Data Security Requirements for Accessing Confidential Data - Extension Proposed

Legal Status This site displays a prototype of a “Web 2.0” version of the daily
Federal Register. It is not an official legal edition of the Federal
Register, and does not replace the official print version or the official
electronic version on GPO’s govinfo.gov.

The documents posted on this site are XML renditions of published Federal
Register documents. Each document posted on the site includes a link to the
corresponding official PDF file on govinfo.gov. This prototype edition of the
daily Federal Register on FederalRegister.gov will remain an unofficial
informational resource until the Administrative Committee of the Federal
Register (ACFR) issues a regulation granting it official legal status.
For complete information about, and access to, our official publications
and services, go to About the Federal Register on NARA's archives.gov.

The OFR/GPO partnership is committed to presenting accurate and reliable
regulatory information on FederalRegister.gov with the objective of
establishing the XML-based Federal Register as an ACFR-sanctioned
publication in the future. While every effort has been made to ensure that
the material on FederalRegister.gov is accurately displayed, consistent with
the official SGML-based PDF version on govinfo.gov, those relying on it for
legal research should verify their results against an official edition of
the Federal Register. Until the ACFR grants it official status, the XML
rendition of the daily Federal Register on FederalRegister.gov does not
provide legal notice to the public or judicial notice to the courts.

Legal Status

Notice

Agency Information Collection Activities; Proposed eCollection eComments Requested Extension of a Currently Approved Collection; Title-Data Security Requirements for Accessing Confidential Data

A Notice by the Justice Department on 04/07/2026

• 1.

1.
This document has a comment period that ends in 30 days.
(05/07/2026) View Comment Instructions

Thank you for taking the time to create a comment. Your input is important.

Once you have filled in the required fields below you can preview and/or submit your comment to the Justice Department for review. All comments are considered public and will be posted online once the Justice Department has reviewed them.

You can view alternative ways to comment or you may also comment via Regulations.gov at /documents/2026/04/07/2026-06693/agency-information-collection-activities-proposed-ecollection-ecomments-requested-extension-of-a.

It appears that you have attempted to comment on this document before
so we've restored your progress.
Start over.
1.
2. Comment * What is your comment about? Upload File(s) Note: You can attach your comment as a file and/or attach supporting
documents to your comment. Attachment Requirements.

Email this will NOT be posted on regulations.gov

Opt to receive email confirmation of submission and tracking number? Tell us about yourself! I am... * An Individual An Organization Anonymous First Name * Last Name * City Region State Alabama Alaska American Samoa Arizona Arkansas California Colorado Connecticut Delaware District of Columbia Florida Georgia Guam Hawaii Idaho Illinois Indiana Iowa Kansas Kentucky Louisiana Maine Maryland Massachusetts Michigan Minnesota Mississippi Missouri Montana Nebraska Nevada New Hampshire New Jersey New Mexico New York North Carolina North Dakota Ohio Oklahoma Oregon Pennsylvania Puerto Rico Rhode Island South Carolina South Dakota Tennessee Texas Utah Vermont Virgin Islands Virginia Washington West Virginia Wisconsin Wyoming Zip Country Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia, Plurinational State of Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, the Democratic Republic of the Cook Islands Costa Rica Côte d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands (Malvinas) Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See (Vatican City State) Honduras Hong Kong Hungary Iceland India Indonesia Iran, Islamic Republic of Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, Democratic People's Republic of Korea, Republic of Kuwait Kyrgyzstan Lao People's Democratic Republic Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macao Macedonia, the Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia, Federated States of Moldova, Republic of Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestine, State of Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Barthélemy Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Martin (French part) Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Sint Maarten (Dutch part) Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and the South Sandwich Islands South Sudan Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan, Province of China Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States United States Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela, Bolivarian Republic of Viet Nam Virgin Islands, British Virgin Islands, U.S. Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Phone Organization Type * Company Organization Federal State Local Tribal Regional Foreign U.S. House of Representatives U.S. Senate Organization Name * You are filing a document into an official docket. Any personal
information included in your comment text and/or uploaded
attachment(s) may be publicly viewable on the web. I read and understand the statement above.

2. Preview Comment Please review the Regulations.gov privacy notice and user notice.
3. Document Details Published Content - Document Details Agency Department of Justice Agency/Docket Number OMB Number 1121-0377 Document Citation 91 FR 17663 Document Number 2026-06693 Document Type Notice Pages 17663-17664 (2 pages) Publication Date 04/07/2026 Published Content - Document Details

• PDF Official Content
  • View printed version (PDF) Official Content
• Document Details Published Content - Document Details Agency Department of Justice Agency/Docket Number OMB Number 1121-0377 Document Citation 91 FR 17663 Document Number 2026-06693 Document Type Notice Pages 17663-17664 (2 pages) Publication Date 04/07/2026 Published Content - Document Details
• Document Dates Published Content - Document Dates Comments Close 05/07/2026 Dates Text Comments are encouraged and will be accepted for 30 days until May 7, 2026. Published Content - Document Dates

• Table of Contents Enhanced Content - Table of Contents This table of contents is a navigational tool, processed from the
  headings within the legal text of Federal Register documents.
  This repetition of headings to form internal navigation links
  has no substantive legal effect.

  • AGENCY:
  • ACTION:
  • SUMMARY:
  • DATES:
  • FOR FURTHER INFORMATION CONTACT:
  • SUPPLEMENTARY INFORMATION:
  • Overview of This Information Collection Enhanced Content - Table of Contents

• Related Documents Enhanced Content - Related Documents FederalRegister.gov uses the agency dockets published with the document to display related documents.

| OMB Number 1121-0377
(2 Documents) | | | |
| --- | | | |
| Date | | Action | Title |
| | 2026-04-07 | 30-Day notice. | Agency Information Collection Activities; Proposed eCollection eComments Requested Extension of a Currently Approved Collection; Title-Data Security Requirements for Accessing Confidential Data |
| | 2026-02-06 | 60-Day notice. | Agency Information Collection Activities; Proposed eCollection eComments Requested Extension of a Currently Approved Collection Title: Data Security Requirements for Accessing Confidential Data |

Enhanced Content - Related Documents

• Public Comments Enhanced Content - Public Comments Comments are being accepted - View Comment Instructions.

Enhanced Content - Public Comments
- Regulations.gov Data Enhanced Content - Regulations.gov Data Additional information is not currently available for this document.

Enhanced Content - Regulations.gov Data

- Sharing Enhanced Content - Sharing Shorter Document URL https://www.federalregister.gov/d/2026-06693 Email Email this document to a friend Enhanced Content - Sharing

• Print Enhanced Content - Print
  • Print this document Enhanced Content - Print
• Other Formats Enhanced Content - Other Formats This document is also available in the following formats:

JSON Normalized attributes and metadata XML Original full text XML MODS Government Publishing Office metadata More information and documentation can be found in our developer tools pages.

Enhanced Content - Other Formats
- Public Inspection Public Inspection This PDF is FR Doc. 2026-06693 as it appeared on Public Inspection on
04/06/2026 at 8:45 am.

It was viewed
30
times while on Public Inspection.

If you are using public inspection listings for legal research, you
should verify the contents of the documents against a final, official
edition of the Federal Register. Only official editions of the
Federal Register provide legal notice of publication to the public and judicial notice
to the courts under 44 U.S.C. 1503 & 1507. Learn more here.

Public Inspection
Published Document: 2026-06693 (91 FR 17663) This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Document Headings Document headings vary by document type but may contain
the following:

1. the agency or agencies that issued and signed a document
2. the number of the CFR title and the number of each part the document amends, proposes to amend, or is directly related to
3. the agency docket number / agency internal file number
4. the RIN which identifies each regulatory action listed in the Unified Agenda of Federal Regulatory and Deregulatory Actions See the Document Drafting Handbook for more details.

Department of Justice

1. OMB Number 1121-0377 # AGENCY:

Bureau of Justice Statistics, Department of Justice.

ACTION:

30-Day notice.

SUMMARY:

The Bureau of Justice Statistics (BJS), Department of Justice (DOJ) will be submitting the following information collection request to the Office of Management and Budget (OMB) for review and approval in accordance with the Paperwork Reduction Act of 1995.

DATES:

Comments are encouraged and will be accepted for 30 days until May 7, 2026.

FOR FURTHER INFORMATION CONTACT:

If you have comments especially on the estimated public burden or associated response time, suggestions, or need a copy of the proposed information collection instrument with instructions or additional information, please contact Devon Adams, Bureau of Justice Statistics, 999 North Capitol Street NE, Washington, DC 20531 (email: devon.adams@usdoj.gov or BJSPRA.Comments@ojp.usdoj.gov; telephone: (202) 307-0765). Please include “STANDARD APPLICATION PROCESS” in the subject line.

SUPPLEMENTARY INFORMATION:

The proposed information collection was previously published in the Federal Register on February 6, 2026, 91 FR 5513, allowing a 60-day comment period. Written comments and suggestions from the public and affected agencies concerning the proposed collection of information are encouraged. Your comments should address one or more of the following four points:

—Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the Bureau of Justice Statistics, including whether the information will have practical utility;

—Evaluate the accuracy of the agency's estimate of the burden of the proposed collection of information;

—Evaluate whether and if so how the quality, utility, and clarity of the information to be collected can be enhanced; and

—Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses.

Written comments and recommendations for this information collection should be submitted within 30 days of the publication of this notice on the following website www.reginfo.gov/​public/​do/​PRAMain. Find this particular information collection by selecting “Currently under 30-day Review—Open for Public Comments” or by using the search function and entering either the title of the information collection or the OMB Control Number [1121-0377]. This information collection request may be viewed at www.reginfo.gov. Follow the instructions to view Department of Justice, information collections currently under review by OMB.

DOJ seeks PRA authorization for this information collection for three (3) years. OMB authorization for an ICR cannot be for more than three (3) years without renewal. The DOJ notes that information collection requirements submitted to the OMB for existing ICRs receive a month-to-month extension while they undergo review.

Overview of This Information Collection

1. Type of Information Collection: Extension of a currently approved collection.

2. The Title of the Form/Collection: Data Security Requirements for Accessing Confidential Data.

3. The agency form number, if any, and the applicable component of the Department of Justice sponsoring the collection: There is no form number associated with this information collection. The applicable component within the Department of Justice is the Bureau of Justice Statistics (BJS), in the Office of Justice Programs.

4. Affected public who will be asked or required to respond, as well as a brief abstract: The Foundations for Evidence-Based Policymaking Act of 2018 mandates that the OMB establish a Standard Application Process (SAP) for requesting access to certain confidential data assets for statistical purposes, including evidence-building The SAP is to be a process through which agencies, the Congressional Budget Office, State, local, and Tribal governments, researchers, and other individuals, as appropriate, may apply to access confidential data assets held by a federal statistical agency or unit for the purposes of developing evidence. With the Interagency Council on Statistical Policy (ICSP) as advisors, the entities upon whom this requirement is levied are working with the SAP Project Management Office (PMO) and with OMB to implement the SAP. The SAP Portal is a single web-based common application for requesting access to confidential data assets from federal statistical agencies and units. On behalf of BJS and the other federal statistical agencies and units, the National Center for Science and Engineering Statistics (NCSES) submitted the OMB the recertification request to the currently approved Standard Application Portal (3145-0271. OMB approved the action for an additional three years expiring on December 31, 2028. The data security requirements apply to this form (https://www.reginfo.gov/​public/​do/​PRAViewRCF?​ref_​nbr=​202512-0535-001CF).

Once an application for confidential data is approved through the SAP Portal, BJS will collect information to meet its data security requirements when providing access to restricted use (confidential) microdata for the purpose of evidence building. This collection will occur outside of the SAP Portal. BJS's data security agreements and other paperwork along with the corresponding security protocols allow the agency to maintain careful controls on confidentiality and privacy, as required by law. If an application requesting access to an BJS-owned confidential data asset is approved, BJS will contact the applicant(s) to initiate the process of collecting the following information to fulfill its data security requirements:

• Restricted data use agreement —This document is an agreement between BJS's official archive (currently the National Archive of Criminal Justice Data [NACJD]), on behalf of BJS, and the user(s) who is approved to access BJS's confidential data assets exclusively for statistical purposes, including evidence-building, in accordance with the terms and conditions stated in the agreement and all applicable federal laws and regulations. An applicant must submit the appropriate data security plan information to describe how they will protect the data from misuse and unauthorized access. The agreement describes the penalties associated with the misuse or unauthorized access of the data. The agreement requires signature from the applicant(s) and any other representative who has the authority to enter into a legal agreement with NACJD, as applicable.
• Privacy Certificate —Office of Justice Programs regulations at 28 CFR part 22 require that a Privacy Certificate ( printed page 17664) be submitted as part of any application for a project in which information identifiable to a private person will be collected, analyzed, or otherwise used for research or statistical purposes. The Privacy Certificate describes the specific technical, administrative, and physical controls and procedures that will be used to protect data confidentiality and safeguard the data from misuse or unauthorized access. The Privacy Certificate is an applicant's certification to comply with BJS's confidentiality requirements. All individuals who will have access to the confidential BJS data are required to sign a Privacy Certificate to affirm their understanding of and agreement to comply with BJS's confidentiality requirements.
• Data security plan —This document describes the data access modality requested (physical enclave, virtual enclave, or secure download) and the specific data security measures and technical, physical, and administrative controls that will be followed to protect data from unauthorized disclosure and misuse.
• Confidentiality pledge —This document describes the applicant's responsibilities related to accessing restricted data and confidentiality protections the applicant(s) must uphold, including adhering to applicable federal laws and regulations. The assurance requires signature from the applicant(s) and certifies their understanding of and agreement to fulfill the terms in the data use agreement and data security plan.
• Institutional Review Board (IRB) documentation —Users of BJS restricted data must comply with Department of Justice regulations at 28 CFR part 46 (Protection of Human Subjects), including ensuring that adequate protections are in place to protect the confidentiality of information identifiable to a private person. Applicants must submit the appropriate documentation to demonstrate that an IRB has approved or exempted the proposed project using BJS restricted data in accordance with the requirements in 28 CFR part 46.
• Certification of training —Users of BJS restricted data will be required to complete relevant data security, confidentiality, and privacy training, as appropriate, and provide written certification of completion.
• An estimate of the total number of respondents and the amount of time estimated for an average respondent to respond: The amount of time to complete the agreements and other paperwork that comprise BJS's security requirements will vary based on the confidential data assets requested. To obtain access to BJS confidential data assets, it is estimated that the average time to complete and submit BJS's data security agreements, IRB application, and other paperwork is 3 hours (180 minutes). This estimate does not include the time needed to complete and submit an application within the SAP Portal or time waiting to receive from an IRB determination after submitting an application. All efforts related to SAP Portal applications occur prior to and separate from BJS's effort to collect information related to data security requirements.

1. An estimate of the total public burden (in hours) associated with the collection: The expected number of applications in the SAP Portal that receive a positive determination from BJS in a given year may vary. Overall, per year, BJS estimates it will collect data security information for 55 application submissions that received a positive determination within the SAP Portal. BJS estimates that the total burden for the collection of information for data security requirements over the course of the three-year OMB clearance will be about 495 hours and, as a result, an average annual burden of 165 hours.

If additional information is required, contact: Darwin Arceo, Department Clearance Officer, United States Department of Justice, Justice Management Division, Policy and Planning Staff, Two Constitution Square, 145 N Street NE, 4W-218, Washington, DC 20530.

Darwin Arceo,

Department Clearance Officer, Enterprise Portfolio Management, Justice Management Division, U.S. Department of Justice.

[FR Doc. 2026-06693 Filed 4-6-26; 8:45 am]

BILLING CODE 4410-18-P

Published Document: 2026-06693 (91 FR 17663)