Privacy Act of 1974; New System of Records, 11489-11492 [2018-05280]
Download as PDF
<![CDATA[
Federal Register / Vol. 83, No. 51 / Thursday, March 15, 2018 / Notices
used to record the name and contact
information of the volunteer group, and
the names and signatures of volunteers
participating in a project. If the
information is not collected,
participating natural resource agencies
will be unable to recruit and/or screen
volunteer applicants or administer/run
volunteer programs that are crucial to
assisting these agencies in fulfilling
their missions.
Description of Respondents:
Individuals or households.
Number of Respondents: 516,134.
Frequency of Responses: Reporting:
On occasion; Other: One time.
Total Burden Hours: 77,941.
Ruth Brown,
Departmental Information Collection
Clearance Officer.
[FR Doc. 2018–05250 Filed 3–14–18; 8:45 am]
BILLING CODE 3411–15–P
DEPARTMENT OF AGRICULTURE
[Docket No. FSIS–2015–0015]
Privacy Act of 1974; New System of
Records
Food Safety and Inspection
Service, U.S. Department of Agriculture.
ACTION: Notice of a new system of
records.
AGENCY:
In accordance with the
Privacy Act of 1974, as amended, the
Department of Agriculture (USDA)
proposes a new Food Safety and
Inspection Service (FSIS) system of
records entitled: USDA/FSIS–0004,
Public Health Information System
(PHIS). PHIS is a Web-based system that
collects information generated from
FSIS inspection, compliance
verification, notification and monitoring
activities regarding the slaughter,
processing, import and export of meat,
and poultry and egg products. Within
PHIS, FSIS maintains contact and other
identifying information about
employees and contractors of USDA,
government officials, representatives of
regulated establishments, and third
parties.
SUMMARY:
Applicable date: April 16, 2018.
Written comments must be received on
or before the above date. The proposed
system will be adopted on the above
date, without further notice, unless it is
modified in response to comments, in
which case the notice will be republished.
sradovich on DSK3GMQ082PROD with NOTICES
DATES:
Send written comments to:
Docket Clerk, FSIS, Patriots Plaza 3, 355
E Street SW, Mailstop 3782, Room 8–
163B, Washington, DC 20250–3700 or
ADDRESSES:
VerDate Sep<11>2014
17:34 Mar 14, 2018
Jkt 244001
fax to (202) 245–4793. Comments may
also be posted on: https://
www.regulations.gov/. All comments
must include the Agency’s name and
docket number, FSIS–2015–0015, and
will be publicly posted, including any
personal information submitted, on
https://www.regulations.gov. Docket: To
obtain a copy of, or to view, the docket,
visit FSIS Docket Room, Patriots Plaza
3, 355 E Street SW, Room 164–A,
Washington, DC 20250–3700, 8:00 a.m.
to 4:30 p.m., Monday to Friday.
FOR FURTHER INFORMATION CONTACT:
Roberta Wagner, Assistant
Administrator, Office of Policy and
Program Development (OPPD), FSIS,
Room 350–E, Jamie Whitten Building,
1400 Independence Ave. SW,
Washington, DC 20250, or Neal
Westgerdes, PHIS System Owner/
Manager, OPPD, FSIS, Room 2925–
South, 1400 Independence Ave. SW
Washington, DC 20250, (202) 205–4233.
For Privacy Questions: Marj Leaming,
USDA Privacy Officer, Policy, EGovernment and Fair Information
Practices, Office of the Chief
Information Officer, USDA, 1400
Independence Ave. SW, Room 450–W,
Washington, DC 20250; telephone 202–
205–0926.
SUPPLEMENTARY INFORMATION: The
Privacy Act requires agencies to publish
in the Federal Register (FR) a notice of
any new or revised system of records. A
‘‘system of records’’ is a group of any
records under the control of an agency
from which information is retrievable by
the name of the individual or by some
unique identifier assigned to the
individual. USDA is proposing to
establish a new system of records,
entitled USDA/FSIS–04, Public Health
Information System (PHIS). The primary
purpose of PHIS is to collect
information gathered by USDA
Personnel from their inspection,
compliance verification and notification
activities at regulated establishments,
and to assess data entered by Business
Personnel. PHIS enhances USDA’s
ability to predict hazards and
vulnerabilities in the food supply and
thus prevent or mitigate food safetyrelated threats to the public health in a
timely manner. Additionally, in regard
to imports and exports, PHIS provides
USDA and other domestic and foreign
regulatory authorities with information
to monitor the movement of meat,
poultry and egg products in advance of
a shipment’s arrival.
USDA grants PHIS access to and
collect information from the following
user groups: (1) Employees and
contractors of USDA (‘‘USDA
Personnel’’); (2) government officials
PO 00000
Frm 00002
Fmt 4703
Sfmt 4703
11489
(domestic and foreign) (‘‘Other
Government Officials’’); and (3)
representatives of the regulated
establishments and businesses, such as
importers and exporters of food
products, who require access to PHIS
(‘‘Business Personnel’’). PHIS collects
from all three user groups basic
identifying contact information. The
system also collects identifying
information about individuals who are
not PHIS users, but whose names may
appear in records entered by a user, for
contact purposes.
PHIS obtains and stores the
identifying information for USDA
Personnel, including: the user’s and
supervisor’s full names, titles, duty
stations, business contact information,
assigned PHIS role(s), and USDA
eAuthentication numbers. This
information is used for contacting
personnel, shipping documents and
supplies, inspection assignment
scheduling and for security and access
control purposes. In addition to this
basic identifying contact information,
the system receives employee profile
information for USDA Personnel from
the National Finance Center, including,
but not limited to: Social security
numbers (stored in masked formats);
hire dates; organizational level; pay
plan; and locality and pay code. This
employee profile data are used to verify
USDA Personnel employment status.
For Other Government Officials and
Business Personnel, the system collects
information including the name and
title of the user, business contact
information, and PHIS roles and USDA
eAuthentication information. From
Business Personnel, it collects the user’s
entity name and associated business or
tax identification numbers, as
applicable. Only basic contact
information is collected about
individuals who are not PHIS users, but
whose names appear in records entered
by a user.
USDA Personnel enter records in
connection with their inspection,
compliance verification, and
notification activities at regulated
establishments. The records entered by
Other Government Officials include
documents concerning the equivalence
of foreign inspection systems,
documents concerning State program
inspection verification and activities,
responses to USDA decisions, and
requests for information from USDA.
Business Personnel enter records in
connection with, or in response to,
USDA Personnel’s activities and
decisions, and requests for services from
USDA. Examples include records
supporting compliance with FSIS
regulations, such as applications for
E:\FR\FM\15MRN1.SGM
15MRN1
11490
Federal Register / Vol. 83, No. 51 / Thursday, March 15, 2018 / Notices
export certificates and Meat and Poultry
Export Certificate of Wholesomeness, as
well as appeals of USDA compliance
decisions regarding regulated
establishments and products.
A Privacy Impact Assessment is
posted on https://www.usda.gov/wps/
portal/usda/
usdahome?navid=PRIVACY_POLICY_
ES.
No Privacy Act exemption is claimed.
In accordance with the Privacy Act, as
implemented by the Office of
Management and Budget (OMB)
Circular A–108, USDA has provided a
report of this proposed new system of
records to the Chair of the Committee on
Homeland Security and Governmental
Affairs, United States Senate; the Chair
of the Committee on Oversight and
Government Reform, House of
Representatives; and the Administrator
of the Office of Information and
Regulatory Affairs, OMB.
Done in Washington, DC, March 12, 2018.
Paul Kiecker,
Acting Administrator.
SYSTEM NAME AND NUMBER
Public Health Information System
(PHIS), USDA/FSIS–04.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
USDA National Information
Technology Center (NITC), 8930 Ward
Parkway, Kansas City, MO, 64114, and
NITC, 4300 Goodfellow Blvd., St. Louis,
MO 63120.
SYSTEM MANAGER:
PHIS System Owner, Office of Policy
and Program Development Food Safety
and Inspection Service, USDA, Room
2925–South, 1400 Independence Ave.
SW, Washington, DC 20250. (202) 205–
4233.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Poultry Products Inspection Act (21
U.S.C. 451 et seq.); Federal Meat
Inspection Act (21 U.S.C. 601 et seq.);
Egg Products Inspection Act (21 U.S.C.
1031 et seq.); Humane Methods of
Livestock Slaughter Act of 1978 (7
U.S.C. 1901–1906); Authority to Operate
(ATO), dated 03/23/2017.
sradovich on DSK3GMQ082PROD with NOTICES
PURPOSE OF THE SYSTEM:
The primary role of this Web-based
electronic system is to assist FSIS in
accomplishing its food safety mission of
conducting inspections and compliance
verification activities at regulated
establishments to confirm that meat,
poultry and egg products are safe,
wholesome, not adulterated, and
VerDate Sep<11>2014
17:34 Mar 14, 2018
Jkt 244001
correctly labeled, packaged and
distributed. Supplementary purposes
include the verification of product
eligibility for moving in and out of the
United States.
PHIS maintains FSIS inspection,
compliance verification and sampling
program results and business profile
information. PHIS also maintains data
about State and foreign food safety
programs. PHIS maintains information
about individuals: to allow users access
to the system; to schedule and assess
inspection and compliance verification
activities; to track requests for USDA
services; and to allow responses to
appeal of USDA Personnel’s decisions.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
All individuals granted access to the
PHIS are covered: (1) Employees and
contractors of USDA (‘‘USDA
Personnel’’); (2) government officials
(domestic and foreign) (‘‘Other
Government Officials’’); and (3)
representatives of the regulated
establishments and businesses, such as
importers and exporters of food
products, who require access to PHIS
(‘‘Business Personnel’’). All individuals,
even if they are not users of the PHIS,
who are mentioned or referenced in any
documents entered into PHIS by a user
are also covered. This group may
include, but is not limited to: Plant
workers, vendors, agents, and
interviewees.
CATEGORIES OF RECORDS IN THE SYSTEM:
PHIS obtains and stores identifying
information for the three categories of
individuals as follows:
For USDA Personnel, PHIS stores the
user’s and supervisor’s full names,
titles, duty stations, business contact
information, assigned PHIS role(s) and
eAuthentication numbers. This
information is used for contacting
personnel, shipping documents and
supplies, inspection assignment
scheduling and for security and access
control purposes. In addition to this
basic identifying contact information,
the system receives employee profile
information for USDA Personnel from
the National Finance Center, including,
but not limited to: Social security
numbers (stored in masked formats);
hire dates; organizational level; pay
plan; and locality and pay code. This
employee profile data is used to verify
USDA Personnel employment status.
For Other Government Officials and
Business Personnel, the system collects
information including the name and
title of the user, business contact
information, PHIS roles and eAuthentication information. From
PO 00000
Frm 00003
Fmt 4703
Sfmt 4703
Business Personnel, it also collects the
user’s entity name and associated
business or tax identification numbers,
as applicable. Only basic contact
information is collected about
individuals who are not PHIS users, but
whose names appear in records entered
by a user.
RECORDS SOURCE CATEGORIES:
Basic identifying contact information
of all user groups (USDA Personnel,
Other Government Officials and
Business Personnel) is obtained directly
from the user. In addition, employment
verification information about USDA
Personnel is obtained from the NFC
through a secure data feed.
Records entered by USDA Personnel
or Other Government Officials in
connection with their official duties are
obtained directly from them.
Business Personnel records, including
appeals, requests for services and
requests for grants of inspection or
updates to their entities’ business
profiles, are entered into PHIS directly
by Business Personnel or are given in
paper form to USDA Personnel for input
into PHIS on behalf of the Business
Personnel. Business records can also be
obtained from a foreign country’s
Central Competent Authority (‘‘CCA’’).
USDA Personnel can also obtain some
types of information about the other
groups of users from USDA’s electronic
interface with other Federal agencies
involved in tracking cross-border
movement of the regulated
establishments’ products, including but
not limited to the U.S. Customs and
Border Protection Automated
Commercial Environment (ACE).
Business records from foreign countries
are obtained from the respective foreign
officials and typically, the CCA assigned
the responsibility for maintaining a
country’s food safety systems reports in
PHIS. Information about third parties
referenced in the records entered by a
user is obtained directly from the user
entering or modifying the record.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES:
In addition to those disclosures
generally permitted under 5 U.S.C.
552a(b) of the Privacy Act of 1974, all
or a portion of the records or
information contained in this system
may be disclosed outside of USDA as a
routine use under 5 U.S.C. 552a(b)(3), as
follows:
1. To the U.S. Department of Justice
(DOJ) or other Federal agency
conducting litigation or in proceedings
before any court, adjudicative or
administrative body, when it is
E:\FR\FM\15MRN1.SGM
15MRN1
sradovich on DSK3GMQ082PROD with NOTICES
Federal Register / Vol. 83, No. 51 / Thursday, March 15, 2018 / Notices
necessary for the litigation and one of
the following is a party to the litigation
or has an interest in the litigation:
a. USDA or any component thereof;
b. Any employee of USDA in his/her
official capacity;
c. Any employee of USDA in his/her
individual capacity where DOJ or USDA
has agreed to represent the employee; or
d. The United States or any agency
thereof and if the USDA determines that
the records are both relevant and
necessary to the litigation and the use of
such records is compatible with the
purpose for which USDA collected the
records.
2. To a Congressional office from the
record of an individual in response to
an inquiry from that Congressional
office made at the written request of the
individual to whom the record pertains.
3. To the National Archives and
Records Administration (NARA) or
other Federal government agencies
pursuant to records management
inspections being conducted under the
authority of 44 U.S.C. 2904 and 2906.
4. To an agency, organization, or
individual for the purpose of performing
audit or oversight operations as
authorized by law, but only such
information as is necessary and relevant
to such audit or oversight function. This
would include, but not be limited to, the
Comptroller General or any of his
authorized representatives in the course
of the performance of the duties of the
Government Accountability Office, or
USDA’s Office of the Inspector General
or any authorized representatives of that
office.
5. To appropriate agencies, entities,
and persons when:
a. USDA suspects or has confirmed
that there has been a breach of the
system of records;
b. USDA has determined that as a
result of the suspected or confirmed
breach, there is a risk of harm to
individuals, USDA (including its
information systems, programs, and
operations), the Federal Government, or
national security; and
c. the disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with USDA’s efforts to
respond to the suspected or confirmed
breach or to prevent, minimize, or
remedy such harm; and
6. To contractors and their agents,
grantees, experts, consultants, and
others performing or working on a
contract, service, grant, cooperative
agreement, or other assignment for
USDA, when necessary to accomplish
an agency function related to this
system of records. Individuals who
provided information under this routine
VerDate Sep<11>2014
17:34 Mar 14, 2018
Jkt 244001
use are subject to the same Privacy Act
requirements and limitations on
disclosure as are applicable to USDA
officers and employees.
7. To an appropriate Federal, State,
tribal, local, international, or foreign law
enforcement agency or other appropriate
authority charged with investigating or
prosecuting a violation or enforcing or
implementing a law, rule, regulation, or
order, where a record, either on its face
or in conjunction with other
information, indicates a violation or
potential violation of law, which
includes criminal, civil, or regulatory
violations, and such disclosure is proper
and consistent with the official duties of
the person making the disclosure.
8. To an appropriate Federal, State,
tribal, local, international, or foreign law
enforcement agency or appropriate
authority responsible for protecting
public health, preventing or monitoring
disease or illness outbreaks, or ensuring
the safety of the food supply. This
includes the Department of Health and
Human Services and its agencies,
including the Centers for Disease
Control and Prevention and the Food
and Drug Administration, other Federal
agencies, and State, tribal, and local
health departments.
9. To another federal agency or federal
entity when USDA determines that
information from this system of records
is reasonably necessary to assist the
recipient agency or entity in (1)
responding to a suspected or confirmed
breach or (2) preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including its information
systems, programs and operations), the
federal government or national security,
resulting from a suspected or confirmed
breach.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
The system includes a database,
electronic documents and paper
records. The storage for the database
records is a dedicated virtual server
located in the USDA NITC facility in
Kansas City, MO. Duplicate records are
maintained at the USDA NITC facility in
St. Louis, MO. The primary storage for
the electronic documents is a records
management system managed and
hosted by USDA at their Enterprise Data
Centers. Paper records are maintained in
the USDA offices where they were
created. Records backup storage is
maintained by NITC Personnel in a
virtual tape library at the USDA NITC
facility in Kansas City, MO. Copies of
the backup records are maintained at
the USDA NITC facility in St. Louis,
MO. Each USDA laboratory stores data
PO 00000
Frm 00004
Fmt 4703
Sfmt 4703
11491
in the local internal storage on each
server. Paper records from
establishments that do not wish to use
the Web-based PHIS, and
communication records, such as PHISrelated emails, are stored in a dedicated,
secured location at FSIS field offices to
which USDA Personnel are assigned.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Retrieval is by user profile object
information, which is created during the
user authorization process and includes
the following data elements: User
identification, role, permission,
organization identification, and
assigned place of work. Information can
also be retrieved by a unique
eAuthentication identification number
assigned to all users.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
A master file backup is created at the
end of the calendar year and maintained
in St. Louis, MO. The St. Louis offsite
storage site is located approximately 250
miles from the primary data facility and
is not susceptible to the same hazards.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Records in this system are
safeguarded by restricting accessibility,
in accordance with USDA security and
access policies. The safeguarding
includes: Firewall(s), network
protection, and an encrypted password.
All users are assigned a level of rolebased access, which is strictly
controlled and granted through USDAapproved, secure application (Level 2
eAuthentication) after the user
successfully completes Government
National Agency Check with Inquiries
(NACI). Controls are in place to
preclude anonymous usage and
browsing.
RECORDS ACCESS PROCEDURES:
Any individual may request a copy of
records in PHIS by submitting a written
request, with reasonable specificity, to
FSIS Freedom of Information Act
(FOIA) Office at: 1400 Independence
Ave. SW, Room 2168-South, Mail Stop
No. 3713, Washington, DC 20250. Under
the Privacy Act (PA), 5 U.S.C. 552a, an
individual United States citizen or legal
permanent resident may seek access to
records that are retrieved by his/her
own name or other personal identifier,
such as social security number or
employee identification number. Such
records will be made available unless
they fall within the exemptions of the
PA and the FOIA. Your Privacy Act
request for records must be in writing
and addressed to the FOIA office. For
E:\FR\FM\15MRN1.SGM
15MRN1
11492
Federal Register / Vol. 83, No. 51 / Thursday, March 15, 2018 / Notices
more information about how to make a
FOIA or a Privacy Act request to obtain
records, please see: https://
www.fsis.usda.gov/wps/portal/footer/
policies-and-links/freedom-ofinformation-act/foia-requests
An individual United States citizen or
legal permanent resident may also seek
to correct or to amend his or her own
records in PHIS that are retrieved by
name or other personal identifier, such
as one’s social security number (SSN) or
employee number. Such Privacy Act
requests for correction or amendment
will be processed in accordance with
applicable legal requirements and
exemptions under the governing
regulations and statutes such as the
FOIA, 5 U.S.C. 552, the PA, 5 U.S.C.
552a, and 7 CFR part 1, subpart G.
CONTESTING RECORDS PROCEDURES:
See ‘‘Records Access Procedures’’
above.
NOTIFICATION PROCEDURES:
See ‘‘Records Access Procedures’’
above.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
[FR Doc. 2018–05280 Filed 3–14–18; 8:45 am]
BILLING CODE 3410–DM–P
Animal and Plant Health Inspection
Service
[Docket No. APHIS–2018–0009]
Notice of Request for Revision to and
Extension of Approval of an
Information Collection; Control of
Chronic Wasting Disease
Revision to and extension of
approval of an information collection;
comment request.
ACTION:
In accordance with the
Paperwork Reduction Act of 1995, this
notice announces the Animal and Plant
Health Inspection Service’s intention to
request a revision to and extension of
approval of an information collection
associated with the regulations for the
control of chronic wasting disease in
farmed or captive cervid herds.
DATES: We will consider all comments
that we receive on or before May 14,
2018.
sradovich on DSK3GMQ082PROD with NOTICES
SUMMARY:
You may submit comments
by either of the following methods:
• Federal eRulemaking Portal: Go to
https://www.regulations.gov/
#!docketDetail;D=APHIS-2018-0009.
• Postal Mail/Commercial Delivery:
Send your comment to Docket No.
ADDRESSES:
17:34 Mar 14, 2018
For
information on the regulations related to
the control of chronic wasting disease in
farmed or captive cervid herds, contact
Dr. Randy Pritchard, Surveillance,
Preparedness, and Response Services,
VS, APHIS, 2150 Centre Avenue, Fort
Collins, CO 80526; (970) 494–7241. For
copies of more detailed information on
the information collection, contact Ms.
Kimberly Hardy, APHIS’ Information
Collection Coordinator, at (301) 851–
2483.
FOR FURTHER INFORMATION CONTACT:
SUPPLEMENTARY INFORMATION:
DEPARTMENT OF AGRICULTURE
VerDate Sep<11>2014
APHIS–2018–0009, Regulatory Analysis
and Development, PPD, APHIS, Station
3A–03.8, 4700 River Road Unit 118,
Riverdale, MD 20737–1238.
Supporting documents and any
comments we receive on this docket
may be viewed at https://
www.regulations.gov/#!docketDetail;D=
APHIS-2018-0009 or in our reading
room, which is located in room 1141 of
the USDA South Building, 14th Street
and Independence Avenue SW,
Washington, DC. Normal reading room
hours are 8 a.m. to 4:30 p.m., Monday
through Friday, except holidays. To be
sure someone is there to help you,
please call (202) 799–7039 before
coming.
Jkt 244001
Title: Control of Chronic Wasting
Disease.
OMB Control Number: 0579–0189.
Type of Request: Revision to and
extension of approval of an information
collection.
Abstract: Under the Animal Health
Protection Act (7 U.S.C. 8301 et seq.),
the Animal and Plant Health Inspection
Service (APHIS) of the U.S. Department
of Agriculture is authorized, among
other things, to protect the health of the
United States’ livestock and poultry
populations by preventing the
introduction and interstate spread of
serious diseases and pests of livestock
and for eradicating such diseases from
the United States when feasible.
Chronic wasting disease (CWD) is a
transmissible spongiform
encephalopathy of cervids (elk, deer,
and moose) typified by chronic weight
loss leading to death. The presence of
CWD in cervids causes significant
economic and market losses to U.S.
producers. In an effort to control and
limit the spread of this disease in the
United States, APHIS created a
cooperative, voluntary Federal-Stateprivate sector CWD Herd Certification
Program designed to identify farmed or
captive herds infected with CWD and
provide for the management of these
herds in a way that reduces the risk of
spreading CWD. APHIS’ Veterinary
PO 00000
Frm 00005
Fmt 4703
Sfmt 4703
Services (VS) manages the CWD Herd
Certification Program.
Owners of farmed or captive elk, deer,
and moose herds who choose to
participate in the CWD Herd
Certification Program would need to
follow program requirements for animal
identification, testing, herd
management, and movement of animals
into and from herds. The regulations for
this program are located in 9 CFR part
55. Part 55 also contains the regulations
that authorize the payment of indemnity
for the voluntary depopulation of CWDpositive, CWD-exposed, or CWD-suspect
captive cervids. APHIS also established
requirements in 9 CFR part 81 for the
interstate movement of elk, deer, and
moose to prevent movement that could
pose a risk of spreading CWD.
The CWD Herd Certification Program
and the indemnity program entail the
use of information collection activities
such as VS appraisal and indemnity
claim form; sample collections and
laboratory submissions, testing, and
reporting; VS State application for CWD
Herd Certification Program approval,
renewal, or reinstatement; application
for enrollment in the CWD Herd
Certification Program; memoranda of
understanding between APHIS and
participating States; herd or premises
plans; annual reports; State reviews;
epidemiological investigations and
reporting of out-of-State traces to
affected States; reports of cervid
suspects, escapes, disappearances, and
deaths; inspections and inventories; a
letter to appeal suspension,
cancellation, or change in status;
farmed, captive, and wild cervid
identification; interstate certificates of
veterinary inspection; surveillance data;
and recordkeeping.
We are asking the Office of
Management and Budget (OMB) to
approve our use of these information
collection activities, as described, for an
additional 3 years.
The purpose of this notice is to solicit
comments from the public (as well as
affected agencies) concerning our
information collection. These comments
will help us:
(1) Evaluate whether the collection of
information is necessary for the proper
performance of the functions of the
Agency, including whether the
information will have practical utility;
(2) Evaluate the accuracy of our
estimate of the burden of the collection
of information, including the validity of
the methodology and assumptions used;
(3) Enhance the quality, utility, and
clarity of the information to be
collected; and
(4) Minimize the burden of the
collection of information on those who
E:\FR\FM\15MRN1.SGM
15MRN1
]]>Agencies
[Federal Register Volume 83, Number 51 (Thursday, March 15, 2018)]
[Notices]
[Pages 11489-11492]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-05280]
-----------------------------------------------------------------------
DEPARTMENT OF AGRICULTURE
[Docket No. FSIS-2015-0015]
Privacy Act of 1974; New System of Records
AGENCY: Food Safety and Inspection Service, U.S. Department of
Agriculture.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, as amended, the
Department of Agriculture (USDA) proposes a new Food Safety and
Inspection Service (FSIS) system of records entitled: USDA/FSIS-0004,
Public Health Information System (PHIS). PHIS is a Web-based system
that collects information generated from FSIS inspection, compliance
verification, notification and monitoring activities regarding the
slaughter, processing, import and export of meat, and poultry and egg
products. Within PHIS, FSIS maintains contact and other identifying
information about employees and contractors of USDA, government
officials, representatives of regulated establishments, and third
parties.
DATES: Applicable date: April 16, 2018. Written comments must be
received on or before the above date. The proposed system will be
adopted on the above date, without further notice, unless it is
modified in response to comments, in which case the notice will be re-
published.
ADDRESSES: Send written comments to: Docket Clerk, FSIS, Patriots Plaza
3, 355 E Street SW, Mailstop 3782, Room 8-163B, Washington, DC 20250-
3700 or fax to (202) 245-4793. Comments may also be posted on: https://www.regulations.gov/. All comments must include the Agency's name and
docket number, FSIS-2015-0015, and will be publicly posted, including
any personal information submitted, on https://www.regulations.gov.
Docket: To obtain a copy of, or to view, the docket, visit FSIS Docket
Room, Patriots Plaza 3, 355 E Street SW, Room 164-A, Washington, DC
20250-3700, 8:00 a.m. to 4:30 p.m., Monday to Friday.
FOR FURTHER INFORMATION CONTACT: Roberta Wagner, Assistant
Administrator, Office of Policy and Program Development (OPPD), FSIS,
Room 350-E, Jamie Whitten Building, 1400 Independence Ave. SW,
Washington, DC 20250, or Neal Westgerdes, PHIS System Owner/Manager,
OPPD, FSIS, Room 2925-South, 1400 Independence Ave. SW Washington, DC
20250, (202) 205-4233.
For Privacy Questions: Marj Leaming, USDA Privacy Officer, Policy,
E-Government and Fair Information Practices, Office of the Chief
Information Officer, USDA, 1400 Independence Ave. SW, Room 450-W,
Washington, DC 20250; telephone 202-205-0926.
SUPPLEMENTARY INFORMATION: The Privacy Act requires agencies to publish
in the Federal Register (FR) a notice of any new or revised system of
records. A ``system of records'' is a group of any records under the
control of an agency from which information is retrievable by the name
of the individual or by some unique identifier assigned to the
individual. USDA is proposing to establish a new system of records,
entitled USDA/FSIS-04, Public Health Information System (PHIS). The
primary purpose of PHIS is to collect information gathered by USDA
Personnel from their inspection, compliance verification and
notification activities at regulated establishments, and to assess data
entered by Business Personnel. PHIS enhances USDA's ability to predict
hazards and vulnerabilities in the food supply and thus prevent or
mitigate food safety-related threats to the public health in a timely
manner. Additionally, in regard to imports and exports, PHIS provides
USDA and other domestic and foreign regulatory authorities with
information to monitor the movement of meat, poultry and egg products
in advance of a shipment's arrival.
USDA grants PHIS access to and collect information from the
following user groups: (1) Employees and contractors of USDA (``USDA
Personnel''); (2) government officials (domestic and foreign) (``Other
Government Officials''); and (3) representatives of the regulated
establishments and businesses, such as importers and exporters of food
products, who require access to PHIS (``Business Personnel''). PHIS
collects from all three user groups basic identifying contact
information. The system also collects identifying information about
individuals who are not PHIS users, but whose names may appear in
records entered by a user, for contact purposes.
PHIS obtains and stores the identifying information for USDA
Personnel, including: the user's and supervisor's full names, titles,
duty stations, business contact information, assigned PHIS role(s), and
USDA eAuthentication numbers. This information is used for contacting
personnel, shipping documents and supplies, inspection assignment
scheduling and for security and access control purposes. In addition to
this basic identifying contact information, the system receives
employee profile information for USDA Personnel from the National
Finance Center, including, but not limited to: Social security numbers
(stored in masked formats); hire dates; organizational level; pay plan;
and locality and pay code. This employee profile data are used to
verify USDA Personnel employment status.
For Other Government Officials and Business Personnel, the system
collects information including the name and title of the user, business
contact information, and PHIS roles and USDA eAuthentication
information. From Business Personnel, it collects the user's entity
name and associated business or tax identification numbers, as
applicable. Only basic contact information is collected about
individuals who are not PHIS users, but whose names appear in records
entered by a user.
USDA Personnel enter records in connection with their inspection,
compliance verification, and notification activities at regulated
establishments. The records entered by Other Government Officials
include documents concerning the equivalence of foreign inspection
systems, documents concerning State program inspection verification and
activities, responses to USDA decisions, and requests for information
from USDA. Business Personnel enter records in connection with, or in
response to, USDA Personnel's activities and decisions, and requests
for services from USDA. Examples include records supporting compliance
with FSIS regulations, such as applications for
[[Page 11490]]
export certificates and Meat and Poultry Export Certificate of
Wholesomeness, as well as appeals of USDA compliance decisions
regarding regulated establishments and products.
A Privacy Impact Assessment is posted on https://www.usda.gov/wps/portal/usda/usdahome?navid=PRIVACY_POLICY_ES.
No Privacy Act exemption is claimed.
In accordance with the Privacy Act, as implemented by the Office of
Management and Budget (OMB) Circular A-108, USDA has provided a report
of this proposed new system of records to the Chair of the Committee on
Homeland Security and Governmental Affairs, United States Senate; the
Chair of the Committee on Oversight and Government Reform, House of
Representatives; and the Administrator of the Office of Information and
Regulatory Affairs, OMB.
Done in Washington, DC, March 12, 2018.
Paul Kiecker,
Acting Administrator.
SYSTEM NAME AND NUMBER
Public Health Information System (PHIS), USDA/FSIS-04.
Security Classification:
Unclassified.
System Location:
USDA National Information Technology Center (NITC), 8930 Ward
Parkway, Kansas City, MO, 64114, and NITC, 4300 Goodfellow Blvd., St.
Louis, MO 63120.
System Manager:
PHIS System Owner, Office of Policy and Program Development Food
Safety and Inspection Service, USDA, Room 2925-South, 1400 Independence
Ave. SW, Washington, DC 20250. (202) 205-4233.
Authority for Maintenance of the System:
Poultry Products Inspection Act (21 U.S.C. 451 et seq.); Federal
Meat Inspection Act (21 U.S.C. 601 et seq.); Egg Products Inspection
Act (21 U.S.C. 1031 et seq.); Humane Methods of Livestock Slaughter Act
of 1978 (7 U.S.C. 1901-1906); Authority to Operate (ATO), dated 03/23/
2017.
Purpose of the System:
The primary role of this Web-based electronic system is to assist
FSIS in accomplishing its food safety mission of conducting inspections
and compliance verification activities at regulated establishments to
confirm that meat, poultry and egg products are safe, wholesome, not
adulterated, and correctly labeled, packaged and distributed.
Supplementary purposes include the verification of product eligibility
for moving in and out of the United States.
PHIS maintains FSIS inspection, compliance verification and
sampling program results and business profile information. PHIS also
maintains data about State and foreign food safety programs. PHIS
maintains information about individuals: to allow users access to the
system; to schedule and assess inspection and compliance verification
activities; to track requests for USDA services; and to allow responses
to appeal of USDA Personnel's decisions.
Categories of Individuals Covered by the System:
All individuals granted access to the PHIS are covered: (1)
Employees and contractors of USDA (``USDA Personnel''); (2) government
officials (domestic and foreign) (``Other Government Officials''); and
(3) representatives of the regulated establishments and businesses,
such as importers and exporters of food products, who require access to
PHIS (``Business Personnel''). All individuals, even if they are not
users of the PHIS, who are mentioned or referenced in any documents
entered into PHIS by a user are also covered. This group may include,
but is not limited to: Plant workers, vendors, agents, and
interviewees.
Categories of Records in the System:
PHIS obtains and stores identifying information for the three
categories of individuals as follows:
For USDA Personnel, PHIS stores the user's and supervisor's full
names, titles, duty stations, business contact information, assigned
PHIS role(s) and eAuthentication numbers. This information is used for
contacting personnel, shipping documents and supplies, inspection
assignment scheduling and for security and access control purposes. In
addition to this basic identifying contact information, the system
receives employee profile information for USDA Personnel from the
National Finance Center, including, but not limited to: Social security
numbers (stored in masked formats); hire dates; organizational level;
pay plan; and locality and pay code. This employee profile data is used
to verify USDA Personnel employment status.
For Other Government Officials and Business Personnel, the system
collects information including the name and title of the user, business
contact information, PHIS roles and e-Authentication information. From
Business Personnel, it also collects the user's entity name and
associated business or tax identification numbers, as applicable. Only
basic contact information is collected about individuals who are not
PHIS users, but whose names appear in records entered by a user.
Records Source Categories:
Basic identifying contact information of all user groups (USDA
Personnel, Other Government Officials and Business Personnel) is
obtained directly from the user. In addition, employment verification
information about USDA Personnel is obtained from the NFC through a
secure data feed.
Records entered by USDA Personnel or Other Government Officials in
connection with their official duties are obtained directly from them.
Business Personnel records, including appeals, requests for
services and requests for grants of inspection or updates to their
entities' business profiles, are entered into PHIS directly by Business
Personnel or are given in paper form to USDA Personnel for input into
PHIS on behalf of the Business Personnel. Business records can also be
obtained from a foreign country's Central Competent Authority
(``CCA'').
USDA Personnel can also obtain some types of information about the
other groups of users from USDA's electronic interface with other
Federal agencies involved in tracking cross-border movement of the
regulated establishments' products, including but not limited to the
U.S. Customs and Border Protection Automated Commercial Environment
(ACE). Business records from foreign countries are obtained from the
respective foreign officials and typically, the CCA assigned the
responsibility for maintaining a country's food safety systems reports
in PHIS. Information about third parties referenced in the records
entered by a user is obtained directly from the user entering or
modifying the record.
Routine Uses of Records Maintained in the System, Including Categories
of Users and the Purposes of Such Uses:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act of 1974, all or a portion of the records or
information contained in this system may be disclosed outside of USDA
as a routine use under 5 U.S.C. 552a(b)(3), as follows:
1. To the U.S. Department of Justice (DOJ) or other Federal agency
conducting litigation or in proceedings before any court, adjudicative
or administrative body, when it is
[[Page 11491]]
necessary for the litigation and one of the following is a party to the
litigation or has an interest in the litigation:
a. USDA or any component thereof;
b. Any employee of USDA in his/her official capacity;
c. Any employee of USDA in his/her individual capacity where DOJ or
USDA has agreed to represent the employee; or
d. The United States or any agency thereof and if the USDA
determines that the records are both relevant and necessary to the
litigation and the use of such records is compatible with the purpose
for which USDA collected the records.
2. To a Congressional office from the record of an individual in
response to an inquiry from that Congressional office made at the
written request of the individual to whom the record pertains.
3. To the National Archives and Records Administration (NARA) or
other Federal government agencies pursuant to records management
inspections being conducted under the authority of 44 U.S.C. 2904 and
2906.
4. To an agency, organization, or individual for the purpose of
performing audit or oversight operations as authorized by law, but only
such information as is necessary and relevant to such audit or
oversight function. This would include, but not be limited to, the
Comptroller General or any of his authorized representatives in the
course of the performance of the duties of the Government
Accountability Office, or USDA's Office of the Inspector General or any
authorized representatives of that office.
5. To appropriate agencies, entities, and persons when:
a. USDA suspects or has confirmed that there has been a breach of
the system of records;
b. USDA has determined that as a result of the suspected or
confirmed breach, there is a risk of harm to individuals, USDA
(including its information systems, programs, and operations), the
Federal Government, or national security; and
c. the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with USDA's efforts to
respond to the suspected or confirmed breach or to prevent, minimize,
or remedy such harm; and
6. To contractors and their agents, grantees, experts, consultants,
and others performing or working on a contract, service, grant,
cooperative agreement, or other assignment for USDA, when necessary to
accomplish an agency function related to this system of records.
Individuals who provided information under this routine use are subject
to the same Privacy Act requirements and limitations on disclosure as
are applicable to USDA officers and employees.
7. To an appropriate Federal, State, tribal, local, international,
or foreign law enforcement agency or other appropriate authority
charged with investigating or prosecuting a violation or enforcing or
implementing a law, rule, regulation, or order, where a record, either
on its face or in conjunction with other information, indicates a
violation or potential violation of law, which includes criminal,
civil, or regulatory violations, and such disclosure is proper and
consistent with the official duties of the person making the
disclosure.
8. To an appropriate Federal, State, tribal, local, international,
or foreign law enforcement agency or appropriate authority responsible
for protecting public health, preventing or monitoring disease or
illness outbreaks, or ensuring the safety of the food supply. This
includes the Department of Health and Human Services and its agencies,
including the Centers for Disease Control and Prevention and the Food
and Drug Administration, other Federal agencies, and State, tribal, and
local health departments.
9. To another federal agency or federal entity when USDA determines
that information from this system of records is reasonably necessary to
assist the recipient agency or entity in (1) responding to a suspected
or confirmed breach or (2) preventing, minimizing, or remedying the
risk of harm to individuals, the recipient agency or entity (including
its information systems, programs and operations), the federal
government or national security, resulting from a suspected or
confirmed breach.
Policies and Practices for Storage of Records:
The system includes a database, electronic documents and paper
records. The storage for the database records is a dedicated virtual
server located in the USDA NITC facility in Kansas City, MO. Duplicate
records are maintained at the USDA NITC facility in St. Louis, MO. The
primary storage for the electronic documents is a records management
system managed and hosted by USDA at their Enterprise Data Centers.
Paper records are maintained in the USDA offices where they were
created. Records backup storage is maintained by NITC Personnel in a
virtual tape library at the USDA NITC facility in Kansas City, MO.
Copies of the backup records are maintained at the USDA NITC facility
in St. Louis, MO. Each USDA laboratory stores data in the local
internal storage on each server. Paper records from establishments that
do not wish to use the Web-based PHIS, and communication records, such
as PHIS-related emails, are stored in a dedicated, secured location at
FSIS field offices to which USDA Personnel are assigned.
Policies and Practices for Retrieval of Records:
Retrieval is by user profile object information, which is created
during the user authorization process and includes the following data
elements: User identification, role, permission, organization
identification, and assigned place of work. Information can also be
retrieved by a unique eAuthentication identification number assigned to
all users.
Policies and Practices for Retention and Disposal of Records:
A master file backup is created at the end of the calendar year and
maintained in St. Louis, MO. The St. Louis offsite storage site is
located approximately 250 miles from the primary data facility and is
not susceptible to the same hazards.
Administrative, Technical, and Physical Safeguards:
Records in this system are safeguarded by restricting
accessibility, in accordance with USDA security and access policies.
The safeguarding includes: Firewall(s), network protection, and an
encrypted password. All users are assigned a level of role-based
access, which is strictly controlled and granted through USDA-approved,
secure application (Level 2 eAuthentication) after the user
successfully completes Government National Agency Check with Inquiries
(NACI). Controls are in place to preclude anonymous usage and browsing.
Records Access Procedures:
Any individual may request a copy of records in PHIS by submitting
a written request, with reasonable specificity, to FSIS Freedom of
Information Act (FOIA) Office at: 1400 Independence Ave. SW, Room 2168-
South, Mail Stop No. 3713, Washington, DC 20250. Under the Privacy Act
(PA), 5 U.S.C. 552a, an individual United States citizen or legal
permanent resident may seek access to records that are retrieved by
his/her own name or other personal identifier, such as social security
number or employee identification number. Such records will be made
available unless they fall within the exemptions of the PA and the
FOIA. Your Privacy Act request for records must be in writing and
addressed to the FOIA office. For
[[Page 11492]]
more information about how to make a FOIA or a Privacy Act request to
obtain records, please see: https://www.fsis.usda.gov/wps/portal/footer/policies-and-links/freedom-of-information-act/foia-requests
An individual United States citizen or legal permanent resident may
also seek to correct or to amend his or her own records in PHIS that
are retrieved by name or other personal identifier, such as one's
social security number (SSN) or employee number. Such Privacy Act
requests for correction or amendment will be processed in accordance
with applicable legal requirements and exemptions under the governing
regulations and statutes such as the FOIA, 5 U.S.C. 552, the PA, 5
U.S.C. 552a, and 7 CFR part 1, subpart G.
Contesting Records Procedures:
See ``Records Access Procedures'' above.
Notification Procedures:
See ``Records Access Procedures'' above.
Exemptions Promulgated for the System:
None.
[FR Doc. 2018-05280 Filed 3-14-18; 8:45 am]
BILLING CODE 3410-DM-P
