[Federal Register Volume 90, Number 232 (Friday, December 5, 2025)]
[Notices]
[Pages 56189-56192]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2025-22123]
-----------------------------------------------------------------------
NATIONAL SCIENCE FOUNDATION
[Docket No. NSF-2025-OGC-0004]
Privacy Act of 1974; System of Records
AGENCY: National Science Foundation.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: The U.S. National Science Foundation (NSF) is establishing a
new agency system of records in connection with its online Standard
Application Process (SAP) for collecting and maintaining requests from
researchers or other individuals applying for access to confidential
data assets from participating federal agencies and units for evidence-
building, statistical purposes.
DATES: This system notice is effective as of December 5, 2025. The
routine uses described in this notice will take effect on January 5,
2026, unless modified by a subsequent notice to incorporate comments
received from the public. Submit comments on or before January 5, 2026.
ADDRESSES: U.S. National Science Foundation (NSF), National Center for
Science and Engineering Statistics (NCSES), 2415 Eisenhower Ave.,
Alexandria, VA 22314.
You may submit comments, identified by docket number ``NSF-2025-
OGC-0004'' by any one of the following methods:
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the instructions for submitting comments.
Email: John Finamore, Chief Statistician for the National
Center for Science and Engineering Statistics, NSF, [email protected].
Include ``NSF-2025-OGC-0004'' in the subject line of the message.
Mail: John Finamore, Chief Statistician for the National
Center for Science and Engineering Statistics, NSF, 2415 Eisenhower
Ave., Alexandria, VA 22314.
Instructions: NSF will post all in-scope comments on the NSF's
website (https://www.nsf.gov). All comments submitted in response to
this Notice will become a matter of public record. Therefore, you
should submit only information that you wish to make publicly
available.
FOR FURTHER INFORMATION CONTACT: If you wish to submit general
questions about this new system of records, please contact John
Finamore, Chief Statistician for the National Center for Science and
Engineering Statistics, NSF, at [email protected] or by telephone at
703-292-2258. You may also contact the NSF acting Senior Agency Office
for Privacy (SAOP), Tom Boger, [email protected].
SUPPLEMENTARY INFORMATION: NSF is publishing this new system of records
notice (SORN) for the system entitled, ``Standard Application Process
(NSF-83),'' to support the collection and maintenance of requests
submitted by researchers and other individuals for access to
confidential data assets held by certain federal agencies and units
comprising the United States Federal Statistical System, as required by
section 303(a) of the Foundations for Evidence-Based Policymaking Act
of 2018 (the Act), 44 U.S.C. 3583.\1\ In December 2022, the Office of
Management and Budget (OMB) fulfilled the Act's requirement to
establish a standard application process (SAP), including a SAP program
management office (PMO), which serves to standardize project-related
governance processes and facilitate sharing of resources, information,
and tools between SAP working groups and the portal developers.
---------------------------------------------------------------------------
\1\ The current participating member agencies and units of the
U.S. Federal Statistical System are listed but non-participating
agencies, including those not in the United States Federal
Statistical System have the ability to apply to participate: Federal
Bureau of Economic Analysis (Department of Commerce); Bureau of
Justice Statistics (Department of Justice); Bureau of Labor
Statistics (Department of Labor); Bureau of Transportation
Statistics (Department of Transportation); Census Bureau (Department
of Commerce); Center for Behavioral Health Statistics and Quality
(Department of Health and Human Services); Economic Research Service
(Department of Agriculture); Energy Information Administration
(Department of Energy); Microeconomic Surveys Unit (Federal Reserve
Board); National Agricultural Statistics Service (Department of
Agriculture); National Animal Health Monitoring System (Department
of Agriculture); National Center for Education Statistics
(Department of Education); National Center for Health Statistics
(Department of Health and Human Services); National Center for
Science and Engineering Statistics (National Science Foundation);
Office of Research, Evaluation, and Statistics (Social Security
Administration); and Statistics of Income Division (Internal Revenue
Service). These agencies shall be responsible for publishing their
own SORNs if they choose to establish and maintain any additional or
separate agency system(s) of records to track or evaluate requests
(applications) received through the SAP by NSF.
---------------------------------------------------------------------------
The NSF National Center for Science and Engineering Statistics
(NCSES), as one of the Federal Statistical System agencies, has been
designated by OMB to carry out the PMO responsibilities for the SAP,
which includes the establishment of this Privacy Act system of records
to support the SAP. The SAP marks an important milestone for the
federal statistical system. For the first time, primary statistical
agencies and units have coordinated and agreed to use the same
application (i.e., common form) for access to their restricted-use data
assets.
Applications with the SAP must be for a statistical purpose and
will be reviewed by the agency or agencies with ownership of the data.
Applicants can use the SAP to apply for access to data from multiple
agencies for the same project and track the application as it moves
through the review process. The SAP collects information about
individuals, as needed to assess or determine whether their requests
for access to data can be granted, consistent with applicable privacy
and confidentiality restrictions under Federal law, which will vary
from agency to agency (for example, an agency may need to know
citizenship status in cases where data access is legally limited to
U.S. citizens). Participating agencies each have their own data
security training which covers the handling of Personally Identifiable
Information within their agencies. For
[[Page 56190]]
questions about specific programs, datasets, or data files, applicants
are asked to contact the data-owning agency or agencies. When an
application is approved, the authorizing agency will guide the user
through the process of gaining access. Users with questions about
existing applications or arrangements for use of restricted-use data
should contact the relevant agency directly.
This SORN describes below what records about individuals are to be
collected and maintained in the system (e.g., applications for access
to data assets, system account information, and other system records
documenting the review and grant or denial of such applications), and
how these records are to be used, shared, and secured. Application data
to be collected through the SAP is limited to information that is
relevant and reasonably necessary for a participating statistical
agency or unit to determine whether to grant or deny access to data
assets, consistent with applicable law, regulation, and policy
governing such access. The collection of these records through the SAP
online portal has already been approved by OMB under the Paperwork
Reduction Act (see OMB Control No. 3145-0271).
The system does not duplicate any other existing NSF or Government-
wide systems of records under the Privacy Act. In accordance with
subsection (r) the Privacy Act, at 5 U.S.C. 552a(r), and Office of
Management and Budget (OMB) Circular No. A-108, in addition to
publication in the Federal Register, NSF has also submitted notice of
the establishment of this system of records to OMB and to the
appropriate Congressional committees. All NSF SORNs, including this one
may be viewed at www.nsf.gov/privacy.
SYSTEM NAME AND NUMBER:
Standard Application Process (SAP), NSF-83.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
U.S. National Science Foundation, National Center for Science and
Engineering Statistics, 2415 Eisenhower Ave., Alexandria, VA 22314.
System records may be stored by NSF's SAP Portal contractor location(s)
and/or government-certified cloud storage.
SYSTEM MANAGER(S):
Division Director, NCSES, NSF.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Confidential Information Protection and Statistical Efficiency Act
(CIPSEA), Public Law 107-347, t. V, as amended by the Foundations for
Evidence-Based Policymaking Act of 2018, codified in relevant part at
44 U.S.C. 3583; NSF Act of 1950, as amended, 42 U.S.C. 1861 et seq.;
Off. of Mgt. & Budget (OMB) Memorandum M-23-04. In addition,
participating agencies may have legal authorities not specifically
listed. For a current list of participating agencies, please refer to
the standard application process web pages, located on the NCSES
website.
PURPOSE(S) OF THE SYSTEM:
The information contained within the SAP Portal is used by
participating agencies for the purposes listed below:
1. To evaluate and make determinations on applications requesting
access to confidential data assets held by participating agencies.
2. To collect information to conduct an initial evaluation of
applicant suitability for access to confidential data assets.
3. To contact applicants for additional information related to
their applications and suitability evaluations.
4. To fulfill the public reporting obligations set forth in 44
U.S.C. 3583(a)(6), as described further in Routine Use 15 below.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
This system contains information about individuals who have
requested access to confidential data assets held by federal agencies
participating in the SAP and federal agency personnel involved in the
application review process.
CATEGORIES OF RECORDS IN THE SYSTEM:
1. Application Data--Application information including, but not
limited to, personal information and demographics, such as name, email
address, phone number, institutional affiliations, citizenship status,
U.S. residency status, security clearance status, and information about
the purpose for which the applicant will use the data (project
proposals).
2. Application Review Data--Evaluations from agency and other
required reviewers, as listed in the SAP application; application
determination (approve or reject).
3. Appeals Review Data--Evaluations from agency reviewers and an
appeals determination.
RECORD SOURCE CATEGORIES:
Application information is obtained from the applicant. Records
relating to application and appeal determinations are obtained from the
reviewing agencies.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
The following NSF standard routine uses apply:
1. Members of Congress. Information from a system may be disclosed
to congressional offices in response to inquiries from the
congressional offices made at the request of the individual to whom the
record pertains.
2. Freedom of Information Act/Privacy Act Compliance. Information
from a system may be disclosed to the Department of Justice or the
Office of Management and Budget in order to obtain advice regarding
NSF's obligations under the Freedom of Information Act and the Privacy
Act.
3. Counsel. Information from a system may be disclosed to NSF's
legal representatives, including the Department of Justice and other
outside counsel, where the agency is a party in litigation or has an
interest in litigation and the information is relevant and necessary to
such litigation, including when any of the following is a party to the
litigation or has an interest in such litigation: (a) NSF, or any
component thereof; (b) any NSF employee in his or her official
capacity; (c) any NSF employee in his or her individual capacity, where
the Department of Justice has agreed to, or is considering a request
to, represent the employee; or (d) the United States, where NSF
determines that litigation is likely to affect the agency or any of its
components.
4. National Archives, General Services Administration. Information
from a system may be disclosed to representatives of the General
Services Administration and the National Archives and Records
Administration (NARA) during the course of records management
inspections conducted under the authority of 44 U.S.C. 2904 and 2906.
5. Response to an Actual or Suspected Compromise or Breach of
Personally Identifiable Information. NSF may disclose information from
the system to appropriate agencies, entities, and persons when: (1) NSF
suspects or has confirmed that there has been a breach of the system of
records; (2) NSF has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals; NSF (including
its information systems, programs, and operations); the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with NSF efforts to respond to the suspected or confirmed
breach or
[[Page 56191]]
to prevent, minimize, or remedy such harm. Furthermore, NSF may
disclose information from the system to another Federal agency or
Federal entity, when NSF determines that information from this system
of records is reasonably necessary to assist the recipient agency or
entity in: (1) Responding to a suspected or confirmed breach; or (2)
preventing, minimizing, or remedying the risk of harm to individuals,
the recipient agency or entity (including its information systems,
programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
6. Courts. Information from a system may be disclosed to the
Department of Justice or other agencies in the event of a pending court
or formal administrative proceeding, when the information is relevant
and necessary to that proceeding, for the purpose of representing the
government, or in the course of presenting evidence, or the information
may be produced to parties or counsel involved in the proceeding in the
course of pre-trial discovery.
7. Contractors. Information from a system may be disclosed to
contractors, agents, experts, consultants, or others performing work on
a contract, service, cooperative agreement, job, or other activity for
NSF and who have a need to access the information in the performance of
their duties or activities for NSF.
8. Audit. Information from a system may be disclosed to government
agencies and other entities authorized to perform audits, including
financial and other audits, of the agency and its activities.
9. Law Enforcement. Information from a system may be disclosed,
where the information indicates a violation or potential violation of
civil or criminal law, including any rule, regulation or order issued
pursuant thereto, to appropriate Federal, State, or local agencies
responsible for investigating, prosecuting, enforcing, or implementing
such statute, rule, regulation, or order.
10. Disclosure When Requesting Information. Information from a
system may be disclosed to Federal, State, or local agencies which
maintain civil, criminal, or other relevant enforcement information or
other pertinent information, such as current licenses, if necessary, to
obtain information relevant to an agency decision concerning the hiring
or retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant, or other
benefit.
11. To the news media and the public when: (1) A matter has become
public knowledge, (2) the NSF Office of the Director determines that
disclosure is necessary to preserve confidence in the integrity of NSF
or is necessary to demonstrate the accountability of NSF's officers,
employees, or individuals covered by this system, or (3) the Office of
the Director determines that there exists a legitimate public interest
in the disclosure of the information, except to the extent that the
Office of the Director determines in any of these situations that
disclosure of specific information in the context of a particular case
would constitute an unwarranted invasion of personal privacy.
In addition to the above standard routine uses, information may be
routinely disclosed to:
12. Application reviewers. Records may be disclosed to designated
reviewers from participating federal agencies for the evaluation of
applicants and project proposals as part of individual agency
application review processes. Records may also be disclosed to other
federal agencies or other entities needing information regarding
applicants and project proposals as part of joint application review
processes.
13. Confidential data program staff. Records may be disclosed to
staff from participating federal agencies responsible for managing
their confidential data program in order to administer the program and
fulfill data security requirements for providing data access to
approved applicants in accordance with their agency policies and
procedures.
14. Participating agency contractors. Records may be disclosed to
contractor staff both at NSF and other participating federal agencies
responsible for maintaining and operating the SAP Portal and/or
involved in conducting reviews.
15. Public reporting. Records may be disclosed to the extent
necessary and appropriate to fulfill the public reporting requirements
set forth at 44 U.S.C. 3583(a)(6), which include:
a. For each application, the statistical agencies or units
involved, the requested data assets, the project proposed duration
(where applicable), and the requested method of access, along with an
application number.
b. For each approved application, the title, abstract, approval
data, and proposed duration of the project, and the name of the
principal investigator and other persons requesting access.
c. For each application, whether it was approved or rejected, and
the rationale for the determination, except for portions, if any,
exempt from public disclosure under the Freedom of Information Act
(FOIA), 5 U.S.C. 552.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in electronic digital media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by the applicant's name or by an application
number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
This System of Records is governed by one or more general and/or
NSF-specific records retention schedules approved by NARA. These
schedules can be found at https://archives.gov. The SAP portal is
covered under General Records Schedule GRS 4.2. This records schedule
provides for disposal after two (2) years, with longer retention
authorized as business needs of the individual agencies require.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records are protected by administrative, technical, and physical
safeguards administered by the SAP Portal contractor with oversight and
management by NSF. The following auditing measures/controls and
technical safeguards are in place to prevent exposure or misuse of
information by authorized users (e.g., records browsing, extraction):
a. The user interface application logs all actions (e.g., login,
logout, session termination)
b. The ingest application logs all user actions, along with their
email address and user trace information.
c. These logs are read-only and are backed up to prevent tampering.
RECORD ACCESS PROCEDURES:
For access to any system records not routinely available to subject
individuals through the SAP portal, such individuals must follow the
procedures found at 45 CFR part 613.
CONTESTING RECORD PROCEDURES:
Follow the procedures found at 45 CFR part 613.
NOTIFICATION PROCEDURES:
See 45 CFR part 613.
EXEMPTIONS PROMULGATED FOR THIS SYSTEM:
None.
HISTORY:
None.
[[Page 56192]]
Dated: December 3, 2025.
Thomas A. Boger,
Acting Senior Agency Official for Privacy, National Science Foundation.
[FR Doc. 2025-22123 Filed 12-4-25; 8:45 am]
BILLING CODE 7555-01-P