Privacy Act of 1974; System of Records, 4604-4607 [2022-01771]
Download as PDF
<![CDATA[
4604
Federal Register / Vol. 87, No. 19 / Friday, January 28, 2022 / Notices
The Administration for
Children and Families (ACF) plans to
submit a request to the Office of
Management and Budget (OMB) to
extend approval of the existing
overarching generic clearance for
Formative Data Collections for ACF
Program Support (OMB #0970–0531;
expiration date 7/31/2022). ACF
proposes minor updates to the
description of potential generic
information collections under the
overarching generic and to the estimated
number of respondents.
DATES: Comments due within 60 days of
publication. In compliance with the
requirements of the Paperwork
Reduction Act of 1995, ACF is soliciting
public comment on the specific aspects
of the information collection described
above.
ADDRESSES: You can obtain copies of the
proposed collection of information and
submit comments by emailing
OPREinfocollection@acf.hhs.gov.
Identify all requests by the title of the
information collection.
SUPPLEMENTARY INFORMATION:
Description: The goals of the generic
information collections under this
approval are to obtain information about
program and grantee processes or needs
and to inform the following types of
activities, among others:
• Delivery of targeted assistance and/
or workflows related to program and
grantee processes. This could include
the development and refinement of
SUMMARY:
recordkeeping and communication
systems.
• Planning for provision of
programmatic or evaluation-related
training or technical assistance (T/TA).
• Obtaining input on the
development of program performance
measures from grantees or others with
experience or vested interest.
• Obtaining feedback about processes
and/or practices to inform ACF program
development or support, or ACF
research.
• Use of rapid-cycle testing activities
to strengthen programs in preparation
for summative evaluations.
ACF uses a variety of techniques such
as semi-structured discussions, focus
groups, surveys, templates, open-ended
requests, and telephone or in-person
interviews in order to reach these goals.
Information collected under this
overarching generic is meant to inform
ACF activities and may be incorporated
into documents or presentations that are
made public such as through conference
presentations, websites, or social media.
The following are some examples of
ways in which we may share
information resulting from these data
collections: Technical assistance plans,
presentations, infographics, project
specific reports, or other documents
relevant to those involved with or
interested in ACF programs such as
federal leadership and staff, grantees,
local implementing agencies, and/or T/
TA providers.
Following standard OMB
requirements, the Office of Planning,
Research, and Evaluation will submit a
change request for each individual data
collection activity under this generic
clearance. Each request will include the
individual instrument(s), a justification
specific to the individual information
collection, and any supplementary
documents. OMB should review
requests within 10 days of submission.
The proposed types and the purpose
of generic information collections
submitted under this umbrella generic
remain the same. Minor revisions are
based on experiences over the past 3
years. These include:
• Updated burden estimates
• Broadened the description to make
clearer the intention to broadly
include respondents with knowledge,
experience, or interest in ACF
programs to allow ACF to learn about
needs and processes related to ACF
programs from those not necessarily
funded by ACF
Respondents: Example respondents
include current or prospective service
providers, training or T/TA providers,
grantees, contractors, current and
potential participants in ACF programs
or similar comparison groups, experts in
fields pertaining to ACF programs, key
groups involved in ACF projects and
programs, individuals engaged in
program re-design or demonstration
development for evaluation, state or
local government officials, or others
involved in or prospectively involved in
ACF programs.
BURDEN ESTIMATES
Number of
respondents
(total over
request period)
Instrument
jspears on DSK121TN23PROD with NOTICES1
Semi-Structured Discussions and Focus Groups ...............................
Interviews .............................................................................................
Questionnaires/Surveys .......................................................................
Templates and Open-ended Requests ...............................................
Estimated Total Annual Burden
Hours: 40,500.
Comments: The Department
specifically requests comments on (a)
whether the proposed collection of
information is necessary for the proper
performance of the functions of the
agency, including whether the
information shall have practical utility;
(b) the accuracy of the agency’s estimate
of the burden of the proposed collection
of information; (c) the quality, utility,
and clarity of the information to be
collected; and (d) ways to minimize the
burden of the collection of information
VerDate Sep<11>2014
18:03 Jan 27, 2022
Jkt 256001
Number of
responses per
respondent
(total over
request period)
10,000
4,500
8,000
1,000
1
1
1.5
1
Average
burden per
response
(in hours)
Total burden
(in hours)
2
1
.5
10
on respondents, including through the
use of automated collection techniques
or other forms of information
technology. Consideration will be given
to comments and suggestions submitted
within 60 days of this publication.
Authority: Social Security Act, Sec
1110 [42 U.S.C. 1310].
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Mary B. Jones,
ACF/OPRE Certifying Officer.
AGENCY:
[FR Doc. 2022–01777 Filed 1–27–22; 8:45 am]
PO 00000
Administration for Children and
Families
Privacy Act of 1974; System of
Records
Administration for Children
and Families (ACF), Department of
Health and Human Services (HHS).
ACTION:
BILLING CODE 4184–79–P
Notice of a modified system of
records.
Frm 00053
Fmt 4703
Sfmt 4703
20,000
4,500
6,000
10,000
E:\FR\FM\28JAN1.SGM
28JAN1
Federal Register / Vol. 87, No. 19 / Friday, January 28, 2022 / Notices
In accordance with the
requirements of the Privacy Act of 1974,
as amended, the Department of Health
and Human Services (HHS) is modifying
an existing system of records
maintained by the Administration for
Children and Families (ACF), Office of
Child Care (OCC): System Number 09–
80–0371, OCC Federal Child Care
Monthly Case Records. The system of
records covers case-level information on
low-income working families receiving
child care financial assistance through
the Child Care and Development Fund
(CCDF), which is provided in aggregate,
non-identifiable format to Congress for
empirical assessment, and to researchers
and the public. Only certain pre-October
2015, case records (i.e., those that
include Social Security Number (SSN)
as a case identifier) are included in this
system of records, because only those
are retrieved by a personal identifier.
DATES: In accordance with 5 U.S.C.
552a(e)(4) and (11), this Notice is
applicable January 28, 2022, subject to
a 30-day period in which to comment
on the new routine use, described
below. Please submit any comments by
February 28, 2022.
ADDRESSES: The public should address
written comments by mail or email to:
Anita Alford, Senior Official for Privacy,
Administration for Children and
Families, 330 C St. SW, Washington, DC
20201, or anita.alford@acf.hhs.gov.
FOR FURTHER INFORMATION CONTACT:
General questions about this system of
records should be submitted by mail or
email to Helen Papadopoulos,
Information Technology Specialist, at
330 C St. SW, Washington, DC 20201,
202–205–8455 or helen.papadopoulos@
acf.hhs.gov.
SUPPLEMENTARY INFORMATION: The
following modifications have been made
to System of Records Notice (SORN) 09–
80–0371 to update and improve it:
• The Categories of Records section
has been revised to limit the system of
records to pre-October 2015, records
that include SSN as a case identifier and
to list more examples of data elements
contained in the records.
• The Routine Uses section has been
updated to remove the statement
‘‘Disclosure to Consumer Reporting
Agencies: None’’ that was formerly
included in the Routine Uses section
and numbered as routine use 11 (but
isn’t a routine use). Routine use 3, that
authorizes disclosures to members of
Congress and their office staff for
purposes of responding to constituent
inquiries, has been revised to require
that the constituent requests be
‘‘written.’’ The two-breach responserelated routine uses that were revised
jspears on DSK121TN23PROD with NOTICES1
SUMMARY:
VerDate Sep<11>2014
18:03 Jan 27, 2022
Jkt 256001
and added February 14, 2018, (see 83 FR
6591) are now numbered as 10a.and
10b.
• The Retrieval section has been
revised to clarify that SSN is the only
personal identifier used for retrieval,
because other unique case identifiers
assigned by states and territories are not
personal identifiers (other case
identifiers identify a family without also
identifying a particular individual).
• The Retention and Disposal section
has been updated to identify the
applicable records disposition authority,
DAA–0292–2018–0004, item 1.
Ruth Friedman,
Director, Office of Child Care, Administration
for Children and Families.
OCC Federal Child Care Monthly Case
Records, 09–80–0371.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The component responsible for this
system of records is the Office of Child
Care, Administration for Children and
Families, 330 C St. SW, Washington, DC
20201.
SYSTEM MANAGERS:
Information Technology Specialist,
Office of Child Care, Administration for
Children and Families, 330 C St. SW,
Washington, DC 20201, (202) 690–6782,
occ@acf.hhs.gov.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 9858i, 9858j.
PURPOSE(S) OF THE SYSTEM:
The system of records contains OCC
federal child care monthly case-level
data which states and territories
regularly collect and are required to
provide to OCC about families receiving
CCDF services and the environments
where those services are provided. The
Child Care and Development Block
Grant (CCDBG) Act of 1990 requires
states and territories to submit specific
information to OCC, so that OCC can in
turn report it (in aggregate form) to
Congress, to give Congress an empirical
basis for assessing the program (see 42
U.S.C. 9858i, 9858j). OCC also makes
non-identifiable records available to
researchers and the public.
The records in this system of records
are pre-October 2015, records that are
not intended to be personallyidentifying and are not used for any
purpose that involves identifying
particular individuals; however, they
contain, and are retrieved by, SSN, that
states and territories used as a case
Frm 00054
Fmt 4703
Sfmt 4703
identifier prior to October 2015. The
purpose of the case identifier is to
accurately count the number of families
served over time and ensure that data
reported at different times about the
same case (i.e., the same family) is
associated with the correct case for
research purposes.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
The records in this system of records
are about low-income working families
receiving child care financial assistance
through the CCDF whose information
was reported on form ACF–801, prior to
October 2015, by states and territories
that used SSN as a case identifier.
CATEGORIES OF RECORDS IN THE SYSTEM:
SYSTEM NAME AND NUMBER:
PO 00000
4605
The records consist of pre-October
2015, case-level information about
families receiving CCDF services. They
contain SSN as a case identifier and
data elements such as state and county,
reason for receiving care, total monthly
copayment, total monthly income,
sources of income, date assistance
began, and specific data elements about
children, such as race and ethnicity,
birth month and year, type of child care,
total monthly amount paid to child care
provider, total hours of child care
provided, and characteristics of the
environment where the child was
served, such as accreditation status or
standards met. Names are not collected,
and the records are not intended to
include other personal identifiers.
However, prior to October 2015, caselevel information reported by states and
territories included Social Security
Numbers (SSNs) as a state- or territoryassigned case identifier (instead of
another unique but non-personally
identifying case identifier), for families
based on requirements of the states and
territories.
RECORD SOURCE CATEGORIES:
Information in the system is obtained
by the states and territories receiving
funds from the Child Care and
Development Fund.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
These routine uses specify
circumstances, in addition to others
provided by statute in subsection (b) of
the Privacy Act of 1974 (5 U.S.C.
552a(b)), under which ACF may release
information from this system of records
without the consent of the data subject.
Each proposed disclosure of information
under these routine uses will be
evaluated to ensure that the disclosure
is legally permissible.
E:\FR\FM\28JAN1.SGM
28JAN1
jspears on DSK121TN23PROD with NOTICES1
4606
Federal Register / Vol. 87, No. 19 / Friday, January 28, 2022 / Notices
1. Disclosure for Law Enforcement
Purpose. Information may be disclosed
to the appropriate federal, state, local,
tribal, or foreign agency responsible for
investigating, prosecuting, enforcing, or
implementing a statute, rule, regulation,
or order, if the information is relevant
to a violation or potential violation of
civil or criminal law or regulation
within the jurisdiction of the receiving
entity.
2. Disclosure for Private Relief
Legislation. Information may be
disclosed to the Office of Management
and Budget at any stage in the
legislative coordination and clearance
process in connection with private relief
legislation as set forth in OMB Circular
No. A–19.
3. Disclosure to Congressional Office.
Information may be disclosed to a
congressional office from the record of
an individual in response to a written
inquiry from the congressional office
made at the written request of the
individual.
4. Disclosure to Department of Justice
or in Proceedings. Information may be
disclosed to the Department of Justice,
or in a proceeding before a court,
adjudicative body, or other
administrative body before which HHS
is authorized to appear, when:
• HHS, or any component thereof; or
• Any employee of HHS in his or her
official capacity; or
• Any employee of HHS in his or her
individual capacity where the
Department of Justice or HHS has agreed
to represent the employee; or
• The United States, if HHS
determines that litigation is likely to
affect HHS or any of its components,
is a party to litigation or has an
interest in such litigation, and the use
of such records by the Department of
Justice or HHS is deemed by HHS to be
relevant and necessary to the litigation
provided, however, that in each case it
has been determined that the disclosure
is compatible with the purpose for
which the records were collected.
5. Disclosure to the National Archives
and Records Administration (NARA).
Information may be disclosed to NARA
in records management inspections.
6. Disclosure to Contractors, Grantees,
and Others. Information may be
disclosed to contractors, grantees,
consultants, or volunteers performing or
working on a contract, service, grant,
cooperative agreement, job, or other
activity for HHS and who have a need
to have access to the information in the
performance of their duties or activities
for HHS.
7. Disclosure for Administrative
Claim, Complaint, and Appeal.
Information may be disclosed to an
VerDate Sep<11>2014
18:03 Jan 27, 2022
Jkt 256001
authorized appeal grievance examiner,
formal complaints examiner, equal
employment opportunity investigator,
arbitrator or other person properly
engaged in investigation or settlement of
an administrative grievance, complaint,
claim, or appeal filed by an employee,
but only to the extent that the
information is relevant and necessary to
the proceeding. Agencies that may
obtain information under this routine
use include, but are not limited to, the
Office of Personnel Management, Office
of Special Counsel, Merit Systems
Protection Board, Federal Labor
Relations Authority, Equal Employment
Opportunity Commission, and Office of
Government Ethics.
8. Disclosure to Office of Personnel
Management. Information may be
disclosed to the Office of Personnel
Management pursuant to that agency’s
responsibility for evaluation and
oversight of Federal personnel
management.
9. Disclosure in Connection with
Litigation. Information may be disclosed
in connection with litigation or
settlement discussions regarding claims
by or against HHS, including public
filing with a court, to the extent that
disclosure of the information is relevant
and necessary to the litigation or
discussions and except where court
orders are otherwise required under
section (b)(11) of the Privacy Act of
1974, 5 U.S.C. 552a(b)(11).
10. Disclosure in the Event of a
Security Breach.
a. Information may be disclosed to
appropriate agencies, entities, and
persons when (1) HHS suspects or has
confirmed that there has been a breach
of the system of records; (2) HHS has
determined that as a result of the
suspected or confirmed breach there is
a risk of harm to individuals, HHS
(including its information systems,
programs, and operations), the federal
government, or national security; and
(3) the disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with HHS’s efforts to
respond to the suspected or confirmed
breach or to prevent, minimize, or
remedy such harm.
b. Information may be disclosed to
another federal agency or federal entity,
when HHS determines that information
from this system of records is
reasonably necessary to assist the
recipient agency or entity in (1)
responding to a suspected or confirmed
breach or (2) preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including its information
systems, programs, and operations), the
PO 00000
Frm 00055
Fmt 4703
Sfmt 4703
federal government, or national security,
resulting from a suspected or confirmed
breach.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Case-level records are stored on a
computer network/database. Servers for
the database are currently located at the
National Institutes of Health Center for
Information Technology (NIHCIT) in
Bethesda, MD.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
The records are retrieved by SSN.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Records on families and children
receiving child care subsidies funded by
the Child Care and CCDF are destroyed
eight years after the end of the fiscal
year in which the data was reported
(e.g., the cutoff for Fiscal Year 2015 data
is September 30, 2015), per records
disposition authority DAA–0292–2018–
0004, item 1 approved by the National
Archives and Records Administration
(NARA).
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Safeguards conform to the HHS
Information Security and Privacy
Program, https://www.hhs.gov/ocio/
securityprivacy/. Information
is safeguarded in accordance with
applicable laws, rules and policies,
including the HHS Information
Technology Security Program
Handbook, all pertinent National
Institutes of Standards and Technology
(NIST) publications; and OMB Circular
A–130, Managing Information as a
Strategic Resource.
• Administrative Safeguards: Access
to records is limited to persons
authorized to update, view, or maintain
Federal Child Care Monthly Case
Records. Authorized users include
internal users such as government and
contractor personnel and federal
researchers. Federal employees and
direct contractor users must attend
general computer security training and
sign a Rules of Behavior, that is renewed
annually. Additionally, direct
contractors are required to sign a nondisclosure agreement. All users are
given role-based access to the system on
a limited need-to-know basis. Approved
users’ access to system records is
controlled by two factor authentications.
Physical and logical access to the
system is removed upon termination of
employment or other change in the
user’s role.
• Technical Safeguards: Electronic
records are protected from unauthorized
E:\FR\FM\28JAN1.SGM
28JAN1
Federal Register / Vol. 87, No. 19 / Friday, January 28, 2022 / Notices
access by user authentication controls,
intrusion detection, and firewalls.
Routine system security scans are run to
detect web and architecture
vulnerabilities.
• Physical Safeguards: The facility
housing OCC information systems is a
secure data center and can only be
accessed by authorized infrastructure
staff from HHS and NIH. The facility
maintains fire suppression and
detection devices/systems (e.g.,
sprinkler systems, handheld fire
extinguishers, fixed fire hoses, and/or
smoke detectors) that are activated in
the event of a fire. Servers and other
computer equipment used to process
identifiable data are located in secured
areas and use physical access devices
(e.g., keys, locks, combinations, and
card readers) and/or security guards to
control entries into the facility.
RECORD ACCESS PROCEDURES:
An individual seeking access to
records about him or her in this system
of records must submit a written request
to the System Manager/Policy
Coordinating Official at the address
specified in the ‘‘System Manager’’
section above. The requester must verify
his or her identity by providing either
a notarization of the request or a written
certification that the requester is who or
she claims to be and understands that
the knowing and willful request for
access to a record pertaining to an
individual from an agency under false
pretenses is a criminal offense under the
Privacy Act, subject to a fine of up to
five thousand dollars. Requesters may
also ask for an accounting of disclosures
that have been made of their records, if
any.
jspears on DSK121TN23PROD with NOTICES1
CONTESTING RECORD PROCEDURES:
An individual seeking to amend a
record about him or her in this system
of records must submit a written request
to the System Manager indicated above,
verify his or her identity in the same
manner as is required for an access
request, and reasonably identify the
record and specify the information
being contested, the corrective action
sought, and the reasons for requesting
the correction, along with any
supporting documentation. The right to
contest records is limited to information
that is incomplete, incorrect, untimely,
or irrelevant.
NOTIFICATION PROCEDURES:
An individual who wishes to know if
this system of records contains records
about him or her must submit a written
request to the System Manager indicated
above, and must verify his or her
VerDate Sep<11>2014
18:03 Jan 27, 2022
Jkt 256001
identity in the same manner as is
required for an access request.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
80 FR 17893 (Apr. 2, 2015), 83 FR
6591 (Feb. 14, 2018).
[FR Doc. 2022–01771 Filed 1–27–22; 8:45 am]
BILLING CODE 4184–81–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Food and Drug Administration
[Docket No. FDA–2017–D–5225]
Agency Information Collection
Activities; Proposed Collection;
Comment Request; Foreign Supplier
Verification Programs for Food
Importers
AGENCY:
Food and Drug Administration,
HHS.
ACTION:
Notice.
The Food and Drug
Administration (FDA, Agency, or we) is
announcing an opportunity for public
comment on the proposed collection of
certain information by the Agency.
Under the Paperwork Reduction Act of
1995 (PRA), Federal Agencies are
required to publish notice in the
Federal Register concerning each
proposed collection of information,
including each proposed extension of an
existing collection of information, and
to allow 60 days for public comment in
response to the notice. This notice
solicits comments on the information
collection requirements associated with
our Foreign Supplier Verification
Programs for Food Importers.
DATES: Submit either electronic or
written comments on the collection of
information by March 29, 2022.
ADDRESSES: You may submit comments
as follows. Please note that late,
untimely filed comments will not be
considered. Electronic comments must
be submitted on or before March 29,
2022. The https://www.regulations.gov
electronic filing system will accept
comments until 11:59 p.m. Eastern Time
at the end of March 29, 2022. Comments
received by mail/hand delivery/courier
(for written/paper submissions) will be
considered timely if they are
postmarked or the delivery service
acceptance receipt is on or before that
date.
SUMMARY:
Electronic Submissions
Submit electronic comments in the
following way:
PO 00000
Frm 00056
Fmt 4703
Sfmt 4703
4607
• Federal eRulemaking Portal:
https://www.regulations.gov. Follow the
instructions for submitting comments.
Comments submitted electronically,
including attachments, to https://
www.regulations.gov will be posted to
the docket unchanged. Because your
comment will be made public, you are
solely responsible for ensuring that your
comment does not include any
confidential information that you or a
third party may not wish to be posted,
such as medical information, your or
anyone else’s Social Security number, or
confidential business information, such
as a manufacturing process. Please note
that if you include your name, contact
information, or other information that
identifies you in the body of your
comments, that information will be
posted on https://www.regulations.gov.
• If you want to submit a comment
with confidential information that you
do not wish to be made available to the
public, submit the comment as a
written/paper submission and in the
manner detailed (see ‘‘Written/Paper
Submissions’’ and ‘‘Instructions’’).
Written/Paper Submissions
Submit written/paper submissions as
follows:
• Mail/Hand Delivery/Courier (for
written/paper submissions): Dockets
Management Staff (HFA–305), Food and
Drug Administration, 5630 Fishers
Lane, Rm. 1061, Rockville, MD 20852.
• For written/paper comments
submitted to the Dockets Management
Staff, FDA will post your comment, as
well as any attachments, except for
information submitted, marked and
identified, as confidential, if submitted
as detailed in ‘‘Instructions.’’
Instructions: All submissions received
must include the Docket No. FDA–
2017–D–5225 for ‘‘Agency Information
Collection Activities; Proposed
Collection; Comment Request; Foreign
Supplier Verification Programs for Food
Importers.’’ Received comments, those
filed in a timely manner (see
ADDRESSES), will be placed in the docket
and, except for those submitted as
‘‘Confidential Submissions,’’ publicly
viewable at https://www.regulations.gov
or at the Dockets Management Staff
between 9 a.m. and 4 p.m., Monday
through Friday, 240–402–7500.
• Confidential Submissions—To
submit a comment with confidential
information that you do not wish to be
made publicly available, submit your
comments only as a written/paper
submission. You should submit two
copies total. One copy will include the
information you claim to be confidential
with a heading or cover note that states
‘‘THIS DOCUMENT CONTAINS
E:\FR\FM\28JAN1.SGM
28JAN1
]]>Agencies
[Federal Register Volume 87, Number 19 (Friday, January 28, 2022)]
[Notices]
[Pages 4604-4607]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-01771]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Administration for Children and Families
Privacy Act of 1974; System of Records
AGENCY: Administration for Children and Families (ACF), Department of
Health and Human Services (HHS).
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
[[Page 4605]]
SUMMARY: In accordance with the requirements of the Privacy Act of
1974, as amended, the Department of Health and Human Services (HHS) is
modifying an existing system of records maintained by the
Administration for Children and Families (ACF), Office of Child Care
(OCC): System Number 09-80-0371, OCC Federal Child Care Monthly Case
Records. The system of records covers case-level information on low-
income working families receiving child care financial assistance
through the Child Care and Development Fund (CCDF), which is provided
in aggregate, non-identifiable format to Congress for empirical
assessment, and to researchers and the public. Only certain pre-October
2015, case records (i.e., those that include Social Security Number
(SSN) as a case identifier) are included in this system of records,
because only those are retrieved by a personal identifier.
DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this Notice is
applicable January 28, 2022, subject to a 30-day period in which to
comment on the new routine use, described below. Please submit any
comments by February 28, 2022.
ADDRESSES: The public should address written comments by mail or email
to: Anita Alford, Senior Official for Privacy, Administration for
Children and Families, 330 C St. SW, Washington, DC 20201, or
[email protected].
FOR FURTHER INFORMATION CONTACT: General questions about this system of
records should be submitted by mail or email to Helen Papadopoulos,
Information Technology Specialist, at 330 C St. SW, Washington, DC
20201, 202-205-8455 or [email protected].
SUPPLEMENTARY INFORMATION: The following modifications have been made
to System of Records Notice (SORN) 09-80-0371 to update and improve it:
The Categories of Records section has been revised to
limit the system of records to pre-October 2015, records that include
SSN as a case identifier and to list more examples of data elements
contained in the records.
The Routine Uses section has been updated to remove the
statement ``Disclosure to Consumer Reporting Agencies: None'' that was
formerly included in the Routine Uses section and numbered as routine
use 11 (but isn't a routine use). Routine use 3, that authorizes
disclosures to members of Congress and their office staff for purposes
of responding to constituent inquiries, has been revised to require
that the constituent requests be ``written.'' The two-breach response-
related routine uses that were revised and added February 14, 2018,
(see 83 FR 6591) are now numbered as 10a.and 10b.
The Retrieval section has been revised to clarify that SSN
is the only personal identifier used for retrieval, because other
unique case identifiers assigned by states and territories are not
personal identifiers (other case identifiers identify a family without
also identifying a particular individual).
The Retention and Disposal section has been updated to
identify the applicable records disposition authority, DAA-0292-2018-
0004, item 1.
Ruth Friedman,
Director, Office of Child Care, Administration for Children and
Families.
SYSTEM NAME AND NUMBER:
OCC Federal Child Care Monthly Case Records, 09-80-0371.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The component responsible for this system of records is the Office
of Child Care, Administration for Children and Families, 330 C St. SW,
Washington, DC 20201.
SYSTEM MANAGERS:
Information Technology Specialist, Office of Child Care,
Administration for Children and Families, 330 C St. SW, Washington, DC
20201, (202) 690-6782, [email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 9858i, 9858j.
PURPOSE(S) OF THE SYSTEM:
The system of records contains OCC federal child care monthly case-
level data which states and territories regularly collect and are
required to provide to OCC about families receiving CCDF services and
the environments where those services are provided. The Child Care and
Development Block Grant (CCDBG) Act of 1990 requires states and
territories to submit specific information to OCC, so that OCC can in
turn report it (in aggregate form) to Congress, to give Congress an
empirical basis for assessing the program (see 42 U.S.C. 9858i, 9858j).
OCC also makes non-identifiable records available to researchers and
the public.
The records in this system of records are pre-October 2015, records
that are not intended to be personally-identifying and are not used for
any purpose that involves identifying particular individuals; however,
they contain, and are retrieved by, SSN, that states and territories
used as a case identifier prior to October 2015. The purpose of the
case identifier is to accurately count the number of families served
over time and ensure that data reported at different times about the
same case (i.e., the same family) is associated with the correct case
for research purposes.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The records in this system of records are about low-income working
families receiving child care financial assistance through the CCDF
whose information was reported on form ACF-801, prior to October 2015,
by states and territories that used SSN as a case identifier.
CATEGORIES OF RECORDS IN THE SYSTEM:
The records consist of pre-October 2015, case-level information
about families receiving CCDF services. They contain SSN as a case
identifier and data elements such as state and county, reason for
receiving care, total monthly copayment, total monthly income, sources
of income, date assistance began, and specific data elements about
children, such as race and ethnicity, birth month and year, type of
child care, total monthly amount paid to child care provider, total
hours of child care provided, and characteristics of the environment
where the child was served, such as accreditation status or standards
met. Names are not collected, and the records are not intended to
include other personal identifiers. However, prior to October 2015,
case-level information reported by states and territories included
Social Security Numbers (SSNs) as a state- or territory-assigned case
identifier (instead of another unique but non-personally identifying
case identifier), for families based on requirements of the states and
territories.
RECORD SOURCE CATEGORIES:
Information in the system is obtained by the states and territories
receiving funds from the Child Care and Development Fund.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
These routine uses specify circumstances, in addition to others
provided by statute in subsection (b) of the Privacy Act of 1974 (5
U.S.C. 552a(b)), under which ACF may release information from this
system of records without the consent of the data subject. Each
proposed disclosure of information under these routine uses will be
evaluated to ensure that the disclosure is legally permissible.
[[Page 4606]]
1. Disclosure for Law Enforcement Purpose. Information may be
disclosed to the appropriate federal, state, local, tribal, or foreign
agency responsible for investigating, prosecuting, enforcing, or
implementing a statute, rule, regulation, or order, if the information
is relevant to a violation or potential violation of civil or criminal
law or regulation within the jurisdiction of the receiving entity.
2. Disclosure for Private Relief Legislation. Information may be
disclosed to the Office of Management and Budget at any stage in the
legislative coordination and clearance process in connection with
private relief legislation as set forth in OMB Circular No. A-19.
3. Disclosure to Congressional Office. Information may be disclosed
to a congressional office from the record of an individual in response
to a written inquiry from the congressional office made at the written
request of the individual.
4. Disclosure to Department of Justice or in Proceedings.
Information may be disclosed to the Department of Justice, or in a
proceeding before a court, adjudicative body, or other administrative
body before which HHS is authorized to appear, when:
HHS, or any component thereof; or
Any employee of HHS in his or her official capacity; or
Any employee of HHS in his or her individual capacity
where the Department of Justice or HHS has agreed to represent the
employee; or
The United States, if HHS determines that litigation is
likely to affect HHS or any of its components,
is a party to litigation or has an interest in such litigation, and
the use of such records by the Department of Justice or HHS is deemed
by HHS to be relevant and necessary to the litigation provided,
however, that in each case it has been determined that the disclosure
is compatible with the purpose for which the records were collected.
5. Disclosure to the National Archives and Records Administration
(NARA). Information may be disclosed to NARA in records management
inspections.
6. Disclosure to Contractors, Grantees, and Others. Information may
be disclosed to contractors, grantees, consultants, or volunteers
performing or working on a contract, service, grant, cooperative
agreement, job, or other activity for HHS and who have a need to have
access to the information in the performance of their duties or
activities for HHS.
7. Disclosure for Administrative Claim, Complaint, and Appeal.
Information may be disclosed to an authorized appeal grievance
examiner, formal complaints examiner, equal employment opportunity
investigator, arbitrator or other person properly engaged in
investigation or settlement of an administrative grievance, complaint,
claim, or appeal filed by an employee, but only to the extent that the
information is relevant and necessary to the proceeding. Agencies that
may obtain information under this routine use include, but are not
limited to, the Office of Personnel Management, Office of Special
Counsel, Merit Systems Protection Board, Federal Labor Relations
Authority, Equal Employment Opportunity Commission, and Office of
Government Ethics.
8. Disclosure to Office of Personnel Management. Information may be
disclosed to the Office of Personnel Management pursuant to that
agency's responsibility for evaluation and oversight of Federal
personnel management.
9. Disclosure in Connection with Litigation. Information may be
disclosed in connection with litigation or settlement discussions
regarding claims by or against HHS, including public filing with a
court, to the extent that disclosure of the information is relevant and
necessary to the litigation or discussions and except where court
orders are otherwise required under section (b)(11) of the Privacy Act
of 1974, 5 U.S.C. 552a(b)(11).
10. Disclosure in the Event of a Security Breach.
a. Information may be disclosed to appropriate agencies, entities,
and persons when (1) HHS suspects or has confirmed that there has been
a breach of the system of records; (2) HHS has determined that as a
result of the suspected or confirmed breach there is a risk of harm to
individuals, HHS (including its information systems, programs, and
operations), the federal government, or national security; and (3) the
disclosure made to such agencies, entities, and persons is reasonably
necessary to assist in connection with HHS's efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such
harm.
b. Information may be disclosed to another federal agency or
federal entity, when HHS determines that information from this system
of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2)
preventing, minimizing, or remedying the risk of harm to individuals,
the recipient agency or entity (including its information systems,
programs, and operations), the federal government, or national
security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Case-level records are stored on a computer network/database.
Servers for the database are currently located at the National
Institutes of Health Center for Information Technology (NIHCIT) in
Bethesda, MD.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
The records are retrieved by SSN.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records on families and children receiving child care subsidies
funded by the Child Care and CCDF are destroyed eight years after the
end of the fiscal year in which the data was reported (e.g., the cutoff
for Fiscal Year 2015 data is September 30, 2015), per records
disposition authority DAA-0292-2018-0004, item 1 approved by the
National Archives and Records Administration (NARA).
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Safeguards conform to the HHS Information Security and Privacy
Program, https://www.hhs.gov/ocio/securityprivacy/.
Information is safeguarded in accordance with applicable laws, rules
and policies, including the HHS Information Technology Security Program
Handbook, all pertinent National Institutes of Standards and Technology
(NIST) publications; and OMB Circular A-130, Managing Information as a
Strategic Resource.
Administrative Safeguards: Access to records is limited to
persons authorized to update, view, or maintain Federal Child Care
Monthly Case Records. Authorized users include internal users such as
government and contractor personnel and federal researchers. Federal
employees and direct contractor users must attend general computer
security training and sign a Rules of Behavior, that is renewed
annually. Additionally, direct contractors are required to sign a non-
disclosure agreement. All users are given role-based access to the
system on a limited need-to-know basis. Approved users' access to
system records is controlled by two factor authentications. Physical
and logical access to the system is removed upon termination of
employment or other change in the user's role.
Technical Safeguards: Electronic records are protected
from unauthorized
[[Page 4607]]
access by user authentication controls, intrusion detection, and
firewalls. Routine system security scans are run to detect web and
architecture vulnerabilities.
Physical Safeguards: The facility housing OCC information
systems is a secure data center and can only be accessed by authorized
infrastructure staff from HHS and NIH. The facility maintains fire
suppression and detection devices/systems (e.g., sprinkler systems,
handheld fire extinguishers, fixed fire hoses, and/or smoke detectors)
that are activated in the event of a fire. Servers and other computer
equipment used to process identifiable data are located in secured
areas and use physical access devices (e.g., keys, locks, combinations,
and card readers) and/or security guards to control entries into the
facility.
RECORD ACCESS PROCEDURES:
An individual seeking access to records about him or her in this
system of records must submit a written request to the System Manager/
Policy Coordinating Official at the address specified in the ``System
Manager'' section above. The requester must verify his or her identity
by providing either a notarization of the request or a written
certification that the requester is who or she claims to be and
understands that the knowing and willful request for access to a record
pertaining to an individual from an agency under false pretenses is a
criminal offense under the Privacy Act, subject to a fine of up to five
thousand dollars. Requesters may also ask for an accounting of
disclosures that have been made of their records, if any.
CONTESTING RECORD PROCEDURES:
An individual seeking to amend a record about him or her in this
system of records must submit a written request to the System Manager
indicated above, verify his or her identity in the same manner as is
required for an access request, and reasonably identify the record and
specify the information being contested, the corrective action sought,
and the reasons for requesting the correction, along with any
supporting documentation. The right to contest records is limited to
information that is incomplete, incorrect, untimely, or irrelevant.
NOTIFICATION PROCEDURES:
An individual who wishes to know if this system of records contains
records about him or her must submit a written request to the System
Manager indicated above, and must verify his or her identity in the
same manner as is required for an access request.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
80 FR 17893 (Apr. 2, 2015), 83 FR 6591 (Feb. 14, 2018).
[FR Doc. 2022-01771 Filed 1-27-22; 8:45 am]
BILLING CODE 4184-81-P
