COVID-19 Tracing Reporting Form

OMB Control No: 1670-0044	ICR Reference No: 202010-1670-001
Status: Active	Previous ICR Reference No:
Agency/Subagency: DHS/CISA	Agency Tracking No:
Title: COVID-19 Tracing Reporting Form
Type of Information Collection: New collection (Request for a new OMB Control Number)	Common Form ICR:  No
Type of Review Request: Emergency	Approval Requested By: 10/30/2020
OIRA Conclusion Action: Approved without change	Conclusion Date: 10/30/2020
Retrieve Notice of Action (NOA)	Date Received in OIRA: 10/28/2020
Terms of Clearance: The agency will not publish the data it receives and will not use this data to form a justification for policy decisions using statistical methods.

	Inventory as of this Action	Requested	Previously Approved
Expiration Date	04/30/2021	6 Months From Approved
Responses	166	0	0
Time Burden (Hours)	111	0	0
Cost Burden (Dollars)	0	0	0

---

Abstract: The COVID-19 Contact Tracing Reporting Form is a voluntary form that CISA will advertise through our Regional Offices and during our frequent engagements with our stakeholders. This collection is designed to allow affected parties to voluntarily submit relevant evidence about their contact tracing program. The information will allow the agency to develop best practices and guidance on how to employ digital contact tracing tools while mitigating security risks.

Emergency Justfication: On April 16, 2020, the White House issued “Opening Up America Again,” a set of Federal guidelines for reopening the US economy with a three-phased approach. One core State preparedness responsibility is the need for contact tracing of individuals who test positive for, or are symptomatic of, COVID-19. Digital Contact Tracing Tool (DCTT) applications if not properly secured can pose a great threat to the privacy, the personally identifiable information (PII), and personal health information (PHI) of individuals and can pose an equal threat to the computer systems of those operating those tools. CISA under the Cybersecurity Information Sharing Act of 2015 and the Homeland Security Act, “is to provide best practices and integrate relevant information, analysis, and vulnerability assessments, regardless of whether the information, analysis, or assessments are provided or produced by the Department, in order to make recommendations, including prioritization, for protective and support measures by the Department, other Federal Government agencies, State, local, tribal, and territorial government agencies and authorities, the private sector, and other entities regarding terrorist and other threats to homeland security.” CISA cannot advise on DCTT currently due to the patchwork nature of state and business adoption of DCTT technologies and the lack of public information available on the many DCTT applications. It is imperative that cybersecurity best practices on the employment of these new technologies be out while the use of DCTT is still nascent.

---

Authorizing Statute(s): PL: Pub.L. 115 - 278 2022 (e)(c) Name of Law: Cybersecurity and Infrastructure Security Agency Act of 2018

Citations for New Statutory Requirements: None

---

Associated Rulemaking Information
RIN:	Stage of Rulemaking:	Federal Register Citation:	Date:
	Not associated with rulemaking

---

Federal Register Notices & Comments

Did the Agency receive public comments on this ICR? No

---

Number of Information Collection (IC) in this ICR: 1

IC Title Form No. Form Name COVID-19 CONTACT TRACING REPORTING FORM DHS Form XXX (10/20) COVID-19 CONTACT TRACING REPORTING FORM

---

ICR Summary of Burden

	Total Approved	Previously Approved	Change Due to New Statute	Change Due to Agency Discretion	Change Due to Adjustment in Estimate	Change Due to Potential Violation of the PRA
Annual Number of Responses	166	0	0	166	0	0
Annual Time Burden (Hours)	111	0	0	111	0	0
Annual Cost Burden (Dollars)	0	0	0	0	0	0

Burden increases because of Program Change due to Agency Discretion: Yes

Burden Increase Due to: Miscellaneous Actions

Burden decreases because of Program Change due to Agency Discretion: No

Burden Reduction Due to:

Short Statement: This is a new collection.

---

Annual Cost to Federal Government: $3,910

Does this IC contain surveys, censuses, or employ statistical methods? No

Does this ICR request any personally identifiable information (see OMB Circular No. A-130 for an explanation of this term)? Please consult with your agency's privacy program when making this determination.     No

Does this ICR include a form that requires a Privacy Act Statement (see 5 U.S.C. §552a(e)(3))? Please consult with your agency's privacy program when making this determination.     Yes

Is this ICR related to the Affordable Care Act [Pub. L. 111-148 & 111-152]? No

Is this ICR related to the Dodd-Frank Wall Street Reform and Consumer Protection Act, [Pub. L. 111-203]? No

Is this ICR related to the American Recovery and Reinvestment Act of 2009 (ARRA)? No

Is this ICR related to the Pandemic Response? Yes

Agency Contact: Mia Bruce 202 357-8441 [email protected]

---

Common Form ICR:  No

---

On behalf of this Federal agency, I certify that the collection of information encompassed by this request complies with 5 CFR 1320.9 and the related provisions of 5 CFR 1320.8(b)(3).
The following is a summary of the topics, regarding the proposed collection of information, that the certification covers:
		(a) It is necessary for the proper performance of agency functions;
		(b) It avoids unnecessary duplication;
		(c) It reduces burden on small entities;
		(d) It uses plain, coherent, and unambiguous language that is understandable to respondents;
		(e) Its implementation will be consistent and compatible with current reporting and recordkeeping practices;
		(f) It indicates the retention periods for recordkeeping requirements;
		(g) It informs respondents of the information called for under 5 CFR 1320.8 (b)(3) about:
			(i) Why the information is being collected;
			(ii) Use of information;
			(iii) Burden estimate;
			(iv) Nature of response (voluntary, required for a benefit, or mandatory);
			(v) Nature and extent of confidentiality; and
			(vi) Need to display currently valid OMB control number;
		(h) It was developed by an office that has planned and allocated resources for the efficient and effective management and use of the information to be collected.
		(i) It uses effective and efficient statistical survey methodology (if applicable); and
		(j) It makes appropriate use of information technology.
If you are unable to certify compliance with any of these provisions, identify the item by leaving the box unchecked and explain the reason in the Supporting Statement.
Certification Date: 10/28/2020

---