EIA Seeks Comments on Proposed Data Security Information Collection

Content

ACTION:

Notice and request for comments.

SUMMARY:

EIA invites public comment and other Federal agencies to comment on a proposed information collection. EIA plans to collect
information from the public to fulfill its data security requirements when providing access to confidential microdata for
the purpose of evidence building. EIA's data security agreements and other paperwork along with the corresponding security
protocols allow EIA to maintain careful controls on confidentiality and privacy, as required by law. The purpose of this notice
is to allow for 60 days of public comment on the proposed data security information collection, prior to submission of the
information collection request (ICR) to the Office of Management and Budget (OMB).

DATES:

EIA must receive all comments on this proposed information collection no later than February 17, 2026. If you anticipate any
difficulties in submitting your comments by the deadline, contact the person listed in the
ADDRESSES
section of this notice as soon as possible.

ADDRESSES:

You may submit comments, identified by OMB control number 1905-NEW, by email at EIA-FRNcomments@eia.gov. Include the OMB control number listed in the subject line of the message.

FOR FURTHER INFORMATION CONTACT:

Samson Adeshiyan, EIA Clearance Officer, at (202) 586-7777 or by email at EIA-FRNcomments@eia.gov.

SUPPLEMENTARY INFORMATION:

The Foundations for Evidence-Based Policymaking Act of 2018 mandates that the Office of Management and Budget (OMB) establish
a Standard Application Process (SAP) for requesting access to certain confidential data assets. While the adoption of the
SAP is required for statistical agencies and units designated under the Confidential Information Protection and Statistical
Efficiency Act (CIPSEA), it is recognized that other agencies and organizational units within the Executive branch may benefit
from the adoption of the SAP to accept applications for access to confidential data assets. The SAP is a process through which
agencies, the Congressional Budget Office, State, local, and Tribal governments, researchers, and other individuals, as appropriate,
may apply to access confidential data assets held by a Federal statistical agency or unit for the purposes of developing evidence.
With the Interagency Council on Statistical Policy (ICSP) as advisors, the entities upon whom this requirement is levied are
working with the SAP Project Management Office (PMO) and with OMB to implement the SAP. The SAP Portal is a single web-based
common application for the public to request access to confidential data assets from Federal statistical agencies and units.
The National Center for Science and Engineering Statistics (NCSES), within the National Science Foundation (NSF), submitted
a
Federal Register
Notice in September 2022 announcing plans to collect information through the SAP Portal (87 FR 53793). Once an application
for confidential data is

  approved through the SAP Portal, EIA will collect information to meet its data security requirements. This collection will
  occur outside of the SAP Portal.

(1) OMB No.: 1905-New;

(2) Information Collection Request Title: DATA SECURITY REQUIREMENTS FOR ACCESSING CONFIDENTIAL DATA;

(3) Type of Request: Intent to seek approval to collect information from the public to fulfill the EIA security requirements allowing individuals
to access confidential data assets for the purposes of building evidence;

(4) Purpose: Title III of the Foundations for Evidence-Based Policymaking Act of 2018 (hereafter referred to as the Evidence Act) mandates
that OMB establish a Standard Application Process (SAP) for requesting access to certain confidential data assets. Specifically,
the Evidence Act requires OMB to establish a common application process through which agencies, the Congressional Budget Office,
State, local, and Tribal governments, researchers, and other individuals, as appropriate, may apply for access to confidential
data assets collected, accessed, or acquired by a statistical agency or unit. This new process will be implemented while maintaining
stringent controls to protect confidentiality and privacy, as required by law.

Data collected, accessed, or acquired by statistical agencies and units is vital for developing evidence on conditions, characteristics,
and behaviors of the public and on the operations and outcomes of public programs and policies. This evidence can benefit
the stakeholders in the programs, the broader public, as well as policymakers and program managers at the local, State, Tribal,
and National levels. The many benefits of access to data for evidence building notwithstanding, EIA is required by law to
maintain careful controls that allow it to minimize disclosure risk while protecting confidentiality and privacy. The fulfillment
of EIA's data security requirements places a degree of burden on the public, which is outlined below.

The SAP Portal is a web-based application for the public to request access to confidential data assets from Federal statistical
agencies and units. The objective of the SAP Portal is to increase public access to confidential data for the purposes of
evidence building and reduce the burden of applying for confidential data. Once an individual's application in the SAP Portal
has received a positive determination, the data-owning agency(ies) or unit(s) will begin the process of collecting information
to fulfill their data security requirements.

The paragraphs below outline the SAP Policy, the steps to complete an application through the SAP Portal, and the process
for agencies to collect information fulfilling their data security requirements.

The SAP Policy

At the recommendation of the ICSP, the SAP Policy establishes the SAP to be implemented by statistical agencies and units
and incorporates directives from the Evidence Act. The policy is intended to provide guidance as to the application and review
processes using the SAP Portal, setting forth clear standards that enable statistical agencies and units to implement a common
application form and a uniform review process. The SAP Policy was submitted to the public for comment in January 2022 (87
FR 2459).

The SAP Portal

The SAP Portal is an application interface connecting applicants seeking data with a catalog of data assets owned by the Federal
statistical agencies and units. The SAP Portal is not a new data repository or warehouse; confidential data assets will continue
to be stored in secure data access facilities owned and hosted by the Federal statistical agencies and units. The Portal will
provide a streamlined application process across agencies, reducing redundancies in the application process. This single SAP
Portal will improve the process for applicants, tracking and communicating the application process throughout its lifecycle.
This reduces redundancies and burden on applicants that request access to data from multiple agencies. The SAP Portal will
automate key tasks to save resources and time and will bring agencies into compliance with the Evidence Act statutory requirements.

Data Discovery

Individuals begin the process of accessing confidential data by discovering confidential data assets through the SAP data
catalog, maintained by Federal statistical agencies at www.researchdatagov.org. Potential applicants can search by agency, topic, or keyword to identify data of interest or relevance. Once they have identified
data of interest, applicants can view metadata outlining the title, description or abstract, scope and coverage, and detailed
methodology related to a specific data asset to determine its relevance to their research. While statistical agencies and
units shall endeavor to include metadata in the SAP data catalog on all confidential data assets for which they accept applications,
it may not be feasible to include metadata for some data assets (e.g., potential curated versions of administrative data). A statistical agency or unit may still accept an application through the
SAP Portal even if the requested data asset is not listed in the SAP data catalog.

SAP Application Process

Individuals who have identified and wish to access confidential data assets may apply for access through the SAP Portal. Applicants
must create an account and follow all steps to complete the application. Applicants begin by entering their personal, contact,
and institutional information, as well as the personal, contact, and institutional information of all individuals on their
research team. Applicants proceed to provide summary information about their proposed project, to include project title, duration,
funding, timeline, and other details including the data asset(s) they are requesting and any proposed linkages to data not
listed in the SAP data catalog, including non-Federal data sources. Applicants then proceed to enter detailed information
regarding their proposed project, including a project abstract, research question(s), literature review, project scope, research
methodology, project products, and anticipated output. Applicants must demonstrate a need for confidential data, outlining
why their research question cannot be answered using publicly available information.

Submission for Review

Upon submission of their application, applicants will receive a notification that their application has been received and
is under review by the data owning agency or agencies (in the event where data assets are requested from multiple agencies).
At this point, applicants will also be notified that application approval does not alone grant access to confidential data,
and that, if approved, applicants must comply with the data-owning agency's security requirements outside of the SAP Portal,
which may include a background check.

In accordance with the Evidence Act and the direction of the ICSP, agencies will approve or reject an application within a
prompt timeframe. In some cases, agencies may determine that additional clarity, information, or modification is needed and
request the applicant to “revise and resubmit” their application. Data discovery, the SAP application process, and the submission
for review are planned to take place within the web-based SAP Portal. As

  noted above, the notice announcing plans to collect information through the SAP Portal has been published separately (87 FR
  53793).

Access to Confidential Data

In the event of a positive determination, the applicant will be notified that their proposal has been accepted. The positive
or final adverse determination concludes the SAP Portal process. In the instance of a positive determination, the data-owning
agency (or agencies) will contact the applicant to provide instructions on the agency's security requirements that must be
completed to gain access to the confidential data. The completion and submission of the agency's security requirements will
take place outside of the SAP Portal.

Collection of Information for Data Security Requirements

In order for researchers to access confidential data onsite at EIA's headquarters in Washington, DC, they must fulfill all
requirements for becoming temporary agents of EIA. To fulfill these requirements, a Data Access Agreement (DAA) must be signed
between EIA and the researcher's employing institution, and the team members must complete EIA's CIPSEA training and sign
a Non-disclosure Agreement, affirming their U.S. citizenship and their commitment not to disclose confidential data to unauthorized
parties.

(5) Annual Estimated Number of Respondents: 20;

(6) Annual Estimated Number of Total Responses: 20;

(7) Annual Estimated Number of Burden Hours: 100;

(8) Annual Estimated Reporting and Recordkeeping Burden: The amount of time to complete the DAA and training will vary based on the confidential data assets requested and the access
modality. To obtain access to EIA confidential data assets, it is estimated that the average time to complete and submit EIA's
data security agreements is 100 minutes (5 hours) per applicant. This estimate does not include the time needed to complete
and submit an application within the SAP Portal. All efforts related to SAP Portal applications occur prior to and separate
from EIA's effort to collect information related to data security requirements.

Comments are invited on whether or not: (a) The proposed collection of information is necessary for the proper performance of agency functions, including whether
the information will have a practical utility; (b) EIA's estimate of the burden of the proposed collection of information,
including the validity of the methodology and assumptions used, is accurate; (c) EIA can improve the quality, utility, and
clarity of the information it will collect; and (d) EIA can minimize the burden of the collection of information on respondents,
such as automated collection techniques or other forms of information technology.

Statutory Authority: 15 U.S.C. 772(b) and 42 U.S.C. 7101 et seq.

Signed in Washington, DC, on December 16, 2025. Samson A. Adeshiyan, Director, Office of Statistical Methods and Research, U.S. Energy Information Administration. [FR Doc. 2025-23281 Filed 12-17-25; 8:45 am] BILLING CODE 6450-01-P

Download File

Download