Appendix A: Data Sharing Agreement Template

Appendix A - SAVES Center 8.27.24.docx

Formative Data Collections for ACF Program Support

Appendix A: Data Sharing Agreement Template

OMB: 0970-0531

Document [docx]
Download: docx | pdf

OMB #: 0970-0531, Expiration Date: 09/30/2025



Appendix A: Data Sharing Agreement Template


This Data Use and Security Agreement (hereafter referred to as “Agreement”) effective as of      , 2024 (“Effective Data”), is made by and between the site (the “Data Provider”) and Center for Policy Research (CPR) (hereafter referred to as the “Data Recipient”). Data Provider and the Data Recipient will be collectively referred to as the “Parties.”


As a non-profit research organization, the Center for Policy Research (CPR), under the SAVES Project will receive and analyze child support system data. Specifically, the Center for Policy Research will be collecting data on selected characteristics of domestic violence (DV) cases and clients in the child support system and the actions taken on their cases for the purpose of understanding selected features of child support cases and clients with safety issues that are in the child support system. The study will also reveal client experiences with the program including payment outcomes, and enforcement activities. Under Contract Number 24 IHGA 188692, CPR will be collecting this data and conducting this analysis on behalf of the Colorado Department of Human Services, Division of Child Support Services, hereinafter referred to as “Client.” Client has a cooperative agreement with the Federal Office of Child Support Services (OCSS) (“Funder”) to implement the Safe Access for Victims’ Economic Security (“SAVES”) National Demonstration Model, Federal Award: 90FD0253. One duty of the SAVES Center is to conduct and disseminate national research on domestic violence victims’/survivors’ barriers and needs related to child support and parenting time services.

Data Recipient is bound by a variety of Government regulations and laws, as well as contractual obligations with all its clients, to be accountable for information confidentiality, integrity and security. Similarly, individual consultants and vendors, including their subcontractors, in the employ of Data Provider must be accountable for data security in the performance of Data Provider’s work.


This Agreement addresses the terms and conditions under which Data Provider will disclose the data-to-Data Recipient and the terms in which Data Recipient may use the data to carry out the terms of the scope of work pursuant to the contract noted above.


Data Recipient agrees to protect the data provided by Data Provider in accordance with all applicable laws and regulations, which may include, but not be limited to the requirements detailed below. By signing this Agreement, The Data Recipient acknowledges that violation of this Agreement may have potential criminal, administrative, monetary and/or civil penalties.


The Parties mutually agree that any data submitted by the Data Provider to the Data Recipient will not contain any personal identifiable information (PII) that would allow for simple identification of the study participants information. PII means information maintained by the Data Provider about an individual that can be used to distinguish or trace an individual’s identity, such as first or last name, social security number, date and place of birth, email address, mother’s maiden name, or bio metric records; and any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.


[Add applicable paragraphs]


And/or This data is subject to the protections of The Privacy Act of 1974, 5 U.S.C. 552a. The purpose of the Privacy Act is to balance the government's need to maintain information about individuals with the rights of individuals to be protected against unwarranted invasions of their privacy stemming from federal agencies' collection, maintenance, use, and disclosure of personal information


And/or In accordance with this Data Use & Security Agreement, Data Recipient has agreed to protect the confidentiality of the data and to ensure that any other authorized users of the data create, receive, maintain, or transmit confidential information with the same restrictions, conditions, and requirements that apply to the Data Recipient with respect to such information.


[Select which of the following paragraphs applies and delete the other]


And/or This data is covered and protected under the Family Educational Rights and Privacy Act (FERPA) set forth in 20 U.S.C. 123g and its regulations at Part 99 of Title 34 of the Code of Federal Regulations, as amended in 2012. Data Recipient has agreed to protect the confidentiality of this data and to ensure that any other authorized users of the data create, receive, maintain, or transmit confidential information with the same restrictions, conditions, and requirements that apply to the Data Recipient with respect to such information.


And/or This data is covered and protected under the Federal Information Security Management Act of 2002, as amended, Title III of the e-Government Act of 2002, 44 U.S.C. 3541-3549. Data Recipient has agreed to protect the confidentiality of this data and to ensure that any other authorized users of the data create, receive, maintain, or transmit confidential information with the same restrictions, conditions, and requirements that apply to the Data Recipient with respect to such information.


This Agreement supersedes all agreements between the Parties with respect to the use of data specified in this Agreement and provided by Data Provider. The terms of this Agreement can be changed only by written modification to this Agreement or by the Parties adopting a new Agreement.


To this end, the Parties agree to the following terms regarding the release and use of data provided by Data Provider hereunder.


  1. Data to be Exchanged: This section should be tailored to specific Project Needs


  1. The Data Recipient will obtain from the Data Provider, the data listed in Appendix A, which is attached hereto and incorporated into this Agreement.


  1. The Parties mutually agree that the Data Recipient does not obtain any right, title, or interest in any of the data provided by Data Provider other than that allowed by the Contract Number noted above.


  1. The Parties mutually warrant that the data provided will be used solely for the purposes described in the scope of work under the terms of the contract and for no other purpose.


  1. The Data Recipient agrees not to attempt to link or merge records in an attempt to seek the identity of or to contact individuals when the Data Recipient is provided with de-identified data and the scope of work does not require further identification.


  1. Data Recipient may link or merge records with its own survey data and with other records it has created or obtained related to study participants for research purposes.


  1. Data Custodian & Point of Contact:

  1. The Parties mutually agree that the following named individual is designated as the “Custodian” of the data on behalf of the Data Recipient and will be responsible for observing the security and privacy arrangements specified in this Agreement.


  1. The Parties mutually agree that the following named individual will be designated as the point-of-contact for this Agreement on behalf of Data Provider.



Custodian

for Data Recipient


Point of Contact for Data Provider

Name


Lanae Davis

Name


Title


Senior Research Associate

Title


Organization

Center for Policy Research

Organization


Street Address

1570 Emerson St

Street Address


City/ State/ Zip

Denver, Colorado, 80218

City/ State/ Zip


Phone Number

303-947-7751

Phone Number


E-Mail Address

ledavis@centerforpolicyresearch.org

E-Mail Address



  1. Authorized Users of the Data:

  1. Data Recipient agrees that access to the data provided under this agreement will be limited to the minimum number of individuals necessary to perform the work.

  2. With the exception of Data Recipients, Client and Subcontractors, the data shall not be shared or made available to any unauthorized personnel or other third party.

  3. The Data Recipient agrees to ensure that any agents, including subcontractors, to who it provides the data, agree to the same restrictions and conditions that apply to the Data Recipient with respect to such information.


  1. Term of Agreement:

This Agreement will commence on the Effective Date noted above and will expire on the last date of the SAVES Center Project, including all extensions of Federal Award: 90FD0253 by Funder and Client Any use of the data beyond the expiration date above shall require both Parties to execute a modification to this Agreement.


  1. Data Destruction:

The Parties mutually agree that the data provided under this Agreement and/or any derivative file(s) may be retained only for the duration of this Agreement. At the end of this Agreement (and/or extensions of this Agreement to coincide with potential extensions of the Cooperative Agreement between Funder and Client and Client and Data Recipient, the Data Recipient must return or destroy all original data files and any derivative files as specified in the scope of work. Notwithstanding the foregoing, Data Recipient may retain a copy for archival purposes for a period of twelve (12) months after expiration of this Agreement.


  1. Data Security:

Center For Policy Research utilizes Microsoft 365 E5 subscription to safely protect all data within SharePoint, OneDrive, and access from their laptops. Microsoft 365 E5 is a comprehensive subscription that combines productivity apps with advanced security, compliance, and analytical capabilities. The cloud apps and devices that access the data are governed and secured utilizing several security services and features that work together to prevent unauthorized access or data loss. These include:

  • MFA and Conditional Access. Multi-Factor authentication is required for both computer and cloud app access. Conditional Access policies prevent login attempts from outside the US.

  • Data Loss Prevention. Policies for automatic classification and retention. Also, manual labels can be applied to data to restrict access and prevent sharing.

  • Information Protection. This includes Microsoft Purview Advanced Message Encryption, Insider Risk Management, Communication Compliance, Privileged Access Management, and Records Management. Also, Per-File Encryption in OneDrive for Business and SharePoint Online.

  • Microsoft 365 E5 Security. This includes Microsoft Defender for Office 365 Plan 2, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Safe Documents. Computers and all cloud apps including email are protected.

  1. Inspection:

The Data Recipient agrees that authorized representatives of Data Provider will be granted access to the Data Recipient’s premises where the data files are kept for the purpose of inspecting security arrangements to confirm compliance with this Agreement.


  1. Scope of Relationship:

This Agreement will not constitute a partnership, agency or joint venture, and neither party may bind the other to any contract, arrangement or understanding except as specifically stated herein or otherwise mutually agreed to in writing by the parties.


  1. Publication and Use of Name: Include language below based on Projects needs

  1. Under Data Recipient’s prime contract with Client, Data Recipient may publish reports discussing their research and findings under the Program. In such reports, Data Recipient may disclose and publish the aggregated statistics based on the data files provided under this Agreement. Since no PII will be collected, the Data Recipient will not publish any PII in connection with that data provided under this Agreement.

  2. Data Recipient is authorized to use Data Provider’s name as the source of the data provided in this Agreement in any future public presentation(s) or report(s) without prior written consent.


  1. Headings:

Descriptive headings used in this Agreement are for convenience only and must not be used to interpret this Agreement.


  1. Limitation of Liability and Indemnification:

It is the intent of the Parties that each Party shall remain liable, to the extent provided by law, regarding its own acts and omissions. In no event shall either Party be liable under any provision of this Agreement for special, indirect, or consequential loss or damage of any kind whatsoever, including but not limited, to lost profits.


  1. Compliance:

  1. The Parties mutually acknowledge that certain types of personal, health and financial data are protected by Government regulations and laws, including but not limited to the Privacy Act of 1974 (5 U.S.C. 552a et seq.), HIPAA Privacy Rule (104-191 P.L.), the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act of 1999. The Parties further mutually acknowledge that there are administrative, civil, or criminal penalties for disclosure or misuse of these data.

  1. By signing this agreement, the Data Recipient agrees to abide by the provisions noted in this Agreement for the protection of the data file(s) noted, and acknowledges having received notice of potential criminal, administrative, or civil penalties for violation of the terms of the Agreement.


The signatories below hereby attest that he or she is authorized to commit to this Agreement on behalf of their respective organization and further agrees to abide by all of the terms specified in this Agreement.


DATA RECIPIENT:

__________________________________________________________________

Name Title


__________________________________________________________________

Signature Date



DATA PROVIDER:


__________________________________________________________________

Name Title


__________________________________________________________________

Signature Date

APPENDIX A


Scope


Introduction: The SAVES Center will work collaboratively with demonstration sites to examine the policies and practices that support survivor physical and psychological safety, minimize disparities, increase financial security, and best meet survivors’ self-defined goals. The study of anonymous information extracted from automated child support systems will assess client demographics and experiences with the program, including payment outcomes, enforcement activities, and timeframes for key events such as order establishment and payments. This study will help the SAVES Center to better understand the sociodemographic and child support case characteristics of custodial parents (CPs) and non-custodial parents (NCPs) in child support cases where a family violence flag is applied versus CPs and NCPs in child support cases where a family violence flag is not applied at SAVES demonstration sites.


Sample: Information on baseline patterns for DV cases and clients and their treatment in the

child support system will come from extracts from automated child support systems generated in 2023, the first year of the SAVES demonstration project.  The extracted information will be conveyed to CPR in an anonymous fashion with no personal identifiers or other information that could be used to ascertain the identity of the child support client and his/her case that is included in the extract. All data analyses will be conducted in an anonymous fashion and patterns will be reported for pooled statistical groups.


Timeline: Data extraction will occur twice (during year 3 and year 5 of the SAVES project). At both time points, the cases with a DV flag will be compared with samples of cases of similar size that are not identified as having a safety issue and lack a DV flag.


Potential Data Elements: The following is an inventory of potential data elements available in automated systems that CPR hopes to determine the extent to which could be extracted with relative ease. This list may be revised and simplified based on discussions with demonstration sites about what data fields are available and reliable. 






















Data Element Form:


SAVES Data Extract Variables Framework

Variable Name

CPR Expected Output

SAVES Demonstration Site Output

Member ID

To be used for matching cases in payment and enforcement action files (if submitted separately)


Violence Assessment (FVI = Family Violence Indicator)

Binary (yes/no)


CP Race

Categorical


NCP Race

Categorical


CP Ethnicity

Binary or Categorical


NCP Ethnicity

Binary or Categorical


CP Age

Date of Birth (month/day/year)


NCP Age

Date of Birth (month/day/year)


CP Sex/gender

Binary or categorical


NCP Sex/gender

Binary or categorical


CP Zip code of residence

Categorical


NCP Zip code of residence

Categorical


Marital status on case

Categorical


Number of children on case

Total number


Age of youngest child on case

Date of birth (month/day/year)


Number of cases CP has

Total number


Number of cases NCP has

Total number


CP Income (without CS)

Amount and frequency (ex per hour, annually etc.)


NCP Income (without CS)

Amount and frequency (ex per hour, annually etc.)


CP Employment Status

Full-time, part-time, seasonal, self-employed, unemployed


NCP Employment Status

Full-time, part-time, seasonal, self-employed, unemployed


County/Region

Categorical


Case creation date

Date (month/day/year)


Order establishment date

Date (month/day/year)


Referral source (e.g., mandatory, self)

Categorical (e.g., mandatory, self)


Order establishment method

Categorical (admin, judicial, default, etc.)


CP attorney representation

Binary (yes/no)


NCP attorney representation

Binary (yes/no)


Case type

Categorical (child support, intrastate, Medicaid only, etc.)


TANF status at establishment

Categorical (current, former, never)


Monthly Support Obligation (MSO)

Amount of current support due per month (exclude arrears, interest, etc.)


Arrears balance at order establishment

Total amount


Arrears balance at extract

Total amount


Method of paternity establishment

Categorical (VAP, court, etc.)


Method of child medical coverage ordered

Categorical (NCP, CP, Medicaid, etc.)


Method of child medical coverage provided

Categorical (NCP, CP, Medicaid, etc.)


Method of paternity establishment

Categorical (VAP, court, etc.)


Verified Employer at extract

Binary (yes/no)


Date employment verified (or previous 12 months)

Date (month/day/year)


Was good cause application made?

Binary (yes/know or DK)


Good cause application date

Date (month/day/year)


Good cause outcome

Categorical or binary


Evidence of Case closure activity?

Binary (yes/no)


Case closure reason

Categorical (interested in closure for safety)


Case closure date

Date (month/day/year)


Was there a request for FVI

Binary (yes/no)


FVI Application

Date (month/day/year)


Date FVI Assigned

Date (month/day/year)


FVI Recertification

Binary (yes/no)


FVI Recertification Date

Date (month/day/year)


Date FVI Removed

Date (month/day/year)


Enrolled in address confidentiality program

Yes/no/type?


Can be submitted in separate spreadsheet

Current support due (monthly for prior 12 months)

Month 1 amount due

Month 2 amount due

Month 3 amount due

Month 4 amount due

Month 5 amount due

Month 6 amount due

Month 7 amount due

Month 8 amount due

Month 9 amount due

Month 10 amount due

Month 11 amount due

Month 12 amount due


Current support paid (monthly for prior 12 months)

Month 1 amount paid

Month 2 amount paid

Month 3 amount paid

Month 4 amount paid

Month 5 amount paid

Month 6 amount paid

Month 7 amount paid

Month 8 amount paid

Month 9 amount paid

Month 10 amount paid

Month 11 amount paid

Month 12 amount paid



Was wage withholding or income assignment a method of payment in the prior 12 months? Or was the last payment in month 11 paid by wage assignment?



Enforcement actions ever taken on case

Type and date action taken (credit bureau, driver’s license, recreation license, passport, contempt, FIDM, etc.)



The described collection of information is voluntary and will be used to better understand efforts to increase safe access to child support, parenting time, and establishment of parentage services for survivors of domestic violence. Public reporting burden for this collection of information is estimated to average 180 minutes per response, including the time for reviewing instructions, gathering and maintaining the data needed, and reviewing the collection of information. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. The OMB number and expiration date for this collection are OMB #: 0970-0531, Exp: 09/30/2025. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to Center for Policy Research; 1570 Emerson Street Denver, Colorado 80218.


File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File TitleDRAFT
Authormcintosj
File Modified0000-00-00
File Created2024-10-07

© 2024 OMB.report | Privacy Policy