[Federal Register Volume 87, Number 118 (Tuesday, June 21, 2022)]
[Notices]
[Pages 36820-36824]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-12598]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

[Docket No. 210518-0109]


Privacy Act of 1974; System of Records

AGENCY: U.S. Census Bureau, U.S. Department of Commerce.

ACTION: Notice of amendment, Privacy Act System of Records; COMMERCE/
CENSUS-8, Statistical Administrative Records System.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended and 
Office of Management and Budget (OMB) Circular A-108, ``Federal Agency

[[Page 36821]]

Responsibilities for Review, Reporting, and Publication under the 
Privacy Act,'' the Department of Commerce (Department) is issuing this 
notice of intent to modify a system of records, COMMERCE/CENSUS-8, 
Statistical Administrative Records System.

DATES: To be considered, written comments must be submitted on or 
before July 21, 2022. This modified system of records will become 
effective on June 21, 2022 with the exception of any newly proposed or 
modified routine uses set forth under the section heading, ``ROUTINE 
USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS 
AND PURPOSES OF SUCH USES,'' which are subject to a 30-day period 
during which interested persons may submit comments to the Department. 
A new or modified routine use will become effective on August 5, 2022, 
unless the new or modified routine use needs to be changed as a result 
of public comment.
    If the modified system of records notice needs to be changed, the 
Department will publish a subsequent notice in the Federal Register by 
August 5, 2022, stating that the current system of records will remain 
in effect until a revised notice is published in the Federal Register.

ADDRESSES: Please address comments to: Byron Crenshaw, Privacy 
Compliance Branch, Room 8H021, U.S. Census Bureau, Washington, DC 
20233-3700 or by email, [email protected].

FOR FURTHER INFORMATION CONTACT: Byron Crenshaw, Privacy Compliance 
Branch, Room 8H021, U.S. Census Bureau, Washington, DC 20233-3700, 301-
763-7997, or by email, [email protected].

SUPPLEMENTARY INFORMATION: This update makes nine program-related 
changes to COMMERCE/CENSUS-8, Statistical Administrative Records 
System. The first of nine proposed changes to program-related 
provisions update the description of the system location to specify the 
name and address of the cloud service provider. The second proposed 
change updates the description of the system manager for this system of 
records to reflect a U.S. Census Bureau (Census Bureau) reorganization 
that places some of the administrative records maintained in this 
system of records under a new manager. Administrative records 
maintained by the Center for Optimization and Data Science, including 
unique data sets that are extracted or combined on an as-needed basis 
for approved projects, are maintained in this system of records and 
will remain with the Research and Methodology Directorate but will be 
managed by the Assistant Director rather than the Associate Director. 
For specific research activities, these records may contain names as 
the personal identifier for retrieval of these records. The remaining 
administrative records with personal identifiers will be managed by the 
Associate Director for Economic Programs. The third proposed change 
updates the description of the purposes of the system to clarify that 
some identifiers (e.g., social security numbers) may be retained for 
special research projects, including projects to support evidence-based 
policymaking as specified in the Foundations for Evidence-Based 
Policymaking Act of 2018, and consist of evidence of program 
effectiveness to inform processes for making policy decisions. The 
fourth proposed change revises the description of categories of 
individuals covered by the system to clarify that the system of records 
may include data on individuals obtained from other government entities 
(e.g., state, local, and tribal governments), other third-party 
entities, and websites (such as through web scraping). The fifth 
proposed change updates the description of categories of records in the 
system to provide new detail about the information in the categories, 
including the collection of social media screen name (such as through 
web scraping or the acquisition of contact information through 
commercial resellers), place of birth, mobility status, citizenship, 
immigration status, and disability status. The sixth proposed change 
clarifies the record source categories by specifying other Census 
Bureau systems of records from which records in this system are 
obtained and by providing additional details regarding non-federal 
sources, including other government entities and other third-party 
entities. The seventh proposed change is a non-substantive change to 
the description of routine uses of the records to clarify that certain 
individuals (designated as Special Sworn Status individuals) authorized 
by Title 13, U.S. Code have access to this system of records. Special 
Sworn Status individuals are subject to the same confidentiality 
requirements as regular Census Bureau employees. This notice does not 
propose any new or significantly modified routine uses to this system 
of records. The eighth proposed change updates the policies and 
practices for retrieval of records to show the linkage between systems 
of records covered by COMMERCE/CENSUS-3, Demographic Survey Collection 
(Census Bureau Sampling Frame) (name change from COMMERCE/CENSUS-3, 
Special Censuses, Surveys, and Other Studies pending publication in the 
Federal Register); COMMERCE/CENSUS-4, Economic Survey Collection; 
COMMERCE/CENSUS-5, Decennial Census Program; COMMERCE/CENSUS-7, 
Demographic Survey Collection (Non-Census Bureau Sampling Frame) (name 
change from COMMERCE/CENSUS-7, Special Censuses of Population Conducted 
for State and Local Government pending publication in the Federal 
Register); COMMERCE/CENSUS-9, Longitudinal Employer-Household Dynamics 
System; COMMERCE/CENSUS-12, Foreign Trade Statistics; and this system 
of records for approved special research projects with limited access. 
The ninth proposed change updates administrative, technical, and 
physical safeguards to include additional safeguard language regarding 
cloud service providers approved in the government-wide Federal Risk 
and Authorization Management Program (FedRAMP) that provides a 
standardized approach to security assessment, authorization, and 
continuous monitoring for cloud products and services. This update also 
makes minor administrative updates.
    The proposed changes are in accordance with OMB Circular A-108, 
which requires agencies to periodically review systems of records 
notices for accuracy and completeness, paying special attention to 
changes in the manner in which records are organized, indexed or 
retrieved that result in a change in the nature or scope of these 
records; and the Privacy Act, which requires agencies to publish in the 
Federal Register a notice that describes the changes to the system of 
records.
    The Privacy Act also requires each agency that proposes to 
establish or significantly modify a system of records to provide 
adequate advance notice of any such proposal to OMB, the Committee on 
Oversight and Reform of the House of Representatives, and the Committee 
on Homeland Security and Governmental Affairs of the Senate (5 U.S.C 
552a(r)). The purpose of providing the advance notice to OMB and 
Congress is to permit an evaluation of the potential effect of the 
proposal on the privacy and other rights of individuals. The Department 
filed a report describing the modified system of records covered by 
this notice with the Chair of the Senate Committee on Homeland Security 
and Governmental Affairs, the Chair of the House

[[Page 36822]]

Committee on Oversight and Reform, and the Deputy Administrator of the 
Office of Information and Regulatory Affairs, OMB on [INSERT DATE OF 
LETTERS].

SYSTEM NAME AND NUMBER:
    COMMERCE/CENSUS-8, Statistical Administrative Records System.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    U.S. Census Bureau, Bowie Computer Center, 17101 Melford Boulevard, 
Bowie, Maryland 20715; and at a FedRAMP-approved cloud services 
facility, Amazon Web Services (AWS), located at 410 Terry Ave. N, 
Seattle, WA 98109.

SYSTEM MANAGER(S):
    For Center for Optimization and Data Science: Assistant Director 
for Research and Methodology, U.S. Census Bureau, 4600 Silver Hill 
Road, Washington, DC 20233-8000.
    For Economic Research Division (ERD) Records: Associate Director 
for Economic Programs, U.S. Census Bureau, 4600 Silver Hill Road, 
Washington, DC 20233-8000.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    13 U.S.C. 6.

PURPOSE(S) OF THE SYSTEM:
    This system of records supports the Census Bureau's core mission of 
producing economic and demographic statistics. To accomplish this 
mission, the Census Bureau is directed to acquire information from 
public and third-party sources to ensure the efficient and economical 
conduct of its censuses and surveys by using that information instead 
of conducting direct inquiries. To provide the information on which the 
American public, businesses, policymakers, and analysts rely, the 
Statistical Administrative Records System efficiently re-uses data from 
external sources, thereby eliminating the need to collect information 
again. Therefore, the purpose of this system is to centralize and 
control the use of personally identifiable information by providing a 
secure repository that supports statistical operations. With the 
exception of special projects, the system removes Social Security 
Numbers (SSNs) contained in source files and replaces them with unique 
non-identifying codes called Protected Identification Keys (PIKs) prior 
to use by other Census Bureau operating units. Census Bureau staff use 
the PIK to merge files to conduct approved research projects. Through 
legal agreements documenting permitted uses of the external data, 
linked files may be created to produce statistics. By combining survey 
and census data with administrative record data obtained from other 
government entities, third-party entities (e.g., commercial and private 
sources) and websites, the Census Bureau will improve the quality and 
usefulness of its statistics and reduce the respondent burden 
associated with direct data collection efforts. The system will also be 
used to plan, evaluate, and enhance survey and census operations; 
improve questionnaire design and selected survey data products; produce 
research and statistical products such as estimates of the demographic, 
social, and economic characteristics of the population. Additionally, 
this system of records includes records maintained for evidence-based 
policymaking. These records consist of evidence of program 
effectiveness to inform processes for making policy decisions.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system covers the population of the United States and 
territories. In order to approximate coverage of the population in 
support of its statistical programs, the Census Bureau will acquire 
administrative record files from federal agencies such as the 
Departments of Agriculture, Education, Health and Human Services, 
Homeland Security, Housing and Urban Development, Labor, Treasury, 
Veterans Affairs, the Office of Personnel Management, the Social 
Security Administration, the Selective Service System, and the U.S. 
Postal Service. Data on individuals may also be sought from other 
government entities (e.g., state, local, and tribal governments), 
third-party entities (e.g., commercial and private sources), and 
websites.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in this system of records are organized into three 
components: The first category contains records with personal 
identifiers (names and SSNs), with access restricted to a limited 
number of sworn Census Bureau staff. These records are only used for a 
brief period of time while the personal identifiers are replaced with 
unique non-identifying codes. In a controlled Information Technology 
(IT) environment, the identifying information SSN contained in source 
files is removed and replaced with unique non-identifying codes. 
Section 6 of Title 13, U.S. Code, authorizes the Census Bureau to 
acquire information from other federal departments and agencies and for 
the acquisition of reports of other governmental or private sources. 
Data acquired by the Census Bureau to meet this directive may include 
direct identifiers such as name, address, date of birth, driver's 
license number, and SSN. The direct identifiers are used to identify 
duplicate lists and link across multiple sources. The Census Bureau has 
developed software to standardize and validate incoming person records 
to assign a PIK, which is retained on file so that SSNs can be removed. 
This process occurs through the Person Identification Validation System 
(PVS). The PVS software processes direct identifiers from input files. 
Census Bureau staff use the person linkage keys to merge files when 
conducting approved research and operations activities. The software is 
also used to facilitate record linkage for Census Bureau research 
partners within the Federal Statistical System, the decentralized 
network of federal agencies that produce data about the people, 
economy, natural resources, and infrastructure of the United States. 
Through legal agreements, linkage keys may be created by the Census 
Bureau for other Federal Statistical System agencies to produce 
statistics. The PVS does not append additional identifying information, 
only a unique identifier to facilitate record linkage.
    The second category contains records that are maintained on unique 
data sets that are extracted or combined on an as-needed basis in 
approved projects. Records are extracted or combined as needed using 
the unique non-identifying codes, not by name or SSN, to prepare 
numerous statistical products. These records may contain information 
such as: demographic information--date of birth, place of birth, sex, 
race, ethnicity, household and family characteristics, birth 
expectations, mobility status, education, citizenship, immigration 
status, marital status, tribal affiliation, veteran's status, and 
disability status, etc.; geographical information--address and 
geographic codes, etc.; mortality information--cause of death and 
hospitalization information, etc.; health information--type of 
provider, services provided, cost of services, and quality indicators, 
etc.; economic information--housing characteristics, income, 
occupation, employment and unemployment information, health insurance 
coverage, federal and state program participation, assets, and wealth, 
etc.; respondent contact information--name, telephone number, email 
address or equivalent (such as social media screen name). Additionally, 
the Census Bureau may

[[Page 36823]]

retain some direct identifiers (e.g., SSN) for projects per interagency 
agreements and for short-term projects.
    The third category contains two types of records that use name data 
for specific research activities. The Census Bureau has policies and 
procedures to review and control name data from administrative records 
providers and third-party sources. This category refers to name data 
used to plan contact operations for surveys and censuses and for 
research on names. The first type of records includes: Respondent 
contact information--name (or username), address, telephone number 
(both landline and cell phone number), and email address or equivalent 
(such as social media screen name), etc. The second type of records 
includes name data used to set Demographic Characteristics Flags--names 
are compared to lookup tables and used in models to assign sex and 
ethnicity. Records in this category are maintained on unique data sets 
that are extracted or combined on an as-needed basis using the unique 
non-identifying codes that replaced the SSNs, but with some name 
information retained. Other demographic information in this second type 
of records includes: date of birth, place of birth, sex, race, 
ethnicity, household and family characteristics, mobility status, 
citizenship, immigration status, education, marital status, tribal 
affiliation, veteran status, and disability status.

RECORD SOURCE CATEGORIES:
    In general the records in this system come indirectly from 
individuals and addresses obtained from other systems of records 
covered by COMMERCE/CENSUS-3, Demographic Survey Collection (Census 
Bureau Sampling Frame) (name change from COMMERCE/CENSUS-3, Special 
Censuses, Surveys, and Other Studies pending publication in the Federal 
Register); COMMERCE/CENSUS-4, Economic Survey Collection; COMMERCE/
CENSUS-5, Decennial Census Programs; COMMERCE/CENSUS-7, Demographic 
Survey Collection (Non-Census Bureau Sampling Frame) (name change from 
COMMERCE/CENSUS-7, Special Censuses of Population Conducted for State 
and Local Government pending publication in the Federal Register); 
COMMERCE/CENSUS-9, Longitudinal Employer-Household Dynamics System; and 
COMMERCE/CENSUS-12, Foreign Trade Statistics. Additionally, the Census 
Bureau will acquire administrative record files on individuals and 
addresses from federal, state, local and tribal governments, third-
party entities (e.g., commercial or private sources), and websites. 
Federal agency sources include: Departments of Agriculture, Education, 
Health and Human Services, Homeland Security, Housing and Urban 
Development, Labor, Treasury, Veterans Affairs, the Office of Personnel 
Management, the Social Security Administration, the Selective Service 
System, and the U.S. Postal Service.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    There are no routine uses for this system of records. Access to 
records maintained in the system is restricted to Census Bureau 
employees and certain individuals authorized by Title 13, U.S. Code 
(designated as Special Sworn Status individuals). These individuals are 
subject to the same confidentiality requirements as regular Census 
Bureau employees.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records will be stored in a secure computerized system and on 
magnetic media; output data will be electronic. Magnetic media will be 
stored in a secure area within a locked drawer or cabinet. Source data 
sets containing personal identifiers will be maintained in a secure 
restricted-access IT environment. Records may also be stored by or at a 
secure FedRAMP-approved cloud service provider or facility.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Census Bureau staff producing statistical products will have access 
only to data sets from which SSNs have been deleted and replaced by a 
PIK. Records from this system of records may also be linked to records 
covered by COMMERCE/CENSUS-3, Demographic Survey Collection (Census 
Bureau Sampling Frame) (name change from COMMERCE/CENSUS-3, Special 
Censuses, Surveys, and Other Studies pending publication in the Federal 
Register); COMMERCE/CENSUS-4, Economic Survey Collection; COMMERCE/
CENSUS-5, Decennial Census Programs; COMMERCE/CENSUS-7, Demographic 
Survey Collection (Non-Census Bureau Sampling Frame) (name change from 
COMMERCE/CENSUS-7, Special Censuses of Population Conducted for State 
and Local Government pending publication in the Federal Register), 
COMMERCE/CENSUS-9, Longitudinal Employer-Household Dynamics System; 
and, COMMERCE/CENSUS-12, Foreign Trade Statistics, where the records 
may be retrieved by the PIK or by a direct identifier (such as name or 
SSN) common to all seven systems of records (including this SORN) to 
conduct approved special research projects. Only a limited number of 
sworn Census Bureau staff and individuals with Special Sworn Status, 
who work within a secure restricted-access environment, will be 
permitted to retrieve records containing direct identifiers.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are to be retained in accordance with General Records 
Schedule GRS 5.1, 5.2, and the Census Bureau's records control schedule 
DAA-0029-2014-0005, Records of the Center for Administrative Records 
Research and Applications, which are approved by the National Archives 
and Records Administration (NARA). Records are also retained in 
accordance with agreements developed in accordance with other agencies 
and source entities. Federal tax information administrative record data 
will be retained and disposed of in accordance with 26 U.S.C. 
6103(p)(4)(F)(ii) and Internal Revenue Service (IRS) Publication 1075, 
Tax Information Security Guidelines for Federal, State and Local 
Agencies. The Census Bureau issues an Annual Safeguard Security Report 
that includes information on the retention and disposal of federal tax 
information. The Census Bureau does not transfer Federal tax 
information administrative record data to NARA.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The Census Bureau is committed to respecting respondent privacy and 
protecting confidentiality. Through the Data Stewardship Program, we 
have implemented management, operational, and technical controls and 
practices to ensure high-level data protection to respondents of our 
censuses and surveys.
    (1) A policy against unauthorized browsing protects respondent 
information from casual or inappropriate use by any person with access 
to Census Bureau protected data. Unauthorized browsing is defined as 
the act of searching or looking through, for other than work-related 
purposes, protected personal or business-related information that 
directly or indirectly identifies individual persons or businesses. 
Unauthorized browsing is prohibited.
    (2) All Census Bureau employees and persons with Special Sworn 
Status are subject to the restrictions, penalties, and prohibitions of 
13 U.S.C. 9 and 214 as

[[Page 36824]]

modified by 18 U.S.C. 3551, et. seq.; provisions of the Privacy Act, as 
applicable; 18 U.S.C. 1905; 26 U.S.C. 7213, 7213A, and 7431; and 42 
U.S.C. 1306.
    (3) All Census Bureau employees and persons with Special Sworn 
Status will be regularly advised of regulations governing the 
confidentiality of the data and will be required to complete an annual 
Data Stewardship Awareness training, and those who have access to 
Federal Tax Information data will be regularly advised of regulations 
governing the confidentiality of the data and will be required to 
complete an annual Title 26, U.S. Code awareness program. Employees of 
FedRAMP-approved cloud service providers do not have access to Census 
Bureau protected data maintained in this system of records.
    (4) The restricted-access IT environment has been established to 
limit the number of Census Bureau staff with direct access to the 
personal identifiers in this system to protect the confidentiality of 
the data and to prevent unauthorized use or access.
    (5) All Census Bureau and FedRAMP-approved computer systems that 
maintain sensitive information are in compliance with the Federal 
Information Security Management Act, as amended (44 U.S.C. 3551-3559), 
which includes auditing and controls over access to restricted data.
    (6) The use of unsecured telecommunications to transmit 
individually identifiable information is prohibited.
    (7) Paper copies that contain sensitive information are stored in 
secure facilities in a locked drawer or file cabinet.
    (8) Each requested use of the data maintained in this system of 
records will be reviewed by an in-house Project Review Board to ensure 
that data relating to the project will be used only for authorized 
purposes. All uses of the data are solely for statistical purposes, 
which by definition means that uses will not directly affect benefits 
or enforcement actions for any individual. Only when the Project Review 
Board has approved a project will access to information from one or 
more of the source data sets be granted. Data from external sources in 
approved projects will not be made publicly available. Any publications 
based on the Statistical Administrative Records System will be cleared 
for release under the direction of the Census Bureau's Disclosure 
Review Board, which will confirm that all the required disclosure 
protection procedures have been implemented. No information will be 
released that identifies any individual.

RECORD ACCESS PROCEDURES:
    None.

CONTESTING RECORD PROCEDURES:
    None.

NOTIFICATION PROCEDURES:
    None.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    Pursuant to 5 U.S.C. 552a(k)(4), this system of records is exempted 
from subsections (c)(3); (d); (e)(1); (e)(4)(G), (H), and (I); and (f) 
of the Privacy Act. These subsections include, but are not limited to, 
certain requirements concerning notification, access, and contest 
procedures. This exemption is applicable as the data are maintained by 
the Census Bureau solely as statistical records, as required under 
Title 13, U.S. Code, and are not used in whole or in part in making any 
determination about an identifiable individual. This exemption is made 
in accordance with the Department's rules which appear in 15 CFR part 4 
Subpart B.

HISTORY:
    81 FR 776554, November 3, 2016, Notice of Proposed Amendment.

Jennifer Goode,
Deputy Director and Acting Director of the Office of Privacy and Open 
Government.
[FR Doc. 2022-12598 Filed 6-17-22; 8:45 am]
BILLING CODE 3510-07-P