(a) Care provider facilities must conduct sexual abuse or sexual harassment incident reviews at the conclusion of every investigation of sexual abuse or sexual harassment and, where the allegation was either substantiated or unable to be substantiated but not determined to be unfounded, prepare a written report recommending whether the incident review and/or investigation indicates that a change in policy or practice could better prevent, detect, or respond to sexual abuse and sexual harassment. The care provider facility must implement the recommendations for improvement or must document its reason for not doing so in a written response. Both the report and response must be forwarded to ORR's Prevention of Sexual Abuse Coordinator. Care provider facilities also must collect accurate, uniform data for every reported incident of sexual abuse and sexual harassment using a standardized instrument and set of definitions.

(b) Care provider facilities must conduct an annual review of all sexual abuse and sexual harassment investigations and resulting incident reviews to assess and improve sexual abuse and sexual harassment detection, prevention, and response efforts. The results and findings of the annual review must be provided to ORR's Prevention of Sexual Abuse Coordinator.

(a) Care provider facilities must maintain all case records associated with claims of sexual abuse and sexual harassment, including incident reports, investigative reports, offender information, case disposition, medical and counseling evaluation findings, and recommendations for post-release treatment and/or counseling in accordance with these standards and applicable Federal and State laws and ORR policies and procedures.

(b) On an ongoing basis, the PSA Compliance Manager must work with care provider facility management and ORR to share data regarding effective care provider facility response methods to sexual abuse and sexual harassment.

(c) On a quarterly basis, the PSA Compliance Manager must prepare a report for ORR compiling information received about all incidents and allegations of sexual abuse and sexual harassment of UCs in the care provider facility during the period covered by the report as well as ongoing investigations and other pending cases.

(d) On an annual basis, the PSA Compliance Manager must aggregate incident-based sexual abuse and sexual harassment data, including the number of reported sexual abuse and sexual harassment allegations determined to be substantiated, unsubstantiated, unfounded, or for which an investigation is ongoing. For each incident, information concerning the following also must be included:

(1) The date, time, location, and nature of the incident;

(2) The demographic background of the victim and perpetrator (including citizenship, nationality, age, and sex) that excludes specific identifying information;

(3) The reporting timeline for the incident (including the name of the individual who reported the incident; the date and time the report was received by the care provider facility; and the date and time the incident was reported to ORR);

(4) Any injuries sustained by the victim;

(5) Post-report follow-up responses and action taken by the care provider facility (e.g., housing placement changes, medical examinations, mental health counseling);

(6) Any interventions imposed on the perpetrator.

(e) Care provider facilities must provide all data described in this section from the previous calendar year to ORR no later than August 31.

(a) ORR must review data collected and aggregated pursuant to §§ 411.101 and 411.102 in order to assess and improve the effectiveness of its sexual abuse and sexual harassment prevention, detection, and response policies, procedures, practices, and training, including:

(1) Identifying problem areas;

(2) Taking corrective actions on an ongoing basis; and

(3) Preparing an annual report of its findings and corrective actions for each care provider facility as well as ORR as a whole.

(b) Such report must include a comparison of the current year's data and corrective actions with those from prior years and must provide an assessment of ORR's progress in preventing, detecting, and responding to sexual abuse and sexual harassment.

(c) The Director of ORR must approve ORR's annual report on ORR's UC Program as a whole and make the report available to the public through its Web site or otherwise make the report readily available to the public.

(d) ORR may redact specific material from the reports when necessary for safety and security reasons but must indicate the nature of the material redacted.

(a) ORR must ensure that data collected pursuant to §§ 411.101 and 411.102 is securely retained in accordance with Federal and State laws and ORR record retention policies and procedures.

(b) ORR must make all aggregated sexual abuse and sexual harassment data from ORR care provider facilities with which it provides a grant to or contracts with, excluding secure care providers and traditional foster care providers, available to the public at least annually on its Web site consistent with existing ORR information disclosure policies and procedures.

(c) Before making any aggregated sexual abuse and sexual harassment data publicly available, ORR must remove all personally identifiable information.

(d) ORR must maintain sexual abuse and sexual harassment data for at least 10 years after the date of its initial collection unless Federal, State, or local law requires for the disposal of official information in less than 10 years.