[Federal Register Volume 89, Number 96 (Thursday, May 16, 2024)]
[Notices]
[Pages 42881-42883]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-10776]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Administration for Children and Families


Privacy Act of 1974; System of Records

AGENCY: Administration for Children and Families, Department of Health 
and Human Services.

ACTION: Notice of a new systems of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended, the Department of Health and Human Services (HHS) is 
establishing a new system of records to be maintained by the 
Administration for Children and Families (ACF), Office of Child Support 
Services (OCSS): System Number 09-80-0391, ``OCSS Research Platform.''

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this Notice is 
applicable May 16, 2024, subject to a 30-day period in which to comment 
on the routine uses, described below. Please submit any comments by 
June 17, 2024.

ADDRESSES: The public should address written comments by mail or email 
to: Anita Alford, Senior Official for Privacy, Administration for 
Children and Families, 330 C St. SW, Washington, DC 20201, or 
[email protected].

FOR FURTHER INFORMATION CONTACT: General questions about the new system 
of records should be submitted by mail or email to Venkata Kondapolu, 
Office of Child Support Services, at 330 C St. SW--5th Floor, 
Washington, DC 20201, or [email protected], or by phone at 
202-260-4712.

SUPPLEMENTARY INFORMATION: The new system of records will consist of 
information about individual participants in child support cases which 
originates in one or more other OCSS system(s) of records (and, 
possibly, information technology (IT) systems of other HHS components, 
other agencies such as the Social Security Administration, or external 
parties) and is used to build deidentified datasets for research 
purposes likely to contribute to the purposes of the Temporary 
Assistance for Needy Families program, authorized under title IV-A of 
the Social Security Act, or the child support program, authorized under 
title IV-D of the Social Security Act.

Venkata Kondapolu,
Director, Division of Federal Systems, Office of Child Support 
Services, Administration for Children and Families, U.S. Department of 
Health and Human Services.

SYSTEM NAME AND NUMBER:
    OCSS Research Platform, 09-80-0391.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Office of Child Support Services, Administration for Children and 
Families, 330 C St. SW--5th Floor, Washington, DC 20201.

SYSTEM MANAGER(S):
    Director, Division of Federal Systems, Office of Child Support 
Services, Administration for Children and Families, Department of 
Health and Human Services, 330 C St. SW--5th Floor, Washington, DC 
20201, (202) 260-4712, [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 653(j)(5).

PURPOSE(S) OF THE SYSTEM:
    The purpose of the system of records is to cover records which are 
retrieved by personal identifier to build deidentified datasets for 
research purposes likely to contribute to the purposes of the Temporary 
Assistance for Needy Families program, authorized under title IV-A of 
the Social Security

[[Page 42882]]

Act, or the child support program, authorized under title IV-D of the 
Social Security Act.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The records are about individuals who are involved in child support 
cases in which services are being provided by State or Tribal IV-D 
child support agencies; although information about other individuals is 
also contained in the records, only personal identifiers about 
individuals who are involved in child support cases are used for 
retrieval.

    Note: Information about child participants will be included in 
the de-identified datasets as part of a child support case 
household, but will only be used to provide information about unique 
case and family structure; analysis of individuals will be limited 
to adult participants.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The records consist of child support case-related data from ACF/
OCSS information technology (IT) systems, and possibly IT systems of 
other HHS components, other agencies such as the Social Security 
Administration, or external parties, which are combined to create 
deidentified datasets to provide relevant and meaningful information 
for research purposes. Examples of specific data elements that may be 
included about individuals involved in a child support case are listed 
below.
     Identifying information (e.g., name, Social Security 
Number (SSN), date of birth).
     Address and contact information.
     Employment and wage information.
     Child support debt information.
     Income, financial assets, and benefit information (e.g., 
information about financial accounts, lump sum payments, workers' 
compensation, retirement benefits, and insurance claims, settlements, 
awards, and payments).

RECORD SOURCE CATEGORIES:
    Sources of data retrieved by personal identifier to create 
deidentified datasets include OCSS IT systems, and possibly IT systems 
of other HHS components, and other agencies or external parties, which 
contain data that may have originally been collected from the child 
support case participant to whom it pertains, or from an agency, 
employer, insurance company, or financial institution registered to use 
the CSP.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to other disclosures authorized directly in the Privacy 
Act at 5 U.S.C. 552a(b)(1) and (2) and (b)(4) through (11), HHS may 
disclose records about an individual from this system of records to 
parties outside HHS as described in these routine uses, without the 
subject individual's prior written consent.
    (1) Disclosure to Contractor to Perform Duties.
    Records may be disclosed to a contractor performing or working on a 
contract for HHS who has a need for the records in the performance of 
its duties or activities in accordance with law and with the contract.
    (2) Disclosure in the Event of a Security Breach.
    (a) Records may be disclosed to appropriate agencies, entities, and 
persons when (1) HHS suspects or has confirmed that there has been a 
breach of the system of records; (2) HHS has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, HHS (including its information systems, programs, and 
operations), the Federal Government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with HHS's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    (b) Records may be disclosed to another Federal agency or Federal 
entity when HHS determines that records from this system of records are 
reasonably necessary to assist in (1) responding to a suspected or 
confirmed breach; or (2) preventing, minimizing, or remedying the risk 
of harm to individuals, the recipient agency or entity (including its 
information systems, programs, and operations), the Federal Government, 
or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The records will be stored on electronic media, but paper printouts 
may be generated.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records about individuals involved in child support cases will be 
retrieved by the individuals' assigned identifiers, including child 
support case identifier, if any, or combination of identifiers, to 
disaggregate duplicate records and to combine records that are about 
the same individual.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The records used to create the deidentified datasets will be 
retained and disposed of in accordance with General Records Schedule 
5.2, Items 010 and 020 (DAA-GRS-2022-0009-0001 and DAA-GRS-2022-0009-
0002), which provides these disposition periods:
     Item 010 Transitory records: Destroy when no longer needed 
for business use, or according to an agency predetermined time period 
or business rule.
     Item 020 Intermediary records: Destroy upon creation or 
update of the final record, or when no longer needed for business use, 
whichever is later.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The system leverages cloud service providers that maintain an 
authority to operate in accordance with applicable laws, rules, and 
policies, including Federal Risk and Authorization Management Program 
(FedRAMP) requirements. Specific administrative, technical, and 
physical controls are in place to ensure that the records collected and 
maintained in the OCSS Data Analytics system are secure from 
unauthorized access. Access to the records is restricted to authorized 
personnel who are advised of the confidentiality of the records and the 
civil and criminal penalties for misuse and who sign a nondisclosure 
oath to that effect. Personnel are provided privacy and security 
training before being granted access to the records and annually 
thereafter.
    Logical access controls are in place to limit access to the records 
to authorized personnel, to limit their access based on their roles, 
and to prevent browsing. The records are processed and stored in a 
secure environment. All records are stored in an area that is always 
physically safe from unauthorized access.
    Safeguards conform to the HHS Information Security and Privacy 
Program, which may be found at https://www.hhs.gov/ocio/securityprivacy/index.html.

RECORD ACCESS PROCEDURES:
    To request access to a record about you in this system of records, 
submit a written access request to the System Manager. The request must 
include your name, telephone number or email address, current address, 
signature, and sufficient particulars (such as date of birth or SSN) to 
enable the System Manager to distinguish between records on subject 
individuals with the same name. To verify your identity, your signature 
must be notarized, or your request must include your written 
certification that you are the individual who you claim to be and that 
you

[[Page 42883]]

understand that the knowing and willful request for, or acquisition of, 
a record pertaining to an individual under false pretenses is a 
criminal offense subject to a fine of up to $5,000.

CONTESTING RECORD PROCEDURES:
    To request correction of a record about you in this system of 
records, submit a written amendment request to the System Manager. The 
request must contain the same information required for an access 
request and include verification of your identity in the same manner 
required for an access request. In addition, the request must 
reasonably identify the record and specify the information contested, 
the corrective action sought, and the reasons for requesting the 
correction; it should include supporting information to show how the 
record is inaccurate, incomplete, untimely, or irrelevant.

NOTIFICATION PROCEDURES:
    To find out if this system of records contains a record about you, 
submit a written notification request to the System Manager. The 
request must identify this system of records, contain the same 
information required for an access request, and include verification of 
your identity in the same manner required for an access request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

[FR Doc. 2024-10776 Filed 5-15-24; 8:45 am]
BILLING CODE 4184-42-P