Privacy Act of 1974; System of Records

Issuing agencies

Abstract

The National Science Foundation (NSF) is creating a new system of records: NSF-80, Education and Training Application Data System (ETAP). This new system of records will contain records about individuals interested in participating in NSF education and training activities, and individuals engaged in the planning, management, and implementation of those activities. Records will bolster the agency's capacity to conduct robust evidence-building activities, including monitoring, targeted research, and rigorous evaluation of its education and training activities.

Full Text

<html>
<head>
<title>Federal Register, Volume 88 Issue 203 (Monday, October 23, 2023)</title>
</head>
<body><pre>
[Federal Register Volume 88, Number 203 (Monday, October 23, 2023)]
[Notices]
[Pages 72796-72798]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2023-23304]


=======================================================================
-----------------------------------------------------------------------

NATIONAL SCIENCE FOUNDATION


Privacy Act of 1974; System of Records

AGENCY: National Science Foundation.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The National Science Foundation (NSF) is creating a new system 
of records: NSF-80, Education and Training Application Data System 
(ETAP). This new system of records will contain records about 
individuals interested in participating in NSF education and training 
activities, and individuals engaged in the planning, management, and 
implementation of those activities. Records will bolster the agency's 
capacity to conduct robust evidence-building activities, including 
monitoring, targeted research, and rigorous evaluation of its education 
and training activities.

DATES: This system notice is effective as of October 23, 2023. The 
routine uses described in this notice will take effect on November 22, 
2023, unless modified by a subsequent notice to incorporate comments 
received from the public. Submit comments on or before November 22, 
2023.

ADDRESSES: You may submit comments, identified as ``SORN NSF-80 
(ETAP),'' by any of the following methods:
    <bullet> Federal eRulemaking Portal: <a href="http://www.regulations.gov">http://www.regulations.gov</a>. 
Follow the instructions for submitting comments.
    <bullet> Email: Senior Agency Official for Privacy, Dorothy 
Aronson, <a href="/cdn-cgi/l/email-protection#b2d6d3c0dddcc1dddcf2dcc1d49cd5ddc4"><span class="__cf_email__" data-cfemail="224643504d4c514d4c624c51440c454d54">[email&#160;protected]</span></a>. Include ''SORN NSF-80, ETAP'' in the subject 
line of the message.
    <bullet> Mail: Dorothy Aronson, Senior Agency Official for Privacy, 
Office of Information and Resource Management, National Science 
Foundation, 2415 Eisenhower Ave., Alexandria, VA 22314.
    Instructions: NSF will post all comments on the NSF's website 
(<a href="https://www.nsf.gov">https://www.nsf.gov</a>). All comments submitted in response to this 
Notice will become a matter of public record. Therefore, you should 
submit only information that you wish to make publicly available.

FOR FURTHER INFORMATION CONTACT: If you wish to submit general 
questions about the proposed new system of records NSF-80, please 
contact Dorothy Aronson, Senior Agency Official for Privacy, at 
<a href="/cdn-cgi/l/email-protection#9afefbe8f5f4e9f5f4daf4e9fcb4fdf5ec"><span class="__cf_email__" data-cfemail="7e1a1f0c11100d11103e100d1850191108">[email&#160;protected]</span></a> or 703-292-4299.

SUPPLEMENTARY INFORMATION: NSF supports students and early career 
professionals at all stages of their academic journey through a wide 
range of opportunities that foster professional growth, facilitating 
exposure to and induction into the practice of science. The new system 
of records, NSF-80, Education and Training Application Data System 
(ETAP), will be used to collect, maintain, and manage individual 
applications to education and training opportunities funded by NSF, 
allow tracking of participants' program experiences and career outcomes 
over time, and provide high-quality data that NSF can use to respond to 
Administration priorities, the Foundations for Evidence-Based 
Policymaking Act of 2018 (Evidence Act), the America COMPETES 
Reauthorization Act of 2010, and the CHIPS+ Act.

System Name and Number:
    Education and Training Application Data System Records (ETAP), NSF-
80.

Security Classification:
    Unclassified.

System Location:
    National Science Foundation, 2415 Eisenhower Ave., Alexandria, VA 
22314.

System Manager(s):
    Chief Evaluation Officer and Division Director, Division of 
Information Systems, NSF.

Authority for Maintenance of the System:
    42 U.S.C. 1862 & 1870; 44 U.S.C. 3101; Public Law 105-277, t. 4, 
sec. 414, as amended, codified at 8 U.S.C. 1101 note (NSF S-STEM 
Program); and other program statutes, including 42 U.S.C. 1862p-6, 42 
U.S.C. 1862p-7, 42 U.S.C. 1862p-13, 42 U.S.C. 1862p-15, 42 U.S.C. 
1862t, 42 U.S.C. 1869c, 42 U.S.C.1885a.

Purpose(s) of the System:
    (1) To provide high-quality data that NSF can use for robust 
evidence-building activities including monitoring, targeted research, 
and rigorous evaluations of its activities, including programs.
    (2) To provide the public with a transparent, accessible, and 
centralized location of information on NSF education and training 
opportunities and reduce burden on individuals (mostly students), who 
will be able to use a common application to apply to multiple training 
opportunities funded by NSF.
    (3) To lower barriers to entry into NSF programs for new and 
aspiring Principal Investigators (PIs), who will be able to leverage a 
robust and secure data collection system, free of charge, to manage 
applications to their projects, and reduce administrative costs for 
existing PIs.
    (4) To provide NSF's community of stakeholders (including PIs, Co-
PIs, and NSF program officers and leadership) with timely access to 
data analytics on applicants and participants to inform decision making 
and support improvement efforts.
    (5) To enable longitudinal tracking of outputs and outcomes to 
assess the effectiveness of NSF's education and training activities and 
inform decisions.
    (6) To provide demographic data that NSF can use to ensure 
equitable representation of groups that are traditionally 
underrepresented in science, technology, engineering, and mathematics 
(STEM).
    (7) To recognize the achievements of distinguished individuals, 
their actions, products, or ideas and disseminate information of 
relevant opportunities to support individuals' careers in STEM.
    (8) To support NSF efforts to disseminate information about the 
agency's education and training opportunities, as appropriate, and 
about the effectiveness of its activities.
    (9) To provide data that may be used for NSF compliance with 
applicable laws and policies, and conflict of interest management.

Categories of Individuals Covered by the System:
    This system contains information on members of the public 
interested in participating in education and training opportunities 
supported by NSF. These include individuals who apply to, participate 
in, and/or are supported by NSF education and training programs, 
projects and activities, including but not limited to students, other 
youth and early career individuals, teachers, higher education faculty, 
mentors, administrators, and parents/legal guardians (where 
applicable). The system also maintains information on individuals 
engaged in the management and implementation of those opportunities, 
including PIs and Co-PIs of NSF awards and their designees involved in 
recruitment and selection of program participants. The system covers 
these individuals only to the extent that the records are about the 
individual and are retrieved from the system by that individual's name 
or other personally assigned identifier.

[[Page 72797]]

Categories of Records in The System:
    Records vary by categories of individuals and, for applicants, the 
type of education and training opportunities to which they are 
applying. Records may include information such as individuals' names, 
contact information, date of birth, demographic information, parental 
education and occupation, higher education degree information, school/
institution names, academic records, college financial aid information, 
prior research experiences, work experience (if a teacher: including 
school name, teaching grade and subject, years of teaching experience, 
teaching certification), awareness of a given program, opportunity 
applying for, preferences for data sharing with other NSF opportunities 
for which they have not applied, additional materials requested by PIs 
(which may include personal statement, transcripts, CV or 
r[eacute]sum[eacute], references' contact information, and other 
materials), reference letters of support (relationship with applicant, 
applicant skills and abilities assessments, and letter of 
recommendation), admission decisions, acceptances, participation, and 
NSF funding, program experiences (weeks spent in program, support from 
faculty and staff, program activities, type of mentor, time spent with 
mentor, experiences with mentor, benefits of program, satisfaction with 
experience) and feedback, and employment information. In addition, 
records may include information about the opportunity, including its 
NSF award/proposal ID and its associated metadata, such as opportunity 
name, location, external website link, application window, application 
type (open competition or invitation-only), opportunity start and end 
date, description of the opportunity, eligibility requirements and 
certification, fields of study, and research topics or keywords.

Record Source Categories:
    Individuals registering with NSF (1) to apply and participate in 
NSF education and training opportunities (prospective applicants and 
participants), or (2) to create, manage, or administer such 
opportunities (PIs, Co-PIs, and their designated individuals, NSF staff 
and external qualified reviewers). System data on individuals may be 
collected from the individuals directly, from third-party individuals 
or entities, or be derived from other related NSF systems of records 
(e.g., PI and reviewer files, see NSF-50 and -51, respectively).

Routine Uses of Records Maintained in the System, Including Categories 
of Users and Purposes of Such Uses:
    The following NSF standard routine uses apply:
    1. Members of Congress. Information from a system may be disclosed 
to congressional offices in response to inquiries from the 
congressional offices made at the request of the individual to whom the 
record pertains.
    2. Freedom of Information Act/Privacy Act Compliance. Information 
from a system may be disclosed to the Department of Justice or the 
Office of Management and Budget in order to obtain advice regarding 
NSF's obligations under the Freedom of Information Act and the Privacy 
Act.
    3. Counsel. Information from a system may be disclosed to NSF's 
legal representatives, including the Department of Justice and other 
outside counsel, where the agency is a party in litigation or has an 
interest in litigation and the information is relevant and necessary to 
such litigation, including when any of the following is a party to the 
litigation or has an interest in such litigation: (a) NSF, or any 
component thereof; (b) any NSF employee in his or her official 
capacity; (c) any NSF employee in his or her individual capacity, where 
the Department of Justice has agreed to, or is considering a request 
to, represent the employee; or (d) the United States, where NSF 
determines that litigation is likely to affect the agency or any of its 
components.
    4. National Archives, General Services Administration. Information 
from a system may be disclosed to representatives of the General 
Services Administration and the National Archives and Records 
Administration (NARA) during the course of records management 
inspections conducted under the authority of 44 U.S.C. 2904 and 2906.
    5. Response to an Actual or Suspected Compromise or Breach of 
Personally Identifiable Information. NSF may disclose information from 
the system to appropriate agencies, entities, and persons when: (1) NSF 
suspects or has confirmed that there has been a breach of the system of 
records; (2) NSF has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals; NSF (including 
its information systems, programs, and operations); the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with NSF efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm. Furthermore, NSF 
may disclose information from the system to another Federal agency or 
Federal entity, when NSF determines that information from this system 
of records is reasonably necessary to assist the recipient agency or 
entity in: (1) Responding to a suspected or confirmed breach; or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    6. Courts. Information from a system may be disclosed to the 
Department of Justice or other agencies in the event of a pending court 
or formal administrative proceeding, when the information is relevant 
and necessary to that proceeding, for the purpose of representing the 
government, or in the course of presenting evidence, or the information 
may be produced to parties or counsel involved in the proceeding in the 
course of pre-trial discovery.
    7. Contractors. Information from a system may be disclosed to 
contractors, agents, experts, consultants, or others performing work on 
a contract, service, cooperative agreement, job, or other activity for 
NSF and who have a need to access the information in the performance of 
their duties or activities for NSF.
    8. Audit. Information from a system may be disclosed to government 
agencies and other entities authorized to perform audits, including 
financial and other audits, of the agency and its activities.
    9. Law Enforcement. Information from a system may be disclosed, 
where the information indicates a violation or potential violation of 
civil or criminal law, including any rule, regulation or order issued 
pursuant thereto, to appropriate Federal, State, or local agencies 
responsible for investigating, prosecuting, enforcing, or implementing 
such statute, rule, regulation, or order.
    10. Disclosure When Requesting Information. Information from a 
system may be disclosed to Federal, State, or local agencies which 
maintain civil, criminal, or other relevant enforcement information or 
other pertinent information, such as current licenses, if necessary, to 
obtain information relevant to an agency decision concerning the hiring 
or retention of an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit.
    11. To the news media and the public when: (1) A matter has become 
public

[[Page 72798]]

knowledge, (2) the NSF Office of the Director determines that 
disclosure is necessary to preserve confidence in the integrity of NSF 
or is necessary to demonstrate the accountability of NSF's officers, 
employees, or individuals covered by this system, or (3) the Office of 
the Director determines that there exists a legitimate public interest 
in the disclosure of the information, except to the extent that the 
Office of the Director determines in any of these situations that 
disclosure of specific information in the context of a particular case 
would constitute an unwarranted invasion of personal privacy.
    In addition to the above standard routine uses, information may be 
routinely disclosed:
    12. To PIs, Co-Pis, and their designated individuals (for 
opportunities funded through NSF awards), and NSF staff and external 
qualified reviewers (for opportunities administered by NSF) for their 
assessment of applicants or nominees (and their application materials, 
where applicable), including in the case of individuals who have 
expressed interest in such opportunity or provided consent to be 
contacted by opportunities they have not applied for, as part of the 
application review process and to support operations; and to other 
Government agencies or other entities needing information regarding the 
applicants or nominees as part of a joint application review process, 
or in order to coordinate programs or policy.
    13. To NSF partners, affiliates, or grantees, as well as other 
entities to merge records, to carry out studies for, or to otherwise 
assist NSF with program management, implementation, evaluation, or 
reporting.
    14. To applicants (including the individual nominee or ultimate 
participant), their nominators or reference writers, and the 
institution they are applying to, attending, planning to attend, or 
employed by, who may be given information (such as name, field of 
study, and other information directly relating to the NSF opportunity, 
review status including the admission decision, time of participation, 
whether receiving international travel allowance or a mentoring 
assistantship), for purposes of facilitating application review and 
admissions decisions, administering the program or award, and 
supporting dissemination and student engagement activities.
    15. To the Department of Treasury for preparation of checks or 
electronic fund transfer authorizations in the case of participants 
receiving stipends directly from the Government.
    16. To the National Student Clearinghouse, for tracking applicants 
and participants through their postsecondary enrollment and graduation 
trajectories, and other third-party entities, for the purposes of 
validating contact information, disambiguating records, or cross-
checking of information, and tracking education or employment outcomes.
    17. To an agency or other organization, such as the National Center 
for Science and Engineering Statistics (NCSES), for the purposes of 
merging or linking needed data for monitoring, research, or evaluation 
purposes, to the extent authorized by applicable privacy and security 
laws, regulations, and NSF policies and guidance.
    18. To the public, about an individual's involvement with NSF 
education and training programs (participant name, baccalaureate 
institution, current institution, and field of study) for purposes of 
media releases or other public announcements about these programs. 
Other information about the individual's involvement in these programs 
may be publicly disclosed with written consent of that individual (or, 
where applicable, the individual's legal guardian or other legal 
representative).

Policies and Practices for Storage of Records:
    Records are stored on electronic digital media.

Policies and Practices for Retrieval of Records:
    Records are retrieved by name, date of birth, email, identification 
number, zip code, state, or institution.

Policies and Practices for Retention and Disposal of Records:
    This System of Records is governed by one or more general and/or 
NSF-specific (Record Group RG-0307) records retention schedules 
approved by the National Archives and Records Administration (NARA) and 
applicable to NSF proposal, reviewer, and grant files and related 
administrative records. These schedules can be found at <a href="https://archives.gov">https://archives.gov</a>.

Administrative, Technical, and Physical Safeguards:
    The National Science Foundation's IT Security and Privacy program 
includes policies, plans, training, and technical safeguards to protect 
sensitive information, including personally identifiable information 
(PII). NSF routinely reviews PII in IT systems in addition to 
monitoring technical, physical, and administrative controls in place to 
assure that PII is appropriately protected. NSF's major applications 
and general support systems are assessed and authorized by NSF's 
continuous monitoring and ongoing authorization program. The 
authorization process requires a thorough security and privacy control 
review.
    All NSF systems are covered by a system security plan, and major 
applications and general support systems are authorized to operate. 
Applications and devices hosted on the NSF network are subjected to 
extensive vulnerability scanning and compliance checking against 
standard security configurations. Robust virus protection capabilities, 
anti-malware, and network intrusion detection and prevention devices 
provide 24/7 protection against external threats. NSF's strong access 
controls ensure that resources are made available only to authorized 
users, programs, processes or systems by reference to rules of access 
that are defined by attributes and policies.
    NSF uses the capabilities of a Trusted internet Connections (TIC) 
compliant provider for routing agency network traffic and uses the 
federally provided intrusion detection system (IDS), including advanced 
continuous monitoring and risk management analysis. NSF has a well-
established computer security incident response program. NSF's incident 
response procedures include a strong digital forensics capability to 
investigate and review data and identify relevant evidence and 
malicious activity.

Record Access Procedures:
    Follow the procedures found at 45 CFR part 613 (NSF Privacy Act 
Regulations).

Contesting Record Procedures:
    Follow the procedures found at 45 CFR part 613.

Notification Procedures:
    See 45 CFR part 613.

Exemptions Promulgated for the System:
    None.

History:
    This is a new system of records and has not been previously 
published in the Federal Register.

    Dated: October 17, 2023.
Suzanne H. Plimpton,
Reports Clearance Officer, National Science Foundation.
[FR Doc. 2023-23304 Filed 10-20-23; 8:45 am]
BILLING CODE 7555-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>