Privacy Act of 1974; System of Records, 10955-10958 [2021-03583]

Agencies

• ENVIRONMENTAL PROTECTION AGENCY

[Federal Register Volume 86, Number 34 (Tuesday, February 23, 2021)]
[Notices]
[Pages 10955-10958]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-03583]


-----------------------------------------------------------------------

ENVIRONMENTAL PROTECTION AGENCY

[FRL-10017-76-OMS]


Privacy Act of 1974; System of Records

AGENCY: Office of Mission Support (OMS), Environmental Protection 
Agency (EPA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The U.S. Environmental Protection Agency's (EPA), Office of 
Mission Support is giving notice that it proposes to create a new 
system of records pursuant to the provisions of the Privacy Act of 
1974. Fleet Access (FA) is being created to comply with United States 
Code (U.S.C.) 175 Federal Motor Vehicle Expenditure Control and the 
General Services Administration (GSA)

[[Page 10956]]

Federal Management Regulation (FMR) B-15 requiring all federal agencies 
store and maintain vehicle asset data collected in a Fleet Management 
Information System (FMIS).

DATES: Persons wishing to comment on this system of records notice must 
do so by March 25, 2021. New routine uses for this new system of 
records will be effective March 25, 2021.

ADDRESSES: Submit your comments, identified by Docket ID No. EPA-HQ-
OMS-2020-0137, by one of the following methods:
    Regulations.gov: www.regulations.gov. Follow the online 
instructions for submitting comments.
    Email: [email protected].
    Fax: 202-566-1752.
    Mail: OMS Docket, Environmental Protection Agency, Mail Code: 
2822T, 1200 Pennsylvania Ave. NW, Washington, DC 20460.
    Hand Delivery: OMS Docket, EPA/DC, WJC West Building, Room 3334, 
1301 Constitution Ave. NW, Washington, DC 20460. Such deliveries are 
only accepted during the Docket's normal hours of operation, and 
special arrangements should be made for deliveries of boxed 
information.
    Instructions: Direct your comments to Docket ID No. EPA-HQ-OMS-
2020-0137. The EPA policy is that all comments received will be 
included in the public docket without change and may be made available 
online at www.regulations.gov, including any personal information 
provided, unless the comment includes information claimed to be 
Controlled Unclassified Information (CUI) or other information for 
which disclosure is restricted by statute. Do not submit information 
that you consider to be CUI or otherwise protected through 
www.regulations.gov. The www.regulations.gov website is an ``anonymous 
access'' system for EPA, which means the EPA will not know your 
identity or contact information unless you provide it in the body of 
your comment. Each agency determines submission requirements within 
their own internal processes and standards. EPA has no requirement of 
personal information. If you send an email comment directly to the EPA 
without going through www.regulations.gov your email address will be 
automatically captured and included as part of the comment that is 
placed in the public docket and made available on the internet. If you 
submit an electronic comment, the EPA recommends that you include your 
name and other contact information in the body of your comment. If the 
EPA cannot read your comment due to technical difficulties and cannot 
contact you for clarification, the EPA may not be able to consider your 
comment. Electronic files should avoid the use of special characters, 
any form of encryption, and be free of any defects or viruses. For 
additional information about the EPA public docket, visit the EPA 
Docket Center homepage at https://www.epa.gov/epahome/dockets.htm.
    Docket: All documents in the docket are listed in the 
www.regulations.gov index. Although listed in the index, some 
information is not publicly available, e.g., CUI or other information 
for which disclosure is restricted by statute. Certain other material, 
such as copyrighted material, will be publicly available only in hard 
copy. Publicly available docket materials are available either 
electronically in www.regulations.gov or in hard copy at the OMS 
Docket, EPA/DC, WJC West Building, Room 3334, 1301 Constitution Ave. 
NW, Washington, DC 20460. The Public Reading Room is open from 8:30 
a.m. to 4:30 p.m., Monday through Friday excluding legal holidays. The 
telephone number for the Public Reading Room is (202) 566-1744, and the 
telephone number for the OMS Docket is (202) 566-1752.
    Out of an abundance of caution for members of the public and our 
staff, the EPA Docket Center and Reading Room are closed to the public, 
with limited exceptions, to reduce the risk of transmitting COVID-19. 
Our Docket Center staff will continue to provide remote customer 
service via email, phone, and webform. We encourage the public to 
submit comments via https://www.regulations.gov/ or email, as there may 
be a delay in processing mail and faxes. Hand deliveries and couriers 
may be received by scheduled appointment only. For further information 
on EPA Docket Center services and the current status, please visit us 
online at https://www.epa.gov/dockets.

FOR FURTHER INFORMATION CONTACT: General questions about the Fleet 
Access system should be made in writing to: James Cunningham, (202) 
564-7212, [email protected]; Jackie Brown, (202) 564-0313, 
[email protected]; and Jonathan Barnes, (202) 564-1950, 
[email protected].

SUPPLEMENTARY INFORMATION: Fleet Access stores vehicle level data such 
as license plate, VIN, make, model, acquisition value/and or lease 
rates as well as designations regarding alternative fuel, energy, and 
sustainability mandates. Fleet Access is used to produce an end-of-year 
report known as the Federal Automotive Statistical Tool Report (FAST 
Report) submitted jointly to the Department of Energy (DOE), the 
General Services Administration (GSA), and the Idaho National Lab 
(INL). The FAST report summarizes each vehicle's yearly data with 
respect to fuel, mileage, maintenance, acquisition, and disposal. Fleet 
Access also serves as a comprehensive standardized vehicle reservation 
system used by agency staff needing to reserve and utilize fleet 
vehicles for official agency business. Vehicle registration features of 
Fleet Access requires system users register personal business 
information in order to reserve agency fleet assets.

SYSTEM NAME AND NUMBER:
    Fleet Access (FA)--EPA-85.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    AgileFleet (Fleet Access Service Provider): 14101 Willard Rd., 
Suite A, Chantilly, VA 20151; AgileFleet (Fleet Access Datacenter): 600 
West 7th Street, Los Angeles, CA 900021, System Managers: 1200 
Pennsylvania Ave. NW, Washington, DC 20460.

SYSTEM MANAGER(S):
    James Cunningham, IT Project Manager, 1200 Pennsylvania Ave. NW, 
Washington, DC 20460, Mail code 3101M, [email protected], 202-
564-7212.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    40 U.S.C. 175--Federal Motor Vehicle Expenditure Control; Sections 
15301 and 15302 of the Consolidated Omnibus Budget Reconciliation Act 
of 1986 (Pub. L. 99-272) (40 U.S.C. 17502 and 17503); and General 
Services Administration (GSA) FMR B-15.

PURPOSE(S) OF THE SYSTEM:
    Fleet Access (FA) is a contractor owned and operated system used by 
EPA to comply with the General Services Administration (GSA) FMR B-15 
requirement that each federal agency store and maintain vehicle asset 
data collected in a Fleet Management Information System (FMIS). The FA 
system serves two primary purposes: First, to store vehicle level data 
such as license plate, VIN, make, model, acquisition value/lease rates, 
designations regarding alternative fuel, energy and sustainability 
mandates. Which is used to produce the Federal Automotive Statistical 
Tool Report (FAST Report) as an end of year report. This end of year 
report is submitted jointly to the Department of Energy (DOE), the GSA, 
and the Idaho National

[[Page 10957]]

Lab (INL). The FAST report summarizes each vehicle's annual data with 
respect to fuel, mileage, maintenance, acquisition, and disposal. And 
second, it is used by EPA's Fleet program management, regional, local 
staff and support contractors as a standardized vehicle reservation 
system to reserve and utilize fleet vehicles for official agency 
business.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The categories of individuals covered by this system include EPA 
employees and EPA Contractors.

CATEGORIES OF RECORDS IN THE SYSTEM:
    PII collected includes: Last Name, First Name, Work Phone Number, 
Work Email Address, Driver's License Expiration Date, and Profile 
Picture.

RECORD SOURCE CATEGORIES:
    Fleet Access is a data management system that allows authorized EPA 
employees and contractors to store/maintain vehicle asset data and 
reserve agency vehicles across various programs/regions. PII 
information is collected directly from the user via an online 
registration form.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    The following new or modified routine uses apply to this system 
because the use of the record is necessary for the efficient conduct of 
government. The routine uses are related to and compatible with the 
original purpose for which the information was collected.
    A. Disclosure of Law Enforcement Purposes: Information may be 
disclosed to the appropriate Federal, State, local, tribal, or foreign 
agency responsible for investigating, prosecuting, enforcing, or 
implementing a statute, rule, regulation, or order, if the information 
is relevant to a violation or potential violation of civil or criminal 
law or regulation within the jurisdiction of the receiving entity.
    B. Disclosure Incident to Requesting Information: Information may 
be disclosed to any source from which additional information is 
requested (to the extent necessary to identify the individual, inform 
the source of the purpose of the request, and to identify the type of 
information requested,) when necessary to obtain information relevant 
to an agency decision concerning retention of an employee or other 
personnel action (other than hiring), retention of a security 
clearance, the letting of a contract, or the issuance or retention of a 
grant or other benefit.
    C. Disclosure to Requesting Agency: Disclosure may be made to a 
Federal, State, local, foreign, or tribal or other public authority of 
the fact that this system of records contains information relevant to 
the retention of an employee, the retention of a security clearance, 
the letting of a contract, or the issuance or retention of a license, 
grant or other benefit. The other agency or licensing organization may 
then make a request supported by the written consent of the individual 
for the entire record if it so chooses. No disclosure will be made 
unless the information has been determined to be sufficiently reliable 
to support a referral to another office within the agency or to another 
Federal agency for criminal, civil, administrative, personnel or 
regulatory action.
    D. Disclosure of Office of Management and Budget: Information may 
be disclosed to the Office of Management and Budget (OMB) at any stage 
in the legislative coordination and clearance process in connection 
with private relief legislation as set forth in OMB Circular No. A-19.
    E. Disclosure to Congressional Offices: Information may be 
disclosed to a congressional office from the record of an individual in 
response to an inquiry from the congressional office made at the 
request of the individual.
    F. Disclosure to Department of Justice: Information may be 
disclosed to the Department of Justice, or in a proceeding before a 
court, adjudicative body, or other administrative body before which the 
Agency is authorized to appear, when:
    1. The Agency, or any component thereof;
    2. Any employee of the Agency in his or her official capacity;
    3. Any employee of the Agency in his or her individual capacity 
where the Department of Justice or the Agency have agreed to represent 
the employee; or
    4. The United States, if the Agency determines that litigation is 
likely to affect the Agency or any of its components, is a party to 
litigation or has an interest in such litigation, and the use of such 
records by the Department of Justice or the Agency is deemed by the 
Agency to be relevant and necessary to the litigation provided, 
however, that in each case it has been determined that the disclosure 
is compatible with the purpose for which the records were collected.
    G. Disclosure of National Archives: Information may be disclosed to 
the National Archives and Records Administration in records management 
inspections.
    H. Disclosure to Contractors, Grantees, and Others: Information may 
be disclosed to contractors, grantees, consultants, or volunteers 
performing or working on a contract, service, grant, cooperative 
agreement, job, or other activity for the Agency and who have a need to 
have access to the information in the performance of their duties or 
activities for the Agency. When appropriate, recipients will be 
required to comply with the requirements of the Privacy Act of 1974 as 
provided in 5 U.S.C. 552a(m).
    I. Disclosures of Administrative Claims, Complaints and Appeals: 
Information from this system of records may be disclosed to an 
authorized appeal grievance examiner, formal complaints examiner, equal 
employment opportunity investigator, arbitrator or other person 
properly engaged in investigation or settlement of an administrative 
grievance, complaint, claim, or appeal filed by an employee, but only 
to the extent that the information is relevant and necessary to the 
proceeding. Agencies that may obtain information under this routine use 
include, the Office of Personnel Management, Office of Special Counsel, 
Merit Systems Protection Board, Federal Labor Relations Authority, 
Equal Employment Opportunity Commission and Office of Government 
Ethics.
    J. Disclosure to the Office of Personnel Management: Information 
from this system of records may be disclosed to the Office of Personnel 
Management pursuant to that agency's responsibility for evaluation and 
oversight of Federal personnel management.
    K. Disclosure in Connection with Litigation: Information from this 
system of records may be disclosed in connection with litigation or 
settlement discussions regarding claims by or against the Agency, 
including public filing with a court, to the extent that disclosure of 
the information is relevant and necessary to the litigation or 
discussions and except where court orders are otherwise required under 
section (b)(11) of the Privacy Act of 1974, 5 U.S.C. 552a(b)(11).
    L. Disclosure to Persons or Entities in Response to an Actual of 
Suspected Breach of Personally Identifiable Information: To appropriate 
agencies, entities, and persons when (1) the Agency suspects or has 
confirmed that there has been a breach of the system of records, (2) 
the Agency has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, the Agency 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure

[[Page 10958]]

made to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the Agency's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    M. Disclosure to assist another agency in its efforts to respond to 
a breach: To another Federal agency or Federal entity, when the Agency 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The information collected within Fleet Access is maintained and 
stored in a database hosted by Aptum, a DataCenter Service Provider 
located at 600 West 7th Street, Los Angeles, California 900021 in 
accordance to the EPA record retention schedule 00-90-Administrative 
Support Databases. And EPA Record Schedule 1009--Motor Vehicles and 
Personal Property.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records for Fleet Access are retrievable by User ID and Last Name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Fleet Access complies with EPA Records Schedule 0090-Administrative 
Support Databases and EPA Record Schedule 1009--Motor Vehicles and 
Personal Property. Personnel information is retained for as long as the 
user or administrator determines necessary, generally, as long as the 
individual is employed by the EPA and requires vehicle reservation 
access. If a person no longer needs to reserve a vehicle for agency 
business, their user information is deleted permanently, in accordance 
with EPA Record Schedule 1009. Vehicle data is stored for a minimum of 
3 years.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Security controls used to protect personal sensitive data in Fleet 
Access are commensurate with those required for an information system 
rated moderate for confidentiality, integrity, and availability, as 
prescribed in NIST Special Publication, 800-53, ``Recommended Security 
Controls for Federal Information Systems,'' Revision 4.
    1. Administrative Safeguards: Personnel are required to complete 
annual agency Information Security and Privacy training. Personnel are 
instructed to lock their computers when they leave their desks.
    2. Technical Safeguards: Access to Fleet Access is restricted to 
authorized users via login by username and password. All application 
passwords are encrypted in the database. User passwords cannot be seen 
by the administrators. The application is web-based, and user sessions 
encrypted. Authorized users are defined by an application administrator 
from within the application. Permission structures are currently role-
based and are applied individually by an application administrator as 
needed.
    3. Physical Safeguards: Equipment used for the purposes of hosting 
the Fleet Access is in a secure facility. Access to the secure facility 
is restricted to employees displaying valid identification badges. 
Access to the Network Operations Center is limited to authorized, 
network administrators and requires successful validation by additional 
authentication mechanisms. Access to the secure facility is logged. 
Power to the facility is insured by both battery backup and diesel 
generator. Fire suppression systems are in place.
    The facility is staffed 24-hours-a-day, seven days a week.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to information in this system of records 
about themselves are required to provide adequate identification (e.g., 
driver's license, military identification card, employee badge or 
identification card). Additional identity verification procedures may 
be required, as warranted. Requests must meet the requirements of EPA 
regulations that implement the Privacy Act of 1974, at 40 CFR part 16.

CONTESTING RECORD PROCEDURES:
    Requests for correction or amendment must identify the record to be 
changed and the corrective action sought. Complete EPA Privacy Act 
procedures are described in EPA's Privacy Act regulations at 40 CFR 
part 16.

NOTIFICATION PROCEDURE:
    Any individual who wants to know whether this system of records 
contains a record about him or her, should make a written request to 
the Attn: Agency Privacy Officer, MC 2831T, 1200 Pennsylvania Ave. NW, 
Washington, DC 20460, [email protected].

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Vaughn Noga,
Senior Agency Official for Privacy.
[FR Doc. 2021-03583 Filed 2-22-21; 8:45 am]
BILLING CODE 6560-50-P