Privacy Act of 1974; System of Records, 35462-35465 [2021-14278]

Agencies

• DEPARTMENT OF AGRICULTURE
• Forest Service

[Federal Register Volume 86, Number 126 (Tuesday, July 6, 2021)]
[Notices]
[Pages 35462-35465]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-14278]


-----------------------------------------------------------------------

DEPARTMENT OF AGRICULTURE

Forest Service


Privacy Act of 1974; System of Records

AGENCY: U.S. Department of Agriculture; Forest Service.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the U.S. 
Department of Agriculture (USDA or Department) proposes to create a new 
system of records titled ``Department of Agriculture Forest Service 
Application Cloud Environment (FS ACE).'' ACE is a general support 
system owned by the Forest Service Chief Information Officer (CIO) and 
operated by the Data Center Services Branch of the Forest Service CIO 
Operations Division. The system is located and managed in two 
geographically separated USDA Digital Infrastructure Services Centers 
(DISC), Class 4 data centers: One in Kansas City, MO; and the other in 
St. Louis, MO. Each provide alternate processing and data storage 
services in support of disaster recovery activities. Additionally, 
DISC-Kansas City provides off-site tape storage in Lenexa, KS, through 
a third-party vendor, Recall. All three locations are addressed within 
the DISC authorization boundaries.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is 
effective upon publication, subject to a 30-day notice and comment 
period to comment on the routine uses described below. Please submit 
any comments by August 5, 2021.

ADDRESSES: You may submit comments, identified by docket number FS-
2021-0004 by one of the following methods:
     Federal e-Rulemaking Portal: https://www.regulations.gov--
follow the instructions for submitting comments.
     Cynthia Towers, NRE Forest Service Privacy Officer, Office 
of the Chief Information Officer, U.S. Department of Agriculture, 1400 
Independence Avenue SW, Washington, DC 20250.
     email to [email protected].
    Instructions: All submissions received must include the Agency name 
and docket number for this rulemaking. All comments received will be 
posted without change to https://www.regulations.gov, including any 
personal information provided.
    Docket: For access to the docket to read the background document or 
comments received go to https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: For general questions about this 
notice, please contact Cynthia Towers, NRE Forest Service Privacy 
Officer, at 816-286-5272 or by email at [email protected].
    For privacy issue questions, please contact: Sullie Coleman, Chief 
Privacy Officer, Office of the Chief Information Officer, U.S. 
Department of Agriculture, 1400 Independence Avenue SW, Washington, DC 
20250 or by email at [email protected] or by telephone at (202) 
604-0467.

SUPPLEMENTARY INFORMATION: The Privacy Act of 1974, as amended (5 
U.S.C. 552a), requires agencies to publish in the Federal Register 
notice of new systems of records maintained by the Agency. A system of 
records is a group of any records under the control of any agency from 
which information is retrieved by the name of an individual or by some 
identifying number, symbol, or other identifying particular assigned to 
an individual.
    The Forest Service proposes to create a system of records entitled 
USDA/FS-63 Application Cloud Environment (FS ACE) that will be used to 
maintain records of activities conducted by the Agency pursuant to its 
mission and responsibilities.

TITLE OF BUSINESS ADDRESS OF THE AGENCY OFFICIAL RESPONSIBLE FOR THE 
SYSTEM OF RECORD:
    Chief Information Officer, U.S. Department of Agriculture, 1400 
Independence Avenue SW, Washington, DC 20250.

SYSTEM NAME AND NUMBER:
    USDA/FS-63 Application Cloud Environment (FS ACE). Forest Service 
Application Cloud Environment (FS ACE) CSAM ID 1991, External ID: UII 
Code: 005-000000243; 005-000003304; 005-000003305; 005-000000257.

SECURITY CLASSIFICATION:
    Controlled Unclassified Information (CUI).

SYSTEM LOCATION:
    The system is located and managed in two geographically-separated 
U.S. Department of Agriculture (USDA)

[[Page 35463]]

Digital Infrastructure Services Centers (DISC), Class 4 data centers, 
one at 8930 Ward Parkway, Kansas City, MO 64114 and the second at 4300 
Goodfellow Blvd., St. Louis, MO 63120. Each provide alternate 
processing and data storage services in support of disaster recovery 
activities. Additionally, Kansas City provides off-site tape storage 
through Recall, located at 16150 W 110th St., Lenexa, KS. All three 
locations are addressed within the DISC authorization boundaries.

SYSTEM MANAGER:
    ACE System Owner, Management Office 903 E 104th Street, Ste. 210, 
Kansas City, MO 64131. Additional location: Production DC--DISC Kansas 
City, MO.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    For FS ACE, authorities for general collection of information come 
from by 31 U.S.C. 3512, Executive Agency Accounting Systems Act of 
September 12,1950, and 16 U.S. Code Sec.  551--Protection of national 
forests; rules and regulations. For Federal requirements for the 
collection of information, also see: 5 U.S.C. Chapter 552 (Freedom of 
Information Act), 44 U.S.C. Chapters 21, 29, 31, and 33 (Records 
Management), and 18 U.S.C. 2071 (Concealment, removal, or mutilation of 
government records).

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system of records is to manage a set of 
projects that is part of the Digital Infrastructure Services Center 
cloud migration. The goal of the FS ACE is to enable the Agency to 
concentrate on building integrated business solutions rather than 
managing separate technology issues. This system provides general 
hosting services to applications within the Forest Service. Hosting 
services include Virtual Data Center (VDC) environment, storage, backup 
and recovery, monitoring, etc. The FS ACE hosts the applications that 
collects an individual's personal information (PII) as a part of doing 
business with the Forest Service. FS ACE houses sensitive data from 
various FS programs and allows FS authorized users the ability to 
access and update this information. For example:
     Integrates the information for reporting, analysis, and 
management of various Human Resource Management processes and 
functions, which includes both PII, and budget and finance data;
     Contains applications to collect, store, edit, compile and 
report on field collected resource data for our nation's forests and 
grasslands per the Farm Bill requirement; and
     FS ACE collects PII from several applications that include 
short term (seasonal) contractors and researchers in support of the 
Forest Inventory & Analysis program.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    All individuals granted access to the FS ACE are covered: All 
individuals, even if they are not users of the FS ACE who are mentioned 
or referenced in any documents entered into FS ACE by a user are also 
covered. This group may include, but is not limited to, vendors, 
agents, and other business personnel.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system of records includes the following required information 
about an individual: The individual's first and last name, social 
security number, tax identification number, passport number, driver's 
license number, or unique identification number.

RECORDS SOURCE CATEGORIES:
    Information contained in FS ACE may be collected from an individual 
via fax, email, form, telephone, or website, depending on the 
application used.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, records contained in a system may be 
disclosed outside USDA as a routine use under 5 U.S.C. 552a(b)(3) to 
the extent that such uses are compatible with the purposes for which 
the information was collected. Such permitted routine uses include the 
following disclosures:
    A. To the appropriate agency, whether Federal, State, local, 
Tribal, foreign, or other public authority responsible for enforcing, 
investigating, or prosecuting such violation or charged with enforcing 
or implementing the statute, or rule, regulation, or order issued 
pursuant thereto, when a record on its face, or in conjunction with 
other records, indicates a violation or potential violation of law, 
whether civil, criminal, or regulatory in nature, and whether arising 
by general statute or particular program, statute, or by regulation, 
rule, or order issued pursuant thereto, disclosure may be made if the 
information disclosed is relevant to any enforcement, regulatory, 
investigative, or prospective responsibility of the receiving entity 
and. Referral to the appropriate agency occurs, whether Federal, State, 
local, Tribal, or foreign, charged with the responsibility of 
investigating or prosecuting violation of law, or of enforcing or 
implementing a statute, rule, regulation, or order issued pursuant 
thereto of any record within this system when information available 
indicates a violation or potential violation of law, whether civil, 
criminal, or regulatory in nature;
    B. To the Department of Justice (DOJ), when: (a) USDA or any 
component thereof; or (b) any employee of USDA in his or her official 
capacity where the DOJ has agreed to represent the employee; or (c) the 
United States Government, is a party to litigation or has an interest 
in such litigation, and USDA determines that the records are both 
relevant and necessary to the litigation and the use of such records by 
the DOJ is therefore deemed by USDA to be for a purpose that is 
compatible with the purpose for which USDA collected the records;
    C. To a court or adjudicative body in a proceeding when: (a) USDA 
or any component thereof; or (b) any employee of USDA in his or her 
official capacity; or (c) any employee of the Agency in his or her 
individual capacity where USDA has agreed to represent the employee, or 
the United States Government, is a party to litigation or has an 
interest in such litigation, and USDA determines that the records are 
both relevant and necessary to the litigation and that use of such 
records is therefore deemed by USDA to be for a purpose that is 
compatible with the purpose for which USDA collected the records;
    D. To appropriate agencies, entities, and persons when: (1) USDA 
suspects or has confirmed that the security or confidentiality of 
information in the system of records has been compromised; (2) USDA has 
determined that as a result of the suspected or confirmed breach there 
is a risk of harm to individuals, USDA (including its information 
systems, programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with USDA's 
efforts to respond to the suspected or confirmed compromise and 
prevent, minimize, or remedy such harm; or to another Federal agency or 
Federal entity, when information from this system of records is 
reasonably necessary to assist the recipient agency or entity in (1) 
responding to a suspected or confirmed breach or (2) preventing, 
minimizing, or remedying the risk of harm to individuals, the agency 
(including its information systems, programs, and operations), the 
Federal Government, or national security;
    E. To contractors and their agents, grantees, experts, consultants, 
and others performing or working on a

[[Page 35464]]

contract, service, grant, cooperative agreement, or other assignment 
for the USDA, when necessary, to accomplish an agency function related 
to this system of records. Individuals providing information under this 
routine use are subject to the same Privacy Act requirements and 
limitations on disclosure as are applicable to USDA officers and 
employees;
    F. To a congressional office in response to an inquiry from that 
congressional office made at the written request of the individual 
about whom the record pertains.
    G. To the National Archives and Records Administration (NARA) or 
other Federal government agencies pursuant to records management 
inspections being conducted under the authority of 44 U.S.C. 2904 and 
2906.
    H. To an agency, organization, or individual for the purpose of 
performing audit or oversight operations as authorized by law, but only 
such information as is necessary and relevant to such audit or 
oversight function.
    I. To appropriate Federal, state, local, tribal, or foreign 
governmental agencies or multilateral governmental organizations, with 
the approval of the Chief Privacy Officer, when USDA is aware of a need 
to use relevant data for purposes of testing new technology.
    J. To the news media and the public, with the approval of the Chief 
Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information, or 
when disclosure is necessary to preserve confidence in the integrity of 
USDA, or when disclosure is necessary to demonstrate the accountability 
of USDA's officers, employees, or individuals covered by the system, 
except to the extent the Chief Privacy Officer determines that release 
of the specific information in the context of a particular case would 
constitute a clearly unwarranted invasion of personal privacy.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    None.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    All records are stored electronically or on paper in secure 
facilities in a locked drawer behind a locked door. The records may be 
stored on digital media. Each USDA mission area, agency, and staff 
office creates and maintains proper and adequate documentation of the 
organization, functions, policies, decisions, procedures, and essential 
transactions of the Department. This documentation protects the legal 
and financial rights of the Government and of persons directly affected 
by the Department's activities (44 U.S.C. 3101). U.S.C. Title 7, 
Chapters 55 2204 state that the Secretary of Agriculture may conduct 
any survey or other information collection and employ any sampling or 
other statistical method that the Secretary determines is appropriate.
    The Department is also authorized to obtain certain information 
under Sec. 515 of the Treasury and General Government Appropriations 
Act for Fiscal Year 2001 (44 U.S.C. 3516, Pub. L. 106-554) as well as 
Title 5 Part I Chapter 3-301, and 5 U.S.C. 552 Sec.  552a.
    See also: 5 U.S.C. Chapter 552; 44 U.S.C. Chapters 21, 29, 31, and 
33 (Records Management); 18 U.S.C. 2071; 44 U.S.C. 3101 et seq.; 44 
U.S.C. 3506; Title 7 CFR 2.37; 36 CFR Chapter 12, Subpart B; 36 CFR 
part 1234, eGovernment Act of 2002 (Pub. L. 107-347, 44 U.S.C. Ch. 36); 
OMB Circular A-130; NARA General Records Schedules and Forest Service 
Mission-specific records retention schedules approved by NARA for NARA 
Records Group 95.

POLICIES AND PRACTICES FOR RETRIEVABILITY OF RECORDS:
    Records are maintained in accordance with Forest Service records 
management policy and NARA's General Records Schedule, and/or NARA-
approved records schedules for NARA Records Group 95. Depending on the 
application being used, records may be retrieved by Name or Unique 
identifier such as: Social security number, tax identification number, 
passport number, driver's license number, agency assigned number, case 
number, account number or permit number, as appropriate.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records covered by this Privacy Act System of Records Notices 
(SORN) are managed according to records retention schedules approved by 
the NARA. Records schedules used to retain and manage records are found 
in Chapter 40 of Forest Service Handbook 6209.11--Records Management 
Handbook. This Handbook is available on the Forest Service website at 
https://www.fs.fed.us/about-agency/regulations-policies. All 
unscheduled records meaning records without a National Archives-
approved records retention schedule are retained until a records 
retention schedule is approved by the National Archives. Once a 
schedule is approved, all existing records will be processed according 
to the requirements set forth in that schedule.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    When applicable, paper records are kept in a locked or secured 
office or office building, and/or retained in a Forest Service secured 
computer system and can only be accessed by authorized Forest Service 
employees. Department/Forest Service safeguards electronic records in 
this system according to applicable rules and policies, including all 
applicable automated systems' security and access policies. The Forest 
Service has imposed strict controls to minimize the risk of 
compromising stored information. System access, including access to 
records stored in an Agency-approved repository (such as Pinyon or its 
successor) is limited to individuals with appropriate clearances or 
permissions who need to know the information for performance of 
official duties.

RECORD ACCESS PROCEDURES:
    An individual who is the subject of a record in this system may 
seek access to those records that are not exempt from the access 
provisions set forth at 5 U.S.C. 552a(k)(2). A determination whether a 
record may be accessed will be made at the time a request is received. 
All inquiries should be addressed in accordance with the ``Notification 
procedures'' below.

CONTESTING RECORDS PROCEDURES:
    Any individual may contest information contained within a record in 
the system that pertains to him/her by submitting a written request to 
the system manager at the address indicated in the ``Notification 
procedures'' section. Include the reason for contesting the record and 
the proposed amendment to the information with supporting documentation 
to show how the record is inaccurate.

NOTIFICATION PROCEDURES:
    Individuals seeking access to records contained in this system of 
records, or seeking to contest content, may submit a request in writing 
to the Forest Service FOIA/Privacy Act Officer (contact information at 
https://www.dm.usda.gov/foia/poc.htm). If an individual believes more 
than one Department component maintains Privacy Act records concerning 
him or her, the individual may submit the request to the Departmental 
FOIA Officer, 1400 Independence Avenue SW, South Building Room 4104, 
Washington, DC 20250-0706; email: [email protected].
    The request should include a daytime phone number and email. 
Provide as much information as possible about the

[[Page 35465]]

subject matter of the records you are requesting. This will help 
facilitate the search process.
    If you are making a request for records about yourself, you may 
receive greater access by providing either a notarized statement or a 
statement signed under penalty of perjury stating that you are the 
person who you say you are.
    Provide your full name, date, and either: (1) Have your signature 
witnessed by a notary; or (2) include the following statement 
immediately above the signature on your request letter: ``I declare 
under penalty of perjury that the foregoing is true and correct. 
Executed on [date].'' Requests that do not contain the required 
declaration will be processed under the Freedom of Information Act 
(FOIA), and, if records are found, you may not receive as much 
information, including information about you. If additional information 
is required to fulfill a Privacy Act request, you will be notified.
    If you want records about yourself to be released to a third party 
(such as a law firm or other organization requesting records on your 
behalf), the third party may receive greater access if they have 
permission from you.
    You will need a signed and dated statement that the Forest Service 
may release records pertaining to you. Include your name; date of 
birth; name of the person or organization to whom you want your records 
disclosed (where applicable); their contact information; and list of 
records that may be released (all, emails, medical records, etc.). The 
person about whom the records will be released should include a 
statement indicating that they understand that knowingly or willingly 
seeking or obtaining access to records about another person under false 
pretenses and or without their consent is punishable by a fine of up to 
$5,000.
    Requests must be for access to existing records. The Forest Service 
FOIA Office will not create records for the purpose of responding to a 
FOIA or Privacy Act request.
     FOIA excludes Federal agencies from its definition of 
persons permitted to make FOIA requests [see 5 U.S.C. 552(a)(3)(A) and 
5 U.S.C. 551(2)]. To avoid confusion as to whether Federal employees 
are requesting information in their personal or official capacities, 
requests from Federal employees should be submitted using personal 
resources.
    Any individual may request general information regarding this 
system of records or information as to whether the system contains 
records pertaining to him/her. All inquiries pertaining to this system 
should be in writing, must name the system of records as set forth in 
the system notice, and must contain the individual's name, telephone 
number, address, and email address (see specific instructions above).

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.

HISTORY:
    The Forest Service proposes to create a new system of records 
entitled ``USDA/Forest Service-63 Application Cloud Environment (FS 
ACE) System of Records'' that will be used to maintain records of 
activities conducted by the Agency pursuant to its mission and 
responsibilities.

    Dated: June 29, 2021.
Victoria Christiansen,
Chief, USDA Forest Service.
[FR Doc. 2021-14278 Filed 7-2-21; 8:45 am]
BILLING CODE 3411-15-P