ML23081A464
ML23081A464 | |
Person / Time | |
---|---|
Issue date: | 06/28/2023 |
From: | NRC/OCIO |
To: | |
Shared Package | |
ML23089A312 | List: |
References | |
Download: ML23081A464 (4) | |
Text
FINAL SUPPORTING STATEMENT FOR NRC FORM 974 PRIVACY ACT COMPLAINTS, CONCERNS OR QUESTIONS FORM (3150-XXXX)
NEW
Description of the Information Collection
As required by National Institute of Science and Technology (NI ST) Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Syste ms and Organization, the U.S.
Nuclear Regulatory Commissions (NRC) is providing an electroni c mechanism for the public to voluntarily register complaint s, concerns or questions regardin g privacy data collection practices at the NRC. The complainant provides the following information :
- Name
- Telephone Number
- Email Address
- Summary of Privacy Complaint
- Summary of any other steps already take if any by them or NRC to resolve complaint
- Preferred method of contact
A. JUSTIFICATION
- 1. Need For the Collection of Information
NRC is required to have a privacy complaint management process for the public to express complaints or concerns regarding data collection practi ces and the associated responses necessary to resolve the issue. This is a federal re quirement under the NIST Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organization. This publication was developed by NIST to further its statutory responsibilities under the Federal Information Securi ty Modernization Act (FISMA), 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. N IST is responsible for developing information security standards and guidelines, inclu ding minimum requirements for federal information systems.
The specific security control is, PM-26, Complaint Management a nd defined below:
PM-26 COMPLAINT MANAGEMENT
Control: Implement a process for receiving and responding to co mplaints, concerns, or questions from individuals about the organizational security an d privacy practices that includes:
- a. Mechanisms that are easy to use and readily accessible by th e public;
- b. All information necessary for successfully filing complaints, concerns or questions ;
- c. Tracking mechanisms to ensure all complaints, concerns or qu estions received are reviewed and addressed within 60 business days.;
- d. Acknowledgement of receipt of complaints, concerns, or quest ions from individuals within 10 business days; and
- e. Response to complaints, concerns, or questions from individu als within 60 business days.
Discussion: Complaints, concerns, and questions from individual s can serve as valuable sources of input to organizations and ultimately improve operat ional models, uses of technology, data collection practices, and controls. Mechanisms that can be used by the public include telephone hotline, email, or web-based forms. Th e information necessary for successfully filing complaints includes contact information for the senior agency official for privacy or other official designated to receive co mplaints. Privacy complaints may also include personally identifiable information which is h andled in accordance with relevant policies and processes.
- 2. Agency Use and Practical Utility of Information
This is a new collection request to meet the federal requiremen t. The information will be use to evaluate and respond to any privacy complaints, concerns, or questions received.
- 3. Reduction of Burden Through Information Technology
The NRC created a web form which is posted to the NRC public we bsite to gather the information from the public if they have a complaint regarding NRC privacy data gathering. The public can submit the requested information by s ending the information through email using a fillable-fileable form, NRC Form 974. It is estimated that approximately 100% of the potential responses are filed electronically.
- 4. Effort to Identify Duplication and Use Similar Information
No sources of similar information are available. There is no duplication of requirements.
- 5. Effort to Reduce Small Business Burden
The respondents to this information collection will be individu als and not businesses or corporate entities.
- 6. Consequences to Federal Program or Policy Activities if the Collection Is Not Conducted or Is Conducted Less Frequently
NRC is providing an electronic form for the public to register a complaint regarding data collection practices. The consequences of not collecting this information are that the NRC will not be able to comply with the federal requirement und er the NIST Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organization.
- 7. Circumstances Which Justify Variation from OMB Guidelines
Not applicable
- 8. Consultations Outside the NRC
Opportunity for public comment on the information collection re quirements for this clearance package was published In the Federal Register on February 16, 2023, (88 FR 10149). Potential respondents were individuals who submitted pr evious Privacy Act requests as part of the consultation process and the method of contact was by email.
Three anonymous out of scope comments were received through the Federal Register docket. No changes were necessary since the comments didn't re late to this clearance package.
- 9. Payment or Gift to Respondents
Not applicable
- 10. Confidentiality of Information
Confidential and proprietary information is protected in accord ance with NRC regulations at 10 CFR 9.17(a) and 10 CFR 2.390(b). Information considered c onfidential or proprietary is not normally requested.
The information collected on NRC Form 974 does not require a Pr ivacy Act System of records. The information will be stored and retrieved by date t he privacy complaints, concerns or questions were received.
- 11. Justification for Sensitive Questions
Not applicable. This information collection is not asking any s ensitive questions.
- 12. Estimated Burden and Burden Hour Cost
It is estimated that 12 forms will be completed annually. The annual reporting burden is estimated to be 3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br /> (12 respondents x 1 response per respon dent x 0.25 hours2.893519e-4 days <br />0.00694 hours <br />4.133598e-5 weeks <br />9.5125e-6 months <br /> per response). There would be no recordkeeping burden. The annu al cost is $870 (12 annual responses x 0.25 hr./form x $290/hr.).
The $290 hourly rate used in the burden estimates is based on t he Nuclear Regulatory Commissions fee for hourly rates as noted in 10 CFR 170.20 Av erage cost per professional staff-hour. For more information on the basis of this rate, see the Revision of Fee Schedules; Fee Recovery for Fiscal Year 2022 ( 87 FR 37197, June 22, 2022).
- 13. Estimate of Other Additional Costs
There are no costs.
- 14. Estimated Annualized Cost to the Federal Government
The staff has developed estimates of annualized costs to the Fe deral Government related to the conduct of this collection of information. These estimates are based on staff experience and subject matter expertise and include the b urden needed to review, analyze, and process the collected information and any relevant operational expenses.
The estimated total annual burden for NRC staff to process comp laints, concerns, and question is 3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br /> (12 forms x 0.25 hours2.893519e-4 days <br />0.00694 hours <br />4.133598e-5 weeks <br />9.5125e-6 months <br /> per submission) at a cost of $870 (3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br /> x
$290/hr).
- 15. Reasons for Change in Burden or Cost
This is a new clearance.
- 16. Publication for Statistical Use
None
- 17. Reason for Not Displaying the Expiration Date
Not applicable
- 18. Exceptions to the Certification Statement
None
B. COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS
Not Applicable