[Federal Register Volume 87, Number 221 (Thursday, November 17, 2022)]
[Notices]
[Pages 69026-69030]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-25017]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Administration for Children and Families


Privacy Act of 1974; System of Records

AGENCY: Administration for Children & Families, Department of Health 
and Human Services.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended, the Department of Health and Human Services (HHS) is 
modifying an existing system of records maintained by the 
Administration for Children & Families (ACF), Office of Child Support 
Enforcement (OCSE): System No. 09-80-0389, ``OCSE Data Center General 
Support System, HHS/ACF/OCSE.''

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this Notice is 
applicable November 17, 2022, subject to a 30-day period in which to 
comment on the routine uses, described below. Please submit any 
comments by December 19, 2022.

ADDRESSES: The public should address written comments by mail or email 
to: Anita Alford, Senior Official for Privacy, Administration for 
Children & Families, 330 C St. SW, Washington, DC 20201, or 
[email protected].

FOR FURTHER INFORMATION CONTACT: General questions about this system of 
records should be submitted by mail or email to Venkata Kondapolu, 
Director, Division of Federal Systems, Office of Child Support 
Enforcement, at 330 C St. SW, 5th Floor, Washington, DC 20201, or 
[email protected].

SUPPLEMENTARY INFORMATION:

I. Explanation of Changes to System of Records 09-80-0389

    This system of records covers information maintained in a secure 
gateway system (the OCSE Data Center General Support System) 
established by OCSE. OCSE and (at their option) external partners use 
the system to facilitate electronic exchanges of information between 
(1) a state child support enforcement agency and (2) another external 
child support program partner, such as an employer, a health plan 
administrator, a financial institution, or a central authority in a 
foreign treaty country or a foreign country that is the subject of a 
declaration under 42 U.S.C. 659a, through OCSE. The system maintains 
information about individual participants in child support cases, 
including income withholding order information, medical support 
information, financial institution account information, levy file 
information, and details of child support disbursements transmitted 
between the United States and the authorized entity of the foreign 
treaty country or foreign country subject of a declaration under 42 
U.S.C. 659a for distribution of the support payment by the foreign 
authority in accordance with the terms of the order. The following 
modifications have been made:
     The System Manager section has been revised to change the 
email address of the official serving as the System Manager, and to 
change the title of the official from ``Acting Commissioner'' to 
``Director.''

[[Page 69027]]

     The Authority section has been revised to include 42 
U.S.C. 654, 654a, 654b, and 659a.
     The Purpose(s) section has been updated as follows:
    [cir] To include an additional purpose for which OCSE may use the 
OCSE Data Center General Support System; i.e., to support the Central 
Authority Payment (CAP) program, that exchanges details of child 
support disbursements transmitted between the United States and the 
authorized entity of the foreign treaty country or foreign country 
subject of a declaration under 42 U.S.C. 659a for distribution of the 
support payment by the foreign authority in accordance with the terms 
of the order;
    [cir] To add the CAP program to the bulleted list of programs 
supported by the gateway system;
    [cir] To add the new purpose to the list of reasons for which state 
child support enforcement agencies use the system; and
    [cir] To add, at the end of the section, reasons for which U.S. 
states use the system.
     The Categories of Records section has been revised to add 
a new category 4: child support case information used to administer the 
Central Authority Payment (CAP) program, which includes:
    [cir] Obligor/non-custodial parent's name and Social Security 
Number (SSN).
    [cir] Foreign authority name, FIPS locator code, and foreign 
authority's child support case identifier.
    [cir] U.S. state name and state child support agency's case number.
    [cir] Amount and date of payment.
    [cir] Medical support indicator.
    [cir] Employment termination indicator.
     In the Record Source Categories section, the description 
of the first record source category has been changed from ``[s]tate 
child support enforcement agencies initiating e-IWO, eNMSN, and FAST 
Levy program transactions'' to ``[s]tate child support enforcement 
agencies transmitting payment information to the CAP program for 
foreign authorities, and initiating e-IWO, e-NMSN, and FAST Levy 
program transactions in domestic child support cases.''
     The Routine Uses section has been updated to add new 
routine use 11 to allow disclosure of child support case information 
involving residents of the United States and residents of foreign 
treaty countries or foreign countries that are the subject of a 
declaration under 42 U.S.C. 659a to the foreign authority.
     The Policies and Practices for Retention and Disposal of 
Records section has been updated to insert, in the description of 
various retention periods that OCSE plans to propose to the National 
Archives and Records Administration (NARA) for the records, ``up to 120 
days to correct errors, and up to one year to reconcile information 
with external partners.''

Venkata Kondapolu,
Director, Division of Federal Systems, Office of Child Support 
Enforcement, Administration for Children & Families, U.S. Department of 
Health and Human Services.

SYSTEM NAME AND NUMBER:
    OCSE Data Center General Support System, HHS/ACF/OCSE, 09-80-0389.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The address of the agency component responsible for the system of 
records is Office of Child Support Enforcement, Administration for 
Children & Families, 330 C St. SW, 5th Floor, Washington, DC 20201.

SYSTEM MANAGER(S):
    Director, Division of Federal Systems, Office of Child Support 
Enforcement, Administration for Children & Families, Department of 
Health and Human Services, 330 C St. SW, 5th Floor, Washington, DC 
20201, or [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 652, 654, 654a, 654b, 659, 659a, 666, 669a.

PURPOSE(S) OF THE SYSTEM:
    The purpose of the system of records is to support the enforcement 
of child support obligations, by providing a secure gateway (the OCSE 
Data Center General Support System, or any successor system) that OCSE 
will use to facilitate electronic exchanges of information about 
individual participants in child support cases, between state child 
support enforcement agencies and other external partners such as 
employers, health plan administrators, financial institutions, and 
central authorities in foreign treaty countries or foreign countries 
that are the subject of a declaration under 42 U.S.C. 659a. The child 
support enforcement agencies and other external partners will use the 
gateway system to electronically submit information to and receive 
information from each other, through OCSE.
    The gateway system will support, for example:
     The Electronic Income Withholding Order (e-IWO) program, 
that provides the means to electronically exchange income withholding 
order information between state child support enforcement agencies and 
employers.
     The Electronic National Medical Support Notice (e-NMSN) 
program, that allows state child support enforcement agencies, 
employers, and health plan administrators to electronically send and 
receive National Medical Support Notices used to enroll children in 
medical insurance plans pursuant to child support orders.
     The Federally Assisted State Transmitted (FAST) Levy 
program, that allows states and financial institutions to exchange 
information about levy actions through an electronic process.
     The Central Authority Payment (CAP) program, that allows 
states and foreign authorities to exchange details of child support 
disbursements transmitted between the United States and the authorized 
entity of the foreign treaty country or foreign country subject of a 
declaration under 42 U.S.C. 659a for distribution of the support 
payment by the foreign authority in accordance with the terms of the 
order.
    Multiple child support program partners will utilize the gateway 
system to electronically send and receive information:
    State child support enforcement agencies will use the system to 
transmit e-IWOs to employers and e-NMSNs to employers and health plan 
administrators. State child support enforcement agencies will also use 
the system to create levy actions for distribution to multiple 
financial institutions, and to transmit information about child support 
disbursements between U.S. states and foreign authorities through the 
CAP program.
    Employers will use the system to respond to state child support 
enforcement agencies regarding e-IWOs and to provide information about 
health insurance coverage provided by the employer. Employers and 
health plan administrators will use the system to respond to state 
child support enforcement agencies regarding e-NMSNs.
    Financial institutions will use the system to receive and respond 
to levy actions from multiple state child support enforcement agencies.
    U.S. states will use the system to transmit information about child 
support disbursements transmitted from the United States to a foreign 
authority through the CAP program.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The records in the system of records are about custodial and 
noncustodial parents, legal guardians, and third-party caretakers who 
are participants in child

[[Page 69028]]

support program cases and whose names and Social Security numbers 
(SSNs) are used to retrieve the records. Children's personal 
identifiers are not used to retrieve records in this system of records, 
so children are not subject individuals for purposes of this system of 
records.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The categories of records exchanged in the gateway system include:
    1. Child support case information used to populate an e-IWO, which 
may include:
    a. Name of state, tribe, territory, or private individual entity 
issuing an e-IWO;
    b. Order ID and Case ID;
    c. Remittance ID;
    d. Employer/income withholder name, address, federal employer 
identification number (FEIN), telephone number, FAX number, email, or 
website;
    e. Employee/obligor's name, Social Security number (SSN), date of 
birth;
    f. Custodial parent's/obligee's name;
    g. Child(ren)'s name(s) and date(s) of birth;
    h. Income withholding amounts for current child support, past-due 
child support, current cash medical support, past-due cash medical 
support, current spousal support, past-due spousal support;
    i. Child support state disbursement unit or tribal order payee name 
and address;
    j. Judge/issuing official's name, title, and signature; and
    k. Employee/obligor termination date, last known telephone number, 
last known address, new employer/income withholder's name and address.
    2. Child support case information used to populate an e-NMSN, and 
medical insurance information included in e-NMSN responses from 
employers and health plan administrators, which may include:
    a. Custodial parent/obligee's name and mailing address;
    b. Substituted official/agency name and address (if custodial 
parent/obligee's address is left blank);
    c. Name, telephone number, and mailing address of representative of 
child(ren);
    d. Child(ren)'s name(s), gender, date of birth, and SSN;
    e. Employee's name, SSN, and mailing address;
    f. Plan administrator name, contact person, FAX number and 
telephone number;
    g. Employer and/or employer representative name, FEIN, and 
telephone number;
    h. Date of medical support termination, reason for termination, and 
child(ren) to be terminated from medical support;
    i. Medical insurance provider name, group number, policy number, 
address;
    j. Dental insurance provider name, group number, policy number, 
address;
    k. Vision insurance provider name, group number, policy number, 
address;
    l. Prescription drug insurance provider name, group number, policy 
number, address;
    m. Mental health insurance provider name, group number, policy 
number, address;
    n. Other insurance, specified by name, group number, policy number, 
address; and
    o. Plan administrator name, title, telephone number and address.
    3. Child support case information used to administer the FAST Levy 
program, which includes:
    a. Requesting state agency name, address, and state Federal 
Information Processing Standard (FIPS) code;
    b. Financial institution's name and FEIN;
    c. Obligor's name, SSN, and date of birth;
    d. Account number of account from which to withhold funds;
    e. Withholding amount; and
    f. Contact name, phone number, and email for point of contact in 
requesting state.
    4. Child support case information used to administer the CAP 
program, which includes:
    a. Obligor/non-custodial parent's name and SSN;
    b. Foreign authority name, FIPS locator code, and foreign 
authority's child support case identifier;
    c. U.S. state name and state child support agency's case number;
    d. Amount and date of payment;
    e. Medical support indicator; and
    f. Employment termination indicator.

RECORD SOURCE CATEGORIES:
    The sources of the information in the system of records include:
     State child support enforcement agencies transmitting 
payment information to the CAP program for foreign authorities, and 
initiating e-IWO, e-NMSN, and FAST Levy program transactions in 
domestic child support cases.
     Employers or authorized third parties responding to e-IWOs 
and e-NMSNs.
     Health plan administrators responding to e-NMSNs.
     Financial institutions responding to FAST Levy requests.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to the disclosures authorized directly in the Privacy 
Act at 5 U.S.C. 552a(b)(1)-(b)(2) and (b)(4)-(b)(11), these routine 
uses specify circumstances under which the agency may disclose 
information from this system of records to a non-HHS officer or 
employee without the consent of the data subject. ACF will prohibit 
redisclosures, or may permit only certain redisclosures, as required or 
authorized by law. Each proposed disclosure or redisclosure of 
information permitted directly in the Privacy Act or under these 
routine uses will be evaluated to ensure that the disclosure or 
redisclosure is legally permissible.
    Any information defined as ``return''' or ``return information'' 
under 26 U.S.C. 6103 (Internal Revenue Code) is not disclosed unless 
authorized by a statute, the Internal Revenue Service (IRS), or IRS 
regulations.
    1. Disclosure to Financial Institution to Collect Past-Due Support.
    Pursuant to 42 U.S.C. 652(l), information pertaining to an 
individual owing past-due child support may be disclosed to a financial 
institution doing business in two or more states to identify an 
individual who maintains an account at the institution for the purpose 
of collecting past-due support. Information pertaining to requests by 
the state child support enforcement agencies for the placement of a 
lien or levy of such accounts may also be disclosed.
    2. Disclosure of Financial Institution Information to State Child 
Support Enforcement Agency for Assistance in Collecting Past-Due 
Support.
    Pursuant to 42 U.S.C. 652(l), the results of a comparison between 
information pertaining to an individual owing past-due child support 
and information provided by multistate financial institutions may be 
disclosed to a state child support enforcement agency for the purpose 
of assisting the state agency in collecting past-due support. 
Information pertaining to responses to requests by a state child 
support enforcement agency for the placement of a lien or levy of such 
accounts may also be disclosed.
    3. Disclosure to Employer to Enforce Child Support Obligations.
    Pursuant to 42 U.S.C. 666(b), information pertaining to an 
individual owing current or past-due child support may be disclosed to 
an employer for the purpose of collecting current or past-due support 
by way of an e-IWO.

[[Page 69029]]

    4. Disclosure of Employer Information to State Child Support 
Enforcement Agency in Response to an e-IWO.
    Information pertaining to a response by an employer to an e-IWO 
issued by a state child support enforcement agency for the collection 
of child support may be disclosed to the state child support 
enforcement agency.
    5. Disclosure to Employer and Health Plan Administrator to Enforce 
Medical Support Obligations.
    Pursuant to 42 U.S.C. 666(a)(19), information pertaining to 
participants in a child support case may be disclosed to an employer or 
a health plan administrator for the purpose of enforcing medical 
support for a child by way of an e-NMSN.
    6. Disclosure of Employer and Health Plan Administrator Information 
to State Child Support Enforcement Agency in Response to an e-NMSN.
    Information pertaining to a response by an employer or a health 
plan administrator to an e-NMSN issued by a state child support 
enforcement agency for the enforcement of medical support may be 
disclosed to the state child support enforcement agency.
    7. Disclosure to Department of Justice or in Proceedings.
    Records may be disclosed to the Department of Justice (DOJ) or to a 
court or other adjudicative body in litigation or other proceedings 
when HHS or any of its components, or any employee of HHS acting in the 
employee's official capacity, or any employee of HHS acting in the 
employee's individual capacity where the DOJ or HHS has agreed to 
represent the employee, or the United States Government, is a party to 
the proceedings or has an interest in the proceedings and, by careful 
review, HHS determines that the records are both relevant and necessary 
to the proceedings.
    8. Disclosure to Congressional Office.
    Information may be disclosed to a congressional office from the 
record of an individual in response to a written inquiry from the 
congressional office made at the written request of the individual.
    9. Disclosure to Contractor to Perform Duties.
    Records may be disclosed to a contractor performing or working on a 
contract for HHS and who has a need to have access to the information 
in the performance of its duties or activities for HHS in accordance 
with law and with the contract.
    10. Disclosure in the Event of a Security Breach.
    a. Information may be disclosed to appropriate agencies, entities, 
and persons when (1) HHS suspects or has confirmed that there has been 
a breach of the system of records; (2) HHS has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, HHS (including its information systems, programs, and 
operations), the federal government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with HHS's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    b. Information may be disclosed to another federal agency or 
federal entity, when HHS determines that information from this system 
of records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the federal government, or national 
security, resulting from a suspected or confirmed breach.
    11. Disclosure to a Foreign Reciprocating Country and Foreign 
Treaty Country for Child Support Purposes.
    Pursuant to 42 U.S.C. 652(n), 653(a)(2), 653(c)(5) and 659a(c)(2), 
child support case information involving residents of the United States 
and residents of foreign treaty countries or foreign countries that are 
the subject of a declaration under 42 U.S.C. 659a may be disclosed to 
the foreign authority.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The records are stored electronically.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by the parent's, guardians, or third-party 
caretaker's name or SSN.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Upon approval of a disposition schedule by the National Archives 
and Records Administration (NARA), the records will be deleted when 
eligible for destruction under the schedule, if the records are no 
longer needed for administrative, audit, legal, or operational 
purposes. ACF anticipates requesting NARA's approval of retention 
periods of approximately 90 days for the information contained in the 
transmission files (i.e., long enough to confirm receipt or to resend 
if necessary), up to 120 days to correct errors, up to a year to 
reconcile information with external partners, and up to seven years for 
the audit log records. Approved disposal methods for electronic records 
and media include overwriting, degaussing, erasing, disintegration, 
pulverization, burning, melting, incineration, shredding, or sanding.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The system leverages cloud service providers that maintain an 
authority to operate in accordance with applicable laws, rules, and 
policies, including Federal Risk and Authorization Management Program 
(FedRAMP) requirements. Specific administrative, technical, and 
physical controls are in place to ensure that the records collected, 
maintained, and transmitted using the OCSE Data Center General Support 
System are secure from unauthorized access. Access to the records 
within the system is restricted to authorized personnel who are advised 
of the confidentiality of the records and the civil and criminal 
penalties for misuse, and who sign a nondisclosure oath to that effect. 
Agency personnel are provided privacy and security training before 
being granted access to the records and annually thereafter. Additional 
safeguards include protecting the facilities where records are stored 
or accessed with security guards, badges and cameras; limiting access 
to electronic databases to authorized users based on roles and either 
two-factor authentication or user ID and password (as appropriate); 
using a secured operating system protected by encryption, firewalls, 
and intrusion detection systems; reviewing security controls on a 
periodic basis; and using secure destruction methods prescribed in NIST 
SP 800-88 to dispose of eligible records. All safeguards conform to the 
HHS Information Security and Privacy Program, https://www.hhs.gov/ocio/securityprivacy/index.html.

RECORD ACCESS PROCEDURES:
    To request access to a record about you in this system of records, 
submit a written access request to the System Manager identified in the 
``System Manager'' section of this System of Records Notice (SORN), in 
accordance with the Department's Privacy Act implementation regulations 
in 45 CFR. The request must reasonably describe the record sought and 
must include (for contact purposes and identity verification purposes) 
your full name, current address, telephone number and/or email address, 
date and place of birth, and signature, and (if needed by

[[Page 69030]]

the agency) sufficient particulars contained in the records (such as, 
your SSN) to enable the System Manager to distinguish between records 
on subject individuals with the same name. In addition, to verify your 
identity, your signature must be notarized, or the request must include 
your written certification that you are the individual who you claim to 
be and that you understand that the knowing and willful request for or 
acquisition of a record pertaining to an individual under false 
pretenses is a criminal offense subject to a fine of up to $5,000. You 
may request that copies of the records be sent to you, or you may 
request an appointment to review the records in person (including with 
a person of your choosing, if you provide written authorization for 
agency personnel to discuss the records in that person's presence). You 
may also request an accounting of disclosures that have been made of 
records about you, if any.

CONTESTING RECORD PROCEDURES:
    To request correction of a record about you in this system of 
records, submit a written amendment request to the System Manager 
identified in the ``System Manager'' section of this SORN, in 
accordance with the Department's Privacy Act implementation regulations 
in 45 CFR. The request must contain the same information required for 
an access request and include verification of your identity in the same 
manner required for an access request. In addition, the request must 
reasonably identify the record and specify the information contested, 
the corrective action sought, and the reasons for requesting the 
correction; and should include supporting information to show how the 
record is inaccurate, incomplete, untimely, or irrelevant.

NOTIFICATION PROCEDURES:
    To find out if the system of records contains a record about you, 
submit a written notification request to the System Manager identified 
in the ``System Manager'' section of this SORN, in accordance with the 
Department's Privacy Act implementation regulations in 45 CFR. The 
request must identify this system of records, contain the same 
information required for an access request, and include verification of 
your identity in the same manner required for an access request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    86 FR 72245 (Dec. 21, 2021).

[FR Doc. 2022-25017 Filed 11-16-22; 8:45 am]
BILLING CODE 4184-42-P