Privacy Narrative

0841 Att 4e PN FINAL.pdf

Management Information System for Comprehensive Cancer Control Programs

Privacy Narrative

OMB: 0920-0841

⚠️ Notice: This form may be outdated. More recent filings and information on OMB 0920-0841 can be found here:

2023-07-27 - Revision of a currently approved collection

Document [pdf]

Download: pdf | pdf

Information Collection Request - Privacy Narrative
Title:

Chronic Disease Management Information System (CDMIS)

Floyd Trey Bonner, kfz5@cdc.gov, 770-488-2799

Point of Contact: _____________________________________________________________________________
1. This data collection does not involve collection of sensitive and/or personally identifiable information'.
Respondents are state-, territorial/USAPIJ-, and tribal-based comprehensive cancer control programs. Although
contact information is obtained for each program, the contact person provides information about the state,
territorial, or tribal program, not personal information.

2. CDMIS resides at CDC and has administrative, technical and physical controls in place to protect the data. A
Privacy Impact Assessment and System Security Plan have been completed for CDMIS that outlines the controls
in detail. CDMIS has received a CDC Authority to Operate (ATO). The ATO certifies that the system

meets the necessary IT requirements in accordance with the HHS Information Security and Privacy
Policy; Federal Information Security Modernization Act (FISMA) of 2014, (44 U.S.C. 101); National
Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Security and Privacy
Controls for Federal Information Systems and Organizations; Office of Management and Budget (OMB)
Circular A-130, Managing Information as a Strategic Resource; and other applicable federal laws,
regulations, NIST guidance, and Departmental policies.

3. Data is cut off to closed grant, contract, or cooperative agreement files at the end of the calendar year

in which the project ends or a final report is written. Maintained in office two years after cut off.
Transferred to FRC and destroyed six years after cut off.

4. The data will not be retrieved using personal identifiers.

5. A PIA has been created for the overall CDMIS system.

Does this ICR request any PII?

Yes

✔

No

Does this ICR include a form that requires a Privacy Act Statement?
Does this ICR require a PIA?

✔

Yes

No

Yes

✔

No

If yes, does a signed PIA already exist?

✔

Yes

No

C/I/O Approval
Associate Director for Science (ADS)

Rachel
Kaufmann -S
Comments:

Digitally signed by Rachel
Kaufmann -S
Date: 2019.11.20 07:41:37
-05'00'

Information Systems Security Officer (ISSO)

Cynthia Allen
-S

Digitally signed by Cynthia
Allen -S
Date: 2019.11.25 10:22:13
-05'00'

File Type	application/pdf
Author	Allen, Cindy L. (CDC/ONDIEH/NCCDPHP)
File Modified	2019-11-25
File Created	2019-02-07