NOT-OD-05-065: Security and Privacy Issues for Reviewer Registration with CCR

Department of Health
and Human Services (HHS)

NIH... Turning Discovery Into Health^®

Note: For help accessing PDF, RTF, MS Word, Excel, PowerPoint, Audio or Video files, see Help Downloading Files.

Security and Privacy Issues for Reviewer Registration with CCR

Notice Number: NOT-OD-05-065

Key Dates
Release Date: August 19, 2005

Issued by
National Institutes of Health (NIH), (http://www.nih.gov/)

As part of the new system for reimbursement of reviewers (http://grants.nih.gov/grants/guide/notice-files/NOT-OD-05-062.html), all NIH peer reviewers are required to register with the U.S. Treasury Central Contractor Registration database (CCR). Reviewers are required to complete two steps in the registration process: (1) obtaining an individual Data Universal Number System (DUNS) number, which is followed by (2) acquisition of a CCR number. Instructions that provide guidance that is specific for NIH reviewers to register with the CCR are available in the News and Reports section of the CSR internet home page (http://cms.csr.nih.gov/NewsandReports/). The information below is intended to supplement those instructions.

CCR Security Information

The CCR database is a federal government system based in the Department of the Treasury. It is a secure database that does not disclose sensitive information to the public. To register, sensitive information is requested such as social security number and banking information. Only the registrant has access to their full registration information. To access their own information, a reviewer needs to enter their DUNS number and TPIN (Trading Partner Identification Number). The TPIN is issued by the CCR to the reviewer only. It is important that the reviewer remember which email they use to register, as this will be the email CCR uses to communicate with the reviewer.

The TPIN is a confidential password that the reviewer should not disclose to anyone under any circumstances. The reviewer should safeguard this number just as they would any sensitive password. The CCR will NEVER request the TPIN. If the reviewer loses or forgets their TPIN, they can submit a TPIN letter request at https://www.bpn.gov/CCR/scripts/indextpin.asp. If the reviewer thinks their TPIN has been compromised, they should call the CCR helpdesk at: 888-227-2423 (within the U.S.) or 269-961-5757 (Internationally).

CCR Privacy Information

Anyone can access the CCR website to search for a person in the CCR database and the results provide the person's DUNS number and contact information. The other displayed categories of information include items related to a business that are not entered by our reviewers. Private information, such as social security number or any type of banking information is NOT publicly available. The CCR website FAQ, http://www.ccr.gov/FAQ.aspx, advises users to provide a generic email address and a phone number other than their personal cell phone in the CCR registration point of contact field. This way, their personal email address and cell phone number will not be exposed for spamming.

CCR Security Alert

As of the date of this notice, the CCR website has the current security alert, which can be accessed at http://www.ccr.gov/securitynote.aspx. To re-emphasize, one's TPIN should be kept confidential. CCR personnel will NEVER ask you for your TPIN. Please contact the CCR Help Desk immediately to obtain a new TPIN if you feel that your TPIN has been compromised, 888-227-2423 (within the U.S.) or 269-961-5757 (Internationally).

DUNS Privacy/Security Information

As a first step in registering, a reviewer must obtain a DUNS number. The DUNS site does NOT request private information, such as a social security number or banking information for a reviewer to obtain their DUNS number. The reviewer will be asked for contact information, specifically, Name and Telephone Number; all other entries are generic. The contact information is expected to be the reviewer's work information, not home, which generally is available on their institution's website or their own webpage and thus is not considered private. Here is the DUNS privacy policy: http://www.dnb.com/US/home/privacy_policy/index.html. The DUNS number is required to register with the CCR, but the DUNS system is a completely separate system from CCR. A’s a result of registering for a DUNS number, a reviewer's contact information may be included on postal and e-mail marketing lists associated with Dun and Bradstreet (D&B). In order to be removed from this list, one must make a specific removal request, as described below:

Case 1. If a reviewer already has their DUNS number . To be removed from D&B mailing lists, the reviewer should call Customer Service at 1-800-234-3867 full instructions are listed below.

Case 2. If the reviewer does not yet have a DUNS number. If the reviewer registers via the website, once they receive their number, they can opt out of the mailing list by calling Dun and Bradstreet as instructed below. If the reviewer registers via telephone, at the end of the call, they can request to be de-listed from the marketing list and they can request that an email confirmation be sent to ensure removal of their information from the D&B marketing list.

Instructions to have your information removed from Dun & Bradstreet's marketing list:

Make sure you have your nine-digit DUNS number when you call D&B Customer Service at 1-800-234-3867.
Select 5 from the menu options.
When the Customer Service Representative answers, tell them that you would like to be de-listed from D&B marketing list.
Answer the questions the Customer Service Representative will ask to verify your identity, including your name, telephone number; give the name used when you registered for a DUNS number (should be your legal name).
Request from them a confirmation via email to ensure that the removal has been processed.

Weekly TOC for this Announcement
NIH Funding Opportunities and Notices