Privacy Act of 1974, as Amended; Notice of a New System of Records, 55284-55287 [2013-21955]

Agencies

• DEPARTMENT OF THE INTERIOR
• Office of the Secretary

[Federal Register Volume 78, Number 175 (Tuesday, September 10, 2013)]
[Notices]
[Pages 55284-55287]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-21955]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

Office of the Secretary

[XXXD4523WD DWDFSE000.RV0000 DS68664000]


Privacy Act of 1974, as Amended; Notice of a New System of 
Records

AGENCY: Office of the Secretary, Department of the Interior.

ACTION: Notice of creation of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Department of the Interior is issuing a public notice 
regarding the Department of the Interior system of records titled 
``Oracle Federal Financials.'' The Oracle Federal Financials 
application is a financial software package that clients may use to 
perform budgeting, purchasing, and procurement functions. The related 
system of records contains information relating to corporations and 
other business entities as well as individuals. Records in this system 
are subject to the Privacy Act only if they are about an individual 
within the meaning of the Act, and not if they are about a business or 
other non-individual.

DATE:  Comments must be received by October 21, 2013. This new system 
will be effective October 21, 2013.

ADDRESSES: Submit comments either by mail or by hand-delivery to the 
OS/IBC Privacy Act Officer, U.S. Department of the Interior, 1849 C 
Street NW., Mail Stop 2650 MIB, Washington, DC 20240; or by email to 
privacy@IBC.gov.

FOR FURTHER INFORMATION CONTACT: Chief, Application Management Branch, 
Finance & Procurement Systems Division, U.S. Department of the 
Interior, Interior Business Center, 625 Herndon Parkway, Herndon, VA 
20170, or by telephone at (703) 735-4131.

SUPPLEMENTARY INFORMATION: 

I. Background

    The Department of the Interior's (DOI) Interior Business Center 
(IBC) is a service provider that performs services for other Federal 
government agencies, both inside and outside the DOI. The IBC's service 
offerings include providing and maintaining various types of business 
management systems for its clients, including human resources and 
financial management applications. The Oracle Federal Financials (OFF) 
application will offer IBC clients a suite of customized Oracle 
financial management modules that combine to provide a comprehensive 
financial software package. The OFF modules address budgeting, 
purchasing, Federal procurement, accounts payable, fixed assets, 
general ledger, inventory, and accounts receivable. The OFF application 
is hosted by the IBC; each client agency accesses the system remotely 
to populate and manage its own data. Clients can contract with the IBC 
for an OFF package that includes a full set of modules or for a more 
limited set. The IBC is responsible for system administration 
functions, while each client has one or more designated managers who 
are responsible for maintaining the client's data in the OFF system.
    Some OFF records are covered by three existing system of records 
notices (SORNs), which are GSA/GOVT-3, Travel Charge Card Program; GSA/
GOVT-4, Contracted Travel Services Program; and GSA/GOVT-6, GSA 
SmartPay Purchase Charge Card Program. This notice incorporates GSA/
GOVT-3, GSA/GOVT-4, and GSA/GOVT-6 by reference.
    Client data maintained within the OFF System is covered by this 
SORN. Clients that remove records from OFF for use outside of the 
system will be responsible for ensuring the use of the records is 
consistent with this SORN, or other published SORN, as indicated above, 
and the requirements of the Privacy Act.
    The system will be effective as proposed on October 21, 2013, 
unless comments are received which would require a contrary 
determination. DOI will publish a revised notice if changes are made 
based upon a review of the comments received.

II. Privacy Act

    The Privacy Act of 1974, as amended, embodies fair information 
practice principles in a statutory framework governing the means by 
which Federal agencies collect, maintain, use, and disseminate 
individuals' personal information. The Privacy Act applies to 
information that is maintained in a ``system of records.'' A ``system 
of records'' is a group of any records under the control of an agency 
for which information is retrieved by the name of an individual or by 
some identifying number, symbol, or other identifying particular 
assigned to the individual. The Privacy Act defines an individual as a 
United States citizen or lawful permanent resident. As a matter of 
policy, DOI extends Privacy Act protections to all individuals. 
Individuals may request access to their own records that are maintained 
in a system of records in the possession or under the control of DOI by 
complying with DOI Privacy Act Regulations, 43 CFR Part 2.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the type and character of each system 
of records that the agency maintains and the routine uses made of the 
information in each system. The purposes of the notice are to make 
agency record keeping practices transparent, to notify individuals 
regarding the uses of their records, and

[[Page 55285]]

to assist individuals to more easily find these records within the 
agency. Below is the description of the OFF system of records.
    In accordance with 5 U.S.C. 552a(r), DOI has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.

III. Public Disclosure

    Before including your address, phone number, email address, or 
other personal identifying information in your comment, you should be 
aware that your entire comment, including your personal identifying 
information, may be made publicly available at any time. While you can 
ask us in your comment to withhold your personal identifying 
information from public review, we cannot guarantee that we will be 
able to do so.

    Dated: August 26, 2013.
 David D. Alspach,
OS/IBC Privacy Act Officer.
SYSTEM OF RECORDS:
    DOI-91.

SYSTEM NAME:
    Oracle Federal Financials (OFF).

SYSTEM CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    1. Finance and Procurement Systems Division, Interior Business 
Center, U.S. Department of the Interior, 12201 Sunrise Valley Drive, 
MS-206, Reston, VA 20192.
    2. Finance and Procurement Systems Division, Interior Business 
Center, MS D-2790, 7401 West Mansfield Avenue, Denver, CO 80235-2230.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The system contains information about employees of various Federal 
agencies that are Interior Business Center (IBC) clients using OFF, as 
well as employees or agents for third party vendors, contractors and 
suppliers who provide OFF clients with related financial services. In 
addition, the system contains information about individuals, either 
employees or non-employees, who owe debts to the Federal agencies that 
use the system.
    Note: This system also contains records relating to corporations 
and other business entities. These records are not subject to the 
Privacy Act. Only records relating to individuals containing personal 
information are subject to the Privacy Act.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system contains the information shown in the following table:

------------------------------------------------------------------------
The system contains information about .
                  . .                          That includes . . .
------------------------------------------------------------------------
(1) Accounts receivable for IBC's OFF    first and last names, home
 clients, including individuals who may   addresses, employee
 be employees or non-employees and        identification numbers, and
 employees who owe money to OFF clients   Social Security numbers.
 and are the subject of collections
 actions.
(2) Accounts payable information about   names, home or business
 non-employee individuals and sole        addresses, Social Security
 proprietors, including individuals who   numbers, banking account
 provide services to IBC's OFF clients.   numbers for electronic fund
                                          transfer payments, invoices
                                          and claims for reimbursement.
(3) Employees of IBC's OFF clients who   names, employee identification
 submit claims for reimbursable           numbers, Social Security
 expenses.                                Numbers, work address,
                                          receipts and claims for
                                          reimbursement.
(4) Employees of IBC's OFF clients who   names, employee identification
 hold government bank or debit cards      numbers, Social Security
 for purchases or travel.                 Numbers, work address, card
                                          numbers and purchase
                                          histories.
------------------------------------------------------------------------

    The system contains additional business and financial records for 
IBC's OFF clients that do not include personal information.
    Records in this system are subject to the Privacy Act only if they 
are about an individual within the meaning of the Act, and not if they 
are about a business or other non-individual. This includes information 
provided by individuals operating solely in a business or 
entrepreneurial capacity.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The Office of Management and Budget Circular A-127, Policies and 
Standards for Financial Management Systems; 31 U.S.C. 3512, Executive 
Agency Accounting and Other Financial Management Reports and Plans; 5 
U.S.C. 4111, Acceptance of Contributions, Awards, and Other Payments; 5 
U.S.C. 5514, Installment deduction for indebtedness to the United 
States; 5 U.S.C. 5701, et seq. Travel And Subsistence Expenses, Mileage 
Allowances; 31 U.S.C. 3512, Executive agency accounting and other 
financial management reports and plans; 31 U.S.C. 3711, Collection and 
Compromise.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    (a) The system will support financial management for Federal 
agencies by providing a standardized, automated capability for 
performing administrative control of funds, general accounting, billing 
and collecting, payments, management reporting, and regulatory 
reporting. In addition to those disclosures generally permitted under 5 
U.S.C. 552a(b) of the Privacy Act, disclosures outside DOI may be made 
as a routine use under 5 U.S.C. 552a(b)(3) as shown in the following 
table:

------------------------------------------------------------------------
 Information will be disclosed to . . .              If . . .
------------------------------------------------------------------------
(1) The U.S. Department of Justice       the circumstances in paragraph
 (DOJ).                                   (b) are met.
(2) A court or an adjudicative or other  the circumstances in paragraph
 administrative body.                     (b) are met.
(3) A party in litigation before a       the circumstances in paragraph
 court or an adjudicative or other        (b) are met.
 administrative body.
(4) A DOI employee acting in his or her  the circumstances in paragraph
 individual capacity if DOI or DOJ has    (b) are met.
 agreed to represent that employee or
 pay for their private representation.
(5) A congressional office.............  an individual covered by the
                                          system, or the heir of the
                                          individual if the covered
                                          individual is deceased, has
                                          made a written request to the
                                          office.

[[Page 55286]]

 
(6) The Executive Office of the          that office makes an inquiry
 President.                               either:
                                         (i) at the request of the
                                          subject of a record or a third
                                          party on that person's behalf;
                                          and
                                         (ii) for a purpose compatible
                                          with the purpose for which the
                                          records are collected or
                                          maintained.
(7) A criminal, civil, or regulatory     (i) a record, either alone or
 law enforcement authority (whether       in conjunction with other
 Federal, state, territorial, local,      information, indicates a
 tribal or foreign).                      violation or potential
                                          violation of law--criminal,
                                          civil, or regulatory in
                                          nature; and
                                         (ii) disclosure is compatible
                                          with the purpose for which the
                                          records were compiled.
(8) An official of another Federal       needed in the performance of
 agency.                                  official duties related to
                                          reconciling or reconstructing
                                          data files or to enable the
                                          agency to respond to an
                                          inquiry by the individual to
                                          whom the record pertains.
(9) Federal, state, territorial, local,  (i) they have requested
 tribal, or foreign agencies.             information relevant to
                                          hiring, firing, or retention
                                          of an employee or contractor,
                                          or to issuance of a security
                                          clearance, license, contract,
                                          grant or other benefit; and
                                         (ii) disclosure is compatible
                                          with the purpose for which the
                                          records were compiled.
(10) Representatives of the National     necessary to conduct records
 Archives and Records Administration.     management inspections under
                                          the authority of 44 U.S.C.
                                          2904 and 2906.
(11) State and local governments and     necessary to provide
 tribal organizations.                    information needed in response
                                          to court order and/or
                                          discovery purposes related to
                                          litigation, when the
                                          disclosure is compatible with
                                          the purpose for which the
                                          records were compiled.
(12) An expert, consultant, or           necessary to carry out the
 contractor (including employees of the   purposes of the system.
 contractor) of DOI that performs
 services requiring access to these
 records on DOI's behalf.
(13) Appropriate agencies, entities,     the conditions in paragraph (c)
 and persons when:.                       are met.
(14) The Office of Management and        necessary in connection with
 Budget during the coordination and       legislative affairs as
 clearance process.                       mandated by OMB Circular A-19.
(15) The Department of the Treasury....  necessary to recover debts owed
                                          to the United States.
(16) A consumer reporting agency.......  the disclosure requirements of
                                          the Debt Collection Act, as
                                          outlined at 31 U.S.C.
                                          3711(e)(1), have been met.
(17) A commercial credit card            necessary for accounting and
 contractor(s).                           payment of employee obligation
                                          for travel, purchasing and
                                          fleet management credit card
                                          usage.
(18) IBC's OFF clients.................  necessary for using and
                                          maintaining their agency's
                                          data in the OFF system.
------------------------------------------------------------------------

    (b) DOI will disclose information under paragraphs (a)(1) through 
(a)(4) only if all of the conditions in the following paragraphs (b)(1) 
and (b)(2) are met.
    (1) One of the following must be a party to the proceeding or have 
an interest in the proceeding:
    (i) DOI or a component of DOI;
    (ii) Another other Federal agency appearing before the Office of 
Hearings and Appeals;
    (iii) A DOI employee acting in his or her official capacity;
    (iv) A DOI employee acting in his or her individual capacity if DOI 
or DOJ has agreed to represent that employee or pay for private 
representation of the employee;
    (v) The United States, when DOJ determines that DOI is likely to be 
affected by the proceeding.
    (2) DOI must deem the disclosure to be both:
    (i) Relevant and necessary to the proceeding; and
    (ii) Compatible with the purpose for which the records were 
compiled.
    (c) DOI will disclose information under paragraph (a)(13) only if 
all of the following conditions are met:
    (1) DOI suspects or confirms that the security or confidentiality 
of information in the system of records has been compromised;
    (2) DOI determines that as a result of the compromise there is a 
risk of harm to economic or property interest, identity theft or fraud, 
or harm to the security or integrity of this system or other systems or 
programs (whether maintained by the Department or another agency or 
entity) that rely upon the compromised information; and
    (3) The disclosure is made to agencies, entities, and persons who 
are reasonably necessary to assist the Department's efforts to respond 
to the suspected or confirmed compromise and to prevent, minimize, or 
remedy the harm caused by the compromise.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Electronic records are maintained on servers located at IBC's data 
centers in Denver, CO and Herndon, VA. Records are accessed only by 
authorized personnel who have a need to access the records in the 
performance of their official duties. Paper records are contained in 
file folders stored in file cabinets in accordance with 383 
Departmental Manual 8.

RETRIEVABILITY:
    The personal identifiers that can be used to retrieve information 
on individuals are name, Social Security number, employee 
identification numbers, bank account number, government travel/small 
purchase bank card number, employee number and supplier number.

SAFEGUARDS:
    The records contained in this system are safeguarded in accordance 
with 43 CFR 2.226 and all other applicable security rules and policies. 
Paper records are maintained in locked file cabinets under the control 
of authorized personnel.
    There are five available levels of electronic security to prevent 
unauthorized access, which include network access security limits, 
physical and logical access controls for the data center hosting the 
system, operating system controls, application passwords, and 
application data group security levels. Access to servers containing 
system records is limited to authorized

[[Page 55287]]

personnel with a need to know the information to perform their official 
duties and requires a valid username and password. Unique user 
identification and authentication, such as passwords, least privileges 
and audit logs are utilized to ensure appropriate permissions and 
access levels. Access to the system is also limited by network access 
or security controls such as firewalls, and system data is encrypted. 
Facilities that host the system are guarded and monitored by security 
personnel, cameras, ID checks, and other physical security measures. 
Server rooms are locked and accessible only by authorized personnel.

RETENTION AND DISPOSAL:
    Each Federal agency client storing data in the system has its own 
National Archives and Records Administration (NARA) approved records 
schedule for the retention of its reports and data. Data is disposed of 
in accordance with client-agency approved data disposal procedures. 
Paper records are disposed of by shredding or pulping, and records 
contained on electronic media are degaussed or erased in accordance 
with NARA Guidelines and 384 Departmental Manual 1.

SYSTEM MANAGER AND ADDRESS:
    Chief, Application Management Branch, Finance & Procurement Systems 
Division, U.S. Department of the Interior, Interior Business Center, 
625 Herndon Parkway, Herndon, VA 20170.

NOTIFICATION PROCEDURES:
    An individual requesting notification of the existence of records 
on himself or herself should send a signed, written inquiry to the 
System Manager identified above. The request envelope and letter should 
be clearly marked ``PRIVACY ACT INQUIRY.'' A request for notification 
must meet the requirements of 43 CFR 2.235.

RECORDS ACCESS PROCEDURES:
    An individual requesting access to records on himself or herself 
should send a signed, written inquiry to the System Manager identified 
above. The request envelope and letter should be clearly marked 
``PRIVACY ACT REQUEST FOR ACCESS''. The request letter should describe 
the records sought as specifically as possible. A request for access 
must meet the requirements of 43 CFR 2.238.

CONTESTING RECORDS PROCEDURES:
    An individual requesting corrections or contesting information 
contained in his or her records must send a signed, written request to 
the System Manager identified above. A request for corrections or 
removal must meet the requirements of 43 CFR 2.246.

RECORD SOURCE CATEGORIES:
    Information in the system is obtained from IBC's Federal agency 
clients, as well as third party vendors, contractors and suppliers who 
provide related financial services to the clients using the system.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.

[FR Doc. 2013-21955 Filed 9-9-13; 8:45 am]
BILLING CODE 4310-RK-P