Agency Information Collection Activities; Proposed eCollection eComments Requested Extension of a Currently Approved Collection Title: Data Security Requirements for Accessing Confidential Data

Issuing agencies

Abstract

The Department of Justice, Office of Justice Programs, Bureau of Justice Statistics is submitting the following information collection request to the Office of Management and Budget (OMB) for review and approval in accordance with the Paperwork Reduction Act of 1995.

Full Text

<html>
<head>
<title>Federal Register, Volume 91 Issue 25 (Friday, February 6, 2026)</title>
</head>
<body><pre>
[Federal Register Volume 91, Number 25 (Friday, February 6, 2026)]
[Notices]
[Pages 5513-5515]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2026-02334]


-----------------------------------------------------------------------

DEPARTMENT OF JUSTICE

[OMB Number 1121-0377]


Agency Information Collection Activities; Proposed eCollection 
eComments Requested Extension of a Currently Approved Collection Title: 
Data Security Requirements for Accessing Confidential Data

AGENCY: Bureau of Justice Statistics, Department of Justice

ACTION: 60-Day notice.

-----------------------------------------------------------------------

SUMMARY: The Department of Justice, Office of Justice Programs, Bureau 
of Justice Statistics is submitting the following information 
collection request to the Office of Management and Budget (OMB) for 
review and approval in accordance with the Paperwork Reduction Act of 
1995.

DATES: Comments are encouraged and will be accepted for 60 days until 
April 7, 2026.

FOR FURTHER INFORMATION CONTACT: If you have comments especially on the 
estimated public burden or associated response time, suggestions, or 
need a copy of the proposed information collection instrument with 
instructions or additional information, please contact the Devon Adams, 
Bureau of Justice Statistics, 999 North Capitol Street NE, Washington, 
DC 20531 (email: <a href="/cdn-cgi/l/email-protection#5c38392a3332723d383d312f1c292f383336723b332a"><span class="__cf_email__" data-cfemail="5e3a3b283130703f3a3f332d1e2b2d3a313470393128">[email&#160;protected]</span></a> or 
<a href="/cdn-cgi/l/email-protection#6e2c243d3e3c2f402d0103030b001a1d2e01041e401b1d0a010440090118"><span class="__cf_email__" data-cfemail="2b6961787b796a05684446464e455f586b44415b055e584f4441054c445d">[email&#160;protected]</span></a>; telephone: (202) 307-0765). Please 
include ``STANDARD APPLICATION PROCESS'' in the subject line.

SUPPLEMENTARY INFORMATION: Written comments and suggestions from the 
public and affected agencies concerning the proposed collection of 
information

[[Page 5514]]

are encouraged. Your comments should address one or more of the 
following four points:

--Evaluate whether the proposed collection of information is necessary 
for the proper performance of the functions of the Bureau of Justice 
Statistics, including whether the information will have practical 
utility;
--Evaluate the accuracy of the agency's estimate of the burden of the 
proposed collection of information;
--Evaluate whether and if so how the quality, utility, and clarity of 
the information to be collected can be enhanced; and
--Minimize the burden of the collection of information on those who are 
to respond, including through the use of appropriate automated, 
electronic, mechanical, or other technological collection techniques or 
other forms of information technology, e.g., permitting electronic 
submission of responses.

Overview of This Information Collection

    1. Type of Information Collection: Extension of a currently 
approved collection.
    2. The Title of the Form/Collection: Data Security Requirements for 
Accessing Confidential Data.
    3. The agency form number, if any, and the applicable component of 
the Department of Justice sponsoring the collection: There is no form 
number associated with this information collection. The applicable 
component within the Department of Justice is the Bureau of Justice 
Statistics (BJS), in the Office of Justice Programs.
    4. Affected public who will be asked or required to respond, as 
well as a brief abstract: The Foundations for Evidence-Based 
Policymaking Act of 2018 mandates that the OMB establish a Standard 
Application Process (SAP) for requesting access to certain confidential 
data assets for statistical purposes, including evidence-building The 
SAP is to be a process through which agencies, the Congressional Budget 
Office, State, local, and Tribal governments, researchers, and other 
individuals, as appropriate, may apply to access confidential data 
assets held by a federal statistical agency or unit for the purposes of 
developing evidence. With the Interagency Council on Statistical Policy 
(ICSP) as advisors, the entities upon whom this requirement is levied 
are working with the SAP Project Management Office (PMO) and with OMB 
to implement the SAP. The SAP Portal is a single web-based common 
application for requesting access to confidential data assets from 
federal statistical agencies and units. On behalf of BJS and the other 
federal statistical agencies and units, the National Center for Science 
and Engineering Statistics (NCSES) submitted the OMB the 
recertification request to the currently approved Standard Application 
Portal (3145-0271. OMB approved the action for an additional three 
years expiring on December 31, 2028. The data security requirements 
apply to this form (<a href="https://www.reginfo.gov/public/do/PRAViewRCF?ref_nbr=202512-0535-001CF">https://www.reginfo.gov/public/do/PRAViewRCF?ref_nbr=202512-0535-001CF</a>).
    Once an application for confidential data is approved through the 
SAP Portal, BJS will collect information to meet its data security 
requirements when providing access to restricted use (confidential) 
microdata for the purpose of evidence building. This collection will 
occur outside of the SAP Portal. BJS's data security agreements and 
other paperwork along with the corresponding security protocols allow 
the agency to maintain careful controls on confidentiality and privacy, 
as required by law. If an application requesting access to an BJS-owned 
confidential data asset is approved, BJS will contact the applicant(s) 
to initiate the process of collecting the following information to 
fulfill its data security requirements:
    <bullet> Restricted data use agreement--This document is an 
agreement between BJS's official archive (currently the National 
Archive of Criminal Justice Data [NACJD]), on behalf of BJS, and the 
user(s) who is approved to access BJS's confidential data assets 
exclusively for statistical purposes, including evidence-building, in 
accordance with the terms and conditions stated in the agreement and 
all applicable federal laws and regulations. An applicant must submit 
the appropriate data security plan information to describe how they 
will protect the data from misuse and unauthorized access. The 
agreement describes the penalties associated with the misuse or 
unauthorized access of the data. The agreement requires signature from 
the applicant(s) and any other representative who has the authority to 
enter into a legal agreement with NACJD, as applicable.
    <bullet> Privacy Certificate--Office of Justice Programs 
regulations at 28 CFR part 22 require that a Privacy Certificate be 
submitted as part of any application for a project in which information 
identifiable to a private person will be collected, analyzed, or 
otherwise used for research or statistical purposes. The Privacy 
Certificate describes the specific technical, administrative, and 
physical controls and procedures that will be used to protect data 
confidentiality and safeguard the data from misuse or unauthorized 
access. The Privacy Certificate is an applicant's certification to 
comply with BJS's confidentiality requirements. All individuals who 
will have access to the confidential BJS data are required to sign a 
Privacy Certificate to affirm their understanding of and agreement to 
comply with BJS's confidentiality requirements.
    <bullet> Data security plan--This document describes the data 
access modality requested (physical enclave, virtual enclave, or secure 
download) and the specific data security measures and technical, 
physical, and administrative controls that will be followed to protect 
data from unauthorized disclosure and misuse.
    <bullet> Confidentiality Pledge--This document describes the 
applicant's responsibilities related to accessing restricted data and 
confidentiality protections the applicant(s) must uphold, including 
adhering to applicable federal laws and regulations. The assurance 
requires signature from the applicant(s) and certifies their 
understanding of and agreement to fulfill the terms in the data use 
agreement and data security plan.
    <bullet> Institutional Review Board (IRB) Documentation--Users of 
BJS restricted data must comply with Department of Justice regulations 
at 28 CFR part 46 (Protection of Human Subjects), including ensuring 
that adequate protections are in place to protect the confidentiality 
of information identifiable to a private person. Applicants must submit 
the appropriate documentation to demonstrate that an IRB has approved 
or exempted the proposed project using BJS restricted data in 
accordance with the requirements in 28 CFR part 46.
    <bullet> Certification of Training--Users of BJS restricted data 
will be required to complete relevant data security, confidentiality, 
and privacy training, as appropriate, and provide written certification 
of completion.
    5. An estimate of the total number of respondents and the amount of 
time estimated for an average respondent to respond: The amount of time 
to complete the agreements and other paperwork that comprise BJS's 
security requirements will vary based on the confidential data assets 
requested. To obtain access to BJS confidential data assets, it is 
estimated that the average time to complete and submit BJS's data 
security agreements, IRB application, and other paperwork is 3 hours 
(180 minutes). This estimate does not include the time needed to 
complete and submit an application within the SAP Portal or time 
waiting to receive

[[Page 5515]]

from an IRB determination after submitting an application. All efforts 
related to SAP Portal applications occur prior to and separate from 
BJS's effort to collect information related to data security 
requirements.
    6. An estimate of the total public burden (in hours) associated 
with the collection: The expected number of applications in the SAP 
Portal that receive a positive determination from BJS in a given year 
may vary. Overall, per year, BJS estimates it will collect data 
security information for 55 application submissions that received a 
positive determination within the SAP Portal. BJS estimates that the 
total burden for the collection of information for data security 
requirements over the course of the three-year OMB clearance will be 
about 495 hours and, as a result, an average annual burden of 165 
hours.
    If additional information is required, contact: Darwin Arceo, 
Department Clearance Officer, United States Department of Justice, 
Justice Management Division, Enterprise Portfolio Management, Two 
Constitution Square, 145 N street NE, 4W-218, Washington, DC 20530.

    Dated: February 4, 2026.
Darwin Arceo,
Department Clearance Officer, U.S. Department of Justice.
[FR Doc. 2026-02334 Filed 2-5-26; 8:45 am]
BILLING CODE 4410-18-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>