Federal Register, Volume 91 Issue 66 (Tuesday, April 7, 2026)

[Federal Register Volume 91, Number 66 (Tuesday, April 7, 2026)]
[Notices]
[Pages 17663-17664]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2026-06693]



[[Page 17663]]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF JUSTICE

[OMB Number 1121-0377]


Agency Information Collection Activities; Proposed eCollection 
eComments Requested Extension of a Currently Approved Collection; 
Title--Data Security Requirements for Accessing Confidential Data

AGENCY: Bureau of Justice Statistics, Department of Justice.

ACTION:  30-Day notice.

-----------------------------------------------------------------------

SUMMARY: The Bureau of Justice Statistics (BJS), Department of Justice 
(DOJ) will be submitting the following information collection request 
to the Office of Management and Budget (OMB) for review and approval in 
accordance with the Paperwork Reduction Act of 1995.

DATES: Comments are encouraged and will be accepted for 30 days until 
May 7, 2026.

FOR FURTHER INFORMATION CONTACT: If you have comments especially on the 
estimated public burden or associated response time, suggestions, or 
need a copy of the proposed information collection instrument with 
instructions or additional information, please contact Devon Adams, 
Bureau of Justice Statistics, 999 North Capitol Street NE, Washington, 
DC 20531 (email: [email protected] or 
[email protected]; telephone: (202) 307-0765). Please 
include ``STANDARD APPLICATION PROCESS'' in the subject line.

SUPPLEMENTARY INFORMATION: The proposed information collection was 
previously published in the Federal Register on February 6, 2026, 91 FR 
5513, allowing a 60-day comment period. Written comments and 
suggestions from the public and affected agencies concerning the 
proposed collection of information are encouraged. Your comments should 
address one or more of the following four points:

--Evaluate whether the proposed collection of information is necessary 
for the proper performance of the functions of the Bureau of Justice 
Statistics, including whether the information will have practical 
utility;
--Evaluate the accuracy of the agency's estimate of the burden of the 
proposed collection of information;
--Evaluate whether and if so how the quality, utility, and clarity of 
the information to be collected can be enhanced; and
--Minimize the burden of the collection of information on those who are 
to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submission of responses.

    Written comments and recommendations for this information 
collection should be submitted within 30 days of the publication of 
this notice on the following website www.reginfo.gov/public/do/PRAMain. 
Find this particular information collection by selecting ``Currently 
under 30-day Review--Open for Public Comments'' or by using the search 
function and entering either the title of the information collection or 
the OMB Control Number [1121-0377]. This information collection request 
may be viewed at www.reginfo.gov. Follow the instructions to view 
Department of Justice, information collections currently under review 
by OMB.
    DOJ seeks PRA authorization for this information collection for 
three (3) years. OMB authorization for an ICR cannot be for more than 
three (3) years without renewal. The DOJ notes that information 
collection requirements submitted to the OMB for existing ICRs receive 
a month-to-month extension while they undergo review.

Overview of This Information Collection

    1. Type of Information Collection: Extension of a currently 
approved collection.
    2. The Title of the Form/Collection: Data Security Requirements for 
Accessing Confidential Data.
    3. The agency form number, if any, and the applicable component of 
the Department of Justice sponsoring the collection: There is no form 
number associated with this information collection. The applicable 
component within the Department of Justice is the Bureau of Justice 
Statistics (BJS), in the Office of Justice Programs.
    4. Affected public who will be asked or required to respond, as 
well as a brief abstract: The Foundations for Evidence-Based 
Policymaking Act of 2018 mandates that the OMB establish a Standard 
Application Process (SAP) for requesting access to certain confidential 
data assets for statistical purposes, including evidence-building The 
SAP is to be a process through which agencies, the Congressional Budget 
Office, State, local, and Tribal governments, researchers, and other 
individuals, as appropriate, may apply to access confidential data 
assets held by a federal statistical agency or unit for the purposes of 
developing evidence. With the Interagency Council on Statistical Policy 
(ICSP) as advisors, the entities upon whom this requirement is levied 
are working with the SAP Project Management Office (PMO) and with OMB 
to implement the SAP. The SAP Portal is a single web-based common 
application for requesting access to confidential data assets from 
federal statistical agencies and units. On behalf of BJS and the other 
federal statistical agencies and units, the National Center for Science 
and Engineering Statistics (NCSES) submitted the OMB the 
recertification request to the currently approved Standard Application 
Portal (3145-0271. OMB approved the action for an additional three 
years expiring on December 31, 2028. The data security requirements 
apply to this form (https://www.reginfo.gov/public/do/PRAViewRCF?ref_nbr=202512-0535-001CF).
    Once an application for confidential data is approved through the 
SAP Portal, BJS will collect information to meet its data security 
requirements when providing access to restricted use (confidential) 
microdata for the purpose of evidence building. This collection will 
occur outside of the SAP Portal. BJS's data security agreements and 
other paperwork along with the corresponding security protocols allow 
the agency to maintain careful controls on confidentiality and privacy, 
as required by law. If an application requesting access to an BJS-owned 
confidential data asset is approved, BJS will contact the applicant(s) 
to initiate the process of collecting the following information to 
fulfill its data security requirements:
     Restricted data use agreement--This document is an 
agreement between BJS's official archive (currently the National 
Archive of Criminal Justice Data [NACJD]), on behalf of BJS, and the 
user(s) who is approved to access BJS's confidential data assets 
exclusively for statistical purposes, including evidence-building, in 
accordance with the terms and conditions stated in the agreement and 
all applicable federal laws and regulations. An applicant must submit 
the appropriate data security plan information to describe how they 
will protect the data from misuse and unauthorized access. The 
agreement describes the penalties associated with the misuse or 
unauthorized access of the data. The agreement requires signature from 
the applicant(s) and any other representative who has the authority to 
enter into a legal agreement with NACJD, as applicable.
     Privacy Certificate--Office of Justice Programs 
regulations at 28 CFR part 22 require that a Privacy Certificate

[[Page 17664]]

be submitted as part of any application for a project in which 
information identifiable to a private person will be collected, 
analyzed, or otherwise used for research or statistical purposes. The 
Privacy Certificate describes the specific technical, administrative, 
and physical controls and procedures that will be used to protect data 
confidentiality and safeguard the data from misuse or unauthorized 
access. The Privacy Certificate is an applicant's certification to 
comply with BJS's confidentiality requirements. All individuals who 
will have access to the confidential BJS data are required to sign a 
Privacy Certificate to affirm their understanding of and agreement to 
comply with BJS's confidentiality requirements.
     Data security plan--This document describes the data 
access modality requested (physical enclave, virtual enclave, or secure 
download) and the specific data security measures and technical, 
physical, and administrative controls that will be followed to protect 
data from unauthorized disclosure and misuse.
     Confidentiality pledge--This document describes the 
applicant's responsibilities related to accessing restricted data and 
confidentiality protections the applicant(s) must uphold, including 
adhering to applicable federal laws and regulations. The assurance 
requires signature from the applicant(s) and certifies their 
understanding of and agreement to fulfill the terms in the data use 
agreement and data security plan.
     Institutional Review Board (IRB) documentation--Users of 
BJS restricted data must comply with Department of Justice regulations 
at 28 CFR part 46 (Protection of Human Subjects), including ensuring 
that adequate protections are in place to protect the confidentiality 
of information identifiable to a private person. Applicants must submit 
the appropriate documentation to demonstrate that an IRB has approved 
or exempted the proposed project using BJS restricted data in 
accordance with the requirements in 28 CFR part 46.
     Certification of training--Users of BJS restricted data 
will be required to complete relevant data security, confidentiality, 
and privacy training, as appropriate, and provide written certification 
of completion.
    5. An estimate of the total number of respondents and the amount of 
time estimated for an average respondent to respond: The amount of time 
to complete the agreements and other paperwork that comprise BJS's 
security requirements will vary based on the confidential data assets 
requested. To obtain access to BJS confidential data assets, it is 
estimated that the average time to complete and submit BJS's data 
security agreements, IRB application, and other paperwork is 3 hours 
(180 minutes). This estimate does not include the time needed to 
complete and submit an application within the SAP Portal or time 
waiting to receive from an IRB determination after submitting an 
application. All efforts related to SAP Portal applications occur prior 
to and separate from BJS's effort to collect information related to 
data security requirements.
    6. An estimate of the total public burden (in hours) associated 
with the collection: The expected number of applications in the SAP 
Portal that receive a positive determination from BJS in a given year 
may vary. Overall, per year, BJS estimates it will collect data 
security information for 55 application submissions that received a 
positive determination within the SAP Portal. BJS estimates that the 
total burden for the collection of information for data security 
requirements over the course of the three-year OMB clearance will be 
about 495 hours and, as a result, an average annual burden of 165 
hours.
    If additional information is required, contact: Darwin Arceo, 
Department Clearance Officer, United States Department of Justice, 
Justice Management Division, Policy and Planning Staff, Two 
Constitution Square, 145 N Street NE, 4W-218, Washington, DC 20530.

Darwin Arceo,
Department Clearance Officer, Enterprise Portfolio Management, Justice 
Management Division, U.S. Department of Justice.
[FR Doc. 2026-06693 Filed 4-6-26; 8:45 am]
BILLING CODE 4410-18-P