SUPPORTING STATEMENT - PART A
Collection of Required Data Elements to Verify Eligibility
OMB Control Number 0704-0545
Summary of Changes from Previously Approved Collection
The DoD contract with OPM to collect this information has been extended for up to seven years, pending annual renewals.
An Agency Disclosure Notice has been added to the collection instrument.
The burden has increased since the previous approval due to a small recalculation of the time needed to provide the information required to prove eligibility. The labor cost on respondents has decreased.
1. Need for the Information Collection
This is an existing collection of information necessitated by the Office of Personnel Management (OPM) cybersecurity incident in which approximately 21.5 million security clearance background investigation records containing personally identifying information (PII) were compromised.
The Department of Defense (DoD) is providing breach notification and facilitating the provision of breach mitigation services due to the number of DoD affected individuals. DoD entered into agreements with OPM to handle the breach notification and mitigation services. In response to this incident, OPM has partnered with all affected federal agencies; and, on behalf of these agencies, the DoD [Naval Sea Systems Command] has awarded a contract to provide identity protection and credit monitoring services to all impacted individuals and their minor children. This contract was extended at the end of 2018 and is expected to continue through 2025.
In order for impacted personnel to register themselves or their minor children for the services, they must provide a personal identification number (PIN). DoD commenced mailing out PINs to impacted individuals via U.S. Postal Service on September 30, 2015, and will continue for several weeks until all notifications have been mailed.
The
authorities for this collection, as listed in the Privacy Act System
of Records Notice, are as follows:
The E-Government Act
of 2002 (Pub. L. 107-347); the Federal Information Security
Modernization Act of 2014 (Pub. L. 113-283) (44 U.S.C. 3551-3559); 10
U.S.C. 113, Secretary of Defense; 50 U.S.C. 3038, Responsibilities of
Secretary of Defense Pertaining to National Intelligence Program;
E.O. 12333, United States Intelligence Activities, as amended; E.O.
13402, Strengthening Federal Efforts to Protect Against Identity
Theft, as amended; E.O. 13526, Classified National Security
Information; White House Memorandum dated September 20, 2006,
Subject: Recommendations for Identity Theft Related Data Breach
Notification; and E.O. 9397 (SSN), as amended.
2. Use of the Information
In September 2015, the Government determined it does not have current addresses for over 30% of the impacted population and therefore cannot mail out notification letters containing PINs to all impacted individuals. Consequently, those individuals whom the Government cannot notify do not have the necessary PIN to enroll for identity protection services. In order to provide the greatest likelihood for letter notification and opportunity for impacted individuals to take advantage of these services, the Government has established a secure website for individuals to request verification status by voluntarily providing the minimum PII needed to validate the individual’s identity and U.S. mail contact information. To request verification status, individuals may either go directly to a secure OPM website screen and personally input the required data fields, or may call a helpdesk number where a contractor helpdesk attendant will take the information via telephone and input the information for the caller. Thus, this collection of information is necessary for individuals to determine whether or not they were impacted by the OPM cybersecurity incident and, if impacted, provide the means to obtain a PIN to receive Government-provided identity protection services
If individuals desire to request verification they can provide the required information using the following options:
Access the OPM website and submit the required data directly via secure OPM portal hosted by DMDC.
Call a helpdesk number listed in the publicly accessible OPM website and provides the required data to a helpdesk attendant who will then enter and submit the data directly via a secure OPM portal hosted by DMDC at https://opmverify.dmdc.osd.mil/.
The information collected will be used only to verify whether or not an individual was impacted by the OPM cybersecurity incident involving background investigation records and to send a letter confirming status as “impacted” or “not impacted” by this incident. Once the minimally required information has been input into the OPM secure portal, it will be compared to an electronic master file and verification will be accomplished electronically. After the Government has validated the individual’s status, the DoD Defense Manpower Data Center (DMDC) will generate and mail a response letter. This letter will either confirm eligibility and contain a PIN for impacted individuals, or confirm that the individual was not impacted by this cybersecurity incident.
The DoD DMDC will retain the information collected in a “holding file” until the contract end of performance. This will allow individuals who lose or never receive their PINs to use the portal and helpdesk to determine eligibility throughout the entire contract period. The contract period was last extended through December 31, 2019 but is expected to be renewed annually for the next seven years.
3. Use of Information Technology
100% of responses are collected electronically. The online data entry portal allows respondents to enter data quickly and easily, as well as additional helpful information and frequently asked questions.
4. Non-duplication
The information obtained through this collection is unique and is not already available for use or adaptation from another cleared source.
5. Burden on Small Businesses
This information collection does not impose a significant economic impact on a substantial number of small businesses or entities.
6. Less Frequent Collection
Information is collected as required to verify individual’s eligibility for identity protection and credit monitoring services. Failure to collect this information would deprive affected individuals of these services.
7. Paperwork Reduction Act Guidelines
This collection of information does not require collection to be conducted in a manner inconsistent with the guidelines delineated in 5 CFR 1320.5(d)(2).
8. Consultation and Public Comments
Part A: PUBLIC NOTICE
A 60-Day Federal Register Notice (FRN) for the collection published on Friday, May 3, 2019. The 60-Day FRN citation is 84 FRN 19058.
No comments were received during the 60-Day Comment Period.
A 30-Day Federal Register Notice for the collection published on Friday, July 26, 2019. The 30-Day FRN citation is 84 FRN 36090.
Part B: CONSULTATION
No additional consultation apart from soliciting public comments through the Federal Register was conducted for this submission.
9. Gifts or Payment
No payments or gifts are being offered to respondents as an incentive to participate in the collection.
10. Confidentiality
A Privacy Act Statement is provided to all respondents when they first access the collection instrument online at https://opmverify.dmdc.osd.mil/.
A copy of the SORN, Personnel Security Breach Notification and Mitigation Services Records, may be found online at https://dpcld.defense.gov/Privacy/SORNsIndex/DOD-wide-SORN-Article-View/Article/627463/dmdc-20/.
A draft copy of the PIA, Personnel Security Breach Notification and Mitigation Services Records, has been provided with this package for OMB’s review.
The National Archives and Records Administration has authorized the destruction of these records 3 (three) year(s) after credit monitoring and identity management services have concluded.
11. Sensitive Questions
Social Security Numbers are collected as the primary means to verify identity. A Social Security Number Justification Memo is attached as part of this collection package.
12. Respondent Burden and its Labor Costs
Part A: ESTIMATION OF RESPONDENT BURDEN
[Eligibility Verification]
Number of Respondents: 1,000,000
Number of Responses Per Respondent: 1
Number of Total Annual Responses: 1,000,000
Response Time: 5 minutes
Respondent Burden Hours: 83,333 hours
Part B: LABOR COST OF RESPONDENT BURDEN
[Eligibility Verification]
Number of Total Annual Responses: 1,000,000
Response Time: 5 minutes
Respondent Hourly Wage: $7.25
Labor Burden per Response: $0.60
Total Labor Burden: $600,000
The Respondent hourly wage was determined by using the Federal minimum wage of $7.25/hr.
13. Respondent Costs Other Than Burden Hour Costs
There are no annualized costs to respondents other than the labor burden costs addressed in Section 12 of this document to complete this collection.
14. Cost to the Federal Government
Part A: LABOR COST TO THE FEDERAL GOVERNMENT
[Eligibility Verification]
Number of Total Annual Responses: 1,000,000
Processing Time per Response: 2 minutes
Hourly Wage of Worker(s) Processing Responses : $37.97
Cost to Process Each Response: $1.27
Total Cost to Process Responses: $1,270,000
Part B: OPERATIONAL AND MAINTENANCE COSTS
Cost Categories
Equipment: $0
Printing: $0
Postage: $0
Software Purchases: $0
Licensing Costs: $0
Other: $0
Total Operational and Maintenance Cost: $0
Part C: TOTAL COST TO THE FEDERAL GOVERNMENT
Total Labor Cost to the Federal Government: $1,270,000
Total Operational and Maintenance Costs: $0
Total Cost to the Federal Government: $1,270,000
15. Reasons for Change in Burden
The burden has increased since the previous approval due to a small recalculation of the time needed to provide the information required to prove eligibility. The labor cost on respondents has decreased.
16. Publication of Results
The results of this information collection will not be published.
17. Non-Display of OMB Expiration Date
We are not seeking approval to omit the display of the expiration date of the OMB approval on the collection instrument.
18. Exceptions to “Certification for Paperwork Reduction Submissions”
We are not requesting any exemptions to the provisions stated in 5 CFR 1320.9.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | Kaitlin Chiarelli |
| File Modified | 0000-00-00 |
| File Created | 2021-01-15 |