89 FR 31 pgs. 11278-11280 - Privacy Act of 1974; Notice of a Modified System of Records
Type: NOTICEVolume: 89Number: 31Pages: 11278 - 11280
Pages: 11278, 11279, 11280Docket number: [Notice–IE–2024–01; Docket No. 2024–0002; Sequence No. 2]
FR document: [FR Doc. 2024–03000 Filed 2–13–24; 8:45 am]
Agency: General Services Administration
Official PDF Version: PDF Version
[top]
GENERAL SERVICES ADMINISTRATION
[Notice-IE-2024-01; Docket No. 2024-0002; Sequence No. 2]
Privacy Act of 1974; Notice of a Modified System of Records
AGENCY:
Office of the Chief Privacy Officer; General Services Administration (GSA).
ACTION:
Notice.
SUMMARY:
GSA proposes to modify an existing System of Records Notice to more accurately describe functionality of the system of records and to bring the Notice into compliance with the format promulgated in OMB Guidance A-108.
DATES:
Submit comments on or before March 15, 2024. The new and/or significantly modified routine uses will be applicable on March 15, 2024.
ADDRESSES:
Comments may be submitted to the Federal eRulemaking Portal, http://www.regulations.gov. Submit comments by searching for "Notice-IE-2024-01", Notice of Revised System of Records. Comments may also be submitted by mail at GSA, Regulatory Secretariat Division (MVCB), 1800 F Street NW, Washington, DC 20405.
FOR FURTHER INFORMATION CONTACT:
Call or email Richard Speidel, Chief Privacy Officer at 202-969-5830 and gsa.privacyact@gsa.gov.
SUPPLEMENTARY INFORMATION:
[top] GSA proposes to update a system of records subject to the Privacy Act of 1974, as amended. GSA is modifying the Notice to update the system name to "Cloud Information Infrastructure System," which was previously entitled "GSA's Enterprise Organization of Google
Substantive updates are being made to the Name of the System, System Manager, Authority for Maintenance of the System, Purpose, Categories of Individuals Covered by the System, Categories of Records in the System, Record Source Categories, Policies and Practices for Storage of Records, Policies and Practices for Retrieval of Records, Policies and Practices for Retention and Disposal of Records, Administrative, Technical, and Physical Safeguards, Record Access Procedures, and Notification Procedures. Minor administrative edits are being made to the Routine Uses and Contesting Record Procedures.
GSA is also making technical changes to GSA/CIO-3 consistent with OMB Circular No. A-108. Accordingly, GSA has made technical corrections to identify the newly-renamed sections: "Policies and Practices for Storage of Records," "Policies and Practices for Retrieval of Records," "Policies and Practices for Retention and Disposal of Records," "Administrative, Technical and Physical Safeguards," "Record Access Procedures," "Contesting Record Procedures," and "Notification Procedures." GSA has also created the following new sections: "Security Classification" and "History."
SYSTEM NAME AND NUMBER:
Cloud Information Infrastructure System, GSA/CIO-3.
SYSTEM CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The Cloud Information Infrastructure System is operated and maintained by GSA and on behalf of GSA by its contractor(s). It is hosted in secure cloud hosted data centers in the continental United States.
SYSTEM MANAGER:
Associate CIO, Office of Corporate IT Services, Office of GSA IT, General Services Administration, 1800 F Street NW, Washington, DC 20405.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301; 40 U.S.C. 11315; 44 U.S.C. 3506; E.O. 9397, as amended; 5 U.S.C. 1001-14; 40 U.S.C. 3306.
PURPOSES:
To maintain a system of records directed to the use of GSA's cloud infrastructure systems, which contain a disparate set of systems and records. For example, GSA users maintain a limited set of personal information on the Google platform in order to facilitate use and management of information in order to carry out the requirements of their positions. Members of the public provide contact information to voluntarily participate in public outreach programs or to participate in the groups founded by the Federal Advisory Committee Act.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The categories of individuals covered by this system include members of the public, past and present GSA employees, past and present GSA contractors, and past and present employees of other federal agencies.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system of records includes, but is not limited to Name, Business Contact Information (business phone number, business email address, business location, organizational information), Social Security Number (SSN), Personal Contact Information (personal physical address, personal phone number, personal email address), information regarding employee relocations, and/or information regarding an individual's appointment to one or more advisory committees (title, details of department/committee, occupation, appointment type, funding source).
RECORD SOURCE CATEGORIES:
Information is provided by the individual to whom the record pertains.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed to authorized entities, as is determined to be relevant and necessary, outside GSA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
a. To a Member of Congress or his or her staff on behalf of and at the request of the individual who is the subject of the record.
b. To the National Archives and Records Administration (NARA) for records management purposes.
c. To an expert, consultant, or contractor of GSA in the performance of a Federal duty to which the information is relevant.
d. To an appropriate Federal, State, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations.
e. To the Office of Personnel Management (OPM), the Office of Management and Budget (OMB), and the Government Accountability Office (GAO) in accordance with their responsibilities for evaluating Federal programs.
f. To appropriate agencies, entities, and persons when
(1) GSA suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised;
(2) GSA has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by GSA or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with GSA's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
g. To another Federal agency or Federal entity, when GSA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in
(1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
h. In connection with any litigation or settlement discussions regarding claims by or against the GSA, including public filing with a court, to the extent that GSA determines the disclosure of the information is relevant and necessary to the litigation or discussions.
[top] i. To an appeal, grievance, hearing, or complaints examiner; an equal employment opportunity investigator, arbitrator, or mediator; and an exclusive representative or other person
j. To compare such records to other agencies' systems of records or to non-Federal records, in coordination with an Office of Inspector General (OIG) in conducting an audit, investigation, inspection, evaluation, or some other review as authorized by the Inspector General Act.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Electronic records are stored on a secure server with access limited to staff on a need-to-know basis.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records may be retrieved by name or another identifier.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and disposed of according to GSA records maintenance and disposition schedules, GSA Directive CIO 1820.2-"GSA Records Management Program," and requirements of the National Archives and Records Administration ( e.g., NARA General Records Schedule (GRS)).
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The underlying information systems are authorized to operate by the GSA CIO. Two-factor authentication is required and used for all individuals who access this system.
RECORD ACCESS PROCEDURES:
The Privacy Act allows individuals the right to access records about them in a system of records. A request for access must include: 1. Full Name and Address; 2. A description of the records sought; the title and number of this system of records as published in the Federal Register ; 3. A brief description of the nature, time, and place of association with GSA; and 4. Any other information that will help in locating the record.
CONTESTING RECORD PROCEDURES:
An individual may request amendment to a record by writing to the system manager with the proposed amendment, which must bear the following marking: "Privacy Act Request to Amend the Record." Certain records are unable to be amended.
NOTIFICATION PROCEDURES:
An individual may determine if this system contains a record pertaining to them by sending a request in writing, signed, to the System Manager at the above address. The same requirements for Record Access Procedures must be followed for Notification Procedures.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
79 FR 47138, September 11, 2014; 78 FR 35033, July 11, 2013; 77 FR 63316, November 15, 2012.
Richard Speidel,
Chief Privacy Officer, Office of the Deputy Chief Information Officer, General Services Administration.
[FR Doc. 2024-03000 Filed 2-13-24; 8:45 am]
BILLING CODE 6820-AB-P