Privacy Act of 1974; System of Records Notice, 58039-58041 [E6-15848]
Download as PDF
<![CDATA[
Federal Register / Vol. 71, No. 190 / Monday, October 2, 2006 / Notices
option trades on the NYSE Arca should
provide transparency with respect to
current index values and contribute to
the transparency of the market for
broad-based index options. In addition,
the Commission believes, as it has noted
in other contexts, that the requirement
in proposed NYSE Arca Rule 5.12(a)(2)
that an index option be settled based on
the opening prices of the index’s
component securities, rather than on
closing prices, could help to reduce the
potential impact of expiring index
options on the market for the index’s
component securities.20
The Commission finds good cause for
approving the proposed rule change
prior to the 30th day after the date of
publication of the notice of filing in the
Federal Register. The Exchange has
requested accelerated approval of the
proposed rule change. The proposal
implements listing and maintenance
standards and position and exercise
limits for broad-based index options
substantially identical to those recently
approved for the Philadelphia Stock
Exchange, Inc., the International
Securities Exchange, Inc., the American
Stock Exchange LLC, and the CBOE.21
The Commission does not believe that
the Exchange’s proposal raises any
novel regulatory issues. Therefore, the
Commission finds good cause,
consistent with Section 19(b)(2) of the
Act,22 to approve the proposed rule
change, as amended, on an accelerated
basis.
V. Conclusion
rmajette on PROD1PC67 with NOTICES1
It is therefore ordered, pursuant to
Section 19(b)(2) of the Act,23 that the
proposed rule change (SR–NYSEArca–
2006–46), as amended, is hereby
approved on an accelerated basis.
5.12(a)(11) includes, but is not limited to, securities
information vendors such as Bloomberg and
Reuters.’’
20 See, e.g., Securities Exchange Act Release No.
30944 (July 21, 1992), 57 FR 33376 (July 28, 1992)
(order approving a Chicago Board Options
Exchange, Incorporated (‘‘CBOE’’) proposal to
establish opening price settlement for S&P 500
Index options).
21 See Securities Exchange Act Release No. 54158
(July 17, 2006), 71 FR 41853 (July 24, 2006) (SR–
Phlx–2006–17); Securities Exchange Act Release
No. 52578 (October 7, 2005), 70 FR 60590 (October
18, 2005) (SR–ISE–2005–27); Securities Exchange
Act Release No. 52781 (November 16, 2005), 70 FR
70898 (November 23, 2005) (SR–Amex–2005–069);
Securities Exchange Act Release No. 53266
(February 9, 2006), 71 FR 8321 (February 16, 2006)
(SR–CBOE–2005–59).
22 15 U.S.C. 78s(b)(2).
23 Id.
VerDate Aug<31>2005
18:53 Sep 29, 2006
Jkt 211001
For the Commission, by the Division of
Market Regulation, pursuant to delegated
authority.24
Nancy M. Morris,
Secretary.
[FR Doc. E6–16162 Filed 9–29–06; 8:45 am]
BILLING CODE 8010–01–P
SMALL BUSINESS ADMINISTRATION
[Disaster Declaration #10622 and #10623]
North Carolina Disaster #NC–00005
Small Business Administration.
ACTION: Notice.
AGENCY:
This is a notice of an
Administrative declaration of a disaster
for the State of North Carolina dated 9/
25/2006.
Incident: Tropical Storm Ernesto.
Incident Period: 8/31/2006.
Effective Date: 9/25/2006.
Physical Loan Application Deadline
Date: 11/24/2006.
Economic Injury (EIDL) Loan
Application Deadline Date: 6/25/2007.
ADDRESSES: Submit completed loan
applications to: U.S. Small Business
Administration, Processing and
Disbursement Center, 14925 Kingsport
Road Fort Worth, TX 76155.
FOR FURTHER INFORMATION CONTACT: A.
Escobar, Office of Disaster Assistance,
U.S. Small Business Administration,
409 3rd Street, SW., Suite 6050,
Washington, DC 20416.
SUPPLEMENTARY INFORMATION: Notice is
hereby given that as a result of the
Administrator’s disaster declaration,
applications for disaster loans may be
filed at the address listed above or other
locally announced locations.
The following areas have been
determined to be adversely affected by
the disaster:
Primary Counties: Duplin, Jones.
Contiguous Counties: North Carolina:
Carteret, Craven, Lenoir, Onslow,
Pender, Sampson, Wayne.
The Interest Rates are:
SUMMARY:
Percent
58039
Percent
Businesses And Non-Profit Organizations Without Credit Available Elsewhere .........................
4.000
The number assigned to this disaster
for physical damage is 10622 B and for
economic injury is 10623 0.
The State which received an EIDL
Declaration # is North Carolina.
(Catalog of Federal Domestic Assistance
Numbers 59002 and 59008)
Steven C. Preston,
Administrator.
[FR Doc. E6–16134 Filed 9–29–06; 8:45 am]
BILLING CODE 8025–01–P
SMALL BUSINESS ADMINISTRATION
National Small Business Development
Center Advisory Board; Public Meeting
The U.S. Small Business
Administration, National Small
Business Development Center Advisory
Board will be hosting a public meeting
via conference call on Tuesday, October
17, 2006 at 1 p.m. (EST). The purpose
of the meeting is to discuss the recent
board meeting at the Houston ASBDC
Conference on September 14, 2006, and
the ‘‘Dialogue with the SBDC State
Directors’’ meeting on September 15,
2006.
Anyone wishing to place an oral
presentation to the Board must contact
Erika Fischer, Senior Program Analyst,
U.S. Small Business Administration,
Office of Small Business Development
Centers, 409 3rd Street, SW.,
Washington, DC 20416, telephone (202)
205–7045 or fax (202) 481–0681.
Thomas M. Dryer,
Acting Committee Management Officer.
[FR Doc. E6–16135 Filed 9–29–06; 8:45 am]
BILLING CODE 8025–01–P
SMALL BUSINESS ADMINISTRATION
Privacy Act of 1974; System of
Records Notice
U.S. Small Business
Administration (SBA).
6.250 ACTION: Notice of new system of records.
AGENCY:
Homeowners With Credit Available Elsewhere .........................
Homeowners
Without
Credit
Available Elsewhere ..................
Businesses With Credit Available
Elsewhere .................................
Businesses & Small Agricultural
Cooperatives Without Credit
Available Elsewhere ..................
Other (Including Non-Profit Organizations) With Credit Available
Elsewhere .................................
24 17
PO 00000
CFR 200.30–3(a)(12).
Frm 00123
Fmt 4703
Sfmt 4703
3.125
7.934
4.000
5.000
SUMMARY: The Small Business
Administration is adding a new system
of records to the Agency’s Privacy Act
Systems of Records. The system is
called the SBA Identity Management
System (IDMS). The purpose of this
System is to automate records that
maintain information required to
comply with Homeland Security
Presidential Directive 12 (HSPD–12).
E:\FR\FM\02OCN1.SGM
02OCN1
58040
Federal Register / Vol. 71, No. 190 / Monday, October 2, 2006 / Notices
The IDMS provides the workflow
process used to enforce roles in
personalizing and issuing Personal
Identify Verification (PIV) cards. IDMS
automates the current paper based
process and is used to maintain the
integrity of PIV card issuance.
DATES: Written comments on the System
of records must be received November
1, 2006.
ADDRESSES: Written comments on the
System of Records should be directed to
Christine H. Liu, Agency Privacy
Officer, U.S. Small Business
Administration, 409 Third Street, SW.,
Washington, DC 20416 or
Christine.Liu@sba.gov.
FOR FURTHER INFORMATION CONTACT:
Christine Liu, Agency Privacy Officer,
U.S. Small Business Administration,
409 Third Street, SW., Washington, DC
20416; Telephone (202) 205–6708.
investigation form; personal addresses
for past 5 years; high school and college
attended (as applicable); Card Holder
Unique Identification Number; Personal
Identity Verification (PIV) enrollment
package; PIV card issue and expiration
dates; results of background
investigation; PIV request form; PIV
registrar approval signature; PIV card
serial number; emergency responder
designation; copies of documents used
to verify identification or information
derived from those documents; level of
national security clearance and
expiration date; computer system user
name; user access and permission
rights, public key certificates; digital
signature information; National Agency
Check with Written Inquiries
investigation; FBI fingerprint check
results; FBI National Criminal History
Name Check results.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
SBA 34
SYSTEM NAME:
IDENTITY MANAGEMENT
SYSTEM—SBA 34.
SYSTEM LOCATION:
The servers and secure data storage
are located at Maden Technologies;
2110 Washington Boulevard, Suite 200;
Arlington, VA 22204. Enrollment and
queries can be performed by authorized
individuals from any authorized,
suitably-equipped SBA workstation.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM INCLUDE:
Individuals, who require regular,
ongoing access to SBA facilities,
information technology systems, or
information classified in the interest of
national security, including:
a. Applicants for employment or
contracts.
b. Federal employees.
c. Contractors.
d. Students.
e. Interns.
f. Volunteers, and
The system also includes individuals
authorized to perform or use services
provided in SBA facilities (e.g., Credit
Union, Fitness Center, etc.)
The system does not apply to
occasional visitors or short-term guests
to whom SBA will issue temporary
identification and credentials.
rmajette on PROD1PC67 with NOTICES1
CATEGORIES OF RECORDS IN THE SYSTEM:
Full name, social security number;
date of birth; signature; image
(photograph); fingerprint images and
minutia templates; hair color; eye color;
height; weight; organization/office of
assignment; company name; telephone
number; copy of background
VerDate Aug<31>2005
15:07 Sep 29, 2006
Jkt 211001
a. 5 U.S.C. 301; Federal Information
Security Act (Pub. L. 104–106, sec.
5113)
b. Electronic Government Act (Pub. L.
104–347, sec. 203)
c. Paperwork Reduction Act of 1995
(44 U.S.C. 3501)
d. Government Paperwork
Elimination Act (Pub. L. 105–277, 44
U.S.C. 3504)
e. Homeland Security Presidential
Directive (HSPD) 12, Policy for a
Common Identification Standard for
Federal Employees and Contractors,
August 27, 2004
f. Federal Property and
Administrative Act of 1949, as
amended.
d. To a Federal, State, local, foreign,
or tribal or other public authority of the
fact that this system of records contains
information relevant to the retention of
an employee, the retention of a security
clearance, the letting of a contract, or
the issuance or retention of a license,
grant, or other benefit with appropriate
restrictions on further disclosure.
e. To the Office of Management and
Budget (OMB) when necessary to the
review of private relief legislation
pursuant to OMB Circular No. A–19.
f. To a Federal, State, or local agency,
or other appropriate entities or
individuals, or through established
liaison channels to selected foreign
governments, in order to enable an
intelligence agency to carry out its
responsibilities under the National
Security Act of 1947 as amended, the
CIA Act of 1949 as amended, Executive
Order 12333 or any successor order,
applicable national security directives,
or classified implementing procedures
approved by the Attorney General and
promulgated pursuant to such statutes,
orders or directives.
g. To notify another Federal agency
when, or verify whether, a PIV card is
no longer valid.
h. To a supervisor or manager in order
to verify employee time and attendance
record for personnel actions.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES, THESE RECORDS
MAY BE USED, DISCLOSED OR REFERRED:
Note: Disclosures within SBA of data
pertaining to date and time of entry and exit
of an agency employee working in the
District of Columbia may not be made to
supervisors, managers or any other persons
(other than the individual to whom the
information applies) to verify employee time
and attendance record for personnel actions
because 5 U.S.C. 6106 prohibits Federal
Executive agencies (other than the Bureau of
Engraving and Printing) from using a
recording clock within the District of
Columbia, unless used as a part of a flexible
schedule program under 5 U.S.C. 6120 et seq.
a. To a Congressional Office from an
individual’s record, when the office is
inquiring on the individual’s behalf
with waiver; the Member’s access rights
are no greater than the individual’s.
b. To the National Archives and
Records Administration or to the
General Services Administration for
records management inspections
conducted under 44 U.S.C. 2904 and
2906.
c. To SBA contractors, grantees, or
volunteers who have been engaged to
assist the SBA in the performance of a
contract service, grant, cooperative
agreement, or other activity related to
this system of records and who need to
have access to the records in order to
perform their activity. Recipients shall
be required to comply with the
requirements of the Privacy Act of 1974,
as amended, 5 U.S.C. 552a.
i. To the Department of Justice (DOJ)
when any of the following is a party to
litigation or has an interest in such
litigation, and the use of such records by
the DOJ is deemed by the agency to be
relevant and necessary to the litigation,
provided, however, that in each case,
the agency determines the disclosure of
the records to the DOJ is a use of the
information contained in the records
that is compatible with the purpose for
which the records were collected:
(1) The agency, or any component
thereof;
(2) Any employee of the agency in his
or her official capacity;
(3) Any employee of the agency in his
or her individual capacity where the
DOJ has agreed to represent the
employee; or
(4) The United States Government,
where the agency determines that
PO 00000
Frm 00124
Fmt 4703
Sfmt 4703
E:\FR\FM\02OCN1.SGM
02OCN1
Federal Register / Vol. 71, No. 190 / Monday, October 2, 2006 / Notices
litigation is likely to affect the agency or
any of its components.
j. In a proceeding before a court, or
adjudicative body, or a dispute
resolution body before which the agency
is authorized to appear or before which
any of the following is a party to
litigation or has an interest in litigation,
provided, however, that the agency
determines that the use of such records
is relevant and necessary to the
litigation, and that, in each case, the
agency determines that disclosure of the
records to a court or other adjudicative
body is a use of the information
contained in the records that is
compatible with the purpose for which
the records were collected:
(1) The agency, or any component
thereof;
(2) Any employee of the agency in his
or her official capacity;
(3) Any employee of the agency in his
or her individual capacity where the
DOJ has agreed to represent the
employee; or
(4) The United States Government,
where the agency determines that
litigation is likely to affect the agency or
any of its components.
POLICIES AND PRACTICES FOR STORING,
RETRIEVING, ACCESSING, RETAINING, AND
DISPOSING OF RECORDS:
STORAGE:
Records are stored in electronic media
and in paper files and not on the card.
RETRIEVABILITY:
Records are retrievable by name,
social security number, PIV card serial
number, or Card Holder Unique
Identification Number.
rmajette on PROD1PC67 with NOTICES1
SAFEGUARDS:
Paper records are kept in locked
cabinets in secure facilities and access
to them is restricted to individuals
whose role requires use of the records.
Access to facilities will be controlled by
the PIV card. The System requires a PIV
card to log on and to digitally sign
transactions. The computer servers in
which records are stored are located in
facilities that are secured by alarm
systems and off-master key access. The
computer servers themselves are
password-protected. Access to
individuals working at guard stations is
password-protected; each person
granted access to the system at guard
stations must be individually authorized
to use the system. A Privacy Act
Warning Notice appears on the monitor
screen when records containing
information on individuals are first
displayed. Data exchanged between the
servers and the client PCs at the guard
stations and badging office are
VerDate Aug<31>2005
15:07 Sep 29, 2006
Jkt 211001
encrypted. Backup tapes are stored in a
locked and controlled room in a secure,
off-site location.
An audit trail is maintained and
reviewed periodically to identify
unauthorized access. Persons given
roles in the PIV process must complete
training specific to their roles to ensure
they are knowledgeable about how to
protect individually identifiable
information. The system uses the high
risk confidentiality and integrity
security controls specified in the
National Institute of Standards and
Technology Special Publication 800–53.
RETENTION AND DISPOSAL:
Records relating to persons covered
by this system are retained in
accordance with General Records
Schedule 18, Item 17. Unless retained
for specific, ongoing security
investigations, for maximum security
facilities, records of access are
maintained for five years and then
destroyed by wiping hard drives and
shredding paper. For other facilities,
records are maintained for two years
and then destroyed by wiping hard
drives and shredding paper. All other
records relating to employees are
destroyed two years after ID security
card expiration date.
In accordance with FIPS 201–1, PIV
Cards are deactivated within 18 hours of
cardholder separation, notification of
loss of card, or expiration. The
information on PIV Cards is maintained
in accordance with General Records
Schedule 11, Item 4. PIV Cards that are
turned in for destruction are shredded
within 90 days.
SYSTEM MANAGER(S) AND ADDRESSES:
Assistant Administrator/Human
Capital Management, United States
Small Business Administration, 409 3rd
Street, SW., Washington, DC 20416.
Associate Administrator for Disaster
Assistance, United States Small
Business Administration, 409 3rd Street,
SW., Washington, DC 20416. This
responsibility may be delegated.
NOTIFICATION PROCEDURES:
An individual may submit a record
inquiry either in person or in writing to
the System Manager or the Senior
Agency Official for Privacy. When
requesting notification of or access to
records covered by this Notice, an
individual should provide his/her full
name, date of birth, and work location.
An individual requesting notification of
records in person must provide identity
documents sufficient to satisfy the
custodian of the records that the
requester is entitled to access, such as
a government-issued photo ID.
PO 00000
Frm 00125
Fmt 4703
Sfmt 4703
58041
Individuals requesting notification via
mail or telephone must furnish, at
minimum, name, date of birth, social
security number, and home address in
order to establish identity.
ACCESS PROCEDURES:
The Systems Manager or Senior
Agency Official for Privacy will
determine the process. Requesters
should reasonably specify the record
contents being sought.
CONTESTING PROCEDURES:
Same as notification procedures.
Requesters should also reasonably
identify the record, specify the
information they are contesting, state
the corrective action sought and the
reasons for the correction along with
supporting justification showing why
the record is not accurate, timely,
relevant, or complete.
SOURCE CATEGORIES:
Employee, contractor, or applicant;
sponsoring SBA; former sponsoring
SBA; other Federal agencies; contract
employer; former employer.
Dated: September 22, 2006.
Christine Liu,
Departmental Privacy Officer.
[FR Doc. E6–15848 Filed 9–29–06; 8:45 am]
BILLING CODE 8025–01–P
SOCIAL SECURITY ADMINISTRATION
Agency Information Collection
Activities: Proposed Request and
Comment Request
The Social Security Administration
(SSA) publishes a list of information
collection packages that will require
clearance by the Office of Management
and Budget (OMB) in compliance with
Public Law 104–13, the Paperwork
Reduction Act of 1995, effective October
1, 1995. The information collection
packages that may be included in this
notice are for new information
collections, approval of existing
information collections, revisions to
OMB-approved information collections,
and extensions (no change) of OMBapproved information collections.
SSA is soliciting comments on the
accuracy of the agency’s burden
estimate; the need for the information;
its practical utility; ways to enhance its
quality, utility, and clarity; and on ways
to minimize burden on respondents,
including the use of automated
collection techniques or other forms of
information technology. Written
comments and recommendations
regarding the information collection(s)
should be submitted to the OMB Desk
E:\FR\FM\02OCN1.SGM
02OCN1
]]>Agencies
[Federal Register Volume 71, Number 190 (Monday, October 2, 2006)]
[Notices]
[Pages 58039-58041]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E6-15848]
-----------------------------------------------------------------------
SMALL BUSINESS ADMINISTRATION
Privacy Act of 1974; System of Records Notice
AGENCY: U.S. Small Business Administration (SBA).
ACTION: Notice of new system of records.
-----------------------------------------------------------------------
SUMMARY: The Small Business Administration is adding a new system of
records to the Agency's Privacy Act Systems of Records. The system is
called the SBA Identity Management System (IDMS). The purpose of this
System is to automate records that maintain information required to
comply with Homeland Security Presidential Directive 12 (HSPD-12).
[[Page 58040]]
The IDMS provides the workflow process used to enforce roles in
personalizing and issuing Personal Identify Verification (PIV) cards.
IDMS automates the current paper based process and is used to maintain
the integrity of PIV card issuance.
DATES: Written comments on the System of records must be received
November 1, 2006.
ADDRESSES: Written comments on the System of Records should be directed
to Christine H. Liu, Agency Privacy Officer, U.S. Small Business
Administration, 409 Third Street, SW., Washington, DC 20416 or
Christine.Liu@sba.gov.
FOR FURTHER INFORMATION CONTACT: Christine Liu, Agency Privacy Officer,
U.S. Small Business Administration, 409 Third Street, SW., Washington,
DC 20416; Telephone (202) 205-6708.
SBA 34
SYSTEM NAME:
IDENTITY MANAGEMENT SYSTEM--SBA 34.
SYSTEM LOCATION:
The servers and secure data storage are located at Maden
Technologies; 2110 Washington Boulevard, Suite 200; Arlington, VA
22204. Enrollment and queries can be performed by authorized
individuals from any authorized, suitably-equipped SBA workstation.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM INCLUDE:
Individuals, who require regular, ongoing access to SBA facilities,
information technology systems, or information classified in the
interest of national security, including:
a. Applicants for employment or contracts.
b. Federal employees.
c. Contractors.
d. Students.
e. Interns.
f. Volunteers, and
The system also includes individuals authorized to perform or use
services provided in SBA facilities (e.g., Credit Union, Fitness
Center, etc.)
The system does not apply to occasional visitors or short-term
guests to whom SBA will issue temporary identification and credentials.
CATEGORIES OF RECORDS IN THE SYSTEM:
Full name, social security number; date of birth; signature; image
(photograph); fingerprint images and minutia templates; hair color; eye
color; height; weight; organization/office of assignment; company name;
telephone number; copy of background investigation form; personal
addresses for past 5 years; high school and college attended (as
applicable); Card Holder Unique Identification Number; Personal
Identity Verification (PIV) enrollment package; PIV card issue and
expiration dates; results of background investigation; PIV request
form; PIV registrar approval signature; PIV card serial number;
emergency responder designation; copies of documents used to verify
identification or information derived from those documents; level of
national security clearance and expiration date; computer system user
name; user access and permission rights, public key certificates;
digital signature information; National Agency Check with Written
Inquiries investigation; FBI fingerprint check results; FBI National
Criminal History Name Check results.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
a. 5 U.S.C. 301; Federal Information Security Act (Pub. L. 104-106,
sec. 5113)
b. Electronic Government Act (Pub. L. 104-347, sec. 203)
c. Paperwork Reduction Act of 1995 (44 U.S.C. 3501)
d. Government Paperwork Elimination Act (Pub. L. 105-277, 44 U.S.C.
3504)
e. Homeland Security Presidential Directive (HSPD) 12, Policy for a
Common Identification Standard for Federal Employees and Contractors,
August 27, 2004
f. Federal Property and Administrative Act of 1949, as amended.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES, THESE RECORDS MAY BE USED,
DISCLOSED OR REFERRED:
a. To a Congressional Office from an individual's record, when the
office is inquiring on the individual's behalf with waiver; the
Member's access rights are no greater than the individual's.
b. To the National Archives and Records Administration or to the
General Services Administration for records management inspections
conducted under 44 U.S.C. 2904 and 2906.
c. To SBA contractors, grantees, or volunteers who have been
engaged to assist the SBA in the performance of a contract service,
grant, cooperative agreement, or other activity related to this system
of records and who need to have access to the records in order to
perform their activity. Recipients shall be required to comply with the
requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
d. To a Federal, State, local, foreign, or tribal or other public
authority of the fact that this system of records contains information
relevant to the retention of an employee, the retention of a security
clearance, the letting of a contract, or the issuance or retention of a
license, grant, or other benefit with appropriate restrictions on
further disclosure.
e. To the Office of Management and Budget (OMB) when necessary to
the review of private relief legislation pursuant to OMB Circular No.
A-19.
f. To a Federal, State, or local agency, or other appropriate
entities or individuals, or through established liaison channels to
selected foreign governments, in order to enable an intelligence agency
to carry out its responsibilities under the National Security Act of
1947 as amended, the CIA Act of 1949 as amended, Executive Order 12333
or any successor order, applicable national security directives, or
classified implementing procedures approved by the Attorney General and
promulgated pursuant to such statutes, orders or directives.
g. To notify another Federal agency when, or verify whether, a PIV
card is no longer valid.
h. To a supervisor or manager in order to verify employee time and
attendance record for personnel actions.
Note: Disclosures within SBA of data pertaining to date and time
of entry and exit of an agency employee working in the District of
Columbia may not be made to supervisors, managers or any other
persons (other than the individual to whom the information applies)
to verify employee time and attendance record for personnel actions
because 5 U.S.C. 6106 prohibits Federal Executive agencies (other
than the Bureau of Engraving and Printing) from using a recording
clock within the District of Columbia, unless used as a part of a
flexible schedule program under 5 U.S.C. 6120 et seq.
i. To the Department of Justice (DOJ) when any of the following is
a party to litigation or has an interest in such litigation, and the
use of such records by the DOJ is deemed by the agency to be relevant
and necessary to the litigation, provided, however, that in each case,
the agency determines the disclosure of the records to the DOJ is a use
of the information contained in the records that is compatible with the
purpose for which the records were collected:
(1) The agency, or any component thereof;
(2) Any employee of the agency in his or her official capacity;
(3) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee; or
(4) The United States Government, where the agency determines that
[[Page 58041]]
litigation is likely to affect the agency or any of its components.
j. In a proceeding before a court, or adjudicative body, or a
dispute resolution body before which the agency is authorized to appear
or before which any of the following is a party to litigation or has an
interest in litigation, provided, however, that the agency determines
that the use of such records is relevant and necessary to the
litigation, and that, in each case, the agency determines that
disclosure of the records to a court or other adjudicative body is a
use of the information contained in the records that is compatible with
the purpose for which the records were collected:
(1) The agency, or any component thereof;
(2) Any employee of the agency in his or her official capacity;
(3) Any employee of the agency in his or her individual capacity
where the DOJ has agreed to represent the employee; or
(4) The United States Government, where the agency determines that
litigation is likely to affect the agency or any of its components.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS:
STORAGE:
Records are stored in electronic media and in paper files and not
on the card.
RETRIEVABILITY:
Records are retrievable by name, social security number, PIV card
serial number, or Card Holder Unique Identification Number.
SAFEGUARDS:
Paper records are kept in locked cabinets in secure facilities and
access to them is restricted to individuals whose role requires use of
the records. Access to facilities will be controlled by the PIV card.
The System requires a PIV card to log on and to digitally sign
transactions. The computer servers in which records are stored are
located in facilities that are secured by alarm systems and off-master
key access. The computer servers themselves are password-protected.
Access to individuals working at guard stations is password-protected;
each person granted access to the system at guard stations must be
individually authorized to use the system. A Privacy Act Warning Notice
appears on the monitor screen when records containing information on
individuals are first displayed. Data exchanged between the servers and
the client PCs at the guard stations and badging office are encrypted.
Backup tapes are stored in a locked and controlled room in a secure,
off-site location.
An audit trail is maintained and reviewed periodically to identify
unauthorized access. Persons given roles in the PIV process must
complete training specific to their roles to ensure they are
knowledgeable about how to protect individually identifiable
information. The system uses the high risk confidentiality and
integrity security controls specified in the National Institute of
Standards and Technology Special Publication 800-53.
RETENTION AND DISPOSAL:
Records relating to persons covered by this system are retained in
accordance with General Records Schedule 18, Item 17. Unless retained
for specific, ongoing security investigations, for maximum security
facilities, records of access are maintained for five years and then
destroyed by wiping hard drives and shredding paper. For other
facilities, records are maintained for two years and then destroyed by
wiping hard drives and shredding paper. All other records relating to
employees are destroyed two years after ID security card expiration
date.
In accordance with FIPS 201-1, PIV Cards are deactivated within 18
hours of cardholder separation, notification of loss of card, or
expiration. The information on PIV Cards is maintained in accordance
with General Records Schedule 11, Item 4. PIV Cards that are turned in
for destruction are shredded within 90 days.
SYSTEM MANAGER(S) AND ADDRESSES:
Assistant Administrator/Human Capital Management, United States
Small Business Administration, 409 3rd Street, SW., Washington, DC
20416. Associate Administrator for Disaster Assistance, United States
Small Business Administration, 409 3rd Street, SW., Washington, DC
20416. This responsibility may be delegated.
NOTIFICATION PROCEDURES:
An individual may submit a record inquiry either in person or in
writing to the System Manager or the Senior Agency Official for
Privacy. When requesting notification of or access to records covered
by this Notice, an individual should provide his/her full name, date of
birth, and work location. An individual requesting notification of
records in person must provide identity documents sufficient to satisfy
the custodian of the records that the requester is entitled to access,
such as a government-issued photo ID. Individuals requesting
notification via mail or telephone must furnish, at minimum, name, date
of birth, social security number, and home address in order to
establish identity.
ACCESS PROCEDURES:
The Systems Manager or Senior Agency Official for Privacy will
determine the process. Requesters should reasonably specify the record
contents being sought.
CONTESTING PROCEDURES:
Same as notification procedures. Requesters should also reasonably
identify the record, specify the information they are contesting, state
the corrective action sought and the reasons for the correction along
with supporting justification showing why the record is not accurate,
timely, relevant, or complete.
SOURCE CATEGORIES:
Employee, contractor, or applicant; sponsoring SBA; former
sponsoring SBA; other Federal agencies; contract employer; former
employer.
Dated: September 22, 2006.
Christine Liu,
Departmental Privacy Officer.
[FR Doc. E6-15848 Filed 9-29-06; 8:45 am]
BILLING CODE 8025-01-P
