Data Security Requirements for Accessing Confidential Data

The Foundations for Evidence-Based Policymaking Act of 2018 (44 U.S.C. 3583) mandates that the Director of the Office of Management and Budget (OMB) establish a standard application process (SAP) for requesting access to certain confidential data assets. While the adoption of the SAP is required for statistical agencies and units designated under the Confidential Information Protection and Statistical Efficiency Act of 2018 (CIPSEA), it is recognized that other agencies and organizational units within the Executive Branch may benefit from the adoption of the SAP to accept applications for access to confidential data assets. The SAP is to be a process through which agencies, the Congressional Budget Office, State, local, and Tribal governments, researchers, and other individuals, as appropriate, may apply to access confidential data assets held by a federal statistical agency or unit for the purposes of developing evidence. With the Interagency Council on Statistical Policy (ICSP) as advisors, the entities upon whom this requirement is levied are working with the SAP Project Management Office (PMO) and with OMB to implement the SAP. The SAP Portal is to be a single web-based common application designed to collect information from individuals requesting access to confidential data assets from federal statistical agencies and units. In late 2022, the National Center for Science and Engineering Statistics (NCSES), in its role as the SAP PMO, published a 60-day Federal Register Notice (87 FR 53793) and 30-day Federal Register Notice (87 FR 66754) announcing plans to collect information through the SAP Portal. This collection request was submitted to the Office of Management and Budget as a Common Form in late 2022; the OMB control number for SAP Portal information collection is 3145-0271 and the expiration date is 12/31/2025. When an application for confidential data is approved through the SAP Portal, BTS will collect information to fulfill its data security requirements. This is a required step before providing the individual with access to confidential microdata for the purpose of evidence building. BTS’s data security agreements and other paperwork, along with the corresponding security protocols, allow BTS to maintain careful controls on confidentiality and privacy, as required by law. This collection will occur outside of the SAP Portal. On November 16, 2022, BTS published a 60-day Federal Register Notice [Vol 87, No 220, pages 68794-6] announcing plans for this collection. This submission requests approval to collect information from individuals to fulfill BTS’s data security requirements. This request is from BTS within the Department of Transportation.

The latest form for Data Security Requirements for Accessing Confidential Data expires 2026-06-30 and can be found here.