|
|
|
FINAL SUPPORTING STATEMENT
FOR
NRC FORM 974
“PRIVACY ACT COMPLAINTS, CONCERNS OR QUESTIONS FORM”
(3150-XXXX)
NEW
Description of the Information Collection
As required by National Institute of Science and Technology (NIST) Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organization, the U.S. Nuclear Regulatory Commission’s (NRC) is providing an electronic mechanism for the public to voluntarily register complaints, concerns or questions regarding privacy data collection practices at the NRC. The complainant provides the following information:
Name
Telephone Number
Email Address
Summary of Privacy Complaint
Summary of any other steps already take if any by them or NRC to resolve complaint
Preferred method of contact
JUSTIFICATION
Need For the Collection of Information
NRC is required to have a privacy complaint management process for the public to express complaints or concerns regarding data collection practices and the associated responses necessary to resolve the issue. This is a federal requirement under the NIST Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organization. This publication was developed by NIST to further its statutory responsibilities under the Federal Information Security Modernization Act (FISMA), 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems.
The specific security control is, PM-26, Complaint Management and defined below:
PM-26 COMPLAINT MANAGEMENT
Control: Implement a process for receiving and responding to complaints, concerns, or questions from individuals about the organizational security and privacy practices that includes:
a. Mechanisms that are easy to use and readily accessible by the public;
b. All information necessary for successfully filing complaints, concerns or questions ;
c. Tracking mechanisms to ensure all complaints, concerns or questions received are reviewed and addressed within 60 business days.;
d. Acknowledgement of receipt of complaints, concerns, or questions from individuals within 10 business days; and
e. Response to complaints, concerns, or questions from individuals within 60 business days.
Discussion: Complaints, concerns, and questions from individuals can serve as valuable sources of input to organizations and ultimately improve operational models, uses of technology, data collection practices, and controls. Mechanisms that can be used by the public include telephone hotline, email, or web-based forms. The information necessary for successfully filing complaints includes contact information for the senior agency official for privacy or other official designated to receive complaints. Privacy complaints may also include personally identifiable information which is handled in accordance with relevant policies and processes.
Agency Use and Practical Utility of Information
This is a new collection request to meet the federal requirement. The information will be use to evaluate and respond to any privacy complaints, concerns, or questions received.
Reduction of Burden Through Information Technology
The NRC created a web form which is posted to the NRC public website to gather the information from the public if they have a complaint regarding NRC privacy data gathering. The public can submit the requested information by sending the information through email using a fillable-fileable form, NRC Form 974. It is estimated that approximately 100% of the potential responses are filed electronically.
Effort to Identify Duplication and Use Similar Information
No sources of similar information are available. There is no duplication of requirements.
Effort to Reduce Small Business Burden
The respondents to this information collection will be individuals and not businesses or corporate entities.
Consequences to Federal Program or Policy Activities if the Collection Is Not Conducted or Is Conducted Less Frequently
NRC is providing an electronic form for the public to register a complaint regarding data collection practices. The consequences of not collecting this information are that the NRC will not be able to comply with the federal requirement under the NIST Special Publication 800-53 Revision 5, Security and Privacy Controls for Information Systems and Organization.
Circumstances Which Justify Variation from OMB Guidelines
Not applicable
Consultations Outside the NRC
Opportunity for public comment on the information collection requirements for this clearance package was published In the Federal Register on February 16, 2023, (88 FR 10149). Potential respondents were individuals who submitted previous Privacy Act requests as part of the consultation process and the method of contact was by email. Three anonymous out of scope comments were received through the Federal Register docket. No changes were necessary since the comments didn't relate to this clearance package.
Payment or Gift to Respondents
Not applicable
Confidentiality of Information
Confidential and proprietary information is protected in accordance with NRC regulations at 10 CFR 9.17(a) and 10 CFR 2.390(b). Information considered confidential or proprietary is not normally requested.
The information collected on NRC Form 974 does not require a Privacy Act System of records. The information will be stored and retrieved by date the privacy complaints, concerns or questions were received.
Justification for Sensitive Questions
Not applicable. This information collection is not asking any sensitive questions.
Estimated Burden and Burden Hour Cost
It is estimated that 12 forms will be completed annually. The annual reporting burden is estimated to be 3 hours (12 respondents x 1 response per respondent x 0.25 hours per response). There would be no recordkeeping burden. The annual cost is $870 (12 annual responses x 0.25 hr./form x $290/hr.).
The $290 hourly rate used in the burden estimates is based on the Nuclear Regulatory Commission’s fee for hourly rates as noted in 10 CFR 170.20 “Average cost per professional staff-hour.” For more information on the basis of this rate, see the Revision of Fee Schedules; Fee Recovery for Fiscal Year 2022 (87 FR 37197, June 22, 2022).
Estimate of Other Additional Costs
There are no costs.
Estimated Annualized Cost to the Federal Government
The staff has developed estimates of annualized costs to the Federal Government related to the conduct of this collection of information. These estimates are based on staff experience and subject matter expertise and include the burden needed to review, analyze, and process the collected information and any relevant operational expenses.
The estimated total annual burden for NRC staff to process complaints, concerns, and question is 3 hours (12 forms x 0.25 hours per submission) at a cost of $870 (3 hours x $290/hr).
Reasons for Change in Burden or Cost
This is a new clearance.
Publication for Statistical Use
None
Reason for Not Displaying the Expiration Date
Not applicable
Exceptions to the Certification Statement
None
B. Collections of Information Employing Statistical Methods
Not Applicable
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | Benney, Kristen |
| File Modified | 0000-00-00 |
| File Created | 2023-07-31 |