ML22353A095: Difference between revisions

From kanterella
Jump to navigation Jump to search
(StriderTol Bot insert)
 
(StriderTol Bot change)
 
Line 17: Line 17:
=Text=
=Text=
{{#Wiki_filter:DRAFT SUPPORTING STATEMENT FOR NRC FORM 974 PRIVACY ACT COMPLAINTS, CONCERNS OR QUESTIONS FORM (3150-XXXX)
{{#Wiki_filter:DRAFT SUPPORTING STATEMENT FOR NRC FORM 974 PRIVACY ACT COMPLAINTS, CONCERNS OR QUESTIONS FORM (3150-XXXX)
NEW Description of the Information Collection As required by National Institute of Science and Technology (NIST) Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organization, the U.S.
 
Nuclear Regulatory Commissions (NRC) is providing an electronic mechanism for the public to voluntarily register complaints, concerns or questions regarding privacy data collection practices at the NRC. The complainant provides the following information:
NEW
 
Description of the Information Collection
 
As required by National Institute of Science and Technology (NI ST) Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Syste ms and Organization, the U.S.
Nuclear Regulatory Commissions (NRC) is providing an electroni c mechanism for the public to voluntarily register complaint s, concerns or questions regardin g privacy data collection practices at the NRC. The complainant provides the following information :
* Name
* Name
* Telephone Number
* Telephone Number
Line 24: Line 29:
* Summary of Privacy Complaint
* Summary of Privacy Complaint
* Summary of any other steps already take if any by them or NRC to resolve complaint
* Summary of any other steps already take if any by them or NRC to resolve complaint
* Preferred method of contact A. JUSTIFICATION
* Preferred method of contact
: 1. Need For the Collection of Information NRC is required to have a privacy complaint management process for the public to express complaints or concerns regarding data collection practices and the associated responses necessary to resolve the issue. This is a federal requirement under the NIST Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organization. This publication was developed by NIST to further its statutory responsibilities under the Federal Information Security Modernization Act (FISMA), 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems.
 
The specific security control is, PM-26, Complaint Management and defined below:
A. JUSTIFICATION
PM-26 COMPLAINT MANAGEMENT Control: Implement a process for receiving and responding to complaints, concerns, or questions from individuals about the organizational security and privacy practices that includes:
: 1. Need For the Collection of Information
: a. Mechanisms that are easy to use and readily accessible by the public;
 
NRC is required to have a privacy complaint management process for the public to express complaints or concerns regarding data collection practi ces and the associated responses necessary to resolve the issue. This is a federal re quirement under the NIST Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organization. This publication was developed by NIST to further its statutory responsibilities under the Federal Information Securi ty Modernization Act (FISMA), 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. N IST is responsible for developing information security standards and guidelines, inclu ding minimum requirements for federal information systems.
 
The specific security control is, PM-26, Complaint Management a nd defined below:
 
PM-26 COMPLAINT MANAGEMENT
 
Control: Implement a process for receiving and responding to co mplaints, concerns, or questions from individuals about the organizational security an d privacy practices that includes:
: a. Mechanisms that are easy to use and readily accessible by th e public;
: b. All information necessary for successfully filing complaints, concerns or questions ;
: b. All information necessary for successfully filing complaints, concerns or questions ;
: c. Tracking mechanisms to ensure all complaints, concerns or questions received are reviewed and addressed within 60 business days.;
: c. Tracking mechanisms to ensure all complaints, concerns or qu estions received are reviewed and addressed within 60 business days.;
: d. Acknowledgement of receipt of complaints, concerns, or questions from individuals within 10 business days; and
: d. Acknowledgement of receipt of complaints, concerns, or quest ions from individuals within 10 business days; and
: e. Response to complaints, concerns, or questions from individuals within 60 business days.
: e. Response to complaints, concerns, or questions from individu als within 60 business days.
Discussion: Complaints, concerns, and questions from individuals can serve as valuable sources of input to organizations and ultimately improve operational models, uses of technology, data collection practices, and controls. Mechanisms that can be used by the public include telephone hotline, email, or web-based forms. The information necessary for successfully filing complaints includes contact information for the senior agency official for privacy or other official designated to receive complaints. Privacy complaints may also include personally identifiable information which is handled in accordance with relevant policies and processes.
 
: 2.     Agency Use and Practical Utility of Information This is a new collection request to meet the federal requirement. The information will be use to evaluate and respond to any privacy complaints, concerns, or questions received.
Discussion: Complaints, concerns, and questions from individual s can serve as valuable sources of input to organizations and ultimately improve operat ional models, uses of technology, data collection practices, and controls. Mechanisms that can be used by the public include telephone hotline, email, or web-based forms. Th e information necessary for successfully filing complaints includes contact information for the senior agency official for privacy or other official designated to receive co mplaints. Privacy complaints may also include personally identifiable information which is h andled in accordance with relevant policies and processes.
: 3.     Reduction of Burden Through Information Technology The NRC created a web form which is posted to the NRC public website to gather the information from the public if they have a complaint regarding NRC privacy data gathering. The public can submit the requested information by sending the information through email using a fillable-fileable form, NRC Form 974. It is estimated that approximately 100% of the potential responses are filed electronically.
: 2. Agency Use and Practical Utility of Information
: 4.     Effort to Identify Duplication and Use Similar Information No sources of similar information are available. There is no duplication of requirements.
 
: 5.     Effort to Reduce Small Business Burden The respondents to this information collection will be individuals and not businesses or corporate entities.
This is a new collection request to meet the federal requiremen t. The information will be use to evaluate and respond to any privacy complaints, concerns, or questions received.
: 6.     Consequences to Federal Program or Policy Activities if the Collection Is Not Conducted or Is Conducted Less Frequently NRC is providing an electronic form for the public to register a complaint regarding data collection practices. The consequences of not collecting this information are that the NRC will not be able to comply with the federal requirement under the NIST Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organization.
: 3. Reduction of Burden Through Information Technology
: 7. Circumstances Which Justify Variation from OMB Guidelines Not applicable
 
: 8. Consultations Outside the NRC Opportunity for public comment on the information collection requirements for this clearance package was published In the Federal Register
The NRC created a web form which is posted to the NRC public we bsite to gather the information from the public if they have a complaint regarding NRC privacy data gathering. The public can submit the requested information by s ending the information through email using a fillable-fileable form, NRC Form 974. It is estimated that approximately 100% of the potential responses are filed electronically.
: 9. Payment or Gift to Respondents Not applicable
: 4. Effort to Identify Duplication and Use Similar Information
: 10. Confidentiality of Information Confidential and proprietary information is protected in accordance with NRC regulations at 10 CFR 9.17(a) and 10 CFR 2.390(b). Information considered confidential or proprietary is not normally requested.
 
The information collected on NRC Form 974 does not require a Privacy Act System of records. The information will be stored and retrieved by date the privacy complaints, concerns or questions were received.
No sources of similar information are available. There is no duplication of requirements.
: 11. Justification for Sensitive Questions Not applicable. This information collection is not asking any sensitive questions.
: 5. Effort to Reduce Small Business Burden
: 12. Estimated Burden and Burden Hour Cost It is estimated that 12 forms will be completed annually. The annual reporting burden is estimated to be 3 hours (12 respondents x 1 response per respondent x 0.25 hours per response). There would be no recordkeeping burden. The annual cost is $870 (12 annual responses x 0.25 hr./form x $290/hr.).
 
The $290 hourly rate used in the burden estimates is based on the Nuclear Regulatory Commissions fee for hourly rates as noted in 10 CFR 170.20 Average cost per professional staff-hour. For more information on the basis of this rate, see the Revision of Fee Schedules; Fee Recovery for Fiscal Year 2022 (87 FR 37197, June 22, 2022).
The respondents to this information collection will be individu als and not businesses or corporate entities.
: 13. Estimate of Other Additional Costs There are no costs.
: 6. Consequences to Federal Program or Policy Activities if the Collection Is Not Conducted or Is Conducted Less Frequently
: 14. Estimated Annualized Cost to the Federal Government The estimated total annual burden for NRC staff to process complaints, concerns, and question is 3 hours (12 forms x 0.25 minutes per submission) at a cost of $870 (3 hours x $290/hr).
 
: 15. Reasons for Change in Burden or Cost This is a new clearance.
NRC is providing an electronic form for the public to register a complaint regarding data collection practices. The consequences of not collecting this information are that the NRC will not be able to comply with the federal requirement und er the NIST Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organization.
: 16. Publication for Statistical Use None
: 7. Circumstances Which Justify Variation from OMB Guidelines
: 17. Reason for Not Displaying the Expiration Date Not applicable
 
: 18. Exceptions to the Certification Statement None B. COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS Not Applicable}}
Not applicable
: 8. Consultations Outside the NRC
 
Opportunity for public comment on the information collection re quirements for this clearance package was published In the Federal Register
: 9. Payment or Gift to Respondents
 
Not applicable
: 10. Confidentiality of Information
 
Confidential and proprietary information is protected in accord ance with NRC regulations at 10 CFR 9.17(a) and 10 CFR 2.390(b). Information considered c onfidential or proprietary is not normally requested.
 
The information collected on NRC Form 974 does not require a Pr ivacy Act System of records. The information will be stored and retrieved by date t he privacy complaints, concerns or questions were received.
: 11. Justification for Sensitive Questions
 
Not applicable. This information collection is not asking any s ensitive questions.
: 12. Estimated Burden and Burden Hour Cost
 
It is estimated that 12 forms will be completed annually. The annual reporting burden is estimated to be 3 hours (12 respondents x 1 response per respon dent x 0.25 hours per response). There would be no recordkeeping burden. The annu al cost is $870 (12 annual responses x 0.25 hr./form x $290/hr.).
 
The $290 hourly rate used in the burden estimates is based on t he Nuclear Regulatory Commissions fee for hourly rates as noted in 10 CFR 170.20 Av erage cost per professional staff-hour. For more information on the basis of this rate, see the Revision of Fee Schedules; Fee Recovery for Fiscal Year 2022 ( 87 FR 37197, June 22, 2022).
: 13. Estimate of Other Additional Costs
 
There are no costs.
: 14. Estimated Annualized Cost to the Federal Government
 
The estimated total annual burden for NRC staff to process comp laints, concerns, and question is 3 hours (12 forms x 0.25 minutes per submission) at a cost of $870 (3 hours x $290/hr).
: 15. Reasons for Change in Burden or Cost
 
This is a new clearance.
: 16. Publication for Statistical Use
 
None
: 17. Reason for Not Displaying the Expiration Date
 
Not applicable
: 18. Exceptions to the Certification Statement
 
None
 
B. COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS
 
Not Applicable}}

Latest revision as of 13:43, 15 November 2024

Draft Supporting Statement for Privacy Act Complaint Form 974
ML22353A095
Person / Time
Issue date: 12/19/2022
From:
NRC/OCIO
To:
Shared Package
ML22355A199 List:
References
Download: ML22353A095 (4)


Text

DRAFT SUPPORTING STATEMENT FOR NRC FORM 974 PRIVACY ACT COMPLAINTS, CONCERNS OR QUESTIONS FORM (3150-XXXX)

NEW

Description of the Information Collection

As required by National Institute of Science and Technology (NI ST) Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Syste ms and Organization, the U.S.

Nuclear Regulatory Commissions (NRC) is providing an electroni c mechanism for the public to voluntarily register complaint s, concerns or questions regardin g privacy data collection practices at the NRC. The complainant provides the following information :

  • Name
  • Telephone Number
  • Email Address
  • Summary of Privacy Complaint
  • Summary of any other steps already take if any by them or NRC to resolve complaint
  • Preferred method of contact

A. JUSTIFICATION

1. Need For the Collection of Information

NRC is required to have a privacy complaint management process for the public to express complaints or concerns regarding data collection practi ces and the associated responses necessary to resolve the issue. This is a federal re quirement under the NIST Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organization. This publication was developed by NIST to further its statutory responsibilities under the Federal Information Securi ty Modernization Act (FISMA), 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. N IST is responsible for developing information security standards and guidelines, inclu ding minimum requirements for federal information systems.

The specific security control is, PM-26, Complaint Management a nd defined below:

PM-26 COMPLAINT MANAGEMENT

Control: Implement a process for receiving and responding to co mplaints, concerns, or questions from individuals about the organizational security an d privacy practices that includes:

a. Mechanisms that are easy to use and readily accessible by th e public;
b. All information necessary for successfully filing complaints, concerns or questions ;
c. Tracking mechanisms to ensure all complaints, concerns or qu estions received are reviewed and addressed within 60 business days.;
d. Acknowledgement of receipt of complaints, concerns, or quest ions from individuals within 10 business days; and
e. Response to complaints, concerns, or questions from individu als within 60 business days.

Discussion: Complaints, concerns, and questions from individual s can serve as valuable sources of input to organizations and ultimately improve operat ional models, uses of technology, data collection practices, and controls. Mechanisms that can be used by the public include telephone hotline, email, or web-based forms. Th e information necessary for successfully filing complaints includes contact information for the senior agency official for privacy or other official designated to receive co mplaints. Privacy complaints may also include personally identifiable information which is h andled in accordance with relevant policies and processes.

2. Agency Use and Practical Utility of Information

This is a new collection request to meet the federal requiremen t. The information will be use to evaluate and respond to any privacy complaints, concerns, or questions received.

3. Reduction of Burden Through Information Technology

The NRC created a web form which is posted to the NRC public we bsite to gather the information from the public if they have a complaint regarding NRC privacy data gathering. The public can submit the requested information by s ending the information through email using a fillable-fileable form, NRC Form 974. It is estimated that approximately 100% of the potential responses are filed electronically.

4. Effort to Identify Duplication and Use Similar Information

No sources of similar information are available. There is no duplication of requirements.

5. Effort to Reduce Small Business Burden

The respondents to this information collection will be individu als and not businesses or corporate entities.

6. Consequences to Federal Program or Policy Activities if the Collection Is Not Conducted or Is Conducted Less Frequently

NRC is providing an electronic form for the public to register a complaint regarding data collection practices. The consequences of not collecting this information are that the NRC will not be able to comply with the federal requirement und er the NIST Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organization.

7. Circumstances Which Justify Variation from OMB Guidelines

Not applicable

8. Consultations Outside the NRC

Opportunity for public comment on the information collection re quirements for this clearance package was published In the Federal Register

9. Payment or Gift to Respondents

Not applicable

10. Confidentiality of Information

Confidential and proprietary information is protected in accord ance with NRC regulations at 10 CFR 9.17(a) and 10 CFR 2.390(b). Information considered c onfidential or proprietary is not normally requested.

The information collected on NRC Form 974 does not require a Pr ivacy Act System of records. The information will be stored and retrieved by date t he privacy complaints, concerns or questions were received.

11. Justification for Sensitive Questions

Not applicable. This information collection is not asking any s ensitive questions.

12. Estimated Burden and Burden Hour Cost

It is estimated that 12 forms will be completed annually. The annual reporting burden is estimated to be 3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br /> (12 respondents x 1 response per respon dent x 0.25 hours2.893519e-4 days <br />0.00694 hours <br />4.133598e-5 weeks <br />9.5125e-6 months <br /> per response). There would be no recordkeeping burden. The annu al cost is $870 (12 annual responses x 0.25 hr./form x $290/hr.).

The $290 hourly rate used in the burden estimates is based on t he Nuclear Regulatory Commissions fee for hourly rates as noted in 10 CFR 170.20 Av erage cost per professional staff-hour. For more information on the basis of this rate, see the Revision of Fee Schedules; Fee Recovery for Fiscal Year 2022 ( 87 FR 37197, June 22, 2022).

13. Estimate of Other Additional Costs

There are no costs.

14. Estimated Annualized Cost to the Federal Government

The estimated total annual burden for NRC staff to process comp laints, concerns, and question is 3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br /> (12 forms x 0.25 minutes per submission) at a cost of $870 (3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br /> x $290/hr).

15. Reasons for Change in Burden or Cost

This is a new clearance.

16. Publication for Statistical Use

None

17. Reason for Not Displaying the Expiration Date

Not applicable

18. Exceptions to the Certification Statement

None

B. COLLECTIONS OF INFORMATION EMPLOYING STATISTICAL METHODS

Not Applicable