ML22353A095

From kanterella
Jump to navigation Jump to search
Draft Supporting Statement for Privacy Act Complaint Form 974
ML22353A095
Person / Time
Issue date: 12/19/2022
From:
NRC/OCIO
To:
Shared Package
ML22355A199 List:
References
Download: ML22353A095 (4)


Text

DRAFT SUPPORTING STATEMENT FOR NRC FORM 974 PRIVACY ACT COMPLAINTS, CONCERNS OR QUESTIONS FORM (3150-XXXX)

NEW Description of the Information Collection As required by National Institute of Science and Technology (NIST) Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organization, the U.S.

Nuclear Regulatory Commissions (NRC) is providing an electronic mechanism for the public to voluntarily register complaints, concerns or questions regarding privacy data collection practices at the NRC. The complainant provides the following information:

  • Name
  • Telephone Number
  • Email Address
  • Summary of Privacy Complaint
  • Summary of any other steps already take if any by them or NRC to resolve complaint
  • Preferred method of contact A. JUSTIFICATION
1. Need For the Collection of Information NRC is required to have a privacy complaint management process for the public to express complaints or concerns regarding data collection practices and the associated responses necessary to resolve the issue. This is a federal requirement under the NIST Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organization. This publication was developed by NIST to further its statutory responsibilities under the Federal Information Security Modernization Act (FISMA), 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems.

The specific security control is, PM-26, Complaint Management and defined below:

PM-26 COMPLAINT MANAGEMENT Control: Implement a process for receiving and responding to complaints, concerns, or questions from individuals about the organizational security and privacy practices that includes:

a. Mechanisms that are easy to use and readily accessible by the public;
b. All information necessary for successfully filing complaints, concerns or questions ;
c. Tracking mechanisms to ensure all complaints, concerns or questions received are reviewed and addressed within 60 business days.;
d. Acknowledgement of receipt of complaints, concerns, or questions from individuals within 10 business days; and
e. Response to complaints, concerns, or questions from individuals within 60 business days.

Discussion: Complaints, concerns, and questions from individuals can serve as valuable sources of input to organizations and ultimately improve operational models, uses of technology, data collection practices, and controls. Mechanisms that can be used by the public include telephone hotline, email, or web-based forms. The information necessary for successfully filing complaints includes contact information for the senior agency official for privacy or other official designated to receive complaints. Privacy complaints may also include personally identifiable information which is handled in accordance with relevant policies and processes.

2. Agency Use and Practical Utility of Information This is a new collection request to meet the federal requirement. The information will be use to evaluate and respond to any privacy complaints, concerns, or questions received.
3. Reduction of Burden Through Information Technology The NRC created a web form which is posted to the NRC public website to gather the information from the public if they have a complaint regarding NRC privacy data gathering. The public can submit the requested information by sending the information through email using a fillable-fileable form, NRC Form 974. It is estimated that approximately 100% of the potential responses are filed electronically.
4. Effort to Identify Duplication and Use Similar Information No sources of similar information are available. There is no duplication of requirements.
5. Effort to Reduce Small Business Burden The respondents to this information collection will be individuals and not businesses or corporate entities.
6. Consequences to Federal Program or Policy Activities if the Collection Is Not Conducted or Is Conducted Less Frequently NRC is providing an electronic form for the public to register a complaint regarding data collection practices. The consequences of not collecting this information are that the NRC will not be able to comply with the federal requirement under the NIST Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organization.
7. Circumstances Which Justify Variation from OMB Guidelines Not applicable
8. Consultations Outside the NRC Opportunity for public comment on the information collection requirements for this clearance package was published In the Federal Register
9. Payment or Gift to Respondents Not applicable
10. Confidentiality of Information Confidential and proprietary information is protected in accordance with NRC regulations at 10 CFR 9.17(a) and 10 CFR 2.390(b). Information considered confidential or proprietary is not normally requested.

The information collected on NRC Form 974 does not require a Privacy Act System of records. The information will be stored and retrieved by date the privacy complaints, concerns or questions were received.

11. Justification for Sensitive Questions Not applicable. This information collection is not asking any sensitive questions.
12. Estimated Burden and Burden Hour Cost It is estimated that 12 forms will be completed annually. The annual reporting burden is estimated to be 3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br /> (12 respondents x 1 response per respondent x 0.25 hours2.893519e-4 days <br />0.00694 hours <br />4.133598e-5 weeks <br />9.5125e-6 months <br /> per response). There would be no recordkeeping burden. The annual cost is $870 (12 annual responses x 0.25 hr./form x $290/hr.).

The $290 hourly rate used in the burden estimates is based on the Nuclear Regulatory Commissions fee for hourly rates as noted in 10 CFR 170.20 Average cost per professional staff-hour. For more information on the basis of this rate, see the Revision of Fee Schedules; Fee Recovery for Fiscal Year 2022 (87 FR 37197, June 22, 2022).

13. Estimate of Other Additional Costs There are no costs.
14. Estimated Annualized Cost to the Federal Government The estimated total annual burden for NRC staff to process complaints, concerns, and question is 3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br /> (12 forms x 0.25 minutes per submission) at a cost of $870 (3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br /> x $290/hr).
15. Reasons for Change in Burden or Cost This is a new clearance.
16. Publication for Statistical Use None
17. Reason for Not Displaying the Expiration Date Not applicable
18. Exceptions to the Certification Statement None B. COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS Not Applicable