EIA Notice on Data Security Requirements for Accessing Confidential Data

Content

ACTION:

Notice.

SUMMARY:

The U.S. Energy Information Administration (EIA) has submitted the following information collection requirement to OMB for
review and clearance under the Paperwork Reduction Act of 1995. This is the second notice for public comment; the first was
published in the
Federal Register
on December 18, 2025, and no comments were received. EIA is forwarding the proposed Data Security Requirements for Accessing
Confidential Data information collection to the Office of Management and Budget (OMB) for clearance simultaneously with the
publication of this second notice.

DATES:

Comments on this information collection must be received no later than March 30, 2026. Written comments and recommendations
for the proposed information collection should be sent within 30 days of publication of this notice to www.reginfo.gov/public/do/PRAMain. Find this particular information collection by selecting “Currently under 30-day Review—Open for Public Comments” or by using
the search function.

FOR FURTHER INFORMATION CONTACT:

Debra Coaxum, EIA Clearance Officer, at (202) 586-7876 or by email at EIA-FRNcomments@eia.gov.

SUPPLEMENTARY INFORMATION:

This information collection request contains:

(1) OMB No.: 1905-New;

(2) Information Collection Request Title: Data Security Requirements for Accessing Confidential Data;

(3) Type of Request: Intent to seek approval to collect information from the public to fulfill the EIA security requirements allowing individuals
to access confidential data assets for the purposes of building evidence.

(4) Purpose: Title III of the Foundations for Evidence-Based Policymaking Act of 2018 (44 U.S.C. 3583; hereafter referred to as the Evidence
Act) mandates that OMB establish a Standard Application Process (SAP) for requesting access to certain confidential data assets.
While the adoption of the SAP is required for statistical agencies and units designated under the Confidential Information
Protection and Statistical Efficiency Act of 2018 (CIPSEA), it is recognized that other agencies and organizational units
within the Executive Branch may benefit from the adoption of the SAP to accept applications for access to confidential data
assets. The SAP is to be a process through which agencies, the Congressional Budget Office, State, local, and Tribal governments,
researchers, and other individuals, as appropriate, may apply to access confidential data assets held by a Federal statistical
agency or unit for the purposes of developing evidence. With the Interagency Council on Statistical Policy (ICSP) as advisors,
the entities upon whom this requirement is levied are working with the SAP Project Management Office (PMO) and with OMB to
implement the SAP.

The SAP Portal is to be a single web-based common application designed to collect information from individuals requesting
access to confidential data assets from Federal statistical agencies and units. When an application for confidential data
is approved through the SAP Portal, EIA will collect information to fulfill its data security requirements. This is a required
step before providing the individual with access to restricted use microdata for the purpose of evidence building. EIA's data
security agreements and other paperwork, along with the corresponding security protocols, allow EIA to maintain careful controls
on confidentiality and privacy, as required by law. EIA's collection of data security information will occur outside of the
SAP Portal.

The following bullets outline the major components and processes in and around the SAP Portal, leading up to EIA's collection
of security requirements.

The SAP Portal

The SAP Portal is an application interface connecting applicants seeking data with a catalog of data assets owned by the Federal
statistical agencies and units. The SAP Portal is not a new data repository or warehouse; confidential data assets will continue
to be stored in secure data access facilities owned and hosted by the Federal statistical agencies and units. The Portal will
provide a streamlined application process across agencies, reducing redundancies in the application process. This single SAP
Portal will improve the process for applicants, tracking and communicating the application process throughout its lifecycle.
This reduces redundancies and burden on applicants that request access to data from multiple agencies. The SAP Portal will
automate key tasks to save resources and time and will bring agencies into compliance with the Evidence Act statutory requirements.

Data Discovery

Individuals begin the process of accessing restricted use data by discovering confidential data assets through the SAP data
catalog, maintained by Federal statistical agencies at www.researchdatagov.org. Potential applicants can search by agency, topic, or keyword to identify data of interest or relevance. Once they have identified
data of interest, applicants can view metadata outlining the title, description or abstract, scope and coverage, and detailed
methodology related to a specific data asset to determine its relevance to their research. While statistical agencies and
units shall endeavor to include metadata in the SAP data catalog on all confidential data assets for which they accept applications,
it may not be feasible to include metadata for some data assets (e.g., potential curated versions of administrative data). A statistical agency or unit may still accept an application through the
SAP Portal even if the requested data asset is not listed in the SAP data catalog.

SAP Application Process

Individuals who have identified and wish to access confidential data assets will be able to apply for access through the SAP
Portal. Applicants must create an account and follow all steps to complete the application. Applicants begin by entering their
personal, contact, and institutional information, as well as the personal, contact, and institutional information of all individuals
on their research team. Applicants proceed to provide summary information about their proposed project, to include project
title, duration, funding, timeline, and other details including the data asset(s) they are requesting and any proposed linkages
to data not listed in the SAP data catalog, including non-Federal data sources. Applicants then proceed to enter detailed
information regarding their proposed project, including a project abstract, research question(s), literature review, project
scope, research methodology, project products, and anticipated output. Applicants must demonstrate a need for confidential
data, outlining why their research question cannot be answered using publicly available information.

Submission for Review

Upon submission of their application, applicants will receive a notification that their application has been received

  and is under review by the data owning agency or agencies (in the event where data assets are requested from multiple agencies).
  At this point, applicants will also be notified that application approval does not alone grant access to confidential data,
  and that, if approved, applicants must comply with the data-owning agency's security requirements outside of the SAP Portal,
  which may include a background check.

In accordance with the Evidence Act and the direction of the ICSP, agencies will approve or reject an application within a
prompt timeframe. In some cases, agencies may determine that additional clarity, information, or modification is needed and
request the applicant to “revise and resubmit” their application. Data discovery, the SAP application process, and the submission
for review are planned to take place within the web-based SAP Portal. As noted above, the notice announcing plans to collect
information through the SAP Portal has been published separately (87 FR 53793).

Access to Confidential Data

In the event of a positive determination, the applicant will be notified that their proposal has been accepted. The positive
or final adverse determination concludes the SAP Portal process. In the instance of a positive determination, the data-owning
agency (or agencies) will contact the applicant to provide instructions on the agency's security requirements that must be
completed to gain access to the confidential data. The completion and submission of the agency's security requirements will
take place outside of the SAP Portal.

Collection of Information for Data Security Requirements

In order for researchers to access confidential data onsite at EIA's headquarters in Washington, DC, they must fulfill all
requirements for becoming temporary agents of EIA. To fulfill these requirements, a Data Access Agreement (DAA) must be signed
between EIA and the researcher's employing institution, and the team members must complete EIA's CIPSEA training and sign
a Non-disclosure Agreement, affirming their U.S. citizenship and their commitment not to disclose confidential data to unauthorized
parties.

(5) Annual Estimated Number of Respondents: 20;

(6) Annual Estimated Number of Total Responses: 20;

(7) Annual Estimated Number of Burden Hours: 100;

(8) Annual Estimated Reporting and Recordkeeping Burden: The amount of time to complete the DAA and training will vary based on the confidential data assets requested and the access
modality. To obtain access to EIA confidential data assets, it is estimated that the average time to complete and submit EIA's
data security agreements is 100 minutes (5 hours) per applicant. This estimate does not include the time needed to complete
and submit an application within the SAP Portal. All efforts related to SAP Portal applications occur prior to and separate
from EIA's effort to collect information related to data security requirements.

Statutory Authority: 15 U.S.C. 772(b) and 42 U.S.C. 7101 et seq.

Signed in Washington, DC, on February 23, 2026. Debra Coaxum, Assistant Administrator for Energy Statistics, U.S. Energy Information Administration. [FR Doc. 2026-03822 Filed 2-25-26; 8:45 am] BILLING CODE 6450-01-P

Download File

Download