[Federal Register Volume 87, Number 180 (Monday, September 19, 2022)]
[Notices]
[Pages 57198-57202]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-20139]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Administration for Children and Families


Privacy Act of 1974; System of Records

AGENCY: Administration for Children and Families, Department of Health 
and Human Services.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the U.S. 
Department of Health and Human Services (HHS) is modifying an existing 
system of records, system number 09-80-0361, titled ``OPRE Research and 
Evaluation Project Records,'' that is maintained by the Administration 
for Children and Families (ACF), Office of Planning, Research & 
Evaluation (OPRE). The system of records covers any individually 
identifiable records about individuals that are retrieved by a personal 
identifier to conduct OPRE research, evaluation, and data projects that 
study how to improve the economic and social well-being of children and 
families and/or increase the effectiveness and efficiency of programs 
inside and outside ACF working towards that goal. Subject individuals 
include individuals considered for inclusion or included in an OPRE 
Project; individuals who provide information about those considered or 
selected for an OPRE Project; and individuals whose information is in a 
pre-existing dataset evaluated or analyzed as part of an OPRE Project.

DATES: The modified system of records is applicable October 19, 2022, 
subject to a 30-day period in which to comment on the new and revised 
routine uses. Submit any comments by October 19, 2022.

ADDRESSES: The public should submit written comments by mail or email 
addressed to: Anita Alford, Senior Official for Privacy, Administration 
for Children and Families, 330 C St. SW, Washington, DC 20201, or 
[email protected].

FOR FURTHER INFORMATION CONTACT:  General questions about the modified 
system of records may be submitted by email or telephone to Emily 
Schmitt at [email protected] or (202) 401-5786.

SUPPLEMENTARY INFORMATION: 

[[Page 57199]]

I. Background on System of Records 09-80-0361, OPRE Research and 
Evaluation Project Records

    The system of records covers individually identifiable records 
about individuals that are retrieved by a personal identifier to 
conduct OPRE research, evaluation, and data projects that study how to 
improve the economic and social well-being of children and families 
and/or increase the effectiveness and efficiency of programs inside and 
outside ACF working towards that goal (OPRE Projects). While the 
results of these studies are generally deidentified and made publicly 
available, the process of collecting and analyzing the information may, 
in some instances, require retrieving identifiable records about 
individuals by personal identifier (for example, to combine or de-
duplicate data about the same individual collected at different times 
or from different sources). The majority of OPRE Projects are conducted 
without directly retrieving records by personal identifier, so do not 
involve Privacy Act records.

II. Modifications Made to the System of Records

    The updated System of Records Notice (SORN) published in this 
notice includes the following modifications:
     The SORN has been reformatted to comply with current 
format requirements in OMB Circular A-108, issued December 23, 2016. 
The Circular changed the order and headings of certain SORN sections 
and added a ``SORN History'' section.
     The ``System Location'' and ``System Manager(s)'' sections 
have been updated with current addresses, and the System Manager(s) 
section now includes an email address.
     The ``Authorities'' section no longer cites 42 U.S.C. 7103 
and 42 U.S.C. 9858 et seq. and the Consolidated Appropriations Act of 
2008, and now cites the following in addition to the other previously 
cited authorities. Some of the newly cited statutes specifically 
identify when ACF should provide a service or evaluate an activity. The 
other statutes give ACF the authority to distribute funds; recipients 
must report information about the individuals assisted via those funds 
to ACF, which is then used in one or more OPRE Projects.
    [cir] 22 U.S.C. 7104 and 7105 (authorizes the HHS Secretary to 
provide grants to help victims of human trafficking and educate 
individuals about human trafficking).
    [cir] 34 U.S.C. 11243 (authorizes the HHS Secretary to carry out 
research, evaluation, demonstration, and service projects to increase 
knowledge concerning, and to improve services for, runaway youth and 
homeless youth);
    [cir] 42 U.S.C. 5105 (authorizes the HHS Secretary to fund a 
continuous program of research on how to better protect children from 
child abuse or neglect and improve the well-being of victims of child 
abuse or neglect);
    [cir] 42 U.S.C. 9844 (authorizes the HHS Secretary, directly or 
through grants or contracts, to carry out research, demonstrations, and 
evaluation activities to improve Head Start programs);
    [cir] 42 U.S.C. 10404 (authorizes the HHS Secretary to coordinate 
Departmental programs to prevent family violence, domestic violence, or 
dating violence);
    [cir] 42 U.S.C. 1397 et seq. (discusses the administration of the 
Block Grants to States for Social Services and research connected to 
those grants);
    [cir] 42 U.S.C. subchapter II-B (authorized Child Care and 
Development Block Grants in fiscal years (FYs) 2015 through 2020 to 
fund state child care programs; data funded in prior FYs still exists);
    [cir] 42 U.S.C. subchapter V (authorizes the HHS Secretary to 
support special projects of regional and national significance and 
research regarding maternal and child health); and
    [cir] Executive Order (E.O.) 9397 as amended by E.O. 13478 
(addresses use of personal identifiers).
     The ``Purpose(s)'' section has been revised to add a 
description of types of OPRE Projects, which are listed as a. through 
g., and to omit an unnecessary statement that the procedures for 
collecting information about research subjects in OPRE Projects are 
reviewed, as appropriate, by Institutional Review Boards and are 
subject to HHS regulations on research with human subjects, including 
requirements for informed consent.
     The ``Categories of Individuals'' section has been 
clarified and expanded. Instead of stating that information is about 
research ``participants'' and may include information about family 
members of program participants and service recipients, it encompasses 
program clients, individuals (such as family members) who provide 
information about program clients, and sole practitioners who provide 
services to program clients; and it makes clear that information about 
them may be from a pre-existing dataset used in an OPRE Project, not 
necessarily newly collected specifically for the OPRE Project.
     The ``Categories of Records'' section includes some 
revised and additional examples of data elements that may be contained 
in the records; i.e.:
    [cir] ``Email address'' has been added to the examples of contact 
information.
    [cir] In the examples of sociodemographic information, ``date of 
birth'' has been changed to ``age''; ``citizenship'' has been removed; 
and the following have been added: tribal affiliation, gender, 
sexuality, language preferences and proficiencies, responses to 
assessments and collections (e.g., surveys and interviews), 
photographs, voice and video recordings and transcripts, bio-specimens, 
correspondences, and administrative records.
    [cir] In examples of other information, ``income'' has been changed 
to ``finances''; ``pre-school Head start participation'' has been 
broadened to ``other governmental services''; and the following have 
been added: education; living situation, sexual history, mental and 
physical health and well-being, criminal activities, risky behaviors 
(e.g., illicit drug use), family dynamics (e.g., beliefs), and 
disabilities.
     The ``Record Source Categories'' section has been reworded 
but not substantively changed.
     The ``Routine Uses'' section includes the following 
updates:
    [cir] The introduction omits this statement: ``In addition, 
contractors may be restricted by contract from making a disclosure 
allowed as a routine use or by law without the consent of HHS, of the 
data subject, or both, unless the disclosure is required by law.''
    [cir] Three existing routine uses have been revised, as follows:
    [ssquf] Routine use 2, which authorizes disclosures incident to 
requesting information, has been revised to change ``information'' to 
``records'' and to change ``research or evaluation'' to ``OPRE 
Project.''
    [ssquf] Routine use 4, which authorizes disclosures to the 
Department of Justice or in proceedings, has been revised to omit a 
statement about compatibility with the original collection purpose, 
which is redundant because it repeats part of the definition of a 
routine use.
    [ssquf] Routine use 5, which previously authorized disclosures to 
HHS contractors, has been revised to include HHS grantees and to add, 
as a condition of disclosure, that the contractor or grantee must be 
required by the terms of the contract or grant to comply with the 
Privacy Act.
    [cir] One routine use has been deleted (numbered as 6 in the 
existing SORN); it authorized disclosures to claims examiners, 
investigators, arbitrators,

[[Page 57200]]

etc., at other agencies (including the Office of Personnel Management, 
Office of Special Counsel, Merit System Protection Board, Federal Labor 
Relations Authority, Equal Opportunity Commission, and Office of 
Government Ethics) in administrative grievance, claim, complaint, and 
appeal cases filed by employees. In the unlikely event that an 
employee's work, with or responsibility for, records in this system of 
records were to become an issue in such a case, it should not be 
necessary to use identifiable records from this system of records for 
investigation, discovery, evidentiary, settlement, or other purposes in 
the case.
    [cir] Two new routine uses have been added (numbered as 9 and 10) 
authorizing disclosures for research that will not impact the record 
subject and disclosures so that an organization that serves an 
individual under a federal contract may access information about its 
services to continue serving the individual.
     A section headed ``Disclosure to Consumer Reporting 
Agencies'' has been removed as unnecessary, because the section merely 
confirmed that such disclosures are not made from this system of 
records.
     The ``Storage'' section previously stated that, depending 
on the project, records ``may be stored on paper or other hard copy, 
computers, and networks,'' and now states that records ``are stored in 
paper and electronic form.''
     The ``Retrieval'' section has been reworded but not 
substantively changed.
     The ``Retention'' section no longer states that 
identifiers are removed once the analysis is complete. Instead, it now 
states that a disposition schedule is pending approval by the National 
Archives and Records Administration (NARA), which proposes that the 
records be cutoff upon completion of final report or termination of 
evaluation and be destroyed 5 years after cutoff; and that ACF/OPRE 
will continue to retain the records indefinitely until the schedule is 
approved by NARA.
     The ``Safeguards'' section, which previously stated that 
contractors and other record keepers are required to maintain 
``appropriate'' administrative, technical, and physical safeguards and 
that records are ``secured in compliance with Federal requirements'' 
now describes particular administrative, technical, or physical 
safeguards that are used to protect the records from unauthorized 
access.
     The ``Record Access Procedures,'' ``Contesting Record 
Procedures,'' and ``Notification Procedures'' sections have been 
revised to state that access, amendment, and notification requests 
``must'' (instead of ``should'') be in writing and contain identity 
verification information; to no longer require that requests include 
``Social Security Number '' (SSN); and to specify how the requester's 
identity may be verified (i.e., by a notarized signature or a statement 
signed under penalty of perjury) instead of stating that verification 
of identity would be ``as described in the Department's Privacy Act 
regulations.''
    Because some of these changes are significant, HHS provided advance 
notice of the modified system of records to the Office of Management 
and Budget and Congress as required by 5 U.S.C. 552a(r) and OMB 
Circular A-108.

Emily P. Dennis,
Acting Deputy Assistant Secretary for Planning, Research, and 
Evaluation, Administration for Children & Families.

SYSTEM NAME AND NUMBER:
    OPRE Research and Evaluation Project Records, 09-80-0361.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    OPRE, ACF, HHS, 330 C St. SW, Washington, DC 20201. A list of 
contractor sites where system records are maintained is available upon 
request to the System Manager.

SYSTEM MANAGER(S):
    Executive Officer, OPRE, ACF, HHS, 330 C St. SW, Washington, DC 
20201, [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    22 U.S.C. 7104 and 7105 (authorizes the Secretary to provide grants 
to help victims of human trafficking and educate individuals about 
human trafficking); 34 U.S.C. 11243 (authorizes the HHS Secretary to 
carry out research, evaluation, demonstration, and service projects to 
increase knowledge concerning, and to improve services for, runaway 
youth and homeless youth); 42 U.S.C. 613 (authorizes the HHS Secretary 
to conduct research on the effects of temporary assistance to needy 
families programs and related programs); 42 U.S.C. 628b (authorizes the 
HHS Secretary to fund a national study about child abuse and neglect); 
42 U.S.C. 1310 (authorizes the HHS Secretary to fund research and 
demonstration projects connected to Social Security Act funded 
programs); 42 U.S.C. 5105 (authorizes the HHS Secretary to fund a 
continuous program of research on how to better protect children from 
child abuse or neglect and improve the well-being of victims of child 
abuse or neglect); 42 U.S.C. 9836 (authorizes the HHS Secretary to 
convene an expert panel to develop a Designation Renewal System for 
Head Start agencies); 42 U.S.C. 9844 (authorizes the HHS Secretary, 
directly or through grants or contracts, to carry out research, 
demonstrations, and evaluation activities to improve Head Start 
programs); 42 U.S.C. 10404 (authorizes the HHS Secretary to coordinate 
Departmental programs to prevent family violence, domestic violence, or 
dating violence); 42 U.S.C. 1397 et seq. (discusses the administration 
of block grants to states for social services and research connected to 
those grants); 42 U.S.C. subchapter II-B (authorized child care and 
development block grants in fiscal years (FYs) 2015 through 2020 to 
fund state child care programs; data funded in prior FYs still exists); 
42 U.S.C. subchapter V (authorizes the HHS Secretary to support special 
projects of regional and national significance and research regarding 
maternal and child health); 42 U.S.C. 1310 (authorizes the HHS 
Secretary to fund through grants and contracts the conduct of research 
and demonstration projects regarding the prevention and reduction of 
welfare dependency); and Executive Order 9397, as amended by Executive 
Order 13478 (addresses use of personal identifiers).

PURPOSE(S) OF THE SYSTEM:
    The records in this system of records are used for the purpose of 
conducting OPRE research, evaluation, and data projects that study how 
to improve the economic and social well-being of children and families 
and/or increase the effectiveness and efficiency of programs inside and 
outside ACF working towards that goal (OPRE Projects). Each OPRE 
Project may involve:
    (a) the analysis of data from various sources;
    (b) the collection of data through surveys, focus groups, 
interviews, and other methods;
    (c) the provision of technical assistance to organizations;
    (d) the evaluation of programs and services;
    (e) the provision of services to populations and evaluating their 
outcomes;
    (f) data and capacity building within ACF; and
    (g) other research, evaluation, and data related activities.
    This work may be supported or accomplished by federal staff or by

[[Page 57201]]

contractors, vendors, grantees, and other partners.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The system of records contains records about the following 
categories of individuals:
    (a) Individuals who are considered for inclusion or are included in 
an OPRE Project (e.g., service recipients, individuals providing 
services);
    (b) Individuals who provide information about those considered or 
selected for an OPRE Project (e.g., parents and other relatives, case 
managers, program managers, alternate points of contact); and
    (c) Individuals whose information is in a pre-existing dataset 
evaluated or analyzed as part of an OPRE Project. This includes 
administrative datasets created while operating programs such as 
Temporary Assistance for Needy Families or Head Start.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records maintained about a specific individual will depend on 
which OPRE Project the individual was considered for or included in and 
the individual's role in the project. An OPRE Project may collect the 
individual's identifying information and contact information (name, 
address(es), telephone number(s), email address(es), SSN); 
sociodemographic characteristics (e.g., age, race, ethnicity, tribal 
affiliation, gender, sexuality); language preferences and 
proficiencies; responses to assessments and collections (e.g., surveys 
and interviews); photographs; voice and video recordings and 
transcripts; bio-specimens; correspondences; identifiers specific to 
the applicable project or series of projects in which the individual 
was involved; and administrative records. It may also collect records 
about an individual's current and prior finances; education; 
employment; living situation; sexual history; mental and physical 
health and well-being; criminal activities; risky behaviors (e.g., 
illicit drug use); family dynamics (e.g., marriage, relationships, and 
beliefs); disabilities; service utilization; other characteristics; 
experiences with child welfare and other governmental services; and 
experiences relevant to ACF's programs.

RECORD SOURCE CATEGORIES:
    The sources of records in the system may include: the record 
subject; HHS; other governmental agencies (federal, state, tribal, and 
local) and their agents; ACF contractors and grantees; research 
institutions, foundations, and similar organizations; publicly 
available documents; commercial sources; individuals who know the 
record subject (e.g., relatives, case managers, service providers, and 
neighbors); and other third parties.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    These routine uses specify circumstances, in addition to those 
provided by statute in the Privacy Act, under which ACF may release 
information from the system of records without the record subject's 
consent.
    Each proposed disclosure under these routine uses will be evaluated 
to ensure it is legally permissible and appropriate. If a OPRE Project 
received a certificate of confidentiality, these routine uses will not 
authorize a disclosure barred by the terms of the certificate.
    (1) Disclosure for Law Enforcement Purpose
    Information may be disclosed to the appropriate federal, state, 
local, tribal, or foreign agency responsible for investigating, 
prosecuting, enforcing, or implementing a statute, rule, regulation, or 
order, if the information is relevant to a violation or potential 
violation of civil or criminal law or regulation within the 
jurisdiction of the receiving entity. However, because this is a 
research and evaluation system, no information will be disclosed for 
use in any investigation, prosecution, or other action targeted against 
any individual who is the subject of the record.
    (2) Disclosure Incident to Requesting Records
    Records may be disclosed (to the extent necessary to identify the 
individual, inform the source of the purpose of the request, and 
identify the type of records requested), to any source from which 
additional records are requested when necessary to obtain records 
relevant to the OPRE Project being conducted.
    (3) Disclosure to Congressional Office
    Information may be disclosed to a congressional office from the 
record of an individual in response to a written inquiry from the 
congressional office made at the request of the individual.
    (4) Disclosure to Department of Justice or in Proceedings
    Information may be disclosed to the Department of Justice, or in a 
proceeding before a court, adjudicative body, or other administrative 
body before HHS is authorized to appear, when (a) HHS, or any component 
thereof; or (b) any employee of HHS in his or her official capacity; or 
(c) any employee of HHS in his or her individual capacity where the 
Department of Justice or HHS has agreed to represent the employee; or 
(d) the United States, if HHS determines that litigation is likely to 
affect HHS or any of its components; is a party to litigation or has an 
interest in such litigation, and the use of such records by the 
Department of Justice or HHS is deemed by HHS to be relevant and 
necessary to the litigation.
    (5) Disclosure to Contractors and Grantees
    Records may be disclosed to a contractor or grantee that (a) is 
performing or working on a contract or grant for HHS, (b) needs to 
access the records in the performance of their duties or activities for 
HHS, and (c) is required by the terms of the contract or grant to 
comply with the Privacy Act.
    (6) Disclosure in Connection with Litigation
    Information may be disclosed in connection with litigation or 
settlement discussions regarding claims by or against HHS, including 
public filing with a court, to the extent that disclosure of the 
information is relevant and necessary to the litigation or discussions 
and except where court orders are otherwise required under 5 U.S.C. 
552a(b)(11).
    (7) Disclosure in the Event of a Security Breach Experienced by HHS
    To appropriate agencies, entities, and persons when (1) HHS 
suspects or has confirmed that there has been a breach of the system of 
records; (2) HHS has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, HHS (including 
its information systems, programs, and operations), the federal 
government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with HHS's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    (8) Disclosure in the Event of a Security Breach Experienced by 
Another Agency or Entity
    To another federal agency or federal entity, when HHS determines 
that information from the system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the federal 
government, or national security, resulting from a suspected or 
confirmed breach.
    (9) Disclosure for Research Purposes

[[Page 57202]]

    Records may be disclosed for a research, evaluation, or data 
purpose if HHS:
    (A) Determines that the use and disclosure does not violate the 
laws or policies under which the record was collected;
    (B) Determines that the purpose cannot be reasonably accomplished 
unless individually identifiable information is provided;
    (C) Determines that the purpose warrants any privacy risk to the 
individual caused by the disclosure;
    (D) Determines that the disclosure will not directly affect the 
rights, privileges, or benefits of a particular individual.
    (E) Requires the recipient to:
    1. Establish reasonable administrative, technical, and physical 
safeguards to prevent unauthorized use or disclosure of the record;
    2. Destroy the individually identifiable information as soon as 
reasonable for that project;
    3. Not reuse or redisclose the information except:
    (a) in an emergency circumstances affecting the health or safety of 
an individual,
    (b) to another research, evaluation, or data project with written 
authorization from HHS,
    (c) for an audit related to the project, if the individually 
identifiable information is removed or destroyed at the earliest 
opportunity consistent with the purpose of the audit, or
    (d) when required by law; and
    4. Provide HHS a written statement that they understand and will 
abide by these requirements.
    (10) Disclosure to Continue Services
    Records about the services an individual received from a grantee as 
part of an OPRE Project may be shared with that grantee, or successor 
organizations, to continue serving that individual.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored in paper and electronic form.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by the subject individual's name, SSN, or 
another personal identifier contained in the records.

POLICIES AND PROCEDURES FOR RETENTION AND DISPOSAL OF RECORDS:
    A disposition schedule, DAA-0292-2020-0005, is pending approval by 
NARA, which proposes at Item 1.3 that the records (background materials 
for creation of studies and reports) be cut off at the end of the 
calendar year in which the report is published and destroyed 5 years 
after cut-off. ACF/OPRE will continue to retain the records 
indefinitely until the schedule is approved by NARA.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    All record keepers are required to maintain appropriate 
administrative, technical, and physical safeguards to protect the 
records from unauthorized access. Administrative controls include 
training individuals who have access to the records how to handle them 
appropriately, incident response plans, and limiting access to 
individuals who need to know the information. Technical controls 
include the use of antivirus software, vulnerability patching, multi-
factor authentication when required, and storing electronic records in 
encrypted form. Physical controls include storing hard copy records and 
computer terminals used to access electronic records in physically 
locked locations when not in use.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to records about them in this system of 
records must submit a written access request to the System Manager 
identified in the ``System Manager(s)'' section of this SORN, in 
accordance with the Department's Privacy Act implementation regulations 
in 45 CFR. The request must contain the requester's full name, contact 
information (i.e., telephone number and/or email address, and current 
mailing address), and sufficient identifying particulars contained in 
the records to enable the System Manager to distinguish between records 
on subject individuals with the same name. In addition, to verify the 
requester's identity, the request must be signed by the requester, and 
the signature must be notarized or the request must include the 
requester's written certification that the requester is the person the 
requester claims to be and that he/she understands that the knowing and 
willful request for or acquisition of a record pertaining to an 
individual under false pretenses is a criminal offense subject to a 
fine of up to $5,000.

CONTESTING RECORD PROCEDURES:
    Individuals seeking to amend a record about them in this system of 
records must submit a written amendment request to the System Manager 
identified in the ``System Manager(s)'' section of this SORN, in 
accordance with the Department's Privacy Act implementation regulations 
in 45 CFR. An amendment request must include verification of the 
requester's identity in the same manner required for an access request 
and must reasonably identify the record and specify the information 
being contested, the corrective action sought, and the reasons for 
requesting the correction, along with supporting information to show 
how the record is inaccurate, incomplete, untimely, or irrelevant.

NOTIFICATION PROCEDURES:
    Individuals seeking to determine whether this system of records 
contains records about them must submit a written notification request 
to the System Manager identified in the ``System Manager(s)'' section 
of this SORN, in accordance with the Department's Privacy Act 
implementation regulations in 45 CFR and verify their identity in the 
same manner required for an access request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    80 FR 17893 (April 2, 2015), 83 FR 6591 (Feb. 14, 2018).

[FR Doc. 2022-20139 Filed 9-16-22; 8:45 am]
BILLING CODE 4184-79-P