Skip to Content

Notice

Privacy Act of 1974; System of Records-Migrant Education Bypass Program Student Database

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

ACTION:

Notice of a new system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, as amended (Privacy Act), the Department of Education (Department) publishes this notice of a new system of records entitled “Migrant Education Bypass Program Student Database (MEBPSD)” (18-14-06). The Secretary has awarded a contract to the Central Susquehanna Intermediate Unit (CSIU) to identify, recruit, and serve migratory children in Connecticut, Rhode Island, and West Virginia (collectively, the “target States”), three states that no longer choose to receive Migrant Education Program (MEP) funding to provide educational programs to migratory children. The MEBPSD consists of records that the contractor needs to collect on eligible migrant students in order to carry out migrant education activities that the target States no longer provide.

DATES:

We must receive your comments on the proposed routine uses for the system of records described in this notice on or before February 23, 2012.

This system of records will become effective at the later date of the expiration of the 40-day period for OMB review on February 28, 2012 or February 23, 2012, unless the system of records needs to be changed as a result of public comment or OMB review.

ADDRESSES:

Address all comments about the proposed routine uses to Lisa Gillette, Office of Elementary and Secondary Education, U.S. Department of Education, Dallas Regional Office (Harwood Center), 1999 Bryan Street, Suite 1510, Dallas, TX 75201. Telephone: (214) 661-9657. If you prefer to send your comments through the Internet, use the following address: comments@ed.gov.

You must include the term “Migrant Education Bypass Program Student Database” in the subject line of the electronic message.

During and after the comment period, you may inspect all public comments about this notice at the Department in room 3E315, 400 Maryland Avenue SW., Washington, DC, between the hours of 8:30 a.m. and 5 p.m., Washington, DC time, Monday through Friday of each week except Federal holidays.

Assistance to Individuals With Disabilities in Reviewing the Rulemaking Record

On request, we will supply an appropriate aid, such as a reader or print magnifier, to an individual with a disability who needs assistance to review the comments or other documents in the public rulemaking record for this notice. If you want to schedule an appointment for this type of aid, please contact the person listed under FOR FURTHER INFORMATION CONTACT.

FOR FURTHER INFORMATION CONTACT:

Lisa Gillette, Office of Elementary and Secondary Education, U.S. Department of Education, Dallas Regional Office (Harwood Center), 1999 Bryan Street, Suite 1510, Dallas, TX 75201. Telephone: (214) 661-9657. If you use a telecommunications device for the deaf (TDD), call the Federal Relay Service (FRS), toll free, at 1-(800) 877-8339.

Individuals with disabilities can obtain this document in an accessible format (e.g., braille, large print, audiotape, or compact disc) on request to the contact person listed under this section.

SUPPLEMENTARY INFORMATION:

The Privacy Act (5 U.S.C. 552a(e)(4) and (e)(11)) requires the Department to publish in the Federal Register this notice of a new system of records. The Department's regulations implementing the Privacy Act are contained in the Code of Federal Regulations at 34 CFR part 5b.

The Privacy Act applies to information about an individual and that is individually identifying information that is retrieved by a unique identifier associated with each individual, such as a name or social security number (SSN). The information about each individual is called a “record,” and the system, whether manual or computer-based, is called a “system of records.”

The Migrant Education Program (MEP) is authorized under Title I, Part C of the Elementary and Secondary Education Act of 1965, as amended (ESEA). Section 1307 of the ESEA authorizes the Secretary to bypass a State educational agency (SEA) and use all or part of the State's allocation under Title I, Part C, to make arrangements with any public or private nonprofit agency to carry out the purpose of the MEP in that State. The Secretary may do so if the State is unable or unwilling to conduct educational programs for migratory children, if the bypass would result in more efficient and economic administration of this program, or if the bypass would add substantially to the children's welfare. The target states no longer choose to receive Federal MEP funding and therefore no longer operate a MEP. Under the authority of section 1307 of the ESEA, in July 2011 the Department issued a contract to the Central Susquehanna Intermediate Unit (CSIU) of Pennsylvania to assist with the administration and operation of the MEP in the target States.

The Department, through the CSIU and its subcontractors, will collect, maintain, use, and disseminate information on eligible migratory children in order to: (1) Verify children's eligibility for MEP services; (2) help ensure that migratory children in the target States receive educational and supportive services that address their special needs in a coordinated and efficient manner; (3) help to ensure, by collecting, maintaining, and transferring children's educational records, that migratory children in the target States are not penalized by disparities in State curricula, graduation requirements, academic content, and student academic achievement standards as they move among States; (4) help migratory children overcome educational disruption, cultural and language barriers, social isolation, health-related problems, and other factors that inhibit their ability to make a successful transition to postsecondary education or employment; (5) enable the contractor to provide to the Department MEP performance report data typically submitted by SEAs; and (6) enable the contractor to report to the Department the numbers of eligible children in the target States so that the Department can continue to determine the amount of funds to be made available to provide educational and supportive services to eligible migratory children in the target States.

The CSIU will document children's eligibility for MEP services on a Certificate of Eligibility (COE), as required by 34 CFR 200.89(c). The COE serves as the official record of the contractor's determination of MEP eligibility in accordance with program regulations in 34 CFR part 200, subpart C. Data from the MEBPSD will be transmitted to the Migrant Student Information Exchange (MSIX) system (18-14-04)—an electronic system of records maintained by the Department that exchanges, on an interstate and intrastate basis, as necessary and appropriate, educational and health information about migrant children who are eligible to participate in the MEP.

Whenever an agency publishes a new system of records or makes a significant change to an established system of records, the Privacy Act requires the agency to publish a system of records notice in the Federal Register. The agency is also required to submit reports to the Administrator of the Office of Information and Regulatory Affairs at OMB, the Chair of the Senate Committee on Homeland Security and Governmental Affairs, and the Chair of the House of Representatives Committee on Oversight and Government Reform.

The Department filed a report describing the new system of records covered by this notice with the Chair of the Senate Committee on Homeland Security and Governmental Affairs, the Chair of the House Committee on Oversight and Government Reform, and the Administrator of the Office of Information and Regulatory Affairs, OMB on January 19, 2012.

Accordingly, this system of records will become effective at the later date of the expiration of the 40-day period for OMB review on February 28, 2012 or February 23, 2012, unless the system of records needs to be changed as a result of public comment or OMB review.

Electronic Access to This Document: The official version of this document is the document published in the Federal Register. Free Internet access to the official edition of the Federal Register and the Code of Federal Regulations is available via the Federal Digital System: www.gpo.gov/fdsys. At this site you can view this document, as well as all other documents of this Department published in the Federal Register, in text or Adobe Portable Document Format (PDF). To use PDF you must have Adobe Acrobat Reader, which is available free at this site. You may also access documents of the Department published in the Federal Register by using the article search feature at: www.federalregister.gov. Specifically, through the advanced search feature at this site, you can limit your search to documents published by the Department.

Dated: January 19, 2012.

Michael Yudin,

Acting Assistant Secretary for Elementary and Secondary Education.

For the reasons discussed in the preamble, the Acting Assistant Secretary for Elementary and Secondary Education, U.S. Department of Education (Department) publishes a notice of a new system of records to read as follows:

SYSTEM NUMBER:

18-14-06

SYSTEM NAME:

Migrant Education Bypass Program Student Database (MEBPSD).

SECURITY CLASSIFICATION:

None.

SYSTEM LOCATIONS:

(1) U.S. Department of Education, Office of Elementary and Secondary Education, Office of Migrant Education, 400 Maryland Avenue SW., Room 3E315, Washington, DC 20202-4614.

(2a) Central Susquehanna Intermediate Unit (CSIU), 90 Lawton Lane, Milton, PA 17847 (main database server and primary location of staff serving West Virginia (WV)).

(2b) Central Susquehanna Intermediate Unit, 911 Greenough Street, Suite 1, Sunbury, PA 17801 (secure off-site location where electronic backup media will be stored).

(3) LEARN Regional Educational Service Center, 44 Hatchetts Hill Road, Old Lyme, CT 06371 (subcontractor of CSIU and primary location of staff serving Connecticut (CT) and Rhode Island (RI)).

(4) ESCORT, Eastern Stream Center—South, 3750 Gunn Highway, Suite 210, Tampa, FL 33618.

(5) Contractor and subcontractor staff will keep and maintain a subset of MEBPSD records in print format or on tablet personal computers.

(6) Contractor and subcontractor staff may access the MEBPSD through the Internet using secure network connections that utilize encryption and Virtual Private Network technology.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system contains records on all children in the target States whom the U.S. Department of Education (Department) has determined to be eligible to participate in the Migrant Education Program (MEP), authorized in Title I, Part C, of the Elementary and Secondary Education Act of 1965, as amended (ESEA). For purposes of this notice, these children are referred to as “migrant children”.

CATEGORIES OF RECORDS IN THE SYSTEM:

The categories of records in the system include, but are not limited to, the migrant child's: name; date of birth; birth city; birth State; birth country; home address; telephone number; personal identification numbers assigned by the Department's contractor, the Migrant Student Information Exchange (MSIX) system, the State educational agency (SEA), and the local educational agency (LEA); and relevant family information (e.g., parent's or parents' name or names and proficiency in English). The system also includes data on the migrant child's school enrollment, school contacts, assessments, school readiness, educational interests, and other educational and health data necessary for: providing educational and support services in a coordinated and efficient manner; ensuring accurate and timely school enrollment, grade and course placement, and accrual of course credits; and reporting aggregate, non-personally identifiable information to the Department. The system also includes information related to the child's eligibility for the MEP. In cases where the child is a migratory agricultural worker or migratory fisher, the MEBPSD includes information about the child's move, the types of work the child performs and has performed in the past, and the name of the workplace where this work is or was performed. In cases where the child moves with a parent, guardian, or spouse who is a migratory agricultural worker or migratory fisher, the MEBPSD includes information about the moves the child and worker made; the type of work the parent, guardian, or spouse performs and has performed in the past; and the name of the workplace where this work is or was performed.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The MEBPSD is authorized under section 1307 of the ESEA, (20 U.S.C. 6397).

PURPOSE(S):

The purposes of the MEBPSD are to enable the Department, through its contractor, CSIU, to: (1) Verify the eligibility of migratory children in the target States for MEP services; (2) help migratory children in the target States receive appropriate educational and supportive services that address their special needs in a coordinated and efficient manner; (3) help to ensure, by collecting, maintaining, and transferring children's education records, that migratory children in the target States are not penalized by disparities in State curriculum, graduation requirements, academic content, and student academic achievement standards as they move among States; (4) help migratory children overcome educational disruption, cultural and language barriers, social isolation, health-related problems, and other factors that inhibit their ability to make a successful transition to postsecondary education or employment; (5) enable the contractor to provide to the Department MEP performance report data typically submitted by SEAs; and (6) enable the contractor to report on the numbers of eligible children in the target States so that the Department can continue to determine the amount of funds available to provide educational and supportive services to eligible migratory children in the target States.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

The Department may disclose information contained in this system of records under the routine uses listed in this system of records without the consent of the individual if the disclosure is compatible with the purposes for which the record was collected. The Department may make these disclosures on a case-by-case basis or, if the Department has complied with the computer matching requirements of the Privacy Act, under a computer matching agreement.

(1) Program Disclosures. The Department may disclose a record in this system of records to representatives of SEAs, LEAs, MEP local operating agencies (LOAs), public schools, private and non-public schools, and charter schools to facilitate one or more of the following for a student: (a) Eligibility for and participation in the MEP, (b) eligibility for federally- or State-funded programs, (c) coordination and delivery of educational and supportive services, (d) enrollment in school, (e) grade or course placement, (f) credit accrual, and (g) unique student match resolution. Unique student match resolution is a process to determine if two students in a database, who share similar identifying characteristics (e.g. name and date of birth), are the same student. The Department may disclose a record in this system of records to representatives of community-based organizations and health and social service providers to help migratory children overcome social isolation, various health-related problems, and other factors that inhibit the ability of such children to do well in school. The Department may also disclose a record in this system of records to institutions of higher education (IHEs) or private nonprofit organizations that operate a federally funded College Assistance Migrant Program (CAMP) or a High School Equivalency Program (HEP); State or local government entities, IHEs, or nonprofit organizations that operate a Migrant Education Even Start (MEES) Program; nonprofit organizations and for-profit organizations that operate a Migrant and Seasonal Head Start program; and public agencies and private nonprofit organizations that receive funding from the National Farmworker Jobs Program, so that they can determine children's eligibility for these Federal grant programs and provide services accordingly.

(2) Contract Disclosure. If the Department contracts with an entity to perform any function that requires disclosing records in this system to the contractor's employees, the Department may disclose the records to those employees who have received the appropriate level of security clearance from the Department. Before entering into such a contract, the Department will require the contractor to establish and maintain the safeguards required under the Privacy Act (5 U.S.C. 552a(m)) with respect to the records in the system.

(3) Software Vendor Disclosure. The Department, through its contractor, CSIU, may disclose the records in this system to the database vendor, Management Services for Education Data (MS/EdD), for the sole purpose of resolving contractor-initiated calls for assistance related to the software (MIS2000) used to operate the contractor's database.

(4) Research Disclosure. The Department may disclose records from this system to a researcher if an appropriate official of the Department determines that the individual or organization to which the disclosure would be made is qualified to carry out specific research related to functions or purposes of this system of records. The official may disclose information from this system of records to that researcher solely for the purpose of carrying out that research related to the functions or purposes of this system of records. The researcher will be required to maintain Privacy Act safeguards with respect to the disclosed records.

(5) Freedom of Information Act (FOIA) and Privacy Act Advice Disclosure. The Department may disclose records to the Department of Justice (DOJ) or the Office of Management and Budget (OMB) if the Department concludes that disclosure is desirable or necessary to determine whether particular records are required to be disclosed under the FOIA or the Privacy Act.

(6) Disclosure in the Course of Responding to Breach of Data. The Department may disclose records from this system to appropriate agencies, entities, and persons when: (a) The Department suspects or has confirmed that the security or confidentiality of information in the MEBPSD has been compromised; (b) the Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of the MEBPSD or other systems or programs (whether maintained by the Department or by another agency or entity) that rely upon the compromised information; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

(7) Litigation and Alternative Dispute Resolution (ADR) Disclosures.

(a) Introduction. In the event that one of the following parties is involved in litigation or ADR, or has an interest in litigation or ADR, the Department may disclose certain records to the parties described in paragraphs (b), (c), and (d) of this routine use under the conditions specified in those paragraphs:

(i) The Department or any of its components.

(ii) Any Department employee in his or her official capacity.

(iii) Any Department employee in his or her individual capacity where the DOJ has agreed to or has been requested to provide or arrange for representation of the employee.

(iv) Any Department employee in his or her individual capacity where the Department has agreed to represent the employee.

(v) The United States where the Department determines that the litigation is likely to affect the Department or any of its components.

(b) Disclosure to DOJ. If the Department determines that disclosure of certain records to the DOJ, or attorneys engaged by DOJ, is relevant and necessary to litigation or ADR, and is compatible with the purpose for which the records were collected, the Department may disclose those records as a routine use to the DOJ.

(c) Adjudicative Disclosure. If the Department determines that disclosure of certain records to a court, an administrative body before which the Department is authorized to appear, or an individual or entity designated by the Department or otherwise empowered to resolve or mediate disputes, is relevant and necessary to the litigation or ADR, and is compatible with the purpose for which the records were collected, the Department may disclose those records as a routine use to the adjudicative body or individual or entity.

(d) Disclosures to Parties, Counsel, Representatives, and Witnesses. If the Department determines that disclosure of certain records to a party, counsel, representative, or witness is relevant and necessary to the litigation or ADR, and is compatible with the purpose for which the records were collected, the Department may disclose those records as a routine use to a party, counsel, representative, or witness.

(8) Congressional Member Disclosure. The Department may disclose records to a Member of Congress and his or her staff in response to an inquiry from the Member made at the written request of the individual who requested it. The Member's right to the information is no greater than the right of the individual who requested it.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:

None.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

The main database server of the Department's contractor, CSIU, stores computerized student records on server hardware. The data are stored in a Firebird Database file. Backup media are encrypted and transported daily to a second secure location. Electronic records are also stored on portable devices (e.g., tablet computers and thumb drives) used by contractor and subcontractor staff.

Print data are locked securely at the contractor's and subcontractors' offices. At times, contractor and subcontractor staff may need to carry print records with them. These records will be locked securely when not in use.

RETRIEVABILITY:

Records in the database are indexed and retrieved by unique numbers assigned to each person. The Firebird database, located at the main data center, uses Transmission Control Protocol (TCP) transport within a local computer.

SAFEGUARDS:

(1) Introduction

Department, contractor, and subcontractor employees who collect, maintain, use, or disseminate data in this system, must comply with the requirements of the Privacy Act.

(2) Physical Security of Electronic Data

Physical security of electronic data will be maintained. The main database server for this system is located in a secure room at the contractor's data center. Access to the secure room is monitored electronically. Personnel entering the room without electronic passes are logged in and admitted only by authorized personnel. The secure room is located behind closed doors in a passage limited to contractor personnel only. Finally, all entrances to the building are monitored both electronically and by front-desk personnel.

Off-site backup media are encrypted, locked in a container, and transported securely by contractor staff to a second secure location that is also protected by electronic security measures. The locked container is stored in a dedicated locked room at the backup location. Access to the room is controlled by a key that is maintained by the backup location's office manager. The office manager maintains a log of all individuals who access the room.

(3) Physical Security of Print Data

Physical security of print data will be maintained. Print data will be locked securely at contractor's and subcontractors' offices. At times, contractor or subcontractor staff may need to carry print records with them. These records will be locked securely when not in use.

(4) User Access to Electronic Data

Access to the database server and software is restricted to the system administrators for the MEBPSD. The Database Vendor, MS/EdD, is granted access to server data for the sole purpose of resolving contractor-initiated calls for assistance. The Department's contractor and the database vendor maintain a signed confidentiality agreement.

All MEBPSD user accounts will be granted by MEBPSD System Administrator staff and will leverage role-based accounts and security controls to limit access to the database application, its server, and infrastructure, to authorized users only. MEBPSD System Administrators will grant access to data in the MEBPSD to authorized contractor and subcontractor staff by creating accounts and assigning appropriate roles that restrict access based on user category (e.g., data administrator, MEP advocate, or project coordinator). MEBPSD System Administrators will grant access to data in the MEBPSD to the Database Vendor, MS/EdD, as needed, to address contractor initiated calls for assistance with the database.

The MEBPSD requires the use of “strong” passwords comprised of alphanumeric and special characters. Department, contractor, and subcontractor staff are granted access to student information on a “need to know” basis. All physically unsecured database installations, e.g., user workstations, reside on hard drives that are fully encrypted. Access to the system will be limited to secure network sessions such as Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) and Virtual Private Network (VPN) connections.

All electronic records stored on portable devices reside on fully encrypted hard drives or media. Electronic documents (e.g., spreadsheets and word processing documents) with student data are password protected. Records from the system are shared in accordance with the Privacy Act.

(5) Additional Security Measures

The CSIU uses a series of firewalls to limit internal access to specific Internet protocols and ports as well as intrusion detection systems to monitor any potential unauthorized access to the MEBPSD. The MIS2000 software logs and tracks login attempts, data modifications, and other key application events. CSIU staff monitor database and security logs on a regular basis.

A third party performs vulnerability scans on a routine basis, and contractor staff monitor the US Computer Emergency Response Team (CERT) bulletins (see http://www.us-cert.gov/ for more details) and apply operating system and vendor patches as appropriate.

Confidentiality statements are maintained in job descriptions of all contractor and subcontractor employees. In addition, all contractor and subcontractor employees are required to sign data safeguarding statements.

RETENTION AND DISPOSAL:

Records are maintained and disposed of in accordance with the Department's Records Disposition Schedules as listed under ED 086—Information Systems Supporting Materials.

SYSTEM MANAGER AND ADDRESS:

Director, Office of Migrant Education, U.S. Department of Education, 400 Maryland Avenue SW., Room 3E317, Washington, DC 20202-0001.

NOTIFICATION PROCEDURE:

If you wish to determine whether a record exists regarding you in the system of records, you must provide the system manager at the address listed under SYSTEM MANAGER AND ADDRESS with your name, date of birth, and other identification if requested. Your request must meet the requirements of the Department's Privacy Act regulations in 34 CFR 5b.5, including proof of identity.

RECORD ACCESS PROCEDURE:

If you wish to gain access to a record about you in this system of records, provide the system manager at the address listed under SYSTEM MANAGER AND ADDRESS with your name, date of birth, and other identification if requested. Your request must meet the requirements of the Department's Privacy Act regulations in 34 CFR 5b.5, including proof of identity.

CONTESTING RECORD PROCEDURE:

If you wish to contest the content of a record regarding you in the system of records, contact the system manager at the address listed under SYSTEM MANAGER AND ADDRESS with the information described in the NOTIFICATION PROCEDURE section. Your request for access to a record must meet the requirements of the Department's Privacy Act regulations in 34 CFR 5b.7, including proof of identity, specification of the particular record you are seeking to have changed, and the written justification for making such a change.

RECORD SOURCE CATEGORIES:

The system will contain records that are obtained from MSIX; SEAs; LOAs; LEAs; schools; health service providers; social service providers; community based organizations; officials who operate federally-funded CAMPs, HEPs, MEES, and Migrant and Seasonal Head Start programs and projects; parents; guardians; spouses; and eligible migratory children.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

[FR Doc. 2012-1353 Filed 1-23-12; 8:45 am]

BILLING CODE 4000-01-P