Federal-State Unemployment Compensation (UC) Program; Confidentiality and Disclosure of State UC Information, 47829-47837 [2023-15631]

Agencies

• Employment and Training Administration
• DEPARTMENT OF LABOR

[Federal Register Volume 88, Number 141 (Tuesday, July 25, 2023)]
[Proposed Rules]
[Pages 47829-47837]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-15631]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF LABOR

Employment and Training Administration

20 CFR Part 603

[Docket No. ETA-2023-0002]
RIN 1205-AC11


Federal-State Unemployment Compensation (UC) Program; 
Confidentiality and Disclosure of State UC Information

AGENCY: Employment and Training Administration (ETA), Department of 
Labor.

ACTION: Request for information (RFI).

-----------------------------------------------------------------------

SUMMARY: The U.S. Department of Labor (Department or USDOL) invites 
interested parties to provide information relating to the disclosure of 
confidential wage records under the Department's regulations governing 
the confidentiality and disclosure of State UC information. The 
Department is considering comprehensive updates to the UC 
confidentiality regulations and the information received in response to 
this RFI will inform and be considered by the Department as it reviews 
the UC confidentiality regulations, which may result in the development 
of a notice of proposed rulemaking (NPRM) to revise the regulations in 
a manner that would address the evolution of both information 
technology (IT) and the public workforce system as these changes relate 
to the required and permissible disclosure of confidential UC data.

DATES: Interested persons are invited to submit written comments on the 
request for information on or before September 25, 2023.

ADDRESSES: You may submit comments, identified by Docket No. ETA-2023-
0002 and Regulatory Identification Number (RIN) 1205-AC11, through the 
Federal eRulemaking Portal: https://www.regulations.gov. Search for the 
above-referenced RIN, open the RFI, and follow the on-screen 
instructions for submitting comments.
    All submissions received must include the agency name and docket 
number for this pre-rulemaking: ``RIN 1205-AC11.'' Please be advised 
that the Department may post all comments

[[Page 47830]]

received that relate to this RFI without changes to https://www.regulations.gov, including any personal information, confidential 
business information, and other sensitive information provided. The 
https://www.regulations.gov website is the Federal eRulemaking Portal 
and all comments posted there are available and accessible to the 
public. Therefore, the Department recommends that commenters remove 
personal information (either about themselves or others), such as 
Social Security numbers, personal addresses, telephone numbers, and 
email addresses included in their comments, as well as any other 
information the commenter does not want to be made public, as such 
information may become easily available to the public via the https://www.regulations.gov website. The responsibility to safeguard personal 
information, confidential business information, and other sensitive 
information remains with the commenter.
    ETA reminds commenters that it is subject to the disclosure 
requirements of the Freedom of Information Act (FOIA) and, though it 
will seek to protect information to the extent permitted under any 
applicable FOIA exemptions, ETA may be required to disclose information 
in response to FOIA requests or in accordance with a court order.
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov (search using RIN 
1205-AC11 or Docket No. ETA-2023-0002).

FOR FURTHER INFORMATION CONTACT: Michelle L. Paczynski, Administrator, 
Office of Policy Development and Research, U.S. Department of Labor, 
Employment and Training Administration, 200 Constitution Avenue NW, 
Room N-5641, Washington, DC 20210, Telephone: (202) 693-3700 (voice) 
(this is not a toll-free number), 1-877-872-5627, or 1-800-326-2577 
(telecommunications device for the deaf).

SUPPLEMENTARY INFORMATION:

Table of Contents

I. Background
II. Need To Revise Part 603
III. Regulated Community: Who is the department requesting provide 
information?
IV. Terms of Art Used in This Request for Information
V. Requests for Public Comment
VI. Conclusion

I. Background

    In September 2006, the Department issued a final rule (71 FR 56830, 
Sept. 27, 2006) that set forth the statutory confidentiality and 
disclosure requirements of title III of the Social Security Act (SSA) 
and the Federal Unemployment Tax Act (FUTA) concerning unemployment 
compensation (UC) information and revised the Income and Eligibility 
Verification System \1\ (IEVS) regulations at 20 CFR part 603 
(hereinafter ``2006 Final Rule'').
---------------------------------------------------------------------------

    \1\ The IEVS is a system of required information sharing 
primarily among State and local agencies administering several 
federally assisted programs.
---------------------------------------------------------------------------

    The 2006 Final Rule implemented Federal UC laws concerning 
confidentiality and disclosure of UC information and established 
uniform minimum requirements for the payment of costs, safeguards, and 
data-sharing agreements to ensure responsible use when UC information 
is disclosed. The confidentiality requirement implemented by the 2006 
Final Rule was derived from the ``methods of administration'' 
requirement of Section (Sec.) 303(a)(1) of the SSA. The Department 
interprets the methods of administration requirement of the SSA to 
require State UC law to provide for maintaining the confidentiality of 
certain UC information. The disclosure requirements are from Secs. 
303(a)(7), (c)(1), (d), (e), (f), (h), and (i) of the SSA, and Sec. 
3304(a)(16) of the FUTA. The 2006 Final Rule revised the regulations at 
20 CFR part 603 to implement all of these statutory provisions.
    These statutory provisions each address disclosure to governmental 
entities, but they vary with respect to the specific information to be 
disclosed and the terms and conditions of disclosure. The 
confidentiality and disclosure requirements in title III of the SSA 
relating to UC information are conditions for receipt of grants by the 
States for UC administration. The disclosure requirements in the FUTA 
are conditions required of a State in order for employers in that State 
to receive credit against the Federal unemployment tax under 26 U.S.C. 
3302. Other Federal laws may require the use or disclosure of 
confidential UC information. UC data represents an important census of 
payroll employment in addition to records of unemployment benefits 
receipt, and Federal law permits and mandates sharing of this 
confidential information in important situations.
    In implementing these confidentiality requirements for UC 
information and parameters for its disclosure, the 2006 Final Rule 
defined types of information related to employment, unemployment 
claims, and wage records and outlined the conditions under which 
disclosures are permitted or required. For the purpose of this RFI, 
disclosure means the State UC agency providing or revealing any 
information in its records to any other entity. Permissible disclosures 
of confidential UC information include disclosures of information: in 
the public domain; about essential program activities; about an 
individual or employer to that individual or employer; on the basis of 
informed consent; to a public official in the performance of their 
duties and to an agent or contractor of such a public official; 
collected for statistical purposes in cooperation with the Bureau of 
Labor Statistics (BLS); or required to be disclosed by a court order or 
Federal law. Required disclosures of confidential UC information 
include disclosures of information necessary for the proper 
administration of the UC program or relevant to the IEVS.
    Additionally, the 2006 Final Rule set forth parameters for the 
payment of costs related to disclosures of confidential UC information, 
generally requiring recipients to pay the non-incidental costs of 
disclosures for purposes other than administration of the UC program 
and for which the disclosing State UC agency does not receive a 
reciprocal benefit. Finally, the 2006 Final Rule also established 
safeguards that State UC agencies must require of recipients who obtain 
confidential UC information, requirements for data-sharing agreements 
with parties obtaining confidential UC information, and requirements 
for State UC agencies to notify claimants and employers about how their 
confidential UC information may be requested and used.
    In 2016, the Department issued a final rule (81 FR 56072; Aug. 19, 
2016) to amend 20 CFR part 603 to help States comply with new 
requirements under the Workforce Innovation and Opportunity Act (WIOA) 
to assess the performance of certain federally funded employment and 
training programs (hereinafter ``WIOA Final Rule''). WIOA requires 
States to use ``quarterly wage records'' in these performance 
assessments, which the Department defined in the WIOA implementing 
regulation at 20 CFR 677.175(b) to include a program participant's 
Social Security number (SSN), participant wages after exiting the 
program, and identifying employer information, information that already 
was included in the definition of ``wage information'' in part 603 
(Sec.  603.2(k)) and collected by

[[Page 47831]]

State UC agencies. To facilitate the performance reporting required of 
States under WIOA, the WIOA Final Rule expanded the set of ``public 
officials,'' enumerated in Sec.  603.2(d), to whom a State may disclose 
these confidential wage records to include officials from public 
postsecondary educational organizations; State performance 
accountability and customer information agencies; the chief elected 
officials of local workforce development areas; and a public State 
educational authority, agency, or institution. In conjunction with this 
expanded definition, Sec.  603.5(e) was amended to explicitly allow 
confidential UC information to be disclosed to a public official for 
limited, specified WIOA purposes, and Sec.  603.6(b)(8) was adopted to 
make such disclosures mandatory when doing so would not interfere with 
the efficient administration of State UC law.

II. Considering Revision to Part 603

    The Department is considering a regulatory update to 20 CFR part 
603 that would incorporate a requirement for States to disclose 
confidential UC information to the Department's Office of Inspector 
General (OIG) for oversight and audits. In addition, the Department is 
considering addressing several other items that States and stakeholders 
have raised over the years, including addressing questions around 
sharing information across the workforce system (including with local 
workforce development boards), the permissibility of sharing 
information with federally recognized Indian tribes, data warehousing, 
the use of contractors/subcontractors, and updates to recognize the 
evolution in IT. In particular, since the part 603 confidentiality and 
disclosure requirements were last significantly revised in 2006, both 
the public workforce development system and IT infrastructure have 
changed substantially. Given these changes, part 603 could be revised 
to better support UC stakeholders by increasing clarity and addressing 
more modern scenarios in which State UC information is stored and 
disclosure of confidential UC information may be requested. The 
Department also solicits comment on the utility of future regulatory 
changes that could potentially reduce barriers to data sharing with 
Federal statistical agencies and other Federal agencies as needed for 
evidence-based research and evaluation, performance, and administration 
purposes. Finally, the Department intends to update some outdated 
terminology used in part 603. For example, part 603 currently includes 
in several places outdated references to the ``food stamp program,'' 
which should be revised to reference the Supplemental Nutrition 
Assistance Program (SNAP).

III. Regulated Community: Who is the department requesting provide 
information?

    The Department is seeking from the public information and 
suggestions relating to potential revisions to 20 CFR part 603, the 
Federal regulations governing the confidentiality and disclosure of 
State UC information. Interested stakeholders likely will include State 
UC agencies (including groups representing State UC agencies), State 
and local workforce development boards (including groups representing 
workforce development boards), federally recognized Indian tribes, 
workers and worker advocates, employers and employer advocates, data 
privacy advocates, educational institutions, private sector entities 
(for example, research institutions and third-party vendors), any 
potential requestor of confidential UC information, and others.

IV. Terms Used in This Request for Information

    This section defines several key terms used throughout this RFI to 
aid commenters in responding to the Department's questions.
    Claim information means information about (1) whether an individual 
is receiving, has received, or has applied for UC; (2) the amount of 
compensation the individual is receiving or is entitled to receive; and 
(3) the individual's current (or most recent) home address (Sec.  
603.2(a)).
    Confidential UC information means any UC information required to be 
kept confidential under Sec.  603.4 (What is the confidentiality 
requirement of Federal UC law?) (Sec.  603.2(b)).
    Public official means (Sec.  603.2(d)):
    (1) An official, agency, or public entity within the executive 
branch of Federal, State, or local government who (or which) has 
responsibility for administering or enforcing a law, or an elected 
official in the Federal, State, or local government.
    (2) Public postsecondary educational institutions established and 
governed under the laws of the State.\2\
---------------------------------------------------------------------------

    \2\ These include the following: (1) Institutions that are part 
of the State's executive branch. This means the head of the 
institution must derive their authority from the Governor, either 
directly or through a State workforce development board, commission, 
or similar entity established in the executive branch under the laws 
of the State. (2) Institutions which are independent of the 
executive branch. This means the head of the institution derives 
their authority from the State's chief executive officer for the 
State education authority or agency when such officer is elected or 
appointed independently of the Governor. (3) Publicly governed, 
publicly funded community and technical colleges.
---------------------------------------------------------------------------

    (3) Performance accountability and customer information agencies 
designated by the Governor of a State to be responsible for 
coordinating the assessment of State and local education or workforce 
training program performance and/or evaluating education or workforce 
training provider performance.
    (4) The chief elected official of a local area as defined in WIOA 
sec. 3(9).
    (5) A State educational authority, agency, or institution as those 
terms are used in the Family Educational Rights and Privacy Act, to the 
extent they are public entities.
    State means a U.S. State, the District of Columbia, the 
Commonwealth of Puerto Rico, and the U.S. Virgin Islands (Sec.  
603.2(f)).
    State UC agency means an agency charged with the administration of 
the State UC law (Sec.  603.2(g)).
    State UC law means the law of a State approved under section 
3304(a) of the Internal Revenue Code of 1986 (26 U.S.C. 3304(a)) (Sec.  
603.2(h)).
    Unemployment compensation (UC) means cash benefits payable to 
individuals with respect to their unemployment (Sec.  603.2(i)).
    UC information and State UC information means information in the 
records of a State or State UC agency that pertains to the 
administration of the State UC law, including State wage record reports 
collected under the IEVS that are obtained by the State UC agency for 
determining UC monetary eligibility or are downloaded to the State UC 
agency's files as a result of a crossmatch but does not otherwise 
include those wage reports (Sec.  603.2(j)).
    Wage information means information in the records of a State UC 
agency about the (1) wages paid to an individual; (2) Social Security 
account number(s) of such individual; and (3) name, address, State, and 
the Federal employer identification number of the employer who paid 
such wages to such individual (Sec.  603.2(k)).

V. Requests for Public Comment

    Through this RFI, the Department is soliciting public input 
relating to the disclosure of confidential UC information under the 
Department's regulations governing the confidentiality and disclosure 
of State UC information (29 CFR part 603). Submissions may include, but 
are not

[[Page 47832]]

limited to, written narratives that answer the questions provided in 
this RFI; quantitative or qualitative data analysis, reports, or 
studies, and other methodologies, whether published or unpublished, 
relevant to the required or permissive disclosure of confidential UC 
information and related data protections; and any other way in which 
the public recommends the Department revise or update any of the part 
603 regulations. The information received in response to this RFI will 
inform and be considered by the Department as it reviews the part 603 
regulations, which may result in the development of an NPRM to revise 
the regulations.
    Responses to this RFI are voluntary and may be submitted 
anonymously. Written narratives providing factual or evidence-based 
information also should provide citations of sources, and copies of and 
links to the source material should be provided, where applicable.
    Accordingly, the Department invites the public to answer one or 
more of the questions below in their submission.

A. Part 603 Definitions

    The definitions of terms that apply to 29 CFR part 603 currently 
are defined at Sec.  603.2.
    1. Are there any terms that should be added to Sec.  603.2? If so, 
what is the recommended definition for any such new Sec.  603.2 term? 
If you are recommending defining a new term, please provide the reason 
the term needs to be defined. If you are proposing a revised or new 
definition, please explain why you recommend this definition or 
changes.
Claim Information (Sec.  603.2(a))
    2. When State UC agencies receive requests for UC information 
disclosures, what types of specific claim information are State UC 
agencies being requested to disclose and for what purposes are the 
disclosures being requested? For example, are UC information disclosure 
requestors requesting all information regarding a claim, confirmation 
that a UC claim exists, all UC information associated with a specific 
employer, or all UC information associated with a specific time period? 
Are requestors requesting that State UC agencies provide names and 
Social Security numbers as part of the request?
Public Official (Sec.  603.2(d))
Federally Recognized Indian Tribes
    3. If the Department revises the definition of ``public official'' 
to include federally recognized Indian tribes in the definition to 
allow such tribes the same access to confidential UC information as a 
public official has under the existing regulation, how many additional 
annual disclosure requests would State UC agencies expect to receive?
    4. How, if at all, are Tribal governments currently accessing 
confidential UC information?
    5. What types of confidential UC information would federally 
recognized Indian tribes request from State UC agencies if such tribes 
were considered ``public officials''?
    6. For what purposes would federally recognized Indian tribes 
request confidential UC information from State UC agencies, and what 
types of entities within Tribal governments would need access to such 
information?
    7. What benefits or cost savings would Tribal governments obtain if 
they had access to the same confidential UC information as local, 
State, or Federal Government agencies?
    8. Would Tribal governments potentially incur costs associated with 
requesting, receiving, processing, or storing confidential UC wage 
information (for example, relating to costs associated with making 
requests as well as maintaining data security)? If so, what types and 
amounts of costs would they incur and how would these costs affect the 
Tribal government, if at all?
Local Workforce Development Boards \3\
---------------------------------------------------------------------------

    \3\ A local workforce development board established under 
section 107 of WIOA.
---------------------------------------------------------------------------

    9. Are local workforce development boards prevented from receiving 
confidential UC information for their official duties? If yes, please 
explain why (for example, the structure of a local workforce 
development board prevents it from being considered a public official).
    10. For what purposes do local workforce development boards request 
confidential UC information?
    11. For what purposes would one-stop operators \4\ or their agents 
or contractors request confidential UC information?
---------------------------------------------------------------------------

    \4\ An entity(ies) designated or certified under section 121(d) 
of WIOA.
---------------------------------------------------------------------------

    12. For what purposes would other Workforce Innovation and 
Opportunity Act (WIOA) local service providers request confidential UC 
information?
    13. In your experience, how many local workforce development boards 
are structured as nonprofit organizations versus State or local 
governmental entities?
    14. Are there any observable trends, over time, in the way that 
local workforce development boards are structured or have membership 
qualifications changed? Are you aware of any efforts or proposals to 
change the structure of local boards in a particular State or locality?
    15. How is confidential UC information currently being shared with 
local workforce development boards?
Private Postsecondary Educational Institutions \5\
---------------------------------------------------------------------------

    \5\ As used in this context, ``private postsecondary educational 
institution'' refers to post-secondary educational institutions that 
are not operated by State or local governmental entities.
---------------------------------------------------------------------------

    16. Should private postsecondary educational institutions be given 
access to confidential UC information? Why or why not?
    17. For what purpose would a private postsecondary educational 
institution request confidential UC information?
    18. What types of private postsecondary educational institutions 
make disclosure requests?
    19. Are private postsecondary educational institutions currently 
receiving confidential UC information? If so, under what conditions?
Federal Statistical and Other Agencies
    20. Should confidential UC information be subject to the 
requirements of 20 CFR part 603 when disclosed for evidence-based 
research and evaluations, including but not limited to activities 
authorized under the Foundations for Evidence-Based Policymaking Act of 
2018 (``Evidence Act'')? Why or why not?
    21. For which purposes should the regulations permit disclosures to 
Federal statistical or other agencies?
    22. What safeguards and limits should be in place for disclosures 
to Federal Government entities, including Federal statistical and other 
agencies, for evidence-based research, evaluations, and other purposes?
Other
    23. Are there other entities to which it would be beneficial to 
disclose confidential UC information under certain circumstances 
(including disclosures to publicly funded grantees)? If so, what are 
those entities and what would be the benefits and costs of disclosing 
confidential UC information to such entities?
    24. For public officials with civil enforcement authority for 
another law (for example, laws involving workplace rights or employment 
taxes), are States currently disclosing confidential UC information? If 
so, how? What kinds of agencies are making use of these disclosures? 
Please provide any proposed changes to effectuate this work and 
describe how these changes would support this effort.
    25. Would it be beneficial for the Department to define in Sec.  
603.2 which individuals or entities constitute agents

[[Page 47833]]

or contractors of public officials (for example, an employee of a 
public official carrying out their official duties as an agent, or a 
research agency hired by a public official to carry out their official 
duties as a contractor)? If so, please provide any recommended 
definition(s) and an explanation for why this is the recommended 
definition.
    26. Are any public officials prevented from receiving confidential 
UC information for their official duties? If yes, please explain why.

B. Permissible Disclosures

    Section 603.5 (What are the exceptions to the confidentiality 
requirement?) currently addresses the scenarios in which State UC 
agencies are permitted (but not required) to disclose confidential UC 
information. The Department is considering changing the structure of 
Sec.  603.5 to address permissible disclosures by the type of entity to 
which the disclosure would be made (for example, public officials, 
governmental entities, research institutions, private entities, program 
evaluators), rather than addressing individual categories of 
permissible disclosures.
    27. Would State UC agencies find it helpful for Sec.  603.5 to 
further clarify what it means for a disclosure to ``not interfere with 
the efficient administration of the State UC law'' (see introductory 
sentence of Sec.  603.5)? If so, what clarifications would be helpful?
    28. Have State UC agencies received requests for disclosure of 
confidential UC information (including specific elements of UC data) 
that do not fall within the existing permissible disclosure 
requirements but for which State UC agencies or other stakeholders 
believe State UC agencies should be able to disclose? If so:
    a. What are the nature of those disclosure requests and what 
entities are making the requests?
    b. What is the need, benefit, and estimated cost that would be 
associated with disclosure of confidential UC information to those 
entities?
Informed Consent Disclosures (Sec.  603.5(d)(2))
    29. How do State UC agencies currently implement their informed 
consent disclosure procedures? What are the parameters in which a State 
UC agency permits an informed consent disclosure to occur?
    30. Do State UC agencies require updated informed consent from 
claimants after a certain period of time? If yes:
    a. What is the period of time?
    b. How do State UC agencies effectuate these updates?
    c. Does the requirement to specify the period of time unnecessarily 
limit the utility of data obtained via disclosures by informed consent? 
If so, how?
Agents or Contractors of Public Officials (Sec.  603.5(f))
    31. For purposes of permissible disclosures of confidential UC data 
to public officials for the performance of their official duties, what 
are the typical industries of the agents or contractors (including, but 
not limited to, IT) that public officials hire to assist them in the 
performance of such duties? Are the agents or contractors using 
subcontractors to perform work for public officials?
    32. Are the agents or contractors of public officials redisclosing 
confidential UC information obtained on behalf of the public official 
in performance of the public official's duties? If so, under what 
circumstances and to what entities? Under what circumstances would 
public officials need to redisclose confidential UC information and to 
what entities?
    33. Are there any differences in how State law defines the terms 
``agent'' and ``contractor''? If so, what are the differences?
Bureau of Labor Statistics (BLS) Disclosures (Sec.  603.5(g))
    34. Current Sec.  603.5(g) specifies that permissible disclosures 
of confidential UC data to BLS for statistical purposes are not subject 
to the part 603 confidentiality regulations. Should information 
collected exclusively for statistical purposes under a cooperative 
agreement with BLS be subject to the requirements of 20 CFR part 603? 
Why or why not?
    35. What safeguards and limits on redisclosure should be in place 
for disclosures to BLS for statistical purposes?
Costs Associated With Permissible Disclosures
Costs for Disclosure Recipients
    36. What are the potential costs associated with an entity 
receiving confidential UC information under a new Sec.  603.5 
permissible disclosure if they have never received confidential UC 
information in the past (for example, costs of developing an agreement 
with the State UC agency, costs associated with ensuring required data 
security and safeguard requirements)?
Costs for State UC Agencies
    37. What is the average cost per disclosure request for permissible 
disclosures?
    38. How would an increased number of permissible disclosure 
requests impact a State UC agency's staff or infrastructure costs?
Direct Access
    In certain limited circumstances, some State UC agencies may allow 
recipients of confidential UC information direct access to certain 
components of the State UC databases. For example, State UC agencies 
may allow the State health and human services agency direct access to 
specific data in the State UC databases for the limited purposes of 
benefits eligibility determinations, reducing burden for claimants and 
improving payment accuracy for agencies. One example is when an 
individual applies for Supplemental Nutritional Assistance Program 
(SNAP) benefits, the State SNAP agency will need to verify an 
individual's income to determine SNAP benefit eligibility.
    39. Do State UC agencies permit ongoing or direct access to certain 
confidential UC data to certain entities outside of the State UC 
agency? If so:
    a. Which entities are permitted ongoing or direct access?
    b. How many direct access users have State UC agencies permitted?
    c. For how long do State UC agencies grant ongoing or direct 
access?
    40. What are the data risks associated with allowing continuous 
access to limited types of confidential UC data for certain permissible 
disclosures? What recommendations do you have for mitigating these data 
risks?
    41. What are the safeguards and security requirements that State UC 
agencies currently require for disclosure recipients who access 
confidential UC data via ongoing or direct access? Are there other 
safeguards or security parameters that should be considered?

C. Disclosures by the UC Agency for the Proper Administration of the 
State's UC Program

    Paragraph 603.6(a) specifies that the ``disclosure of all 
information necessary for the proper administration of the UC program'' 
in a State is currently exempt from the part 603 confidentiality 
requirements. The Department interprets section 303(a)(1) of the SSA's 
``methods of administration'' provision in 20 CFR part 603.4(b) to 
require both the disclosure of information necessary for the proper 
administration of the UC program and that entities that receive

[[Page 47834]]

confidential UC information must, to the extent possible, keep that 
information confidential. Since this provision was initially 
established in 2006, the functionality and contractual landscape of 
States' administration of State UC programs have changed extensively. 
The questions below attempt to explore if there is a need for clarity 
relating to disclosures by a State UC agency for the proper 
administration of the State's UC program.
    42. In the administration of the State's UC program, do State UC 
agencies disclose confidential UC information to anyone other than 
State employees (for example, vendors or non-merit staffed service 
providers) for the purpose of outsourcing activities such as 
collections, IT, and offsite data storage?
    43. In addition to the disclosures listed in the question 
immediately above, do State UC agencies disclose confidential UC 
information to any other entity under the authority of Sec.  603.6(a)?
    44. If the Department were to amend part 603 to specify safeguards, 
security requirements, and/or agreement requirements for Sec.  603.6(a) 
disclosures, how (if at all) would this impact the way in which State 
UC agencies (and/or their contractors) approach such disclosures or the 
cost of such disclosures?
    45. What data security safeguards and measures would you recommend 
for disclosures associated with the authority in Sec.  603.6(a)?
    46. Do State UC agencies require that a written, terminable 
agreement be in place before any disclosures under the authority of 
Sec.  603.6(a)?
    47. How many individual wage records are State UC agencies 
currently disclosing under the authority of Sec.  603.6(a) on an annual 
basis? How many individual wage records requests do State UC agencies 
receive on an annual basis?
    48. Do State UC agencies incur costs specifically associated with 
disclosures made under the authority of Sec.  603.6(a)? If so, please 
describe and quantify (if possible).

D. Required Disclosures

    Section 603.6 (What disclosures are required by this subpart?) 
currently addresses disclosures of confidential UC information that are 
required by Federal law. Specifically, Sec.  603.6(b) and (c) currently 
address required disclosures of confidential UC information.
    49. What are the potential impacts that would be associated with 
the Department specifying additional security, safeguards, or agreement 
requirements related to required disclosures or potential redisclosure 
to the entities for which disclosure is required under Sec.  603.6(b)?
    50. Do State UC agencies currently implement additional security, 
safeguards, or agreement requirements related to required disclosures 
or potential redisclosure?
    51. Which, if any, of the current requirements are burdensome for 
State UC agencies?
    52. What kind of inquiries do State UC agencies receive relating to 
required disclosures under Sec.  603.6(b)? How often does the State UC 
agency receive such inquiries?
    53. What clarifications could the Department make relating to Sec.  
603.6(b) required disclosures that could minimize State UC agency costs 
associated with fielding inquiries relating to required disclosures?
    54. For programs related to the impacts of trade agreements on the 
workforce system, are there currently any barriers encountered with 
regard to receiving disclosures of confidential UC information for 
program operation and utilization?
    55. Are the case management systems used by employees of States or 
local workforce development areas to administer the workforce-related 
programs provided by the State workforce agency? If not, are the 
workforce-related case management systems contracted individually by 
the local workforce development boards?
    56. Are the entities operating the workforce-related case 
management systems functioning as an agent or contractor of either the 
State or a local workforce development board?

E. Costs

    Section 603.8 enumerates the conditions under which State UC 
agencies may use Federal UC administrative grant funds to pay for the 
costs associated with making any disclosure of UC information.
    57. Are there any provisions in the current part 603 related to the 
payment of costs for which additional clarification or enumeration 
would be helpful?
    58. What is the average annual number of requests to disclose 
confidential UC information received and granted by a State UC agency?
    59. What is the minimum cost for a State UC agency to process a 
request to disclose confidential UC information? Please describe how 
any such minimum cost figures were derived.
    60. What is the average cost for a State UC agency to process a 
request to disclose confidential UC information? Please describe how 
any such average cost figures were derived.
    61. Do State UC agencies have information on the average cost per 
record for the agency to disclose an individual UC record? If so, what 
is the average cost per record for disclosure?
    62. When calculating an ``incidental amount of staff time'' and 
``nominal processing costs,'' what factors do State UC agencies take 
into consideration?
    63. Are there State laws (statute or regulations) that govern what 
State UC agencies must deem an ``incidental amount of staff time'' or 
``nominal processing costs'' under Sec.  603.8(b)? If so, please 
provide statutory or regulatory citations to such provisions.
    64. Would it be helpful if the Department defined explicitly a 
financial threshold above which would be considered ``more than an 
incidental amount of staff time'' under Sec.  603.8(b)? If yes, what 
should such a threshold be and why?
    65. Would it be helpful if the Department defined explicitly a 
financial threshold above which would be considered more than ``nominal 
processing costs'' under Sec.  603.8(b)? If yes, what should such a 
threshold be and why?
    66. Would a part 603 specification of a threshold of ``incidental 
amount of staff time'' or ``nominal processing costs'' impact the 
number of requests for disclosure of confidential UC information that a 
State UC agency receives annually? If so, how?
    67. To the extent that a State UC agency deems a disclosure to 
require more than ``an incidental amount of staff time'' and ``nominal 
processing costs'' and, therefore, to not be payable with Federal UC 
administrative grant funds, under what circumstances does the State UC 
agency pay for such costs versus requiring the disclosure recipient to 
pay the State for the above incidental costs of disclosure?
    68. How many disclosure requests are denied or declined because 
disclosure recipients are not willing to reimburse the State for the 
costs of disclosure?
    69. The regulation at Sec.  603.8(d) currently provides that 
``[t]he requirement of payment of costs is met when a State UC agency 
has in place a reciprocal cost agreement or arrangement with the 
recipient.'' Would it be helpful if the Department clarified what 
constitutes a reciprocal benefit? If so, how and why?
    70. Are State UC agencies making disclosures of confidential UC 
information that they deem to have a reciprocal benefit with the 
recipient and thus the costs are incurred by the State's

[[Page 47835]]

Federal UC administrative grant? If so, what is the nature of such 
disclosures?
    71. What percentage of State UC agency disclosures of confidential 
UC information currently involve a reciprocal benefit?

F. Safeguards and Security

    Section 603.9 specifies the safeguards and security requirements 
that a State or State UC agency must require of a recipient of 
confidential UC information to protect the information disclosed 
against unauthorized access or redisclosure. This section also requires 
that the State or State UC agency must subject the recipient to 
penalties provided by State law for unauthorized disclosure of 
confidential UC information (Sec.  603.9(a)).
    72. Should the Department modify any of the safeguards and security 
requirements enumerated in Sec.  603.9(b) and (c) related to 
disclosures of confidential UC information? If so, how and why?
    73. Beyond the safeguards and security requirements enumerated in 
Sec.  603.9(b) and (c), are there any additional safeguards or security 
requirements that the Department should require a State UC agency to 
impose on a recipient of confidential UC information? If so, what 
requirements should be added and why? Are there requirements that are 
outdated or overly burdensome?
Safeguards Required of Recipients (Sec.  603.9(b))
    74. Do State UC agencies currently require that recipients of 
confidential UC information store data in a specific way? If yes:
    a. Are these requirements enumerated in State statute, regulations, 
or State policy? If so, please explain.
    b. For what types of disclosures do State UC agencies impose 
requirements relating to storage of data by recipients of confidential 
UC information?
    c. What requirements do you recommend the Department impose 
relating to data storage? For example, do you recommend requirements 
related to on-site data storage, cloud storage, centralized data 
storage with segregated confidential data, or some combination of these 
approaches?
    75. What is the maximum amount of time that State UC agencies allow 
recipients of confidential UC information to retain or store data? 
Should the Department specify a length of time that a recipient may 
retain confidential UC information? If yes, what is an appropriate 
length of time and why? Would this create additional burden for States 
or recipients of this data?
    76. Should the Department restrict or limit whether or how a 
recipient of confidential UC information may use that information for a 
purpose other than those specifically outlined in the Sec.  603.10 
disclosure agreement? Why or why not?
    77. Should the Department specify how a recipient of confidential 
UC information must dispose of (i.e., return or destroy) the 
information once the purpose of the disclosure is served (i.e., 
fulfilled or completed)? If yes, what should constitute sufficiently 
secure disposal of confidential UC information?
    78. When should the purpose of a disclosure of confidential UC 
information be considered served (i.e., fulfilled or completed)?
    79. Should the Department require State UC agencies to conduct 
audits or inspections of recipients of confidential UC information to 
ensure that the requirements of the State's law and the disclosure 
agreement are being met? If no, why not? If yes:
    a. Should the Department specify how a State UC agency must audit 
or inspect recipients of confidential UC information to ensure that the 
requirements of the State's law and the disclosure agreement are being 
met?
    b. What should be the frequency and conditions of such audits or 
inspections?
    80. If the Department were to specify changes to safeguards or 
security requirements that State UC agencies must impose on recipients 
of confidential UC information, how would revised safeguard 
requirements impact current or future recipients of confidential UC 
information? How would revised safeguard requirements impact the costs 
to State UC agencies or recipients of confidential UC information? 
Examples of changes to safeguard requirements may include the length of 
time that confidential UC information may be retained, restrictions on 
whether the recipient can redisclose or use data for a purpose other 
than that specifically outlined in the agreement, provisions governing 
disposal of data, auditing/inspection by the State UC agency.
Redisclosure (Sec.  603.9(c))
    81. Should a recipient of confidential UC information be permitted 
to redisclose the information to an entity not specifically named in 
the Sec.  603.10 disclosure agreement? If so, under what conditions?
    82. Have State UC agencies encountered challenges relating to 
requests involving a redisclosure by a public official to an agent or 
contractor of the public official? If so, please describe.
    83. How often are such redisclosures (to an agent or contractor) 
sought by public officials?
    84. Should public officials requesting confidential UC information 
continue to be held accountable for the actions of their agents or 
contractors? Why or why not?
    85. What is the average cost or time burden associated with 
redisclosures of confidential UC information?
    86. Should the recipient of redisclosed confidential UC information 
be permitted to further disclose to another entity for an additional 
purpose? If yes, what restrictions, if any, should apply?
Data Storage
    The questions below are intended to address how State UC agencies 
currently store confidential UC information to administer the State's 
UC law.
    87. Do State UC agencies use State-owned or -administered IT 
systems or non-State owned or -administered IT systems to store 
confidential UC information? Do you have recommendations for the system 
a State UC agency should use? Does the use of State-owned or -
administered IT systems or non-State owned or -administered IT systems 
complicate or improve any issues associated with confidential UC data 
storage?
    88. Do State UC agencies use cloud storage to store confidential UC 
information? Does cloud infrastructure complicate or improve any issues 
associated with confidential UC data storage?
    89. If State UC agencies store confidential State UC data on a 
system that is not State-owned or -administered, please provide a 
general description of the system and the State UC agency's contractual 
relationship with the vendor(s) or service provider(s).
    90. Have there been data breaches or attempted data breaches 
associated with confidential UC information stored on State-owned and -
administered IT systems? Have there been data breaches associated with 
confidential UC information stored on non-State owned or -administered 
IT systems? If so, what is the average annual number of data breaches 
or attempted data breaches associated with disclosure of confidential 
UC information?
    91. If the Department were to specify security requirements around 
State UC agency use of State-owned and

[[Page 47836]]

-administered IT systems or non-State-owned and -administered IT 
systems, how would this impact State UC agencies, if at all? What are 
the anticipated impacts of any changes that State UC agencies would 
need to make that they were not already planning?
    The questions below are intended to address how State UC agencies 
may make confidential UC information available to third-party vendors 
or other data warehousing providers for purposes other than 
administering the State's UC law (for example, State longitudinal data 
systems).
    92. What types of arrangements do State UC agencies have with 
contractors to store confidential UC information in data warehouses or 
other offsite storage?
    a. What are the entities with which State UC agencies contract for 
such services?
    b. Provide a general description of the data warehouses or offsite 
data storage utilized by State UC agencies.
    c. What data security and safeguard requirements would you 
recommend State UC agencies require of such third-party entities for 
offsite storage?
    d. How, if at all, do arrangements with data warehouses or offsite 
storage ensure confidential UC information is not comingled with other 
data?
    e. How, if at all (not including specific security measures 
currently in use), do such arrangements with third-party data storage 
entities address data breach risks?
    93. Where State UC agencies have data storage relationships with 
third parties, does the third-party data storage entity administer or 
run disclosure queries on behalf of the State UC agency? If so:
    a. Are there costs associated with such data storage relationships? 
If so, what is the source of the funds used to pay for those costs?
    b. What types of disclosures of confidential UC information does 
the third-party data storage entity administer and for what purposes?
    c. What is the role of the State UC agency in processing or 
responding to requests for confidential UC information via the third-
party data storage entity? E
    94. Have there been data breaches or attempted data breaches 
associated with confidential UC information stored with third-party 
data storage entities? If so, what is the average annual number of data 
breaches or attempted data breaches associated with disclosure of 
confidential UC information when a third-party data storage entity is 
involved?

G. Agreements

    Section 603.10 enumerates the requirements associated with the 
written, enforceable, terminable agreement that a State UC agency must 
enter into with agencies or entities requesting disclosure of 
confidential UC information.
    95. How many active confidential UC information disclosure 
agreements does your State UC agency currently have in effect?
    96. On average, how many active confidential UC information 
disclosure agreements do State UC agencies have in effect each year?
    97. On average, how many new confidential UC information disclosure 
agreements do State UC agencies execute each year?
    98. Do State UC agencies always require an agreement to be in place 
before disclosing confidential UC information? For what disclosures (if 
any) do State UC agencies not require an agreement?
    99. Do States have standardized minimum requirements for all 
confidential UC information disclosure agreements (for example, a 
template is utilized as the starting point for all disclosure 
agreements)? If so, what language is included in the template? Would it 
be helpful if the Department provided such a template?
    100. For State UC agencies:
    a. What is the process associated with executing a new confidential 
UC information disclosure agreement with disclosure recipients? For 
example, how much unique language must be developed?
    b. What types of State agency staff (including State agency 
attorneys) are involved in the drafting, review, and approval 
processes?
    c. What is the average time burden or cost associated with 
executing a new confidential UC information disclosure agreement with 
disclosure recipients?
    d. What is the average time burden or cost associated with 
modifying an existing confidential UC information disclosure agreement?
    101. For confidential UC data recipients:
    a. What is the process associated with executing a new confidential 
UC information disclosure agreement with the State UC agency? For 
example, how much unique language must be developed?
    b. What types of staff or attorneys are involved in the drafting, 
review, and approval processes?
    c. What is the average time burden or cost associated with 
executing a new confidential UC information disclosure agreement with 
the State UC agency? Does the time burden or cost prevent potential 
recipients from pursuing access?
    d. What is the average time burden or cost associated with 
modifying an existing confidential UC information disclosure agreement? 
Does the time burden or cost prevent participants from pursuing 
modifications?
    102. How are State UC agencies currently ensuring compliance with 
disclosure agreements? What proportion of confidential UC information 
disclosure agreements do State UC agencies actively monitor for 
compliance?
    103. What is the average annual cost associated with monitoring for 
compliance?

H. Notifications to Claimants and Employers

    Section 603.11 requires State UC agencies to periodically notify UC 
claimants that their confidential UC data may be requested and utilized 
for other governmental purposes (Sec.  603.11(a)). States also must 
notify every employer subject to the State's UC law that wage 
information and other confidential UC information may be utilized for 
other governmental purposes (Sec.  603.11(b)).
    104. How do State UC agencies currently provide Sec.  603.11 
required notifications?
    105. Do States or other stakeholders believe the notification 
requirements in Sec.  603.11 are sufficient or burdensome, or should 
additional notifications to claimants and employers be required? If so, 
please describe.
    106. Do States or other stakeholders believe that, to the extent 
notifications currently provided do not currently include references to 
data transfers or third-party storage, notifications should include 
references to data transfers and third-party storage? Why or why not?
    107. How would any changes to Sec.  603.11 notification 
requirements impact the time burden or costs to State UC agencies 
associated with notification requirements?

I. State Implementation of Part 603 Changes

    108. What types of changes to part 603 would require a State to 
amend its existing State law (statutory or regulatory provisions)? What 
specific State laws or regulations might require changes if the 
Department revises part 603 requirements?
    109. If the Department's part 603 regulatory changes would require 
a State to amend its existing State law (statutory or regulatory 
provisions),

[[Page 47837]]

what is the timeline that the Department should consider for a State to 
make such changes?

J. Federal UC Program Oversight and Audits

    The regulation currently requires State UC agencies to share 
confidential UC information with OIG for investigative purposes and 
permits disclosure of confidential UC information to OIG for the 
purposes of UC program oversight and audits. ETA is considering 
requiring States to disclose confidential UC information to OIG at 
regular intervals, as described in questions 42-44 above. In recent 
years, OIG has made requests for access to State confidential UC 
information to assist with its oversight and audits of the UC program. 
In response to these requests, ETA issued Training and Employment 
Notice (TEN) No. 05-22, which reminds States of OIG's authority under 
the Inspector General Act (IG Act) to access information necessary for 
carrying out its duties and responsibilities under the IG Act and 
strongly encourages States to comply with data requests made by OIG. As 
noted, providing the requested data to OIG does not conflict with 
Federal regulations regarding the permissibility of disclosing 
confidential UC information for the purposes of UC program oversight 
and audits.
    110. Are there currently any impediments to OIG getting access to 
confidential UC information for the purposes of UC program oversight 
and audits? This can include statutory, logistical, operational, 
financial, or any other impediments.
    111. Should there be revisions to the regulation to explicitly 
address that written agreements are not required for disclosure to OIG, 
consistent with current guidance? If so, please explain why.
    112. What, if any, safeguards should be in place for disclosures to 
OIG for purposes of UC program oversight and audits?
    113. Under the current part 603, State UC agencies are permitted to 
disclose confidential UC information of the purposes of UC program 
oversight and audits. If State UC agencies were required to disclose 
confidential UC information to OIG for purposes of UC program oversight 
and audits, are there any considerations that the Department should be 
aware of? If so, please describe.
    114. If the Department were to specify safeguards, security 
requirements, or agreement requirements associated with disclosure of 
confidential UC information to OIG for purposes of UC program oversight 
and audits, would there be any time burdens or other costs incurred by 
State UC agencies?
    115. How often do States receive OIG requests for confidential UC 
information for purposes of UC program oversight and audits?

K. Miscellaneous

    116. Are you aware of any access concerns related to State UC 
agency staff participation in Federal UC program oversight and audits 
(for example, participation in Benefit Accuracy Measurement, Benefits 
Timeliness and Quality, or other Federal reviews)? If so, please 
describe the concerns.
    117. Are there any methods that the Department could utilize to 
quantify the reduction in risk associated with enhanced protections for 
confidential UC information?
    118. When disclosing confidential UC information, do State UC 
agencies have established protocols for masking/suppressing data to 
comply with part 603? If so, please generally describe.
    119. To the extent that established protocols for masking/
suppressing confidential UC data exist, are there methods the 
Department should consider to ease burden on State UC agencies while 
still protecting the underlying confidential UC information?
    120. Are there industry-accepted best practices for suppressing or 
masking confidential UC information?
    121. If the Department revises part 603, what penalties might State 
UC agencies incur associated with existing contracts?

VI. Conclusion

    The Department invites interested parties to submit comments, 
information, data, and supporting materials based on the questions 
provided in this RFI. The Department has provided the list of questions 
above as a framework for the scope of this RFI and invites any 
submission from interested stakeholders that addresses some or all of 
these questions or provides other useful information in addition to 
responses to these questions for the Department's consideration.

Brent Parton,
Acting Assistant Secretary for Employment and Training, Labor.
[FR Doc. 2023-15631 Filed 7-24-23; 8:45 am]
BILLING CODE 4510-FW-P