Privacy Act of 1974; System of Records--Migrant Student Information Exchange, 32895-32899 [2019-14686]

Download as PDF Federal Register / Vol. 84, No. 132 / Wednesday, July 10, 2019 / Notices Act of 1993 (GPRA)’’ (18–16–04) has only previously been published in the Federal Register on October 24, 2008 (73 FR 63453–63457). [FR Doc. 2019–14690 Filed 7–9–19; 8:45 am] BILLING CODE 4000–01–P DEPARTMENT OF EDUCATION [Docket No.: ED–2019–ICCD–0074] Agency Information Collection Activities; Comment Request; Foreign Schools Eligibility Criteria Apply To Participate in Title IV HEA Programs Federal Student Aid (FSA), Department of Education (ED). ACTION: Notice. AGENCY: In accordance with the Paperwork Reduction Act of 1995, ED is proposing an extension of an existing information collection. DATES: Interested persons are invited to submit comments on or before September 9, 2019. ADDRESSES: To access and review all the documents related to the information collection listed in this notice, please use http://www.regulations.gov by searching the Docket ID number ED– 2019–ICCD–0074. Comments submitted in response to this notice should be submitted electronically through the Federal eRulemaking Portal at http:// www.regulations.gov by selecting the Docket ID number or via postal mail, commercial delivery, or hand delivery. If the regulations.gov site is not available to the public for any reason, ED will temporarily accept comments at ICDocketMgr@ed.gov. Please include the docket ID number and the title of the information collection request when requesting documents or submitting comments. Please note that comments submitted by fax or email and those submitted after the comment period will not be accepted. Written requests for information or comments submitted by postal mail or delivery should be addressed to the Director of the Information Collection Clearance Division, U.S. Department of Education, 550 12th Street SW, PCP, Room 9086, Washington, DC 20202–0023. FOR FURTHER INFORMATION CONTACT: For specific questions related to collection activities, please contact Beth Grebeldinger, 202–377–4018. SUPPLEMENTARY INFORMATION: The Department of Education (ED), in accordance with the Paperwork Reduction Act of 1995 (PRA) (44 U.S.C. 3506(c)(2)(A)), provides the general public and Federal agencies with an opportunity to comment on proposed, jspears on DSK30JT082PROD with NOTICES SUMMARY: VerDate Sep<11>2014 18:32 Jul 09, 2019 Jkt 247001 revised, and continuing collections of information. This helps the Department assess the impact of its information collection requirements and minimize the public’s reporting burden. It also helps the public understand the Department’s information collection requirements and provide the requested data in the desired format. ED is soliciting comments on the proposed information collection request (ICR) that is described below. The Department of Education is especially interested in public comment addressing the following issues: (1) Is this collection necessary to the proper functions of the Department; (2) will this information be processed and used in a timely manner; (3) is the estimate of burden accurate; (4) how might the Department enhance the quality, utility, and clarity of the information to be collected; and (5) how might the Department minimize the burden of this collection on the respondents, including through the use of information technology. Please note that written comments received in response to this notice will be considered public records. Title of Collection: Foreign Schools Eligibility Criteria Apply to Participate in Title IV HEA Programs. OMB Control Number: 1845–0105. Type of Review: An extension of an existing information collection. Respondents/Affected Public: Individuals or Households; Private Sector; State, Local, and Tribal Governments. Total Estimated Number of Annual Responses: 26,713. Total Estimated Number of Annual Burden Hours: 7,230. Abstract: The information in 34 CFR Sections 600.54, 600.55, 600.56, and 600.57 is used by the Department during the initial review for eligibility certification, recertification and annual evaluations. These regulations help to ensure that all foreign institutions participating in the Title IV, HEA programs are meeting the minimum participation standards. Dated: July 3, 2019. Kate Mullan, PRA Coordinator, Information Collection Clearance Program, Information Management Branch, Office of the Chief Information Officer. [FR Doc. 2019–14637 Filed 7–9–19; 8:45 am] BILLING CODE 4000–01–P PO 00000 Frm 00037 Fmt 4703 Sfmt 4703 32895 DEPARTMENT OF EDUCATION [Docket ID ED–2018–OESE–0088] Privacy Act of 1974; System of Records–-Migrant Student Information Exchange Office of Elementary and Secondary Education, Department of Education. ACTION: Notice of a modified system of records. AGENCY: In accordance with the Privacy Act of 1974, as amended (Privacy Act), the Department of Education (Department) publishes this notice of a modified system of records entitled ‘‘Migrant Student Information Exchange (MSIX)’’ (18–14–04) to modify this system of records notice, which was last published in the Federal Register on December 5, 2007. DATES: Submit your comments on this modified system of records notice on or before August 9, 2019. This modified system of records notice will become applicable upon publication in the Federal Register on July 10, 2019. Modified routine uses (1), (2), (3), (5), and (6) and new routine use (8) listed under ‘‘ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES’’ will become applicable on August 9, 2019, unless the modified system of records notice needs to be changed as a result of public comment. The Department will publish any significant changes resulting from public comment. ADDRESSES: Submit your comments through the Federal eRulemaking Portal or via postal mail, commercial delivery, or hand delivery. We will not accept comments submitted by fax or by email or those submitted after the comment period. To ensure that we do not receive duplicate copies, please submit your comments only once. In addition, please include the Docket ID at the top of your comments. • Federal eRulemaking Portal: Go to www.regulations.gov to submit your comments electronically. Information on using Regulations.gov, including instructions for accessing agency documents, submitting comments, and viewing the docket, is available on the site under the ‘‘help’’ tab. • Postal Mail, Commercial Delivery, or Hand Delivery: If you mail or deliver your comments about this modified system of records, address them to: Lisa C. Gillette, Director, Office of Migrant Education, Office of Elementary and Secondary Education, U.S. Department SUMMARY: E:\FR\FM\10JYN1.SGM 10JYN1 jspears on DSK30JT082PROD with NOTICES 32896 Federal Register / Vol. 84, No. 132 / Wednesday, July 10, 2019 / Notices of Education, 400 Maryland Avenue SW, Washington, DC 20202–0001. Privacy Note: The Department’s policy is to make all comments received from members of the public available for public viewing in their entirety on the Federal eRulemaking Portal at www.regulations.gov. Therefore, commenters should be careful to include in their comments only information that they wish to make publicly available. Assistance to Individuals with Disabilities in Reviewing the Rulemaking Record: On request, we will supply an appropriate accommodation or auxiliary aid to an individual with a disability who needs assistance to review the comments or other documents in the public rulemaking record for this notice. If you want to schedule an appointment for this type of accommodation or auxiliary aid, please contact the person listed under FOR FURTHER INFORMATION CONTACT. FOR FURTHER INFORMATION CONTACT: Lisa C. Gillette, Director, Office of Migrant Education, Office of Elementary and Secondary Education, U.S. Department of Education, 400 Maryland Avenue SW, 3E317, Washington, DC 20202– 6135. Telephone: (202) 260–1164. If you use a telecommunications device for the deaf (TDD) or text telephone (TTY), you may call the Federal Information Relay Service (FIRS), toll free, at 1–800–877–8339. SUPPLEMENTARY INFORMATION: The MSIX system of records helps meet the needs of migratory children by improving the timeliness of the availability of current educational and health information on migratory children to school and program staff where migratory children enroll after moving. MSIX uses the Minimum Data Elements (MDEs) to provide a standard format for information that States must collect and maintain. MSIX allows State educational agencies (SEAs) to upload the required MDEs from their own existing State student record systems into a single national data repository where information on each migratory child is maintained, organized, and compiled. As a web-based platform, MSIX allows authorized users to access a migratory child’s MSIX record via a web browser. Section 1308(b)(2) of the Elementary and Secondary Education Act of 1965, as amended (ESEA) (20 U.S.C. 6398(b)(2)) requires the Secretary of Education to ensure the linkage of migratory student record systems for the purpose of electronically exchanging, among the States, health and educational information regarding all migratory students. VerDate Sep<11>2014 18:32 Jul 09, 2019 Jkt 247001 As described more fully below, this notice will update the following sections: Security Classification; System Location; Authority for Maintenance of the System; Purpose(s) of the System; Categories of Records in the System; Record Source Categories; Policies and Practices for Storage of Records; Policies and Practices for Retrieval of Records; Policies and Practices for Retention and Disposal of Records; Administrative, Technical, and Physical Safeguards; Record Access Procedures; and Notification Procedures. This modified system of records notice will update routine uses (1), (2), (3), and (6), and, pursuant to the requirements in Office of Management and Budget (OMB) Memorandum 17–12, it will also update routine use (5) and add new routine use (8). Pursuant to the requirements of OMB Circular No. A–108, a new section entitled ‘‘History’’ also has been added to the notice. Introduction: The Department previously published the MSIX system of records notice in the Federal Register on December 5, 2007 (72 FR 68572–76). This notice will update the following sections: Security Classification; System Location; Authority for Maintenance of the System; Purpose(s) of the System; Categories of Records in the System; Record Source Categories; Routine Uses of Records Maintained in the System, Including Categories of Users and Purposes of Such Uses; Policies and Practices for Storage of Records; Policies and Practices for Retrieval of Records; Policies and Practices for Retention and Disposal of Records; Administrative, Technical, and Physical Safeguards; Record Access Procedures; and Notification Procedures. Pursuant to OMB Circular No. A–108, the section entitled ‘‘SECURITY CLASSIFICATION’’ is updated from ‘‘none’’ to ‘‘unclassified.’’ The Department is updating the section entitled ‘‘SYSTEM LOCATION’’ to list the names and addresses of the current Department contractor and subcontractor that maintain MSIX records. The Department is updating the section entitled ‘‘AUTHORITY FOR MAINTENANCE OF THE SYSTEM’’ to update the reference to the current legal authority. The Department is updating the section entitled ‘‘PURPOSE(S) OF THE SYSTEM’’ to reflect the current, rather than anticipated, use and benefits of the system. While the purpose of reducing unnecessary immunizations is still a goal of the Migrant Education Program (MEP), MSIX does not track or record incidences of unnecessary immunizations. PO 00000 Frm 00038 Fmt 4703 Sfmt 4703 The Department is updating the section entitled ‘‘CATEGORIES OF RECORDS IN THE SYSTEM’’ to update the reference to the Paperwork Reduction Act (PRA) clearance request in the Federal Register which lists the minimum data elements included in MSIX. The Department is updating the section entitled ‘‘RECORD SOURCE CATEGORIES’’ to add Migrant Education Program (MEP) local operating agencies (LOAs), in addition to local educational agencies (LEAs). LOAs were added to the record source categories to be inclusive of service delivery organizations that are operating in the MEP participating States. SEAs submit data to MSIX using data sourced from LEAs and/or LOAs, depending on the service delivery model used by the SEA. The Department also is adding parents, guardians, and migratory children to the section of the notice on record source categories to more closely adhere to OMB guidance on the Privacy Act and to reflect that LEAs, LOAs, and SEAs obtain some records directly from parents and migratory children. This modified system of records notice will also update routine uses (1), (2), (3), (5), and (6) and add new routine use (8). The Department is modifying routine use (1), which was formerly entitled ‘‘MEP Services, School Enrollment, Grade or Course Placement, Accrual of High School Credits, Student Record Match Resolution,’’ to include ‘‘data correction by parents, guardians, and migratory children’’ as a reason for disclosure to authorized representatives of SEAs, LEAs, or other MEP LOAs. The Department is modifying routine use (2) entitled ‘‘Contract Disclosure’’ and routine use (3) entitled ‘‘Research Disclosure’’ to remove language that respectively referenced safeguard requirements under subsection (m) of the Privacy Act and Privacy Act safeguards. The Department revised the language in routine use (2) to permit the Department to disclose records from this system of records to employees of Department contractors, whether or not the contractors are covered by subsection (m) of the Privacy Act, so long as the contractors are performing a Departmental function that requires disclosing records to them and they agree to establish and maintain safeguards that will protect the security and confidentiality of the disclosed records. The Department also revised the language in routine uses (2) and (3) because the prior language referring to required safeguards under the Privacy Act and Privacy Act safeguards was unclear about what safeguards were E:\FR\FM\10JYN1.SGM 10JYN1 jspears on DSK30JT082PROD with NOTICES Federal Register / Vol. 84, No. 132 / Wednesday, July 10, 2019 / Notices required and therefore to clarify that contractors and researchers to whom disclosures are made under these routine uses will be required to agree to establish and maintain safeguards to protect the security and confidentiality of the disclosed records. The Department also revised routine use (2) to remove language that had referred to requiring these safeguards to be maintained before the contract was entered into and instead to indicate that the agreement on such safeguards will be reached as part of any such contract. Pursuant to the requirements in OMB M–17–12, the Department is modifying routine use (5) entitled ‘‘Disclosure in the Course of Responding to a Breach of Data’’ and adding routine use (8) entitled ‘‘Disclosure in Assisting another Agency in Responding to a Breach of Data’’ in order to comply with the requirements in OMB M–17–12. Pursuant to this new routine use, the Department may disclose records from this system to another Federal agency or Federal entity, when the Department determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. The Department is modifying routine use (6) entitled ‘‘Litigation or Alternative Dispute Resolution (ADR) Disclosure’’ to replace the word ‘‘individual,’’ which is a defined word under the Privacy Act, with the word ‘‘person’’ to avoid public confusion. The Department is updating the section entitled ‘‘POLICIES AND PRACTICES FOR STORAGE OF RECORDS’’ to remove references to hardware stored in locked file cabinets and describe electronic records storage. The Department is also updating the section entitled ‘‘POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS’’ to explain that MSIX users retrieve records by an individual’s name, in addition to the unique identifier assigned to each individual. The Department is updating the section entitled ‘‘POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS’’ to reflect the most recent Department records schedule, and applicable disposition instruction, which governed the retention and disposition of the records; and, to explain that said records schedule disposition instruction is VerDate Sep<11>2014 18:32 Jul 09, 2019 Jkt 247001 being superseded, pending approval by the National Archives and Records Administration (NARA), by a new records schedule submitted by the Department to NARA. The Department is updating the section entitled ‘‘ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS’’ to reflect changes in technical and physical safeguards offered by the cloud service provider. The Department is also updating the sections entitled ‘‘RECORD ACCESS PROCEDURES’’ and ‘‘NOTIFICATION PROCEDURES’’ to specify the necessary particulars that the system manager must be provided in connection with a records access or notification request in order to distinguish between the records of individuals with the same names. Pursuant to the requirements of OMB Circular No. A–108, the Department is also adding a new section to the notice that is entitled ‘‘HISTORY.’’ Accessible Format: Individuals with disabilities can obtain this document in an accessible format (e.g., braille, large print, audiotape, or compact disc) on request to the person listed under FOR FURTHER INFORMATION CONTACT. Electronic Access to This Document: The official version of this document is the document published in the Federal Register. Free internet access to the official edition of the Federal Register and the CFR is available via the Federal Digital System at: www.gpo.gov/fdsys. At this site you can view this document, as well as all other documents of the Department published in the Federal Register, in text or Portable Document Format (PDF). To use PDF you must have Adobe Acrobat Reader, which is available free at the site. You may also access documents of the Department published in the Federal Register by using the article search feature at: www.federalregister.gov. Specifically, through the advanced search feature at this site, you can limit your search to documents published by the Department. Dated: July 5, 2019. Frank T. Brogan, Assistant Secretary for Elementary and Secondary Education. For the reasons discussed in the preamble, the Assistant Secretary of the Office of Elementary and Secondary Education of the U.S. Department of Education (Department) publishes a notice of a modified system of records to read as follows: SYSTEM NAME AND NUMBER Migrant Student Information Exchange (MSIX) (18–14–04). PO 00000 Frm 00039 Fmt 4703 Sfmt 4703 32897 SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: (1) U.S. Department of Education, Office of Migrant Education, Office of Elementary and Secondary Education, 400 Maryland Avenue SW, Washington, DC 20202–6135. (2a) Deloitte Consulting LLC, 1919 North Lynn Street, Arlington, VA 22209–1743 (contractor) (Software development/programming and operations/maintenance). (2b) Amazon Web Services (AWS) USEAST/US-WEST 12900 Worldgate Drive, Herndon, VA 20170–6039 (subcontractor). SYSTEM MANAGER(S): Director, Office of Migrant Education, Office of Elementary and Secondary Education, U.S. Department of Education, 400 Maryland Avenue SW, Room 3E317, Washington, DC 20202– 0001. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: MSIX is authorized under section 1308(b)(2) of the Elementary and Secondary Education Act of 1965, as amended (ESEA), 20 U.S.C. 6398(b)(2). PURPOSE(S) OF THE SYSTEM: The purpose of MSIX is to enhance the continuity of educational and health services for migratory children by providing a mechanism for all States to exchange educational and health-related information on migratory children who move from State to State due to their migratory lifestyle. MSIX helps to improve the timeliness of school enrollments, the appropriateness of grade and course placements, and participation in the Migrant Education Program (MEP) for migratory children. Further, MSIX facilitates the accrual of course credits for migratory children in secondary school by providing accurate academic information on the students’ course history and academic progress. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: This system contains records on all children whom States have determined to be eligible to participate in the MEP, authorized in Title I, Part C of the ESEA. CATEGORIES OF RECORDS IN THE SYSTEM: The categories of records in the system include the migratory child’s: Name, date of birth, personal identification numbers assigned by the States and the Department, parent’s or parents’ name or names, school enrollment data, school contact data, assessment data, and other educational and health data necessary for accurate E:\FR\FM\10JYN1.SGM 10JYN1 32898 Federal Register / Vol. 84, No. 132 / Wednesday, July 10, 2019 / Notices and timely school enrollment, grade and course placement, and accrual of course credits. The final request for public comment on the minimum data elements (MDEs) to be included in MSIX was published, pursuant to the Paperwork Reduction Act of 1995 clearance process, in the Federal Register on May 25, 2016 (81 FR 33246). RECORD SOURCE CATEGORIES: The system contains records that are obtained from parents, guardians, migratory children, State educational agencies (SEAs), local educational agencies (LEAs), and local operating agencies (LOAs). jspears on DSK30JT082PROD with NOTICES ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES: The Department may disclose information contained in a record in this system of records, under the routine uses listed in this system of records, without the consent of the individual if the disclosure is compatible with the purposes for which the record was collected. The Department may make these disclosures on a case-by-case basis or, if the Department has complied with the computer matching requirements of the Privacy Act of 1974, as amended (Privacy Act), under a computer matching agreement. (1) MEP Services, School Enrollment, Grade or Course Placement, Accrual of High School Credits, Student Record Match Resolution, and Data Correction Disclosure. The Department may disclose a record in this system of records to authorized representatives of SEAs, LEAs, or other MEP LOAs to facilitate one or more of the following for a student: (a) Participation in the MEP, (b) enrollment in school, (c) grade or course placement, (d) credit accrual, (e) unique student match resolution, and (f) data correction by parents, guardians, and migratory children. (2) Contract Disclosure. If the Department contracts with an entity for the purposes of performing any function that requires disclosure of records in this system to employees of the contractor, the Department may disclose the records to those employees who have received the appropriate level security clearance from the Department. As part of such a contract, the Department will require the contractor to agree to establish and maintain safeguards to protect the security and confidentiality of the disclosed records. (3) Research Disclosure. The Department may disclose records from this system to a researcher if an appropriate official of the Department determines that the individual or VerDate Sep<11>2014 18:32 Jul 09, 2019 Jkt 247001 organization to which the disclosure would be made is qualified to carry out specific research related to functions or purposes of this system of records. The official may disclose information from this system of records to that researcher solely for the purpose of carrying out that research related to the functions or purposes of this system of records. The researcher will be required to agree to establish and maintain safeguards to protect the security and confidentiality of the disclosed records. (4) Freedom of Information Act (FOIA) or Privacy Act Advice Disclosure. The Department may disclose records to the U.S. Department of Justice (DOJ) or the Office of Management and Budget (OMB) if the Department concludes that disclosure is desirable or necessary to determine whether particular records are required to be disclosed under the FOIA or the Privacy Act. (5) Disclosure in the Course of Responding to a Breach of Data. The Department may disclose records from this system to appropriate agencies, entities, and persons when (a) the Department suspects or has confirmed that there has been a breach of the system of records; (b) the Department has determined that as a result of the suspected or confirmed breach, there is a risk of harm to individuals, the Department (including its information systems, programs, and operations), the Federal Government, or national security; and, (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department’s efforts in responding to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. (6) Litigation or Alternative Dispute Resolution (ADR) Disclosure. (a) Introduction. In the event that one of the following parties is involved in litigation or ADR, or has an interest in litigation or ADR, the Department may disclose certain records to the parties described in paragraphs b, c, and d of this routine use under the conditions specified in those paragraphs: (i) The Department or any of its components. (ii) Any Department employee in his or her official capacity. (iii) Any employee of the Department in his or her individual capacity where DOJ has agreed to or has been requested to provide or arrange for representation of the employee. (iv) Any employee of the Department in his or her individual capacity where the Department has agreed to represent the employee. PO 00000 Frm 00040 Fmt 4703 Sfmt 4703 (v) The United States where the Department determines that the litigation is likely to affect the Department or any of its components. (b) Disclosure to DOJ. If the Department determines that disclosure of certain records to DOJ, or attorneys engaged by DOJ, is relevant and necessary to litigation or ADR, and is compatible with the purpose for which the records were collected, the Department may disclose those records as a routine use to DOJ. (c) Adjudicative Disclosure. If the Department determines that disclosure of certain records to an adjudicative body before which the Department is authorized to appear or to a person or entity designated by the Department or otherwise empowered to resolve or mediate disputes is relevant and necessary to litigation or ADR, and is compatible with the purpose for which the records were collected, the Department may disclose those records as a routine use to the adjudicative body, person, or entity. (d) Disclosure to Parties, Counsel, Representatives, and Witnesses. If the Department determines that disclosure of certain records to a party, counsel, representative, or witness is relevant and necessary to litigation or ADR, and is compatible with the purpose for which the records were collected, the Department may disclose those records as a routine use to a party, counsel, representative, or witness. (7) Congressional Member Disclosure. The Department may disclose information from a record of an individual to a member of Congress and his or her staff in response to an inquiry from the member made at the written request of that individual. The member’s right to the information is no greater than the right of the individual who requested it. (8) Disclosure in Assisting another Agency in Responding to a Breach of Data. The Department may disclose records from this system to another Federal agency or Federal entity, when the Department determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. E:\FR\FM\10JYN1.SGM 10JYN1 Federal Register / Vol. 84, No. 132 / Wednesday, July 10, 2019 / Notices POLICIES AND PRACTICES FOR STORAGE OF RECORDS: The cloud service provider, Amazon Web Services (AWS), through a subcontract with the Department, stores computerized student records, including backups, on virtual servers. Physical security of electronic data is maintained in compliance with the Federal Information Security Modernization Act of 2014 (FISMA) and National Institute of Standards and Technology (NIST) standards. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records in this system are retrieved by name and by the unique identifier assigned to each individual. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: All records were previously retained and disposed of in accordance with Department Records Schedule 066: Program Management Files (N1–441– 10–1) (ED 066), Item (a)(3). ED 066, Item (a)(3), is being superseded, pending approval by the National Archives and Records Administration (NARA), by a new records schedule submitted by the Department to NARA entitled, ‘‘Migrant Student Information Exchange (MSIX) Electronic Information System Records.’’ The Department will not destroy the aforementioned records until such time as said new, NARAapproved schedule is in effect, as applicable. jspears on DSK30JT082PROD with NOTICES ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: (1) Introduction. Security personnel control and monitor all physical access to the site of the Department’s subcontractor, where this system of records is maintained. The computer system employed by the Department offers a high degree of resistance to tampering and circumvention. This computer system limits data access to Department and contract staff on a ‘‘need to know’’ basis, and controls individual users’ ability to access and alter records within the system by granting user names and passwords, and assigning user roles. (2) Physical Security of Electronic Data. The MSIX infrastructure is housed in a cloud service provider with provisional authorization from the Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB) under the Moderate control baseline. All controls managed by the cloud service provider, including physical security of electronic data, are reviewed by a third party assessment organization (3PAO) in accordance with FedRAMP guidance. VerDate Sep<11>2014 18:32 Jul 09, 2019 Jkt 247001 (3) User Access to Electronic Data. MSIX leverages role-based accounts and security controls to limit access to the application, its servers, and its infrastructure to authorized users in accordance with the Federal Information Security Modernization Act (FISMA) of 2014 and the Department Office of Chief Information Officer (OCIO) directives, policies, standards and procedures. All MSIX users must follow a registration process that involves identity validation and verification prior to gaining access to MSIX. MSIX utilizes unique user identifiers (user IDs) and authenticators (strong passwords). Directory information for all authorized users is stored in the system. Directory information maintained in MSIX includes username, full name, work contact information, and login credentials needed to maintain user accounts. The MSIX application is only available to authorized users via a Uniform Resource Locator (URL) that runs under the Hypertext Transfer Protocol over Secure Socket Layer (HTTPS). (4) Additional Security Measures. The MSIX infrastructure also leverages firewalls and intrusion detection systems to limit internal access and identify unauthorized access to the system. MSIX logs, monitors, and controls network communications and systems actions. System components are logically separated from internal organizational networks and connect to external networks through managed interfaces. Further, the MSIX operations include conducting vulnerability scans, monitoring the U.S. Computer Emergency Response Team (CERT) bulletins, and applying routine operating system and vendor patches as appropriate. RECORD ACCESS PROCEDURES: If you wish to gain access to your record in the system of records, you must contact the system manager at the address listed under SYSTEM MANAGER(S). You must provide necessary particulars such as your name, date of birth, and any other identifying information requested by the Department while processing the request to distinguish between individuals with the same name. Your request must meet the requirements of regulations in 34 CFR 5b.5, including proof of identity. CONTESTING RECORD PROCEDURES: If you wish to contest or change the content of a record regarding you in the system of records, contact the system manager at the address listed under PO 00000 Frm 00041 Fmt 4703 Sfmt 4703 32899 SYSTEM MANAGER(S). Your request must meet the requirements of regulations in 34 CFR 5b.7. NOTIFICATION PROCEDURES: If you wish to determine whether a record exists regarding you in the system of records, you must contact the system manager at the address listed under SYSTEM MANAGER(S). You must provide necessary particulars such as your name, date of birth, and any other identifying information requested by the Department while processing the request to distinguish between individuals with the same name. Your request must meet the requirements of regulations in 34 CFR 5b.5, including proof of identity. EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. HISTORY: The system of records was originally published in the Federal Register on December 5, 2007 (72 FR 68572–68576). [FR Doc. 2019–14686 Filed 7–9–19; 8:45 am] BILLING CODE 4000–01–P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission [Docket No. ER19–2316–000] Renewable Energy Asset Management Group, LLC; Supplemental Notice That Initial Market-Based Rate Filing Includes Request for Blanket Section 204 Authorization This is a supplemental notice in the above-referenced Renewable Energy Asset Management Group, LLC’s application for market-based rate authority, with an accompanying rate tariff, noting that such application includes a request for blanket authorization, under 18 CFR part 34, of future issuances of securities and assumptions of liability. Any person desiring to intervene or to protest should file with the Federal Energy Regulatory Commission, 888 First Street NE, Washington, DC 20426, in accordance with Rules 211 and 214 of the Commission’s Rules of Practice and Procedure (18 CFR 385.211 and 385.214). Anyone filing a motion to intervene or protest must serve a copy of that document on the Applicant. Notice is hereby given that the deadline for filing protests with regard to the applicant’s request for blanket authorization, under 18 CFR part 34, of future issuances of securities and assumptions of liability, is July 22, 2019. E:\FR\FM\10JYN1.SGM 10JYN1

Agencies

[Federal Register Volume 84, Number 132 (Wednesday, July 10, 2019)]
[Notices]
[Pages 32895-32899]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-14686]


-----------------------------------------------------------------------

DEPARTMENT OF EDUCATION

[Docket ID ED-2018-OESE-0088]


Privacy Act of 1974; System of Records--Migrant Student 
Information Exchange

AGENCY: Office of Elementary and Secondary Education, Department of 
Education.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended 
(Privacy Act), the Department of Education (Department) publishes this 
notice of a modified system of records entitled ``Migrant Student 
Information Exchange (MSIX)'' (18-14-04) to modify this system of 
records notice, which was last published in the Federal Register on 
December 5, 2007.

DATES: Submit your comments on this modified system of records notice 
on or before August 9, 2019.
    This modified system of records notice will become applicable upon 
publication in the Federal Register on July 10, 2019. Modified routine 
uses (1), (2), (3), (5), and (6) and new routine use (8) listed under 
``ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING 
CATEGORIES OF USERS AND PURPOSES OF SUCH USES'' will become applicable 
on August 9, 2019, unless the modified system of records notice needs 
to be changed as a result of public comment. The Department will 
publish any significant changes resulting from public comment.

ADDRESSES: Submit your comments through the Federal eRulemaking Portal 
or via postal mail, commercial delivery, or hand delivery. We will not 
accept comments submitted by fax or by email or those submitted after 
the comment period. To ensure that we do not receive duplicate copies, 
please submit your comments only once. In addition, please include the 
Docket ID at the top of your comments.
     Federal eRulemaking Portal: Go to www.regulations.gov to 
submit your comments electronically. Information on using 
Regulations.gov, including instructions for accessing agency documents, 
submitting comments, and viewing the docket, is available on the site 
under the ``help'' tab.
     Postal Mail, Commercial Delivery, or Hand Delivery: If you 
mail or deliver your comments about this modified system of records, 
address them to: Lisa C. Gillette, Director, Office of Migrant 
Education, Office of Elementary and Secondary Education, U.S. 
Department

[[Page 32896]]

of Education, 400 Maryland Avenue SW, Washington, DC 20202-0001.
    Privacy Note: The Department's policy is to make all comments 
received from members of the public available for public viewing in 
their entirety on the Federal eRulemaking Portal at 
www.regulations.gov. Therefore, commenters should be careful to include 
in their comments only information that they wish to make publicly 
available.
    Assistance to Individuals with Disabilities in Reviewing the 
Rulemaking Record: On request, we will supply an appropriate 
accommodation or auxiliary aid to an individual with a disability who 
needs assistance to review the comments or other documents in the 
public rulemaking record for this notice. If you want to schedule an 
appointment for this type of accommodation or auxiliary aid, please 
contact the person listed under FOR FURTHER INFORMATION CONTACT.

FOR FURTHER INFORMATION CONTACT: Lisa C. Gillette, Director, Office of 
Migrant Education, Office of Elementary and Secondary Education, U.S. 
Department of Education, 400 Maryland Avenue SW, 3E317, Washington, DC 
20202-6135. Telephone: (202) 260-1164.
    If you use a telecommunications device for the deaf (TDD) or text 
telephone (TTY), you may call the Federal Information Relay Service 
(FIRS), toll free, at 1-800-877-8339.

SUPPLEMENTARY INFORMATION: The MSIX system of records helps meet the 
needs of migratory children by improving the timeliness of the 
availability of current educational and health information on migratory 
children to school and program staff where migratory children enroll 
after moving. MSIX uses the Minimum Data Elements (MDEs) to provide a 
standard format for information that States must collect and maintain. 
MSIX allows State educational agencies (SEAs) to upload the required 
MDEs from their own existing State student record systems into a single 
national data repository where information on each migratory child is 
maintained, organized, and compiled. As a web-based platform, MSIX 
allows authorized users to access a migratory child's MSIX record via a 
web browser. Section 1308(b)(2) of the Elementary and Secondary 
Education Act of 1965, as amended (ESEA) (20 U.S.C. 6398(b)(2)) 
requires the Secretary of Education to ensure the linkage of migratory 
student record systems for the purpose of electronically exchanging, 
among the States, health and educational information regarding all 
migratory students.
    As described more fully below, this notice will update the 
following sections: Security Classification; System Location; Authority 
for Maintenance of the System; Purpose(s) of the System; Categories of 
Records in the System; Record Source Categories; Policies and Practices 
for Storage of Records; Policies and Practices for Retrieval of 
Records; Policies and Practices for Retention and Disposal of Records; 
Administrative, Technical, and Physical Safeguards; Record Access 
Procedures; and Notification Procedures. This modified system of 
records notice will update routine uses (1), (2), (3), and (6), and, 
pursuant to the requirements in Office of Management and Budget (OMB) 
Memorandum 17-12, it will also update routine use (5) and add new 
routine use (8). Pursuant to the requirements of OMB Circular No. A-
108, a new section entitled ``History'' also has been added to the 
notice.
    Introduction: The Department previously published the MSIX system 
of records notice in the Federal Register on December 5, 2007 (72 FR 
68572-76). This notice will update the following sections: Security 
Classification; System Location; Authority for Maintenance of the 
System; Purpose(s) of the System; Categories of Records in the System; 
Record Source Categories; Routine Uses of Records Maintained in the 
System, Including Categories of Users and Purposes of Such Uses; 
Policies and Practices for Storage of Records; Policies and Practices 
for Retrieval of Records; Policies and Practices for Retention and 
Disposal of Records; Administrative, Technical, and Physical 
Safeguards; Record Access Procedures; and Notification Procedures.
    Pursuant to OMB Circular No. A-108, the section entitled ``SECURITY 
CLASSIFICATION'' is updated from ``none'' to ``unclassified.''
    The Department is updating the section entitled ``SYSTEM LOCATION'' 
to list the names and addresses of the current Department contractor 
and subcontractor that maintain MSIX records.
    The Department is updating the section entitled ``AUTHORITY FOR 
MAINTENANCE OF THE SYSTEM'' to update the reference to the current 
legal authority.
    The Department is updating the section entitled ``PURPOSE(S) OF THE 
SYSTEM'' to reflect the current, rather than anticipated, use and 
benefits of the system. While the purpose of reducing unnecessary 
immunizations is still a goal of the Migrant Education Program (MEP), 
MSIX does not track or record incidences of unnecessary immunizations.
    The Department is updating the section entitled ``CATEGORIES OF 
RECORDS IN THE SYSTEM'' to update the reference to the Paperwork 
Reduction Act (PRA) clearance request in the Federal Register which 
lists the minimum data elements included in MSIX.
    The Department is updating the section entitled ``RECORD SOURCE 
CATEGORIES'' to add Migrant Education Program (MEP) local operating 
agencies (LOAs), in addition to local educational agencies (LEAs). LOAs 
were added to the record source categories to be inclusive of service 
delivery organizations that are operating in the MEP participating 
States. SEAs submit data to MSIX using data sourced from LEAs and/or 
LOAs, depending on the service delivery model used by the SEA. The 
Department also is adding parents, guardians, and migratory children to 
the section of the notice on record source categories to more closely 
adhere to OMB guidance on the Privacy Act and to reflect that LEAs, 
LOAs, and SEAs obtain some records directly from parents and migratory 
children.
    This modified system of records notice will also update routine 
uses (1), (2), (3), (5), and (6) and add new routine use (8).
    The Department is modifying routine use (1), which was formerly 
entitled ``MEP Services, School Enrollment, Grade or Course Placement, 
Accrual of High School Credits, Student Record Match Resolution,'' to 
include ``data correction by parents, guardians, and migratory 
children'' as a reason for disclosure to authorized representatives of 
SEAs, LEAs, or other MEP LOAs.
    The Department is modifying routine use (2) entitled ``Contract 
Disclosure'' and routine use (3) entitled ``Research Disclosure'' to 
remove language that respectively referenced safeguard requirements 
under subsection (m) of the Privacy Act and Privacy Act safeguards. The 
Department revised the language in routine use (2) to permit the 
Department to disclose records from this system of records to employees 
of Department contractors, whether or not the contractors are covered 
by subsection (m) of the Privacy Act, so long as the contractors are 
performing a Departmental function that requires disclosing records to 
them and they agree to establish and maintain safeguards that will 
protect the security and confidentiality of the disclosed records. The 
Department also revised the language in routine uses (2) and (3) 
because the prior language referring to required safeguards under the 
Privacy Act and Privacy Act safeguards was unclear about what 
safeguards were

[[Page 32897]]

required and therefore to clarify that contractors and researchers to 
whom disclosures are made under these routine uses will be required to 
agree to establish and maintain safeguards to protect the security and 
confidentiality of the disclosed records. The Department also revised 
routine use (2) to remove language that had referred to requiring these 
safeguards to be maintained before the contract was entered into and 
instead to indicate that the agreement on such safeguards will be 
reached as part of any such contract.
    Pursuant to the requirements in OMB M-17-12, the Department is 
modifying routine use (5) entitled ``Disclosure in the Course of 
Responding to a Breach of Data'' and adding routine use (8) entitled 
``Disclosure in Assisting another Agency in Responding to a Breach of 
Data'' in order to comply with the requirements in OMB M-17-12. 
Pursuant to this new routine use, the Department may disclose records 
from this system to another Federal agency or Federal entity, when the 
Department determines that information from this system of records is 
reasonably necessary to assist the recipient agency or entity in (a) 
responding to a suspected or confirmed breach or (b) preventing, 
minimizing, or remedying the risk of harm to individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or national security, resulting 
from a suspected or confirmed breach.
    The Department is modifying routine use (6) entitled ``Litigation 
or Alternative Dispute Resolution (ADR) Disclosure'' to replace the 
word ``individual,'' which is a defined word under the Privacy Act, 
with the word ``person'' to avoid public confusion.
    The Department is updating the section entitled ``POLICIES AND 
PRACTICES FOR STORAGE OF RECORDS'' to remove references to hardware 
stored in locked file cabinets and describe electronic records storage.
    The Department is also updating the section entitled ``POLICIES AND 
PRACTICES FOR RETRIEVAL OF RECORDS'' to explain that MSIX users 
retrieve records by an individual's name, in addition to the unique 
identifier assigned to each individual.
    The Department is updating the section entitled ``POLICIES AND 
PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS'' to reflect the most 
recent Department records schedule, and applicable disposition 
instruction, which governed the retention and disposition of the 
records; and, to explain that said records schedule disposition 
instruction is being superseded, pending approval by the National 
Archives and Records Administration (NARA), by a new records schedule 
submitted by the Department to NARA.
    The Department is updating the section entitled ``ADMINISTRATIVE, 
TECHNICAL, AND PHYSICAL SAFEGUARDS'' to reflect changes in technical 
and physical safeguards offered by the cloud service provider.
    The Department is also updating the sections entitled ``RECORD 
ACCESS PROCEDURES'' and ``NOTIFICATION PROCEDURES'' to specify the 
necessary particulars that the system manager must be provided in 
connection with a records access or notification request in order to 
distinguish between the records of individuals with the same names.
    Pursuant to the requirements of OMB Circular No. A-108, the 
Department is also adding a new section to the notice that is entitled 
``HISTORY.''
    Accessible Format: Individuals with disabilities can obtain this 
document in an accessible format (e.g., braille, large print, 
audiotape, or compact disc) on request to the person listed under FOR 
FURTHER INFORMATION CONTACT.
    Electronic Access to This Document: The official version of this 
document is the document published in the Federal Register. Free 
internet access to the official edition of the Federal Register and the 
CFR is available via the Federal Digital System at: www.gpo.gov/fdsys. 
At this site you can view this document, as well as all other documents 
of the Department published in the Federal Register, in text or 
Portable Document Format (PDF). To use PDF you must have Adobe Acrobat 
Reader, which is available free at the site.
    You may also access documents of the Department published in the 
Federal Register by using the article search feature at: 
www.federalregister.gov. Specifically, through the advanced search 
feature at this site, you can limit your search to documents published 
by the Department.

    Dated: July 5, 2019.
Frank T. Brogan,
Assistant Secretary for Elementary and Secondary Education.
    For the reasons discussed in the preamble, the Assistant Secretary 
of the Office of Elementary and Secondary Education of the U.S. 
Department of Education (Department) publishes a notice of a modified 
system of records to read as follows:
SYSTEM NAME AND NUMBER
    Migrant Student Information Exchange (MSIX) (18-14-04).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    (1) U.S. Department of Education, Office of Migrant Education, 
Office of Elementary and Secondary Education, 400 Maryland Avenue SW, 
Washington, DC 20202-6135.
    (2a) Deloitte Consulting LLC, 1919 North Lynn Street, Arlington, VA 
22209-1743 (contractor) (Software development/programming and 
operations/maintenance).
    (2b) Amazon Web Services (AWS) US-EAST/US-WEST 12900 Worldgate 
Drive, Herndon, VA 20170-6039 (subcontractor).

SYSTEM MANAGER(S):
    Director, Office of Migrant Education, Office of Elementary and 
Secondary Education, U.S. Department of Education, 400 Maryland Avenue 
SW, Room 3E317, Washington, DC 20202-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    MSIX is authorized under section 1308(b)(2) of the Elementary and 
Secondary Education Act of 1965, as amended (ESEA), 20 U.S.C. 
6398(b)(2).

PURPOSE(S) OF THE SYSTEM:
    The purpose of MSIX is to enhance the continuity of educational and 
health services for migratory children by providing a mechanism for all 
States to exchange educational and health-related information on 
migratory children who move from State to State due to their migratory 
lifestyle. MSIX helps to improve the timeliness of school enrollments, 
the appropriateness of grade and course placements, and participation 
in the Migrant Education Program (MEP) for migratory children. Further, 
MSIX facilitates the accrual of course credits for migratory children 
in secondary school by providing accurate academic information on the 
students' course history and academic progress.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system contains records on all children whom States have 
determined to be eligible to participate in the MEP, authorized in 
Title I, Part C of the ESEA.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The categories of records in the system include the migratory 
child's: Name, date of birth, personal identification numbers assigned 
by the States and the Department, parent's or parents' name or names, 
school enrollment data, school contact data, assessment data, and other 
educational and health data necessary for accurate

[[Page 32898]]

and timely school enrollment, grade and course placement, and accrual 
of course credits. The final request for public comment on the minimum 
data elements (MDEs) to be included in MSIX was published, pursuant to 
the Paperwork Reduction Act of 1995 clearance process, in the Federal 
Register on May 25, 2016 (81 FR 33246).

RECORD SOURCE CATEGORIES:
    The system contains records that are obtained from parents, 
guardians, migratory children, State educational agencies (SEAs), local 
educational agencies (LEAs), and local operating agencies (LOAs).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    The Department may disclose information contained in a record in 
this system of records, under the routine uses listed in this system of 
records, without the consent of the individual if the disclosure is 
compatible with the purposes for which the record was collected. The 
Department may make these disclosures on a case-by-case basis or, if 
the Department has complied with the computer matching requirements of 
the Privacy Act of 1974, as amended (Privacy Act), under a computer 
matching agreement.
    (1) MEP Services, School Enrollment, Grade or Course Placement, 
Accrual of High School Credits, Student Record Match Resolution, and 
Data Correction Disclosure. The Department may disclose a record in 
this system of records to authorized representatives of SEAs, LEAs, or 
other MEP LOAs to facilitate one or more of the following for a 
student: (a) Participation in the MEP, (b) enrollment in school, (c) 
grade or course placement, (d) credit accrual, (e) unique student match 
resolution, and (f) data correction by parents, guardians, and 
migratory children.
    (2) Contract Disclosure. If the Department contracts with an entity 
for the purposes of performing any function that requires disclosure of 
records in this system to employees of the contractor, the Department 
may disclose the records to those employees who have received the 
appropriate level security clearance from the Department. As part of 
such a contract, the Department will require the contractor to agree to 
establish and maintain safeguards to protect the security and 
confidentiality of the disclosed records.
    (3) Research Disclosure. The Department may disclose records from 
this system to a researcher if an appropriate official of the 
Department determines that the individual or organization to which the 
disclosure would be made is qualified to carry out specific research 
related to functions or purposes of this system of records. The 
official may disclose information from this system of records to that 
researcher solely for the purpose of carrying out that research related 
to the functions or purposes of this system of records. The researcher 
will be required to agree to establish and maintain safeguards to 
protect the security and confidentiality of the disclosed records.
    (4) Freedom of Information Act (FOIA) or Privacy Act Advice 
Disclosure. The Department may disclose records to the U.S. Department 
of Justice (DOJ) or the Office of Management and Budget (OMB) if the 
Department concludes that disclosure is desirable or necessary to 
determine whether particular records are required to be disclosed under 
the FOIA or the Privacy Act.
    (5) Disclosure in the Course of Responding to a Breach of Data. The 
Department may disclose records from this system to appropriate 
agencies, entities, and persons when (a) the Department suspects or has 
confirmed that there has been a breach of the system of records; (b) 
the Department has determined that as a result of the suspected or 
confirmed breach, there is a risk of harm to individuals, the 
Department (including its information systems, programs, and 
operations), the Federal Government, or national security; and, (c) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with the Department's efforts in 
responding to respond to the suspected or confirmed breach or to 
prevent, minimize, or remedy such harm.
    (6) Litigation or Alternative Dispute Resolution (ADR) Disclosure.
    (a) Introduction. In the event that one of the following parties is 
involved in litigation or ADR, or has an interest in litigation or ADR, 
the Department may disclose certain records to the parties described in 
paragraphs b, c, and d of this routine use under the conditions 
specified in those paragraphs:
    (i) The Department or any of its components.
    (ii) Any Department employee in his or her official capacity.
    (iii) Any employee of the Department in his or her individual 
capacity where DOJ has agreed to or has been requested to provide or 
arrange for representation of the employee.
    (iv) Any employee of the Department in his or her individual 
capacity where the Department has agreed to represent the employee.
    (v) The United States where the Department determines that the 
litigation is likely to affect the Department or any of its components.
    (b) Disclosure to DOJ. If the Department determines that disclosure 
of certain records to DOJ, or attorneys engaged by DOJ, is relevant and 
necessary to litigation or ADR, and is compatible with the purpose for 
which the records were collected, the Department may disclose those 
records as a routine use to DOJ.
    (c) Adjudicative Disclosure. If the Department determines that 
disclosure of certain records to an adjudicative body before which the 
Department is authorized to appear or to a person or entity designated 
by the Department or otherwise empowered to resolve or mediate disputes 
is relevant and necessary to litigation or ADR, and is compatible with 
the purpose for which the records were collected, the Department may 
disclose those records as a routine use to the adjudicative body, 
person, or entity.
    (d) Disclosure to Parties, Counsel, Representatives, and Witnesses. 
If the Department determines that disclosure of certain records to a 
party, counsel, representative, or witness is relevant and necessary to 
litigation or ADR, and is compatible with the purpose for which the 
records were collected, the Department may disclose those records as a 
routine use to a party, counsel, representative, or witness.
    (7) Congressional Member Disclosure. The Department may disclose 
information from a record of an individual to a member of Congress and 
his or her staff in response to an inquiry from the member made at the 
written request of that individual. The member's right to the 
information is no greater than the right of the individual who 
requested it.
    (8) Disclosure in Assisting another Agency in Responding to a 
Breach of Data. The Department may disclose records from this system to 
another Federal agency or Federal entity, when the Department 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (a) responding to 
a suspected or confirmed breach or (b) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

[[Page 32899]]

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The cloud service provider, Amazon Web Services (AWS), through a 
subcontract with the Department, stores computerized student records, 
including backups, on virtual servers. Physical security of electronic 
data is maintained in compliance with the Federal Information Security 
Modernization Act of 2014 (FISMA) and National Institute of Standards 
and Technology (NIST) standards.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records in this system are retrieved by name and by the unique 
identifier assigned to each individual.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    All records were previously retained and disposed of in accordance 
with Department Records Schedule 066: Program Management Files (N1-441-
10-1) (ED 066), Item (a)(3). ED 066, Item (a)(3), is being superseded, 
pending approval by the National Archives and Records Administration 
(NARA), by a new records schedule submitted by the Department to NARA 
entitled, ``Migrant Student Information Exchange (MSIX) Electronic 
Information System Records.'' The Department will not destroy the 
aforementioned records until such time as said new, NARA-approved 
schedule is in effect, as applicable.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    (1) Introduction. Security personnel control and monitor all 
physical access to the site of the Department's subcontractor, where 
this system of records is maintained. The computer system employed by 
the Department offers a high degree of resistance to tampering and 
circumvention. This computer system limits data access to Department 
and contract staff on a ``need to know'' basis, and controls individual 
users' ability to access and alter records within the system by 
granting user names and passwords, and assigning user roles.
    (2) Physical Security of Electronic Data. The MSIX infrastructure 
is housed in a cloud service provider with provisional authorization 
from the Federal Risk and Authorization Management Program (FedRAMP) 
Joint Authorization Board (JAB) under the Moderate control baseline. 
All controls managed by the cloud service provider, including physical 
security of electronic data, are reviewed by a third party assessment 
organization (3PAO) in accordance with FedRAMP guidance.
    (3) User Access to Electronic Data. MSIX leverages role-based 
accounts and security controls to limit access to the application, its 
servers, and its infrastructure to authorized users in accordance with 
the Federal Information Security Modernization Act (FISMA) of 2014 and 
the Department Office of Chief Information Officer (OCIO) directives, 
policies, standards and procedures. All MSIX users must follow a 
registration process that involves identity validation and verification 
prior to gaining access to MSIX. MSIX utilizes unique user identifiers 
(user IDs) and authenticators (strong passwords). Directory information 
for all authorized users is stored in the system. Directory information 
maintained in MSIX includes username, full name, work contact 
information, and login credentials needed to maintain user accounts. 
The MSIX application is only available to authorized users via a 
Uniform Resource Locator (URL) that runs under the Hypertext Transfer 
Protocol over Secure Socket Layer (HTTPS).
    (4) Additional Security Measures. The MSIX infrastructure also 
leverages firewalls and intrusion detection systems to limit internal 
access and identify unauthorized access to the system. MSIX logs, 
monitors, and controls network communications and systems actions. 
System components are logically separated from internal organizational 
networks and connect to external networks through managed interfaces. 
Further, the MSIX operations include conducting vulnerability scans, 
monitoring the U.S. Computer Emergency Response Team (CERT) bulletins, 
and applying routine operating system and vendor patches as 
appropriate.

RECORD ACCESS PROCEDURES:
    If you wish to gain access to your record in the system of records, 
you must contact the system manager at the address listed under SYSTEM 
MANAGER(S). You must provide necessary particulars such as your name, 
date of birth, and any other identifying information requested by the 
Department while processing the request to distinguish between 
individuals with the same name. Your request must meet the requirements 
of regulations in 34 CFR 5b.5, including proof of identity.

CONTESTING RECORD PROCEDURES:
    If you wish to contest or change the content of a record regarding 
you in the system of records, contact the system manager at the address 
listed under SYSTEM MANAGER(S). Your request must meet the requirements 
of regulations in 34 CFR 5b.7.

NOTIFICATION PROCEDURES:
    If you wish to determine whether a record exists regarding you in 
the system of records, you must contact the system manager at the 
address listed under SYSTEM MANAGER(S). You must provide necessary 
particulars such as your name, date of birth, and any other identifying 
information requested by the Department while processing the request to 
distinguish between individuals with the same name. Your request must 
meet the requirements of regulations in 34 CFR 5b.5, including proof of 
identity.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    The system of records was originally published in the Federal 
Register on December 5, 2007 (72 FR 68572-68576).
[FR Doc. 2019-14686 Filed 7-9-19; 8:45 am]
 BILLING CODE 4000-01-P