Privacy Act of 1974; Privacy Act System of Records, 62469-62472 [E6-17896]

Download as PDF Federal Register / Vol. 71, No. 206 / Wednesday, October 25, 2006 / Notices or counteract the anticompetitive effects of the acquisition. Developing and obtaining FDA approval for the manufacture and sale of each of the relevant products takes at least 2 years due to substantial regulatory, technological, and intellectual property barriers. In addition to regulatory barriers, penetrating the organ preservation solution market is further hindered by the reluctance of transplant surgeons to switch to a new organ preservation product. mstockstill on PROD1PC61 with NOTICES IV. Effects of the Acquisition The proposed acquisition would cause significant competitive harm to consumers in the U.S. markets for generic trazodone, generic triamterene/ HCTZ, and organ preservation solutions by eliminating actual, direct, and substantial competition between Barr and Pliva, by increasing the likelihood that Barr will be able to unilaterally exercise market power, by increasing the likelihood and degree of coordinated interaction between the few remaining competitors, and by increasing the likelihood that consumers will pay higher prices. In these markets, the evidence shows that consumers have obtained lower prices due to the competitive rivalry that exists between market participants. The evidence also shows that as new rivals have entered the markets, consumers have obtained lower prices. The acquisition would also cause significant competitive harm to consumers in the U.S. market for generic nimodipine by eliminating future competition between Barr and Pliva. V. The Consent Agreement The proposed Consent Agreement preserves competition in the generic trazodone and triamterene/HCTZ markets by requiring that Barr divest all of the Barr assets for these two products to Apotex within 10 days after the acquisition. The proposed Consent Agreement contains several provisions designed to ensure these divestitures are successful. Barr must provide various transitional services to enable Apotex to compete against Barr immediately following the divestiture. These services include providing Apotex with existing inventory of generic trazodone and triamterene/HCTZ, supplying Apotex with generic trazodone and triamterene/ HCTZ until Apotex secures FDA approval to manufacture the products for itself in its own facility, and providing Apotex with all technical assistance necessary to obtain any FDA approvals. Apotex is a reputable generic manufacturer and is well-positioned to manufacture and market the acquired VerDate Aug<31>2005 15:12 Oct 24, 2006 Jkt 211001 products and to compete effectively in those markets. In the United States, Apotex is roughly the tenth-largest generic pharmaceutical company with over 50 products. Moreover, the acquisition by Apotex does not present competitive problems in either the generic trazodone market or the generic triamterene/HCTZ market because it does not currently compete in those markets. The proposed Consent Agreement preserves the actual and potential competition in the generic nimodipine market by requiring Barr to divest the Pliva nimodipine assets to Banner no later than 10 days after the acquisition, or to divest its own nimodipine assets to Cardinal no later than 60 days after the acquisition. Banner and Cardinal are both reputable soft-gel capsule manufacturers and particularly wellpositioned to manufacture and market generic nimodipine because they are already manufacturing generic nimodipine soft-gel capsules pursuant to their respective joint ventures with Pliva and Barr. The proposed Consent Agreement preserves the competition in the organ preservation solution market by requiring Barr to divest the Pliva organ preservation solution business to New Custodiol LLC no later than 10 days after the acquisition. The Custodiol product is currently manufactured by a third party, Dr. Franz Kohler Chemie GmbH, who will continue to supply the product to new New Custodiol LLC. New Custodiol LLC is a company that was formed by Pliva’s current head of marketing for organ preservation solutions, Mr. Allen Weber, for the purpose of acquiring, marketing and selling Custodiol in the United States. New Custodiol LLC has obtained funding from venture capitalists sufficient to allow it to manufacture and sell Custodiol effectively. The combination of Mr. Allen Weber’s industry experience and venture capital backing makes New Custodiol LLC well positioned to acquire Custodiol and to restore the competition that would be lost if the proposed acquisition were to proceed unremedied. If the sale of Pliva’s Custodiol is not successful, the Consent Agreement requires that Barr divest its organ preservation solution, ViaSpan, to a Commission-approved acquirer. If the Commission determines that any of the divestitures or divestees are not acceptable, Barr must rescind the transaction(s) and divest the assets to Commission-approved buyer(s) not later than 6 months from the date the Order becomes final. If Barr fails to divest within the 6 months, the Commission PO 00000 Frm 00054 Fmt 4703 Sfmt 4703 62469 may appoint a trustee to divest the assets. The proposed remedy also allows for the appointment of an Interim Trustee, experienced in obtaining regulatory approval and the manufacture of pharmaceuticals, to oversee the technology transfer and to assist the divestees in the event of difficulties. As part of the proposed remedy, Barr is required to execute an agreement conferring all rights and powers necessary for the Interim Trustee to satisfy his responsibilities under the Order to assure successful divestitures. The Commission has appointed Mr. William Rahe to be the Interim Monitor and the divestees have consented to his selection. The monitor will ensure that the Commission remains informed about the status of the proposed divestitures and asset transfers. The purpose of this analysis is to facilitate public comment on the proposed Consent Agreement, and it is not intended to constitute an official interpretation of the proposed Consent Agreement or to modify its terms in any way. By direction of the Commission. Donald S. Clark, Secretary. [FR Doc. E6–17904 Filed 10–24–06; 8:45 am] BILLING CODE 6750–01–P GENERAL SERVICES ADMINISTRATION Privacy Act of 1974; Privacy Act System of Records General Services Administration ACTION: Notice of proposed system of records. AGENCY: SUMMARY: The General Services Administration (GSA) proposes to establish a system of records subject to the Privacy Act of 1974, 5 U.S.C. 552a. This system of records notice is for the GSA Smart Card Program (GSA/CIO–1), which covers the Homeland Security Presidential Directive 12, Policy for a Common Identification Standard for Federal Employees and Contractors (HSPD–12), process after adjudication and determines if the individual can receive identification (ID) card. The records include both mandatory and optional information necessary to the request for an ID card, registration, verification, and issuance procedures, the index/database of active and invalid ID cards, and the information stored on the ID cards. The system may include records of individuals who entered and E:\FR\FM\25OCN1.SGM 25OCN1 62470 Federal Register / Vol. 71, No. 206 / Wednesday, October 25, 2006 / Notices exited Federal facilities or accessed systems. The GSA Smart Card Program will ensure the safety and security of Federal facilities, information systems, and their occupants and users, by verifying that all persons entering Federal facilities, using Federal information resources, or accessing classified information are authorized to do so. The system also will track and control identification ID cards issued to individuals for these purposes. The system of records will become effective on December 4, 2006 unless comments received on or before that date result in a contrary determination. DATE: Comments relating to the GSA Smart Card Program should be directed to: Director, GSA HSPD–12 Smart Card Program Management Office, Office of the Chief Information Officer, General Services Administration, 1800 F Street NW., Room G–006, Washington DC 20405– 0002; telephone (202) 501–1500; fax (202) 219–5818. FOR FURTHER INFORMATION CONTACT: GSA Privacy Act Officer (CIB), General Services Administration, 1800 F Street NW, Washington, DC 20405; telephone (202) 501–1452. SUPPLEMENTARY INFORMATION: The GSA notice entitled Credentials, Passes, and Licenses (GSA/HRO–8) is cancelled. However, existing GSA forms and associated databases covered by that system will continue in effect until replaced with those covered by this notice. The existing forms include: GSA Form 48, Request and Record of Identification; GSA Form 277, Employee Identification and Authorization Credential; GSA Form 277U, Temporary Pass; GSA Form 277V, Visitor Pass; GSA Form 2941 Parking Application; as well as biometric information including photo, fingerprints and signature. The new forms and databases covered by this notice will be phased in to ensure a controlled and structured process. ADDRESSES: Dated: October 6, 2006. Cheryl M. Paige, Acting Director, Office of Information Management. mstockstill on PROD1PC61 with NOTICES GSA/CIO–1 System name: GSA Smart Card Program System location: Data are maintained in GSA Central Office databases with access from GSA regional offices. Additionally, some access control data may be located in Federal buildings and Federally-leased facilities where staffed guard stations have been established to VerDate Aug<31>2005 15:12 Oct 24, 2006 Jkt 211001 handle the GSA Smart Card Personal Identity Verification (PIV) process as well as the physical security and computer security offices at those locations. Contact the System Manager for additional information. Security classification: Most identity records are not classified. However, in some cases, records of certain individuals or portions of some records may be classified in the interest of national security. Categories of individuals covered by the system: Individuals who require regular, ongoing access to agency facilities, information technology systems, or information classified in the interest of national security, including: a. Applicants for employment or contracts b. Federal employees c. Contractors d. Students e. Interns f. Volunteers g. Individuals formerly in any of these positions Also included are individuals authorized to perform or use services provided in agency facilities (e.g., Credit Union, Fitness Center, Cafeteria, etc.). The system does not apply to occasional visitors or short-term guests, to whom GSA will issue temporary identification and credentials. Categories of records in the system: a. Records maintained on individuals issued credentials by GSA include the following data fields: • Full name, • Social Security Number (SSN) • Date of birth • Signature • Image (photograph) • Fingerprints • Hair color • Eye color • Height • Organization / office of assignment • Company / agency name • Telephone number • ID card issuance and expiration dates • ID card request form • Registrar approval signature • ID card number • Emergency responder designation • Copies of documents used to verify identification or information derived from those documents such as document title, document issuing authority, document number, document expiration date, other document information b. Records maintained on cardholders entering GSA facilities or using GSA systems may include: • Name PO 00000 Frm 00055 Fmt 4703 Sfmt 4703 • ID card number • Date and Time of entry/exit • Location of entry and exit • Computer access dates, times, and locations Authorities for maintenance of the system: a. 5 U.S.C. 301; b. Federal Information Security Management Act (Pub. L. 107–296); c. E-Government Act (Pub. L. 107– 347, Sec. 203); d. Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et al.) e. Government Paperwork Elimination Act (Pub. L. 105–277, 44 U.S.C. 3504); f. Homeland Security Presidential Directive 12 (HSPD–12), Policy for a Common Identification Standard for Federal Employees and Contractors, August 27, 2004; and g. Federal Property and Administrative Services Act of 1949, as amended. Purpose: The primary purposes of the system are: a. To ensure the safety and security of GSA facilities, systems or information, and our occupants and users; b. To verify that all persons entering federal facilities, using federal information resources, or accessing classified information are authorized to do so; and c. To track and control ID cards issued to persons entering and exiting the facilities, using systems, or accessing classified information. Routine uses of the system records, including categories of users and their purpose for using the system: Information about covered individuals may be disclosed without consent as permitted by the Privacy Act of 1974, 5 U.S.C. § 552a(b), and: a. To the Department of Justice when: (1) GSA or any component thereof; (2) any employee of GSA in his or her official capacity; (3) any employee of GSA in his or her individual capacity where GSA or the Department of Justice (DOJ) has agreed to represent the employee; or (4) the United States Government, is a party to litigation or has an interest in such litigation, and by careful review, GSA determines that the records are both relevant and necessary to the litigation, and the use of such records by DOJ is therefore deemed by GSA to be for a purpose compatible with the purpose for which GSA collected the records. b. To a court or adjudicative body in a proceeding when: (1) GSA or any component thereof; (2) any employee of GSA in his or her official capacity; (3) any employee of GSA in his or her E:\FR\FM\25OCN1.SGM 25OCN1 mstockstill on PROD1PC61 with NOTICES Federal Register / Vol. 71, No. 206 / Wednesday, October 25, 2006 / Notices individual capacity where GSA or the Department of Justice has agreed to represent the employee; or (4) the United States Government, is a party to litigation or has an interest in such litigation, and by careful review, GSA determines that the records are both relevant and necessary to the litigation, and the use of such records is therefore deemed by GSA to be for a purpose that is compatible with the purpose for which the agency collected the records. c. Except as noted on Forms SF 85, 85–P, and 86, when a record on its face, or in conjunction with other records, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or order issued pursuant thereto, disclosure may be made to the appropriate public authority, whether Federal, foreign, State, local, or tribal, or otherwise responsible for enforcing, investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto, if the information disclosed is relevant to any enforcement, regulatory, investigative or prosecutorial responsibility of the receiving entity. d. To a Member of Congress or to a Congressional staff member in response to an inquiry of the Congressional office made at the written request of the constituent whose record is maintained. e. To the National Archives and Records Administration for records management purposes. f. To agency contractors, grantees, or volunteers who have been engaged to assist the agency in the performance of a contract service, grant, cooperative agreement, or other activity related to this system of records and who need to have access to the records in order to perform their activity. Recipients shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. § 552a. g. To a Federal, State, local, foreign, tribal, or other public authority the fact that this system of records contains information relevant to the retention of an employee, the retention of a security clearance, the letting of a contract, or the issuance or retention of a license, grant, or other benefit. The other agency or licensing organization may then make a request supported by the written consent of the individual for the entire record if it so chooses. No disclosure will be made unless the information has been determined to be sufficiently reliable to support a referral to another office within the agency or to another Federal agency for criminal, civil, VerDate Aug<31>2005 15:12 Oct 24, 2006 Jkt 211001 administrative, personnel, or regulatory action. h. To the Office of Management and Budget when necessary to the review of private relief legislation pursuant to OMB Circular No. A-19. i. To a Federal, State, or local agency, or other appropriate entities or individuals, or through established liaison channels to selected foreign governments, in order to enable an intelligence agency to carry out its responsibilities under the National Security Act of 1947 as amended, the CIA Act of 1949 as amended, Executive Order 12333 or any successor order, applicable national security directives, or classified implementing procedures approved by the Attorney General and promulgated pursuant to such statutes, orders, or directives. j. To notify another federal agency when, or verify whether, an ID card is no longer valid. Note: Disclosures within GSA of data pertaining to date and time of entry and exit of an agency employee working in the District of Columbia may not be made to supervisors, managers or any other persons (other than the individual to whom the information applies) to verify employee time and attendance record for personnel actions because 5 U.S.C. § 6106 prohibits Federal executive agencies (other than the Bureau of Engraving and Printing) from using a recording clock within the District of Columbia, unless used as a part of a flexible schedule program under 5 U.S.C. § 6120 et seq. Policies and practices for storing, retrieving, accessing, retaining, and disposing of system records: Storage: Information may be collected on paper or electronically and may be stored on paper or on electronic media, as appropriate. Retrievability: Records are retrievable by name, Social Security Number, other ID number, ID card number, image (photograph), and fingerprint. Safeguards: Paper records are kept in locked cabinets in secure facilities and access to them is restricted to individuals whose role requires use of the records. The computer servers in which records are stored are located in facilities that are secured by alarm systems and off-master key access. The computer servers themselves are password-protected. Access to individuals working at guard stations is password-protected; each person granted access by the system at guard stations must be individually authorized to use the system. A Privacy Act Warning Notice appears on the monitor PO 00000 Frm 00056 Fmt 4703 Sfmt 4703 62471 screen when records containing information on individuals are first displayed. Data exchanged between the servers and the client PCs at the guard stations and badging office are encrypted. Backup tapes are stored in a locked and controlled room in a secure, off-site location. Each of the component computer servers at the GSA Regions, or at the contract Card Production and Card Management Systems has been only authorized to act when it has been Certified and Accredited in accord with GSA Information Technology Security Policy and HSPD–12 criteria. This Certification is updated periodically on a 3 year basis, or less if cause to do so has become apparent. An audit trail is maintained and reviewed periodically to identify unauthorized access. Persons given roles in the personal identity verification process must complete training specific to their roles to ensure they are knowledgeable about how to protect individually identifiable information. Retention and disposal: Records relating to persons covered by this system are retained in accordance with General Records Schedule 18, Item 17. Unless retained for specific, ongoing security investigations for maximum security facilities, records of access are maintained for five years and then destroyed by degaussing hard drives and shredding paper. For other facilities, records are maintained for two years and then destroyed by wiping hard drives and shredding paper. All other records relating to employees are destroyed two years after the ID card expiration date. In accordance with HSPD–12, ID cards are deactivated within 18 hours of cardholder separation, loss of card, or expiration. The information on ID cards is maintained in accordance with General Records Schedule 11, Item 4. ID cards are destroyed by shredding 90 days after deactivation. Once notification of deactivation has been received, the ID number is placed on a revocation list within no more than 2 hours, which immediately invalidates the access privileges for that card in accord with GSA policy. System manager and address: Director, GSA HSPD–12 Smart Card Program Management Office Office of the Chief Information Officer 1800 F Street NW, Room G–006 Washington DC 20405–0002 Notification procedure: An individual can determine if this system contains a record pertaining to him/her by sending a request in writing, signed, to the System Manager at the above address. E:\FR\FM\25OCN1.SGM 25OCN1 62472 Federal Register / Vol. 71, No. 206 / Wednesday, October 25, 2006 / Notices When requesting notification of or access to records covered by this notice, an individual should provide his/her full name, date of birth, agency name, and work location. An individual requesting notification of records in person must provide identity documents sufficient to satisfy the custodian of the records that the requester is entitled to access, such as a government-issued photo ID. Record access procedures: Same as notification procedures. Requesters also should reasonably specify the record contents being sought. Rules regarding access to Privacy Act records appear in 41 CFR part 105–64. If additional information or assistance is required, contact the GSA Privacy Act Officer (CIB), General Services Administration, 1800 F Street NW, Washington, DC 20405; telephone (202) 501–1452. Contesting record procedures: Same as notification procedures. Requesters also should reasonably identify the record, specify the information they are contesting, state the corrective action sought and the reasons for the correction, along with supporting justification showing why the record is not accurate, timely, relevant, or complete. Rules regarding amendment of Privacy Act records appear in 41 CFR part 105–64. If additional information or assistance is required, contact the GSA Privacy Act Officer. Record source categories: Employee, contractor, or applicant; sponsoring agency; former sponsoring agency; other Federal agencies; contract employer; former employer. Exemptions claimed for the system: None. Counsel, Office of General Counsel and Legal Policy, Office of Government Ethics, Suite 500, 1201 New York Avenue, NW., Washington, DC 20005– 3917; OGE Internet E-mail: usoge@oge.gov (for E-mail messages, the subject line should include the following reference—‘‘No FEAR Act Notice’’); Telephone: 202–482–9274; TDD: 202–482–9293; FAX: 202–482– 9237. A copy of the No FEAR Act Notice will be posted on OGE’s Web site (http://www.usoge.gov). Persons who cannot access this No FEAR Act notice through the Internet may request a paper or electronic copy by contacting Mr. Salamone at the address, E-mail address, telephone numbers, or FAX number listed above. SUPPLEMENTARY INFORMATION: On May 15, 2002, Congress enacted the ‘‘Notification and Federal Employee Antidiscrimination and Retaliation Act of 2002,’’ which is now known as the No FEAR Act. One purpose of the Act is to require that Federal agencies be accountable for violations of antidiscrimination and whistleblower protection laws. In support of this purpose, Congress found that ‘‘agencies cannot be run effectively if those agencies practice or tolerate discrimination.’’ Public Law 107–174, Section 101(1), 116 Stat. 566. The Act also requires this Agency to provide this notice to Federal employees, former Federal employees and applicants for Federal employment to inform them of the rights and protections available to them under Federal antidiscrimination, whistleblower protection, and retaliation laws. [FR Doc. E6–17896 Filed 10–24–06; 8:45 am] Antidiscrimination Laws BILLING CODE 6820–34–S A Federal agency cannot discriminate against an employee or applicant with respect to the terms, conditions or privileges of employment on the basis of race, color, religion, sex, national origin, age, disability, marital status or political affiliation. Discrimination on these bases is prohibited by one or more of the following statutes: 5 U.S.C. 2302(b)(1), 29 U.S.C. 206(d), 29 U.S.C. 631, 29 U.S.C. 633a, 29 U.S.C. 791 and 42 U.S.C. 2000e–16. If you believe that you have been the victim of unlawful discrimination on the basis of race, color, religion, sex, national origin or disability, you must contact an Equal Employment Opportunity (EEO) counselor within 45 calendar days of the alleged discriminatory action, or, in the case of a personnel action, within 45 calendar days of the effective date of the action, before you can file a formal complaint of discrimination with your agency. See, OFFICE OF GOVERNMENT ETHICS No FEAR Act Notice AGENCY: Office of Government Ethics (OGE). mstockstill on PROD1PC61 with NOTICES ACTION: Notice. SUMMARY: The Office of Government Ethics is publishing this notice under the ‘‘Notification and Federal Employee Antidiscrimination and Retaliation Act of 2002,’’ which is known as the No FEAR Act, to inform current employees, former employees, and applicants for OGE employment of the rights and protections available to them under Federal antidiscrimination, whistleblower protection and retaliation laws. FOR FURTHER INFORMATION CONTACT: Vincent J. Salamone, Associate General VerDate Aug<31>2005 15:12 Oct 24, 2006 Jkt 211001 PO 00000 Frm 00057 Fmt 4703 Sfmt 4703 e.g., 29 CFR part 1614. If you believe that you have been the victim of unlawful discrimination on the basis of age, you must either contact an EEO counselor as noted above or give notice of intent to sue to the Equal Employment Opportunity Commission (EEOC) within 180 calendar days of the alleged discriminatory action. If you are alleging discrimination based on marital status or political affiliation, you may file a written complaint with the U.S. Office of Special Counsel (OSC) at 1730 M Street, NW., Suite 218, Washington, DC 20036–4505 or online through the OSC Web site—http://www.osc.gov. In the alternative (or in some cases, in addition), you may pursue a discrimination complaint by filing a grievance through your agency’s administrative or negotiated grievance procedures, if such procedures apply and are available. Whistleblower Protection Laws A Federal employee with authority to take, direct others to take, recommend or approve any personnel action must not use that authority to take or fail to take, or threaten to take or fail to take, a personnel action against an employee or applicant because of disclosure of information by that individual that is reasonably believed to evidence violations of law, rule or regulation; gross mismanagement; gross waste of funds; an abuse of authority; or a substantial and specific danger to public health or safety, unless disclosure of such information is specifically prohibited by law and such information is specifically required by Executive order to be kept secret in the interest of national defense or the conduct of foreign affairs. Retaliation against an employee or applicant for making a protected disclosure is prohibited by 5 U.S.C. 2302(b)(8). If you believe that you have been the victim of whistleblower retaliation, you may file a written complaint (Form OSC–11) with OSC at 1730 M Street, NW., Suite 218, Washington, DC 20036–4505 or online through the OSC Web site—http:// www.osc.gov. Retaliation for Engaging in Protected Activity A Federal agency cannot retaliate against an employee or applicant because that individual exercises his or her rights under any of the Federal antidiscrimination or whistleblower protection laws listed above. If you believe that you are the victim of retaliation for engaging in protected activity, you must follow, as appropriate, the procedures described in E:\FR\FM\25OCN1.SGM 25OCN1

Agencies

[Federal Register Volume 71, Number 206 (Wednesday, October 25, 2006)]
[Notices]
[Pages 62469-62472]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E6-17896]


=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION


Privacy Act of 1974; Privacy Act System of Records

AGENCY:  General Services Administration

ACTION:  Notice of proposed system of records.

-----------------------------------------------------------------------

SUMMARY:  The General Services Administration (GSA) proposes to 
establish a system of records subject to the Privacy Act of 1974, 5 
U.S.C. 552a. This system of records notice is for the GSA Smart Card 
Program (GSA/CIO-1), which covers the Homeland Security Presidential 
Directive 12, Policy for a Common Identification Standard for Federal 
Employees and Contractors (HSPD-12), process after adjudication and 
determines if the individual can receive identification (ID) card. The 
records include both mandatory and optional information necessary to 
the request for an ID card, registration, verification, and issuance 
procedures, the index/database of active and invalid ID cards, and the 
information stored on the ID cards. The system may include records of 
individuals who entered and

[[Page 62470]]

exited Federal facilities or accessed systems.
    The GSA Smart Card Program will ensure the safety and security of 
Federal facilities, information systems, and their occupants and users, 
by verifying that all persons entering Federal facilities, using 
Federal information resources, or accessing classified information are 
authorized to do so. The system also will track and control 
identification ID cards issued to individuals for these purposes.

DATE:  The system of records will become effective on December 4, 2006 
unless comments received on or before that date result in a contrary 
determination.

ADDRESSES: Comments relating to the GSA Smart Card Program should be 
directed to: Director, GSA HSPD-12 Smart Card Program Management 
Office, Office of the Chief Information Officer, General Services 
Administration, 1800 F Street NW., Room G-006, Washington DC 20405-
0002; telephone (202) 501-1500; fax (202) 219-5818.

FOR FURTHER INFORMATION CONTACT: GSA Privacy Act Officer (CIB), General 
Services Administration, 1800 F Street NW, Washington, DC 20405; 
telephone (202) 501-1452.

SUPPLEMENTARY INFORMATION: The GSA notice entitled Credentials, Passes, 
and Licenses (GSA/HRO-8) is cancelled. However, existing GSA forms and 
associated databases covered by that system will continue in effect 
until replaced with those covered by this notice. The existing forms 
include: GSA Form 48, Request and Record of Identification; GSA Form 
277, Employee Identification and Authorization Credential; GSA Form 
277U, Temporary Pass; GSA Form 277V, Visitor Pass; GSA Form 2941 
Parking Application; as well as biometric information including photo, 
fingerprints and signature. The new forms and databases covered by this 
notice will be phased in to ensure a controlled and structured process.

    Dated: October 6, 2006.
Cheryl M. Paige,
Acting Director, Office of Information Management.

GSA/CIO-1

    System name: GSA Smart Card Program
    System location: Data are maintained in GSA Central Office 
databases with access from GSA regional offices. Additionally, some 
access control data may be located in Federal buildings and Federally-
leased facilities where staffed guard stations have been established to 
handle the GSA Smart Card Personal Identity Verification (PIV) process 
as well as the physical security and computer security offices at those 
locations. Contact the System Manager for additional information.
    Security classification: Most identity records are not classified. 
However, in some cases, records of certain individuals or portions of 
some records may be classified in the interest of national security.
    Categories of individuals covered by the system: Individuals who 
require regular, ongoing access to agency facilities, information 
technology systems, or information classified in the interest of 
national security, including:
    a. Applicants for employment or contracts
    b. Federal employees
    c. Contractors
    d. Students
    e. Interns
    f. Volunteers
    g. Individuals formerly in any of these positions
    Also included are individuals authorized to perform or use services 
provided in agency facilities (e.g., Credit Union, Fitness Center, 
Cafeteria, etc.).
    The system does not apply to occasional visitors or short-term 
guests, to whom GSA will issue temporary identification and 
credentials.

Categories of records in the system:

    a. Records maintained on individuals issued credentials by GSA 
include the following data fields:
     Full name,
     Social Security Number (SSN)
     Date of birth
     Signature
     Image (photograph)
     Fingerprints
     Hair color
     Eye color
     Height
     Organization / office of assignment
     Company / agency name
     Telephone number
     ID card issuance and expiration dates
     ID card request form
     Registrar approval signature
     ID card number
     Emergency responder designation
     Copies of documents used to verify identification or 
information derived from those documents such as document title, 
document issuing authority, document number, document expiration date, 
other document information
    b. Records maintained on cardholders entering GSA facilities or 
using GSA systems may include:
     Name
     ID card number
     Date and Time of entry/exit
     Location of entry and exit
     Computer access dates, times, and locations

Authorities for maintenance of the system:

    a. 5 U.S.C. 301;
    b. Federal Information Security Management Act (Pub. L. 107-296);
    c. E-Government Act (Pub. L. 107-347, Sec. 203);
    d. Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et al.)
    e. Government Paperwork Elimination Act (Pub. L. 105-277, 44 U.S.C. 
3504);
    f. Homeland Security Presidential Directive 12 (HSPD-12), Policy 
for a Common Identification Standard for Federal Employees and 
Contractors, August 27, 2004; and
    g. Federal Property and Administrative Services Act of 1949, as 
amended.
    Purpose: The primary purposes of the system are:
    a. To ensure the safety and security of GSA facilities, systems or 
information, and our occupants and users;
    b. To verify that all persons entering federal facilities, using 
federal information resources, or accessing classified information are 
authorized to do so; and
    c. To track and control ID cards issued to persons entering and 
exiting the facilities, using systems, or accessing classified 
information.

Routine uses of the system records, including categories of users and 
their purpose for using the system:

    Information about covered individuals may be disclosed without 
consent as permitted by the Privacy Act of 1974, 5 U.S.C. Sec.  
552a(b), and:
    a. To the Department of Justice when: (1) GSA or any component 
thereof; (2) any employee of GSA in his or her official capacity; (3) 
any employee of GSA in his or her individual capacity where GSA or the 
Department of Justice (DOJ) has agreed to represent the employee; or 
(4) the United States Government, is a party to litigation or has an 
interest in such litigation, and by careful review, GSA determines that 
the records are both relevant and necessary to the litigation, and the 
use of such records by DOJ is therefore deemed by GSA to be for a 
purpose compatible with the purpose for which GSA collected the 
records.
    b. To a court or adjudicative body in a proceeding when: (1) GSA or 
any component thereof; (2) any employee of GSA in his or her official 
capacity; (3) any employee of GSA in his or her

[[Page 62471]]

individual capacity where GSA or the Department of Justice has agreed 
to represent the employee; or (4) the United States Government, is a 
party to litigation or has an interest in such litigation, and by 
careful review, GSA determines that the records are both relevant and 
necessary to the litigation, and the use of such records is therefore 
deemed by GSA to be for a purpose that is compatible with the purpose 
for which the agency collected the records.
    c. Except as noted on Forms SF 85, 85-P, and 86, when a record on 
its face, or in conjunction with other records, indicates a violation 
or potential violation of law, whether civil, criminal, or regulatory 
in nature, and whether arising by general statute or particular program 
statute, or by regulation, rule, or order issued pursuant thereto, 
disclosure may be made to the appropriate public authority, whether 
Federal, foreign, State, local, or tribal, or otherwise responsible for 
enforcing, investigating or prosecuting such violation or charged with 
enforcing or implementing the statute, or rule, regulation, or order 
issued pursuant thereto, if the information disclosed is relevant to 
any enforcement, regulatory, investigative or prosecutorial 
responsibility of the receiving entity.
    d. To a Member of Congress or to a Congressional staff member in 
response to an inquiry of the Congressional office made at the written 
request of the constituent whose record is maintained.
    e. To the National Archives and Records Administration for records 
management purposes.
    f. To agency contractors, grantees, or volunteers who have been 
engaged to assist the agency in the performance of a contract service, 
grant, cooperative agreement, or other activity related to this system 
of records and who need to have access to the records in order to 
perform their activity. Recipients shall be required to comply with the 
requirements of the Privacy Act of 1974, as amended, 5 U.S.C. Sec.  
552a.
    g. To a Federal, State, local, foreign, tribal, or other public 
authority the fact that this system of records contains information 
relevant to the retention of an employee, the retention of a security 
clearance, the letting of a contract, or the issuance or retention of a 
license, grant, or other benefit. The other agency or licensing 
organization may then make a request supported by the written consent 
of the individual for the entire record if it so chooses. No disclosure 
will be made unless the information has been determined to be 
sufficiently reliable to support a referral to another office within 
the agency or to another Federal agency for criminal, civil, 
administrative, personnel, or regulatory action.
    h. To the Office of Management and Budget when necessary to the 
review of private relief legislation pursuant to OMB Circular No. A-19.
    i. To a Federal, State, or local agency, or other appropriate 
entities or individuals, or through established liaison channels to 
selected foreign governments, in order to enable an intelligence agency 
to carry out its responsibilities under the National Security Act of 
1947 as amended, the CIA Act of 1949 as amended, Executive Order 12333 
or any successor order, applicable national security directives, or 
classified implementing procedures approved by the Attorney General and 
promulgated pursuant to such statutes, orders, or directives.
    j. To notify another federal agency when, or verify whether, an ID 
card is no longer valid.
    Note: Disclosures within GSA of data pertaining to date and time of 
entry and exit of an agency employee working in the District of 
Columbia may not be made to supervisors, managers or any other persons 
(other than the individual to whom the information applies) to verify 
employee time and attendance record for personnel actions because 5 
U.S.C. Sec.  6106 prohibits Federal executive agencies (other than the 
Bureau of Engraving and Printing) from using a recording clock within 
the District of Columbia, unless used as a part of a flexible schedule 
program under 5 U.S.C. Sec.  6120 et seq.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of system records:

    Storage: Information may be collected on paper or electronically 
and may be stored on paper or on electronic media, as appropriate.
    Retrievability: Records are retrievable by name, Social Security 
Number, other ID number, ID card number, image (photograph), and 
fingerprint.
    Safeguards: Paper records are kept in locked cabinets in secure 
facilities and access to them is restricted to individuals whose role 
requires use of the records.
    The computer servers in which records are stored are located in 
facilities that are secured by alarm systems and off-master key access. 
The computer servers themselves are password-protected. Access to 
individuals working at guard stations is password-protected; each 
person granted access by the system at guard stations must be 
individually authorized to use the system. A Privacy Act Warning Notice 
appears on the monitor screen when records containing information on 
individuals are first displayed. Data exchanged between the servers and 
the client PCs at the guard stations and badging office are encrypted. 
Backup tapes are stored in a locked and controlled room in a secure, 
off-site location. Each of the component computer servers at the GSA 
Regions, or at the contract Card Production and Card Management Systems 
has been only authorized to act when it has been Certified and 
Accredited in accord with GSA Information Technology Security Policy 
and HSPD-12 criteria. This Certification is updated periodically on a 3 
year basis, or less if cause to do so has become apparent.
    An audit trail is maintained and reviewed periodically to identify 
unauthorized access. Persons given roles in the personal identity 
verification process must complete training specific to their roles to 
ensure they are knowledgeable about how to protect individually 
identifiable information.
    Retention and disposal: Records relating to persons covered by this 
system are retained in accordance with General Records Schedule 18, 
Item 17. Unless retained for specific, ongoing security investigations 
for maximum security facilities, records of access are maintained for 
five years and then destroyed by degaussing hard drives and shredding 
paper. For other facilities, records are maintained for two years and 
then destroyed by wiping hard drives and shredding paper. All other 
records relating to employees are destroyed two years after the ID card 
expiration date.
    In accordance with HSPD-12, ID cards are deactivated within 18 
hours of cardholder separation, loss of card, or expiration. The 
information on ID cards is maintained in accordance with General 
Records Schedule 11, Item 4. ID cards are destroyed by shredding 90 
days after deactivation. Once notification of deactivation has been 
received, the ID number is placed on a revocation list within no more 
than 2 hours, which immediately invalidates the access privileges for 
that card in accord with GSA policy.
    System manager and address:
    Director, GSA HSPD-12 Smart Card Program Management Office
    Office of the Chief Information Officer
    1800 F Street NW, Room G-006
    Washington DC 20405-0002
    Notification procedure: An individual can determine if this system 
contains a record pertaining to him/her by sending a request in 
writing, signed, to the System Manager at the above address.

[[Page 62472]]

    When requesting notification of or access to records covered by 
this notice, an individual should provide his/her full name, date of 
birth, agency name, and work location. An individual requesting 
notification of records in person must provide identity documents 
sufficient to satisfy the custodian of the records that the requester 
is entitled to access, such as a government-issued photo ID.
    Record access procedures: Same as notification procedures. 
Requesters also should reasonably specify the record contents being 
sought. Rules regarding access to Privacy Act records appear in 41 CFR 
part 105-64. If additional information or assistance is required, 
contact the GSA Privacy Act Officer (CIB), General Services 
Administration, 1800 F Street NW, Washington, DC 20405; telephone (202) 
501-1452.
    Contesting record procedures: Same as notification procedures. 
Requesters also should reasonably identify the record, specify the 
information they are contesting, state the corrective action sought and 
the reasons for the correction, along with supporting justification 
showing why the record is not accurate, timely, relevant, or complete. 
Rules regarding amendment of Privacy Act records appear in 41 CFR part 
105-64. If additional information or assistance is required, contact 
the GSA Privacy Act Officer.
    Record source categories: Employee, contractor, or applicant; 
sponsoring agency; former sponsoring agency; other Federal agencies; 
contract employer; former employer.
    Exemptions claimed for the system: None.
[FR Doc. E6-17896 Filed 10-24-06; 8:45 am]
BILLING CODE 6820-34-S