Supporting Statement Part A_0704-0545_Final

SUPPORTING STATEMENT – PART A

Collection of Required Data Elements to Verify Eligibility
OMB Control Number 0704-0545

A.  JUSTIFICATION

1.  Need for the Information Collection

This is an existing collection of information necessitated by the Office of Personnel Management (OPM) cybersecurity incident in which approximately 21.5 million security clearance background investigation records containing personally identifying information (PII) were compromised.

The Department of Defense (DoD) is providing breach notification and facilitating the provision of breach mitigation services due to the number of DoD affected individuals. DoD entered into agreements with OPM to handle the breach notification and mitigation services. In response to this incident, OPM has partnered with all affected federal agencies; and, on behalf of these agencies, the DoD [Naval Sea Systems Command] has awarded a contract to provide identity protection and credit monitoring services to all impacted individuals and their minor children.

In order for impacted personnel to register themselves or their minor children for the services, they must provide a personal identification number (PIN). DoD commenced mailing out PINs to impacted individuals via U.S. Postal Service on September 30, 2015, and will continue for several weeks until all notifications have been mailed.

The authorities for this collection, as listed in the Privacy Act System of Records Notice, are as follows:

The E-Government Act of 2002 (Pub. L. 107-347); the Federal Information Security Modernization Act of 2014 (Pub. L. 113-283) (44 U.S.C. 3551-3559); 10 U.S.C. 113, Secretary of Defense; 50 U.S.C. 3038, Responsibilities of Secretary of Defense Pertaining to National Intelligence Program; E.O. 12333, United States Intelligence Activities, as amended; E.O. 13402, Strengthening Federal Efforts to Protect Against Identity Theft, as amended; E.O. 13526, Classified National Security Information; White House Memorandum dated September 20, 2006, Subject: Recommendations for Identity Theft Related Data Breach Notification; and E.O. 9397 (SSN), as amended.

2.  Use of the Information

In September 2015, the Government determined it does not have current addresses for over 30% of the impacted population and therefore cannot mail out notification letters containing PINs to all impacted individuals. Consequently, those individuals whom the Government cannot notify do not have the necessary PIN to enroll for identity protection services. In order to provide the greatest likelihood for letter notification and opportunity for impacted individuals to take advantage of these services, the Government has established a secure website for individuals to request verification status by voluntarily providing the minimum PII needed to validate the individual’s identity and U.S. mail contact information. To request verification status, individuals may either go directly to a secure OPM website screen and personally input the required data fields, or may call a helpdesk number where a contractor helpdesk attendant will take the information via telephone and input the information for the caller. Thus, this collection of information is necessary for individuals to determine whether or not they were impacted by the OPM cybersecurity incident and, if impacted, provide the means to obtain a PIN to receive Government-provided identity protection services

If individuals desire to request verification they can provide the required information using the following options:

a. Access the OPM website and submit the required data directly via secure OPM portal hosted by DMDC.

b. Call a helpdesk number listed in the publicly accessible OPM website and provides the required data to a helpdesk attendant who will then enter and submit the data directly via a secure OPM portal hosted by DMDC

The information collected will be used only to verify whether or not an individual was impacted by the OPM cybersecurity incident involving background investigation records and to send a letter confirming status as “impacted” or “not impacted” by this incident. Once the minimally required information has been input into the OPM secure portal, it will be compared to an electronic master file and verification will be accomplished electronically. After the Government has validated the individual’s status, the DoD Defense Manpower Data Center (DMDC) will generate and mail a response letter. This letter will either confirm eligibility and contain a PIN for impacted individuals, or confirm that the individual was not impacted by this cybersecurity incident.

The DoD DMDC will retain the information collected in a “holding file” until the contract end of performance on December 31, 2018. This will allow individuals who lose or never receive their PINs to use the portal and helpdesk to determine eligibility throughout the entire contract period.

3.  Use of Information Technology

One hundred percent of the responses will be collected electronically. The use of technology (online access) will decrease the burden on respondents to provide any more than the minimal data needed to verify eligibility. The online data entry portal allows respondents to enter data quickly and easily, as well as access additional helpful information such as frequently asked questions (FAQs).

4.  Non-duplication

The Government has convened an interagency task force to coordinate efforts on all matters concerned with the OPM cybersecurity incident involving background investigation reports. Through this comprehensive task force, the chances of duplication or contradiction of efforts is mitigated.

5.  Burden on Small Business

This section is not applicable, as the requirement to collect information applies to individuals and not business entities.

6.  Less Frequent Collection

The consequence of not collecting this data is that the Government cannot verify individuals’ identity to determine if they are eligible for themselves and their minor children to enroll for identity protection and credit monitoring services. This results in impacted individuals being deprived of Government-provided services to which they are entitled.

7.  Paperwork Reduction Act Guidelines

Collection of this information is consistent with 5 CFR 1320.5(d)(2). No special circumstances are required.

8.  Consultation and Public Comments

• Part A: PUBLIC NOTICE

As part of this request for a regular submission, a 60-day Federal Register Notice soliciting public comment was published on 02/17/2016 in the Federal Register; 81 FRN 8056. No comments were received.

• Part B: CONSULTATION

No consultation efforts were made with persons outside the sponsoring agency or Component.

9.  Gifts or Payment

The Government will provide no payment or gifts to respondents, other than remuneration of contractors in accordance with the terms of their contracts.

10.  Confidentiality

This collection requires a Privacy Act Statement, which can be found upon initial access to the website. This information is disclosed only to the extent consistent with statutory requirements, current regulations, and prudent business practices.

This collection requires a System of Records Notice (SORN), which can be found at the below link:

http://dpcld.defense.gov/Privacy/SORNsIndex/DODwideSORNArticleView/tabid/6797/Article/627463/dmdc-20.aspx

The information collection requires a Privacy Impact Assessment, which can be found at the below link:

https://www.dmdc.osd.mil/appj/dwp/documents.jsp

11.  Sensitive Questions

We are asking respondents to provide minimal information and Social Security Number (SSN) in order to accurately validate an their identity.

12.  Respondent Burden, and its Labor Costs

a.  Estimation of Respondent Burden

b.  Labor Cost of Respondent Burden

For civilians, the hourly rate is based on the Base General Schedule Pay Scale for 2015, GS11, Step 5 of $27.86 plus 36.25% overhead is $37.96, rounded to $38. For military, the rate is based on an O3 hourly rate of $31.89 plus 36.25% overhead for a burdened hourly rate of $43.45, rounded to $43. The prorated combined hourly rate is $42.07, rounded to $42.

13.  Respondent Costs Other Than Burden Hour Costs

DoD does not estimate any burden hours apart from the hours estimated in items 12.

14.  Cost to the Federal Government

15.  Reasons for Change in Burden

There has been a change in the burden estimate from the original OMB approval. This change is based on a reduction in the number of respondents.

16.  Publication of Results

Results of this information will not be tabulated or published.

17.  Non-Display of OMB Expiration Date

The Government is not requesting approval to omit display of the expiration date of OMB approval on the instrument of collection.

18.  Exceptions to "Certification for Paperwork Reduction Submissions"

The Government is not requesting exception to satisfy the statutory requirements