AGENCY:

Administration for Children and Families, Department of Health and Human Services.

ACTION:

Notice of modified systems of records.

SUMMARY:

In accordance with the requirements of the Privacy Act of 1974, Start Printed Page 3551 as amended, the Department of Health and Human Services (HHS) is modifying three systems of records maintained by the Administration for Children and Families (ACF), Office of Child Support Enforcement (OCSE): System Number 09-80-0381, “OCSE National Directory of New Hires, HHS/ACF/OCSE”; System No. 09-80-0383, “OCSE Debtor File, HHS/ACF/OCSE”; and System No. 09-80-0387, “Federal Parent Locator Service Child Support Services Portal, HHS/ACF/OCSE” (now renamed “Child Support Portal Registration Records, HHS/ACF/OCSE”).

DATES:

This Notice is applicable January 24, 2022, subject to a 30-day period in which to comment on the new and revised routine uses, described below. Please submit any comments by February 23, 2022.

ADDRESSES:

The public should address written comments by mail or email to: Anita Alford, Senior Official for Privacy, Administration for Children and Families, 330 C St. SW, Washington, DC 20201, or anita.alford@acf.hhs.gov.

FOR FURTHER INFORMATION CONTACT:

General questions about these systems of records should be submitted by mail or email to Venkata Kondapolu, Acting Director, Division of Federal Systems, Office of Child Support Enforcement, at 330 C St. SW, 5th Floor, Washington, DC 20201, Venkata.Kondapolu@acf.hhs.gov or 202-260-4712.

SUPPLEMENTARY INFORMATION:

I. Explanation of Changes to 09-80-0381, OCSE National Directory of New Hires

This system of records covers records about newly hired employees, including employer, wage, unemployment compensation, and income withholding information for child support enforcement. The System of Records Notice (SORN) has been modified as follows:

• Address information in the System Location and System Manager sections has been updated.
• The Authority section has been updated to include 42 U.S.C. 652(n), 653(a)(2), 653(c)(5), and 659a(c)(2).
• The Purpose section has been revised to include these additional purpose specifications:

○ Assisting tribal child support programs.

○ Supporting establishment and enforcement of child and medical support orders.

○ Supporting collection of non-tax debts owed to the federal government and administration of the tax code.

• The Categories of Individuals section now includes the following:

○ Independent contractors as part of category 3.

○ Tribal IV-D child support enforcement agencies as part of category 5.

• The Categories of Records section now includes references to the following:

○ Independent contractors as part of record category 3.

○ Tribal IV-D child support enforcement agencies as part of record category 6.

○ Medical support records as part of record category 6, including an explanation that such records contain health care coverage provider information, third party provider information, professional employer organization information, and pension plan provider information.

• The Record Source Categories section now includes the following:

○ Health Plan Administrators, both employers and the health plan administrators may be sources of health care coverage information submitted in response to a National Medical Support Notice.

• The Routine Uses section has been updated as follows:

○ The opening paragraph has been revised to remove an unnecessary statement that each disclosure must be compatible with the purpose for which the records were collected (the statement is redundant because this is how a routine use is defined in 5 U.S.C. 552a(a)(7)), and to add a statement that “ACF will prohibit redisclosures, or may permit only certain redisclosures, as required or authorized by law.”

○ Routine use 1 has been revised to clarify that the persons authorized to be disclosure recipients under 42 U.S.C. 653(c) include agents and attorneys of “Indian Tribes or Tribal organizations” (in case not understood to be included in the description “agents and attorneys of states”); to include, in the description of agents and attorneys, a reference to “plan[s] approved under title IV-D of the Social Security Act;” to remove, from descriptions of court orders, references to “custody” and “visitation” ( i.e., to refer only to “support” and “maintenance”); and to add a fifth category of disclosure recipient, i.e., an entity designated as a Central Authority for child support enforcement in a foreign reciprocating country or a foreign treaty country, as authorized by amendments made to 42 U.S.C. 653(c) by the Preventing Sex Trafficking and Strengthening Families Act of 2014, Public Law 113-183, September 29, 2014.

○ Routine use 4 has been revised to include foreign treaty countries as disclosure recipients, pursuant to 42 U.S.C. 652(n) and 653(c)(5).

○ Routine use 7 has been revised to include Tribal IV-D child support enforcement agencies as disclosure recipients.

○ Routine use 9 has been revised to permit disclosures to the Commissioner of Social Security for an additional purpose, i.e., administering the Ticket to Work program.

○ The heading for routine use 15 has been revised to read “Disclosure to State Agency for Supplemental Nutrition Assistance Program Purposes” to mirror changes to the heading of subsection 42 U.S.C. 653(j)(10) made by the Agricultural Act of 2014, Public Law 113-79, February 7, 2014.

○ Routine use 16 has been revised to cite 42 U.S.C. 653 (instead of only 42 U.S.C. 653(j)) and to no longer include an unnecessarily detailed description of the benefits, compensation, or services that are the subject of the disclosures made to the Secretary of Veterans Affairs under 42 U.S.C. 653.

○ Routine uses 17 and 18 have been revised to omit redundant wording, i.e., the disclosure must be compatible with the purpose for which the records were collected (the wording is redundant because this is how a routine use is defined in 5 U.S.C. 552a(a)(7)); and the wording of routine use 18 (authorizing disclosures in litigation or other proceedings) has been simplified.

○ Routine use 19 has been revised to require that the constituent request, which is the subject of the disclosure, must be a “written” request.

○ The security breach-related routine use that was previously numbered as routine use 21 and was revised February 14, 2018, (see 83 FR 6591) is now numbered as routine use 21(a); a second security breach-related routine use that was added in the notice on February 14, 2018, is now numbered as routine use 21(b).

○ A note has been added at the end of the Routine Uses section, explaining that most of the disclosures the Privacy Act at 5 U.S.C. 552a(b) permits to be made without publishing a routine use are not, in fact, permissible for NDNH data, due to access restrictions stated in the NDNH statute at 42 U.S.C. 653(l), but ACF may lawfully disclose NDNH data to the Comptroller General without the data subject's consent, as permitted by 5 U.S.C. 552a(b)(10), and will make such disclosures when requested by the Comptroller General, because such disclosures are required by 31 U.S.C. 721 notwithstanding the access restrictions imposed by the NDNH statute. Start Printed Page 3552

• A section that followed the Routine Uses section that stated disclosures are not made to consumer reporting agencies has been removed as unnecessary to include.
• The Policies and Practices for Retention and Disposal of Records section has been updated to identify the applicable National Archives and Records Administration (NARA)-approved disposition schedule, N1-292-10-2.
• The Administrative, Technical, and Physical Safeguards section has been updated to include information about the use of cloud service providers and to state that authorized persons' access to the records is role-based.
• The procedures for making access, amendment, and notification requests now explain how to provide verification of identity (instead of stating that identity must be verified in accordance with HHS' Privacy Act regulations) and list date of birth and social security number (SSN) as examples of identifying particulars to include for the purpose of distinguishing between records on individuals with the same name (instead of indicating that SSN should be included in every request).

II. Explanation of Changes to 09-80-0383, OCSE Debtor File

This system of records covers records about individuals owing past due child support and individuals claiming or receiving insurance claims, settlements, awards, and payments or other periodic or lump-sum state or federal benefits. The following modifications have been made:

• Address information in the System Location and System Manager sections has been updated.
• In the Purpose section, one statutory reference has been updated to reflect that 42 U.S.C. 652(l) was redesignated as 42 U.S.C. 652(m).
• The Categories of Individuals section has been clarified to specifically mention “federal tax refunds and federal administrative payments” as examples of income or benefits, in the description of “additional individuals receiving income or benefits.”
• The Categories of Records section has been revised to add date of birth, place of birth, and mailing address as data elements within record category 1.
• The Routine Uses section has been updated as follows:

○ The opening paragraph and routine uses 11 and 12 have been revised to remove an unnecessary statement, “the disclosures must be compatible with the purpose for which the records were collected.” This statement is redundant, because this is how a routine use is defined in 5 U.S.C. 552a(a)(7)); and the wording of routine use 12 (authorizing disclosures in litigation or other proceedings) has been simplified.

○ Routine uses 4 and 8 have been revised to update a statutory citation (due to a redesignation, 42 U.S.C. 652(l), which is now 42 U.S.C. 652(m)).

○ Routine use 14 has been revised to require that the constituent request, which is the subject of the disclosure, must be a “written” request.

○ The security breach-related routine use that was previously numbered as routine use 15 and was revised on February 14, 2018 (see 83 FR 6591) is now numbered as routine use 15(a); and a second security breach-related routine use that was added in the same notice on February 14, 2018, is now numbered as routine use 15(b).

• A section that followed the Routine Uses section, which stated that disclosures are not made to consumer reporting agencies, has been removed as unnecessary to include.
• The Policies and Practices for Retention and Disposal of Records section has been updated to state that “[u]pon approval of a disposition schedule by the National Archives and Records Administration (NARA)” the records will be deleted when OCSE determines that the records are no longer needed.
• The Administrative, Technical, and Physical Safeguards section has been updated to include information about the use of cloud service providers and to state that authorized persons' access to the records is role-based.
• The procedures for making access, amendment, and notification requests now explain how to provide verification of identity (instead of stating that identity must be verified in accordance with HHS' Privacy Act regulations) and list date of birth and SSN as examples of identifying particulars to include for the purpose of distinguishing between records on individuals with the same name (instead of indicating that SSN should be included in every request).

III. Explanation of Changes to 09-80-0387, Child Support Portal Registration Records

This system of records covers records OCSE uses to maintain and verify information about individuals who are legally authorized, and have been given access privileges by OCSE, to use the Child Support Portal. The Child Support Portal enables these authorized users to submit and exchange information and to access select, highly confidential child support enforcement case information maintained in other OCSE Systems of Records for authorized purposes. The following modifications have been made:

• The system of records name has been changed from “Federal Parent Locator Service Child Support Services Portal” to “Child Support Portal Registration Records,” and revisions have been made throughout the SORN to clarify that the scope of the system of records is limited to registration records about individuals who register for access to use the Child Support Portal's services. (There are no records in the portal; the portal is used to submit records to and access records in other OCSE systems of records.)
• Address information in the System Location and System Manager sections has been updated.
• The Purpose section has been revised to clarify that “OCSE personnel and contractors” use the registration records to validate registrants' and their affiliated organizations' eligibility for access, to authenticate their identity, and to state these additional purpose specifications (purposes for individuals registering to access the Child Support Portal):

○ OCSE personnel register to use the Child Support Portal to submit, request, and receive child support program reporting information that does not include personally identifiable information (PII), such as state plan and program self-assessment reports.

○ OCSE contractors register to use the Child Support Portal to perform system administrative support functions.

○ Employers' representatives register to use the Child Support Portal to submit employer identifying and contact information, and employee status changes; provide lump sum payment information and a list of states in which the employer operates; and to designate a single reporting state for the National Directory of New Hires.

○ Financial institutions' and insurers' representatives register to use the Child Support Portal to provide information about financial assets and potential insurance payouts for child support obligors.

○ States' and tribes' representatives register to use the Child Support Portal to submit and access child support case information regarding child support obligor location, income, assets, and other inter-jurisdictional case information; state and tribal child support agencies use the Child Support Portal to submit federally required reports.

• The Categories of Individuals section that describes categories of registrants, has been revised to:

○ Add employees of tribal agencies, and change “employees” of employers, Start Printed Page 3553 insurance companies, and financial institutions to “representatives and contractors” of those entities.

○ Include a summary of the purposes for which individuals register to access the Child Support Portal, as “for the purpose(s) of submitting or accessing information to process child support cases” (instead of repeating particular purposes, such as those now stated in the Purpose(s) section).

• The Categories of Records section has been revised to:

○ List additional data elements collected at the time of portal access registration, including user name or ID number, business function, workload identifier, employer, county of employment, telephone number, telephone service provider, tribal affiliation, email address, name of employer, selected security questions and responses, and individual passwords for access to the Child Support Portal.

• The Routine Uses section has been updated as follows:

○ A statement about tax information has been removed as not applicable to the user registration records covered in this system of records.

○ The opening paragraph and routine use 1 have been revised to remove an unnecessary statement that disclosures must be compatible with the purpose for which the records were collected (the statement is redundant, because this is how a routine use is defined in 5 U.S.C. 552a(a)(7)); and the wording of routine use 1 (authorizing disclosures in litigation or other proceedings) has been simplified.

○ Routine use 2 has been revised to require that the constituent request, which is the subject of the disclosure, must be a “written” request.

○ The security breach-related routine use that was previously numbered as routine use 4 and was revised February 14, 2018 (see 83 FR 6591) is now numbered as routine use 4(a); a second security breach-related routine use that was added in that same notice on February 14, 2018, is now numbered as routine use 4(b).

○ A statement that disclosures are not made to consumer reporting agencies, which was previously numbered as routine use 5, has been removed.

• The Policies and Practices for Retention and Disposal of Records section has been updated to state that “[u]pon approval of a disposition schedule by the National Archives and Records Administration (NARA)” the records will be deleted when OCSE determines that the records are no longer needed.
• The Administrative, Technical, and Physical Safeguards section has been updated to:

○ Include information about the use of cloud service providers.

○ Clarify that the records consist of user registration records.

○ Describe the personnel authorized to access the records and state that their access is role-based.

○ Add information about how the facility where records are stored is physically protected.

• The procedures for making access, amendment, and notification requests now explain how to provide verification of identity (instead of stating that identity must be verified in accordance with HHS' Privacy Act regulations) and list date of birth and SSN as examples of identifying particulars to include for the purpose of distinguishing between records on individuals with the same name (instead of indicating that SSN should be included in every request).

SYSTEM NAME AND NUMBER:

OCSE National Directory of New Hires, HHS/ACF/OCSE, 09-80-0381.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Office of Child Support Enforcement, Administration for Children and Families, 330 C St. SW, 5th Floor, Washington, DC 20201.

SYSTEM MANAGER(S):

Acting Director, Division of Federal Systems, Office of Child Support Enforcement, Administration for Children and Families, Department of Health and Human Services, 330 C St. SW, 5th Floor, Washington, DC 20201, or Venkata.Kondapolu@acf.hhs.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

42 U.S.C. 652(a)(9), 652(n), 653(a)(1) and (2), 653(c)(5), 653(i), and 659a(c)(2).

PURPOSE(S) OF THE SYSTEM:

The Office of Child Support Enforcement (OCSE) uses the NDNH primarily to assist states and Indian tribes or tribal organizations to locate parents; establish paternity and child support orders, including the establishment of medical support; and enforce child support and medical support orders. The NDNH is also used to support the following programs as specified in sections 453 and 463 of the Social Security Act (42 U.S.C. 653, 663): Temporary Assistance for Needy Families (TANF), child and family services, foster care and adoption assistance; to establish or verify eligibility of applicants for, or beneficiaries of, federal and state benefit programs; to recoup payments or delinquent debts under benefit programs and non-tax debts owed to the federal government; for administration of the tax code; and for certain research purposes likely to contribute to achieving the purposes of the TANF program or the federal/state/tribal child support program.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

(1) Individuals who are newly hired “employees” within the meaning of chapter 24 of the Internal Revenue Code of 1986, 26 U.S.C. 3401, whose employers have furnished specified information to a State Directory of New Hires which, in turn, has furnished such information to the NDNH pursuant to 42 U.S.C. 653a(g)(2)(A).

(2) Individuals who are federal government employees whose employers have furnished specified information to the NDNH pursuant to 42 U.S.C. 653(n) and 653a(b)(1)(c). This category does not include individuals who are employees of a department, agency, or instrumentality performing intelligence or counterintelligence functions, if the head of such department, agency, or instrumentality has determined that filing such a report could endanger the safety of the employee or compromise an ongoing investigation or intelligence mission.

(3) Individuals to whom unemployment compensation or wages have been paid, and about whom the State Directory of New Hires has furnished such information to the NDNH pursuant to 42 U.S.C. 653(e)(3) and 653a(g)(2)(B). Such individuals may include independent contractors, in accordance with state law.

(4) Individuals whose information is contained within input records furnished by an authorized state or federal agency for matching to obtain employment, wage, or unemployment compensation information pertaining to those individuals for purposes of establishing or verifying eligibility of applicants for, or beneficiaries of, federal or state benefit programs, such as those funded under 42 U.S.C. 601 through 619 (Title IV-A of the Social Security Act, TANF). Other individuals whose information is contained within input records furnished for authorized matching are listed in the routine uses section of this system of records notice. Start Printed Page 3554

(5) Individuals involved in child support cases whose information is collected and disseminated to and from employers (and other payers of income) and state or Tribal IV-D child support enforcement agencies, courts, and other authorized entities for enforcement of child support orders by withholding of income.

CATEGORIES OF RECORDS IN THE SYSTEM:

(1) Records pertaining to newly hired employees furnished by a State Directory of New Hires pursuant to 42 U.S.C. 653a(g)(2)(A). Records in the system are the name, address, SSN or Taxpayer Identification Number (TIN), and date of hire of the employee; the name, address, and federal identification number of the employer of such employee; and, at the option of the state, the date of birth or state of hire of the employee.

(2) Records pertaining to newly hired employees furnished by a federal department, agency, or instrumentality pursuant to 42 U.S.C. 653a(b)(1)(C), including the name, address, SSN (or TIN), and date of hire of the employee; and the name, address, and employer identification number of the employer. A Department of Defense status code, if available, is also included in the records.

(3) Records furnished by a State Directory of New Hires pertaining to wages and unemployment compensation paid to individuals pursuant to 42 U.S.C. 653a(g)(2)(B). Such records may also pertain to independent contractors, in accordance with state law.

(4) Records furnished by a federal department, agency, or instrumentality pertaining to wages paid to individuals pursuant to 42 U.S.C. 653(n), and wage and unemployment compensation records obtained pursuant to an agreement with the Department of Labor pursuant to 42 U.S.C. 653(e)(3).

(5) Input records furnished by a state or federal agency or other entity for authorized matching with the NDNH.

(6) Records collected from employers and other income sources pertaining to income withholding and medical support, including additional information, such as the following: termination date, final payment date and amount, contact information, children's names, health care coverage provider information (such as provider and contact name, federal employer identification number (FEIN), address, phone and fax numbers), third party provider information (such as payroll services providers), professional employer organization information (such as employer outsourced employee management), pension plan provider information, lump sum income information, order information, past due support information, amounts to withhold, and instructions for withholding.

RECORD SOURCE CATEGORIES:

Information is obtained from departments, agencies, or instrumentalities of the United States or any state; from entities authorized to match to receive NDNH information; and from health plan administrators, employers, and other income sources.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

These routine uses specify circumstances under which ACF may disclose information from this system of records without the consent of the data subject. Each proposed disclosure of information under these routine uses will be evaluated to ensure that the disclosure is legally permissible. When ACF makes a disclosure under a routine use, ACF will prohibit redisclosures, or may permit only certain redisclosures, as required or authorized by law. Any information defined as “return” or “return information” under 26 U.S.C. 6103 (Internal Revenue Code) will not be disclosed unless authorized by a statute, the Internal Revenue Service (IRS), or IRS regulations.

(1) Disclosure for Child Support Purposes.

Pursuant to 42 U.S.C. 653(a)(2), 653(b)(1)(A), and 653(c), information about the location of an individual or information that would facilitate the discovery of the location of an individual or identifying information about the individual may be disclosed, upon request filed in accordance with law, to an “authorized person” for the purpose of establishing parentage or establishing, setting the amount of, modifying, or enforcing child support obligations. Other information that may be disclosed is information about an individual's wages (or other income) from, and benefits of, employment or other income and benefit sources, and information on the type, status, location, and amount of any assets of, or debts owed by or to, the individual. An “authorized person” is defined under 42 U.S.C. 653(c) as follows: (1) Any agent or attorney of any state or Indian Tribe or Tribal organization (as defined in 25 U.S.C. 5304(e) and (l)), having in effect a plan approved under title IV-D of the Social Security Act who has the duty or authority under such plans to seek, or to recover any amounts owed as child and spousal support (including, when authorized under the state plan, any official of a political subdivision); (2) the court that has authority to issue an order, or to serve as the initiating court in an action to seek an order against a noncustodial parent for the support and maintenance of a child, or any agent of such court; (3) the resident parent, legal guardian, attorney, or agent of a child (other than a child receiving assistance under a state program funded under part A of title IV of the Social Security Act [42 U.S.C. 601 et seq. ]) (as determined by regulations prescribed by the Secretary) without regard to the existence of a court order against a noncustodial parent who has a duty to support and maintain any such child; (4) a state agency that is administering a program operated under a state plan under subpart 1 of part B of title IV of the Social Security Act (42 U.S.C. 620 et seq. ), or a state plan approved under subpart 2 of part B of title IV of the Social Security Act (42 U.S.C. 629 et seq. ) or under part E of title IV of the Social Security Act (42 U.S.C. 670 et seq. ); and (5) an entity designated as a Central Authority for child support enforcement in a foreign reciprocating country or a foreign treaty country for purposes specified in section 459A(c)(2) of the Social Security Act (42 U.S.C. 659a(c)(2)).

(2) Disclosure for Purposes Related to the Unlawful Taking or Restraint of a Child or Child Custody or Visitation.

Pursuant to 42 U.S.C. 653(b)(1), upon request of an “authorized person,” as defined in 42 U.S.C. 663(d)(2), information as to the most recent address and place of employment of a parent or child may be disclosed for the purpose of enforcing any state or federal law with respect to the unlawful taking or restraint of a child, or making or enforcing a child custody or visitation determination.

(3) Disclosure to Department of State under International Child Abduction Remedies Act.

Pursuant to 42 U.S.C. 653(b)(1) and 663(e), the most recent address and place of employment of a parent or child may be disclosed upon request to the Department of State, in its capacity as the Central Authority designated in accordance with section 7 of the International Child Abduction Remedies Act, 42 U.S.C. 11601 et seq., for the purpose of locating the parent or child on behalf of an applicant.

(4) Disclosure to a Foreign Reciprocating Country and Foreign Treaty Country for Child Support Purposes.

Pursuant to 42 U.S.C. 652(n), 653(a)(2), 653(c)(5), and 659a(c)(2), information on the state of residence of Start Printed Page 3555 an individual sought for support enforcement purposes in cases involving residents of the United States and residents of foreign treaty countries or foreign countries that are the subject of a declaration under 52 U.S.C. 659a may be disclosed to the foreign country.

(5) Disclosure to the Treasury for Tax Administration Purposes.

Pursuant to 42 U.S.C. 653(i)(3), information may be disclosed to the Secretary of the Treasury for purposes of administering 26 U.S.C. 32 (earned income tax credit), administering 26 U.S.C. 3507 (advance payment of earned income tax credit), and verifying a claim with respect to employment in a tax return.

(6) Disclosure to the Social Security Administration for Verification.

Pursuant to 42 U.S.C. 653(j)(1), the names, SSNs, and birth dates of individuals about whom information is maintained may be disclosed to the Social Security Administration to the extent necessary for verification of the information by the Social Security Administration.

(7) Disclosure for Locating an Individual for Paternity Establishment or in Connection with a Support Order.

Pursuant to 42 U.S.C. 653(j)(2), the results of a comparison between records in this system and the Federal Case Registry of Child Support Orders may be disclosed to the state or Tribal IV-D child support enforcement agency responsible for the case for the purpose of locating an individual in a paternity establishment case or a case involving the establishment, modification, or enforcement of a support order.

(8) Disclosure to State Agencies Operating Specified Programs.

Pursuant to 42 U.S.C. 653(j)(3), information may be disclosed to a state to the extent and with the frequency that the Secretary determines to be effective in assisting the state to carry out its responsibilities under child support programs operated under 42 U.S.C. 651 through 669b (Title IV-D of the Social Security Act, Child Support and Establishment of Paternity), child and family services programs operated under 42 U.S.C. 621 through 629m (Title IV-B of the Social Security Act), Foster Care and Adoption Assistance programs operated under 42 U.S.C. 670 through 679c (Title IV-E of the Social Security Act), and assistance programs funded under 42 U.S.C. 601 through 619 (Title IV-A of the Social Security Act, Temporary Assistance for Needy Families).

(9) Disclosure to the Commissioner of Social Security.

Pursuant to 42 U.S.C. 653(j)(4), information may be disclosed to the Commissioner of Social Security for the purpose of verifying eligibility for Social Security Administration programs and administering such programs. Additionally, information may be disclosed to the Commissioner for the purpose of administering the Ticket to Work program.

(10) Disclosure for Authorized Research Purposes.

Pursuant to 42 U.S.C. 653(j)(5), data in the NDNH, including information reported by employers pursuant to 42 U.S.C. 653a(b), may be disclosed, without personal identifiers, for research purposes found by the Secretary to be likely to contribute to achieving the purposes of 42 U.S.C. 651 through 669b (Title IV-D of the Social Security Act, Child Support and Establishment of Paternity) and 42 U.S.C. 601 through 619 (Title IV-A of the Social Security Act, Temporary Assistance for Needy Families).

(11) Disclosure to Secretary of Education for Collection of Defaulted Student Loans.

Pursuant to 42 U.S.C. 653(j)(6), the results of a comparison of information in this system with information in the custody of the Secretary of Education may be disclosed to the Secretary of Education for the purpose of collection of debts owed on defaulted student loans, or refunds on overpayments of grants, made under title IV of the Higher Education Act of 1965 (20 U.S.C. 1070 et seq. and 42 U.S.C. 2751 et seq. ) and, after removal of personal identifiers, for the purpose of conducting analyses of student loan defaults.

(12) Disclosure to Secretary of Housing and Urban Development for Verification Purposes.

Pursuant to 42 U.S.C. 653(j)(7), information regarding an individual participating in a housing assistance program (United States Housing Act of 1937 (42 U.S.C. 1437 et seq. ); 12 U.S.C. 1701s, 1701q, 1715l(d)(3), 1715l(d)(5), 1715z-1; or 42 U.S.C. 8013) may be disclosed to the Secretary of Housing and Urban Development for the purpose of verifying the employment and income of the individual and, after removal of personal identifiers, for the purpose of conducting analyses of the employment and income reporting of such individuals.

(13) Disclosure to State Unemployment Compensation Agency for Program Purposes.

Pursuant to 42 U.S.C. 653(j)(8), information on an individual for whom a state agency administering an unemployment compensation program under federal or state law has furnished the name and Social Security number, and information on such individual's employer, may be disclosed to the state agency for the purposes of administering the unemployment compensation program.

(14) Disclosure to Secretary of the Treasury for Debt Collection Purposes.

Pursuant to 42 U.S.C. 653(j)(9), information pertaining to a person who owes the United States delinquent nontax debt and whose debt has been referred to the Secretary of the Treasury in accordance with 31 U.S.C. 3711(g) may be disclosed to the Secretary of the Treasury for purposes of collecting the debt.

(15) Disclosure to State Agency for Supplemental Nutrition Assistance Program Purposes.

Pursuant to 42 U.S.C. 653(j)(10), information on an individual and the individual's employer may be disclosed to a state agency responsible for administering a supplemental nutrition assistance program under the Food and Nutrition Act of 2008 (7 U.S.C. 2011 et seq. ) for the purposes of administering the program.

(16) Disclosure to the Secretary of Veterans Affairs for Verification Purposes.

Where authorized under 42 U.S.C. 653, information about an individual applying for or receiving certain benefits, compensation, or services may be disclosed to the Secretary of Veterans Affairs for the purpose of verifying the employment and income of the individual and, after removal of personal identifiers, to conduct analyses of the employment and income reporting of such individuals.

(17) Disclosure for Law Enforcement Purpose.

Information may be disclosed to the appropriate federal, state, local, tribal, or foreign agency responsible for identifying, investigating, and prosecuting noncustodial parents who knowingly fail to pay their support obligations and meet the criteria for federal prosecution under 18 U.S.C. 228. The information must be relevant to the violation of criminal nonsupport, as stated in the Deadbeat Parents Punishment Act, 18 U.S.C. 228.

(18) Disclosure to Department of Justice or in Proceedings.

Records may be disclosed to support the Department of Justice (DOJ) or a court or other adjudicative body in litigation or other proceedings when HHS or any of its components, or any employee of HHS in his or her official capacity, or any employee of HHS in his or her individual capacity where the DOJ or HHS has agreed to represent the employee, or the United States, is a party to the proceedings or has an interest in the proceedings and, by Start Printed Page 3556 careful review, HHS determines that the records are both relevant and necessary to the proceedings.

(19) Disclosure to Congressional Office.

Information may be disclosed to a congressional office from the record of an individual in response to a written inquiry from the congressional office made at the written request of the individual.

(20) Disclosure to Contractor to Perform Duties.

Records may be disclosed to a contractor performing or working on a contract for HHS who has a need to have access to the information in the performance of its duties or activities for HHS in accordance with law and with the contract.

(21) Disclosure in the Event of a Security Breach.

(a) Information may be disclosed to appropriate agencies, entities, and persons when (1) HHS suspects or has confirmed that there has been a breach of the system of records; (2) HHS has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, HHS (including its information systems, programs, and operations), the federal government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with HHS's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(b) Information may be disclosed to another federal agency or federal entity when HHS determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the federal government, or national security, resulting from a suspected or confirmed breach.

In addition to the above routine use disclosures published pursuant to the Privacy Act at 5 U.S.C. 552a(b)(3), the Privacy Act permits an agency to make other disclosures described at 5 U.S.C. 552a(b) without the data subject's consent and without publishing a routine use. Most of those other disclosures are not, in fact, permissible for NDNH data, due to access restrictions stated in the NDNH statute at 42 U.S.C. 653(l). ACF may lawfully disclose NDNH data to the Comptroller General without the data subject's consent, as permitted by 5 U.S.C. 552a(b)(10), and will do so upon request from the Comptroller General, because such disclosures are required by 31 U.S.C. 721 notwithstanding the access restrictions imposed by the NDNH statute.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records in the NDNH are stored electronically at the Social Security Administration's National Support Center and the OCSE Data Center. Historical logs and system backups are stored off-site at an alternate location.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records maintained in the NDNH are retrieved by the SSN (or TIN) of the individual to whom the record pertains. Records collected and disseminated from employers and other income sources are retrieved by state Federal Information Processing Standard (FIPS) codes and employer identification numbers, and records collected and disseminated from state IV-D child support enforcement agencies are retrieved by state FIPS codes.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records maintained in the NDNH are retained for 24 months after the date of entry and are then deleted from the database pursuant to 42 U.S.C. 653(i)(2)(A) and the NARA approved disposition schedule, N1-292-10-2. In accordance with 42 U.S.C. 653(i)(2)(B), OCSE shall not have access, for child support enforcement purposes, to quarterly wage and unemployment insurance information in the NDNH if 12 months have elapsed since the information was provided by a State Directory of New Hires pursuant to 42 U.S.C. 653A(g)(2)(B) and there has not been a match resulting from the use of such information in any information comparison. Notwithstanding these retention and disposal requirements, OCSE may retain such samples of data entered into the NDNH as OCSE may find necessary to assist in carrying out its responsibility to provide access to data in the NDNH for research purposes found by OCSE to be likely to contribute to achieving the purposes of Part A or Part D of title IV of the Social Security Act, but without personal identifiers, pursuant to 42 U.S.C. 653(i)(2)(C), (j)(5). Samples are retained only so long as necessary to complete such research. Input records for authorized matching to obtain NDNH information and records pertaining to income withholding collected and disseminated by OCSE are retained for 60 days. Audit logs, including information such as employer identification numbers, FIPS code numbers, document tracking numbers, case identification numbers and order identifier, are retained up to 5 years.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

The system leverages cloud service providers that maintain an authority to operate in accordance with applicable laws, rules, and policies, including Federal Risk and Authorization Management Program (FedRAMP) requirements. Specific administrative, technical, and physical controls are in place to ensure that the records collected and maintained in the NDNH are secure from unauthorized access. Access to the records is restricted to authorized personnel who are advised of the confidentiality of the records and the civil and criminal penalties for misuse and who sign a nondisclosure oath to that effect. Personnel are provided privacy and security training before being granted access to the records and annually thereafter.

Logical access controls are in place to limit access to the records to authorized personnel, to limit their access based on their roles, and to prevent browsing. The records are processed and stored in a secure environment. All records are stored in an area that is physically safe from access by unauthorized persons at all times.

Safeguards conform to the HHS Information Security and Privacy Program, which may be found at https://www.hhs.gov/​ocio/​securityprivacy/​index.html.

RECORD ACCESS PROCEDURES:

To request access to a record about you in this system of records, submit a written access request to the System Manager. The request should include your name, telephone number and/or email address, current address, and signature, and sufficient particulars (such as, date of birth or SSN) to enable the System Manager to distinguish between records on subject individuals with the same name. To verify your identity, your signature must be notarized or your request must include your written certification that you are the individual who you claim to be and that you understand that the knowing and willful request for or acquisition of a record pertaining to an individual under false pretenses is a criminal offense subject to a fine of up to $5,000.

CONTESTING RECORD PROCEDURES:

To request correction of a record about you in this system of records, submit a written amendment request to Start Printed Page 3557 the System Manager. The request must contain the same information required for an access request and include verification of your identity in the same manner required for an access request. In addition, the request must reasonably identify the record and specify the information contested, the corrective action sought, and the reasons for requesting the correction; it should include supporting information to show how the record is inaccurate, incomplete, untimely, or irrelevant.

NOTIFICATION PROCEDURES:

To find out if this system of records contains a record about you, submit a written notification request to the System Manager. The request must identify this system of records, contain the same information required for an access request, and include verification of your identity in the same manner required for an access request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

80 FR 17906 (Apr. 2, 2015), updated 83 FR 6591 (Feb. 14, 2018).

SYSTEM NAME AND NUMBER:

OCSE Debtor File, HHS/ACF/OCSE, 09-80-0383.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Office of Child Support Enforcement, Administration for Children and Families, 330 C St. SW, 5th Floor, Washington, DC 20201.

SYSTEM MANAGER(S):

Acting Director, Division of Federal Systems, Office of Child Support Enforcement, Administration for Children and Families, Department of Health and Human Services, 330 C St. SW, 5th Floor, Washington, DC 20201, or Venkata.Kondapolu@acf.hhs.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

42 U.S.C. 652, 653, 664, and 666.

PURPOSE(S) OF THE SYSTEM:

The primary purpose of the OCSE Debtor File is to improve states' abilities to collect past due child support. The OCSE Debtor File facilitates OCSE's execution of its responsibility to perform the following duties: Transmit to the Secretary of State a certification by a state IV-D child support agency that an individual owes arrearages of child support in an amount exceeding $2,500 for action (with respect to denial, revocation, or limitation of passports) pursuant to 42 U.S.C. 652(k)(1); through the Federal Parent Locator Service (FPLS), to aid state IV-D agencies and financial institutions doing business in two or more states in operating a data match system pursuant to 42 U.S.C. 652(l) (see also 42 U.S.C. 666(a)(17)(A)(i)) and to aid in the transmission of information pertaining to a lien or levy of financial institution accounts located as a result of that data match system authorized under 42 U.S.C. 652(a)(7), 666(c)(1)(G), and 666(c)(1)(G)(ii); through the FPLS, to compare information regarding individuals owing past due support with income and benefits information of such individuals, including lump sum payment information, and furnish information resulting from the data matches to the state agencies responsible for collecting child support from the individuals pursuant to 42 U.S.C. 652(a)(7), 653(a)(2), 666(a)(4) and 666(c)(1)(G); through the FPLS, to compare information regarding individuals owing past due support with specified information maintained by insurers (or their agents) and furnish information resulting from the data matches to the state agencies responsible for collecting child support from the individuals pursuant to 42 U.S.C. 652(m); to assist the Secretary of the Treasury in withholding from refunds of federal taxes paid an amount owed by an individual owing past due child support pursuant to 42 U.S.C. 664; and to assist state IV-D child support enforcement agencies in the collection of past due child support through the administrative offset of certain federal payments pursuant to the Debt Collection Improvement Act of 1996 (Pub. L. 104-134), Executive Order 13019, and 31 CFR part 285; and to improve states' abilities to collect past due and current support from individuals who are owed workers' compensation benefits pursuant to 42 U.S.C. 653(e)(1); 666(a)(1)(A), (b)(1) and (8), and (c)(1)(F) and (G); and 653(b)(1)(B). OCSE operates the FPLS pursuant to 42 U.S.C. 652(a)(9) and 42 U.S.C. 653(a)(1).

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals owing past due child support, as indicated by a state agency administering a child support enforcement program pursuant to 42 U.S.C. 651 through 669b (Title IV, Part D, of the Social Security Act) are covered by this system.

Additional individuals whose records are contained in input files for authorized matching with records in this system are also covered by this system. These additional individuals include those claiming or receiving income or benefits, such as federal tax refunds, federal administrative payments, workers' compensation or insurance claims, settlements, awards, and payments.

CATEGORIES OF RECORDS IN THE SYSTEM:

(1) Records pertaining to individuals owing past due child support, as indicated by a state agency administering a child support enforcement program, including the name, SSN or TIN of such individual, date of birth, place of birth, mailing address, the amount of past due child support owed by the individual, adjustments to such amount, information on each enforcement remedy applicable to the individual to whom the record pertains, as indicated by a state IV-D child support enforcement agency; the amount of past due support collected as a result of each such remedy; and a history of updates by the state agency to the records.

(2) Records of the results of a comparison between records in the OCSE Debtor File pertaining to individuals owing past due child support and information maintained by the Secretary of the Treasury concerning the following amounts payable to such individuals: Refunds of federal taxes; salary, wage, and retirement benefits; income and benefits information; vendor payments and expense reimbursement payments and travel payments; and information pertaining to the collection of those amounts by state child support enforcement agencies.

(3) Records of the results of a comparison between records in the OCSE Debtor File pertaining to individuals owing past due child support and information provided by a financial institution doing business in two or more states, including the name, record address, SSN (or TIN) or other identifying number of each such individual, and information about any account held by the individual and maintained at such institution, including the amounts to withhold from the account, date of withholding of the amounts, and other information pertaining to the placement of a lien or levy by a state child support enforcement agency on the account.

(4) Records pertaining to individuals claiming or receiving periodic or lump sum workers' compensation payments (including name, record address, SSN (or TIN), claim numbers, and workers' compensation insurers) that are furnished by a workers' compensation agency and records of the results of a comparison between those records and Start Printed Page 3558 records in the OCSE Debtor File pertaining to individuals owing past due child support.

(5) Records pertaining to individuals whose information is maintained by an insurer (or its agent) concerning insurance claims, settlements, awards, and payments, and the results of a comparison between records in the OCSE Debtor File pertaining to individuals owing past due child support, and income and benefits information, including lump sum payment information and information maintained by insurers (or their agents) concerning insurance claims, settlements, awards, and payments and information pertaining to state child support enforcement agency withholding of these amounts.

(6) Records pertaining to individuals claiming or receiving other periodic or lump sum state or federal benefits, or other income, and the results of a comparison between those individuals and individuals owing past due support.

RECORD SOURCE CATEGORIES:

Information is obtained from departments, agencies, or instrumentalities of the United States, or any state, and from multistate financial institutions and insurers (or their agents), and other income sources.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

These routine uses specify circumstances under which ACF may disclose information from this system of records without the consent of the data subject. Each proposed disclosure of information under these routine uses will be evaluated to ensure that the disclosure is legally permissible. Any information defined as “return” or “return information” under 26 U.S.C. 6103 (Internal Revenue Code) is not disclosed unless authorized by a statute, the IRS, or IRS regulations.

(1) Disclosure to the Treasury to Withhold Past Due Support.

Pursuant to 42 U.S.C. 664 and the Debt Collection Improvement Act of 1996 (Pub. L. 104-134), information pertaining to an individual owing past-due child support may be disclosed to the Secretary of the Treasury for the purpose of withholding the past due support from amounts payable as refunds of federal taxes; salary, wage, and retirement payments; vendor payments; and expense reimbursement payments and travel payments.

(2) Disclosure to State Department for Passport Purposes.

Pursuant to 42 U.S.C. 652(k), information pertaining to an individual owing past due child support in a specified amount, as certified by a state child support enforcement agency, may be disclosed to the Secretary of State for the purpose of revoking, restricting, limiting, or denying a passport to the individual.

(3) Disclosure to Financial Institution to Collect Past Due Support.

Pursuant to 42 U.S.C. 652(l), information pertaining to an individual owing past due child support may be disclosed to a financial institution doing business in two or more states to identify an individual who maintains an account at the institution for the purpose of collecting past due support. Information pertaining to requests by the state child support enforcement agencies for the placement of a lien or levy of such accounts may also be disclosed.

(4) Disclosure to Insurer to Collect Past Due Support.

Pursuant to 42 U.S.C. 652(m), information pertaining to an individual owing past due child support may be disclosed to an insurer (or its agent) to identify an individual with an insurance claim, settlement, award, or payment for the purpose of collecting past due support.

(5) Disclosure to Workers' Compensation Agencies to Collect Current and Past Due Support.

Pursuant to 42 U.S.C. 653(e)(1); 666(a)(1)(A), (b)(1) and (8), and (c)(1)(F) and (G), information pertaining to an individual owing past due child support may be disclosed to a workers' compensation agency to identify an individual who is applying for or receiving periodic or lump sum workers' compensation for the purpose of collecting current and past due support.

(6) Disclosure of Treasury Information to State Child Support Enforcement Agency of Comparison Information for Assistance in Collecting Past Due Support.

Pursuant to 42 U.S.C. 664 and the Debt Collection Improvement Act 1996 (Pub. L. 104-134), the results of a comparison of information pertaining to an individual owing past due child support and information maintained by the Secretary of Treasury pertaining to amounts payable to the individual for refunds of federal taxes; salary, wage, and retirement benefits; vendor payments; expense reimbursement payments; or travel payments may be disclosed to a state IV-D child support agency for the purpose of assisting state agencies in collecting past due support.

(7) Disclosure of Financial Institution Information to State Child Support Enforcement Agency of Comparison Information for Assistance in Collecting Past Due Support.

Pursuant to 42 U.S.C. 652(l), the results of a comparison between information pertaining to an individual owing past due child support and information provided by multistate financial institutions may be disclosed to a state child support enforcement agency for the purpose of assisting state agencies in collecting past due support. Information pertaining to responses to requests by the state child support enforcement agencies for the placement of a lien or levy of such accounts may also be disclosed.

(8) Disclosure of Insurance Information to State Child Support Enforcement Agency for Assistance in Collecting Past Due Support.

Pursuant to 42 U.S.C. 652(m), the results of a comparison between information pertaining to an individual owing past due child support and information maintained by an insurer (or its agent) concerning insurance claims, settlements, awards, and payments may be disclosed to a state IV-D child support enforcement agency for the purpose of assisting state agencies in collecting past due support.

(9) Disclosure of Workers' Compensation Information to State Child Support Enforcement Agency for Assistance in Collecting Past Due and Current Support.

Pursuant to 42 U.S.C. 653(b)(1)(B), the results of a comparison between the information pertaining to an individual owing past due child support and information maintained by a workers' compensation agency concerning workers' compensation payments may be disclosed to a state IV-D child support enforcement agency for the purpose of assisting states in collecting past due support and any current support owed by the individual.

(10) Disclosure of Income and Benefits Information to State Child Support Enforcement Agency for Assistance in Collecting Past Due and Current Support.

Pursuant to 42 U.S.C. 652(a)(7), 653(a)(2), 666(a)(4), and 666(c)(1)(G), the results of a comparison between the information pertaining to an individual owing past due child support and income and benefits information of such individuals, including lump sum payment information, may be disclosed for the purpose of assisting states in collecting past due support and any current support owed by the individual.

(11) Disclosure for Law Enforcement Purpose.

Information may be disclosed to the appropriate federal, state, local, tribal, or foreign agency responsible for Start Printed Page 3559 identifying, investigating, and prosecuting noncustodial parents who knowingly fail to pay their support obligations and meet the criteria for federal prosecution under 18 U.S.C. 228. The information must be relevant to the violation of criminal nonsupport, as stated in the Deadbeat Parents Punishment Act, 18 U.S.C. 228.

(12) Disclosure to Department of Justice or in Proceedings.

Records may be disclosed to support DOJ or a court or other adjudicative body in litigation or other proceedings when HHS or any of its components, or any employee of HHS in his or her official capacity, or any employee of HHS in his or her individual capacity where the DOJ or HHS has agreed to represent the employee, or the United States, is a party to the proceedings or has an interest in the proceedings and, by careful review, HHS determines that the records are both relevant and necessary to the proceedings.

(13) Disclosure to Contractor to Perform Duties.

Information may be disclosed to a contractor performing or working on a contract for HHS, who has a need to have access to the information in the performance of its duties or activities for HHS in accordance with law and with the contract.

(14) Disclosure to Congressional Office.

Information may be disclosed to a congressional office from the record of an individual in response to a written inquiry from the congressional office made at the written request of the individual.

(15) Disclosure in the Event of a Security Breach.

(a) Information may be disclosed to appropriate agencies, entities, and persons when (1) HHS suspects or has confirmed that there has been a breach of the system of records; (2) HHS has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, HHS (including its information systems, programs, and operations), the federal government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with HHS's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(b) Information may be disclosed to another federal agency or federal entity when HHS determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach, or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the federal government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records in the OCSE Debtor File are stored electronically at the Social Security Administration's National Support Center. Historical logs and system backups are stored offsite at an alternate location.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records maintained in the OCSE Debtor File are retrieved by the SSN or TIN of the individual to whom the record pertains provided, however, that for the purpose of comparing information in the OCSE Debtor File with information provided by workers' compensation agencies or insurers (or their agents), records in the OCSE Debtor File may be retrieved by the name of the individual and either the date of birth or the address of the individual. For the purpose of collecting and disseminating information provided by state child support agencies and financial institutions, information is retrieved by the FEIN of the financial institution and the state FIPS code of the state child support agency and, where requested, by the state child support case identification number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Upon approval of a disposition schedule by NARA, the records will be deleted when OCSE determines that the records are no longer needed for administrative, audit, legal, or operational purposes, and in accordance with the NARA-approved schedule. Approved disposal methods for electronic records and media include overwriting, degaussing, erasing, disintegration, pulverization, burning, melting, incineration, shredding, or sanding.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

The system leverages cloud service providers that maintain an authority to operate in accordance with applicable laws, rules, and policies, including FedRAMP requirements. Specific administrative, technical, and physical controls are in place to ensure that the records collected and maintained in the OCSE Debtor File are secure from unauthorized access. Access to the records is restricted to authorized personnel, based on their roles, who are advised of the confidentiality of the records and the civil and criminal penalties for misuse and who sign a nondisclosure oath to that effect. Personnel are provided privacy and security training before being granted access to the records and annually thereafter.

Logical access controls are in place to limit access to the records to authorized personnel and to prevent browsing. The records are processed and stored in a secure environment. All records are stored in an area that is physically safe from access by unauthorized persons at all times.

Safeguards conform to the HHS Information Security and Privacy Program, which can be found at https://www.hhs.gov/​ocio/​securityprivacy/​index.html.

RECORD ACCESS PROCEDURES:

To request access to a record about you in this system of records, submit a written access request to the System Manager. The request should include your name, telephone number and/or email address, current address, signature, and sufficient particulars (such as date of birth or SSN) to enable the System Manager to distinguish between records on subject individuals with the same name. To verify your identity, your signature must be notarized or your request must include your written certification that you are the individual you claim to be and that you understand that the knowing and willful request for or acquisition of a record pertaining to an individual under false pretenses is a criminal offense subject to a fine of up to $5,000.

CONTESTING RECORD PROCEDURES:

To request correction of a record about you in this system of records, submit a written amendment request to the System Manager. The request must contain the same information required for an access request and include verification of your identity in the same manner required for an access request. In addition, the request must reasonably identify the record and specify the information contested, the corrective action sought, and the reasons for requesting the correction; it should include supporting information to show how the record is inaccurate, incomplete, untimely, or irrelevant.

NOTIFICATION PROCEDURES:

To find out if this system of records contains a record about you, submit a written notification request to the System Manager. The request must Start Printed Page 3560 identify this system of records, contain the same information required for an access request, and include verification of your identity in the same manner required for an access request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

80 FR 17909 (Apr. 2, 2015), updated 83 FR 6591 (Feb. 14, 2018).

SYSTEM NAME AND NUMBER:

Child Support Portal Registration Records, HHS/ACF/OCSE, 09-80-0387.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Office of Child Support Enforcement, Administration for Children and Families, 330 C St. SW, 5th Floor, Washington, DC 20201.

SYSTEM MANAGER(S):

Acting Director, Division of Federal Systems, Office of Child Support Enforcement, Administration for Children and Families, Department of Health and Human Services, 330 C St. SW, 5th Floor, Washington, DC 20201, or Venkata.Kondapolu@acf.hhs.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

42 U.S.C. 652(a)(7) and (9) and 653(a)(1).

PURPOSE(S) OF THE SYSTEM:

The Child Support Portal system of records covers information provided by individuals who register to use the Child Support Portal's services to access information maintained in other OCSE systems of records. The Child Support Portal is a conduit (pass-through system) that provides authorized users with access to select, highly confidential child support enforcement case information maintained in the following systems of records:

• The OCSE National Directory of New Hires, HHS/ACF/OCSE, 09-80-0381;
• the OCSE Debtor File, HHS/ACF/OCSE, 09-80-0383; and
• the OCSE Federal Case Registry of Child Support Orders (FCR), HHS/ACF/OCSE, 09-80-0385.

The individuals who register for access to use the Child Support Portal's services are designated representatives of the following types of agencies and organizations: Employers, financial institutions and insurers, state and tribal child support enforcement agencies, and OCSE. OCSE uses the registrant information provided by the individuals and their affiliated entities to validate the individuals' and organizations' eligibility for access and authenticate their identity.

Purposes for which individuals register to access the Child Support Portal's services include, primarily, providing information to be included in the other systems of records identified above, and, in limited cases, receiving information from one of those systems of records. For example:

• OCSE personnel use the Child Support Portal to submit, request, and receive child support program reporting information that does not include personally identifiable information (PII), such as state plan and program self-assessment reports.
• OCSE contractors access the Child Support Portal to perform system administrative functions.
• Representatives of employers use the Child Support Portal's web-based functions to provide OCSE with the employer's identifying and contact information, and employee status changes. Employers also use the Child Support Portal to provide lump sum payment information, and to provide a list of the states in which they operate and to designate a single reporting state to submit new hire information to the National Directory of New Hires.
• Representatives of financial institutions and insurers use the Child Support Portal's web-based functions as a secure means to provide information on financial assets and potential insurance payouts for delinquent obligors.

• Representatives of a state child support agency directly use, and representatives of tribes under contract with the state child support agency indirectly use ( i.e., through the state agency), the Child Support Portal's web-based functions to submit and access child support case information regarding obligor location, income and assets, and other inter-jurisdictional case information in the NDNH and Federal Case Registry systems of records, as authorized by routine uses published for those systems of records. (Location information in those systems of records includes mailing addresses obtained from the Department of the Treasury's Internal Revenue Service based on written requests under a Taxpayer Address Request Agreement pursuant to 26 U.S.C. 6103(l)(6) that limits disclosure of the addresses to federal, state, and local child support agencies and their agents only for purposes of, and to the extent necessary in, establishing and collecting child support obligations from, and locating, individuals owing such obligations.) State and tribal child support agencies also use the Child Support Portal to submit federally required reports, such as state plans and program self-assessment reports, including child support agency performance, agency contact information, and child support program information that does not include personal identifiers.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The registration records are about OCSE personnel and contractors; federal, state, and tribal agency employees; and individual representatives and contractors of employers, insurance companies, and financial institutions, who register to use the Child Support Portal's services for the purpose(s) of submitting or accessing information to process child support cases.

(For information on the categories of individuals whose information is accessed or transmitted via the Child Support Portal, which is maintained in other OCSE systems of records, please see the system of records notices covering those other systems, identified in the Purpose(s) section.)

CATEGORIES OF RECORDS IN THE SYSTEM:

The records consist of personal information furnished by individuals seeking access to the Child Support Portal's services, including the following: The individual's name, user name or ID number, business function ( e.g., enforcement), workload identifier ( e.g., alpha work caseload), employer, county of employment, telephone number, telephone service provider, tribal affiliation, SSN, date of birth, email address, name, address, and FEIN of the individual's employer; selected security questions and responses; and individual passwords for access.

(For information on the categories of records transmitted through the Child Support Portal, which is maintained in other OCSE systems of records, please see the system of records notices covering those other systems, identified in the Purpose(s) section.)

RECORD SOURCE CATEGORIES:

Information in the user registration records is obtained from the subject individual who registers for access privileges to use the Child Support Portal, and from the individual's affiliated business or organization and third parties conducting business on behalf of the business or organization.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

These routine uses specify circumstances under which ACF may Start Printed Page 3561 disclose Portal registration information from this system of records without the consent of the subject individual. Each proposed disclosure of information under these routine uses will be evaluated to ensure that the disclosure is legally permissible.

(For information on routine uses of the records transmitted through the Child Support Portal, which is maintained in other OCSE systems of records, please see the System of Records Notices covering those other systems, identified in the Purpose(s) section.)

(1) Disclosure to Department of Justice or in Proceedings.

Records may be disclosed to support DOJ or a court or other adjudicative body in litigation or other proceedings when HHS or any of its components, or any employee of HHS in his or her official capacity, or any employee of HHS in his or her individual capacity where the DOJ or HHS has agreed to represent the employee, or the United States, is a party to the proceedings or has an interest in the proceedings and, by careful review, HHS determines that the records are both relevant and necessary to the proceedings.

(2) Disclosure to Congressional Office.

Information may be disclosed to a congressional office from the record of an individual in response to a written inquiry from the congressional office made at the written request of the individual.

(3) Disclosure to Contractor to Perform Duties.

Records may be disclosed to a contractor performing or working on a contract for HHS, who is authorized to access the information in the performance of its duties or activities for HHS in accordance with law and with the contract.

(4) Disclosure in the Event of a Security Breach.

(a) Information may be disclosed to appropriate agencies, entities, and persons when (1) HHS suspects or has confirmed that there has been a breach of the system of records; (2) HHS has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, HHS (including its information systems, programs, and operations), the federal government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with HHS's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(b) Information may be disclosed to another federal agency or federal entity when HHS determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach, or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the federal government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

The user registration records are stored electronically at the OCSE Data Center.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved by the SSN of the individual to whom the record pertains.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Upon approval of a disposition schedule by NARA, the user registration records will be deleted when OCSE determines that the records are no longer needed for administrative, audit, legal, or operational purposes, and in accordance with the NARA-approved schedule. Approved disposal methods for electronic records and media include overwriting, degaussing, erasing, disintegration, pulverization, burning, melting, incineration, shredding, or sanding.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

The system leverages cloud service providers that maintain an authority to operate in accordance with applicable laws, rules, and policies, including FedRAMP requirements. Specific administrative, technical, and physical controls are in place to ensure that the user registration records are secure from unauthorized access. Access to the registration records is restricted to authorized personnel (including system support contractors) who manage Child Support Portal registration tasks, and whose access is limited based on role. They are provided privacy and security training before being granted access to the records and annually thereafter.

Logical access controls are in place to limit access to the registration records to authorized personnel. The records are processed and stored in a secure environment. The individual's SSN is encrypted; access to, and viewing of, the individual's SSN is restricted to designated employees and contractors of OCSE solely for the purpose of verifying the identity of a registrant or a user of the Child Support Portal. All records are stored in an area that is physically safe from access by unauthorized persons at all times. The facility where records are stored are protected by security guards and cameras.

Safeguards conform to the HHS Information Security and Privacy Program, which can be found at https://www.hhs.gov/​ocio/​securityprivacy/​index.html.

RECORD ACCESS PROCEDURES:

To request access to a record about you in this system of records, submit a written request to the System Manager. The request should include your name, telephone number and/or email address, current address, signature, and sufficient particulars (such as date of birth or SSN) to enable the System Manager to distinguish between records on subject individuals with the same name. To verify your identity, your signature must be notarized or your request must include your written certification that you are the individual who you claim to be and that you understand that the knowing and willful request for or acquisition of a record pertaining to an individual under false pretenses is a criminal offense subject to a fine of up to $5,000.

CONTESTING RECORD PROCEDURES:

To request correction of a record about you in this system of records, submit a written amendment request to the System Manager. The request must contain the same information required for an access request and include verification of your identity in the same manner required for an access request. In addition, the request must reasonably identify the record and specify the information contested, the corrective action sought, and the reasons for requesting the correction; it should include supporting information to show how the record is inaccurate, incomplete, untimely, or irrelevant.

NOTIFICATION PROCEDURES:

To find out if this system of records contains a record about you, submit a written notification request to the System Manager. The request must identify this system of records, contain the same information required for an access request, and include verification of your identity in the same manner required for an access request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None. Start Printed Page 3562

HISTORY:

80 FR 17915 (Apr. 2, 2015), updated 83 FR 6591 (Feb. 14, 2018).