[Federal Register Volume 87, Number 118 (Tuesday, June 21, 2022)]
[Notices]
[Pages 36820-36824]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-12598]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
[Docket No. 210518-0109]
Privacy Act of 1974; System of Records
AGENCY: U.S. Census Bureau, U.S. Department of Commerce.
ACTION: Notice of amendment, Privacy Act System of Records; COMMERCE/
CENSUS-8, Statistical Administrative Records System.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, as amended and
Office of Management and Budget (OMB) Circular A-108, ``Federal Agency
[[Page 36821]]
Responsibilities for Review, Reporting, and Publication under the
Privacy Act,'' the Department of Commerce (Department) is issuing this
notice of intent to modify a system of records, COMMERCE/CENSUS-8,
Statistical Administrative Records System.
DATES: To be considered, written comments must be submitted on or
before July 21, 2022. This modified system of records will become
effective on June 21, 2022 with the exception of any newly proposed or
modified routine uses set forth under the section heading, ``ROUTINE
USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS
AND PURPOSES OF SUCH USES,'' which are subject to a 30-day period
during which interested persons may submit comments to the Department.
A new or modified routine use will become effective on August 5, 2022,
unless the new or modified routine use needs to be changed as a result
of public comment.
If the modified system of records notice needs to be changed, the
Department will publish a subsequent notice in the Federal Register by
August 5, 2022, stating that the current system of records will remain
in effect until a revised notice is published in the Federal Register.
ADDRESSES: Please address comments to: Byron Crenshaw, Privacy
Compliance Branch, Room 8H021, U.S. Census Bureau, Washington, DC
20233-3700 or by email, [email protected].
FOR FURTHER INFORMATION CONTACT: Byron Crenshaw, Privacy Compliance
Branch, Room 8H021, U.S. Census Bureau, Washington, DC 20233-3700, 301-
763-7997, or by email, [email protected].
SUPPLEMENTARY INFORMATION: This update makes nine program-related
changes to COMMERCE/CENSUS-8, Statistical Administrative Records
System. The first of nine proposed changes to program-related
provisions update the description of the system location to specify the
name and address of the cloud service provider. The second proposed
change updates the description of the system manager for this system of
records to reflect a U.S. Census Bureau (Census Bureau) reorganization
that places some of the administrative records maintained in this
system of records under a new manager. Administrative records
maintained by the Center for Optimization and Data Science, including
unique data sets that are extracted or combined on an as-needed basis
for approved projects, are maintained in this system of records and
will remain with the Research and Methodology Directorate but will be
managed by the Assistant Director rather than the Associate Director.
For specific research activities, these records may contain names as
the personal identifier for retrieval of these records. The remaining
administrative records with personal identifiers will be managed by the
Associate Director for Economic Programs. The third proposed change
updates the description of the purposes of the system to clarify that
some identifiers (e.g., social security numbers) may be retained for
special research projects, including projects to support evidence-based
policymaking as specified in the Foundations for Evidence-Based
Policymaking Act of 2018, and consist of evidence of program
effectiveness to inform processes for making policy decisions. The
fourth proposed change revises the description of categories of
individuals covered by the system to clarify that the system of records
may include data on individuals obtained from other government entities
(e.g., state, local, and tribal governments), other third-party
entities, and websites (such as through web scraping). The fifth
proposed change updates the description of categories of records in the
system to provide new detail about the information in the categories,
including the collection of social media screen name (such as through
web scraping or the acquisition of contact information through
commercial resellers), place of birth, mobility status, citizenship,
immigration status, and disability status. The sixth proposed change
clarifies the record source categories by specifying other Census
Bureau systems of records from which records in this system are
obtained and by providing additional details regarding non-federal
sources, including other government entities and other third-party
entities. The seventh proposed change is a non-substantive change to
the description of routine uses of the records to clarify that certain
individuals (designated as Special Sworn Status individuals) authorized
by Title 13, U.S. Code have access to this system of records. Special
Sworn Status individuals are subject to the same confidentiality
requirements as regular Census Bureau employees. This notice does not
propose any new or significantly modified routine uses to this system
of records. The eighth proposed change updates the policies and
practices for retrieval of records to show the linkage between systems
of records covered by COMMERCE/CENSUS-3, Demographic Survey Collection
(Census Bureau Sampling Frame) (name change from COMMERCE/CENSUS-3,
Special Censuses, Surveys, and Other Studies pending publication in the
Federal Register); COMMERCE/CENSUS-4, Economic Survey Collection;
COMMERCE/CENSUS-5, Decennial Census Program; COMMERCE/CENSUS-7,
Demographic Survey Collection (Non-Census Bureau Sampling Frame) (name
change from COMMERCE/CENSUS-7, Special Censuses of Population Conducted
for State and Local Government pending publication in the Federal
Register); COMMERCE/CENSUS-9, Longitudinal Employer-Household Dynamics
System; COMMERCE/CENSUS-12, Foreign Trade Statistics; and this system
of records for approved special research projects with limited access.
The ninth proposed change updates administrative, technical, and
physical safeguards to include additional safeguard language regarding
cloud service providers approved in the government-wide Federal Risk
and Authorization Management Program (FedRAMP) that provides a
standardized approach to security assessment, authorization, and
continuous monitoring for cloud products and services. This update also
makes minor administrative updates.
The proposed changes are in accordance with OMB Circular A-108,
which requires agencies to periodically review systems of records
notices for accuracy and completeness, paying special attention to
changes in the manner in which records are organized, indexed or
retrieved that result in a change in the nature or scope of these
records; and the Privacy Act, which requires agencies to publish in the
Federal Register a notice that describes the changes to the system of
records.
The Privacy Act also requires each agency that proposes to
establish or significantly modify a system of records to provide
adequate advance notice of any such proposal to OMB, the Committee on
Oversight and Reform of the House of Representatives, and the Committee
on Homeland Security and Governmental Affairs of the Senate (5 U.S.C
552a(r)). The purpose of providing the advance notice to OMB and
Congress is to permit an evaluation of the potential effect of the
proposal on the privacy and other rights of individuals. The Department
filed a report describing the modified system of records covered by
this notice with the Chair of the Senate Committee on Homeland Security
and Governmental Affairs, the Chair of the House
[[Page 36822]]
Committee on Oversight and Reform, and the Deputy Administrator of the
Office of Information and Regulatory Affairs, OMB on [INSERT DATE OF
LETTERS].
SYSTEM NAME AND NUMBER:
COMMERCE/CENSUS-8, Statistical Administrative Records System.
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATION:
U.S. Census Bureau, Bowie Computer Center, 17101 Melford Boulevard,
Bowie, Maryland 20715; and at a FedRAMP-approved cloud services
facility, Amazon Web Services (AWS), located at 410 Terry Ave. N,
Seattle, WA 98109.
SYSTEM MANAGER(S):
For Center for Optimization and Data Science: Assistant Director
for Research and Methodology, U.S. Census Bureau, 4600 Silver Hill
Road, Washington, DC 20233-8000.
For Economic Research Division (ERD) Records: Associate Director
for Economic Programs, U.S. Census Bureau, 4600 Silver Hill Road,
Washington, DC 20233-8000.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
13 U.S.C. 6.
PURPOSE(S) OF THE SYSTEM:
This system of records supports the Census Bureau's core mission of
producing economic and demographic statistics. To accomplish this
mission, the Census Bureau is directed to acquire information from
public and third-party sources to ensure the efficient and economical
conduct of its censuses and surveys by using that information instead
of conducting direct inquiries. To provide the information on which the
American public, businesses, policymakers, and analysts rely, the
Statistical Administrative Records System efficiently re-uses data from
external sources, thereby eliminating the need to collect information
again. Therefore, the purpose of this system is to centralize and
control the use of personally identifiable information by providing a
secure repository that supports statistical operations. With the
exception of special projects, the system removes Social Security
Numbers (SSNs) contained in source files and replaces them with unique
non-identifying codes called Protected Identification Keys (PIKs) prior
to use by other Census Bureau operating units. Census Bureau staff use
the PIK to merge files to conduct approved research projects. Through
legal agreements documenting permitted uses of the external data,
linked files may be created to produce statistics. By combining survey
and census data with administrative record data obtained from other
government entities, third-party entities (e.g., commercial and private
sources) and websites, the Census Bureau will improve the quality and
usefulness of its statistics and reduce the respondent burden
associated with direct data collection efforts. The system will also be
used to plan, evaluate, and enhance survey and census operations;
improve questionnaire design and selected survey data products; produce
research and statistical products such as estimates of the demographic,
social, and economic characteristics of the population. Additionally,
this system of records includes records maintained for evidence-based
policymaking. These records consist of evidence of program
effectiveness to inform processes for making policy decisions.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
This system covers the population of the United States and
territories. In order to approximate coverage of the population in
support of its statistical programs, the Census Bureau will acquire
administrative record files from federal agencies such as the
Departments of Agriculture, Education, Health and Human Services,
Homeland Security, Housing and Urban Development, Labor, Treasury,
Veterans Affairs, the Office of Personnel Management, the Social
Security Administration, the Selective Service System, and the U.S.
Postal Service. Data on individuals may also be sought from other
government entities (e.g., state, local, and tribal governments),
third-party entities (e.g., commercial and private sources), and
websites.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records in this system of records are organized into three
components: The first category contains records with personal
identifiers (names and SSNs), with access restricted to a limited
number of sworn Census Bureau staff. These records are only used for a
brief period of time while the personal identifiers are replaced with
unique non-identifying codes. In a controlled Information Technology
(IT) environment, the identifying information SSN contained in source
files is removed and replaced with unique non-identifying codes.
Section 6 of Title 13, U.S. Code, authorizes the Census Bureau to
acquire information from other federal departments and agencies and for
the acquisition of reports of other governmental or private sources.
Data acquired by the Census Bureau to meet this directive may include
direct identifiers such as name, address, date of birth, driver's
license number, and SSN. The direct identifiers are used to identify
duplicate lists and link across multiple sources. The Census Bureau has
developed software to standardize and validate incoming person records
to assign a PIK, which is retained on file so that SSNs can be removed.
This process occurs through the Person Identification Validation System
(PVS). The PVS software processes direct identifiers from input files.
Census Bureau staff use the person linkage keys to merge files when
conducting approved research and operations activities. The software is
also used to facilitate record linkage for Census Bureau research
partners within the Federal Statistical System, the decentralized
network of federal agencies that produce data about the people,
economy, natural resources, and infrastructure of the United States.
Through legal agreements, linkage keys may be created by the Census
Bureau for other Federal Statistical System agencies to produce
statistics. The PVS does not append additional identifying information,
only a unique identifier to facilitate record linkage.
The second category contains records that are maintained on unique
data sets that are extracted or combined on an as-needed basis in
approved projects. Records are extracted or combined as needed using
the unique non-identifying codes, not by name or SSN, to prepare
numerous statistical products. These records may contain information
such as: demographic information--date of birth, place of birth, sex,
race, ethnicity, household and family characteristics, birth
expectations, mobility status, education, citizenship, immigration
status, marital status, tribal affiliation, veteran's status, and
disability status, etc.; geographical information--address and
geographic codes, etc.; mortality information--cause of death and
hospitalization information, etc.; health information--type of
provider, services provided, cost of services, and quality indicators,
etc.; economic information--housing characteristics, income,
occupation, employment and unemployment information, health insurance
coverage, federal and state program participation, assets, and wealth,
etc.; respondent contact information--name, telephone number, email
address or equivalent (such as social media screen name). Additionally,
the Census Bureau may
[[Page 36823]]
retain some direct identifiers (e.g., SSN) for projects per interagency
agreements and for short-term projects.
The third category contains two types of records that use name data
for specific research activities. The Census Bureau has policies and
procedures to review and control name data from administrative records
providers and third-party sources. This category refers to name data
used to plan contact operations for surveys and censuses and for
research on names. The first type of records includes: Respondent
contact information--name (or username), address, telephone number
(both landline and cell phone number), and email address or equivalent
(such as social media screen name), etc. The second type of records
includes name data used to set Demographic Characteristics Flags--names
are compared to lookup tables and used in models to assign sex and
ethnicity. Records in this category are maintained on unique data sets
that are extracted or combined on an as-needed basis using the unique
non-identifying codes that replaced the SSNs, but with some name
information retained. Other demographic information in this second type
of records includes: date of birth, place of birth, sex, race,
ethnicity, household and family characteristics, mobility status,
citizenship, immigration status, education, marital status, tribal
affiliation, veteran status, and disability status.
RECORD SOURCE CATEGORIES:
In general the records in this system come indirectly from
individuals and addresses obtained from other systems of records
covered by COMMERCE/CENSUS-3, Demographic Survey Collection (Census
Bureau Sampling Frame) (name change from COMMERCE/CENSUS-3, Special
Censuses, Surveys, and Other Studies pending publication in the Federal
Register); COMMERCE/CENSUS-4, Economic Survey Collection; COMMERCE/
CENSUS-5, Decennial Census Programs; COMMERCE/CENSUS-7, Demographic
Survey Collection (Non-Census Bureau Sampling Frame) (name change from
COMMERCE/CENSUS-7, Special Censuses of Population Conducted for State
and Local Government pending publication in the Federal Register);
COMMERCE/CENSUS-9, Longitudinal Employer-Household Dynamics System; and
COMMERCE/CENSUS-12, Foreign Trade Statistics. Additionally, the Census
Bureau will acquire administrative record files on individuals and
addresses from federal, state, local and tribal governments, third-
party entities (e.g., commercial or private sources), and websites.
Federal agency sources include: Departments of Agriculture, Education,
Health and Human Services, Homeland Security, Housing and Urban
Development, Labor, Treasury, Veterans Affairs, the Office of Personnel
Management, the Social Security Administration, the Selective Service
System, and the U.S. Postal Service.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
There are no routine uses for this system of records. Access to
records maintained in the system is restricted to Census Bureau
employees and certain individuals authorized by Title 13, U.S. Code
(designated as Special Sworn Status individuals). These individuals are
subject to the same confidentiality requirements as regular Census
Bureau employees.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records will be stored in a secure computerized system and on
magnetic media; output data will be electronic. Magnetic media will be
stored in a secure area within a locked drawer or cabinet. Source data
sets containing personal identifiers will be maintained in a secure
restricted-access IT environment. Records may also be stored by or at a
secure FedRAMP-approved cloud service provider or facility.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Census Bureau staff producing statistical products will have access
only to data sets from which SSNs have been deleted and replaced by a
PIK. Records from this system of records may also be linked to records
covered by COMMERCE/CENSUS-3, Demographic Survey Collection (Census
Bureau Sampling Frame) (name change from COMMERCE/CENSUS-3, Special
Censuses, Surveys, and Other Studies pending publication in the Federal
Register); COMMERCE/CENSUS-4, Economic Survey Collection; COMMERCE/
CENSUS-5, Decennial Census Programs; COMMERCE/CENSUS-7, Demographic
Survey Collection (Non-Census Bureau Sampling Frame) (name change from
COMMERCE/CENSUS-7, Special Censuses of Population Conducted for State
and Local Government pending publication in the Federal Register),
COMMERCE/CENSUS-9, Longitudinal Employer-Household Dynamics System;
and, COMMERCE/CENSUS-12, Foreign Trade Statistics, where the records
may be retrieved by the PIK or by a direct identifier (such as name or
SSN) common to all seven systems of records (including this SORN) to
conduct approved special research projects. Only a limited number of
sworn Census Bureau staff and individuals with Special Sworn Status,
who work within a secure restricted-access environment, will be
permitted to retrieve records containing direct identifiers.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are to be retained in accordance with General Records
Schedule GRS 5.1, 5.2, and the Census Bureau's records control schedule
DAA-0029-2014-0005, Records of the Center for Administrative Records
Research and Applications, which are approved by the National Archives
and Records Administration (NARA). Records are also retained in
accordance with agreements developed in accordance with other agencies
and source entities. Federal tax information administrative record data
will be retained and disposed of in accordance with 26 U.S.C.
6103(p)(4)(F)(ii) and Internal Revenue Service (IRS) Publication 1075,
Tax Information Security Guidelines for Federal, State and Local
Agencies. The Census Bureau issues an Annual Safeguard Security Report
that includes information on the retention and disposal of federal tax
information. The Census Bureau does not transfer Federal tax
information administrative record data to NARA.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The Census Bureau is committed to respecting respondent privacy and
protecting confidentiality. Through the Data Stewardship Program, we
have implemented management, operational, and technical controls and
practices to ensure high-level data protection to respondents of our
censuses and surveys.
(1) A policy against unauthorized browsing protects respondent
information from casual or inappropriate use by any person with access
to Census Bureau protected data. Unauthorized browsing is defined as
the act of searching or looking through, for other than work-related
purposes, protected personal or business-related information that
directly or indirectly identifies individual persons or businesses.
Unauthorized browsing is prohibited.
(2) All Census Bureau employees and persons with Special Sworn
Status are subject to the restrictions, penalties, and prohibitions of
13 U.S.C. 9 and 214 as
[[Page 36824]]
modified by 18 U.S.C. 3551, et. seq.; provisions of the Privacy Act, as
applicable; 18 U.S.C. 1905; 26 U.S.C. 7213, 7213A, and 7431; and 42
U.S.C. 1306.
(3) All Census Bureau employees and persons with Special Sworn
Status will be regularly advised of regulations governing the
confidentiality of the data and will be required to complete an annual
Data Stewardship Awareness training, and those who have access to
Federal Tax Information data will be regularly advised of regulations
governing the confidentiality of the data and will be required to
complete an annual Title 26, U.S. Code awareness program. Employees of
FedRAMP-approved cloud service providers do not have access to Census
Bureau protected data maintained in this system of records.
(4) The restricted-access IT environment has been established to
limit the number of Census Bureau staff with direct access to the
personal identifiers in this system to protect the confidentiality of
the data and to prevent unauthorized use or access.
(5) All Census Bureau and FedRAMP-approved computer systems that
maintain sensitive information are in compliance with the Federal
Information Security Management Act, as amended (44 U.S.C. 3551-3559),
which includes auditing and controls over access to restricted data.
(6) The use of unsecured telecommunications to transmit
individually identifiable information is prohibited.
(7) Paper copies that contain sensitive information are stored in
secure facilities in a locked drawer or file cabinet.
(8) Each requested use of the data maintained in this system of
records will be reviewed by an in-house Project Review Board to ensure
that data relating to the project will be used only for authorized
purposes. All uses of the data are solely for statistical purposes,
which by definition means that uses will not directly affect benefits
or enforcement actions for any individual. Only when the Project Review
Board has approved a project will access to information from one or
more of the source data sets be granted. Data from external sources in
approved projects will not be made publicly available. Any publications
based on the Statistical Administrative Records System will be cleared
for release under the direction of the Census Bureau's Disclosure
Review Board, which will confirm that all the required disclosure
protection procedures have been implemented. No information will be
released that identifies any individual.
RECORD ACCESS PROCEDURES:
None.
CONTESTING RECORD PROCEDURES:
None.
NOTIFICATION PROCEDURES:
None.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(k)(4), this system of records is exempted
from subsections (c)(3); (d); (e)(1); (e)(4)(G), (H), and (I); and (f)
of the Privacy Act. These subsections include, but are not limited to,
certain requirements concerning notification, access, and contest
procedures. This exemption is applicable as the data are maintained by
the Census Bureau solely as statistical records, as required under
Title 13, U.S. Code, and are not used in whole or in part in making any
determination about an identifiable individual. This exemption is made
in accordance with the Department's rules which appear in 15 CFR part 4
Subpart B.
HISTORY:
81 FR 776554, November 3, 2016, Notice of Proposed Amendment.
Jennifer Goode,
Deputy Director and Acting Director of the Office of Privacy and Open
Government.
[FR Doc. 2022-12598 Filed 6-17-22; 8:45 am]
BILLING CODE 3510-07-P