Paperwork Reduction Act (PRA) Guide 4/27/2011
You must cite a specific authority for promising confidentiality. If there is no applicable
authority, and you do plan to protect the information, please describe the management,
operational, and technical safeguards, but do not state that information will be
confidential.
If the Privacy Act (5 U.S.C. 552a) applies to a collection (see below), it can be used as a
statutory authority for confidentiality. If there is another appropriate statutory authority in
addition to the Privacy Act, it is best to cite that authority. However, if the Privacy Act
applies, compliance with this Act is still necessary (see below).
This Act generally applies if records will be primarily retrieved by personally identifiable
information, e.g., name, social security number (SSN), or date of birth. This Act “governs
the collection, maintenance, and disclosure of information from or about identifiable
individuals (not statistical or aggregate information).” For these purposes, corporations
are not considered to be individuals, but persons acting as or for corporations are still
considered individuals. Also, if a business does not have an employer identification
number (EIN) and thus must supply an SSN, the SSN requires protection under the
Privacy Act.
If an information collection falls under this Act, a Privacy Act system of records notice
must be published in the Federal Register, which describes how and where the
information is stored, and how it is secured. If a system of records already exists under
which this collection would fall, you do not need to go through this process.
If you request a respondent’s SSN, this Privacy Act note (Section 7(a)(1)(b)) applies,
“Any Federal, State or local government agency which requests an individual to
disclose his social security account number shall inform that individual whether that
disclosure is mandatory or voluntary, by what statutory or other authority such
number is solicited, and what uses will be made of it.”
The applicable statement must be included along with the Paperwork Reduction Act
statement on all forms that request an SSN.
11. Provide additional justification for any questions of a sensitive nature, such as
sexual behavior and attitudes, religious beliefs, and other matters that are
commonly considered private.
This justification should include the reasons why the agency considers the questions
necessary, the specific uses to be made of the information, the explanation to be given to
people from whom the information is requested, and any steps to be taken to obtain their
consent. Finally, OMB has standards
8
for asking questions about race or ethnicity. If
you ask such questions, you must comply with those standards.
12. Provide estimates of the hour burden of the collection of information. The
statement should:
8
See OMB Directive 15, Race and Ethnic Standards for Federal Statistics and Administrative Reporting.
38