AGENCY:

Administration for Children and Families, Department of Health and Human Services.

ACTION:

Notice of a new systems of records.

SUMMARY:

In accordance with the requirements of the Privacy Act of 1974, as amended, the Department of Health and Human Services (HHS) is establishing a new system of records to be maintained by the Administration for Children and Families (ACF), Office of Child Support Services (OCSS): System Number 09-80-0391, “OCSS Research Platform.”

DATES:

In accordance with 5 U.S.C. 552a(e)(4) and (11), this Notice is applicable May 16, 2024, subject to a 30-day period in which to comment on the routine uses, described below. Please submit any comments by June 17, 2024.

ADDRESSES:

The public should address written comments by mail or email to: Anita Alford, Senior Official for Privacy, Administration for Children and Families, 330 C St. SW, Washington, DC 20201, or anita.alford@acf.hhs.gov.

FOR FURTHER INFORMATION CONTACT:

General questions about the new system of records should be submitted by mail or email to Venkata Kondapolu, Office of Child Support Services, at 330 C St. SW—5th Floor, Washington, DC 20201, or venkata.kondapolu@acf.hhs.gov, or by phone at 202-260-4712.

SUPPLEMENTARY INFORMATION:

The new system of records will consist of information about individual participants in child support cases which originates in one or more other OCSS system(s) of records (and, possibly, information technology (IT) systems of other HHS components, other agencies such as the Social Security Administration, or external parties) and is used to build deidentified datasets for research purposes likely to contribute to the purposes of the Temporary Assistance for Needy Families program, authorized under title IV-A of the Social Security Act, or the child support program, authorized under title IV-D of the Social Security Act.

SYSTEM NAME AND NUMBER:

OCSS Research Platform, 09-80-0391.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Office of Child Support Services, Administration for Children and Families, 330 C St. SW—5th Floor, Washington, DC 20201.

SYSTEM MANAGER(S):

Director, Division of Federal Systems, Office of Child Support Services, Administration for Children and Families, Department of Health and Human Services, 330 C St. SW—5th Floor, Washington, DC 20201, (202) 260-4712, venkata.kondapolu@acf.hhs.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

42 U.S.C. 653(j)(5).

PURPOSE(S) OF THE SYSTEM:

The purpose of the system of records is to cover records which are retrieved by personal identifier to build deidentified datasets for research purposes likely to contribute to the purposes of the Temporary Assistance for Needy Families program, authorized under title IV-A of the Social Security Start Printed Page 42882 Act, or the child support program, authorized under title IV-D of the Social Security Act.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The records are about individuals who are involved in child support cases in which services are being provided by State or Tribal IV-D child support agencies; although information about other individuals is also contained in the records, only personal identifiers about individuals who are involved in child support cases are used for retrieval.

Note: Information about child participants will be included in the de-identified datasets as part of a child support case household, but will only be used to provide information about unique case and family structure; analysis of individuals will be limited to adult participants.

CATEGORIES OF RECORDS IN THE SYSTEM:

The records consist of child support case-related data from ACF/OCSS information technology (IT) systems, and possibly IT systems of other HHS components, other agencies such as the Social Security Administration, or external parties, which are combined to create deidentified datasets to provide relevant and meaningful information for research purposes. Examples of specific data elements that may be included about individuals involved in a child support case are listed below.

• Identifying information (e.g., name, Social Security Number (SSN), date of birth).
• Address and contact information.
• Employment and wage information.
• Child support debt information.
• Income, financial assets, and benefit information (e.g., information about financial accounts, lump sum payments, workers' compensation, retirement benefits, and insurance claims, settlements, awards, and payments).

RECORD SOURCE CATEGORIES:

Sources of data retrieved by personal identifier to create deidentified datasets include OCSS IT systems, and possibly IT systems of other HHS components, and other agencies or external parties, which contain data that may have originally been collected from the child support case participant to whom it pertains, or from an agency, employer, insurance company, or financial institution registered to use the CSP.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to other disclosures authorized directly in the Privacy Act at 5 U.S.C. 552a(b)(1) and (2) and (b)(4) through (11), HHS may disclose records about an individual from this system of records to parties outside HHS as described in these routine uses, without the subject individual's prior written consent.

(1) Disclosure to Contractor to Perform Duties.

Records may be disclosed to a contractor performing or working on a contract for HHS who has a need for the records in the performance of its duties or activities in accordance with law and with the contract.

(2) Disclosure in the Event of a Security Breach.

(a) Records may be disclosed to appropriate agencies, entities, and persons when (1) HHS suspects or has confirmed that there has been a breach of the system of records; (2) HHS has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, HHS (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with HHS's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(b) Records may be disclosed to another Federal agency or Federal entity when HHS determines that records from this system of records are reasonably necessary to assist in (1) responding to a suspected or confirmed breach; or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

The records will be stored on electronic media, but paper printouts may be generated.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records about individuals involved in child support cases will be retrieved by the individuals' assigned identifiers, including child support case identifier, if any, or combination of identifiers, to disaggregate duplicate records and to combine records that are about the same individual.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The records used to create the deidentified datasets will be retained and disposed of in accordance with General Records Schedule 5.2, Items 010 and 020 (DAA-GRS-2022-0009-0001 and DAA-GRS-2022-0009-0002), which provides these disposition periods:

• Item 010 Transitory records: Destroy when no longer needed for business use, or according to an agency predetermined time period or business rule.
• Item 020 Intermediary records: Destroy upon creation or update of the final record, or when no longer needed for business use, whichever is later.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

The system leverages cloud service providers that maintain an authority to operate in accordance with applicable laws, rules, and policies, including Federal Risk and Authorization Management Program (FedRAMP) requirements. Specific administrative, technical, and physical controls are in place to ensure that the records collected and maintained in the OCSS Data Analytics system are secure from unauthorized access. Access to the records is restricted to authorized personnel who are advised of the confidentiality of the records and the civil and criminal penalties for misuse and who sign a nondisclosure oath to that effect. Personnel are provided privacy and security training before being granted access to the records and annually thereafter.

Logical access controls are in place to limit access to the records to authorized personnel, to limit their access based on their roles, and to prevent browsing. The records are processed and stored in a secure environment. All records are stored in an area that is always physically safe from unauthorized access.

Safeguards conform to the HHS Information Security and Privacy Program, which may be found at https://www.hhs.gov/​ocio/​securityprivacy/​index.html.

RECORD ACCESS PROCEDURES:

To request access to a record about you in this system of records, submit a written access request to the System Manager. The request must include your name, telephone number or email address, current address, signature, and sufficient particulars (such as date of birth or SSN) to enable the System Manager to distinguish between records on subject individuals with the same name. To verify your identity, your signature must be notarized, or your request must include your written certification that you are the individual who you claim to be and that you Start Printed Page 42883 understand that the knowing and willful request for, or acquisition of, a record pertaining to an individual under false pretenses is a criminal offense subject to a fine of up to $5,000.

CONTESTING RECORD PROCEDURES:

To request correction of a record about you in this system of records, submit a written amendment request to the System Manager. The request must contain the same information required for an access request and include verification of your identity in the same manner required for an access request. In addition, the request must reasonably identify the record and specify the information contested, the corrective action sought, and the reasons for requesting the correction; it should include supporting information to show how the record is inaccurate, incomplete, untimely, or irrelevant.

NOTIFICATION PROCEDURES:

To find out if this system of records contains a record about you, submit a written notification request to the System Manager. The request must identify this system of records, contain the same information required for an access request, and include verification of your identity in the same manner required for an access request.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.