Proposed Privacy Act System of Records, 54190-54192 [2011-22241]

Agencies

• DEPARTMENT OF AGRICULTURE

[Federal Register Volume 76, Number 169 (Wednesday, August 31, 2011)]
[Notices]
[Pages 54190-54192]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2011-22241]


========================================================================
Notices
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains documents other than rules 
or proposed rules that are applicable to the public. Notices of hearings 
and investigations, committee meetings, agency decisions and rulings, 
delegations of authority, filing of petitions and applications and agency 
statements of organization and functions are examples of documents 
appearing in this section.

========================================================================


Federal Register / Vol. 76, No. 169 / Wednesday, August 31, 2011 / 
Notices

[[Page 54190]]



DEPARTMENT OF AGRICULTURE


Proposed Privacy Act System of Records

AGENCY: Office of the Chief Information Officer (OCIO), Departmental 
Management (DM).

ACTION: Notice of Proposed Privacy Act System of Records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, as amended, the U.S. Department of Agriculture (USDA), OCIO gives 
notice of a new Privacy Act System of Records.

DATES: This notice will be effective without further notice on October 
31, 2011 unless modified by a subsequent notice to incorporate comments 
received from the public. Written or electronic comments must be 
received by the contact person listed below on or before September 30, 
2011 to be assured consideration.

ADDRESSES: You may submit written or electronic comments on this notice 
by any of the following methods:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the online instructions for submitting comments.
     Mail: Phyllis Holmes, Compliance Officer, DM, USDA, 1400 
Independence Avenue, Room 2916, SW., Washington, DC 20250.
     E-mail: Phyllis.Holmes@dm.usda.gov.
     Fax: (202) 720-0105.

    All comments will become a matter of public record and should be 
identified as ``FOIAXpress System of Records Comments,'' making 
reference to the date and page number of this issue of the Federal 
Register. Comments will be available for public inspection in the above 
office during regular business hours (7 CFR 1.27(b)). Please call 
Phyllis Holmes at (202) 720-0068 to make an appointment to read 
comments.

FOR FURTHER INFORMATION CONTACT: Phyllis Holmes, Compliance Officer, 
DM, USDA, at (202) 720-0068.

SUPPLEMENTARY INFORMATION: The Freedom of Information Act (FOIA), 5 
U.S.C. 552, was enacted in 1966 and gives any person the right to 
request access to almost any Federal agency record, except those 
protected from disclosure by legal exemptions and exclusions (e.g., 
classified national security, business proprietary, personal privacy, 
and investigative documents). The public may submit a FOIA request to 
USDA by sending a written request for the records directly to the USDA 
component responsible for the records sought. In addition, the Privacy 
Act, 5 U.S.C. 552a, provides individuals with certain rights to request 
and amend information maintained by USDA about them. In addition, the 
Privacy Act restricts USDA's ability to disclose certain information 
about individuals maintained in an agency Privacy Act System of 
Records. Individuals may submit Privacy Act requests to USDA in writing 
in accordance with USDA Privacy Act procedures.
    In March, 2009, Attorney General Eric Holder issued comprehensive 
new FOIA guidelines. In addition to establishing criteria governing the 
presumption of disclosure, the Attorney General's FOIA guidelines 
emphasized that agencies must have effective systems in place for 
responding to FOIA requests. In response, the USDA Freedom of 
Information Act Express (FX) Project was undertaken to increase 
openness with the public and to address the current lack of 
standardized reporting and tracking of USDA's FOIA data and information 
requests. Currently, USDA's FOIA program is decentralized, with each 
mission area and agency managing its respective FOIA programs. At the 
end of each year, each agency must collect and report the appropriate 
data for the FOIA Annual Report. Currently the annual reporting process 
is manual and time consuming.
    The purpose of the USDA FX system is to transform the USDA FOIA 
management experience from a manual task to an efficient business 
process across the enterprise. This technology implementation will 
allow for real-time tracking, management, centralized oversight, and 
quality control across the USDA FOIA program. With FX, USDA agencies 
anticipate a more efficient process, resulting in quicker responses to 
requests for information. In addition, the process of capturing, 
collating, and calculating values for the Annual Report will be 
enhanced and fully automated. As a result, the USDA FOIA program will 
be streamlined. The USDA FOIA Officer will be able to maintain a real 
time snapshot of the activities of every agency at any given time.

    Signed at Washington, DC, on August 19, 2011.
Pearlie S. Reed,
Assistant Secretary of Agriculture for Administration.

System Name:
    Freedom of Information Act Express (FX).

Security Classification:
    None.

System Location:
    The records in this system are collected in a Web-based system 
located on servers in Gaithersburg, Maryland. The system is an 
enterprise solution that operates through USDA. A list of USDA FOIA 
servicing centers can be found at https://www.dm.usda.gov/foia_public_liaisons.htm. FX will be used by FOIA servicing centers and staff 
offices responsible for processing FOIA and Privacy Act requests 
throughout USDA.

Categories of Individuals Covered by the System:
    Individuals covered by this system of records include: individuals 
who submit FOIA requests, FOIA appeals, and Privacy Act requests and 
appeals to USDA; individuals whose requests, appeals, and/or records 
have been referred to USDA by other agencies; attorneys or other 
persons representing individuals submitting such requests and appeals 
or litigation; individuals who are the subjects of such requests; and 
government personnel assigned to handle such requests or appeals.

Categories of Records in the System:
    Categories of records in this system may include the following 
records received, created, or compiled in processing FOIA and Privacy 
Act requests or appeals: Original requests and administrative appeals; 
documents relating to payment of FOIA fees; correspondence between the 
agency and the FOIA or Privacy Act requester; and internal agency 
records relating to the processing of FOIA and Privacy Act requests and 
appeals. In some cases, the

[[Page 54191]]

records responsive to the request may be included in the database.
    Types of information in the records may include requesters' and 
their attorneys' or representatives' names, addresses, e-mail 
addresses, telephone numbers, and FOIA case numbers; office telephone 
numbers, and office routing symbols of USDA employees and contractors; 
names, telephone numbers, and addresses of the submitter of the 
information requested; and unique case identifier or other identifier 
assigned to the request or appeal.

Authority for Maintenance of the System:
    FOIA Act, 5 U.S.C. 552, As Amended By Public Law No. 104-231, 110 
Stat. 3048 and the Privacy Act of 1974, 5 U.S.C. 552a Section 
(e)(4)(A).

Purpose(s):
    The purpose of this system of records is to permit the USDA's OCIO 
to administer and manage FOIA requests. The system will also assist the 
FOIA Officials at the USDA agencies to process and track FOIA requests 
for records. Currently, USDA agencies utilize multiple manual and 
office suite products to track, respond to, and close out FOIA 
requests. The OCIO, in an effort to streamline the FOIA process, is 
implementing a solution, FX, that will allow USDA to enter, view, 
update, process, and track real time FOIA requests received. FX will 
allow the public to submit FOIA requests online utilizing FX's Public 
Access Link (PAL). PAL is a Web front-end portal that will allow 
requestors the opportunity to send, and see in real time, the status of 
their FOIA request. Individuals wishing to use PAL, when available, 
will be required to establish a USDA e-authentication account. This 
system of records will have several routine uses to enable USDA to 
comply with the FOIA, 5 U.S.C. 552, as amended by Public Law No. 104-
231, 110 Stat. 3048, and the Privacy Act of 1974, 5 U.S.C. 552a Section 
(e)(4)(A).

Routine Uses of Records Maintained in the System Including Categories 
of Users and Purposes of Such Uses:
    These records may be disclosed:
    A. To the Department of Justice (DOJ) or other Federal agency 
conducting litigation or in proceedings before any court, adjudicative 
or administrative body, when:
    1. USDA or any USDA agency;
    2. Any employee of USDA in his/her official capacity;
    3. Any employee of USDA in his/her individual capacity where DOJ or 
USDA has agreed to represent the employee; or
    4. The United States or any agency thereof, is a party to the 
litigation or has an interest in such litigation, and USDA determines 
that the records are both relevant and necessary to the litigation, and 
the use of such records is compatible with the purpose for which USDA 
collected the records.
    B. To a congressional office in response to an inquiry from that 
congressional office made at the request of the individual to whom the 
record pertains.
    C. To the National Archives and Records Administration (NARA) or 
other Federal government agencies pursuant to records management 
inspections being conducted under the authority of 44 U.S.C. 2904 and 
2906.
    D. To an agency, organization, or individual for the purpose of 
performing audit or oversight operations as authorized by law, but only 
such information as is necessary and relevant to such audit or 
oversight function.
    E. To appropriate agencies, entities, and persons when:
    1. USDA suspects or has confirmed that the security or 
confidentiality of information in the system of records has been 
compromised;
    2. The Department has determined that as a result of the suspected 
or confirmed compromise there is a risk of harm to economic or property 
interests, identity theft or fraud, or harm to the security or 
integrity of this system or other systems or programs (whether 
maintained by USDA or another agency or entity) that rely upon the 
compromised information;
    3. The disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with USDA's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    F. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for USDA, when necessary to 
accomplish an agency function related to this system of records. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to USDA officers and employees.
    G. To an appropriate Federal, State, Tribal, local, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a law, rule, regulation, or order, where a record, either 
on its face or in conjunction with other information, indicates a 
violation or potential violation of law, which includes criminal, 
civil, or regulatory violations, and such disclosure is proper and 
consistent with the official duties of the person making the 
disclosure.
    H. When a record on its face, or in conjunction with other records, 
indicates a violation or potential violation of law, whether civil, 
criminal, or regulatory in nature, and whether arising by general 
statute or particular program statute, or by regulation, rule, or order 
issued pursuant thereto, disclosure may be made to the appropriate 
public authority, whether Federal, foreign, State, local, or Tribal, or 
otherwise, responsible for enforcing, investigating or prosecuting such 
violation or charged with enforcing or implementing the statute, or 
rule, regulation, or order issued pursuant thereto, if the information 
disclosed is relevant to any enforcement, regulatory, investigative, or 
prosecutorial responsibility of the receiving entity.

Disclosure to Consumer Reporting Agencies:
    None.

Policies and Practice For Storing, Retrieving, Accessing, Retaining and 
Disposing of Records in the System Storage:
    Electronic records are maintained on a server at a secure 
contractor facility within the Washington, DC, metropolitan area. 
Access to the system is restricted and role based. Access to 
information is granted only to those individuals assigned or working on 
a FOIA case.

Retrievability:
    Data will be indexed by first name, last name, case number, or 
other agency identifier.

Safeguards:
    The system itself will be secured in a restricted area within USDA 
owned/operated computer space. Access to this space is strictly 
controlled using multiple physical access control security systems. 
This space can only be accessed by authorized personnel with the 
appropriate access devices. Electronic access to records is role based 
and controlled through a system of computer access identification and 
authorization utilizing passwords. Access is granted by the system 
administrator, and controlled by the database management system 
software. The system of records will not be exempt from any provisions 
of the Privacy Act.

Retention and Disposal:
    Records in this system will be retained in accordance with NARA's

[[Page 54192]]

General Records Schedule 14, but may be retained for a longer period as 
required by litigation or open investigations or audits. A FOIA record 
deals with significant policy-making issues; it is a permanent record. 
A FOIA record may qualify as a permanent Federal Record. A permanent 
record is one that has been determined by NARA to have sufficient value 
to warrant its preservation in the National Archives of the United 
States. Permanent records include all records accessioned by NARA into 
the National Archives of the United States and later increments of the 
same records, and those for which the disposition is permanent on SF 
115s, Request for Records Disposition Authority, approved by NARA on or 
after May 14, 1973.

System Manager(s) and Address:
    The System manager for this system is the FX Program Manager. The 
mailing address for the USDA System Manager is 1400 Independence Ave., 
SW., Washington, DC 20250.

Notification Procedures:
    Individuals seeking notification of and access to any record 
contained in this system of records, or seeking to contest its content, 
may submit a request in writing to the headquarters or component's FOIA 
Official, whose contact information can be found at https://www.dm.usda.gov/foia.htm under ``contacts.'' If an individual believes 
more than one component maintains Privacy Act records concerning him or 
her, the individual may submit the request to the Chief Privacy Act 
Officer, Department of Agriculture, 1400 Independence Avenue SW., Room 
408-W, Washington, DC 20250. When seeking records about yourself from 
this system of records, or any other USDA system of records, your 
request must conform with the Privacy Act regulations set forth in 6 
CFR part 5. You must first verify your identity, meaning that you must 
provide your full name, current address, and date and place of birth. 
You must sign your request, and your signature must either be notarized 
or submitted under 28 U.S.C. 1746, a law that permits statements to be 
made under penalty of perjury as a substitute for notarization. While 
no specific form is required, you may obtain forms for this purpose 
from the Chief FOIA Officer, Department of Agriculture, 1400 
Independence Avenue, SW., Washington, DC 20250. In addition, you should 
provide the following:
     An explanation of why you believe USDA would have 
information on you,
     Identify which component(s) of USDA you believe may have 
the information about you,
     Specify when you believe the records would have been 
created,
     Provide any other information that will help the FOIA 
staff determine which USDA component agency may have responsive 
records,
     If your request is seeking records pertaining to another 
living individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records. Without 
this bulleted information, the component(s) may not be able to conduct 
an effective search, and your request may be denied due to lack of 
specificity or lack of compliance with applicable regulations.

Exemptions Claimed for the System:
    During the course of a FOIA/Privacy Act action, exempt material 
from other systems of records may become part of the case records in 
this system of records. To the extent that copies of exempt records 
from these other systems of records are entered into these Privacy Act 
case records, USDA hereby claims the same exemptions for the records as 
claimed in the original, primary system of records from which they 
originated, or in which they are maintained.
United States Department of Agriculture OCIO-01--FOIAXPRESS 
(FX)Narrative Statement
    The purpose of the Freedom of Information Act Express (FX) system 
is to streamline and transform the USDA FOIA and Privacy Act request 
response process from a manual process to an automated system. Pursuant 
to FOIA and the Privacy Act, members of the public make information 
requests for agency records. Processing these requests requires the 
agency to maintain information on the requesters, including information 
necessary to correspond with the requesters, collect applicable fees, 
and search for requested records. FX will give USDA FOIA Officials and 
Privacy Act Officials the ability to enter FOIA requests into the 
system, track status, prepare responses, redact records, and complete 
the FOIA processing. FX has a Public Access Link (PAL) that will allow 
the public to submit and track their FOIA requests online. FX will be 
used by USDA to compile the annual FOIA report. FX will contain contact 
information about the individuals requesting records. Copies of the 
original agency records reviewed or processed in response to the 
request will be subject to the provisions of the Privacy Act System or 
Records from which they originated, if any. The authority to operate 
this system comes from the Freedom of Information Act, 5 U.S.C. 552, as 
amended by Public Law 104-231,110 Stat. 3048 and the Privacy Act of 
1974, 5 U.S.C. 552a (e)(4)(A).
    While the information in this system may be made available outside 
USDA as set forth in the routine uses, in most cases, the information 
was voluntarily submitted by the individual or their representative 
either as part of a request for information from USDA, or an appeal. 
USDA requires the accumulation of some privacy data in order to contact 
and correspond with individuals requesting information. Use of this 
system, as established, should not result in undue infringement of any 
individual's right to privacy.
    The records contained in the system are protected by the 
confidentiality requirements of the USDA Office of the Chief 
Information Officer (OCIO) Cyber Security Manuals and the provisions of 
the Privacy Act. The vendor hosting the solution will operate the 
system in an approved, certified datacenter in the Washington, DC, 
metropolitan area. The system will not be hosted on a platform that 
shares applications or hardware with other organizations, or other 
organizational data.
    Only authorized USDA FOIA or Privacy Act officials will have access 
to the records in this system on a need-to-know basis. Role-based 
access controls are used, and FX is only accessible via the Internet 
using USDA e-authentication application. Records in the system are 
encrypted. Users of the system are granted access upon successful 
completion of security training. User access is role based and 
restricted based on the least privilege allowed for performing the job 
function principle.
    Due to the sensitive nature of FX, the system also adheres to the 
National Institute of Standards and Technology Special Publication 800-
53 security controls, and Federal Information Processing Systems (FIPS) 
199 and 200.
    Moreover, specific USDA security requirements are adhered to 
through the USDA Cyber Security Manuals, including, but not limited to, 
DM3545-000 Personnel Security.
    Supporting Documentation: Systems Notice: The Department of 
Agriculture has attached advance copies of the Federal Register notice 
of the new system of records.

[FR Doc. 2011-22241 Filed 8-30-11; 8:45 am]
BILLING CODE 3412-BA-P