0910 Privacy Narrative FINAL

Information Collection Request - Privacy Narrative
Message Testing for Tobacco Communication Activities (MTTCA) Request for Revision
Title: ______________________________________________________________________________________
(0920-0910, exp. 5/31/2021)

Michelle O'Hegarty
Point of Contact: _____________________________________________________________________________

Request for Revision (OMB No. 0920-0910; exp. 5/31/2021) There are no proposed changes to the
information collection activities, methodology, or populations of interest from the last extension request to
MTTCA in 2018. Each project approved under the MTTCA framework is outlined in a project-specific
information collection request. Each project-specific data collection request submitted to OMB for review and
approval will include 1) a description of the applicable privacy safeguards., 2) a project-specific Privacy Act
determination, and 3) a project-specific IRB approval, if required.
Overview of Data Collections
Data collections will take place online or in person, as appropriate to meet project needs. Across data collection
methods, data will only be stored in de-identified formats. CDC will not have access to PII. This data collection
is not subject to the Privacy Act. The records are not retrieved using a personal identifier.
Data Security:
All information will be stored on password-protected databases to which only contractors working on a project
have access. When data are collected by means of paper questionnaires (e.g., questionnaires to complement
in-person focus group data), the questionnaires will be kept in locked filing cabinets. When the data have been
coded into electronic files and cleaned, the paper records will be destroyed.
CDC contractors will keep the data in non-aggregate form for six months after information collection has been
completed, and then the respondent-level data will be deleted from the password-protected databases.
Contractors will provide CDC with de-identified data, to be used for analyses. CDC will retain and destroy
records in accordance with the applicable CDC Records Control Schedule.

Does this ICR request any PII?

✔ Yes

No

PII will be utilized by CDC data
If yes, describe: _____________________________________
collection contractors. PII will be used

✔ No
Does this ICR include a form that requires a Privacy Act Statement?only to
Yesgenerate
a sample. PII will be

Does this ICR require a PIA?

✔

Yes

No

Associate Director for Science

Terri Stilllemelle -S
Comments:

Digitally signed by Terri
Still-lemelle -S
Date: 2023.06.24
13:32:35 -04'00'

secured through password protected files
Yes ✔ No
or locked cabinets, and PII will never be
delivered to CDC. All data collected and
delivered to CDC from contractors will
C/I/O Approval be in the aggregate only.
If yes, does a signed PIA already exist?

Information Systems Security Officer

Cynthia
Allen -S

Digitally signed by
Cynthia Allen -S
Date: 2019.11.26
12:31:21 -05'00'