Privacy Act Checklist
Part of the OMB Clearance Process involves the review of packages by the Privacy Act coordinator. This review is required for all clearance packages and essential when data collection activities require the collection of sensitive or personally identifiable information.
Develop a brief narrative answering the following questions:
Does the data collection involve collecting sensitive and/or personally identifiable information?
Describe how personal information will be maintained (i.e, locked file cabinet, on computer, etc.) and who will have access to it (employees only, contractors, etc.).
State how long the sensitive and/or personal information will be maintained.
Data for this project will be collected via follow-back telephone interviews with injured law enforcement officers. The questionnaire contains questions about the respondent’s injury or exposure that sent them to the emergency department (ED), their specific activity at the time of their injury or exposure, work experience and competencies, and recovery experience. Contact information, including name, address and phone number, will be collected by the Consumer Product Safety Commission (CPSC) from medical records. However, this information will only be used to mail the initial study letter (Attachment D) and to contact the individual for the telephone interview. This information will be destroyed by CPSC once the respondent has been reached or once it is determined that the respondent cannot be reached.
To manage and protect the data collected through the proposed study, we will implement many safeguards. First, the data that will be used to identify the injured or exposed law enforcement officers are protected under the Consumer Product Safety Act and the Privacy Act and are not customarily released to the public, to other government agencies, to non-NIOSH researchers, or to unauthorized NIOSH staff because of potential indirect identification of injured/exposed workers. To become an authorized user of these data, interested individuals must follow certain steps. Data users must have a demonstrated need for data access, receive appropriate supervisory approvals, sign a data use agreement, participate in annual confidentiality training, and submit all draft publications and presentations that included results from these data to project officer for a confidentiality review prior to product release. Security of the data are also protected by multi-layered CDC firewall and server protections with user authentication.
Due to the highly confidential nature of the telephone interview data and the need to maintain the data under the control of NIOSH, the interview dataset will only be shared with restrictions through a special-use agreement. Should the telephone interview dataset be of interest to an individual external to NIOSH, a data sharing agreement specific to the dataset and the proposed use will be developed. The agreement would address all specifications as listed in the CDC/ATSDR Policy on Releasing and Sharing Data in the sub-section titled “Data shared with restrictions” as well as any additional specifications prescribed by DSR confidentiality requirements. Data shared with an individual external to NIOSH will be de-identified to the extent possible to further safeguard respondent identities.
Data collected via telephone interviews will be protected throughout the life of the project. NIOSH and CPSC will identify potential cases for interview, CPSC will contact hospitals to obtain patient contact information, and contact information will be provided by CPSC to their contract telephone interviewers. Data transfers between CPSC and CPSC telephone interview contractors and between CPSC and NIOSH will occur using secure file transfer protocol locations. Once received by NIOSH, data will be stored in restricted-access directories that will only be accessible using password-protected computers. The interview survey data will be maintained as a restricted access data set in compliance with the CDC, NIOSH, DSR sensitive data handling policies and in accordance with federal recordkeeping requirements. Only DSR researchers and staff directly involved in the project will be given access to these data. The interview contact information, maintained by CPSC and never shared with NIOSH, will be destroyed at the completion of the interview study. Once all products are completed, all resulting datasets will be archived for potential future use. As required, a data management plan will be developed.
For Extensions and Reinstatements Only:
Packages are being reinstated or extended.
Respondents are state and local governments
Responses arrive at CDC and ATSDR with no identifiable
information and in aggregate form
Data management procedures have not changed since previous
approval and the instruments have not been through extensive revisions.
Additional Tips
Ensure that your package adheres to the following:
Does not use Privacy Act language from existing packages. Often times, new packages will be developed based upon existing packages. However, the privacy Act language is never transferrable between packages.
Consent documents/advisements contain the following information:
Authority for collecting the data (usually OSHA Act)
Purpose for collecting the data
With whom identifiable information will be shared.
Voluntary nature of the information collection
Effect upon respondent for not participating
| File Type | application/msword |
| File Title | Privacy Act Checklist |
| Author | ddv1 |
| Last Modified By | SYSTEM |
| File Modified | 2018-10-30 |
| File Created | 2018-10-30 |