Data Security Requirements for Accessing Confidential Data; Agency Information Collection Activities: Comment Request

Issuing agencies

Abstract

BTS within the Department of Transportation has submitted the following information collection requirement to OMB for review and clearance under the Paperwork Reduction Act of 1995. This is the second notice for public comment; the first was published in the Federal Register on March 11, 2026 and no comments were received. BTS is forwarding the proposed Data Security Requirements for Accessing Confidential Data information collection to the Office of Management and Budget (OMB) for clearance simultaneously with the publication of this second notice. The full submission may be found at: http:// www.reginfo.gov/public/do/PRAMain.

Full Text

<html>
<head>
<title>Federal Register, Volume 91 Issue 100 (Tuesday, May 26, 2026)</title>
</head>
<body><pre>
[Federal Register Volume 91, Number 100 (Tuesday, May 26, 2026)]
[Notices]
[Pages 30797-30798]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2026-10436]


-----------------------------------------------------------------------

DEPARTMENT OF TRANSPORTATION

Bureau of Transportation Statistics

[Docket No. DOT-OST-2026-0727]


Data Security Requirements for Accessing Confidential Data; 
Agency Information Collection Activities: Comment Request

AGENCY: Bureau of Transportation Statistics (BTS), Office of the 
Assistant Secretary for Research and Technology (OST-R), DOT.

ACTION: Submission for OMB Review; Comment Request.

-----------------------------------------------------------------------

SUMMARY: BTS within the Department of Transportation has submitted the 
following information collection requirement to OMB for review and 
clearance under the Paperwork Reduction Act of 1995. This is the second 
notice for public comment; the first was published in the Federal 
Register on March 11, 2026 and no comments were received. BTS is 
forwarding the proposed Data Security Requirements for Accessing 
Confidential Data information collection to the Office of Management 
and Budget (OMB) for clearance simultaneously with the publication of 
this second notice. The full submission may be found at: <a href="http://www.reginfo.gov/public/do/PRAMain">http://www.reginfo.gov/public/do/PRAMain</a>.

DATES: Written comments on this notice must be received by June 25, 
2026 to be assured of consideration. Comments received after that date 
will be considered to the extent practicable. Send comments to the 
address below.

FOR FURTHER INFORMATION CONTACT: Office of Information and Regulatory 
Affairs of OMB, Attention: Desk Officer for the Bureau of 
Transportation Statistics, 725 17th Street NW, Room 10235, Washington, 
DC 20503, and Clara Reschovsky, BTS Confidentiality Officer, BTS, OST-
R, Department of Transportation, 1200 New Jersey Ave. SE, Room E34-308, 
Washington, DC 20590, (202) 768-4994, Office hours are from 8:00 a.m. 
to 5:30 p.m., E.T., Monday through Friday, except Federal holidays.

SUPPLEMENTARY INFORMATION: BTS may not conduct or sponsor a collection 
of information unless the collection of information displays a 
currently valid OMB control number and the agency

[[Page 30798]]

informs potential persons who are to respond to the collection of 
information that such persons are not required to respond to the 
collection of information unless it displays a currently valid OMB 
control number.
    Comments: Comments regarding (a) whether the collection of 
information is necessary for the proper performance of the functions of 
BTS, including whether the information will have practical utility; (b) 
the accuracy of BTS estimate of the burden of the proposed collection 
of information; (c) ways to enhance the quality, use, and clarity of 
the information to be collected, including through the use of automated 
collection techniques or other forms of information technology; (d) 
ways to minimize the burden of the collection of information on those 
who are to respond, including through the use of appropriate automated 
or other forms of information technology should be addressed to the 
points of contact in the FOR FURTHER INFORMATION CONTACT section.
    Title of Collection: Data Security Requirements for Accessing 
Confidential Data.
    OMB Control Number: DOT-OST-2026-0727.
    Summary of Collection: Title III of the Foundations for Evidence-
Based Policymaking Act of 2018 (44 U.S.C. 3583; hereafter referred to 
as the Evidence Act) mandates that OMB establish a Standard Application 
Process (SAP) for requesting access to certain confidential data 
assets. While the adoption of the SAP is required for statistical 
agencies and units designated under the Confidential Information 
Protection and Statistical Efficiency Act of 2018 (CIPSEA), it is 
recognized that other agencies and organizational units within the 
Executive Branch may benefit from the adoption of the SAP to accept 
applications for access to confidential data assets. The SAP is a 
process through which agencies, the Congressional Budget Office, State, 
local, and Tribal governments, researchers, and other individuals, as 
appropriate, may apply to access confidential data assets held by a 
federal statistical agency or unit for the purposes of developing 
evidence. With the Interagency Council on Statistical Policy (ICSP) as 
advisors, the entities upon whom this requirement is levied are working 
with the SAP Project Management Office (PMO) and with OMB to implement 
the SAP.
    The SAP Portal is to be a single web-based common application 
designed to collect information from individuals requesting access to 
confidential data assets from federal statistical agencies and units. 
When an application for confidential data is approved through the SAP 
Portal, BTS will collect information to fulfill its data security 
requirements. This is a required step before providing the individual 
with access to restricted use microdata for the purpose of evidence 
building. BTS data security agreements and other paperwork, along with 
the corresponding security protocols, allow BTS to maintain careful 
controls on confidentiality and privacy, as required by law. BTS's 
collection of data security information will occur outside of the SAP 
Portal.
    The following bullets outline the major components and processes in 
and around the SAP Portal, leading up to BTS's collection of security 
requirements.
    <bullet> SAP Policy: At the recommendation of the ICSP, the SAP 
Policy establishes the SAP to be implemented by statistical agencies 
and units and incorporates directives from the Evidence Act. The SAP 
Policy may be found in OMB Memorandum 23-04.
    <bullet> The SAP Portal: The SAP Portal is an application interface 
connecting applicants seeking data with a catalog of metadata for data 
assets owned by the federal statistical agencies and units. The SAP 
Portal is not a new data repository or warehouse; confidential data 
assets will continue to be stored in secure data access facilities 
owned and hosted by the federal statistical agencies and units. The 
Portal provides a streamlined application process across agencies, 
reducing redundancies in the application process.
    <bullet> Data Discovery: Individuals begin the process of accessing 
restricted use data by discovering confidential data assets through the 
SAP metadata catalog, maintained by federal statistical agencies at 
<a href="http://www.researchdatagov.org">www.researchdatagov.org</a>.
    <bullet> SAP Portal Application Process: Individuals who have 
identified and wish to access confidential data assets apply through 
the SAP Portal. Applicants must create an account and follow all steps 
to complete the application. Applicants enter personal, contact, and 
institutional information for the research team and provide summary 
information about their proposed project.
    <bullet> Submission for Review: Agencies approve or reject an 
application within a prompt timeframe. Agencies may also request 
applicants to revise and resubmit their application.
    <bullet> Access to Confidential Data: Approved applicants are 
notified through the SAP Portal that their proposal has been accepted. 
This concludes the SAP Portal process. Agencies will contact approved 
applicants to initiate completion of their security documents. The 
completion and submission of the agency's security requirements will 
take place outside of the SAP Portal.
    <bullet> Collection of Information for Data Security Requirements: 
In the instance of a positive determination for an application 
requesting access to a BTS-owned confidential data asset, BTS will 
contact the applicant(s) to initiate the process of collecting 
information to fulfill its data security requirements. This process 
allows BTS to place the applicant(s) in a trusted access category.
    Estimate of Burden: The amount of time to complete the agreements 
and other paperwork that comprise BTS's security requirements will vary 
based on the confidential data assets requested. To obtain access to 
BTS confidential data assets, it is estimated that the average time to 
complete and submit BTS's data security agreements and other paperwork 
is 90 minutes. This estimate does not include the time needed to 
complete and submit an application within the SAP Portal. All efforts 
related to SAP Portal applications occur prior to and separate from 
BTS's effort to collect information related to data security 
requirements.
    The expected number of applications in the SAP Portal that receive 
a positive determination from BTS in a given year may vary. Overall, 
per year, BTS estimates it will collect data security information for 
five application submissions that received a positive determination 
within the SAP Portal. BTS estimates that the total burden for the 
collection of information for data security requirements over the 
course of the three-year OMB clearance will be about 22.5 hours and, as 
a result, an average annual burden of 7.5 hours.
    Comments: As required by 5 FR 1320.8(d), comments on the 
information collection activities as part of this study were solicited 
through the publication of a 60-Day Notice in the Federal Register on 
March 11, 2026. BTS received no comments.

    Issued in Washington, DC, on the 21<SUP>st</SUP> day of May 
2026.
Edward Strocko,
Acting Director, Bureau of Transportation Statistics, U.S. Department 
of Transportation.
[FR Doc. 2026-10436 Filed 5-22-26; 8:45 am]
BILLING CODE 4910-9X-P


</pre></body>
</html>