Privacy Act of 1974; System of Records, 46243-46246 [2021-17639]
Download as PDF
<![CDATA[
Federal Register / Vol. 86, No. 157 / Wednesday, August 18, 2021 / Notices
notification unless there are changes to
the reported information; EPCRA
section 304 notification happens only
when a release occurs from a facility.
Total estimated burden: 222,856
hours (per year) (includes LEPCs (or
TEPCs) and SERCs (or TERCs)). This
figure will be updated to account for
any changes in O&M costs, burden and
number of respondents during the 60day OMB review period. Burden is
defined at 5 CFR 1320.03(b).
Total estimated cost: $11.67 million
(per year), including $8,470 annual
operations and maintenance (O&M)
costs. This figure will be updated to
account for any changes in O&M costs,
burden and number of respondents
during the 60-day OMB review period.
There are no capital costs associated
with this ICR.
Changes in estimates: The number of
facilities subject to section 302 is
95,000, which is the same as in the
previous ICR. The reduction in burden
of approximately 25 percent (36,600
hours annually) for activities related to
section 304 reporting requirements for
facilities is attributable to a decrease in
the number of release notifications
reported to the National Response
Center for the previous three years,
which EPA assumes will apply to the
three years of this ICR renewal. In
addition, EPA corrected a few minor
calculation errors. Changes in estimated
costs are attributable to updated wage
rates and a reduction in estimated O&M
costs. Any additional change in burden
or cost resulting from the 60-day OMB
review period will be described and
explained in this section when the
updated ICR Supporting Statement is
completed.
Donna Salyer,
Director, Office of Emergency Management.
[FR Doc. 2021–17740 Filed 8–17–21; 8:45 am]
BILLING CODE 6560–50–P
ENVIRONMENTAL PROTECTION
AGENCY
[FRL–8719–01–OMS]
Privacy Act of 1974; System of
Records
Office of Mission Support
(OMS), Environmental Protection
Agency (EPA).
ACTION: Notice of a modified system of
records.
jbell on DSKJLSW7X2PROD with NOTICES
AGENCY:
The U.S. Environmental
Protection Agency’s (EPA), Office of
Information Management (OIM) is
giving notice that it proposes to modify
a system of records pursuant to the
SUMMARY:
VerDate Sep<11>2014
17:34 Aug 17, 2021
Jkt 253001
provisions of the Privacy Act of 1974.
Central Data Exchange-Customer
Registration Subsystem (CDX–CRS) is
being modified to officially change from
Central Data Exchange Customer
Registration Subsystem (CDX–CRS). The
new name for the system will be called
Central Data Exchange (CDX).
Additionally, CDX will leverage cloud
resources.
Persons wishing to comment on
this system of records notice must do so
by September 17, 2021. Modified
routine uses for this modified system of
records will be effective September 17,
2021.
ADDRESSES: Submit your comments,
identified by Docket ID No. EPA–HQ–
OMS–2020–0139, by one of the
following methods:
Federal eRulemaking Portal:
www.regulations.gov. Follow the online
instructions for submitting comments.
Email: docket_oms@epa.gov. Include
the Docket ID number in the subject line
of the message.
Fax: 202–566–1752.
Mail: OMS Docket, Environmental
Protection Agency, Mail Code: 2822T,
1200 Pennsylvania Ave. NW,
Washington, DC 20460.
Hand Delivery: OMS Docket, EPA/DC,
WJC West Building, Room 3334, 1301
Constitution Ave. NW, Washington, DC
20460. Such deliveries are only
accepted during the Docket’s normal
hours of operation, and special
arrangements should be made for
deliveries of boxed information.
Instructions: Direct your comments to
Docket ID No. EPA–HQ–OMS–2020–
0139. The EPA’s policy is that all
comments received will be included in
the public docket without change and
may be made available online at https://
www.regulations.gov, including any
personal information provided, unless
the comment includes information
claimed to be Controlled Unclassified
Information (CUI) or other information
for which disclosure is restricted by
statute. Do not submit information that
you consider to be CUI or otherwise
protected through https://
www.regulations.gov. The https://
www.regulations.gov website is an
‘‘anonymous access’’ system for the
EPA, which means the EPA will not
know your identity or contact
information. If you submit an electronic
comment, the EPA recommends that
you include your name and other
contact information in the body of your
comment. If the EPA cannot read your
comment due to technical difficulties
and cannot contact you for clarification,
the EPA may not be able to consider
your comment. If you send an email
DATES:
PO 00000
Frm 00070
Fmt 4703
Sfmt 4703
46243
comment directly to the EPA without
going through https://
www.regulations.gov, your email
address will be automatically captured
and included as part of the comment
that is placed in the public docket and
made available on the internet.
Electronic files should avoid the use of
special characters, any form of
encryption, and be free of any defects or
viruses. For additional information
about the EPA public docket, visit the
EPA Docket Center homepage at https://
www.epa.gov/dockets.
Docket: All documents in the docket
are listed in the https://
www.regulations.gov index. Although
listed in the index, some information is
not publicly available, e.g., CUI or other
information for which disclosure is
restricted by statute. Certain other
material, such as copyrighted material,
will be publicly available only in hard
copy. Publicly available docket
materials are available either
electronically in https://
www.regulations.gov or in hard copy at
the OMS Docket, EPA/DC, WJC West
Building, Room 3334, 1301 Constitution
Ave. NW, Washington, DC 20460. The
Public Reading Room is normally open
from 8:30 a.m. to 4:30 p.m., Monday
through Friday excluding legal holidays.
The telephone number for the Public
Reading Room is (202) 566–1744, and
the telephone number for the OMS
Docket is (202) 566–1752.
Temporary Hours During COVID–19
Out of an abundance of caution for
members of the public and our staff, the
EPA Docket Center and Reading Room
are closed to the public, with limited
exceptions, to reduce the risk of
transmitting COVID–19. Our Docket
Center staff will continue to provide
remote customer service via email,
phone, and webform. We encourage the
public to submit comments via https://
www.regulations.gov/ or email, as there
may be a delay in processing mail and
faxes. Hand deliveries and couriers may
be received by scheduled appointment
only. For further information on EPA
Docket Center services and the current
status, please visit us online at https://
www.epa.gov/dockets.
FOR FURTHER INFORMATION CONTACT: U.S.
EPA, Attn: Joe Carioti, U.S. EPA,
Information Exchange Services Branch,
1200 Pennsylvania Ave. NW (Mail Code
2824T), Washington, DC 20460, Tel:
202–564–6413, Email: carioti.joe@
epa.gov.
SUPPLEMENTARY INFORMATION: The
information contained in records
maintained in the CDX system are used
to verify the identity of the individual,
E:\FR\FM\18AUN1.SGM
18AUN1
46244
Federal Register / Vol. 86, No. 157 / Wednesday, August 18, 2021 / Notices
inform users of the conditions and terms
of using CDX, allow individual users to
establish an account on CDX, provide
individual users access to their CDX
account for electronically filing
compliance data or exchanging other
forms of environmental data, allow
individual users to customize, update or
terminate their account with CDX,
renew or revoke an individual user’s
account on CDX, support the CDX help
desk functions, investigate possible
fraud and verify compliance with
program regulations, and initiate legal
action against an individual involved in
program fraud, abuse, or
noncompliance. CDX records will be
used to facilitate registering CDX system
users, issuing a username and password,
and subsequently, verifying an
individual’s identity as he/she seeks to
gain routine access to his/her account.
In some cases, the user verification
process will require EPA to contact the
employer, based on the registration
information provided by the user. The
system has secondary uses that include
using the established username to
facilitate tracking service calls or emails
from the user in the event that there is
a change in registration status or the
user has a problem with CDX; offering
the user new CDX service options, and
facilitating the retrieval of user actions
(e.g., historical submissions and help
tickets); and events while on the CDX
system.
The records may also be subsequently
used for auditing or other internal
purposes of the EPA, including but not
limited to instances where enforcement
of the conditions of using CDX are
necessary; investigation of possible
fraud involving a registered user;
litigation purposes related to
information reported to the agency;
contacting the individual in the event of
a system modification; a change to CDX;
or modification, revocation or
termination of user’s access privileges to
CDX.
Joe Carioti, Branch Chief, U.S. EPA,
Information Exchange Services Branch,
1200 Pennsylvania Ave. NW (Mail Code
2824T), Washington, DC 20460. Tel:
202–564–6413, Email: carioti.joe@
epa.gov.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
In accordance with the Government
Paperwork Elimination Act (44 U.S.C.
3504), EPA’s electronic compliance
filing and environmental data exchange
system will enable the ‘‘acquisition and
use of information technology,
including alternative information
technologies that provide for electronic
submission, maintenance, or disclosure
of information as a substitute for paper
and for the use and acceptance of
electronic signatures.’’ Section
3504(a)(1)(B)(vi) of Title 44, United
States Code. Authority is additionally
regulated by the CROss-Media
Electronic Reporting Rule (40 CFR part
3), as a regulatory alternative to paper
reporting.
PURPOSE(S) OF THE SYSTEM:
CDX is EPA’s portal for electronically
exchanging environmental data with
external customers. Users with CDX
accounts may choose to engage in
secure, electronic filing of
environmental documents as permitted
under the Government Paperwork
Elimination Act (GPEA).The
information is also used to provide
authenticated, protected access to the
CDX system, thereby protecting CDX
and CDX users from potential harm
caused by individuals with malicious
intentions gaining unauthorized access
to the system.
CATEGORIES OF INDIVIDUALS COVERED BY
SYSTEM:
Central Data Exchange (CDX), EPA–
52.
This system contains records on all
individuals that have either attempted
to register or have registered to obtain
an account to use CDX for electronically
exchanging data with EPA. Registered
users of CDX may include
representatives of industry, government
or laboratories exchanging information
with EPA through CDX.
SECURITY CLASSIFICATION:
CATEGORIES OF RECORDS IN THE SYSTEM:
SYSTEM NAME AND NUMBER:
Unclassified.
SYSTEM LOCATION:
jbell on DSKJLSW7X2PROD with NOTICES
SYSTEM MANAGER(S):
The CDX system is located at U.S.
EPA National Computer Center, 109
T.W. Alexander Drive, Research
Triangle Park, NC 27711; additional
locations include cloud environments
located in Microsoft Azure East US 1,
East US 2 and Central US along with
other partner sites in Virginia.
VerDate Sep<11>2014
17:34 Aug 17, 2021
Jkt 253001
This system contains records for
individuals’ name, self- assigned
username and security question, work
title, work address and related work
contact information (e.g., phone
numbers, email address), supervisors’
name and related contact information,
information related to the EPA reporting
program the individual is planning to
electronically file or report under (e.g.,
EPA program ID # and EPA program
PO 00000
Frm 00071
Fmt 4703
Sfmt 4703
role), and the method of reporting (e.g.,
web browser, file exchange). In cases
where individuals are asked to
electronically ‘‘sign’’ certain EPA forms,
CDX may request additional information
items from an individual in order to
safeguard their account and create secret
questions/answers that only the
individual should know.
RECORD SOURCE CATEGORIES:
Information is obtained from
individuals who have had or seek to
have their identity authenticated.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
The routine uses below are both
related to and compatible with the
original purpose for which the
information was collected. The
following general routine uses apply to
this system (73 FR 2245):
A. Disclosure for Law Enforcement
Purposes: Information may be disclosed
to the appropriate Federal, State, local,
tribal, or foreign agency responsible for
investigating, prosecuting, enforcing, or
implementing a statute, rule, regulation,
or order, if the information is relevant
to a violation or potential violation of
civil or criminal law or regulation
within the jurisdiction of the receiving
entity.
B. Disclosure Incident to Requesting
Information: Information may be
disclosed to any source from which
additional information is requested (to
the extent necessary to identify the
individual, inform the source of the
purpose of the request, and to identify
the type of information requested,)
when necessary to obtain information
relevant to an agency decision
concerning retention of an employee or
other personnel action (other than
hiring,) retention of a security clearance,
the letting of a contract, or the issuance
or retention of a grant, or other benefit.
C. Disclosure to Requesting Agency:
Disclosure may be made to a Federal,
State, local, foreign, or tribal or other
public authority of the fact that this
system of records contains information
relevant to the retention of an employee,
the retention of a security clearance, the
letting of a contract, or the issuance or
retention of a license, grant, or other
benefit. The other agency or licensing
organization may then make a request
supported by the written consent of the
individual for the entire record if it so
chooses. No disclosure will be made
unless the information has been
determined to be sufficiently reliable to
support a referral to another office
within the agency or to another Federal
agency for criminal, civil,
E:\FR\FM\18AUN1.SGM
18AUN1
jbell on DSKJLSW7X2PROD with NOTICES
Federal Register / Vol. 86, No. 157 / Wednesday, August 18, 2021 / Notices
administrative, personnel, or regulatory
action.
D. Disclosure to Office of Management
and Budget: Information may be
disclosed to the Office of Management
and Budget at any stage in the
legislative coordination and clearance
process in connection with private relief
legislation as set forth in OMB Circular
No. A–19.
E. Disclosure to Congressional Offices:
Information may be disclosed to a
congressional office from the record of
an individual in response to an inquiry
from the congressional office made at
the request of the individual.
F. Disclosure to Department of Justice:
Information may be disclosed to the
Department of Justice, or in a
proceeding before a court, adjudicative
body, or other administrative body
before which the Agency is authorized
to appear, when:
1. The Agency, or any component
thereof;
2. Any employee of the Agency in his
or her official capacity;
3. Any employee of the Agency in his
or her individual capacity where the
Department of Justice or the Agency
have agreed to represent the employee;
or
4. The United States, if the Agency
determines that litigation is likely to
affect the Agency or any of its
components,
Is a party to litigation or has an
interest in such litigation, and the use
of such records by the Department of
Justice or the Agency is deemed by the
Agency to be relevant and necessary to
the litigation provided, however, that in
each case it has been determined that
the disclosure is compatible with the
purpose for which the records were
collected.
G. Disclosure to the National
Archives: Information may be disclosed
to the National Archives and Records
Administration in records management
inspections.
H. Disclosure to Contractors,
Grantees, and Others: Information may
be disclosed to contractors, grantees,
consultants, or volunteers performing or
working on a contract, service, grant,
cooperative agreement, job, or other
activity for the Agency and who have a
need to have access to the information
in the performance of their duties or
activities for the Agency. When
appropriate, recipients will be required
to comply with the requirements of the
Privacy Act of 1974 as provided in 5
U.S.C. 552a(m).
I. Disclosures for Administrative
Claims, Complaints and Appeals:
Information from this system of records
may be disclosed to an authorized
VerDate Sep<11>2014
17:34 Aug 17, 2021
Jkt 253001
appeal grievance examiner, formal
complaints examiner, equal
employment opportunity investigator,
arbitrator or other person properly
engaged in investigation or settlement of
an administrative grievance, complaint,
claim, or appeal filed by an employee,
but only to the extent that the
information is relevant and necessary to
the proceeding. Agencies that may
obtain information under this routine
use include, but are not limited to, the
Office of Personnel Management, Office
of Special Counsel, Merit Systems
Protection Board, Federal Labor
Relations Authority, Equal Employment
Opportunity Commission, and Office of
Government Ethics.
J. Disclosure to the Office of Personnel
Management: Information from this
system of records may be disclosed to
the Office of Personnel Management
pursuant to that agency’s responsibility
for evaluation and oversight of Federal
personnel management.
K. Disclosure in Connection With
Litigation: Information from this system
of records may be disclosed in
connection with litigation or settlement
discussions regarding claims by or
against the Agency, including public
filing with a court, to the extent that
disclosure of the information is relevant
and necessary to the litigation or
discussions and except where court
orders are otherwise required under
section (b)(11) of the Privacy Act of
1974, 5 U.S.C. 552a(b)(11).
The two routine uses below (L and M)
are required by OMB Memorandum M–
17–12.
L. Disclosure to Persons or Entities in
Response to an Actual or Suspected
Breach of Personally Identifiable
Information: To appropriate agencies,
entities, and persons when (1) the
Agency suspects or has confirmed that
there has been a breach of the system of
records, (2) the Agency has determined
that as a result of the suspected or
confirmed breach there is a risk of harm
to individuals, the Agency (including its
information systems, programs, and
operations), the Federal Government, or
national security; and (3) the disclosure
made to such agencies, entities, and
persons is reasonably necessary to assist
in connection with the Agency’s efforts
to respond to the suspected or
confirmed breach or to prevent,
minimize, or remedy such harm.
M. Disclosure To Assist Another
Agency in Its Efforts To Respond to a
Breach of Personally Identifiable
Information: To another Federal agency
or Federal entity, when the Agency
determines that information from this
system of records is reasonably
necessary to assist the recipient agency
PO 00000
Frm 00072
Fmt 4703
Sfmt 4703
46245
or entity in (1) responding to a
suspected or confirmed breach or (2)
preventing, minimizing, or remedying
the risk of harm to individuals, the
recipient agency or entity (including its
information systems, programs, and
operations), the Federal Government, or
national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
These records are maintained
electronically on computer storage
devices such as computer disks. The
computer storage devices are located at
U.S. EPA National Computer Center,
109 T.W. Alexander Drive, Research
Triangle Park, NC 27711, on cloud
resources and partner sites. Backups
will be maintained at a disaster recovery
site.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Records are retrievable by the CDX
username, program ID number, all or
part of the individual’s name, phone
number, and email address.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
The EPA will retain and dispose of
these records in accordance with
National Archives and Records
Administration General Records
Schedule 20, Item 1.c. This 0097
schedule provides disposal
authorization for electronic files and
hard copy printouts created to monitor
system usage, including but not limited
to log-in files, audit trail files, system
usage files, and cost-back files used to
access charges for system use. Records
will be deleted or destroyed according
to EPA Records Schedule 0097.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Security controls used to protect
personal sensitive data in Central Data
Exchange (CDX) are commensurate with
those required for an information
system rated moderate for
confidentiality, integrity, and
availability, as prescribed in NIST
Special Publication, 800–53, ‘‘Security
and Privacy Controls for Information
Systems and Organizations,’’ Revision 4.
1. Administrative Safeguards: The
system will be operated and maintained
by EPA or organizations under contract
with the EPA (henceforth referred to as
‘‘EPA’’). EPA has minimized the risk of
unauthorized access to the system by
establishing a secure environment for
exchanging electronic information.
3. Physical Safeguards: Physical
access to the data system housed within
the facility is controlled by a
E:\FR\FM\18AUN1.SGM
18AUN1
46246
Federal Register / Vol. 86, No. 157 / Wednesday, August 18, 2021 / Notices
computerized badge reading system,
and the entire complex is patrolled by
security during non-business hours. The
computer system offers a high degree of
resistance to tampering and
circumvention. Multiple levels of
security are maintained with the
computer system control program.
4. Logical Access Safeguards
(Technical): The individual registering
for CDX will generate a self-assigned
passwords that will be stored in CDX,
but it will only be accessible to the
registering individual. To restore
passwords additional secrets will be
provided by individual and validated
along with email or other out-of-band
factor such as registered mobile phone
using a 1-time passphrase.
RECORD ACCESS PROCEDURES:
Individuals seeking access to
information in this system of records
about themselves are required to
provide adequate identification (e.g.,
driver’s license, military identification
card, employee badge or identification
card). Additional identity verification
procedures may be required, as
warranted. Requests must meet the
requirements of EPA regulations that
implement the Privacy Act of 1974, at
40 CFR part 16.
CONTESTING RECORDS PROCEDURES:
Requests for correction or amendment
must identify the record to be changed
and the corrective action sought.
Complete EPA Privacy Act procedures
are described in EPA’s Privacy Act
regulations at 40 CFR part 16.
NOTIFICATION PROCEDURE:
Any individual who wants to know
whether this system of records contains
a record about him or her, should make
a written request to the Attn: Agency
Privacy Officer, MC 2831T, 1200
Pennsylvania Ave., NW, Washington,
DC 20460, privacy@epa.gov.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
jbell on DSKJLSW7X2PROD with NOTICES
HISTORY:
Notice of a New System of Records
[Federal Register Vol 67, No. 52
(Monday, March 18, 2002)] Amendment
to System of Records Notice [Federal
Register Vol 68, No. 235 (Monday,
December 8, 2003)].
Vaughn Noga,
Senior Agency Official for Privacy.
[FR Doc. 2021–17639 Filed 8–17–21; 8:45 am]
BILLING CODE 6560–50–P
VerDate Sep<11>2014
17:34 Aug 17, 2021
Jkt 253001
ENVIRONMENTAL PROTECTION
AGENCY
[EPA–HQ–OPP–2021–0424; FRL–8721–01–
OCSPP]
Electronic Option for Submitting
Foreign Purchaser Acknowledgement
Statement of Unregistered Pesticides
Under the Federal Insecticide,
Fungicide and Rodenticide Act; Notice
of Availability
Environmental Protection
Agency (EPA).
ACTION: Notice.
AGENCY:
EPA is announcing the
availability of an electronic option for
submitting the Foreign Purchaser
Acknowledgement Statement (FPAS) for
unregistered pesticides as required
under the Federal Insecticide,
Fungicide, and Rodenticide Act
(FIFRA). As an alternative to the
hardcopy approach, which is still
available, EPA is also now accepting the
required notifications electronically
using EPA’s electronic document
submission system, the Central Data
Exchange (CDX). Use of CDX to prepare
and submit the required notifications to
EPA will help streamline and reduce the
administrative costs and burdens
associated with submitting paper-based
statements for both the submitters and
the Agency.
DATES: An FPAS may be submitted
electronically using CDX as of August
18, 2021.
ADDRESSES: The docket for this action,
identified by docket identification (ID)
number EPA–HQ–OPP–2021–0424, is
available online at https://
www.regulations.gov or in-person at the
Office of Pesticide Program Docket (OPP
Docket), Environmental Protection
Agency Docket Center (EPA/DC),
(28221T), 1200 Pennsylvania Ave. NW,
Washington, DC 20460–0001. The
Public Reading Room is open from 8:30
a.m. to 4:30 p.m., Monday through
Friday, excluding legal holidays. The
telephone number for the Public
Reading Room is (202) 566–1744.
Please note that due to the public
health concerns related to COVID–19,
the EPA/DC and Reading Room is
closed to visitors with limited
exceptions. The staff continues to
provide remote customer service via
email, phone, and webform. For the
latest status information on the EPA/DC
and docket access, visit https://
www.epa.gov/dockets.
FOR FURTHER INFORMATION CONTACT: For
technical information contact: Zoe
Emdur, Office of Program Support,
Environmental Protection Agency, 1200
SUMMARY:
PO 00000
Frm 00073
Fmt 4703
Sfmt 4703
Pennsylvania Ave. NW, Washington, DC
20460–0001: Telephone number: (703)
347 0529; email address: emdur.zoe@
epa.gov.
SUPPLEMENTARY INFORMATION:
I. General Information
A. Does this action apply to me?
You may be potentially affected by
this action if you manufacture, process,
import, or distribute in commerce
chemical substances and mixtures. The
following North American Industrial
Classification System (NAICS) codes
have been provided to assist you and
others in determining whether this
action might apply to certain entities.
Potentially affected entities may
include, but are not limited to the
following:
• Basic Chemical Manufacturing
(NAICS 3251);
• Resin, Synthetic Rubber, and
Artificial and Synthetic Fibers and
Filaments Manufacturing (NAICS 3252);
• Pesticide, Fertilizer, and Other
Agricultural Chemical Manufacturing
(NAICS 3253); and
• Other Chemical Product and
Preparation Manufacturing (NAICS
3251).
If you have any questions regarding
the applicability of this action to a
particular entity, consult the technical
person listed under FOR FURTHER
INFORMATION CONTACT.
B. What action is the Agency taking?
The Agency is announcing the
availability of an electronic option for
use by those who must submit an FPAS
under FIFRA 17(a)(2). EPA is providing
an electronic option as part of the
broader Federal government efforts to
move to modern, electronic methods of
information collection, which
streamline processes and reduce overall
burdens for all involved.
Currently, an FPAS can only be
submitted to the Agency in hardcopy
using regular mail, requiring the Agency
to manually scan and process
submissions. The modernization of the
FPAS process will allow the option for
users to prepare and submit their
notifications to the Agency
electronically using a web-based
application. To file electronically,
submitters must use the EPA provided
application. To access the application,
users must complete a one-time
registration with EPA’s CDX (https://
cdx.epa.gov/). CDX is the Agency’s
portal for submitting information to EPA
in a secure online manner. Electronic
submissions of an FPAS will be done
via the Pesticide Submission Portal
(‘‘PSP’’ or ‘‘Pesticide Portal’’) which is
E:\FR\FM\18AUN1.SGM
18AUN1
]]>Agencies
[Federal Register Volume 86, Number 157 (Wednesday, August 18, 2021)]
[Notices]
[Pages 46243-46246]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-17639]
-----------------------------------------------------------------------
ENVIRONMENTAL PROTECTION AGENCY
[FRL-8719-01-OMS]
Privacy Act of 1974; System of Records
AGENCY: Office of Mission Support (OMS), Environmental Protection
Agency (EPA).
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: The U.S. Environmental Protection Agency's (EPA), Office of
Information Management (OIM) is giving notice that it proposes to
modify a system of records pursuant to the provisions of the Privacy
Act of 1974. Central Data Exchange-Customer Registration Subsystem
(CDX-CRS) is being modified to officially change from Central Data
Exchange Customer Registration Subsystem (CDX-CRS). The new name for
the system will be called Central Data Exchange (CDX). Additionally,
CDX will leverage cloud resources.
DATES: Persons wishing to comment on this system of records notice must
do so by September 17, 2021. Modified routine uses for this modified
system of records will be effective September 17, 2021.
ADDRESSES: Submit your comments, identified by Docket ID No. EPA-HQ-
OMS-2020-0139, by one of the following methods:
Federal eRulemaking Portal: www.regulations.gov. Follow the online
instructions for submitting comments.
Email: [email protected]. Include the Docket ID number in the
subject line of the message.
Fax: 202-566-1752.
Mail: OMS Docket, Environmental Protection Agency, Mail Code:
2822T, 1200 Pennsylvania Ave. NW, Washington, DC 20460.
Hand Delivery: OMS Docket, EPA/DC, WJC West Building, Room 3334,
1301 Constitution Ave. NW, Washington, DC 20460. Such deliveries are
only accepted during the Docket's normal hours of operation, and
special arrangements should be made for deliveries of boxed
information.
Instructions: Direct your comments to Docket ID No. EPA-HQ-OMS-
2020-0139. The EPA's policy is that all comments received will be
included in the public docket without change and may be made available
online at https://www.regulations.gov, including any personal
information provided, unless the comment includes information claimed
to be Controlled Unclassified Information (CUI) or other information
for which disclosure is restricted by statute. Do not submit
information that you consider to be CUI or otherwise protected through
https://www.regulations.gov. The https://www.regulations.gov website is
an ``anonymous access'' system for the EPA, which means the EPA will
not know your identity or contact information. If you submit an
electronic comment, the EPA recommends that you include your name and
other contact information in the body of your comment. If the EPA
cannot read your comment due to technical difficulties and cannot
contact you for clarification, the EPA may not be able to consider your
comment. If you send an email comment directly to the EPA without going
through https://www.regulations.gov, your email address will be
automatically captured and included as part of the comment that is
placed in the public docket and made available on the internet.
Electronic files should avoid the use of special characters, any form
of encryption, and be free of any defects or viruses. For additional
information about the EPA public docket, visit the EPA Docket Center
homepage at https://www.epa.gov/dockets.
Docket: All documents in the docket are listed in the https://www.regulations.gov index. Although listed in the index, some
information is not publicly available, e.g., CUI or other information
for which disclosure is restricted by statute. Certain other material,
such as copyrighted material, will be publicly available only in hard
copy. Publicly available docket materials are available either
electronically in https://www.regulations.gov or in hard copy at the
OMS Docket, EPA/DC, WJC West Building, Room 3334, 1301 Constitution
Ave. NW, Washington, DC 20460. The Public Reading Room is normally open
from 8:30 a.m. to 4:30 p.m., Monday through Friday excluding legal
holidays. The telephone number for the Public Reading Room is (202)
566-1744, and the telephone number for the OMS Docket is (202) 566-
1752.
Temporary Hours During COVID-19
Out of an abundance of caution for members of the public and our
staff, the EPA Docket Center and Reading Room are closed to the public,
with limited exceptions, to reduce the risk of transmitting COVID-19.
Our Docket Center staff will continue to provide remote customer
service via email, phone, and webform. We encourage the public to
submit comments via https://www.regulations.gov/ or email, as there may
be a delay in processing mail and faxes. Hand deliveries and couriers
may be received by scheduled appointment only. For further information
on EPA Docket Center services and the current status, please visit us
online at https://www.epa.gov/dockets.
FOR FURTHER INFORMATION CONTACT: U.S. EPA, Attn: Joe Carioti, U.S. EPA,
Information Exchange Services Branch, 1200 Pennsylvania Ave. NW (Mail
Code 2824T), Washington, DC 20460, Tel: 202-564-6413, Email:
[email protected].
SUPPLEMENTARY INFORMATION: The information contained in records
maintained in the CDX system are used to verify the identity of the
individual,
[[Page 46244]]
inform users of the conditions and terms of using CDX, allow individual
users to establish an account on CDX, provide individual users access
to their CDX account for electronically filing compliance data or
exchanging other forms of environmental data, allow individual users to
customize, update or terminate their account with CDX, renew or revoke
an individual user's account on CDX, support the CDX help desk
functions, investigate possible fraud and verify compliance with
program regulations, and initiate legal action against an individual
involved in program fraud, abuse, or noncompliance. CDX records will be
used to facilitate registering CDX system users, issuing a username and
password, and subsequently, verifying an individual's identity as he/
she seeks to gain routine access to his/her account. In some cases, the
user verification process will require EPA to contact the employer,
based on the registration information provided by the user. The system
has secondary uses that include using the established username to
facilitate tracking service calls or emails from the user in the event
that there is a change in registration status or the user has a problem
with CDX; offering the user new CDX service options, and facilitating
the retrieval of user actions (e.g., historical submissions and help
tickets); and events while on the CDX system.
The records may also be subsequently used for auditing or other
internal purposes of the EPA, including but not limited to instances
where enforcement of the conditions of using CDX are necessary;
investigation of possible fraud involving a registered user; litigation
purposes related to information reported to the agency; contacting the
individual in the event of a system modification; a change to CDX; or
modification, revocation or termination of user's access privileges to
CDX.
SYSTEM NAME AND NUMBER:
Central Data Exchange (CDX), EPA-52.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The CDX system is located at U.S. EPA National Computer Center, 109
T.W. Alexander Drive, Research Triangle Park, NC 27711; additional
locations include cloud environments located in Microsoft Azure East US
1, East US 2 and Central US along with other partner sites in Virginia.
SYSTEM MANAGER(S):
Joe Carioti, Branch Chief, U.S. EPA, Information Exchange Services
Branch, 1200 Pennsylvania Ave. NW (Mail Code 2824T), Washington, DC
20460. Tel: 202-564-6413, Email: [email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
In accordance with the Government Paperwork Elimination Act (44
U.S.C. 3504), EPA's electronic compliance filing and environmental data
exchange system will enable the ``acquisition and use of information
technology, including alternative information technologies that provide
for electronic submission, maintenance, or disclosure of information as
a substitute for paper and for the use and acceptance of electronic
signatures.'' Section 3504(a)(1)(B)(vi) of Title 44, United States
Code. Authority is additionally regulated by the CROss-Media Electronic
Reporting Rule (40 CFR part 3), as a regulatory alternative to paper
reporting.
PURPOSE(S) OF THE SYSTEM:
CDX is EPA's portal for electronically exchanging environmental
data with external customers. Users with CDX accounts may choose to
engage in secure, electronic filing of environmental documents as
permitted under the Government Paperwork Elimination Act (GPEA).The
information is also used to provide authenticated, protected access to
the CDX system, thereby protecting CDX and CDX users from potential
harm caused by individuals with malicious intentions gaining
unauthorized access to the system.
CATEGORIES OF INDIVIDUALS COVERED BY SYSTEM:
This system contains records on all individuals that have either
attempted to register or have registered to obtain an account to use
CDX for electronically exchanging data with EPA. Registered users of
CDX may include representatives of industry, government or laboratories
exchanging information with EPA through CDX.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system contains records for individuals' name, self- assigned
username and security question, work title, work address and related
work contact information (e.g., phone numbers, email address),
supervisors' name and related contact information, information related
to the EPA reporting program the individual is planning to
electronically file or report under (e.g., EPA program ID # and EPA
program role), and the method of reporting (e.g., web browser, file
exchange). In cases where individuals are asked to electronically
``sign'' certain EPA forms, CDX may request additional information
items from an individual in order to safeguard their account and create
secret questions/answers that only the individual should know.
RECORD SOURCE CATEGORIES:
Information is obtained from individuals who have had or seek to
have their identity authenticated.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
The routine uses below are both related to and compatible with the
original purpose for which the information was collected. The following
general routine uses apply to this system (73 FR 2245):
A. Disclosure for Law Enforcement Purposes: Information may be
disclosed to the appropriate Federal, State, local, tribal, or foreign
agency responsible for investigating, prosecuting, enforcing, or
implementing a statute, rule, regulation, or order, if the information
is relevant to a violation or potential violation of civil or criminal
law or regulation within the jurisdiction of the receiving entity.
B. Disclosure Incident to Requesting Information: Information may
be disclosed to any source from which additional information is
requested (to the extent necessary to identify the individual, inform
the source of the purpose of the request, and to identify the type of
information requested,) when necessary to obtain information relevant
to an agency decision concerning retention of an employee or other
personnel action (other than hiring,) retention of a security
clearance, the letting of a contract, or the issuance or retention of a
grant, or other benefit.
C. Disclosure to Requesting Agency: Disclosure may be made to a
Federal, State, local, foreign, or tribal or other public authority of
the fact that this system of records contains information relevant to
the retention of an employee, the retention of a security clearance,
the letting of a contract, or the issuance or retention of a license,
grant, or other benefit. The other agency or licensing organization may
then make a request supported by the written consent of the individual
for the entire record if it so chooses. No disclosure will be made
unless the information has been determined to be sufficiently reliable
to support a referral to another office within the agency or to another
Federal agency for criminal, civil,
[[Page 46245]]
administrative, personnel, or regulatory action.
D. Disclosure to Office of Management and Budget: Information may
be disclosed to the Office of Management and Budget at any stage in the
legislative coordination and clearance process in connection with
private relief legislation as set forth in OMB Circular No. A-19.
E. Disclosure to Congressional Offices: Information may be
disclosed to a congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of the individual.
F. Disclosure to Department of Justice: Information may be
disclosed to the Department of Justice, or in a proceeding before a
court, adjudicative body, or other administrative body before which the
Agency is authorized to appear, when:
1. The Agency, or any component thereof;
2. Any employee of the Agency in his or her official capacity;
3. Any employee of the Agency in his or her individual capacity
where the Department of Justice or the Agency have agreed to represent
the employee; or
4. The United States, if the Agency determines that litigation is
likely to affect the Agency or any of its components,
Is a party to litigation or has an interest in such litigation, and
the use of such records by the Department of Justice or the Agency is
deemed by the Agency to be relevant and necessary to the litigation
provided, however, that in each case it has been determined that the
disclosure is compatible with the purpose for which the records were
collected.
G. Disclosure to the National Archives: Information may be
disclosed to the National Archives and Records Administration in
records management inspections.
H. Disclosure to Contractors, Grantees, and Others: Information may
be disclosed to contractors, grantees, consultants, or volunteers
performing or working on a contract, service, grant, cooperative
agreement, job, or other activity for the Agency and who have a need to
have access to the information in the performance of their duties or
activities for the Agency. When appropriate, recipients will be
required to comply with the requirements of the Privacy Act of 1974 as
provided in 5 U.S.C. 552a(m).
I. Disclosures for Administrative Claims, Complaints and Appeals:
Information from this system of records may be disclosed to an
authorized appeal grievance examiner, formal complaints examiner, equal
employment opportunity investigator, arbitrator or other person
properly engaged in investigation or settlement of an administrative
grievance, complaint, claim, or appeal filed by an employee, but only
to the extent that the information is relevant and necessary to the
proceeding. Agencies that may obtain information under this routine use
include, but are not limited to, the Office of Personnel Management,
Office of Special Counsel, Merit Systems Protection Board, Federal
Labor Relations Authority, Equal Employment Opportunity Commission, and
Office of Government Ethics.
J. Disclosure to the Office of Personnel Management: Information
from this system of records may be disclosed to the Office of Personnel
Management pursuant to that agency's responsibility for evaluation and
oversight of Federal personnel management.
K. Disclosure in Connection With Litigation: Information from this
system of records may be disclosed in connection with litigation or
settlement discussions regarding claims by or against the Agency,
including public filing with a court, to the extent that disclosure of
the information is relevant and necessary to the litigation or
discussions and except where court orders are otherwise required under
section (b)(11) of the Privacy Act of 1974, 5 U.S.C. 552a(b)(11).
The two routine uses below (L and M) are required by OMB Memorandum
M-17-12.
L. Disclosure to Persons or Entities in Response to an Actual or
Suspected Breach of Personally Identifiable Information: To appropriate
agencies, entities, and persons when (1) the Agency suspects or has
confirmed that there has been a breach of the system of records, (2)
the Agency has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, the Agency
(including its information systems, programs, and operations), the
Federal Government, or national security; and (3) the disclosure made
to such agencies, entities, and persons is reasonably necessary to
assist in connection with the Agency's efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such
harm.
M. Disclosure To Assist Another Agency in Its Efforts To Respond to
a Breach of Personally Identifiable Information: To another Federal
agency or Federal entity, when the Agency determines that information
from this system of records is reasonably necessary to assist the
recipient agency or entity in (1) responding to a suspected or
confirmed breach or (2) preventing, minimizing, or remedying the risk
of harm to individuals, the recipient agency or entity (including its
information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
These records are maintained electronically on computer storage
devices such as computer disks. The computer storage devices are
located at U.S. EPA National Computer Center, 109 T.W. Alexander Drive,
Research Triangle Park, NC 27711, on cloud resources and partner sites.
Backups will be maintained at a disaster recovery site.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrievable by the CDX username, program ID number, all
or part of the individual's name, phone number, and email address.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
The EPA will retain and dispose of these records in accordance with
National Archives and Records Administration General Records Schedule
20, Item 1.c. This 0097 schedule provides disposal authorization for
electronic files and hard copy printouts created to monitor system
usage, including but not limited to log-in files, audit trail files,
system usage files, and cost-back files used to access charges for
system use. Records will be deleted or destroyed according to EPA
Records Schedule 0097.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Security controls used to protect personal sensitive data in
Central Data Exchange (CDX) are commensurate with those required for an
information system rated moderate for confidentiality, integrity, and
availability, as prescribed in NIST Special Publication, 800-53,
``Security and Privacy Controls for Information Systems and
Organizations,'' Revision 4.
1. Administrative Safeguards: The system will be operated and
maintained by EPA or organizations under contract with the EPA
(henceforth referred to as ``EPA''). EPA has minimized the risk of
unauthorized access to the system by establishing a secure environment
for exchanging electronic information.
3. Physical Safeguards: Physical access to the data system housed
within the facility is controlled by a
[[Page 46246]]
computerized badge reading system, and the entire complex is patrolled
by security during non-business hours. The computer system offers a
high degree of resistance to tampering and circumvention. Multiple
levels of security are maintained with the computer system control
program.
4. Logical Access Safeguards (Technical): The individual
registering for CDX will generate a self-assigned passwords that will
be stored in CDX, but it will only be accessible to the registering
individual. To restore passwords additional secrets will be provided by
individual and validated along with email or other out-of-band factor
such as registered mobile phone using a 1-time passphrase.
RECORD ACCESS PROCEDURES:
Individuals seeking access to information in this system of records
about themselves are required to provide adequate identification (e.g.,
driver's license, military identification card, employee badge or
identification card). Additional identity verification procedures may
be required, as warranted. Requests must meet the requirements of EPA
regulations that implement the Privacy Act of 1974, at 40 CFR part 16.
CONTESTING RECORDS PROCEDURES:
Requests for correction or amendment must identify the record to be
changed and the corrective action sought. Complete EPA Privacy Act
procedures are described in EPA's Privacy Act regulations at 40 CFR
part 16.
NOTIFICATION PROCEDURE:
Any individual who wants to know whether this system of records
contains a record about him or her, should make a written request to
the Attn: Agency Privacy Officer, MC 2831T, 1200 Pennsylvania Ave., NW,
Washington, DC 20460, [email protected].
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
Notice of a New System of Records [Federal Register Vol 67, No. 52
(Monday, March 18, 2002)] Amendment to System of Records Notice
[Federal Register Vol 68, No. 235 (Monday, December 8, 2003)].
Vaughn Noga,
Senior Agency Official for Privacy.
[FR Doc. 2021-17639 Filed 8-17-21; 8:45 am]
BILLING CODE 6560-50-P
