Privacy Act of 1974; System of Records, 43637-43640 [2017-19818]

Download as PDF Federal Register / Vol. 82, No. 179 / Monday, September 18, 2017 / Notices SMALL BUSINESS ADMINISTRATION [Disaster Declaration # 15245 and #15246; NEW HAMPSHIRE Disaster Number NH– 00038] Presidential Declaration Amendment of a Major Disaster for Public Assistance Only for the State of New Hampshire U.S. Small Business Administration. ACTION: Amendment 1. AGENCY: This is an amendment of the Presidential declaration of a major disaster for Public Assistance Only for the State of New Hampshire (FEMA– 4329–DR), dated August 9, 2017. DATES: Issued on September 11, 2017. Physical Loan Application Deadline Date: 10/09/2017. Economic Injury (EIDL) Loan Application Deadline Date: 05/09/2018. ADDRESSES: Submit completed loan applications to: U.S. Small Business Administration, Processing and Disbursement Center, 14925 Kingsport Road, Fort Worth, TX 76155. FOR FURTHER INFORMATION CONTACT: A. Escobar, Office of Disaster Assistance, U.S. Small Business Administration, 409 3rd Street SW., Suite 6050, Washington, DC 20416, (202) 205–6734. SUPPLEMENTARY INFORMATION: The notice of the President’s major disaster declaration for Private Non-Profit organizations in the State of New Hampshire, dated 08/09/2017, is hereby amended to include the following areas as adversely affected by the disaster. Incident: Severe Storms and Flooding. Incident Period: 07/01/2017 through 07/02/2017. Primary Counties: Coos. All other information in the original declaration remains unchanged. SUMMARY: (Catalog of Federal Domestic Assistance Number 59008) James E. Rivera, Associate Administrator for Disaster Assistance. [FR Doc. 2017–19735 Filed 9–15–17; 8:45 am] BILLING CODE 8025–01–P SMALL BUSINESS ADMINISTRATION sradovich on DSKBBY8HB2PROD with NOTICES Small Business Size Standards: Class Waiver of the Nonmanufacturer Rule U.S. Small Business Administration. ACTION: Notice of Intent To Waive the Nonmanufacturer Rule for Positive Airway Pressure Devices and Supplies Manufacturing. AGENCY: The U.S. Small Business Administration (SBA) is considering SUMMARY: VerDate Sep<11>2014 16:54 Sep 15, 2017 Jkt 241001 granting a request for a class waiver of the Nonmanufacturer Rule (NMR) for Positive Airway Pressure Devices and Supplies Manufacturing. This U.S. industry comprises establishments primarily engaged in manufacturing Continuous Positive Airway Pressure (CPAP) devices, Bi-level Positive Airway Pressure (BiPAP) devices, and other products intended to treat sleep apnea by keeping a person’s airways open during sleep. According to the request, no small business manufacturers supply this product to the Federal government. If granted, the class waiver would allow otherwise qualified regular dealers to supply the product of any manufacturer on a Federal contract set aside for small business, service-disabled veteranowned small business (SDVOSB), women-owned small business (WOSB), economically disadvantaged womenowned small business (EDWOSB), or participants in the SBA’s 8(a) Business Development (BD) program. DATES: Comments and source information must be submitted by October 18, 2017. ADDRESSES: You may submit comments and source information via the Federal Rulemaking Portal at https:// www.regulations.gov under Docket ID SBA–2017–0006. If you wish to submit confidential business information (CBI) as defined in the User Notice at http:// www.regulations.gov, please submit the information to Roman Ivey, Program Analyst, Office of Government Contracting, U.S. Small Business Administration, 409 Third Street SW., 8th Floor, Washington, DC 20416, and highlight the information that you consider to be CBI and explain why you believe this information should be held confidential. SBA will review the information and make a final determination as to whether or not the information will be published. FOR FURTHER INFORMATION CONTACT: Roman Ivey, Program Analyst, by telephone at 202–401–1420; or by email at roman.ivey@sba.gov. SUPPLEMENTARY INFORMATION: Section 8(a)(17) and 46 of the Small Business Act (Act), 15 U.S.C. 637(a)(17) and 657, and SBA’s implementing regulations require that recipients of Federal supply contracts (except those valued between $3,500 and $150,000) set aside for small business, service-disabled veteranowned small business (SDVOSB), women-owned small business (WOSB), economically disadvantaged womenowned small business (EDWOSB), or participants in the SBA’s 8(a) Business Development (BD) program provide the product of a small business PO 00000 Frm 00124 Fmt 4703 Sfmt 4703 43637 manufacturer or processor, if the recipient is other than the actual manufacturer or processor of the product. This requirement is commonly referred to as the Nonmanufacturer Rule (NMR). 13 CFR 121.406(b). Sections 8(a)(17)(B)(iv)(II) and 46(a)(4)(B) of the Act authorize SBA to waive the NMR for a ‘‘class of products’’ for which there are no small business manufacturers or processors available to participate in the Federal market. As implemented in SBA’s regulations at 13 CFR 121.1202(c), in order to be considered available to participate in the Federal market for a class of products, a small business manufacturer must have submitted a proposal for a contract solicitation or been awarded a contract to supply the class of products within the last 24 months. The SBA defines ‘‘class of products’’ based on a combination of (1) the six digit North American Industry Classification System (NAICS) code, (2) the four digit Product Service Code (PSC), and (3) a description of the class of products. The SBA is currently processing a request to waive the NMR for Positive Airway Pressure Devices and Supplies under NAICS codes 339112 and 339113, PSC 6515. The public is invited to comment or provide source information on any small business manufacturers of this class of products that are available to participate in the Federal market. The public comment period will run for 30 days after the date of publication in the Federal Register. More information on the NMR and Class Waivers can be found at https:// www.sba.gov/contracting/contractingofficials/non-manufacturer-rule/nonmanufacturer-waivers. Dated: September 6, 2017. ´ Sean F. Crean, Director, Office of Government Contracting. [FR Doc. 2017–19457 Filed 9–15–17; 8:45 am] BILLING CODE 8025–01–P DEPARTMENT OF STATE [Public Notice: 10126] Privacy Act of 1974; System of Records Department of State. Notice of a New System of Records. AGENCY: ACTION: Ombudsperson Mechanism Records includes information about individuals who have submitted requests relating to national security access to data transmitted to the United States pursuant to the Privacy Shield SUMMARY: E:\FR\FM\18SEN1.SGM 18SEN1 43638 Federal Register / Vol. 82, No. 179 / Monday, September 18, 2017 / Notices Framework Ombudsperson Mechanism and any similar mechanism established between the United States and another country or countries. The system assists in the overall management of the request review process and the provision of responses thereto by facilitating accurate and up-to-date record keeping. DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of records notice is effective upon publication, with the exception of the routine uses that are subject to a 30-day period during which interested persons may submit comments to the Department. Please submit any comments by October 18, 2017. ADDRESSES: Questions can be submitted by mail or email. If mail, please write to: U.S Department of State; Office of Global Information Systems, Privacy Staff; A/GIS/PRV; SA–2, Suite 8100; Washington, DC 20522–0208. If email, please address the email to the Chief Privacy Officer, Margaret P. Grafeld, at Privacy@state.gov. Please write ‘‘Ombudsperson Mechanism Records, State-83’’ on the envelope or the subject line of your email. FOR FURTHER INFORMATION CONTACT: Margaret P. Grafeld, Chief Privacy Officer; U.S. Department of State; Office of Global Information Services, A/GIS/ PRV; SA–2, Suite 8100; Washington, DC 20522–0208. SUPPLEMENTARY INFORMATION: None. SYSTEM NAME AND NUMBER: Ombudsperson Mechanism Records, State-83. SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: Department of State (‘‘Department’’), located at 2201 C Street NW., Washington, DC 20520, and within a government cloud provided, implemented, and overseen by the Department’s Enterprise Server Operations Center (ESOC), 2201 C Street NW., Washington, DC 20520. PURPOSE(S) OF THE SYSTEM: The EU–U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework create a mechanism for companies on both sides of the Atlantic to comply with EU data protection requirements when transferring personal data from the European Union and Switzerland, respectively, to the United States in support of transatlantic commerce. The Frameworks each established an Ombudsperson Mechanism to address appropriate inquiries by individuals relating to U.S. Intelligence Community access to personal data transmitted from the EU or Switzerland to the United States through Privacy Shield and related commercial transfer mechanisms. The information will be used by the Ombudsperson to ensure that requests are properly investigated and addressed in a timely manner, and that the relevant U.S. laws have been complied with or, if the laws have been violated, that the situation has been remedied. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Individuals whose requests relating to national security access to data transmitted from the European Union to the United States under the Privacy Shield Framework (81 FR 51042), and the EU–U.S. Privacy Shield Ombudsperson Mechanism Regarding Signals Intelligence (‘‘Ombudsperson Mechanism’’) thereunder, are submitted by the ‘‘EU individual complaint handling body’’ to the Department. Individuals who submit requests relating to national security access to data transmitted under any similar mechanism established between the United States and another country or countries. The Privacy Act defines an individual at 5 U.S.C. 552a(a)(2) as a United States citizen or lawful permanent resident. CATEGORIES OF RECORDS IN THE SYSTEM: International Communication and Information Policy Officer for Europe, Office of Communications & Information Policy, Bureau of Economic and Business Affairs; U.S. Department of State, 2201 C St. Washington, DC 20520. System Managers can be reached at (202) 647–8784. These records may include biographic and contact information, such as name, address, email address, phone number, and information about residency or nationality, as well as other information that requesters and foreign government officials include in the requests submitted to the Department. The records also may include information about an individual’s request and the processing of that request. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: RECORD SOURCE CATEGORIES: (a) State Department Basic Authorities Act of 1956, as amended (22 U.S.C. 2708 Individuals who submit requests for review under the Privacy Shield SYSTEM MANAGER(S): sradovich on DSKBBY8HB2PROD with NOTICES et seq.); (b) Privacy Shield Framework (81 FR 51042). VerDate Sep<11>2014 16:54 Sep 15, 2017 Jkt 241001 PO 00000 Frm 00125 Fmt 4703 Sfmt 4703 Ombudsperson Mechanism or similar arrangement are the primary source of record information, although that information is provided to the Department by the EU Individual Complaint Handling Body or corresponding body under similar arrangements. Additional information necessary to process individual requests may be provided by these bodies as well as other federal agencies. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES: The information in Ombudsperson Mechanism Records may be disclosed: A. To other Federal Agencies or bodies to facilitate the consideration, processing and resolution of requests consistent with Section 2 of the Ombudsperson Mechanism (accessed via https://www.state.gov/e/ privacyshield/ombud/). B. To an EU individual complaint handling body and any other complaint handling body established under a similar arrangement with another country to coordinate the discharge of commitments made therein. For example, the Privacy Shield Ombudsperson will communicate directly with the EU individual complaint handling body regarding requests submitted pursuant to the Ombudsperson Mechanism for reasons including acknowledging receipt of the request from the EU individual complaint handling body, requesting additional information necessary to perfect the request, and providing a final response. The EU individual complaint handling body will in turn be responsible for all communications with individuals who submit requests. C. To a contractor of the Department having need for the information in the performance of the contract, but not operating a system of records within the meaning of 5 U.S.C. 552a(m). D. To appropriate agencies, entities, and persons when (1) the Department of State suspects or has confirmed that there has been a breach of the system of records; (2) the Department of State has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Department of State (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department of State efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. E:\FR\FM\18SEN1.SGM 18SEN1 sradovich on DSKBBY8HB2PROD with NOTICES Federal Register / Vol. 82, No. 179 / Monday, September 18, 2017 / Notices E. To another Federal agency or Federal entity, when the Department of State determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. F. To an agency, whether federal, state, local or foreign, where a record indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule or order issued pursuant thereto, so that the recipient agency can fulfill its responsibility to investigate or prosecute such violation or enforce or implement the statute, rule, regulation, or order. G. To the Federal Bureau of Investigation, the Department of Homeland Security, the National Counter-Terrorism Center (NCTC), the Terrorist Screening Center (TSC), or other appropriate federal agencies, for the integration and use of such information to protect against terrorism, if that record is about one or more individuals known, or suspected, to be or to have been involved in activities constituting, in preparation for, in aid of, or related to terrorism. Such information may be further disseminated by recipient agencies to Federal, State, local, territorial, tribal, and foreign government authorities, and to support private sector processes as contemplated in Homeland Security Presidential Directive/HSPD–6 and other relevant laws and directives, for terrorist screening, threat-protection and other homeland security purposes. H. To a congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual. I. To a court, adjudicative body, or administrative body before which the Department is authorized to appear when (a) the Department; (b) any employee of the Department in his or her official capacity; (c) any employee of the Department in his or her individual capacity where the U.S. Department of Justice (‘‘DOJ’’) or the Department has agreed to represent the employee; or (d) the Government of the United States, when the Department determines that litigation is likely to affect the Department, is a party to litigation or has an interest in such litigation, and the use of such records by the VerDate Sep<11>2014 16:54 Sep 15, 2017 Jkt 241001 Department is deemed to be relevant and necessary to the litigation or administrative proceeding. J. To the Department of Justice (‘‘DOJ’’) for its use in providing legal advice to the Department or in representing the Department in a proceeding before a court, adjudicative body, or other administrative body before which the Department is authorized to appear, where the Department deems DOJ’s use of such information relevant and necessary to the litigation, and such proceeding names as a party or interests: (a) The Department or any component of it; (b) Any employee of the Department in his or her official capacity; (c) Any employee of the Department in his or her individual capacity where DOJ has agreed to represent the employee; or (d) The Government of the United States, where the Department determines that litigation is likely to affect the Department or any of its components. K. To the National Archives and Records Administration and the General Services Administration: For records management inspections, surveys and studies; following transfer to a Federal records center for storage; and to determine whether such records have sufficient historical or other value to warrant accessioning into the National Archives of the United States. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Records are stored both in hard copy and on electronic media. A description of standard Department of State policies concerning storage of electronic records is found here https://fam.state.gov/ FAM/05FAM/05FAM0440.html. All hard copies of records containing personal information are maintained in secured file cabinets in restricted areas, access to which is limited to authorized personnel only. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: By individual name or other personal identifier, if available, and by a tracking number. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: The Department of State is in the process of developing a retention schedule for these records. Once the schedule is approved by the National Archives and Records Administration, the Records will be retired in accordance with published Department of State Records Disposition Schedule that shall be published here: https:// PO 00000 Frm 00126 Fmt 4703 Sfmt 4703 43639 foia.state.gov/Learn/Records Disposition.aspx. More specific information may be obtained by writing to U.S. Department of State; Director, Office of Information Programs and Services; A/GIS/IPS; SA–2, Suite 8100; Washington, DC 20522–0208. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: All users are given cyber security awareness training that covers the procedures for handling Sensitive but Unclassified information, including personally identifiable information (PII). Annual refresher training is mandatory. In addition, all Foreign Service and Civil Service employees and those Locally Employed Staff who handle PII are required to take the Foreign Service Institute distance learning course instructing employees on privacy and security requirements, including the rules of behavior for handling PII and the potential consequences if it is handled improperly. Before being granted access to Ombudsperson Mechanism Records, a user must first be granted access to the Department of State computer system. Department of State employees and contractors may remotely access this system of records using non-Department owned information technology. Such access is subject to approval by the Department’s access program, and is limited to information maintained in unclassified information systems. Remote access to the Department’s information systems is configured in compliance with OMB Circular A–130 multifactor authentication requirements and includes a time-out function. All Department of State employees and contractors with authorized access to records maintained in this system of records have undergone a thorough background security investigation. Access to the Department of State, its annexes and posts abroad is controlled by security guards and admission is limited to those individuals possessing a valid identification card or individuals under proper escort. While the majority of records in Ombudsperson Mechanism will be in an electronic format, paper mailings from the EU individual complaint handling body could be included in the system. All paper records containing personal information are maintained in secured file cabinets in restricted areas, access to which is limited to authorized personnel only. Access to computerized files is password-protected and under the direct supervision of the system manager. The system manager has the capability of printing audit trails of access from the computer media, E:\FR\FM\18SEN1.SGM 18SEN1 43640 Federal Register / Vol. 82, No. 179 / Monday, September 18, 2017 / Notices thereby permitting regular and ad hoc monitoring of computer usage. When it is determined that a user no longer needs access, the user account is disabled. The Department of State will store records maintained in this system of records in cloud systems. All cloud systems that provide IT services and process Department of State information must be authorized to operate by the Department of State Authorizing Official and Senior Agency Official for Privacy. Only information that conforms with Department-specific definitions for FISMA low or moderate categorization are permissible for cloud usage unless specifically authorized by the Department’s Cloud Computing Governance Board. The categorization of information in this system of records is designated as low. Prior to operation, all Cloud systems must comply with applicable security measures that are outlined in FISMA, FedRAMP, OMB guidance, NIST Federal Information Processing Standards (FIPS) and Special Publications, and Department of State policy and standards. sradovich on DSKBBY8HB2PROD with NOTICES Individuals who wish to gain access to or to amend records pertaining to themselves should write to U.S. Department of State; Director, Office of Information Programs and Services; A/ GIS/IPS; SA–2, Suite 8100; Washington, DC 20522–0208. The individual must specify that he or she wishes the Ombudsperson Mechanism Records to be checked. At a minimum, the individual must include: Full name (including maiden name, if appropriate) and any other names used; current mailing address and zip code; date and place of birth; notarized signature or statement under penalty of perjury; a brief description of the circumstances that caused the creation of the record (including the city and/or country and the approximate dates) which gives the individual cause to believe that the Ombudsperson Mechanism Records include records pertaining to him or her. Detailed instructions on Department of State procedures for accessing and amending records can be found at https://foia.state.gov/Request/ Guide.aspx. CONTESTING RECORD PROCEDURES: Individuals who wish to contest record procedures should write to U.S. Department of State; Director, Office of Information Programs and Services; A/ GIS/IPS; SA–2, Suite 8100; Washington, DC 20522–0208. 16:54 Sep 15, 2017 Individuals who have reason to believe that this system of records may contain information pertaining to them may write to U.S. Department of State; Director, Office of Information Programs and Services; A/GIS/IPS; SA–2, Suite 8100; Washington, DC 20522–0208. The individual must specify that he or she wishes the Ombudsperson Mechanism Records to be checked. At a minimum, the individual must include: Full name (including maiden name, if appropriate) and any other names used; current mailing address and zip code; date and place of birth; notarized signature or statement under penalty of perjury; a brief description of the circumstances that caused the creation of the record (including the city and/or country and the approximate dates) which gives the individual cause to believe that the Ombudsperson Mechanism Records include records pertaining to him or her. EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. in command authority, are being investigated, prosecuted, and appropriately sanctioned, and military officers credibly alleged to have committed such crimes are removed from positions of command authority until the completion of judicial proceedings; and (3) The Government of Colombia is continuing to dismantle illegal armed groups, taking effective steps to protect the rights of human rights defenders, journalists, trade unionists, and other social activists, and protecting the rights and territory of indigenous and AfroColombian communities. This Certification shall be published in the Federal Register and, along with the accompanying Report and Memorandum of Justification, shall be transmitted to the appropriate committees of Congress. Dated: September 11, 2017. Rex W. Tillerson, Secretary of State. [FR Doc. 2017–19837 Filed 9–15–17; 8:45 am] BILLING CODE 4710–29–P HISTORY: None. RECORD ACCESS PROCEDURES: VerDate Sep<11>2014 NOTIFICATION PROCEDURES: Jkt 241001 Mary R. Avery, Senior Agency Official for Privacy, Senior Advisor, Office of Global Information Services, Bureau of Administration, Department of State. [FR Doc. 2017–19818 Filed 9–15–17; 8:45 am] BILLING CODE 4710–24–P DEPARTMENT OF STATE Certification Related to Foreign Military Financing for Colombia Under Section 7045(b)(6) of the Department of State, Foreign Operations, and Related Programs Appropriations Act, 2017 Pursuant to the authority vested in the Secretary of State, including under section 7045(b)(6) of the Department of State, Foreign Operations, and Related Programs Appropriations Act, 2017 (Div. J, Pub. L. 115–31) I hereby certify and report that: (1) The Peace Tribunal and other judicial bodies within the special jurisdiction for peace are independent and have authority to document ‘‘truth declarations’’ from perpetrators of gross violations of human rights and to sentence such perpetrators to meaningful sanctions, including victims’ reparations, guarantee of nonrepetition, and deprivation of liberty; (2) Military personnel responsible for ordering, committing, or covering up cases of false positives, including those Frm 00127 Fmt 4703 Sfmt 4703 Senior Executive Service Performance Review Board Members Office of the United States Trade Representative. ACTION: Notice. AGENCY: The Office of the United States Trade Representative (USTR) is publishing the names of the members selected to serve on its Senior Executive Service Performance Review Board (PRB). This notice supersedes all previous PRB membership notices. FOR FURTHER INFORMATION CONTACT: Ron Nerida, Human Capital Specialist, Office of Human Capital and Services, at (202) 395–7360 or RNerida@ ustr.eop.gov. SUMMARY: [Public Notice: 10130] PO 00000 OFFICE OF THE UNITED STATES TRADE REPRESENTATIVE Provisions of the Civil Service Reform Act of 1978, as amended (5 U.S.C. 4314(c)(1)–(5)), require USTR to establish a PRB to review and evaluate the initial appraisal of a senior executive’s performance by the supervisor, and make recommendations regarding performance ratings to the United States Trade Representative or his designee. The Act (5 U.S.C. 4314(c)(4)) requires USTR to publish the PRB membership in the Federal Register. The following individuals have been selected to serve on USTR’s PRB: SUPPLEMENTARY INFORMATION: E:\FR\FM\18SEN1.SGM 18SEN1

Agencies

[Federal Register Volume 82, Number 179 (Monday, September 18, 2017)]
[Notices]
[Pages 43637-43640]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-19818]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF STATE

[Public Notice: 10126]


Privacy Act of 1974; System of Records

AGENCY: Department of State.

ACTION: Notice of a New System of Records.

-----------------------------------------------------------------------

SUMMARY: Ombudsperson Mechanism Records includes information about 
individuals who have submitted requests relating to national security 
access to data transmitted to the United States pursuant to the Privacy 
Shield

[[Page 43638]]

Framework Ombudsperson Mechanism and any similar mechanism established 
between the United States and another country or countries. The system 
assists in the overall management of the request review process and the 
provision of responses thereto by facilitating accurate and up-to-date 
record keeping.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of 
records notice is effective upon publication, with the exception of the 
routine uses that are subject to a 30-day period during which 
interested persons may submit comments to the Department. Please submit 
any comments by October 18, 2017.

ADDRESSES: Questions can be submitted by mail or email. If mail, please 
write to: U.S Department of State; Office of Global Information 
Systems, Privacy Staff; A/GIS/PRV; SA-2, Suite 8100; Washington, DC 
20522-0208. If email, please address the email to the Chief Privacy 
Officer, Margaret P. Grafeld, at Privacy@state.gov. Please write 
``Ombudsperson Mechanism Records, State-83'' on the envelope or the 
subject line of your email.

FOR FURTHER INFORMATION CONTACT: Margaret P. Grafeld, Chief Privacy 
Officer; U.S. Department of State; Office of Global Information 
Services, A/GIS/PRV; SA-2, Suite 8100; Washington, DC 20522-0208.

SUPPLEMENTARY INFORMATION: None.
SYSTEM NAME AND NUMBER:
    Ombudsperson Mechanism Records, State-83.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Department of State (``Department''), located at 2201 C Street NW., 
Washington, DC 20520, and within a government cloud provided, 
implemented, and overseen by the Department's Enterprise Server 
Operations Center (ESOC), 2201 C Street NW., Washington, DC 20520.

SYSTEM MANAGER(S):
    International Communication and Information Policy Officer for 
Europe, Office of Communications & Information Policy, Bureau of 
Economic and Business Affairs; U.S. Department of State, 2201 C St. 
Washington, DC 20520. System Managers can be reached at (202) 647-8784.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    (a) State Department Basic Authorities Act of 1956, as amended (22 
U.S.C. 2708 et seq.); (b) Privacy Shield Framework (81 FR 51042).

PURPOSE(S) OF THE SYSTEM:
    The EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy 
Shield Framework create a mechanism for companies on both sides of the 
Atlantic to comply with EU data protection requirements when 
transferring personal data from the European Union and Switzerland, 
respectively, to the United States in support of transatlantic 
commerce. The Frameworks each established an Ombudsperson Mechanism to 
address appropriate inquiries by individuals relating to U.S. 
Intelligence Community access to personal data transmitted from the EU 
or Switzerland to the United States through Privacy Shield and related 
commercial transfer mechanisms. The information will be used by the 
Ombudsperson to ensure that requests are properly investigated and 
addressed in a timely manner, and that the relevant U.S. laws have been 
complied with or, if the laws have been violated, that the situation 
has been remedied.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals whose requests relating to national security access to 
data transmitted from the European Union to the United States under the 
Privacy Shield Framework (81 FR 51042), and the EU-U.S. Privacy Shield 
Ombudsperson Mechanism Regarding Signals Intelligence (``Ombudsperson 
Mechanism'') thereunder, are submitted by the ``EU individual complaint 
handling body'' to the Department. Individuals who submit requests 
relating to national security access to data transmitted under any 
similar mechanism established between the United States and another 
country or countries. The Privacy Act defines an individual at 5 U.S.C. 
552a(a)(2) as a United States citizen or lawful permanent resident.

CATEGORIES OF RECORDS IN THE SYSTEM:
    These records may include biographic and contact information, such 
as name, address, email address, phone number, and information about 
residency or nationality, as well as other information that requesters 
and foreign government officials include in the requests submitted to 
the Department. The records also may include information about an 
individual's request and the processing of that request.

RECORD SOURCE CATEGORIES:
    Individuals who submit requests for review under the Privacy Shield 
Ombudsperson Mechanism or similar arrangement are the primary source of 
record information, although that information is provided to the 
Department by the EU Individual Complaint Handling Body or 
corresponding body under similar arrangements. Additional information 
necessary to process individual requests may be provided by these 
bodies as well as other federal agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    The information in Ombudsperson Mechanism Records may be disclosed:
    A. To other Federal Agencies or bodies to facilitate the 
consideration, processing and resolution of requests consistent with 
Section 2 of the Ombudsperson Mechanism (accessed via https://www.state.gov/e/privacyshield/ombud/).
    B. To an EU individual complaint handling body and any other 
complaint handling body established under a similar arrangement with 
another country to coordinate the discharge of commitments made 
therein. For example, the Privacy Shield Ombudsperson will communicate 
directly with the EU individual complaint handling body regarding 
requests submitted pursuant to the Ombudsperson Mechanism for reasons 
including acknowledging receipt of the request from the EU individual 
complaint handling body, requesting additional information necessary to 
perfect the request, and providing a final response. The EU individual 
complaint handling body will in turn be responsible for all 
communications with individuals who submit requests.
    C. To a contractor of the Department having need for the 
information in the performance of the contract, but not operating a 
system of records within the meaning of 5 U.S.C. 552a(m).
    D. To appropriate agencies, entities, and persons when (1) the 
Department of State suspects or has confirmed that there has been a 
breach of the system of records; (2) the Department of State has 
determined that as a result of the suspected or confirmed breach there 
is a risk of harm to individuals, the Department of State (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with the Department of State efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.

[[Page 43639]]

    E. To another Federal agency or Federal entity, when the Department 
of State determines that information from this system of records is 
reasonably necessary to assist the recipient agency or entity in (1) 
responding to a suspected or confirmed breach or (2) preventing, 
minimizing, or remedying the risk of harm to individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or national security, resulting 
from a suspected or confirmed breach.
    F. To an agency, whether federal, state, local or foreign, where a 
record indicates a violation or potential violation of law, whether 
civil, criminal or regulatory in nature, and whether arising by general 
statute or particular program statute, or by regulation, rule or order 
issued pursuant thereto, so that the recipient agency can fulfill its 
responsibility to investigate or prosecute such violation or enforce or 
implement the statute, rule, regulation, or order.
    G. To the Federal Bureau of Investigation, the Department of 
Homeland Security, the National Counter-Terrorism Center (NCTC), the 
Terrorist Screening Center (TSC), or other appropriate federal 
agencies, for the integration and use of such information to protect 
against terrorism, if that record is about one or more individuals 
known, or suspected, to be or to have been involved in activities 
constituting, in preparation for, in aid of, or related to terrorism. 
Such information may be further disseminated by recipient agencies to 
Federal, State, local, territorial, tribal, and foreign government 
authorities, and to support private sector processes as contemplated in 
Homeland Security Presidential Directive/HSPD-6 and other relevant laws 
and directives, for terrorist screening, threat-protection and other 
homeland security purposes.
    H. To a congressional office from the record of an individual in 
response to an inquiry from the Congressional office made at the 
request of that individual.
    I. To a court, adjudicative body, or administrative body before 
which the Department is authorized to appear when (a) the Department; 
(b) any employee of the Department in his or her official capacity; (c) 
any employee of the Department in his or her individual capacity where 
the U.S. Department of Justice (``DOJ'') or the Department has agreed 
to represent the employee; or (d) the Government of the United States, 
when the Department determines that litigation is likely to affect the 
Department, is a party to litigation or has an interest in such 
litigation, and the use of such records by the Department is deemed to 
be relevant and necessary to the litigation or administrative 
proceeding.
    J. To the Department of Justice (``DOJ'') for its use in providing 
legal advice to the Department or in representing the Department in a 
proceeding before a court, adjudicative body, or other administrative 
body before which the Department is authorized to appear, where the 
Department deems DOJ's use of such information relevant and necessary 
to the litigation, and such proceeding names as a party or interests:
    (a) The Department or any component of it;
    (b) Any employee of the Department in his or her official capacity;
    (c) Any employee of the Department in his or her individual 
capacity where DOJ has agreed to represent the employee; or
    (d) The Government of the United States, where the Department 
determines that litigation is likely to affect the Department or any of 
its components.
    K. To the National Archives and Records Administration and the 
General Services Administration: For records management inspections, 
surveys and studies; following transfer to a Federal records center for 
storage; and to determine whether such records have sufficient 
historical or other value to warrant accessioning into the National 
Archives of the United States.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored both in hard copy and on electronic media. A 
description of standard Department of State policies concerning storage 
of electronic records is found here https://fam.state.gov/FAM/05FAM/05FAM0440.html. All hard copies of records containing personal 
information are maintained in secured file cabinets in restricted 
areas, access to which is limited to authorized personnel only.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    By individual name or other personal identifier, if available, and 
by a tracking number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The Department of State is in the process of developing a retention 
schedule for these records. Once the schedule is approved by the 
National Archives and Records Administration, the Records will be 
retired in accordance with published Department of State Records 
Disposition Schedule that shall be published here: https://foia.state.gov/Learn/RecordsDisposition.aspx. More specific information 
may be obtained by writing to U.S. Department of State; Director, 
Office of Information Programs and Services; A/GIS/IPS; SA-2, Suite 
8100; Washington, DC 20522-0208.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    All users are given cyber security awareness training that covers 
the procedures for handling Sensitive but Unclassified information, 
including personally identifiable information (PII). Annual refresher 
training is mandatory. In addition, all Foreign Service and Civil 
Service employees and those Locally Employed Staff who handle PII are 
required to take the Foreign Service Institute distance learning course 
instructing employees on privacy and security requirements, including 
the rules of behavior for handling PII and the potential consequences 
if it is handled improperly. Before being granted access to 
Ombudsperson Mechanism Records, a user must first be granted access to 
the Department of State computer system.
    Department of State employees and contractors may remotely access 
this system of records using non-Department owned information 
technology. Such access is subject to approval by the Department's 
access program, and is limited to information maintained in 
unclassified information systems. Remote access to the Department's 
information systems is configured in compliance with OMB Circular A-130 
multifactor authentication requirements and includes a time-out 
function.
    All Department of State employees and contractors with authorized 
access to records maintained in this system of records have undergone a 
thorough background security investigation. Access to the Department of 
State, its annexes and posts abroad is controlled by security guards 
and admission is limited to those individuals possessing a valid 
identification card or individuals under proper escort. While the 
majority of records in Ombudsperson Mechanism will be in an electronic 
format, paper mailings from the EU individual complaint handling body 
could be included in the system. All paper records containing personal 
information are maintained in secured file cabinets in restricted 
areas, access to which is limited to authorized personnel only. Access 
to computerized files is password-protected and under the direct 
supervision of the system manager. The system manager has the 
capability of printing audit trails of access from the computer media,

[[Page 43640]]

thereby permitting regular and ad hoc monitoring of computer usage.
    When it is determined that a user no longer needs access, the user 
account is disabled. The Department of State will store records 
maintained in this system of records in cloud systems. All cloud 
systems that provide IT services and process Department of State 
information must be authorized to operate by the Department of State 
Authorizing Official and Senior Agency Official for Privacy. Only 
information that conforms with Department-specific definitions for 
FISMA low or moderate categorization are permissible for cloud usage 
unless specifically authorized by the Department's Cloud Computing 
Governance Board. The categorization of information in this system of 
records is designated as low. Prior to operation, all Cloud systems 
must comply with applicable security measures that are outlined in 
FISMA, FedRAMP, OMB guidance, NIST Federal Information Processing 
Standards (FIPS) and Special Publications, and Department of State 
policy and standards.

RECORD ACCESS PROCEDURES:
    Individuals who wish to gain access to or to amend records 
pertaining to themselves should write to U.S. Department of State; 
Director, Office of Information Programs and Services; A/GIS/IPS; SA-2, 
Suite 8100; Washington, DC 20522-0208. The individual must specify that 
he or she wishes the Ombudsperson Mechanism Records to be checked. At a 
minimum, the individual must include: Full name (including maiden name, 
if appropriate) and any other names used; current mailing address and 
zip code; date and place of birth; notarized signature or statement 
under penalty of perjury; a brief description of the circumstances that 
caused the creation of the record (including the city and/or country 
and the approximate dates) which gives the individual cause to believe 
that the Ombudsperson Mechanism Records include records pertaining to 
him or her. Detailed instructions on Department of State procedures for 
accessing and amending records can be found at https://foia.state.gov/Request/Guide.aspx.

CONTESTING RECORD PROCEDURES:
    Individuals who wish to contest record procedures should write to 
U.S. Department of State; Director, Office of Information Programs and 
Services; A/GIS/IPS; SA-2, Suite 8100; Washington, DC 20522-0208.

NOTIFICATION PROCEDURES:
    Individuals who have reason to believe that this system of records 
may contain information pertaining to them may write to U.S. Department 
of State; Director, Office of Information Programs and Services; A/GIS/
IPS; SA-2, Suite 8100; Washington, DC 20522-0208. The individual must 
specify that he or she wishes the Ombudsperson Mechanism Records to be 
checked. At a minimum, the individual must include: Full name 
(including maiden name, if appropriate) and any other names used; 
current mailing address and zip code; date and place of birth; 
notarized signature or statement under penalty of perjury; a brief 
description of the circumstances that caused the creation of the record 
(including the city and/or country and the approximate dates) which 
gives the individual cause to believe that the Ombudsperson Mechanism 
Records include records pertaining to him or her.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Mary R. Avery,
Senior Agency Official for Privacy, Senior Advisor, Office of Global 
Information Services, Bureau of Administration, Department of State.
[FR Doc. 2017-19818 Filed 9-15-17; 8:45 am]
 BILLING CODE 4710-24-P