Privacy Act of 1974; System of Records, 43637-43640 [2017-19818]
Download as PDF
<![CDATA[
Federal Register / Vol. 82, No. 179 / Monday, September 18, 2017 / Notices
SMALL BUSINESS ADMINISTRATION
[Disaster Declaration # 15245 and #15246;
NEW HAMPSHIRE Disaster Number NH–
00038]
Presidential Declaration Amendment of
a Major Disaster for Public Assistance
Only for the State of New Hampshire
U.S. Small Business
Administration.
ACTION: Amendment 1.
AGENCY:
This is an amendment of the
Presidential declaration of a major
disaster for Public Assistance Only for
the State of New Hampshire (FEMA–
4329–DR), dated August 9, 2017.
DATES: Issued on September 11, 2017.
Physical Loan Application Deadline
Date: 10/09/2017.
Economic Injury (EIDL) Loan
Application Deadline Date: 05/09/2018.
ADDRESSES: Submit completed loan
applications to: U.S. Small Business
Administration, Processing and
Disbursement Center, 14925 Kingsport
Road, Fort Worth, TX 76155.
FOR FURTHER INFORMATION CONTACT: A.
Escobar, Office of Disaster Assistance,
U.S. Small Business Administration,
409 3rd Street SW., Suite 6050,
Washington, DC 20416, (202) 205–6734.
SUPPLEMENTARY INFORMATION: The notice
of the President’s major disaster
declaration for Private Non-Profit
organizations in the State of New
Hampshire, dated 08/09/2017, is hereby
amended to include the following areas
as adversely affected by the disaster.
Incident: Severe Storms and Flooding.
Incident Period: 07/01/2017 through
07/02/2017.
Primary Counties: Coos.
All other information in the original
declaration remains unchanged.
SUMMARY:
(Catalog of Federal Domestic Assistance
Number 59008)
James E. Rivera,
Associate Administrator for Disaster
Assistance.
[FR Doc. 2017–19735 Filed 9–15–17; 8:45 am]
BILLING CODE 8025–01–P
SMALL BUSINESS ADMINISTRATION
sradovich on DSKBBY8HB2PROD with NOTICES
Small Business Size Standards: Class
Waiver of the Nonmanufacturer Rule
U.S. Small Business
Administration.
ACTION: Notice of Intent To Waive the
Nonmanufacturer Rule for Positive
Airway Pressure Devices and Supplies
Manufacturing.
AGENCY:
The U.S. Small Business
Administration (SBA) is considering
SUMMARY:
VerDate Sep<11>2014
16:54 Sep 15, 2017
Jkt 241001
granting a request for a class waiver of
the Nonmanufacturer Rule (NMR) for
Positive Airway Pressure Devices and
Supplies Manufacturing. This U.S.
industry comprises establishments
primarily engaged in manufacturing
Continuous Positive Airway Pressure
(CPAP) devices, Bi-level Positive
Airway Pressure (BiPAP) devices, and
other products intended to treat sleep
apnea by keeping a person’s airways
open during sleep. According to the
request, no small business
manufacturers supply this product to
the Federal government. If granted, the
class waiver would allow otherwise
qualified regular dealers to supply the
product of any manufacturer on a
Federal contract set aside for small
business, service-disabled veteranowned small business (SDVOSB),
women-owned small business (WOSB),
economically disadvantaged womenowned small business (EDWOSB), or
participants in the SBA’s 8(a) Business
Development (BD) program.
DATES: Comments and source
information must be submitted by
October 18, 2017.
ADDRESSES: You may submit comments
and source information via the Federal
Rulemaking Portal at https://
www.regulations.gov under Docket ID
SBA–2017–0006. If you wish to submit
confidential business information (CBI)
as defined in the User Notice at https://
www.regulations.gov, please submit the
information to Roman Ivey, Program
Analyst, Office of Government
Contracting, U.S. Small Business
Administration, 409 Third Street SW.,
8th Floor, Washington, DC 20416, and
highlight the information that you
consider to be CBI and explain why you
believe this information should be held
confidential. SBA will review the
information and make a final
determination as to whether or not the
information will be published.
FOR FURTHER INFORMATION CONTACT:
Roman Ivey, Program Analyst, by
telephone at 202–401–1420; or by email
at roman.ivey@sba.gov.
SUPPLEMENTARY INFORMATION: Section
8(a)(17) and 46 of the Small Business
Act (Act), 15 U.S.C. 637(a)(17) and 657,
and SBA’s implementing regulations
require that recipients of Federal supply
contracts (except those valued between
$3,500 and $150,000) set aside for small
business, service-disabled veteranowned small business (SDVOSB),
women-owned small business (WOSB),
economically disadvantaged womenowned small business (EDWOSB), or
participants in the SBA’s 8(a) Business
Development (BD) program provide the
product of a small business
PO 00000
Frm 00124
Fmt 4703
Sfmt 4703
43637
manufacturer or processor, if the
recipient is other than the actual
manufacturer or processor of the
product. This requirement is commonly
referred to as the Nonmanufacturer Rule
(NMR). 13 CFR 121.406(b). Sections
8(a)(17)(B)(iv)(II) and 46(a)(4)(B) of the
Act authorize SBA to waive the NMR for
a ‘‘class of products’’ for which there are
no small business manufacturers or
processors available to participate in the
Federal market.
As implemented in SBA’s regulations
at 13 CFR 121.1202(c), in order to be
considered available to participate in
the Federal market for a class of
products, a small business manufacturer
must have submitted a proposal for a
contract solicitation or been awarded a
contract to supply the class of products
within the last 24 months.
The SBA defines ‘‘class of products’’
based on a combination of (1) the six
digit North American Industry
Classification System (NAICS) code, (2)
the four digit Product Service Code
(PSC), and (3) a description of the class
of products.
The SBA is currently processing a
request to waive the NMR for Positive
Airway Pressure Devices and Supplies
under NAICS codes 339112 and 339113,
PSC 6515. The public is invited to
comment or provide source information
on any small business manufacturers of
this class of products that are available
to participate in the Federal market. The
public comment period will run for 30
days after the date of publication in the
Federal Register.
More information on the NMR and
Class Waivers can be found at https://
www.sba.gov/contracting/contractingofficials/non-manufacturer-rule/nonmanufacturer-waivers.
Dated: September 6, 2017.
´
Sean F. Crean,
Director, Office of Government Contracting.
[FR Doc. 2017–19457 Filed 9–15–17; 8:45 am]
BILLING CODE 8025–01–P
DEPARTMENT OF STATE
[Public Notice: 10126]
Privacy Act of 1974; System of
Records
Department of State.
Notice of a New System of
Records.
AGENCY:
ACTION:
Ombudsperson Mechanism
Records includes information about
individuals who have submitted
requests relating to national security
access to data transmitted to the United
States pursuant to the Privacy Shield
SUMMARY:
E:\FR\FM\18SEN1.SGM
18SEN1
43638
Federal Register / Vol. 82, No. 179 / Monday, September 18, 2017 / Notices
Framework Ombudsperson Mechanism
and any similar mechanism established
between the United States and another
country or countries. The system assists
in the overall management of the
request review process and the
provision of responses thereto by
facilitating accurate and up-to-date
record keeping.
DATES: In accordance with 5 U.S.C.
552a(e)(4) and (11), this system of
records notice is effective upon
publication, with the exception of the
routine uses that are subject to a 30-day
period during which interested persons
may submit comments to the
Department. Please submit any
comments by October 18, 2017.
ADDRESSES: Questions can be submitted
by mail or email. If mail, please write to:
U.S Department of State; Office of
Global Information Systems, Privacy
Staff; A/GIS/PRV; SA–2, Suite 8100;
Washington, DC 20522–0208. If email,
please address the email to the Chief
Privacy Officer, Margaret P. Grafeld, at
Privacy@state.gov. Please write
‘‘Ombudsperson Mechanism Records,
State-83’’ on the envelope or the subject
line of your email.
FOR FURTHER INFORMATION CONTACT:
Margaret P. Grafeld, Chief Privacy
Officer; U.S. Department of State; Office
of Global Information Services, A/GIS/
PRV; SA–2, Suite 8100; Washington, DC
20522–0208.
SUPPLEMENTARY INFORMATION: None.
SYSTEM NAME AND NUMBER:
Ombudsperson Mechanism Records,
State-83.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Department of State (‘‘Department’’),
located at 2201 C Street NW.,
Washington, DC 20520, and within a
government cloud provided,
implemented, and overseen by the
Department’s Enterprise Server
Operations Center (ESOC), 2201 C Street
NW., Washington, DC 20520.
PURPOSE(S) OF THE SYSTEM:
The EU–U.S. Privacy Shield
Framework and the Swiss-U.S. Privacy
Shield Framework create a mechanism
for companies on both sides of the
Atlantic to comply with EU data
protection requirements when
transferring personal data from the
European Union and Switzerland,
respectively, to the United States in
support of transatlantic commerce. The
Frameworks each established an
Ombudsperson Mechanism to address
appropriate inquiries by individuals
relating to U.S. Intelligence Community
access to personal data transmitted from
the EU or Switzerland to the United
States through Privacy Shield and
related commercial transfer
mechanisms. The information will be
used by the Ombudsperson to ensure
that requests are properly investigated
and addressed in a timely manner, and
that the relevant U.S. laws have been
complied with or, if the laws have been
violated, that the situation has been
remedied.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Individuals whose requests relating to
national security access to data
transmitted from the European Union to
the United States under the Privacy
Shield Framework (81 FR 51042), and
the EU–U.S. Privacy Shield
Ombudsperson Mechanism Regarding
Signals Intelligence (‘‘Ombudsperson
Mechanism’’) thereunder, are submitted
by the ‘‘EU individual complaint
handling body’’ to the Department.
Individuals who submit requests
relating to national security access to
data transmitted under any similar
mechanism established between the
United States and another country or
countries. The Privacy Act defines an
individual at 5 U.S.C. 552a(a)(2) as a
United States citizen or lawful
permanent resident.
CATEGORIES OF RECORDS IN THE SYSTEM:
International Communication and
Information Policy Officer for Europe,
Office of Communications &
Information Policy, Bureau of Economic
and Business Affairs; U.S. Department
of State, 2201 C St. Washington, DC
20520. System Managers can be reached
at (202) 647–8784.
These records may include biographic
and contact information, such as name,
address, email address, phone number,
and information about residency or
nationality, as well as other information
that requesters and foreign government
officials include in the requests
submitted to the Department. The
records also may include information
about an individual’s request and the
processing of that request.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
RECORD SOURCE CATEGORIES:
(a) State Department Basic Authorities
Act of 1956, as amended (22 U.S.C. 2708
Individuals who submit requests for
review under the Privacy Shield
SYSTEM MANAGER(S):
sradovich on DSKBBY8HB2PROD with NOTICES
et seq.); (b) Privacy Shield Framework
(81 FR 51042).
VerDate Sep<11>2014
16:54 Sep 15, 2017
Jkt 241001
PO 00000
Frm 00125
Fmt 4703
Sfmt 4703
Ombudsperson Mechanism or similar
arrangement are the primary source of
record information, although that
information is provided to the
Department by the EU Individual
Complaint Handling Body or
corresponding body under similar
arrangements. Additional information
necessary to process individual requests
may be provided by these bodies as well
as other federal agencies.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
The information in Ombudsperson
Mechanism Records may be disclosed:
A. To other Federal Agencies or
bodies to facilitate the consideration,
processing and resolution of requests
consistent with Section 2 of the
Ombudsperson Mechanism (accessed
via https://www.state.gov/e/
privacyshield/ombud/).
B. To an EU individual complaint
handling body and any other complaint
handling body established under a
similar arrangement with another
country to coordinate the discharge of
commitments made therein. For
example, the Privacy Shield
Ombudsperson will communicate
directly with the EU individual
complaint handling body regarding
requests submitted pursuant to the
Ombudsperson Mechanism for reasons
including acknowledging receipt of the
request from the EU individual
complaint handling body, requesting
additional information necessary to
perfect the request, and providing a
final response. The EU individual
complaint handling body will in turn be
responsible for all communications with
individuals who submit requests.
C. To a contractor of the Department
having need for the information in the
performance of the contract, but not
operating a system of records within the
meaning of 5 U.S.C. 552a(m).
D. To appropriate agencies, entities,
and persons when (1) the Department of
State suspects or has confirmed that
there has been a breach of the system of
records; (2) the Department of State has
determined that as a result of the
suspected or confirmed breach there is
a risk of harm to individuals, the
Department of State (including its
information systems, programs, and
operations), the Federal Government, or
national security; and (3) the disclosure
made to such agencies, entities, and
persons is reasonably necessary to assist
in connection with the Department of
State efforts to respond to the suspected
or confirmed breach or to prevent,
minimize, or remedy such harm.
E:\FR\FM\18SEN1.SGM
18SEN1
sradovich on DSKBBY8HB2PROD with NOTICES
Federal Register / Vol. 82, No. 179 / Monday, September 18, 2017 / Notices
E. To another Federal agency or
Federal entity, when the Department of
State determines that information from
this system of records is reasonably
necessary to assist the recipient agency
or entity in (1) responding to a
suspected or confirmed breach or (2)
preventing, minimizing, or remedying
the risk of harm to individuals, the
recipient agency or entity (including its
information systems, programs, and
operations), the Federal Government, or
national security, resulting from a
suspected or confirmed breach.
F. To an agency, whether federal,
state, local or foreign, where a record
indicates a violation or potential
violation of law, whether civil, criminal
or regulatory in nature, and whether
arising by general statute or particular
program statute, or by regulation, rule or
order issued pursuant thereto, so that
the recipient agency can fulfill its
responsibility to investigate or prosecute
such violation or enforce or implement
the statute, rule, regulation, or order.
G. To the Federal Bureau of
Investigation, the Department of
Homeland Security, the National
Counter-Terrorism Center (NCTC), the
Terrorist Screening Center (TSC), or
other appropriate federal agencies, for
the integration and use of such
information to protect against terrorism,
if that record is about one or more
individuals known, or suspected, to be
or to have been involved in activities
constituting, in preparation for, in aid
of, or related to terrorism. Such
information may be further
disseminated by recipient agencies to
Federal, State, local, territorial, tribal,
and foreign government authorities, and
to support private sector processes as
contemplated in Homeland Security
Presidential Directive/HSPD–6 and
other relevant laws and directives, for
terrorist screening, threat-protection and
other homeland security purposes.
H. To a congressional office from the
record of an individual in response to
an inquiry from the Congressional office
made at the request of that individual.
I. To a court, adjudicative body, or
administrative body before which the
Department is authorized to appear
when (a) the Department; (b) any
employee of the Department in his or
her official capacity; (c) any employee of
the Department in his or her individual
capacity where the U.S. Department of
Justice (‘‘DOJ’’) or the Department has
agreed to represent the employee; or (d)
the Government of the United States,
when the Department determines that
litigation is likely to affect the
Department, is a party to litigation or
has an interest in such litigation, and
the use of such records by the
VerDate Sep<11>2014
16:54 Sep 15, 2017
Jkt 241001
Department is deemed to be relevant
and necessary to the litigation or
administrative proceeding.
J. To the Department of Justice
(‘‘DOJ’’) for its use in providing legal
advice to the Department or in
representing the Department in a
proceeding before a court, adjudicative
body, or other administrative body
before which the Department is
authorized to appear, where the
Department deems DOJ’s use of such
information relevant and necessary to
the litigation, and such proceeding
names as a party or interests:
(a) The Department or any component
of it;
(b) Any employee of the Department
in his or her official capacity;
(c) Any employee of the Department
in his or her individual capacity where
DOJ has agreed to represent the
employee; or
(d) The Government of the United
States, where the Department
determines that litigation is likely to
affect the Department or any of its
components.
K. To the National Archives and
Records Administration and the General
Services Administration: For records
management inspections, surveys and
studies; following transfer to a Federal
records center for storage; and to
determine whether such records have
sufficient historical or other value to
warrant accessioning into the National
Archives of the United States.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Records are stored both in hard copy
and on electronic media. A description
of standard Department of State policies
concerning storage of electronic records
is found here https://fam.state.gov/
FAM/05FAM/05FAM0440.html. All
hard copies of records containing
personal information are maintained in
secured file cabinets in restricted areas,
access to which is limited to authorized
personnel only.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
By individual name or other personal
identifier, if available, and by a tracking
number.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
The Department of State is in the
process of developing a retention
schedule for these records. Once the
schedule is approved by the National
Archives and Records Administration,
the Records will be retired in
accordance with published Department
of State Records Disposition Schedule
that shall be published here: https://
PO 00000
Frm 00126
Fmt 4703
Sfmt 4703
43639
foia.state.gov/Learn/Records
Disposition.aspx. More specific
information may be obtained by writing
to U.S. Department of State; Director,
Office of Information Programs and
Services; A/GIS/IPS; SA–2, Suite 8100;
Washington, DC 20522–0208.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
All users are given cyber security
awareness training that covers the
procedures for handling Sensitive but
Unclassified information, including
personally identifiable information (PII).
Annual refresher training is mandatory.
In addition, all Foreign Service and
Civil Service employees and those
Locally Employed Staff who handle PII
are required to take the Foreign Service
Institute distance learning course
instructing employees on privacy and
security requirements, including the
rules of behavior for handling PII and
the potential consequences if it is
handled improperly. Before being
granted access to Ombudsperson
Mechanism Records, a user must first be
granted access to the Department of
State computer system.
Department of State employees and
contractors may remotely access this
system of records using non-Department
owned information technology. Such
access is subject to approval by the
Department’s access program, and is
limited to information maintained in
unclassified information systems.
Remote access to the Department’s
information systems is configured in
compliance with OMB Circular A–130
multifactor authentication requirements
and includes a time-out function.
All Department of State employees
and contractors with authorized access
to records maintained in this system of
records have undergone a thorough
background security investigation.
Access to the Department of State, its
annexes and posts abroad is controlled
by security guards and admission is
limited to those individuals possessing
a valid identification card or individuals
under proper escort. While the majority
of records in Ombudsperson Mechanism
will be in an electronic format, paper
mailings from the EU individual
complaint handling body could be
included in the system. All paper
records containing personal information
are maintained in secured file cabinets
in restricted areas, access to which is
limited to authorized personnel only.
Access to computerized files is
password-protected and under the
direct supervision of the system
manager. The system manager has the
capability of printing audit trails of
access from the computer media,
E:\FR\FM\18SEN1.SGM
18SEN1
43640
Federal Register / Vol. 82, No. 179 / Monday, September 18, 2017 / Notices
thereby permitting regular and ad hoc
monitoring of computer usage.
When it is determined that a user no
longer needs access, the user account is
disabled. The Department of State will
store records maintained in this system
of records in cloud systems. All cloud
systems that provide IT services and
process Department of State information
must be authorized to operate by the
Department of State Authorizing Official
and Senior Agency Official for Privacy.
Only information that conforms with
Department-specific definitions for
FISMA low or moderate categorization
are permissible for cloud usage unless
specifically authorized by the
Department’s Cloud Computing
Governance Board. The categorization of
information in this system of records is
designated as low. Prior to operation, all
Cloud systems must comply with
applicable security measures that are
outlined in FISMA, FedRAMP, OMB
guidance, NIST Federal Information
Processing Standards (FIPS) and Special
Publications, and Department of State
policy and standards.
sradovich on DSKBBY8HB2PROD with NOTICES
Individuals who wish to gain access
to or to amend records pertaining to
themselves should write to U.S.
Department of State; Director, Office of
Information Programs and Services; A/
GIS/IPS; SA–2, Suite 8100; Washington,
DC 20522–0208. The individual must
specify that he or she wishes the
Ombudsperson Mechanism Records to
be checked. At a minimum, the
individual must include: Full name
(including maiden name, if appropriate)
and any other names used; current
mailing address and zip code; date and
place of birth; notarized signature or
statement under penalty of perjury; a
brief description of the circumstances
that caused the creation of the record
(including the city and/or country and
the approximate dates) which gives the
individual cause to believe that the
Ombudsperson Mechanism Records
include records pertaining to him or
her. Detailed instructions on
Department of State procedures for
accessing and amending records can be
found at https://foia.state.gov/Request/
Guide.aspx.
CONTESTING RECORD PROCEDURES:
Individuals who wish to contest
record procedures should write to U.S.
Department of State; Director, Office of
Information Programs and Services; A/
GIS/IPS; SA–2, Suite 8100; Washington,
DC 20522–0208.
16:54 Sep 15, 2017
Individuals who have reason to
believe that this system of records may
contain information pertaining to them
may write to U.S. Department of State;
Director, Office of Information Programs
and Services; A/GIS/IPS; SA–2, Suite
8100; Washington, DC 20522–0208. The
individual must specify that he or she
wishes the Ombudsperson Mechanism
Records to be checked. At a minimum,
the individual must include: Full name
(including maiden name, if appropriate)
and any other names used; current
mailing address and zip code; date and
place of birth; notarized signature or
statement under penalty of perjury; a
brief description of the circumstances
that caused the creation of the record
(including the city and/or country and
the approximate dates) which gives the
individual cause to believe that the
Ombudsperson Mechanism Records
include records pertaining to him or
her.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
in command authority, are being
investigated, prosecuted, and
appropriately sanctioned, and military
officers credibly alleged to have
committed such crimes are removed
from positions of command authority
until the completion of judicial
proceedings; and
(3) The Government of Colombia is
continuing to dismantle illegal armed
groups, taking effective steps to protect
the rights of human rights defenders,
journalists, trade unionists, and other
social activists, and protecting the rights
and territory of indigenous and AfroColombian communities.
This Certification shall be published
in the Federal Register and, along with
the accompanying Report and
Memorandum of Justification, shall be
transmitted to the appropriate
committees of Congress.
Dated: September 11, 2017.
Rex W. Tillerson,
Secretary of State.
[FR Doc. 2017–19837 Filed 9–15–17; 8:45 am]
BILLING CODE 4710–29–P
HISTORY:
None.
RECORD ACCESS PROCEDURES:
VerDate Sep<11>2014
NOTIFICATION PROCEDURES:
Jkt 241001
Mary R. Avery,
Senior Agency Official for Privacy, Senior
Advisor, Office of Global Information
Services, Bureau of Administration,
Department of State.
[FR Doc. 2017–19818 Filed 9–15–17; 8:45 am]
BILLING CODE 4710–24–P
DEPARTMENT OF STATE
Certification Related to Foreign Military
Financing for Colombia Under Section
7045(b)(6) of the Department of State,
Foreign Operations, and Related
Programs Appropriations Act, 2017
Pursuant to the authority vested in the
Secretary of State, including under
section 7045(b)(6) of the Department of
State, Foreign Operations, and Related
Programs Appropriations Act, 2017
(Div. J, Pub. L. 115–31) I hereby certify
and report that:
(1) The Peace Tribunal and other
judicial bodies within the special
jurisdiction for peace are independent
and have authority to document ‘‘truth
declarations’’ from perpetrators of gross
violations of human rights and to
sentence such perpetrators to
meaningful sanctions, including
victims’ reparations, guarantee of nonrepetition, and deprivation of liberty;
(2) Military personnel responsible for
ordering, committing, or covering up
cases of false positives, including those
Frm 00127
Fmt 4703
Sfmt 4703
Senior Executive Service Performance
Review Board Members
Office of the United States
Trade Representative.
ACTION: Notice.
AGENCY:
The Office of the United
States Trade Representative (USTR) is
publishing the names of the members
selected to serve on its Senior Executive
Service Performance Review Board
(PRB). This notice supersedes all
previous PRB membership notices.
FOR FURTHER INFORMATION CONTACT: Ron
Nerida, Human Capital Specialist,
Office of Human Capital and Services, at
(202) 395–7360 or RNerida@
ustr.eop.gov.
SUMMARY:
[Public Notice: 10130]
PO 00000
OFFICE OF THE UNITED STATES
TRADE REPRESENTATIVE
Provisions
of the Civil Service Reform Act of 1978,
as amended (5 U.S.C. 4314(c)(1)–(5)),
require USTR to establish a PRB to
review and evaluate the initial appraisal
of a senior executive’s performance by
the supervisor, and make
recommendations regarding
performance ratings to the United States
Trade Representative or his designee.
The Act (5 U.S.C. 4314(c)(4)) requires
USTR to publish the PRB membership
in the Federal Register. The following
individuals have been selected to serve
on USTR’s PRB:
SUPPLEMENTARY INFORMATION:
E:\FR\FM\18SEN1.SGM
18SEN1
]]>Agencies
[Federal Register Volume 82, Number 179 (Monday, September 18, 2017)]
[Notices]
[Pages 43637-43640]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-19818]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF STATE
[Public Notice: 10126]
Privacy Act of 1974; System of Records
AGENCY: Department of State.
ACTION: Notice of a New System of Records.
-----------------------------------------------------------------------
SUMMARY: Ombudsperson Mechanism Records includes information about
individuals who have submitted requests relating to national security
access to data transmitted to the United States pursuant to the Privacy
Shield
[[Page 43638]]
Framework Ombudsperson Mechanism and any similar mechanism established
between the United States and another country or countries. The system
assists in the overall management of the request review process and the
provision of responses thereto by facilitating accurate and up-to-date
record keeping.
DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of
records notice is effective upon publication, with the exception of the
routine uses that are subject to a 30-day period during which
interested persons may submit comments to the Department. Please submit
any comments by October 18, 2017.
ADDRESSES: Questions can be submitted by mail or email. If mail, please
write to: U.S Department of State; Office of Global Information
Systems, Privacy Staff; A/GIS/PRV; SA-2, Suite 8100; Washington, DC
20522-0208. If email, please address the email to the Chief Privacy
Officer, Margaret P. Grafeld, at Privacy@state.gov. Please write
``Ombudsperson Mechanism Records, State-83'' on the envelope or the
subject line of your email.
FOR FURTHER INFORMATION CONTACT: Margaret P. Grafeld, Chief Privacy
Officer; U.S. Department of State; Office of Global Information
Services, A/GIS/PRV; SA-2, Suite 8100; Washington, DC 20522-0208.
SUPPLEMENTARY INFORMATION: None.
SYSTEM NAME AND NUMBER:
Ombudsperson Mechanism Records, State-83.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Department of State (``Department''), located at 2201 C Street NW.,
Washington, DC 20520, and within a government cloud provided,
implemented, and overseen by the Department's Enterprise Server
Operations Center (ESOC), 2201 C Street NW., Washington, DC 20520.
SYSTEM MANAGER(S):
International Communication and Information Policy Officer for
Europe, Office of Communications & Information Policy, Bureau of
Economic and Business Affairs; U.S. Department of State, 2201 C St.
Washington, DC 20520. System Managers can be reached at (202) 647-8784.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
(a) State Department Basic Authorities Act of 1956, as amended (22
U.S.C. 2708 et seq.); (b) Privacy Shield Framework (81 FR 51042).
PURPOSE(S) OF THE SYSTEM:
The EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy
Shield Framework create a mechanism for companies on both sides of the
Atlantic to comply with EU data protection requirements when
transferring personal data from the European Union and Switzerland,
respectively, to the United States in support of transatlantic
commerce. The Frameworks each established an Ombudsperson Mechanism to
address appropriate inquiries by individuals relating to U.S.
Intelligence Community access to personal data transmitted from the EU
or Switzerland to the United States through Privacy Shield and related
commercial transfer mechanisms. The information will be used by the
Ombudsperson to ensure that requests are properly investigated and
addressed in a timely manner, and that the relevant U.S. laws have been
complied with or, if the laws have been violated, that the situation
has been remedied.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals whose requests relating to national security access to
data transmitted from the European Union to the United States under the
Privacy Shield Framework (81 FR 51042), and the EU-U.S. Privacy Shield
Ombudsperson Mechanism Regarding Signals Intelligence (``Ombudsperson
Mechanism'') thereunder, are submitted by the ``EU individual complaint
handling body'' to the Department. Individuals who submit requests
relating to national security access to data transmitted under any
similar mechanism established between the United States and another
country or countries. The Privacy Act defines an individual at 5 U.S.C.
552a(a)(2) as a United States citizen or lawful permanent resident.
CATEGORIES OF RECORDS IN THE SYSTEM:
These records may include biographic and contact information, such
as name, address, email address, phone number, and information about
residency or nationality, as well as other information that requesters
and foreign government officials include in the requests submitted to
the Department. The records also may include information about an
individual's request and the processing of that request.
RECORD SOURCE CATEGORIES:
Individuals who submit requests for review under the Privacy Shield
Ombudsperson Mechanism or similar arrangement are the primary source of
record information, although that information is provided to the
Department by the EU Individual Complaint Handling Body or
corresponding body under similar arrangements. Additional information
necessary to process individual requests may be provided by these
bodies as well as other federal agencies.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
The information in Ombudsperson Mechanism Records may be disclosed:
A. To other Federal Agencies or bodies to facilitate the
consideration, processing and resolution of requests consistent with
Section 2 of the Ombudsperson Mechanism (accessed via https://www.state.gov/e/privacyshield/ombud/).
B. To an EU individual complaint handling body and any other
complaint handling body established under a similar arrangement with
another country to coordinate the discharge of commitments made
therein. For example, the Privacy Shield Ombudsperson will communicate
directly with the EU individual complaint handling body regarding
requests submitted pursuant to the Ombudsperson Mechanism for reasons
including acknowledging receipt of the request from the EU individual
complaint handling body, requesting additional information necessary to
perfect the request, and providing a final response. The EU individual
complaint handling body will in turn be responsible for all
communications with individuals who submit requests.
C. To a contractor of the Department having need for the
information in the performance of the contract, but not operating a
system of records within the meaning of 5 U.S.C. 552a(m).
D. To appropriate agencies, entities, and persons when (1) the
Department of State suspects or has confirmed that there has been a
breach of the system of records; (2) the Department of State has
determined that as a result of the suspected or confirmed breach there
is a risk of harm to individuals, the Department of State (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with the Department of State efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such
harm.
[[Page 43639]]
E. To another Federal agency or Federal entity, when the Department
of State determines that information from this system of records is
reasonably necessary to assist the recipient agency or entity in (1)
responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient
agency or entity (including its information systems, programs, and
operations), the Federal Government, or national security, resulting
from a suspected or confirmed breach.
F. To an agency, whether federal, state, local or foreign, where a
record indicates a violation or potential violation of law, whether
civil, criminal or regulatory in nature, and whether arising by general
statute or particular program statute, or by regulation, rule or order
issued pursuant thereto, so that the recipient agency can fulfill its
responsibility to investigate or prosecute such violation or enforce or
implement the statute, rule, regulation, or order.
G. To the Federal Bureau of Investigation, the Department of
Homeland Security, the National Counter-Terrorism Center (NCTC), the
Terrorist Screening Center (TSC), or other appropriate federal
agencies, for the integration and use of such information to protect
against terrorism, if that record is about one or more individuals
known, or suspected, to be or to have been involved in activities
constituting, in preparation for, in aid of, or related to terrorism.
Such information may be further disseminated by recipient agencies to
Federal, State, local, territorial, tribal, and foreign government
authorities, and to support private sector processes as contemplated in
Homeland Security Presidential Directive/HSPD-6 and other relevant laws
and directives, for terrorist screening, threat-protection and other
homeland security purposes.
H. To a congressional office from the record of an individual in
response to an inquiry from the Congressional office made at the
request of that individual.
I. To a court, adjudicative body, or administrative body before
which the Department is authorized to appear when (a) the Department;
(b) any employee of the Department in his or her official capacity; (c)
any employee of the Department in his or her individual capacity where
the U.S. Department of Justice (``DOJ'') or the Department has agreed
to represent the employee; or (d) the Government of the United States,
when the Department determines that litigation is likely to affect the
Department, is a party to litigation or has an interest in such
litigation, and the use of such records by the Department is deemed to
be relevant and necessary to the litigation or administrative
proceeding.
J. To the Department of Justice (``DOJ'') for its use in providing
legal advice to the Department or in representing the Department in a
proceeding before a court, adjudicative body, or other administrative
body before which the Department is authorized to appear, where the
Department deems DOJ's use of such information relevant and necessary
to the litigation, and such proceeding names as a party or interests:
(a) The Department or any component of it;
(b) Any employee of the Department in his or her official capacity;
(c) Any employee of the Department in his or her individual
capacity where DOJ has agreed to represent the employee; or
(d) The Government of the United States, where the Department
determines that litigation is likely to affect the Department or any of
its components.
K. To the National Archives and Records Administration and the
General Services Administration: For records management inspections,
surveys and studies; following transfer to a Federal records center for
storage; and to determine whether such records have sufficient
historical or other value to warrant accessioning into the National
Archives of the United States.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored both in hard copy and on electronic media. A
description of standard Department of State policies concerning storage
of electronic records is found here https://fam.state.gov/FAM/05FAM/05FAM0440.html. All hard copies of records containing personal
information are maintained in secured file cabinets in restricted
areas, access to which is limited to authorized personnel only.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
By individual name or other personal identifier, if available, and
by a tracking number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
The Department of State is in the process of developing a retention
schedule for these records. Once the schedule is approved by the
National Archives and Records Administration, the Records will be
retired in accordance with published Department of State Records
Disposition Schedule that shall be published here: https://foia.state.gov/Learn/RecordsDisposition.aspx. More specific information
may be obtained by writing to U.S. Department of State; Director,
Office of Information Programs and Services; A/GIS/IPS; SA-2, Suite
8100; Washington, DC 20522-0208.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
All users are given cyber security awareness training that covers
the procedures for handling Sensitive but Unclassified information,
including personally identifiable information (PII). Annual refresher
training is mandatory. In addition, all Foreign Service and Civil
Service employees and those Locally Employed Staff who handle PII are
required to take the Foreign Service Institute distance learning course
instructing employees on privacy and security requirements, including
the rules of behavior for handling PII and the potential consequences
if it is handled improperly. Before being granted access to
Ombudsperson Mechanism Records, a user must first be granted access to
the Department of State computer system.
Department of State employees and contractors may remotely access
this system of records using non-Department owned information
technology. Such access is subject to approval by the Department's
access program, and is limited to information maintained in
unclassified information systems. Remote access to the Department's
information systems is configured in compliance with OMB Circular A-130
multifactor authentication requirements and includes a time-out
function.
All Department of State employees and contractors with authorized
access to records maintained in this system of records have undergone a
thorough background security investigation. Access to the Department of
State, its annexes and posts abroad is controlled by security guards
and admission is limited to those individuals possessing a valid
identification card or individuals under proper escort. While the
majority of records in Ombudsperson Mechanism will be in an electronic
format, paper mailings from the EU individual complaint handling body
could be included in the system. All paper records containing personal
information are maintained in secured file cabinets in restricted
areas, access to which is limited to authorized personnel only. Access
to computerized files is password-protected and under the direct
supervision of the system manager. The system manager has the
capability of printing audit trails of access from the computer media,
[[Page 43640]]
thereby permitting regular and ad hoc monitoring of computer usage.
When it is determined that a user no longer needs access, the user
account is disabled. The Department of State will store records
maintained in this system of records in cloud systems. All cloud
systems that provide IT services and process Department of State
information must be authorized to operate by the Department of State
Authorizing Official and Senior Agency Official for Privacy. Only
information that conforms with Department-specific definitions for
FISMA low or moderate categorization are permissible for cloud usage
unless specifically authorized by the Department's Cloud Computing
Governance Board. The categorization of information in this system of
records is designated as low. Prior to operation, all Cloud systems
must comply with applicable security measures that are outlined in
FISMA, FedRAMP, OMB guidance, NIST Federal Information Processing
Standards (FIPS) and Special Publications, and Department of State
policy and standards.
RECORD ACCESS PROCEDURES:
Individuals who wish to gain access to or to amend records
pertaining to themselves should write to U.S. Department of State;
Director, Office of Information Programs and Services; A/GIS/IPS; SA-2,
Suite 8100; Washington, DC 20522-0208. The individual must specify that
he or she wishes the Ombudsperson Mechanism Records to be checked. At a
minimum, the individual must include: Full name (including maiden name,
if appropriate) and any other names used; current mailing address and
zip code; date and place of birth; notarized signature or statement
under penalty of perjury; a brief description of the circumstances that
caused the creation of the record (including the city and/or country
and the approximate dates) which gives the individual cause to believe
that the Ombudsperson Mechanism Records include records pertaining to
him or her. Detailed instructions on Department of State procedures for
accessing and amending records can be found at https://foia.state.gov/Request/Guide.aspx.
CONTESTING RECORD PROCEDURES:
Individuals who wish to contest record procedures should write to
U.S. Department of State; Director, Office of Information Programs and
Services; A/GIS/IPS; SA-2, Suite 8100; Washington, DC 20522-0208.
NOTIFICATION PROCEDURES:
Individuals who have reason to believe that this system of records
may contain information pertaining to them may write to U.S. Department
of State; Director, Office of Information Programs and Services; A/GIS/
IPS; SA-2, Suite 8100; Washington, DC 20522-0208. The individual must
specify that he or she wishes the Ombudsperson Mechanism Records to be
checked. At a minimum, the individual must include: Full name
(including maiden name, if appropriate) and any other names used;
current mailing address and zip code; date and place of birth;
notarized signature or statement under penalty of perjury; a brief
description of the circumstances that caused the creation of the record
(including the city and/or country and the approximate dates) which
gives the individual cause to believe that the Ombudsperson Mechanism
Records include records pertaining to him or her.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
Mary R. Avery,
Senior Agency Official for Privacy, Senior Advisor, Office of Global
Information Services, Bureau of Administration, Department of State.
[FR Doc. 2017-19818 Filed 9-15-17; 8:45 am]
BILLING CODE 4710-24-P
