PRIVACY CHECKLIST NARRATIVE
CDC Worksite Health Scorecard
(0920-XXXX)
Does the data collection involve collecting sensitive or personally identifiable information?
No.
Describe how personal information will be maintained and who will have access.
Data management procedures for this revision have not changed since the previous approval (OMB #0920-1014, Exp 02/28/2019) and the instruments have not been through extensive revisions. The revised instruments include some reorganization of the questions and minor wording revisions, particularly to the new modules/questions, to better explain and define the context, concepts, or administration of the strategies and interventions contained in the questions has been completed.
Northrop Grumman, Johns Hopkins, and CDC will be the only organizations to collect, store, and maintain information that identifies specific individuals or employers. Computer data files used for analysis will identify individuals and employers using ID numbers and will not include employers’ names or contact information.
Technical safeguards. CDC, Johns Hopkins and Northrop Grumman will be the only organizations to collect, store, and maintain individual identifiable information. No personally identifiable health information is captured in the survey. Given that the information being collected is not considered sensitive, information will be stored on Johns Hopkins Box (JHBox), a password-protected cloud-based file storage service. Johns Hopkins, Northrop Grumman and the CDC program have consulted with CDC’s Office of the Chief Information Security Officer to review the data acquisition, storage, and processing procedures to ensure that they comply with the Privacy Act and required government data privacy and security procedures. The electronic file linking the employer and the identification number will be securely stored. All information will be password protected and only accessible to evaluation staff. IT servers and data rooms have additional security. All hard drives on the server are encrypted.
Additional safeguards. Survey results will only be reported in aggregate. Individual level data will not be reported.
CDC and its contractors will comply with all applicable federal and state laws.
State how long the sensitive or personal information will be maintained. This information is crucial. If sensitive information is maintained for even one day, the Privacy Act will apply and we will have to provide language in the clearance package.
The information will be retained for a period of five years which will conclude in March 2026.
Specify in the cover letter where the consent/advisement language can be found (i.e., The consent form is located in Attachment 2. or The advisement information is contained in the letter to respondents located in Attachment 4. or The advisement information is contained in the telephone transcript located in Attachment 3.)
Consent language is found on the cover page of each survey instrument prior to the instrument instructions and questions (Attachments C1 and C-2).
| File Type | application/msword |
| File Title | Does the data collection involve collecting sensitive and/or personally identifiable information |
| Author | nsg |
| Last Modified By | SYSTEM |
| File Modified | 2019-02-12 |
| File Created | 2019-02-12 |