DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this Notice is applicable November 17, 2022, subject to a 30-day period in which to comment on the routine uses, described below. Please submit any comments by December 19, 2022.
ADDRESSES: The public should address written comments by mail or email to: Anita Alford, Senior Official for Privacy, Administration for Children & Families, 330 C St. SW, Washington, DC 20201, or [email protected].
FOR FURTHER INFORMATION CONTACT: General questions about this system of records should be submitted by mail or email to Venkata Kondapolu, Director, Division of Federal Systems, Office of Child Support Enforcement, at 330 C St. SW, 5th Floor, Washington, DC 20201, or [email protected].
SUPPLEMENTARY INFORMATION:
I. Explanation of Changes to System of Records 09-80-0389 This system of records covers information maintained in a secure gateway system (the OCSE Data Center General Support System) established by OCSE. OCSE and (at their option) external partners use the system to facilitate electronic exchanges of information between (1) a state child support enforcement agency and (2) another external child support program partner, such as an employer, a health plan administrator, a financial institution, or a central authority in a foreign treaty country or a foreign country that is the subject of a declaration under 42 U.S.C. 659a, through OCSE. The system maintains information about individual participants in child support cases, including income withholding order information, medical support information, financial institution account information, levy file information, and details of child support disbursements transmitted between the United States and the authorized entity of the foreign treaty country or foreign country subject of a declaration under 42 U.S.C. 659a for distribution of the support payment by the foreign authority in accordance with the terms of the order. The following modifications have been made:
* The System Manager section has been revised to change the email address of the official serving as the System Manager, and to change the title of the official from “Acting Commissioner” to “Director.”
* The Authority section has been revised to include 42 U.S.C. 654, 654a, 654b, and 659a.
* The Purpose(s) section has been updated as follows:
o To include an additional purpose for which OCSE may use the OCSE Data Center General Support System; i.e., to support the Central Authority Payment (CAP) program, that exchanges details of child support disbursements transmitted between the United States and the authorized entity of the foreign treaty country or foreign country subject of a declaration under 42 U.S.C. 659a for distribution of the support payment by the foreign authority in accordance with the terms of the order;
o To add the CAP program to the bulleted list of programs supported by the gateway system;
o To add the new purpose to the list of reasons for which state child support enforcement agencies use the system; and
o To add, at the end of the section, reasons for which U.S. states use the system.
* The Categories of Records section has been revised to add a new category 4: child support case information used to administer the Central Authority Payment (CAP) program, which includes:
o Obligor/non-custodial parent’s name and Social Security Number (SSN).
o Foreign authority name, FIPS locator code, and foreign authority’s child support case identifier.
o U.S. state name and state child support agency’s case number.
o Amount and date of payment.
o Medical support indicator.
o Employment termination indicator.
* In the Record Source Categories section, the description of the first record source category has been changed from “[s]tate child support enforcement agencies initiating e-IWO, eNMSN, and FAST Levy program transactions” to “[s]tate child support enforcement agencies transmitting payment information to the CAP program for foreign authorities, and initiating e-IWO, e-NMSN, and FAST Levy program transactions in domestic child support cases.”
* The Routine Uses section has been updated to add new routine use 11 to allow disclosure of child support case information involving residents of the United States and residents of foreign treaty countries or foreign countries that are the subject of a declaration under 42 U.S.C. 659a to the foreign authority.
* The Policies and Practices for Retention and Disposal of Records section has been updated to insert, in the description of various retention periods that OCSE plans to propose to the National Archives and Records Administration (NARA) for the records, “up to 120 days to correct errors, and up to one year to reconcile information with external partners.”
Venkata Kondapolu,
Director, Division of Federal Systems, Office of Child Support Enforcement, Administration for Children & Families, U.S. Department of Health and Human Services.
SYSTEM NAME AND NUMBER:
OCSE Data Center General Support System, HHS/ACF/OCSE, 09-80-0389.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The address of the agency component responsible for the system of records is Office of Child Support Enforcement, Administration for Children & Families, 330 C St. SW, 5th Floor, Washington, DC 20201.
SYSTEM MANAGER(S):
Director, Division of Federal Systems, Office of Child Support Enforcement, Administration for Children & Families, Department of Health and Human Services, 330 C St. SW, 5th Floor, Washington, DC 20201, or [email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 652, 654, 654a, 654b, 659, 659a, 666, 669a.
PURPOSE(S) OF THE SYSTEM:
The purpose of the system of records is to support the enforcement of child support obligations, by providing a secure gateway (the OCSE Data Center General Support System, or any successor system) that OCSE will use to facilitate electronic exchanges of information about individual participants in child support cases, between state child support enforcement agencies and other external partners such as employers, health plan administrators, financial institutions, and central authorities in foreign treaty countries or foreign countries that are the subject of a declaration under 42 U.S.C. 659a. The child support enforcement agencies and other external partners will use the gateway system to electronically submit information to and receive information from each other, through OCSE.
The gateway system will support, for example:
* The Electronic Income Withholding Order (e-IWO) program, that provides the means to electronically exchange income withholding order information between state child support enforcement agencies and employers.
* The Electronic National Medical Support Notice (e-NMSN) program, that allows state child support enforcement agencies, employers, and health plan administrators to electronically send and receive National Medical Support Notices used to enroll children in medical insurance plans pursuant to child support orders.
* The Federally Assisted State Transmitted (FAST) Levy program, that allows states and financial institutions to exchange information about levy actions through an electronic process.
* The Central Authority Payment (CAP) program, that allows states and foreign authorities to exchange details of child support disbursements transmitted between the United States and the authorized entity of the foreign treaty country or foreign country subject of a declaration under 42 U.S.C. 659a for distribution of the support payment by the foreign authority in accordance with the terms of the order.
Multiple child support program partners will utilize the gateway system to electronically send and receive information:
State child support enforcement agencies will use the system to transmit e-IWOs to employers and e-NMSNs to employers and health plan administrators. State child support enforcement agencies will also use the system to create levy actions for distribution to multiple financial institutions, and to transmit information about child support disbursements between U.S. states and foreign authorities through the CAP program.
Employers will use the system to respond to state child support enforcement agencies regarding e-IWOs and to provide information about health insurance coverage provided by the employer. Employers and health plan administrators will use the system to respond to state child support enforcement agencies regarding e-NMSNs.
Financial institutions will use the system to receive and respond to levy actions from multiple state child support enforcement agencies.
U.S. states will use the system to transmit information about child support disbursements transmitted from the United States to a foreign authority through the CAP program.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The records in the system of records are about custodial and noncustodial parents, legal guardians, and third-party caretakers who are participants in child support program cases and whose names and Social Security numbers (SSNs) are used to retrieve the records. Children’s personal identifiers are not used to retrieve records in this system of records, so children are not subject individuals for purposes of this system of records.
CATEGORIES OF RECORDS IN THE SYSTEM:
The categories of records exchanged in the gateway system include:
1. Child support case information used to populate an e-IWO, which may include:
a. Name of state, tribe, territory, or private individual entity issuing an e-IWO;
b. Order ID and Case ID;
c. Remittance ID;
d. Employer/income withholder name, address, federal employer identification number (FEIN), telephone number, FAX number, email, or website;
e. Employee/obligor’s name, Social Security number (SSN), date of birth;
f. Custodial parent’s/obligee’s name;
g. Child(ren)’s name(s) and date(s) of birth;
h. Income withholding amounts for current child support, past-due child support, current cash medical support, past-due cash medical support, current spousal support, past-due spousal support;
i. Child support state disbursement unit or tribal order payee name and address;
j. Judge/issuing official’s name, title, and signature; and
k. Employee/obligor termination date, last known telephone number, last known address, new employer/income withholder’s name and address.
2. Child support case information used to populate an e-NMSN, and medical insurance information included in e-NMSN responses from employers and health plan administrators, which may include:
a. Custodial parent/obligee’s name and mailing address;
b. Substituted official/agency name and address (if custodial parent/obligee’s address is left blank);
c. Name, telephone number, and mailing address of representative of child(ren);
d. Child(ren)’s name(s), gender, date of birth, and SSN;
e. Employee’s name, SSN, and mailing address;
f. Plan administrator name, contact person, FAX number and telephone number;
g. Employer and/or employer representative name, FEIN, and telephone number;
h. Date of medical support termination, reason for termination, and child(ren) to be terminated from medical support;
i. Medical insurance provider name, group number, policy number, address;
j. Dental insurance provider name, group number, policy number, address;
k. Vision insurance provider name, group number, policy number, address;
l. Prescription drug insurance provider name, group number, policy number, address;
m. Mental health insurance provider name, group number, policy number, address;
n. Other insurance, specified by name, group number, policy number, address; and
o. Plan administrator name, title, telephone number and address.
3. Child support case information used to administer the FAST Levy program, which includes:
a. Requesting state agency name, address, and state Federal Information Processing Standard (FIPS) code;
b. Financial institution’s name and FEIN;
c. Obligor’s name, SSN, and date of birth;
d. Account number of account from which to withhold funds;
e. Withholding amount; and
f. Contact name, phone number, and email for point of contact in requesting state.
4. Child support case information used to administer the CAP program, which includes:
a. Obligor/non-custodial parent’s name and SSN;
b. Foreign authority name, FIPS locator code, and foreign authority’s child support case identifier;
c. U.S. state name and state child support agency’s case number;
d. Amount and date of payment;
e. Medical support indicator; and
f. Employment termination indicator.
RECORD SOURCE CATEGORIES:
The sources of the information in the system of records include:
* State child support enforcement agencies transmitting payment information to the CAP program for foreign authorities, and initiating e-IWO, e-NMSN, and FAST Levy program transactions in domestic child support cases.
* Employers or authorized third parties responding to e-IWOs and e-NMSNs.
* Health plan administrators responding to e-NMSNs.
* Financial institutions responding to FAST Levy requests.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
In addition to the disclosures authorized directly in the Privacy Act at 5 U.S.C. 552a(b)(1)-(b)(2) and (b)(4)-(b)(11), these routine uses specify circumstances under which the agency may disclose information from this system of records to a non-HHS officer or employee without the consent of the data subject. ACF will prohibit redisclosures, or may permit only certain redisclosures, as required or authorized by law. Each proposed disclosure or redisclosure of information permitted directly in the Privacy Act or under these routine uses will be evaluated to ensure that the disclosure or redisclosure is legally permissible.
Any information defined as “return”‘ or “return information” under 26 U.S.C. 6103 (Internal Revenue Code) is not disclosed unless authorized by a statute, the Internal Revenue Service (IRS), or IRS regulations.
1. Disclosure to Financial Institution to Collect Past-Due Support.
Pursuant to 42 U.S.C. 652(l), information pertaining to an individual owing past-due child support may be disclosed to a financial institution doing business in two or more states to identify an individual who maintains an account at the institution for the purpose of collecting past-due support. Information pertaining to requests by the state child support enforcement agencies for the placement of a lien or levy of such accounts may also be disclosed.
2. Disclosure of Financial Institution Information to State Child Support Enforcement Agency for Assistance in Collecting Past-Due Support.
Pursuant to 42 U.S.C. 652(l), the results of a comparison between information pertaining to an individual owing past-due child support and information provided by multistate financial institutions may be disclosed to a state child support enforcement agency for the purpose of assisting the state agency in collecting past-due support. Information pertaining to responses to requests by a state child support enforcement agency for the placement of a lien or levy of such accounts may also be disclosed.
3. Disclosure to Employer to Enforce Child Support Obligations.
Pursuant to 42 U.S.C. 666(b), information pertaining to an individual owing current or past-due child support may be disclosed to an employer for the purpose of collecting current or past-due support by way of an e-IWO.
4. Disclosure of Employer Information to State Child Support Enforcement Agency in Response to an e-IWO.
Information pertaining to a response by an employer to an e-IWO issued by a state child support enforcement agency for the collection of child support may be disclosed to the state child support enforcement agency.
5. Disclosure to Employer and Health Plan Administrator to Enforce Medical Support Obligations.
Pursuant to 42 U.S.C. 666(a)(19), information pertaining to participants in a child support case may be disclosed to an employer or a health plan administrator for the purpose of enforcing medical support for a child by way of an e-NMSN.
6. Disclosure of Employer and Health Plan Administrator Information to State Child Support Enforcement Agency in Response to an e-NMSN.
Information pertaining to a response by an employer or a health plan administrator to an e-NMSN issued by a state child support enforcement agency for the enforcement of medical support may be disclosed to the state child support enforcement agency.
7. Disclosure to Department of Justice or in Proceedings.
Records may be disclosed to the Department of Justice (DOJ) or to a court or other adjudicative body in litigation or other proceedings when HHS or any of its components, or any employee of HHS acting in the employee’s official capacity, or any employee of HHS acting in the employee’s individual capacity where the DOJ or HHS has agreed to represent the employee, or the United States Government, is a party to the proceedings or has an interest in the proceedings and, by careful review, HHS determines that the records are both relevant and necessary to the proceedings.
8. Disclosure to Congressional Office.
Information may be disclosed to a congressional office from the record of an individual in response to a written inquiry from the congressional office made at the written request of the individual.
9. Disclosure to Contractor to Perform Duties.
Records may be disclosed to a contractor performing or working on a contract for HHS and who has a need to have access to the information in the performance of its duties or activities for HHS in accordance with law and with the contract.
10. Disclosure in the Event of a Security Breach.
a. Information may be disclosed to appropriate agencies, entities, and persons when (1) HHS suspects or has confirmed that there has been a breach of the system of records; (2) HHS has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, HHS (including its information systems, programs, and operations), the federal government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with HHS’s efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
b. Information may be disclosed to another federal agency or federal entity, when HHS determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the federal government, or national security, resulting from a suspected or confirmed breach.
11. Disclosure to a Foreign Reciprocating Country and Foreign Treaty Country for Child Support Purposes.
Pursuant to 42 U.S.C. 652(n), 653(a)(2), 653(c)(5) and 659a(c)(2), child support case information involving residents of the United States and residents of foreign treaty countries or foreign countries that are the subject of a declaration under 42 U.S.C. 659a may be disclosed to the foreign authority.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The records are stored electronically.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by the parent’s, guardians, or third-party caretaker’s name or SSN.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Upon approval of a disposition schedule by the National Archives and Records Administration (NARA), the records will be deleted when eligible for destruction under the schedule, if the records are no longer needed for administrative, audit, legal, or operational purposes. ACF anticipates requesting NARA’s approval of retention periods of approximately 90 days for the information contained in the transmission files (i.e., long enough to confirm receipt or to resend if necessary), up to 120 days to correct errors, up to a year to reconcile information with external partners, and up to seven years for the audit log records. Approved disposal methods for electronic records and media include overwriting, degaussing, erasing, disintegration, pulverization, burning, melting, incineration, shredding, or sanding.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The system leverages cloud service providers that maintain an authority to operate in accordance with applicable laws, rules, and policies, including Federal Risk and Authorization Management Program (FedRAMP) requirements. Specific administrative, technical, and physical controls are in place to ensure that the records collected, maintained, and transmitted using the OCSE Data Center General Support System are secure from unauthorized access. Access to the records within the system is restricted to authorized personnel who are advised of the confidentiality of the records and the civil and criminal penalties for misuse, and who sign a nondisclosure oath to that effect. Agency personnel are provided privacy and security training before being granted access to the records and annually thereafter. Additional safeguards include protecting the facilities where records are stored or accessed with security guards, badges and cameras; limiting access to electronic databases to authorized users based on roles and either two-factor authentication or user ID and password (as appropriate); using a secured operating system protected by encryption, firewalls, and intrusion detection systems; reviewing security controls on a periodic basis; and using secure destruction methods prescribed in NIST SP 800-88 to dispose of eligible records. All safeguards conform to the HHS Information Security and Privacy Program, https://www.hhs.gov/ocio/securityprivacy/index.html.
RECORD ACCESS PROCEDURES:
To request access to a record about you in this system of records, submit a written access request to the System Manager identified in the “System Manager” section of this System of Records Notice (SORN), in accordance with the Department’s Privacy Act implementation regulations in 45 CFR. The request must reasonably describe the record sought and must include (for contact purposes and identity verification purposes) your full name, current address, telephone number and/or email address, date and place of birth, and signature, and (if needed by the agency) sufficient particulars contained in the records (such as, your SSN) to enable the System Manager to distinguish between records on subject individuals with the same name. In addition, to verify your identity, your signature must be notarized, or the request must include your written certification that you are the individual who you claim to be and that you understand that the knowing and willful request for or acquisition of a record pertaining to an individual under false pretenses is a criminal offense subject to a fine of up to $5,000. You may request that copies of the records be sent to you, or you may request an appointment to review the records in person (including with a person of your choosing, if you provide written authorization for agency personnel to discuss the records in that person’s presence). You may also request an accounting of disclosures that have been made of records about you, if any.
CONTESTING RECORD PROCEDURES:
To request correction of a record about you in this system of records, submit a written amendment request to the System Manager identified in the “System Manager” section of this SORN, in accordance with the Department’s Privacy Act implementation regulations in 45 CFR. The request must contain the same information required for an access request and include verification of your identity in the same manner required for an access request. In addition, the request must reasonably identify the record and specify the information contested, the corrective action sought, and the reasons for requesting the correction; and should include supporting information to show how the record is inaccurate, incomplete, untimely, or irrelevant.
NOTIFICATION PROCEDURES:
To find out if the system of records contains a record about you, submit a written notification request to the System Manager identified in the “System Manager” section of this SORN, in accordance with the Department’s Privacy Act implementation regulations in 45 CFR. The request must identify this system of records, contain the same information required for an access request, and include verification of your identity in the same manner required for an access request.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
86 FR 72245 (Dec. 21, 2021).
[FR Doc. 2022-25017 Filed 11-16-22; 8:45 am]
BILLING CODE 4184-42-P
Comments are closed.