Privacy Act of 1974; Amended System of Records
Federal Register, Volume 81 Issue 213 (Thursday, November 3, 2016)
Federal Register Volume 81, Number 213 (Thursday, November 3, 2016)
Notices
Pages 76554-76557
From the Federal Register Online via the Government Publishing Office www.gpo.gov
FR Doc No: 2016-26517
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
Docket No. 160323279-6279-01
Privacy Act of 1974; Amended System of Records
AGENCY: U.S. Census Bureau, U.S. Department of Commerce.
ACTION: Notice of Amendment, Privacy Act System of Records; COMMERCE/
CENSUS-8, Statistical Administrative Records System.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, as amended, Title 5 United States Code (U.S.C.) 552a(e)(4) and (11); and Office of Management and Budget (OMB) Circular A-130, Appendix I, ``Federal Agency Responsibilities for Maintaining Records About Individuals,'' the Department of Commerce (Department) is issuing notice of intent to amend the system of records under COMMERCE/CENSUS-8, Statistical Administrative Records System, to update information concerning the location of the system of records, the categories of individuals and categories of records covered by the system, the policies and practices for retention, disposal, and safeguarding the system of records, the storage, the system manager and address, the notification procedures, the records source categories; and other minor administrative updates. Accordingly, the COMMERCE/CENSUS-8, Statistical Administrative Records System notice published in the Federal Register on October 27, 2010 (66 FR 3202), is amended as below. We invite public comment on the system amendment announced in this publication.
DATES: To be considered, written comments must be submitted on or before December 5, 2016. Unless comments are received, the amended system of records will become effective as proposed on December 13, 2016. If comments are received, the Department will publish a subsequent notice in the Federal Register within 10 days after the comment period closes, stating that the current system of records will remain in effect until publication of a final action in the Federal Register.
Page 76555
ADDRESSES: Please address comments to: Chief, Privacy Compliance Branch, Policy Coordination Office, Room HQ--8H021, U.S. Census Bureau, Washington, DC 20233-3700.
FOR FURTHER INFORMATION CONTACT: Chief, Privacy Compliance Branch, Policy Coordination Office, Room HQ--8H021, U.S. Census Bureau, Washington, DC 20233-3700.
SUPPLEMENTARY INFORMATION: This update makes eight program-related changes. The first of eight proposed changes revises the location of the system to account for records maintained by the Federal Risk and Authorization Management Program (FEDRAMP)-approved cloud service provider. The second of eight proposed changes to program-related provisions updates the categories of individuals to include individuals from territories of the United States. The third proposed change updates the categories of records and clarifies the three types of record components maintained in the system. The fourth change updates the system manager and address to reflect the Census Bureau's reorganization. The fifth change updates the notification procedure to reflect that records maintained for statistical purposes are exempt from notification. The sixth change updates the policies and practices for the retention, disposal, and safeguarding the records in the system. The seventh change updates the storage element in the system of records notice (SORN) to address the storage of paper copies, magnetic media, and to include storage by a cloud service provider. The eighth change updates the source of the records to more accurately reflect the entities from which the information may be obtained. Additionally, the amendment provides other minor administrative updates. The entire resulting system of records notice, as amended, appears below.
COMMERCE/CENSUS-8
System Name:
Statistical Administrative Records System.
Security Classification:
None.
System Location:
Bowie Computer Center, Bureau of the Census, 17101 Melford Blvd., Bowie, Maryland 20715; and at a FEDRAMP-approved cloud services facility.
Categories of Individuals Covered by the System:
This system covers the population of the United States and territories. In order to approximate coverage of the population in support of its statistical programs, the Census Bureau will acquire administrative record files from agencies such as the Departments of Agriculture, Education, Health and Human Services, Homeland Security, Housing and Urban Development, Labor, Treasury, Veterans Affairs, the Office of Personnel Management, the Social Security Administration, the Selective Service System, and the U.S. Postal Service. Comparable data may also be sought from state agencies and commercial sources and Web sites.
Categories of Records in the System:
Records in this system of records are organized into three components:
The first category contains records with personal identifiers (names and Social Security Numbers (SSNs)), with access restricted to a limited number of sworn Census Bureau staff. These records are only used for a brief period of time while the personal identifiers are replaced with unique non-identifying codes. In a controlled Information Technology (IT) environment, the identifying information (SSN) contained in source files is removed and replaced with unique non-identifying codes. The Census Bureau does not collect SSNs in Title 13 surveys or censuses. Title 13, Section 6, authorizes the Census Bureau to acquire information from other federal departments and agencies and for the acquisition of reports of other governmental or private sources. Data acquired by the Census Bureau to meet this directive may include direct identifiers such as name, address, date of birth, driver's license number, and SSN. The direct identifiers are used to identify duplicate lists and link across multiple sources.
The Census Bureau has developed software to standardize and validate incoming person records to assign a unique Census Bureau linkage identifier. This identifier, called the Protected Identification Key (PIK), is retained on files so that SSNs can be removed. This process occurs through the Person Identification Validation System (PVS). The PVS software processes direct identifiers from input files. Census Bureau staff use the person linkage keys to merge files when conducting approved research and operations activities. The software is also used to facilitate record linkage for Census Bureau research partners within the Federal Statistical System. Through legal agreements, linkage keys may be created by the Census Bureau for other Federal Statistical Agencies to produce statistics. The PVS system does not append additional identifying information, only a unique identifier to facilitate record linkage.
The second category contains records that are maintained on unique data sets that are extracted or combined on an as-needed basis in approved projects. Records are extracted or combined as needed using the unique non-identifying codes, not by name or SSN, to prepare numerous statistical products. These records may contain information such as: Demographic information--date of birth, sex, race, ethnicity, household and family characteristics, education, marital status, tribal affiliation, and veteran's status, etc.; Geographical information--
address and geographic codes, etc.; Mortality information--cause of death and hospitalization information; Health information--type of provider, services provided, cost of services, and quality indicators, etc.; Economic information--housing characteristics, income, occupation, employment and unemployment information, health insurance coverage, Federal and State program participation, assets, and wealth.
The third category contains two types of records that use name data for specific research activities. The Census Bureau has policies and procedures to review and control name data from administrative records providers and third party sources. This category refers to name data used to plan contact operations for surveys and censuses and for research on names. The first type of records includes Respondent contact information--name (or username), address, telephone number (both landline and cell phone number), and email address or equivalent. The second type of records includes name data used to set Demographic Characteristics Flags--names are compared to lookup tables and used in models to assign sex and ethnicity. Records in this category are maintained on unique data sets that are extracted or combined on an as-needed basis using the unique non-identifying codes that replaced the SSNs, but with some name information retained.
Authorities for Maintenance of the System:
Title 13 U.S.C. 6.
Purpose(s):
This system of records supports the Census Bureau's core mission of producing economic and demographic statistics. To accomplish this mission the Census Bureau is directed to acquire information from public and private sources to ensure the efficient and economical conduct of its censuses and
Page 76556
surveys by using that information instead of conducting direct inquiries. To provide the information on which the American public, businesses, policymakers, and analysts rely, the Statistical Administrative Records System efficiently re-uses data from external sources, thereby eliminating the need to collect information again. Therefore, the purpose of this system is to centralize and control the use of personally identifiable information by providing a secure repository that supports statistical operations. The system removes SSNs contained in source files and replaces them with unique non-
identifying codes called Protected Identification Keys (PIKs) prior to use by other Census Bureau operating units. Census Bureau staff use the PIK to merge files to conduct approved research projects. Through legal agreements documenting permitted uses of the external data, linked files may be created to produce statistics. By combining survey and census data with administrative record data from other agencies, and data procured from commercial sources, the Census Bureau will improve the quality and usefulness of its statistics and reduce the respondent burden associated with direct data collection efforts. The system will also be used to plan, evaluate, and enhance survey and census operations; improve questionnaire design and selected survey data products; and produce research and statistical products such as estimates of the demographic, social, and economic characteristics of the population.
Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:
None. The Statistical Administrative Records System will be used only for statistical purposes. No disclosures which permit the identification of individual respondents, and no determinations affecting individual respondents will be made.
Disclosure to Consumer Reporting Agencies:
None.
Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System:
Storage:
Records will be stored in a secure computerized system and on magnetic media; output data will be electronic. Magnetic media will be stored in a secure area within a locked drawer or cabinet. Source data sets containing personal identifiers will be maintained in a secure restricted-access IT environment. Records may also be stored by or at a secure FEDRAMP-approved cloud service provider or facility.
Retrievability:
Staff producing statistical products will have access only to data sets from which SSNs have been deleted and replaced by unique non-
identifying codes internal to the Census Bureau. Only a limited number of sworn Census Bureau staff, who work within a secure restricted-
access environment, will be permitted to retrieve records containing direct identifiers (such as name or SSN).
Safeguards:
The Census Bureau is committed to respecting respondent privacy and protecting confidentiality. Through the Data Stewardship Program, we have implemented management, operational, and technical controls and practices to ensure high-level data protection to respondents of our censuses and surveys.
An unauthorized browsing policy protects respondent information from casual or inappropriate use by any person with access to Title 13 protected data.
All Census Bureau employees, persons with special sworn status, as well as employees of FEDRAMP-approved cloud services who may have incidental access to Title 13 protected data, are subject to the restrictions, penalties, and prohibitions of 13 U.S.C. 9 and 214 as modified by Title 18 U.S.C. 3551, et. seq.; the Privacy Act of 1974 (5 U.S.C. 552a(b)(4); 18 U.S.C. 1905; 26 U.S.C. 7213, 7213A, and 7431; and 42 U.S.C. 1306.
All Census Bureau employees and persons with special sworn status will be regularly advised of regulations issued pursuant to Title 13 governing the confidentiality of the data, and will be required to complete an annual Data Stewardship Awareness training and those who have access to Federal Tax Information data will be regularly advised of regulations issued pursuant to Title 26 governing the confidentiality of the data, and will be required to complete an annual Title 26 awareness program. The restricted-access IT environment has been established to limit the number of Census Bureau staff with direct access to the personal identifiers in this system to protect the confidentiality of the data and to prevent unauthorized use or access. These safeguards provide a level and scope of security that meet the level and scope of security established by OMB Circular No. A-130, Appendix III, Security of Federal Automated Information Resources.
All Census Bureau and FEDRAMP-approved computer systems that maintain sensitive information are in compliance with the Federal Information Security Management Act, which includes auditing and controls over access to restricted data.
The use of unsecured telecommunications to transmit individually identifiable information is prohibited.
Paper copies that contain sensitive information are stored in secure facilities in a locked drawer or file cabinet behind a closed door.
Each requested use of the data covered in this SORN will be reviewed by an in-house Project Review Board to ensure that data relating to the project will be used only for authorized purposes. All uses of the data are solely for statistical purposes, which by definition means that uses will not directly affect benefits or enforcement actions for any individual. Only when the Project Review Board has approved a project, will access to information from one or more of the source data sets occur. Data from external sources in approved projects will not be made publicly available.
Any publications based on the Statistical Administrative Records System will be cleared for release under the direction of the Census Bureau's Disclosure Review Board, which will confirm that all the required disclosure protection procedures have been implemented. No information will be released that identifies any individual.
Retention and Disposal:
Records are to be retained in accordance with General Records Schedule GRS 4.3, and the Census Bureau's records control schedule DAA-
0029-2014-0005, Records of the Center for Administrative Records Research and Applications, which are approved by the National Archives and Records Administration (NARA). Records are also retained in accordance with agreements developed with sponsoring agencies or source entities. Federal tax information administrative record data will be retained and disposed of in accordance with Publication 1075, Tax information Security Guidelines for Federal, State, and Local Agencies and Entities. The Census Bureau issues an Annual Safeguard Security Report that includes information on the retention and disposal of federal tax information. Pursuant to IRS regulation, Title 26 U.S.C. 6103(p)(4)(F)(ii), data cannot be transferred to NARA.
Page 76557
System Manager and Address:
Associate Director for Research and Methodology, U.S. Census Bureau, 4600 Silver Hill Road, Washington, DC 20233-8000.
Notification Procedure:
None.
Record Access Procedures:
None.
Contesting Record Procedures:
None.
Record Source Categories:
Individuals and addresses covered by selected administrative record systems and Census Bureau censuses and surveys including current demographic and economic surveys, quinquennial Economic Censuses, and decennial Censuses of Population and Housing. Additionally, the Census Bureau will also acquire administrative record files from agencies such as the Departments of Agriculture, Education, Health and Human Services, Homeland Security, Housing and Urban Development, Labor, Treasury, Veterans Affairs, the Office of Personnel Management, the Social Security Administration, the Selective Service System, and the U.S. Postal Service, etc. Comparable data may also be sought from state agencies, commercial sources, and Web sites.
Exemptions Claimed for System:
Pursuant to 5 U.S.C. 552a(k)(4), this system of records is exempted from the notification, access, and contest requirements of the agency procedures (under 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f)). This exemption is applicable as the data are maintained by the Census Bureau solely as statistical records, as required under Title 13, and are not used in whole or in part in making any determination about an identifiable individual. This exemption is made in accordance with the Department's rules which appear in 15 CFR part 4 Subpart B published in this Federal Register.
Michael J. Toland,
Department of Commerce, Deputy Chief FOIA Officer, Department Privacy Act Officer.
FR Doc. 2016-26517 Filed 11-2-16; 8:45 am
BILLING CODE 3510-07-P
