardian, attorney, 
or agent of a child (other than a child receiving assistance under a 
state program funded under part A of title IV of the Social Security 
Act [42 U.S.C. 601 et seq.]) (as determined by regulations prescribed 
by the Secretary) without regard to the existence of a court order 
against a noncustodial parent who has a duty to support and maintain 
any such child; (4) a state agency that is administering a program 
operated under a state plan under subpart 1 of part B of title IV of 
the Social Security Act (42 U.S.C. 620 et seq.), or a state plan 
approved under subpart 2 of part B of title IV of the Social Security 
Act (42 U.S.C. 629 et seq.) or under part E of title IV of the Social 
Security Act (42 U.S.C. 670 et seq.); and (5) an entity designated as a 
Central Authority for child support enforcement in a foreign 
reciprocating country or a foreign treaty country for purposes 
specified in section 459A(c)(2) of the Social Security Act (42 U.S.C. 
659a(c)(2)).
    (2) Disclosure for Purposes Related to the Unlawful Taking or 
Restraint of a Child or Child Custody or Visitation.
    Pursuant to 42 U.S.C. 653(b)(1), upon request of an ``authorized 
person,'' as defined in 42 U.S.C. 663(d)(2), information as to the most 
recent address and place of employment of a parent or child may be 
disclosed for the purpose of enforcing any state or federal law with 
respect to the unlawful taking or restraint of a child, or making or 
enforcing a child custody or visitation determination.
    (3) Disclosure to Department of State under International Child 
Abduction Remedies Act.
    Pursuant to 42 U.S.C. 653(b)(1) and 663(e), the most recent address 
and place of employment of a parent or child may be disclosed upon 
request to the Department of State, in its capacity as the Central 
Authority designated in accordance with section 7 of the International 
Child Abduction Remedies Act, 42 U.S.C. 11601 et seq., for the purpose 
of locating the parent or child on behalf of an applicant.
    (4) Disclosure to a Foreign Reciprocating Country and Foreign 
Treaty Country for Child Support Purposes.
    Pursuant to 42 U.S.C. 652(n), 653(a)(2), 653(c)(5), and 659a(c)(2), 
information on the state of residence of

[[Page 3555]]

an individual sought for support enforcement purposes in cases 
involving residents of the United States and residents of foreign 
treaty countries or foreign countries that are the subject of a 
declaration under 52 U.S.C. 659a may be disclosed to the foreign 
country.
    (5) Disclosure to the Treasury for Tax Administration Purposes.
    Pursuant to 42 U.S.C. 653(i)(3), information may be disclosed to 
the Secretary of the Treasury for purposes of administering 26 U.S.C. 
32 (earned income tax credit), administering 26 U.S.C. 3507 (advance 
payment of earned income tax credit), and verifying a claim with 
respect to employment in a tax return.
    (6) Disclosure to the Social Security Administration for 
Verification.
    Pursuant to 42 U.S.C. 653(j)(1), the names, SSNs, and birth dates 
of individuals about whom information is maintained may be disclosed to 
the Social Security Administration to the extent necessary for 
verification of the information by the Social Security Administration.
    (7) Disclosure for Locating an Individual for Paternity 
Establishment or in Connection with a Support Order.
    Pursuant to 42 U.S.C. 653(j)(2), the results of a comparison 
between records in this system and the Federal Case Registry of Child 
Support Orders may be disclosed to the state or Tribal IV-D child 
support enforcement agency responsible for the case for the purpose of 
locating an individual in a paternity establishment case or a case 
involving the establishment, modification, or enforcement of a support 
order.
    (8) Disclosure to State Agencies Operating Specified Programs.
    Pursuant to 42 U.S.C. 653(j)(3), information may be disclosed to a 
state to the extent and with the frequency that the Secretary 
determines to be effective in assisting the state to carry out its 
responsibilities under child support programs operated under 42 U.S.C. 
651 through 669b (Title IV-D of the Social Security Act, Child Support 
and Establishment of Paternity), child and family services programs 
operated under 42 U.S.C. 621 through 629m (Title IV-B of the Social 
Security Act), Foster Care and Adoption Assistance programs operated 
under 42 U.S.C. 670 through 679c (Title IV-E of the Social Security 
Act), and assistance programs funded under 42 U.S.C. 601 through 619 
(Title IV-A of the Social Security Act, Temporary Assistance for Needy 
Families).
    (9) Disclosure to the Commissioner of Social Security.
    Pursuant to 42 U.S.C. 653(j)(4), information may be disclosed to 
the Commissioner of Social Security for the purpose of verifying 
eligibility for Social Security Administration programs and 
administering such programs. Additionally, information may be disclosed 
to the Commissioner for the purpose of administering the Ticket to Work 
program.
    (10) Disclosure for Authorized Research Purposes.
    Pursuant to 42 U.S.C. 653(j)(5), data in the NDNH, including 
information reported by employers pursuant to 42 U.S.C. 653a(b), may be 
disclosed, without personal identifiers, for research purposes found by 
the Secretary to be likely to contribute to achieving the purposes of 
42 U.S.C. 651 through 669b (Title IV-D of the Social Security Act, 
Child Support and Establishment of Paternity) and 42 U.S.C. 601 through 
619 (Title IV-A of the Social Security Act, Temporary Assistance for 
Needy Families).
    (11) Disclosure to Secretary of Education for Collection of 
Defaulted Student Loans.
    Pursuant to 42 U.S.C. 653(j)(6), the results of a comparison of 
information in this system with information in the custody of the 
Secretary of Education may be disclosed to the Secretary of Education 
for the purpose of collection of debts owed on defaulted student loans, 
or refunds on overpayments of grants, made under title IV of the Higher 
Education Act of 1965 (20 U.S.C. 1070 et seq. and 42 U.S.C. 2751 et 
seq.) and, after removal of personal identifiers, for the purpose of 
conducting analyses of student loan defaults.
    (12) Disclosure to Secretary of Housing and Urban Development for 
Verification Purposes.
    Pursuant to 42 U.S.C. 653(j)(7), information regarding an 
individual participating in a housing assistance program (United States 
Housing Act of 1937 (42 U.S.C. 1437 et seq.); 12 U.S.C. 1701s, 1701q, 
1715l(d)(3), 1715l(d)(5), 1715z-1; or 42 U.S.C. 8013) may be disclosed 
to the Secretary of Housing and Urban Development for the purpose of 
verifying the employment and income of the individual and, after 
removal of personal identifiers, for the purpose of conducting analyses 
of the employment and income reporting of such individuals.
    (13) Disclosure to State Unemployment Compensation Agency for 
Program Purposes.
    Pursuant to 42 U.S.C. 653(j)(8), information on an individual for 
whom a state agency administering an unemployment compensation program 
under federal or state law has furnished the name and Social Security 
number, and information on such individual's employer, may be disclosed 
to the state agency for the purposes of administering the unemployment 
compensation program.
    (14) Disclosure to Secretary of the Treasury for Debt Collection 
Purposes.
    Pursuant to 42 U.S.C. 653(j)(9), information pertaining to a person 
who owes the United States delinquent nontax debt and whose debt has 
been referred to the Secretary of the Treasury in accordance with 31 
U.S.C. 3711(g) may be disclosed to the Secretary of the Treasury for 
purposes of collecting the debt.
    (15) Disclosure to State Agency for Supplemental Nutrition 
Assistance Program Purposes.
    Pursuant to 42 U.S.C. 653(j)(10), information on an individual and 
the individual's employer may be disclosed to a state agency 
responsible for administering a supplemental nutrition assistance 
program under the Food and Nutrition Act of 2008 (7 U.S.C. 2011 et 
seq.) for the purposes of administering the program.
    (16) Disclosure to the Secretary of Veterans Affairs for 
Verification Purposes.
    Where authorized under 42 U.S.C. 653, information about an 
individual applying for or receiving certain benefits, compensation, or 
services may be disclosed to the Secretary of Veterans Affairs for the 
purpose of verifying the employment and income of the individual and, 
after removal of personal identifiers, to conduct analyses of the 
employment and income reporting of such individuals.
    (17) Disclosure for Law Enforcement Purpose.
    Information may be disclosed to the appropriate federal, state, 
local, tribal, or foreign agency responsible for identifying, 
investigating, and prosecuting noncustodial parents who knowingly fail 
to pay their support obligations and meet the criteria for federal 
prosecution under 18 U.S.C. 228. The information must be relevant to 
the violation of criminal nonsupport, as stated in the Deadbeat Parents 
Punishment Act, 18 U.S.C. 228.
    (18) Disclosure to Department of Justice or in Proceedings.
    Records may be disclosed to support the Department of Justice (DOJ) 
or a court or other adjudicative body in litigation or other 
proceedings when HHS or any of its components, or any employee of HHS 
in his or her official capacity, or any employee of HHS in his or her 
individual capacity where the DOJ or HHS has agreed to represent the 
employee, or the United States, is a party to the proceedings or has an 
interest in the proceedings and, by

[[Page 3556]]

careful review, HHS determines that the records are both relevant and 
necessary to the proceedings.
    (19) Disclosure to Congressional Office.
    Information may be disclosed to a congressional office from the 
record of an individual in response to a written inquiry from the 
congressional office made at the written request of the individual.
    (20) Disclosure to Contractor to Perform Duties.
    Records may be disclosed to a contractor performing or working on a 
contract for HHS who has a need to have access to the information in 
the performance of its duties or activities for HHS in accordance with 
law and with the contract.
    (21) Disclosure in the Event of a Security Breach.
    (a) Information may be disclosed to appropriate agencies, entities, 
and persons when (1) HHS suspects or has confirmed that there has been 
a breach of the system of records; (2) HHS has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, HHS (including its information systems, programs, and 
operations), the federal government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with HHS's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    (b) Information may be disclosed to another federal agency or 
federal entity when HHS determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the federal government, or national 
security, resulting from a suspected or confirmed breach.
    In addition to the above routine use disclosures published pursuant 
to the Privacy Act at 5 U.S.C. 552a(b)(3), the Privacy Act permits an 
agency to make other disclosures described at 5 U.S.C. 552a(b) without 
the data subject's consent and without publishing a routine use. Most 
of those other disclosures are not, in fact, permissible for NDNH data, 
due to access restrictions stated in the NDNH statute at 42 U.S.C. 
653(l). ACF may lawfully disclose NDNH data to the Comptroller General 
without the data subject's consent, as permitted by 5 U.S.C. 
552a(b)(10), and will do so upon request from the Comptroller General, 
because such disclosures are required by 31 U.S.C. 721 notwithstanding 
the access restrictions imposed by the NDNH statute.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in the NDNH are stored electronically at the Social 
Security Administration's National Support Center and the OCSE Data 
Center. Historical logs and system backups are stored off-site at an 
alternate location.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records maintained in the NDNH are retrieved by the SSN (or TIN) of 
the individual to whom the record pertains. Records collected and 
disseminated from employers and other income sources are retrieved by 
state Federal Information Processing Standard (FIPS) codes and employer 
identification numbers, and records collected and disseminated from 
state IV-D child support enforcement agencies are retrieved by state 
FIPS codes.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records maintained in the NDNH are retained for 24 months after the 
date of entry and are then deleted from the database pursuant to 42 
U.S.C. 653(i)(2)(A) and the NARA approved disposition schedule, N1-292-
10-2. In accordance with 42 U.S.C. 653(i)(2)(B), OCSE shall not have 
access, for child support enforcement purposes, to quarterly wage and 
unemployment insurance information in the NDNH if 12 months have 
elapsed since the information was provided by a State Directory of New 
Hires pursuant to 42 U.S.C. 653A(g)(2)(B) and there has not been a 
match resulting from the use of such information in any information 
comparison. Notwithstanding these retention and disposal requirements, 
OCSE may retain such samples of data entered into the NDNH as OCSE may 
find necessary to assist in carrying out its responsibility to provide 
access to data in the NDNH for research purposes found by OCSE to be 
likely to contribute to achieving the purposes of Part A or Part D of 
title IV of the Social Security Act, but without personal identifiers, 
pursuant to 42 U.S.C. 653(i)(2)(C), (j)(5). Samples are retained only 
so long as necessary to complete such research. Input records for 
authorized matching to obtain NDNH information and records pertaining 
to income withholding collected and disseminated by OCSE are retained 
for 60 days. Audit logs, including information such as employer 
identification numbers, FIPS code numbers, document tracking numbers, 
case identification numbers and order identifier, are retained up to 5 
years.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The system leverages cloud service providers that maintain an 
authority to operate in accordance with applicable laws, rules, and 
policies, including Federal Risk and Authorization Management Program 
(FedRAMP) requirements. Specific administrative, technical, and 
physical controls are in place to ensure that the records collected and 
maintained in the NDNH are secure from unauthorized access. Access to 
the records is restricted to authorized personnel who are advised of 
the confidentiality of the records and the civil and criminal penalties 
for misuse and who sign a nondisclosure oath to that effect. Personnel 
are provided privacy and security training before being granted access 
to the records and annually thereafter.
    Logical access controls are in place to limit access to the records 
to authorized personnel, to limit their access based on their roles, 
and to prevent browsing. The records are processed and stored in a 
secure environment. All records are stored in an area that is 
physically safe from access by unauthorized persons at all times.
    Safeguards conform to the HHS Information Security and Privacy 
Program, which may be found at https://www.hhs.gov/ocio/securityprivacy/.

RECORD ACCESS PROCEDURES:
    To request access to a record about you in this system of records, 
submit a written access request to the System Manager. The request 
should include your name, telephone number and/or email address, 
current address, and signature, and sufficient particulars (such as, 
date of birth or SSN) to enable the System Manager to distinguish 
between records on subject individuals with the same name. To verify 
your identity, your signature must be notarized or your request must 
include your written certification that you are the individual who you 
claim to be and that you understand that the knowing and willful 
request for or acquisition of a record pertaining to an individual 
under false pretenses is a criminal offense subject to a fine of up to 
$5,000.

CONTESTING RECORD PROCEDURES:
    To request correction of a record about you in this system of 
records, submit a written amendment request to

[[Page 3557]]

the System Manager. The request must contain the same information 
required for an access request and include verification of your 
identity in the same manner required for an access request. In 
addition, the request must reasonably identify the record and specify 
the information contested, the corrective action sought, and the 
reasons for requesting the correction; it should include supporting 
information to show how the record is inaccurate, incomplete, untimely, 
or irrelevant.

NOTIFICATION PROCEDURES:
    To find out if this system of records contains a record about you, 
submit a written notification request to the System Manager. The 
request must identify this system of records, contain the same 
information required for an access request, and include verification of 
your identity in the same manner required for an access request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    80 FR 17906 (Apr. 2, 2015), updated 83 FR 6591 (Feb. 14, 2018).

SYSTEM NAME AND NUMBER:
    OCSE Debtor File, HHS/ACF/OCSE, 09-80-0383.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Office of Child Support Enforcement, Administration for Children 
and Families, 330 C St. SW, 5th Floor, Washington, DC 20201.

SYSTEM MANAGER(S):
    Acting Director, Division of Federal Systems, Office of Child 
Support Enforcement, Administration for Children and Families, 
Department of Health and Human Services, 330 C St. SW, 5th Floor, 
Washington, DC 20201, or [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 652, 653, 664, and 666.

PURPOSE(S) OF THE SYSTEM:
    The primary purpose of the OCSE Debtor File is to improve states' 
abilities to collect past due child support. The OCSE Debtor File 
facilitates OCSE's execution of its responsibility to perform the 
following duties: Transmit to the Secretary of State a certification by 
a state IV-D child support agency that an individual owes arrearages of 
child support in an amount exceeding $2,500 for action (with respect to 
denial, revocation, or limitation of passports) pursuant to 42 U.S.C. 
652(k)(1); through the Federal Parent Locator Service (FPLS), to aid 
state IV-D agencies and financial institutions doing business in two or 
more states in operating a data match system pursuant to 42 U.S.C. 
652(l) (see also 42 U.S.C. 666(a)(17)(A)(i)) and to aid in the 
transmission of information pertaining to a lien or levy of financial 
institution accounts located as a result of that data match system 
authorized under 42 U.S.C. 652(a)(7), 666(c)(1)(G), and 
666(c)(1)(G)(ii); through the FPLS, to compare information regarding 
individuals owing past due support with income and benefits information 
of such individuals, including lump sum payment information, and 
furnish information resulting from the data matches to the state 
agencies responsible for collecting child support from the individuals 
pursuant to 42 U.S.C. 652(a)(7), 653(a)(2), 666(a)(4) and 666(c)(1)(G); 
through the FPLS, to compare information regarding individuals owing 
past due support with specified information maintained by insurers (or 
their agents) and furnish information resulting from the data matches 
to the state agencies responsible for collecting child support from the 
individuals pursuant to 42 U.S.C. 652(m); to assist the Secretary of 
the Treasury in withholding from refunds of federal taxes paid an 
amount owed by an individual owing past due child support pursuant to 
42 U.S.C. 664; and to assist state IV-D child support enforcement 
agencies in the collection of past due child support through the 
administrative offset of certain federal payments pursuant to the Debt 
Collection Improvement Act of 1996 (Pub. L. 104-134), Executive Order 
13019, and 31 CFR part 285; and to improve states' abilities to collect 
past due and current support from individuals who are owed workers' 
compensation benefits pursuant to 42 U.S.C. 653(e)(1); 666(a)(1)(A), 
(b)(1) and (8), and (c)(1)(F) and (G); and 653(b)(1)(B). OCSE operates 
the FPLS pursuant to 42 U.S.C. 652(a)(9) and 42 U.S.C. 653(a)(1).

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals owing past due child support, as indicated by a state 
agency administering a child support enforcement program pursuant to 42 
U.S.C. 651 through 669b (Title IV, Part D, of the Social Security Act) 
are covered by this system.
    Additional individuals whose records are contained in input files 
for authorized matching with records in this system are also covered by 
this system. These additional individuals include those claiming or 
receiving income or benefits, such as federal tax refunds, federal 
administrative payments, workers' compensation or insurance claims, 
settlements, awards, and payments.

CATEGORIES OF RECORDS IN THE SYSTEM:
    (1) Records pertaining to individuals owing past due child support, 
as indicated by a state agency administering a child support 
enforcement program, including the name, SSN or TIN of such individual, 
date of birth, place of birth, mailing address, the amount of past due 
child support owed by the individual, adjustments to such amount, 
information on each enforcement remedy applicable to the individual to 
whom the record pertains, as indicated by a state IV-D child support 
enforcement agency; the amount of past due support collected as a 
result of each such remedy; and a history of updates by the state 
agency to the records.
    (2) Records of the results of a comparison between records in the 
OCSE Debtor File pertaining to individuals owing past due child support 
and information maintained by the Secretary of the Treasury concerning 
the following amounts payable to such individuals: Refunds of federal 
taxes; salary, wage, and retirement benefits; income and benefits 
information; vendor payments and expense reimbursement payments and 
travel payments; and information pertaining to the collection of those 
amounts by state child support enforcement agencies.
    (3) Records of the results of a comparison between records in the 
OCSE Debtor File pertaining to individuals owing past due child support 
and information provided by a financial institution doing business in 
two or more states, including the name, record address, SSN (or TIN) or 
other identifying number of each such individual, and information about 
any account held by the individual and maintained at such institution, 
including the amounts to withhold from the account, date of withholding 
of the amounts, and other information pertaining to the placement of a 
lien or levy by a state child support enforcement agency on the 
account.
    (4) Records pertaining to individuals claiming or receiving 
periodic or lump sum workers' compensation payments (including name, 
record address, SSN (or TIN), claim numbers, and workers' compensation 
insurers) that are furnished by a workers' compensation agency and 
records of the results of a comparison between those records and

[[Page 3558]]

records in the OCSE Debtor File pertaining to individuals owing past 
due child support.
    (5) Records pertaining to individuals whose information is 
maintained by an insurer (or its agent) concerning insurance claims, 
settlements, awards, and payments, and the results of a comparison 
between records in the OCSE Debtor File pertaining to individuals owing 
past due child support, and income and benefits information, including 
lump sum payment information and information maintained by insurers (or 
their agents) concerning insurance claims, settlements, awards, and 
payments and information pertaining to state child support enforcement 
agency withholding of these amounts.
    (6) Records pertaining to individuals claiming or receiving other 
periodic or lump sum state or federal benefits, or other income, and 
the results of a comparison between those individuals and individuals 
owing past due support.

RECORD SOURCE CATEGORIES:
    Information is obtained from departments, agencies, or 
instrumentalities of the United States, or any state, and from 
multistate financial institutions and insurers (or their agents), and 
other income sources.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    These routine uses specify circumstances under which ACF may 
disclose information from this system of records without the consent of 
the data subject. Each proposed disclosure of information under these 
routine uses will be evaluated to ensure that the disclosure is legally 
permissible. Any information defined as ``return'' or ``return 
information'' under 26 U.S.C. 6103 (Internal Revenue Code) is not 
disclosed unless authorized by a statute, the IRS, or IRS regulations.
    (1) Disclosure to the Treasury to Withhold Past Due Support.
    Pursuant to 42 U.S.C. 664 and the Debt Collection Improvement Act 
of 1996 (Pub. L. 104-134), information pertaining to an individual 
owing past-due child support may be disclosed to the Secretary of the 
Treasury for the purpose of withholding the past due support from 
amounts payable as refunds of federal taxes; salary, wage, and 
retirement payments; vendor payments; and expense reimbursement 
payments and travel payments.
    (2) Disclosure to State Department for Passport Purposes.
    Pursuant to 42 U.S.C. 652(k), information pertaining to an 
individual owing past due child support in a specified amount, as 
certified by a state child support enforcement agency, may be disclosed 
to the Secretary of State for the purpose of revoking, restricting, 
limiting, or denying a passport to the individual.
    (3) Disclosure to Financial Institution to Collect Past Due 
Support.
    Pursuant to 42 U.S.C. 652(l), information pertaining to an 
individual owing past due child support may be disclosed to a financial 
institution doing business in two or more states to identify an 
individual who maintains an account at the institution for the purpose 
of collecting past due support. Information pertaining to requests by 
the state child support enforcement agencies for the placement of a 
lien or levy of such accounts may also be disclosed.
    (4) Disclosure to Insurer to Collect Past Due Support.
    Pursuant to 42 U.S.C. 652(m), information pertaining to an 
individual owing past due child support may be disclosed to an insurer 
(or its agent) to identify an individual with an insurance claim, 
settlement, award, or payment for the purpose of collecting past due 
support.
    (5) Disclosure to Workers' Compensation Agencies to Collect Current 
and Past Due Support.
    Pursuant to 42 U.S.C. 653(e)(1); 666(a)(1)(A), (b)(1) and (8), and 
(c)(1)(F) and (G), information pertaining to an individual owing past 
due child support may be disclosed to a workers' compensation agency to 
identify an individual who is applying for or receiving periodic or 
lump sum workers' compensation for the purpose of collecting current 
and past due support.
    (6) Disclosure of Treasury Information to State Child Support 
Enforcement Agency of Comparison Information for Assistance in 
Collecting Past Due Support.
    Pursuant to 42 U.S.C. 664 and the Debt Collection Improvement Act 
1996 (Pub. L. 104-134), the results of a comparison of information 
pertaining to an individual owing past due child support and 
information maintained by the Secretary of Treasury pertaining to 
amounts payable to the individual for refunds of federal taxes; salary, 
wage, and retirement benefits; vendor payments; expense reimbursement 
payments; or travel payments may be disclosed to a state IV-D child 
support agency for the purpose of assisting state agencies in 
collecting past due support.
    (7) Disclosure of Financial Institution Information to State Child 
Support Enforcement Agency of Comparison Information for Assistance in 
Collecting Past Due Support.
    Pursuant to 42 U.S.C. 652(l), the results of a comparison between 
information pertaining to an individual owing past due child support 
and information provided by multistate financial institutions may be 
disclosed to a state child support enforcement agency for the purpose 
of assisting state agencies in collecting past due support. Information 
pertaining to responses to requests by the state child support 
enforcement agencies for the placement of a lien or levy of such 
accounts may also be disclosed.
    (8) Disclosure of Insurance Information to State Child Support 
Enforcement Agency for Assistance in Collecting Past Due Support.
    Pursuant to 42 U.S.C. 652(m), the results of a comparison between 
information pertaining to an individual owing past due child support 
and information maintained by an insurer (or its agent) concerning 
insurance claims, settlements, awards, and payments may be disclosed to 
a state IV-D child support enforcement agency for the purpose of 
assisting state agencies in collecting past due support.
    (9) Disclosure of Workers' Compensation Information to State Child 
Support Enforcement Agency for Assistance in Collecting Past Due and 
Current Support.
    Pursuant to 42 U.S.C. 653(b)(1)(B), the results of a comparison 
between the information pertaining to an individual owing past due 
child support and information maintained by a workers' compensation 
agency concerning workers' compensation payments may be disclosed to a 
state IV-D child support enforcement agency for the purpose of 
assisting states in collecting past due support and any current support 
owed by the individual.
    (10) Disclosure of Income and Benefits Information to State Child 
Support Enforcement Agency for Assistance in Collecting Past Due and 
Current Support.
    Pursuant to 42 U.S.C. 652(a)(7), 653(a)(2), 666(a)(4), and 
666(c)(1)(G), the results of a comparison between the information 
pertaining to an individual owing past due child support and income and 
benefits information of such individuals, including lump sum payment 
information, may be disclosed for the purpose of assisting states in 
collecting past due support and any current support owed by the 
individual.
    (11) Disclosure for Law Enforcement Purpose.
    Information may be disclosed to the appropriate federal, state, 
local, tribal, or foreign agency responsible for

[[Page 3559]]

identifying, investigating, and prosecuting noncustodial parents who 
knowingly fail to pay their support obligations and meet the criteria 
for federal prosecution under 18 U.S.C. 228. The information must be 
relevant to the violation of criminal nonsupport, as stated in the 
Deadbeat Parents Punishment Act, 18 U.S.C. 228.
    (12) Disclosure to Department of Justice or in Proceedings.
    Records may be disclosed to support DOJ or a court or other 
adjudicative body in litigation or other proceedings when HHS or any of 
its components, or any employee of HHS in his or her official capacity, 
or any employee of HHS in his or her individual capacity where the DOJ 
or HHS has agreed to represent the employee, or the United States, is a 
party to the proceedings or has an interest in the proceedings and, by 
careful review, HHS determines that the records are both relevant and 
necessary to the proceedings.
    (13) Disclosure to Contractor to Perform Duties.
    Information may be disclosed to a contractor performing or working 
on a contract for HHS, who has a need to have access to the information 
in the performance of its duties or activities for HHS in accordance 
with law and with the contract.
    (14) Disclosure to Congressional Office.
    Information may be disclosed to a congressional office from the 
record of an individual in response to a written inquiry from the 
congressional office made at the written request of the individual.
    (15) Disclosure in the Event of a Security Breach.
    (a) Information may be disclosed to appropriate agencies, entities, 
and persons when (1) HHS suspects or has confirmed that there has been 
a breach of the system of records; (2) HHS has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, HHS (including its information systems, programs, and 
operations), the federal government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with HHS's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    (b) Information may be disclosed to another federal agency or 
federal entity when HHS determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach, or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the federal government, or national 
security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in the OCSE Debtor File are stored electronically at the 
Social Security Administration's National Support Center. Historical 
logs and system backups are stored offsite at an alternate location.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records maintained in the OCSE Debtor File are retrieved by the SSN 
or TIN of the individual to whom the record pertains provided, however, 
that for the purpose of comparing information in the OCSE Debtor File 
with information provided by workers' compensation agencies or insurers 
(or their agents), records in the OCSE Debtor File may be retrieved by 
the name of the individual and either the date of birth or the address 
of the individual. For the purpose of collecting and disseminating 
information provided by state child support agencies and financial 
institutions, information is retrieved by the FEIN of the financial 
institution and the state FIPS code of the state child support agency 
and, where requested, by the state child support case identification 
number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Upon approval of a disposition schedule by NARA, the records will 
be deleted when OCSE determines that the records are no longer needed 
for administrative, audit, legal, or operational purposes, and in 
accordance with the NARA-approved schedule. Approved disposal methods 
for electronic records and media include overwriting, degaussing, 
erasing, disintegration, pulverization, burning, melting, incineration, 
shredding, or sanding.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The system leverages cloud service providers that maintain an 
authority to operate in accordance with applicable laws, rules, and 
policies, including FedRAMP requirements. Specific administrative, 
technical, and physical controls are in place to ensure that the 
records collected and maintained in the OCSE Debtor File are secure 
from unauthorized access. Access to the records is restricted to 
authorized personnel, based on their roles, who are advised of the 
confidentiality of the records and the civil and criminal penalties for 
misuse and who sign a nondisclosure oath to that effect. Personnel are 
provided privacy and security training before being granted access to 
the records and annually thereafter.
    Logical access controls are in place to limit access to the records 
to authorized personnel and to prevent browsing. The records are 
processed and stored in a secure environment. All records are stored in 
an area that is physically safe from access by unauthorized persons at 
all times.
    Safeguards conform to the HHS Information Security and Privacy 
Program, which can be found at https://www.hhs.gov/ocio/securityprivacy/.

RECORD ACCESS PROCEDURES:
    To request access to a record about you in this system of records, 
submit a written access request to the System Manager. The request 
should include your name, telephone number and/or email address, 
current address, signature, and sufficient particulars (such as date of 
birth or SSN) to enable the System Manager to distinguish between 
records on subject individuals with the same name. To verify your 
identity, your signature must be notarized or your request must include 
your written certification that you are the individual you claim to be 
and that you understand that the knowing and willful request for or 
acquisition of a record pertaining to an individual under false 
pretenses is a criminal offense subject to a fine of up to $5,000.

CONTESTING RECORD PROCEDURES:
    To request correction of a record about you in this system of 
records, submit a written amendment request to the System Manager. The 
request must contain the same information required for an access 
request and include verification of your identity in the same manner 
required for an access request. In addition, the request must 
reasonably identify the record and specify the information contested, 
the corrective action sought, and the reasons for requesting the 
correction; it should include supporting information to show how the 
record is inaccurate, incomplete, untimely, or irrelevant.

NOTIFICATION PROCEDURES:
    To find out if this system of records contains a record about you, 
submit a written notification request to the System Manager. The 
request must

[[Page 3560]]

identify this system of records, contain the same information required 
for an access request, and include verification of your identity in the 
same manner required for an access request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    80 FR 17909 (Apr. 2, 2015), updated 83 FR 6591 (Feb. 14, 2018).

SYSTEM NAME AND NUMBER:
    Child Support Portal Registration Records, HHS/ACF/OCSE, 09-80-
0387.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Office of Child Support Enforcement, Administration for Children 
and Families, 330 C St. SW, 5th Floor, Washington, DC 20201.

SYSTEM MANAGER(S):
    Acting Director, Division of Federal Systems, Office of Child 
Support Enforcement, Administration for Children and Families, 
Department of Health and Human Services, 330 C St. SW, 5th Floor, 
Washington, DC 20201, or [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 652(a)(7) and (9) and 653(a)(1).

PURPOSE(S) OF THE SYSTEM:
    The Child Support Portal system of records covers information 
provided by individuals who register to use the Child Support Portal's 
services to access information maintained in other OCSE systems of 
records. The Child Support Portal is a conduit (pass-through system) 
that provides authorized users with access to select, highly 
confidential child support enforcement case information maintained in 
the following systems of records:
     The OCSE National Directory of New Hires, HHS/ACF/OCSE, 
09-80-0381;
     the OCSE Debtor File, HHS/ACF/OCSE, 09-80-0383; and
     the OCSE Federal Case Registry of Child Support Orders 
(FCR), HHS/ACF/OCSE, 09-80-0385.
    The individuals who register for access to use the Child Support 
Portal's services are designated representatives of the following types 
of agencies and organizations: Employers, financial institutions and 
insurers, state and tribal child support enforcement agencies, and 
OCSE. OCSE uses the registrant information provided by the individuals 
and their affiliated entities to validate the individuals' and 
organizations' eligibility for access and authenticate their identity.
    Purposes for which individuals register to access the Child Support 
Portal's services include, primarily, providing information to be 
included in the other systems of records identified above, and, in 
limited cases, receiving information from one of those systems of 
records. For example:
     OCSE personnel use the Child Support Portal to submit, 
request, and receive child support program reporting information that 
does not include personally identifiable information (PII), such as 
state plan and program self-assessment reports.
     OCSE contractors access the Child Support Portal to 
perform system administrative functions.
     Representatives of employers use the Child Support 
Portal's web-based functions to provide OCSE with the employer's 
identifying and contact information, and employee status changes. 
Employers also use the Child Support Portal to provide lump sum payment 
information, and to provide a list of the states in which they operate 
and to designate a single reporting state to submit new hire 
information to the National Directory of New Hires.
     Representatives of financial institutions and insurers use 
the Child Support Portal's web-based functions as a secure means to 
provide information on financial assets and potential insurance payouts 
for delinquent obligors.
     Representatives of a state child support agency directly 
use, and representatives of tribes under contract with the state child 
support agency indirectly use (i.e., through the state agency), the 
Child Support Portal's web-based functions to submit and access child 
support case information regarding obligor location, income and assets, 
and other inter-jurisdictional case information in the NDNH and Federal 
Case Registry systems of records, as authorized by routine uses 
published for those systems of records. (Location information in those 
systems of records includes mailing addresses obtained from the 
Department of the Treasury's Internal Revenue Service based on written 
requests under a Taxpayer Address Request Agreement pursuant to 26 
U.S.C. 6103(l)(6) that limits disclosure of the addresses to federal, 
state, and local child support agencies and their agents only for 
purposes of, and to the extent necessary in, establishing and 
collecting child support obligations from, and locating, individuals 
owing such obligations.) State and tribal child support agencies also 
use the Child Support Portal to submit federally required reports, such 
as state plans and program self-assessment reports, including child 
support agency performance, agency contact information, and child 
support program information that does not include personal identifiers.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The registration records are about OCSE personnel and contractors; 
federal, state, and tribal agency employees; and individual 
representatives and contractors of employers, insurance companies, and 
financial institutions, who register to use the Child Support Portal's 
services for the purpose(s) of submitting or accessing information to 
process child support cases.
    (For information on the categories of individuals whose information 
is accessed or transmitted via the Child Support Portal, which is 
maintained in other OCSE systems of records, please see the system of 
records notices covering those other systems, identified in the 
Purpose(s) section.)

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records consist of personal information furnished by 
individuals seeking access to the Child Support Portal's services, 
including the following: The individual's name, user name or ID number, 
business function (e.g., enforcement), workload identifier (e.g., alpha 
work caseload), employer, county of employment, telephone number, 
telephone service provider, tribal affiliation, SSN, date of birth, 
email address, name, address, and FEIN of the individual's employer; 
selected security questions and responses; and individual passwords for 
access.
    (For information on the categories of records transmitted through 
the Child Support Portal, which is maintained in other OCSE systems of 
records, please see the system of records notices covering those other 
systems, identified in the Purpose(s) section.)

RECORD SOURCE CATEGORIES:
    Information in the user registration records is obtained from the 
subject individual who registers for access privileges to use the Child 
Support Portal, and from the individual's affiliated business or 
organization and third parties conducting business on behalf of the 
business or organization.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    These routine uses specify circumstances under which ACF may

[[Page 3561]]

disclose Portal registration information from this system of records 
without the consent of the subject individual. Each proposed disclosure 
of information under these routine uses will be evaluated to ensure 
that the disclosure is legally permissible.
    (For information on routine uses of the records transmitted through 
the Child Support Portal, which is maintained in other OCSE systems of 
records, please see the System of Records Notices covering those other 
systems, identified in the Purpose(s) section.)
    (1) Disclosure to Department of Justice or in Proceedings.
    Records may be disclosed to support DOJ or a court or other 
adjudicative body in litigation or other proceedings when HHS or any of 
its components, or any employee of HHS in his or her official capacity, 
or any employee of HHS in his or her individual capacity where the DOJ 
or HHS has agreed to represent the employee, or the United States, is a 
party to the proceedings or has an interest in the proceedings and, by 
careful review, HHS determines that the records are both relevant and 
necessary to the proceedings.
    (2) Disclosure to Congressional Office.
    Information may be disclosed to a congressional office from the 
record of an individual in response to a written inquiry from the 
congressional office made at the written request of the individual.
    (3) Disclosure to Contractor to Perform Duties.
    Records may be disclosed to a contractor performing or working on a 
contract for HHS, who is authorized to access the information in the 
performance of its duties or activities for HHS in accordance with law 
and with the contract.
    (4) Disclosure in the Event of a Security Breach.
    (a) Information may be disclosed to appropriate agencies, entities, 
and persons when (1) HHS suspects or has confirmed that there has been 
a breach of the system of records; (2) HHS has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, HHS (including its information systems, programs, and 
operations), the federal government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with HHS's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    (b) Information may be disclosed to another federal agency or 
federal entity when HHS determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach, or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the federal government, or national 
security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The user registration records are stored electronically at the OCSE 
Data Center.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by the SSN of the individual to whom the 
record pertains.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Upon approval of a disposition schedule by NARA, the user 
registration records will be deleted when OCSE determines that the 
records are no longer needed for administrative, audit, legal, or 
operational purposes, and in accordance with the NARA-approved 
schedule. Approved disposal methods for electronic records and media 
include overwriting, degaussing, erasing, disintegration, 
pulverization, burning, melting, incineration, shredding, or sanding.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The system leverages cloud service providers that maintain an 
authority to operate in accordance with applicable laws, rules, and 
policies, including FedRAMP requirements. Specific administrative, 
technical, and physical controls are in place to ensure that the user 
registration records are secure from unauthorized access. Access to the 
registration records is restricted to authorized personnel (including 
system support contractors) who manage Child Support Portal 
registration tasks, and whose access is limited based on role. They are 
provided privacy and security training before being granted access to 
the records and annually thereafter.
    Logical access controls are in place to limit access to the 
registration records to authorized personnel. The records are processed 
and stored in a secure environment. The individual's SSN is encrypted; 
access to, and viewing of, the individual's SSN is restricted to 
designated employees and contractors of OCSE solely for the purpose of 
verifying the identity of a registrant or a user of the Child Support 
Portal. All records are stored in an area that is physically safe from 
access by unauthorized persons at all times. The facility where records 
are stored are protected by security guards and cameras.
    Safeguards conform to the HHS Information Security and Privacy 
Program, which can be found at https://www.hhs.gov/ocio/securityprivacy/.

RECORD ACCESS PROCEDURES:
    To request access to a record about you in this system of records, 
submit a written request to the System Manager. The request should 
include your name, telephone number and/or email address, current 
address, signature, and sufficient particulars (such as date of birth 
or SSN) to enable the System Manager to distinguish between records on 
subject individuals with the same name. To verify your identity, your 
signature must be notarized or your request must include your written 
certification that you are the individual who you claim to be and that 
you understand that the knowing and willful request for or acquisition 
of a record pertaining to an individual under false pretenses is a 
criminal offense subject to a fine of up to $5,000.

CONTESTING RECORD PROCEDURES:
    To request correction of a record about you in this system of 
records, submit a written amendment request to the System Manager. The 
request must contain the same information required for an access 
request and include verification of your identity in the same manner 
required for an access request. In addition, the request must 
reasonably identify the record and specify the information contested, 
the corrective action sought, and the reasons for requesting the 
correction; it should include supporting information to show how the 
record is inaccurate, incomplete, untimely, or irrelevant.

NOTIFICATION PROCEDURES:
    To find out if this system of records contains a record about you, 
submit a written notification request to the System Manager. The 
request must identify this system of records, contain the same 
information required for an access request, and include verification of 
your identity in the same manner required for an access request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

[[Page 3562]]

HISTORY:
    80 FR 17915 (Apr. 2, 2015), updated 83 FR 6591 (Feb. 14, 2018).

[FR Doc. 2022-01066 Filed 1-21-22; 8:45 am]
BILLING CODE 4184-42-P