[Federal Register Volume 81, Number 213 (Thursday, November 3, 2016)]
[Notices]
[Pages 76554-76557]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-26517]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

[Docket No. 160323279-6279-01]


Privacy Act of 1974; Amended System of Records

AGENCY: U.S. Census Bureau, U.S. Department of Commerce.

ACTION: Notice of Amendment, Privacy Act System of Records; COMMERCE/
CENSUS-8, Statistical Administrative Records System.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended, Title 
5 United States Code (U.S.C.) 552a(e)(4) and (11); and Office of 
Management and Budget (OMB) Circular A-130, Appendix I, ``Federal 
Agency Responsibilities for Maintaining Records About Individuals,'' 
the Department of Commerce (Department) is issuing notice of intent to 
amend the system of records under COMMERCE/CENSUS-8, Statistical 
Administrative Records System, to update information concerning the 
location of the system of records, the categories of individuals and 
categories of records covered by the system, the policies and practices 
for retention, disposal, and safeguarding the system of records, the 
storage, the system manager and address, the notification procedures, 
the records source categories; and other minor administrative updates. 
Accordingly, the COMMERCE/CENSUS-8, Statistical Administrative Records 
System notice published in the Federal Register on October 27, 2010 (66 
FR 3202), is amended as below. We invite public comment on the system 
amendment announced in this publication.

DATES: To be considered, written comments must be submitted on or 
before December 5, 2016. Unless comments are received, the amended 
system of records will become effective as proposed on December 13, 
2016. If comments are received, the Department will publish a 
subsequent notice in the Federal Register within 10 days after the 
comment period closes, stating that the current system of records will 
remain in effect until publication of a final action in the Federal 
Register.

[[Page 76555]]


ADDRESSES: Please address comments to: Chief, Privacy Compliance 
Branch, Policy Coordination Office, Room HQ--8H021, U.S. Census Bureau, 
Washington, DC 20233-3700.

FOR FURTHER INFORMATION CONTACT: Chief, Privacy Compliance Branch, 
Policy Coordination Office, Room HQ--8H021, U.S. Census Bureau, 
Washington, DC 20233-3700.

SUPPLEMENTARY INFORMATION: This update makes eight program-related 
changes. The first of eight proposed changes revises the location of 
the system to account for records maintained by the Federal Risk and 
Authorization Management Program (FEDRAMP)-approved cloud service 
provider. The second of eight proposed changes to program-related 
provisions updates the categories of individuals to include individuals 
from territories of the United States. The third proposed change 
updates the categories of records and clarifies the three types of 
record components maintained in the system. The fourth change updates 
the system manager and address to reflect the Census Bureau's 
reorganization. The fifth change updates the notification procedure to 
reflect that records maintained for statistical purposes are exempt 
from notification. The sixth change updates the policies and practices 
for the retention, disposal, and safeguarding the records in the 
system. The seventh change updates the storage element in the system of 
records notice (SORN) to address the storage of paper copies, magnetic 
media, and to include storage by a cloud service provider. The eighth 
change updates the source of the records to more accurately reflect the 
entities from which the information may be obtained. Additionally, the 
amendment provides other minor administrative updates. The entire 
resulting system of records notice, as amended, appears below.
COMMERCE/CENSUS-8

System Name:
    Statistical Administrative Records System.

Security Classification:
    None.

System Location:
    Bowie Computer Center, Bureau of the Census, 17101 Melford Blvd., 
Bowie, Maryland 20715; and at a FEDRAMP-approved cloud services 
facility.

Categories of Individuals Covered by the System:
    This system covers the population of the United States and 
territories. In order to approximate coverage of the population in 
support of its statistical programs, the Census Bureau will acquire 
administrative record files from agencies such as the Departments of 
Agriculture, Education, Health and Human Services, Homeland Security, 
Housing and Urban Development, Labor, Treasury, Veterans Affairs, the 
Office of Personnel Management, the Social Security Administration, the 
Selective Service System, and the U.S. Postal Service. Comparable data 
may also be sought from state agencies and commercial sources and Web 
sites.

Categories of Records in the System:
    Records in this system of records are organized into three 
components:
     The first category contains records with personal 
identifiers (names and Social Security Numbers (SSNs)), with access 
restricted to a limited number of sworn Census Bureau staff. These 
records are only used for a brief period of time while the personal 
identifiers are replaced with unique non-identifying codes. In a 
controlled Information Technology (IT) environment, the identifying 
information (SSN) contained in source files is removed and replaced 
with unique non-identifying codes. The Census Bureau does not collect 
SSNs in Title 13 surveys or censuses. Title 13, Section 6, authorizes 
the Census Bureau to acquire information from other federal departments 
and agencies and for the acquisition of reports of other governmental 
or private sources. Data acquired by the Census Bureau to meet this 
directive may include direct identifiers such as name, address, date of 
birth, driver's license number, and SSN. The direct identifiers are 
used to identify duplicate lists and link across multiple sources.
     The Census Bureau has developed software to standardize 
and validate incoming person records to assign a unique Census Bureau 
linkage identifier. This identifier, called the Protected 
Identification Key (PIK), is retained on files so that SSNs can be 
removed. This process occurs through the Person Identification 
Validation System (PVS). The PVS software processes direct identifiers 
from input files. Census Bureau staff use the person linkage keys to 
merge files when conducting approved research and operations 
activities. The software is also used to facilitate record linkage for 
Census Bureau research partners within the Federal Statistical System. 
Through legal agreements, linkage keys may be created by the Census 
Bureau for other Federal Statistical Agencies to produce statistics. 
The PVS system does not append additional identifying information, only 
a unique identifier to facilitate record linkage.
     The second category contains records that are maintained 
on unique data sets that are extracted or combined on an as-needed 
basis in approved projects. Records are extracted or combined as needed 
using the unique non-identifying codes, not by name or SSN, to prepare 
numerous statistical products. These records may contain information 
such as: Demographic information--date of birth, sex, race, ethnicity, 
household and family characteristics, education, marital status, tribal 
affiliation, and veteran's status, etc.; Geographical information--
address and geographic codes, etc.; Mortality information--cause of 
death and hospitalization information; Health information--type of 
provider, services provided, cost of services, and quality indicators, 
etc.; Economic information--housing characteristics, income, 
occupation, employment and unemployment information, health insurance 
coverage, Federal and State program participation, assets, and wealth.
     The third category contains two types of records that use 
name data for specific research activities. The Census Bureau has 
policies and procedures to review and control name data from 
administrative records providers and third party sources. This category 
refers to name data used to plan contact operations for surveys and 
censuses and for research on names. The first type of records includes 
Respondent contact information--name (or username), address, telephone 
number (both landline and cell phone number), and email address or 
equivalent. The second type of records includes name data used to set 
Demographic Characteristics Flags--names are compared to lookup tables 
and used in models to assign sex and ethnicity. Records in this 
category are maintained on unique data sets that are extracted or 
combined on an as-needed basis using the unique non-identifying codes 
that replaced the SSNs, but with some name information retained.

Authorities for Maintenance of the System:
    Title 13 U.S.C. 6.

Purpose(s):
    This system of records supports the Census Bureau's core mission of 
producing economic and demographic statistics. To accomplish this 
mission the Census Bureau is directed to acquire information from 
public and private sources to ensure the efficient and economical 
conduct of its censuses and

[[Page 76556]]

surveys by using that information instead of conducting direct 
inquiries. To provide the information on which the American public, 
businesses, policymakers, and analysts rely, the Statistical 
Administrative Records System efficiently re-uses data from external 
sources, thereby eliminating the need to collect information again. 
Therefore, the purpose of this system is to centralize and control the 
use of personally identifiable information by providing a secure 
repository that supports statistical operations. The system removes 
SSNs contained in source files and replaces them with unique non-
identifying codes called Protected Identification Keys (PIKs) prior to 
use by other Census Bureau operating units. Census Bureau staff use the 
PIK to merge files to conduct approved research projects. Through legal 
agreements documenting permitted uses of the external data, linked 
files may be created to produce statistics. By combining survey and 
census data with administrative record data from other agencies, and 
data procured from commercial sources, the Census Bureau will improve 
the quality and usefulness of its statistics and reduce the respondent 
burden associated with direct data collection efforts. The system will 
also be used to plan, evaluate, and enhance survey and census 
operations; improve questionnaire design and selected survey data 
products; and produce research and statistical products such as 
estimates of the demographic, social, and economic characteristics of 
the population.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and the Purposes of Such Uses:
    None. The Statistical Administrative Records System will be used 
only for statistical purposes. No disclosures which permit the 
identification of individual respondents, and no determinations 
affecting individual respondents will be made.

Disclosure to Consumer Reporting Agencies:
    None.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, 
and Disposing of Records in the System:
Storage:
    Records will be stored in a secure computerized system and on 
magnetic media; output data will be electronic. Magnetic media will be 
stored in a secure area within a locked drawer or cabinet. Source data 
sets containing personal identifiers will be maintained in a secure 
restricted-access IT environment. Records may also be stored by or at a 
secure FEDRAMP-approved cloud service provider or facility.

Retrievability:
    Staff producing statistical products will have access only to data 
sets from which SSNs have been deleted and replaced by unique non-
identifying codes internal to the Census Bureau. Only a limited number 
of sworn Census Bureau staff, who work within a secure restricted-
access environment, will be permitted to retrieve records containing 
direct identifiers (such as name or SSN).

Safeguards:
    The Census Bureau is committed to respecting respondent privacy and 
protecting confidentiality. Through the Data Stewardship Program, we 
have implemented management, operational, and technical controls and 
practices to ensure high-level data protection to respondents of our 
censuses and surveys.
     An unauthorized browsing policy protects respondent 
information from casual or inappropriate use by any person with access 
to Title 13 protected data.
     All Census Bureau employees, persons with special sworn 
status, as well as employees of FEDRAMP-approved cloud services who may 
have incidental access to Title 13 protected data, are subject to the 
restrictions, penalties, and prohibitions of 13 U.S.C. 9 and 214 as 
modified by Title 18 U.S.C. 3551, et. seq.; the Privacy Act of 1974 (5 
U.S.C. 552a(b)(4); 18 U.S.C. 1905; 26 U.S.C. 7213, 7213A, and 7431; and 
42 U.S.C. 1306.
     All Census Bureau employees and persons with special sworn 
status will be regularly advised of regulations issued pursuant to 
Title 13 governing the confidentiality of the data, and will be 
required to complete an annual Data Stewardship Awareness training and 
those who have access to Federal Tax Information data will be regularly 
advised of regulations issued pursuant to Title 26 governing the 
confidentiality of the data, and will be required to complete an annual 
Title 26 awareness program. The restricted-access IT environment has 
been established to limit the number of Census Bureau staff with direct 
access to the personal identifiers in this system to protect the 
confidentiality of the data and to prevent unauthorized use or access. 
These safeguards provide a level and scope of security that meet the 
level and scope of security established by OMB Circular No. A-130, 
Appendix III, Security of Federal Automated Information Resources.
     All Census Bureau and FEDRAMP-approved computer systems 
that maintain sensitive information are in compliance with the Federal 
Information Security Management Act, which includes auditing and 
controls over access to restricted data.
     The use of unsecured telecommunications to transmit 
individually identifiable information is prohibited.
     Paper copies that contain sensitive information are stored 
in secure facilities in a locked drawer or file cabinet behind a closed 
door.
     Each requested use of the data covered in this SORN will 
be reviewed by an in-house Project Review Board to ensure that data 
relating to the project will be used only for authorized purposes. All 
uses of the data are solely for statistical purposes, which by 
definition means that uses will not directly affect benefits or 
enforcement actions for any individual. Only when the Project Review 
Board has approved a project, will access to information from one or 
more of the source data sets occur. Data from external sources in 
approved projects will not be made publicly available.
     Any publications based on the Statistical Administrative 
Records System will be cleared for release under the direction of the 
Census Bureau's Disclosure Review Board, which will confirm that all 
the required disclosure protection procedures have been implemented. No 
information will be released that identifies any individual.

Retention and Disposal:
    Records are to be retained in accordance with General Records 
Schedule GRS 4.3, and the Census Bureau's records control schedule DAA-
0029-2014-0005, Records of the Center for Administrative Records 
Research and Applications, which are approved by the National Archives 
and Records Administration (NARA). Records are also retained in 
accordance with agreements developed with sponsoring agencies or source 
entities. Federal tax information administrative record data will be 
retained and disposed of in accordance with Publication 1075, Tax 
information Security Guidelines for Federal, State, and Local Agencies 
and Entities. The Census Bureau issues an Annual Safeguard Security 
Report that includes information on the retention and disposal of 
federal tax information. Pursuant to IRS regulation, Title 26 U.S.C. 
6103(p)(4)(F)(ii), data cannot be transferred to NARA.

[[Page 76557]]

System Manager and Address:
    Associate Director for Research and Methodology, U.S. Census 
Bureau, 4600 Silver Hill Road, Washington, DC 20233-8000.

Notification Procedure:
    None.

Record Access Procedures:
    None.

Contesting Record Procedures:
    None.

Record Source Categories:
    Individuals and addresses covered by selected administrative record 
systems and Census Bureau censuses and surveys including current 
demographic and economic surveys, quinquennial Economic Censuses, and 
decennial Censuses of Population and Housing. Additionally, the Census 
Bureau will also acquire administrative record files from agencies such 
as the Departments of Agriculture, Education, Health and Human 
Services, Homeland Security, Housing and Urban Development, Labor, 
Treasury, Veterans Affairs, the Office of Personnel Management, the 
Social Security Administration, the Selective Service System, and the 
U.S. Postal Service, etc. Comparable data may also be sought from state 
agencies, commercial sources, and Web sites.

Exemptions Claimed for System:
    Pursuant to 5 U.S.C. 552a(k)(4), this system of records is exempted 
from the notification, access, and contest requirements of the agency 
procedures (under 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and 
(I), and (f)). This exemption is applicable as the data are maintained 
by the Census Bureau solely as statistical records, as required under 
Title 13, and are not used in whole or in part in making any 
determination about an identifiable individual. This exemption is made 
in accordance with the Department's rules which appear in 15 CFR part 4 
Subpart B published in this Federal Register.

Michael J. Toland,
Department of Commerce, Deputy Chief FOIA Officer, Department Privacy 
Act Officer.
[FR Doc. 2016-26517 Filed 11-2-16; 8:45 am]
 BILLING CODE 3510-07-P