Privacy Act; System of Records: Digital Outreach and Communications, State-79, 4736-4738 [2016-01648]

Download as PDF 4736 Federal Register / Vol. 81, No. 17 / Wednesday, January 27, 2016 / Notices Physical Loan Application Deadline Date: 03/15/2016. Economic Injury (EIDL) Loan Application Deadline DATE: 10/17/ 2016. ADDRESSES: Submit completed loan applications to: U.S. Small Business Administration, Processing and Disbursement Center, 14925 Kingsport Road, Fort Worth, TX 76155. FOR FURTHER INFORMATION CONTACT: A. Escobar, Office of Disaster Assistance, U.S. Small Business Administration, 409 3rd Street SW., Suite 6050, Washington, DC 20416. SUPPLEMENTARY INFORMATION: Notice is hereby given that as a result of the President’s major disaster declaration on 01/15/2016, Private Non-Profit organizations that provide essential services of governmental nature may file disaster loan applications at the address listed above or other locally announced locations. The following areas have been determined to be adversely affected by the disaster: Primary Counties: Chelan, Clallam, Garfield Island, Jefferson, Kittitas, Lewis, Lincoln, Mason, Pend, Oreille, Skamania, Snohomish, Spokane, Stevens, Wahkiakum, Whitman. The Interest Rates are: Percentage For Physical Damage: Non-Profit Organizations With Credit Available Elsewhere ... Non-Profit Organizations Without Credit Available Elsewhere ..................................... For Economic Injury: Non-Profit Organizations Without Credit Available Elsewhere ..................................... 2.625 2.625 2.625 The number assigned to this disaster for physical damage is 14597B and for economic injury is 14598B. (Catalog of Federal Domestic Assistance Numbers 59008) James E. Rivera, Associate Administrator for Disaster Assistance. [FR Doc. 2016–01598 Filed 1–26–16; 8:45 am] asabaliauskas on DSK5VPTVN1PROD with NOTICES BILLING CODE 8025–01–P DEPARTMENT OF STATE amend an existing system of records, Digital Outreach and Communications, State–79, pursuant to the provisions of the Privacy Act of 1974, as amended (5 U.S.C. 552a) and Office of Management and Budget Circular No. A–130, Appendix I. DATES: This system of records will be effective on March 7, 2016, unless we receive comments that will result in a contrary determination. ADDRESSES: Any persons interested in commenting on the amended system of records may do so by writing to the Director; Office of Information Programs and Services, A/GIS/IPS; Department of State, SA–2; 515 22nd Street NW.; Washington, DC 20522–8100. FOR FURTHER INFORMATION CONTACT: John Hackett, Director; Office of Information Programs and Services, A/GIS/IPS; Department of State, SA–2; 515 22nd Street NW.; Washington, DC 20522– 8100, or at Privacy@state.gov. SUPPLEMENTARY INFORMATION: The Department of State proposes that the current system retain the name ‘‘Digital Outreach and Communications’’ (previously published at 78 FR 54946). The purpose of the system is to extend outreach, engagement, and collaboration efforts with the public, and to facilitate transparency and accountability with regard to Department activities; to conduct and administer contests, challenges, and other competitions; and to track aggregate activity and analytics to determine the effectiveness of email campaigns. The proposed system will include modifications to the following sections: System location, Categories of individuals, Categories of records, Authority for maintenance of the system, Purpose, Routine uses, Retrievability, Safeguards, and Notification procedure. The modifications will allow the contact information to be stored in a FEDRAMP Certified Cloud provider, and will allow the Department to collect aggregate activity and analytics of email campaigns. The Department’s report was filed with the Office of Management and Budget. The amended system description, ‘‘Digital Outreach and Communications, State–79,’’ will read as set forth below. [Public Notice: 9425] Joyce A. Barr, Assistant Secretary for Administration, U.S. Department of State. Privacy Act; System of Records: Digital Outreach and Communications, State–79 STATE–79 Notice is hereby given that the Department of State proposes to Digital Outreach and Communications. SUMMARY: VerDate Sep<11>2014 19:41 Jan 26, 2016 Jkt 238001 SYSTEM NAME: PO 00000 Frm 00129 Fmt 4703 Sfmt 4703 SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: Department of State domestic locations, posts abroad, and within a government cloud, implemented by State Department as a cloud-based cloud software as a service (SaaS) provider. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Individuals who interact with the Department through a social media outlet, or other electronic means including by submitting feedback, subscription (RSS), email, requesting more information from the Department. Individuals participating in a contest, challenge, or other competition. CATEGORIES OF RECORDS IN THE SYSTEM: The system may contain information passed through a social media site or cloud service provider to facilitate interaction with the Department such as, but not limited to the following: Name, username, email address, home or work address, contact information, phone numbers, date of birth, age, security questions, IP addresses, login credentials, topical interests, and educational, business, or volunteer affiliation. The system will also contain information on the topics about which users wish to receive communications, as well as input and feedback from the public, such as comments, emails, videos, and images, which may include tags, geotags, or geographical metadata. The system may also include information that does not meet the definition of a ‘‘record’’ under the Privacy Act, such as aggregate metrics on user click rates, open rates, non-read rates, unsubscribes, and link activity. In addition to the information listed above, individuals who enter a contest, challenge, or other competition may be asked to provide certain specific information including financial data, passport and visa information, and other information necessary to authenticate qualifications for participation or for prize issuance. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Presidential Memorandum to the Heads of Executive Departments and Agencies on Transparency and Open Government, January 21, 2009. OMB M– 10–06, Open Government Directive, December 8, 2009. OMB M–10–23, Guidance for Agency Use of Third-Party Web sites and Applications, June 25, 2010. 5 U.S.C. 301, Management of Executive Agencies. 22 U.S.C. 2651a, Organization of the Department of State. E:\FR\FM\27JAN1.SGM 27JAN1 Federal Register / Vol. 81, No. 17 / Wednesday, January 27, 2016 / Notices PURPOSE: To extend outreach, engagement, and collaboration efforts with the public, and to facilitate transparency and accountability with regard to Department activities. To conduct and administer contests, challenges, and other competitions. To track aggregate activity and analytics to determine the effectiveness of email campaigns. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: Information in this system may be shared with the news media and the public, with the approval of the Chief of Mission or Bureau Assistant Secretary who supervises the office responsible for the outreach effort, except to the extent that release of the information would constitute an unwarranted invasion of personal privacy; To Government agencies and the White House for purposes of planning and coordinating public engagement activities; To a contractor of the Department having need for the information in the performance of the contract, but not operating a system of records within the meaning of 5 U.S.C. 552a(m); And to Federal, state, and city governments which are issued tax reports, the Internal Revenue Service and the Social Security Administration which are sent tax and withholding data. The Department of State periodically publishes in the Federal Register its standard routine uses which apply to all of its Privacy Act systems of records. These notices appear in the form of a Prefatory Statement. These standard routine uses apply to Digital Outreach and Communications, State–79. DISCLOSURE TO CONSUMER REPORTING AGENCIES: None. POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE: Electronic media. RETRIEVABILITY: Username; email; name. asabaliauskas on DSK5VPTVN1PROD with NOTICES SAFEGUARDS: All users are given cyber security awareness training which covers the procedures for handling Sensitive But Unclassified (SBU) information, including personally identifiable information (PII). Annual refresher training is mandatory. In addition, all Foreign Service and Civil Service employees and those Locally Engaged VerDate Sep<11>2014 19:41 Jan 26, 2016 Jkt 238001 Staff who handle PII are required to take the Foreign Service Institute distance learning course, PA 459, instructing employees on privacy and security requirements, including the rules of behavior for handling PII and the potential consequences if it is handled improperly. Access to the Department of State, its annexes and posts abroad is controlled by security guards and admission is limited to those individuals possessing a valid identification card or individuals under proper escort. All paper records containing personal information are maintained in secured file cabinets in restricted areas, access to which is limited to authorized personnel only. Access to computerized files is password-protected and under the direct supervision of the system manager. The system manager has the capability of printing audit trails of access from the computer media, thereby permitting regular and ad hoc monitoring of computer usage. When it is determined that a user no longer needs access, the user account is disabled. Before being granted access to Protocol Records, a user must first be granted access to the Department of State computer system. Remote access to the Department of State network from non-Department owned systems is authorized only to unclassified systems and only through a Department approved access program. Remote access to the network is configured with the Office of Management and Budget Memorandum M–07–16 security requirements which include but are not limited to two-factor authentication and time out function. All Department of State employees and contractors with authorized access have undergone a thorough background security investigation. The safeguards in the following paragraphs apply only to records that are maintained in cloud systems. All cloud systems that provide IT services and process Department of State information must be: (1) Provisionally authorized to operate by the Federal Risk and Authorization Management Program (FedRAMP), and (2) specifically authorized by the Department of State Authorizing Official and Senior Agency Official for Privacy. Only information that conforms with Department-specific definitions for Federal Information Security Management Act (FISMA) low or moderate categorization are permissible for cloud usage. Specific security measures and safeguards will depend on the FISMA categorization of the information in a given cloud system. In PO 00000 Frm 00130 Fmt 4703 Sfmt 4703 4737 accordance with Department policy, systems that process more sensitive information will require more stringent controls and review by Department cybersecurity experts prior to approval. Prior to operation, all Cloud systems must comply with applicable security measures that are outlined in FISMA, FedRAMP, OMB regulations, NIST Federal Information Processing Standards (FIPS) and Special Publication (SP), and Department of State policy and standards. All data stored in cloud environments categorized above a low FISMA impact risk level must be encrypted at rest and in-transit using a federally approved encryption mechanism. The encryption keys shall be generated, maintained, and controlled in a Department data center by the Department key management authority. Deviations from these encryption requirements must be approved in writing by the Authorizing Official. RETENTION AND DISPOSAL: Records are retired and destroyed in accordance with published Department of State Records Disposition Schedules as approved by the National Archives and Records Administration (NARA). More specific information may be obtained by writing to the Director; Office of Information Programs and Services, A/GIS/IPS; SA–2, Department of State; 515 22nd Street NW.; Washington, DC 20522–8100. SYSTEM MANAGER(S) AND ADDRESS: The Under Secretary for Public Diplomacy and Public Affairs; Department of State; 2201 C Street NW.; Washington, DC 20520. NOTIFICATION PROCEDURE: Individuals who have cause to believe that the Department may have outreach records pertaining to him or her should write to the Director; Office of Information Programs and Services, A/ GIS/IPS; SA–2, Department of State; 515 22nd Street NW.; Washington, DC 20522–8100. The individual must specify that he or she wishes the outreach records of the Department to be checked. At a minimum, the individual must include the following: Name; email address; current mailing address and zip code; signature; and other information helpful in identifying the record. RECORD ACCESS PROCEDURES: Individuals who wish to gain access to or amend records pertaining to themselves should write to the Director; Office of Information Programs and Services (address above). E:\FR\FM\27JAN1.SGM 27JAN1 4738 Federal Register / Vol. 81, No. 17 / Wednesday, January 27, 2016 / Notices CONTESTING RECORD PROCEDURES: Individuals who wish to contest records pertaining to themselves should write to the Director; Office of Information Programs and Services (address above). RECORD SOURCE CATEGORIES: These records contain information obtained directly from individuals who interact with the Department of State through social media sites or who communicate electronically with the Department in response to public outreach. SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT: None. [FR Doc. 2016–01648 Filed 1–26–16; 8:45 am] BILLING CODE 4710–45–P SURFACE TRANSPORTATION BOARD [Docket No. EP 526 (Sub-No. 7)] Decision; Notice of Railroad-Shipper Transportation Advisory Council Vacancy Surface Transportation Board (Board). ACTION: Notice of vacancy on the Railroad-Shipper Transportation Advisory Council (RSTAC) and solicitation of nominations. AGENCY: The Board hereby gives notice of a vacancy for a small railroad representative on RSTAC. The Board is soliciting suggestions for candidates to fill this vacancy. DATES: Nominations are due on February 22, 2016. ADDRESSES: Suggestions may be submitted either via the Board’s e-filing format or in the traditional paper format. Any person using e-filing should attach a document and otherwise comply with the instructions at the E– FILING link on the Board’s Web site, at http://www.stb.dot.gov. Any person submitting a filing in the traditional paper format should send an original and 10 copies to: Surface Transportation Board, Attn: Docket No. EP 526 (SubNo. 7), 395 E Street SW., Washington, DC 20423–0001 (if sending via express company or private courier, please use zip code 20024). Please note that submissions will be available to the public at the Board’s offices and posted on the Board’s Web site under Docket No. EP 526 (Sub-No. 7). FOR FURTHER INFORMATION CONTACT: Stephanie Lyons at 202–245–0536. Assistance for the hearing impaired is available through the Federal asabaliauskas on DSK5VPTVN1PROD with NOTICES SUMMARY: VerDate Sep<11>2014 19:41 Jan 26, 2016 Jkt 238001 Information Relay Service (FIRS) at 1– 800–877–8339. SUPPLEMENTARY INFORMATION: The Board, created in 1996 to take over many of the functions previously performed by the Interstate Commerce Commission, exercises broad authority over transportation by rail carriers, including regulation of railroad rates and service (49 U.S.C. 10701–47, 11101–24), as well as the construction, acquisition, operation, and abandonment of rail lines (49 U.S.C. 10901–07) and railroad line sales, consolidations, mergers, and common control arrangements (49 U.S.C. 10902, 11323–27). RSTAC was established upon the enactment of the ICC Termination Act of 1995 (ICCTA), on December 29, 1995, to advise the Board’s Chairman, the Secretary of Transportation, the Committee on Commerce, Science, and Transportation of the Senate, and the Committee on Transportation and Infrastructure of the House of Representatives with respect to rail transportation policy issues RSTAC considers significant. RSTAC focuses on issues of importance to small shippers and small railroads, including car supply, rates, competition, and procedures for addressing claims. ICCTA directs RSTAC to develop private-sector mechanisms to prevent, or identify and address, obstacles to the most effective and efficient transportation system practicable. RSTAC also prepares an annual report concerning its activities and recommendations on whatever regulatory or legislative relief it considers appropriate. RSTAC is not subject to the Federal Advisory Committee Act. Nine members of RSTAC are voting members and are appointed from senior executive officers of organizations engaged in the railroad and rail shipping industries. At least four of the voting members must be representatives of small shippers as determined by the Chairman, and at least four of the voting members must be representatives of Class II or III railroads. The remaining six members to be appointed—three representing Class I railroads and three representing large shipper organizations—serve in a nonvoting, advisory capacity, but are entitled to participate in RSTAC deliberations. RSTAC is required by statute to meet at least semi-annually. In recent years, RSTAC has met four times a year. Meetings are generally held at the Board’s headquarters in Washington, DC, although some are held in other locations. PO 00000 Frm 00131 Fmt 4703 Sfmt 4703 RSTAC members receive no compensation for their services and are required to provide for the expenses incidental to their service, including travel expenses, as the Board cannot provide for these expenses. RSTAC may solicit and use private funding for its activities, again subject to certain restrictions in ICCTA. RSTAC members currently have elected to submit annual dues to pay for RSTAC expenses. RSTAC members must be citizens of the United States and represent as broadly as practicable the various segments of the railroad and rail shipper industries. They may not be full-time employees of the United States. According to revised guidance issued by the Office of Management and Budget, it is permissible for federally registered lobbyists to serve on advisory committees, such as RSTAC, as long as they do so in a representative capacity, rather than an individual capacity. See Revised Guidance on Appointment of Lobbyists to Federal Advisory Committees, Boards, and Commissions, 79 FR 47482 (Aug. 13, 2014). Members of RSTAC are appointed to serve in a representative capacity. RSTAC members are appointed for three-year terms. A member may serve after the expiration of his or her term until a successor has taken office. No member will be eligible to serve in excess of two consecutive terms. Due to the expiration of one RSTAC member’s second term, a vacancy exists for a small railroad representative. Upon appointment by the Chairman, the new representative will serve for three years, and may be eligible to serve a second three-year term following the end of their first term. Suggestions for candidates to fill the vacancy should be submitted in letter form, identify the name of the candidate, provide a summary of why the candidate is qualified to serve on RSTAC, and contain a representation that the candidate is willing to serve as a member of RSTAC effective immediately upon appointment. RSTAC candidate suggestions should be filed with the Board by February 22, 2016. Members selected to serve on RSTAC are chosen at the discretion of the Board’s Chairman. Please note that submissions will be available to the public at the Board’s offices and posted on the Board’s Web site under Docket No. EP 526 (Sub-No. 7). Authority: 49 U.S.C. 726. Decided: January 22, 2016. E:\FR\FM\27JAN1.SGM 27JAN1

Agencies

[Federal Register Volume 81, Number 17 (Wednesday, January 27, 2016)]
[Notices]
[Pages 4736-4738]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-01648]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF STATE

[Public Notice: 9425]


Privacy Act; System of Records: Digital Outreach and 
Communications, State-79

SUMMARY: Notice is hereby given that the Department of State proposes 
to amend an existing system of records, Digital Outreach and 
Communications, State-79, pursuant to the provisions of the Privacy Act 
of 1974, as amended (5 U.S.C. 552a) and Office of Management and Budget 
Circular No. A-130, Appendix I.

DATES: This system of records will be effective on March 7, 2016, 
unless we receive comments that will result in a contrary 
determination.

ADDRESSES: Any persons interested in commenting on the amended system 
of records may do so by writing to the Director; Office of Information 
Programs and Services, A/GIS/IPS; Department of State, SA-2; 515 22nd 
Street NW.; Washington, DC 20522-8100.

FOR FURTHER INFORMATION CONTACT: John Hackett, Director; Office of 
Information Programs and Services, A/GIS/IPS; Department of State, SA-
2; 515 22nd Street NW.; Washington, DC 20522-8100, or at 
Privacy@state.gov.

SUPPLEMENTARY INFORMATION: The Department of State proposes that the 
current system retain the name ``Digital Outreach and Communications'' 
(previously published at 78 FR 54946). The purpose of the system is to 
extend outreach, engagement, and collaboration efforts with the public, 
and to facilitate transparency and accountability with regard to 
Department activities; to conduct and administer contests, challenges, 
and other competitions; and to track aggregate activity and analytics 
to determine the effectiveness of email campaigns. The proposed system 
will include modifications to the following sections: System location, 
Categories of individuals, Categories of records, Authority for 
maintenance of the system, Purpose, Routine uses, Retrievability, 
Safeguards, and Notification procedure. The modifications will allow 
the contact information to be stored in a FEDRAMP Certified Cloud 
provider, and will allow the Department to collect aggregate activity 
and analytics of email campaigns.
    The Department's report was filed with the Office of Management and 
Budget. The amended system description, ``Digital Outreach and 
Communications, State-79,'' will read as set forth below.

Joyce A. Barr,
Assistant Secretary for Administration, U.S. Department of State.
STATE-79

SYSTEM NAME:
    Digital Outreach and Communications.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Department of State domestic locations, posts abroad, and within a 
government cloud, implemented by State Department as a cloud-based 
cloud software as a service (SaaS) provider.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who interact with the Department through a social media 
outlet, or other electronic means including by submitting feedback, 
subscription (RSS), email, requesting more information from the 
Department. Individuals participating in a contest, challenge, or other 
competition.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system may contain information passed through a social media 
site or cloud service provider to facilitate interaction with the 
Department such as, but not limited to the following: Name, username, 
email address, home or work address, contact information, phone 
numbers, date of birth, age, security questions, IP addresses, login 
credentials, topical interests, and educational, business, or volunteer 
affiliation. The system will also contain information on the topics 
about which users wish to receive communications, as well as input and 
feedback from the public, such as comments, emails, videos, and images, 
which may include tags, geotags, or geographical metadata. The system 
may also include information that does not meet the definition of a 
``record'' under the Privacy Act, such as aggregate metrics on user 
click rates, open rates, non-read rates, unsubscribes, and link 
activity.
    In addition to the information listed above, individuals who enter 
a contest, challenge, or other competition may be asked to provide 
certain specific information including financial data, passport and 
visa information, and other information necessary to authenticate 
qualifications for participation or for prize issuance.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Presidential Memorandum to the Heads of Executive Departments and 
Agencies on Transparency and Open Government, January 21, 2009. OMB M-
10-06, Open Government Directive, December 8, 2009. OMB M-10-23, 
Guidance for Agency Use of Third-Party Web sites and Applications, June 
25, 2010. 5 U.S.C. 301, Management of Executive Agencies. 22 U.S.C. 
2651a, Organization of the Department of State.

[[Page 4737]]

PURPOSE:
    To extend outreach, engagement, and collaboration efforts with the 
public, and to facilitate transparency and accountability with regard 
to Department activities. To conduct and administer contests, 
challenges, and other competitions. To track aggregate activity and 
analytics to determine the effectiveness of email campaigns.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Information in this system may be shared with the news media and 
the public, with the approval of the Chief of Mission or Bureau 
Assistant Secretary who supervises the office responsible for the 
outreach effort, except to the extent that release of the information 
would constitute an unwarranted invasion of personal privacy;
    To Government agencies and the White House for purposes of planning 
and coordinating public engagement activities;
    To a contractor of the Department having need for the information 
in the performance of the contract, but not operating a system of 
records within the meaning of 5 U.S.C. 552a(m);
    And to Federal, state, and city governments which are issued tax 
reports, the Internal Revenue Service and the Social Security 
Administration which are sent tax and withholding data.
    The Department of State periodically publishes in the Federal 
Register its standard routine uses which apply to all of its Privacy 
Act systems of records. These notices appear in the form of a Prefatory 
Statement. These standard routine uses apply to Digital Outreach and 
Communications, State-79.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    None.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Electronic media.

RETRIEVABILITY:
    Username; email; name.

SAFEGUARDS:
    All users are given cyber security awareness training which covers 
the procedures for handling Sensitive But Unclassified (SBU) 
information, including personally identifiable information (PII). 
Annual refresher training is mandatory. In addition, all Foreign 
Service and Civil Service employees and those Locally Engaged Staff who 
handle PII are required to take the Foreign Service Institute distance 
learning course, PA 459, instructing employees on privacy and security 
requirements, including the rules of behavior for handling PII and the 
potential consequences if it is handled improperly.
    Access to the Department of State, its annexes and posts abroad is 
controlled by security guards and admission is limited to those 
individuals possessing a valid identification card or individuals under 
proper escort. All paper records containing personal information are 
maintained in secured file cabinets in restricted areas, access to 
which is limited to authorized personnel only. Access to computerized 
files is password-protected and under the direct supervision of the 
system manager. The system manager has the capability of printing audit 
trails of access from the computer media, thereby permitting regular 
and ad hoc monitoring of computer usage. When it is determined that a 
user no longer needs access, the user account is disabled.
    Before being granted access to Protocol Records, a user must first 
be granted access to the Department of State computer system. Remote 
access to the Department of State network from non-Department owned 
systems is authorized only to unclassified systems and only through a 
Department approved access program. Remote access to the network is 
configured with the Office of Management and Budget Memorandum M-07-16 
security requirements which include but are not limited to two-factor 
authentication and time out function. All Department of State employees 
and contractors with authorized access have undergone a thorough 
background security investigation.
    The safeguards in the following paragraphs apply only to records 
that are maintained in cloud systems. All cloud systems that provide IT 
services and process Department of State information must be: (1) 
Provisionally authorized to operate by the Federal Risk and 
Authorization Management Program (FedRAMP), and (2) specifically 
authorized by the Department of State Authorizing Official and Senior 
Agency Official for Privacy. Only information that conforms with 
Department-specific definitions for Federal Information Security 
Management Act (FISMA) low or moderate categorization are permissible 
for cloud usage. Specific security measures and safeguards will depend 
on the FISMA categorization of the information in a given cloud system. 
In accordance with Department policy, systems that process more 
sensitive information will require more stringent controls and review 
by Department cybersecurity experts prior to approval. Prior to 
operation, all Cloud systems must comply with applicable security 
measures that are outlined in FISMA, FedRAMP, OMB regulations, NIST 
Federal Information Processing Standards (FIPS) and Special Publication 
(SP), and Department of State policy and standards.
    All data stored in cloud environments categorized above a low FISMA 
impact risk level must be encrypted at rest and in-transit using a 
federally approved encryption mechanism. The encryption keys shall be 
generated, maintained, and controlled in a Department data center by 
the Department key management authority. Deviations from these 
encryption requirements must be approved in writing by the Authorizing 
Official.

RETENTION AND DISPOSAL:
    Records are retired and destroyed in accordance with published 
Department of State Records Disposition Schedules as approved by the 
National Archives and Records Administration (NARA). More specific 
information may be obtained by writing to the Director; Office of 
Information Programs and Services, A/GIS/IPS; SA-2, Department of 
State; 515 22nd Street NW.; Washington, DC 20522-8100.

SYSTEM MANAGER(S) AND ADDRESS:
    The Under Secretary for Public Diplomacy and Public Affairs; 
Department of State; 2201 C Street NW.; Washington, DC 20520.

NOTIFICATION PROCEDURE:
    Individuals who have cause to believe that the Department may have 
outreach records pertaining to him or her should write to the Director; 
Office of Information Programs and Services, A/GIS/IPS; SA-2, 
Department of State; 515 22nd Street NW.; Washington, DC 20522-8100. 
The individual must specify that he or she wishes the outreach records 
of the Department to be checked. At a minimum, the individual must 
include the following: Name; email address; current mailing address and 
zip code; signature; and other information helpful in identifying the 
record.

RECORD ACCESS PROCEDURES:
    Individuals who wish to gain access to or amend records pertaining 
to themselves should write to the Director; Office of Information 
Programs and Services (address above).

[[Page 4738]]

CONTESTING RECORD PROCEDURES:
    Individuals who wish to contest records pertaining to themselves 
should write to the Director; Office of Information Programs and 
Services (address above).

RECORD SOURCE CATEGORIES:
    These records contain information obtained directly from 
individuals who interact with the Department of State through social 
media sites or who communicate electronically with the Department in 
response to public outreach.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    None.

[FR Doc. 2016-01648 Filed 1-26-16; 8:45 am]
BILLING CODE 4710-45-P