[Federal Register Volume 77, Number 15 (Tuesday, January 24, 2012)]
[Notices]
[Pages 3455-3459]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2012-1353]
-----------------------------------------------------------------------
DEPARTMENT OF EDUCATION
Privacy Act of 1974; System of Records--Migrant Education Bypass
Program Student Database
AGENCY: Office of Elementary and Secondary Education, Department of
Education.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, as amended
(Privacy Act), the Department of Education (Department) publishes this
notice of a new system of records entitled ``Migrant Education Bypass
Program Student Database (MEBPSD)'' (18-14-06). The Secretary has
awarded a contract to the Central Susquehanna Intermediate Unit (CSIU)
to identify, recruit, and serve migratory children in Connecticut,
Rhode Island, and West Virginia (collectively, the ``target States''),
three states that no longer choose to receive Migrant Education Program
(MEP) funding to provide educational programs to migratory children.
The MEBPSD consists of records that the contractor needs to collect on
eligible migrant students in order to carry out migrant education
activities that the target States no longer provide.
DATES: We must receive your comments on the proposed routine uses for
the system of records described in this notice on or before February
23, 2012.
This system of records will become effective at the later date of
the expiration of the 40-day period for OMB review on February 28, 2012
or February 23, 2012, unless the system of records needs to be changed
as a result of public comment or OMB review.
ADDRESSES: Address all comments about the proposed routine uses to Lisa
Gillette, Office of Elementary and Secondary Education, U.S. Department
of Education, Dallas Regional Office (Harwood Center), 1999 Bryan
Street, Suite 1510, Dallas, TX 75201. Telephone: (214) 661-9657. If you
prefer to send your comments through the Internet, use the following
address: [email protected].
[[Page 3456]]
You must include the term ``Migrant Education Bypass Program
Student Database'' in the subject line of the electronic message.
During and after the comment period, you may inspect all public
comments about this notice at the Department in room 3E315, 400
Maryland Avenue SW., Washington, DC, between the hours of 8:30 a.m. and
5 p.m., Washington, DC time, Monday through Friday of each week except
Federal holidays.
Assistance to Individuals With Disabilities in Reviewing the Rulemaking
Record
On request, we will supply an appropriate aid, such as a reader or
print magnifier, to an individual with a disability who needs
assistance to review the comments or other documents in the public
rulemaking record for this notice. If you want to schedule an
appointment for this type of aid, please contact the person listed
under FOR FURTHER INFORMATION CONTACT.
FOR FURTHER INFORMATION CONTACT: Lisa Gillette, Office of Elementary
and Secondary Education, U.S. Department of Education, Dallas Regional
Office (Harwood Center), 1999 Bryan Street, Suite 1510, Dallas, TX
75201. Telephone: (214) 661-9657. If you use a telecommunications
device for the deaf (TDD), call the Federal Relay Service (FRS), toll
free, at 1-(800) 877-8339.
Individuals with disabilities can obtain this document in an
accessible format (e.g., braille, large print, audiotape, or compact
disc) on request to the contact person listed under this section.
SUPPLEMENTARY INFORMATION: The Privacy Act (5 U.S.C. 552a(e)(4) and
(e)(11)) requires the Department to publish in the Federal Register
this notice of a new system of records. The Department's regulations
implementing the Privacy Act are contained in the Code of Federal
Regulations at 34 CFR part 5b.
The Privacy Act applies to information about an individual and that
is individually identifying information that is retrieved by a unique
identifier associated with each individual, such as a name or social
security number (SSN). The information about each individual is called
a ``record,'' and the system, whether manual or computer-based, is
called a ``system of records.''
The Migrant Education Program (MEP) is authorized under Title I,
Part C of the Elementary and Secondary Education Act of 1965, as
amended (ESEA). Section 1307 of the ESEA authorizes the Secretary to
bypass a State educational agency (SEA) and use all or part of the
State's allocation under Title I, Part C, to make arrangements with any
public or private nonprofit agency to carry out the purpose of the MEP
in that State. The Secretary may do so if the State is unable or
unwilling to conduct educational programs for migratory children, if
the bypass would result in more efficient and economic administration
of this program, or if the bypass would add substantially to the
children's welfare. The target states no longer choose to receive
Federal MEP funding and therefore no longer operate a MEP. Under the
authority of section 1307 of the ESEA, in July 2011 the Department
issued a contract to the Central Susquehanna Intermediate Unit (CSIU)
of Pennsylvania to assist with the administration and operation of the
MEP in the target States.
The Department, through the CSIU and its subcontractors, will
collect, maintain, use, and disseminate information on eligible
migratory children in order to: (1) Verify children's eligibility for
MEP services; (2) help ensure that migratory children in the target
States receive educational and supportive services that address their
special needs in a coordinated and efficient manner; (3) help to
ensure, by collecting, maintaining, and transferring children's
educational records, that migratory children in the target States are
not penalized by disparities in State curricula, graduation
requirements, academic content, and student academic achievement
standards as they move among States; (4) help migratory children
overcome educational disruption, cultural and language barriers, social
isolation, health-related problems, and other factors that inhibit
their ability to make a successful transition to postsecondary
education or employment; (5) enable the contractor to provide to the
Department MEP performance report data typically submitted by SEAs; and
(6) enable the contractor to report to the Department the numbers of
eligible children in the target States so that the Department can
continue to determine the amount of funds to be made available to
provide educational and supportive services to eligible migratory
children in the target States.
The CSIU will document children's eligibility for MEP services on a
Certificate of Eligibility (COE), as required by 34 CFR 200.89(c). The
COE serves as the official record of the contractor's determination of
MEP eligibility in accordance with program regulations in 34 CFR part
200, subpart C. Data from the MEBPSD will be transmitted to the Migrant
Student Information Exchange (MSIX) system (18-14-04)--an electronic
system of records maintained by the Department that exchanges, on an
interstate and intrastate basis, as necessary and appropriate,
educational and health information about migrant children who are
eligible to participate in the MEP.
Whenever an agency publishes a new system of records or makes a
significant change to an established system of records, the Privacy Act
requires the agency to publish a system of records notice in the
Federal Register. The agency is also required to submit reports to the
Administrator of the Office of Information and Regulatory Affairs at
OMB, the Chair of the Senate Committee on Homeland Security and
Governmental Affairs, and the Chair of the House of Representatives
Committee on Oversight and Government Reform.
The Department filed a report describing the new system of records
covered by this notice with the Chair of the Senate Committee on
Homeland Security and Governmental Affairs, the Chair of the House
Committee on Oversight and Government Reform, and the Administrator of
the Office of Information and Regulatory Affairs, OMB on January 19,
2012.
Accordingly, this system of records will become effective at the
later date of the expiration of the 40-day period for OMB review on
February 28, 2012 or February 23, 2012, unless the system of records
needs to be changed as a result of public comment or OMB review.
Electronic Access to This Document: The official version of this
document is the document published in the Federal Register. Free
Internet access to the official edition of the Federal Register and the
Code of Federal Regulations is available via the Federal Digital
System: www.gpo.gov/fdsys. At this site you can view this document, as
well as all other documents of this Department published in the Federal
Register, in text or Adobe Portable Document Format (PDF). To use PDF
you must have Adobe Acrobat Reader, which is available free at this
site. You may also access documents of the Department published in the
Federal Register by using the article search feature at:
www.federalregister.gov. Specifically, through the advanced search
feature at this site, you can limit your search to documents published
by the Department.
[[Page 3457]]
Dated: January 19, 2012.
Michael Yudin,
Acting Assistant Secretary for Elementary and Secondary Education.
For the reasons discussed in the preamble, the Acting Assistant
Secretary for Elementary and Secondary Education, U.S. Department of
Education (Department) publishes a notice of a new system of records to
read as follows:
SYSTEM NUMBER:
18-14-06
SYSTEM NAME:
Migrant Education Bypass Program Student Database (MEBPSD).
SECURITY CLASSIFICATION:
None.
SYSTEM LOCATIONS:
(1) U.S. Department of Education, Office of Elementary and
Secondary Education, Office of Migrant Education, 400 Maryland Avenue
SW., Room 3E315, Washington, DC 20202-4614.
(2a) Central Susquehanna Intermediate Unit (CSIU), 90 Lawton Lane,
Milton, PA 17847 (main database server and primary location of staff
serving West Virginia (WV)).
(2b) Central Susquehanna Intermediate Unit, 911 Greenough Street,
Suite 1, Sunbury, PA 17801 (secure off-site location where electronic
backup media will be stored).
(3) LEARN Regional Educational Service Center, 44 Hatchetts Hill
Road, Old Lyme, CT 06371 (subcontractor of CSIU and primary location of
staff serving Connecticut (CT) and Rhode Island (RI)).
(4) ESCORT, Eastern Stream Center--South, 3750 Gunn Highway, Suite
210, Tampa, FL 33618.
(5) Contractor and subcontractor staff will keep and maintain a
subset of MEBPSD records in print format or on tablet personal
computers.
(6) Contractor and subcontractor staff may access the MEBPSD
through the Internet using secure network connections that utilize
encryption and Virtual Private Network technology.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
This system contains records on all children in the target States
whom the U.S. Department of Education (Department) has determined to be
eligible to participate in the Migrant Education Program (MEP),
authorized in Title I, Part C, of the Elementary and Secondary
Education Act of 1965, as amended (ESEA). For purposes of this notice,
these children are referred to as ``migrant children''.
CATEGORIES OF RECORDS IN THE SYSTEM:
The categories of records in the system include, but are not
limited to, the migrant child's: name; date of birth; birth city; birth
State; birth country; home address; telephone number; personal
identification numbers assigned by the Department's contractor, the
Migrant Student Information Exchange (MSIX) system, the State
educational agency (SEA), and the local educational agency (LEA); and
relevant family information (e.g., parent's or parents' name or names
and proficiency in English). The system also includes data on the
migrant child's school enrollment, school contacts, assessments, school
readiness, educational interests, and other educational and health data
necessary for: providing educational and support services in a
coordinated and efficient manner; ensuring accurate and timely school
enrollment, grade and course placement, and accrual of course credits;
and reporting aggregate, non-personally identifiable information to the
Department. The system also includes information related to the child's
eligibility for the MEP. In cases where the child is a migratory
agricultural worker or migratory fisher, the MEBPSD includes
information about the child's move, the types of work the child
performs and has performed in the past, and the name of the workplace
where this work is or was performed. In cases where the child moves
with a parent, guardian, or spouse who is a migratory agricultural
worker or migratory fisher, the MEBPSD includes information about the
moves the child and worker made; the type of work the parent, guardian,
or spouse performs and has performed in the past; and the name of the
workplace where this work is or was performed.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The MEBPSD is authorized under section 1307 of the ESEA, (20 U.S.C.
6397).
PURPOSE(S):
The purposes of the MEBPSD are to enable the Department, through
its contractor, CSIU, to: (1) Verify the eligibility of migratory
children in the target States for MEP services; (2) help migratory
children in the target States receive appropriate educational and
supportive services that address their special needs in a coordinated
and efficient manner; (3) help to ensure, by collecting, maintaining,
and transferring children's education records, that migratory children
in the target States are not penalized by disparities in State
curriculum, graduation requirements, academic content, and student
academic achievement standards as they move among States; (4) help
migratory children overcome educational disruption, cultural and
language barriers, social isolation, health-related problems, and other
factors that inhibit their ability to make a successful transition to
postsecondary education or employment; (5) enable the contractor to
provide to the Department MEP performance report data typically
submitted by SEAs; and (6) enable the contractor to report on the
numbers of eligible children in the target States so that the
Department can continue to determine the amount of funds available to
provide educational and supportive services to eligible migratory
children in the target States.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
The Department may disclose information contained in this system of
records under the routine uses listed in this system of records without
the consent of the individual if the disclosure is compatible with the
purposes for which the record was collected. The Department may make
these disclosures on a case-by-case basis or, if the Department has
complied with the computer matching requirements of the Privacy Act,
under a computer matching agreement.
(1) Program Disclosures. The Department may disclose a record in
this system of records to representatives of SEAs, LEAs, MEP local
operating agencies (LOAs), public schools, private and non-public
schools, and charter schools to facilitate one or more of the following
for a student: (a) Eligibility for and participation in the MEP, (b)
eligibility for federally- or State-funded programs, (c) coordination
and delivery of educational and supportive services, (d) enrollment in
school, (e) grade or course placement, (f) credit accrual, and (g)
unique student match resolution. Unique student match resolution is a
process to determine if two students in a database, who share similar
identifying characteristics (e.g. name and date of birth), are the same
student. The Department may disclose a record in this system of records
to representatives of community-based organizations and health and
social service providers to help migratory children overcome social
isolation, various health-related problems, and other factors that
inhibit the ability of such children to do well in school. The
Department may also disclose a record in this system of records to
institutions of higher education (IHEs) or private
[[Page 3458]]
nonprofit organizations that operate a federally funded College
Assistance Migrant Program (CAMP) or a High School Equivalency Program
(HEP); State or local government entities, IHEs, or nonprofit
organizations that operate a Migrant Education Even Start (MEES)
Program; nonprofit organizations and for-profit organizations that
operate a Migrant and Seasonal Head Start program; and public agencies
and private nonprofit organizations that receive funding from the
National Farmworker Jobs Program, so that they can determine children's
eligibility for these Federal grant programs and provide services
accordingly.
(2) Contract Disclosure. If the Department contracts with an entity
to perform any function that requires disclosing records in this system
to the contractor's employees, the Department may disclose the records
to those employees who have received the appropriate level of security
clearance from the Department. Before entering into such a contract,
the Department will require the contractor to establish and maintain
the safeguards required under the Privacy Act (5 U.S.C. 552a(m)) with
respect to the records in the system.
(3) Software Vendor Disclosure. The Department, through its
contractor, CSIU, may disclose the records in this system to the
database vendor, Management Services for Education Data (MS/EdD), for
the sole purpose of resolving contractor-initiated calls for assistance
related to the software (MIS2000) used to operate the contractor's
database.
(4) Research Disclosure. The Department may disclose records from
this system to a researcher if an appropriate official of the
Department determines that the individual or organization to which the
disclosure would be made is qualified to carry out specific research
related to functions or purposes of this system of records. The
official may disclose information from this system of records to that
researcher solely for the purpose of carrying out that research related
to the functions or purposes of this system of records. The researcher
will be required to maintain Privacy Act safeguards with respect to the
disclosed records.
(5) Freedom of Information Act (FOIA) and Privacy Act Advice
Disclosure. The Department may disclose records to the Department of
Justice (DOJ) or the Office of Management and Budget (OMB) if the
Department concludes that disclosure is desirable or necessary to
determine whether particular records are required to be disclosed under
the FOIA or the Privacy Act.
(6) Disclosure in the Course of Responding to Breach of Data. The
Department may disclose records from this system to appropriate
agencies, entities, and persons when: (a) The Department suspects or
has confirmed that the security or confidentiality of information in
the MEBPSD has been compromised; (b) the Department has determined that
as a result of the suspected or confirmed compromise there is a risk of
harm to economic or property interests, identity theft or fraud, or
harm to the security or integrity of the MEBPSD or other systems or
programs (whether maintained by the Department or by another agency or
entity) that rely upon the compromised information; and (c) the
disclosure made to such agencies, entities, and persons is reasonably
necessary to assist the Department's efforts to respond to the
suspected or confirmed compromise and prevent, minimize, or remedy such
harm.
(7) Litigation and Alternative Dispute Resolution (ADR)
Disclosures.
(a) Introduction. In the event that one of the following parties is
involved in litigation or ADR, or has an interest in litigation or ADR,
the Department may disclose certain records to the parties described in
paragraphs (b), (c), and (d) of this routine use under the conditions
specified in those paragraphs:
(i) The Department or any of its components.
(ii) Any Department employee in his or her official capacity.
(iii) Any Department employee in his or her individual capacity
where the DOJ has agreed to or has been requested to provide or arrange
for representation of the employee.
(iv) Any Department employee in his or her individual capacity
where the Department has agreed to represent the employee.
(v) The United States where the Department determines that the
litigation is likely to affect the Department or any of its components.
(b) Disclosure to DOJ. If the Department determines that disclosure
of certain records to the DOJ, or attorneys engaged by DOJ, is relevant
and necessary to litigation or ADR, and is compatible with the purpose
for which the records were collected, the Department may disclose those
records as a routine use to the DOJ.
(c) Adjudicative Disclosure. If the Department determines that
disclosure of certain records to a court, an administrative body before
which the Department is authorized to appear, or an individual or
entity designated by the Department or otherwise empowered to resolve
or mediate disputes, is relevant and necessary to the litigation or
ADR, and is compatible with the purpose for which the records were
collected, the Department may disclose those records as a routine use
to the adjudicative body or individual or entity.
(d) Disclosures to Parties, Counsel, Representatives, and
Witnesses. If the Department determines that disclosure of certain
records to a party, counsel, representative, or witness is relevant and
necessary to the litigation or ADR, and is compatible with the purpose
for which the records were collected, the Department may disclose those
records as a routine use to a party, counsel, representative, or
witness.
(8) Congressional Member Disclosure. The Department may disclose
records to a Member of Congress and his or her staff in response to an
inquiry from the Member made at the written request of the individual
who requested it. The Member's right to the information is no greater
than the right of the individual who requested it.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
None.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
The main database server of the Department's contractor, CSIU,
stores computerized student records on server hardware. The data are
stored in a Firebird Database file. Backup media are encrypted and
transported daily to a second secure location. Electronic records are
also stored on portable devices (e.g., tablet computers and thumb
drives) used by contractor and subcontractor staff.
Print data are locked securely at the contractor's and
subcontractors' offices. At times, contractor and subcontractor staff
may need to carry print records with them. These records will be locked
securely when not in use.
RETRIEVABILITY:
Records in the database are indexed and retrieved by unique numbers
assigned to each person. The Firebird database, located at the main
data center, uses Transmission Control Protocol (TCP) transport within
a local computer.
SAFEGUARDS:
(1) Introduction
Department, contractor, and subcontractor employees who collect,
[[Page 3459]]
maintain, use, or disseminate data in this system, must comply with the
requirements of the Privacy Act.
(2) Physical Security of Electronic Data
Physical security of electronic data will be maintained. The main
database server for this system is located in a secure room at the
contractor's data center. Access to the secure room is monitored
electronically. Personnel entering the room without electronic passes
are logged in and admitted only by authorized personnel. The secure
room is located behind closed doors in a passage limited to contractor
personnel only. Finally, all entrances to the building are monitored
both electronically and by front-desk personnel.
Off-site backup media are encrypted, locked in a container, and
transported securely by contractor staff to a second secure location
that is also protected by electronic security measures. The locked
container is stored in a dedicated locked room at the backup location.
Access to the room is controlled by a key that is maintained by the
backup location's office manager. The office manager maintains a log of
all individuals who access the room.
(3) Physical Security of Print Data
Physical security of print data will be maintained. Print data will
be locked securely at contractor's and subcontractors' offices. At
times, contractor or subcontractor staff may need to carry print
records with them. These records will be locked securely when not in
use.
(4) User Access to Electronic Data
Access to the database server and software is restricted to the
system administrators for the MEBPSD. The Database Vendor, MS/EdD, is
granted access to server data for the sole purpose of resolving
contractor-initiated calls for assistance. The Department's contractor
and the database vendor maintain a signed confidentiality agreement.
All MEBPSD user accounts will be granted by MEBPSD System
Administrator staff and will leverage role-based accounts and security
controls to limit access to the database application, its server, and
infrastructure, to authorized users only. MEBPSD System Administrators
will grant access to data in the MEBPSD to authorized contractor and
subcontractor staff by creating accounts and assigning appropriate
roles that restrict access based on user category (e.g., data
administrator, MEP advocate, or project coordinator). MEBPSD System
Administrators will grant access to data in the MEBPSD to the Database
Vendor, MS/EdD, as needed, to address contractor initiated calls for
assistance with the database.
The MEBPSD requires the use of ``strong'' passwords comprised of
alphanumeric and special characters. Department, contractor, and
subcontractor staff are granted access to student information on a
``need to know'' basis. All physically unsecured database
installations, e.g., user workstations, reside on hard drives that are
fully encrypted. Access to the system will be limited to secure network
sessions such as Hypertext Transfer Protocol over Secure Socket Layer
(HTTPS) and Virtual Private Network (VPN) connections.
All electronic records stored on portable devices reside on fully
encrypted hard drives or media. Electronic documents (e.g.,
spreadsheets and word processing documents) with student data are
password protected. Records from the system are shared in accordance
with the Privacy Act.
(5) Additional Security Measures
The CSIU uses a series of firewalls to limit internal access to
specific Internet protocols and ports as well as intrusion detection
systems to monitor any potential unauthorized access to the MEBPSD. The
MIS2000 software logs and tracks login attempts, data modifications,
and other key application events. CSIU staff monitor database and
security logs on a regular basis.
A third party performs vulnerability scans on a routine basis, and
contractor staff monitor the US Computer Emergency Response Team (CERT)
bulletins (see http://www.us-cert.gov/for more details) and apply
operating system and vendor patches as appropriate.
Confidentiality statements are maintained in job descriptions of
all contractor and subcontractor employees. In addition, all contractor
and subcontractor employees are required to sign data safeguarding
statements.
RETENTION AND DISPOSAL:
Records are maintained and disposed of in accordance with the
Department's Records Disposition Schedules as listed under ED 086--
Information Systems Supporting Materials.
SYSTEM MANAGER AND ADDRESS:
Director, Office of Migrant Education, U.S. Department of
Education, 400 Maryland Avenue SW., Room 3E317, Washington, DC 20202-
0001.
NOTIFICATION PROCEDURE:
If you wish to determine whether a record exists regarding you in
the system of records, you must provide the system manager at the
address listed under SYSTEM MANAGER AND ADDRESS with your name, date of
birth, and other identification if requested. Your request must meet
the requirements of the Department's Privacy Act regulations in 34 CFR
5b.5, including proof of identity.
RECORD ACCESS PROCEDURE:
If you wish to gain access to a record about you in this system of
records, provide the system manager at the address listed under SYSTEM
MANAGER AND ADDRESS with your name, date of birth, and other
identification if requested. Your request must meet the requirements of
the Department's Privacy Act regulations in 34 CFR 5b.5, including
proof of identity.
CONTESTING RECORD PROCEDURE:
If you wish to contest the content of a record regarding you in the
system of records, contact the system manager at the address listed
under SYSTEM MANAGER AND ADDRESS with the information described in the
NOTIFICATION PROCEDURE section. Your request for access to a record
must meet the requirements of the Department's Privacy Act regulations
in 34 CFR 5b.7, including proof of identity, specification of the
particular record you are seeking to have changed, and the written
justification for making such a change.
RECORD SOURCE CATEGORIES:
The system will contain records that are obtained from MSIX; SEAs;
LOAs; LEAs; schools; health service providers; social service
providers; community based organizations; officials who operate
federally-funded CAMPs, HEPs, MEES, and Migrant and Seasonal Head Start
programs and projects; parents; guardians; spouses; and eligible
migratory children.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
[FR Doc. 2012-1353 Filed 1-23-12; 8:45 am]
BILLING CODE 4000-01-P