Privacy Act of 1974; Notice of a Modified System of Records, 15720-15722 [2023-05191]
Download as PDF
<![CDATA[
15720
Federal Register / Vol. 88, No. 49 / Tuesday, March 14, 2023 / Notices
ddrumheller on DSK120RN23PROD with NOTICES1
and apps. Millions of consumers have
used the service and provided
BetterHelp with sensitive personal
information regarding their health status
and history, in addition to their name,
email address, and IP address. Contrary
to its repeated representations to keep
this information private, the complaint
explains that BetterHelp monetized
consumers’ health information to target
them and others with advertisements.
To this end, Respondent provided
sensitive consumer health information
to third-party advertising platforms
including Facebook, Pinterest,
Snapchat, and Criteo. I agree that this
alleged conduct violates Section 5 of the
FTC Act.
Notably, the complaint does not
include an allegation that BetterHelp
violated the Health Breach Notification
Rule (HBNR or Rule). I support this
careful approach to the application of
the Rule, particularly given the FTC
Policy Statement on Breaches by Health
Apps and Other Connected Devices
(Policy Statement). The Commission, in
a 3–2 party-line vote, issued this Policy
Statement in September 2021.1 I
dissented 2 because the Policy Statement
included a novel expansion of the
application of the Rule that contradicted
earlier business guidance 3 and was
issued during the pendency of the
ongoing HBNR rulemaking proceeding.4
One could argue that BetterHelp
would fall within the ambit of the
HBNR because it offers a health
platform and app, particularly under the
expansive view espoused in the Policy
Statement. I am pleased to see that the
Commission has not taken this
approach.5
1 FTC Policy Statement on Breaches by Health
Apps and Other Connected Devices (Sept. 15,
2021), https://www.ftc.gov/news-events/eventscalendar/open-commission-meeting-september-152021.
2 Dissenting Statement of Commissioner Christine
S. Wilson, Policy Statement on Breaches by Health
Apps and Other Connected Devices (Sept. 15 2021),
https://www.ftc.gov/system/files/documents/
public_statements/1596356/wilson_health_apps_
policy_statement_dissent_combined_final.pdf.
3 See Exhibit A, Dissenting Statement of
Commissioner Christine S. Wilson, Policy
Statement on Breaches by Health Apps and Other
Connected Devices (Sept. 15, 2021) (prior
Commission business guidance on the HBNR),
https://www.ftc.gov/system/files/documents/
public_statements/1596356/wilson_health_apps_
policy_statement_dissent_combined_final.pdf.
4 Health Breach Notification Rule, Request for
Public Comment, 85 FR 31085 (May 22, 2020).
5 This is especially appropriate because,
according to the complaint, BetterHelp’s violative
conduct ceased in December 2020, before the
issuance of the Policy Statement. I recently
supported the application of the Rule to the
conduct in the GoodRx matter because the alleged
conduct at issue there fell squarely within the scope
of the HBNR as drafted. See Concurring Statement
of Commissioner Christine S. Wilson, GoodRx (Feb.
VerDate Sep<11>2014
21:09 Mar 13, 2023
Jkt 259001
The information BetterHelp collects
from consumers and provides to
therapists on its platform does not
constitute a personal health record of
identifiable health information under
the Rule because it does not include
records that ‘‘can be drawn from
multiple sources,’’ as required by the
existing formulation of the Rule.6 A
consumer provides his or her
information to BetterHelp but the
company does not pull additional
health information from another source
or vendor. For this reason, foregoing an
HBNR count is appropriate.
I note further that I support the
imposition of monetary relief in this
matter. BetterHelp told consumers:
‘‘Rest assured—your health information
will stay private between you and your
counselor’’ but, as alleged, shared this
highly sensitive information with third
parties for the purpose of monetizing it.
I am comfortable that this conduct falls
within our authority to seek relief under
Section 19 of the FTC Act. I commend
the staff on the successful resolution of
this matter.
[FR Doc. 2023–05139 Filed 3–13–23; 8:45 am]
BILLING CODE 6750–01–P
[Notice–ID–2023–03; Docket No. 2023–0002;
Sequence No. 9]
Privacy Act of 1974; Notice of a
Modified System of Records
Office of the Chief Information
Officer, General Services
Administration (GSA).
ACTION: Notice of a modified system of
records.
AGENCY:
GSA proposes to modify a
system of records subject to the Privacy
Act of 1974. GSA is modifying the
notice to update the system name to
‘‘Office of the Chief Financial Officer’s
(OCFO) Imaging/Workflow Solution’’. It
is a subsystem within the Ancillary
Corporate Applications (ACA) at GSA.
OCFO’s Imaging/Workflow Solution
allows users in the Payroll Services
Branch, Accounts Payable and customer
agencies to annotate metadata to
scanned images, and search and view
documents (i.e., invoices, payroll,
property records, deeds, transfers) that
have been scanned/stored.
SUMMARY:
3, 2023), https://www.ftc.gov/legal-library/browse/
cases-proceedings/public-statements/goodrxconcurring-statement-commissioner-christinewilson.
6 See 16 CFR 318.2(d); 42 U.S.C. 1320d(6).
Frm 00082
Fmt 4703
GSA
proposes to modify a system of records
subject to the Privacy Act of 1974, 5
U.S.C. 552a. Office of the Chief
Financial Officer’s (OCFO) Imaging/
Workflow Solution (previously named
ImageNow), is the subsystem within the
Ancillary Corporate Applications (ACA)
at GSA. Please refer to the SORN link
below: https://www.federalregister.gov/
documents/2009/08/10/E9-19102/
privacy-act-of-1974-notice-of-newsystem-of-records.
SUPPLEMENTARY INFORMATION:
GENERAL SERVICES
ADMINISTRATION
PO 00000
Submit comments on or before
April 13, 2023. The new and/or
significantly modified routine uses will
be applicable on April 13, 2023.
ADDRESSES: Submit comments by any of
the following methods:
• Regulations.gov: https://
www.regulations.gov. Search for Notice–
ID–2023–03, Rescindment of a System
of Records Notice. Select the link
‘‘Comment Now’’ that corresponds with
‘‘Notice–ID–2023–03, Rescindment of a
System of Records Notice.’’ Follow the
instructions provided on the screen.
Please include your name, company
name (if any), and ‘‘Notice–ID–2023–03,
Rescindment of a System of Records
Notice’’ on your attached document.
• By email to the GSA Privacy Act
Officer: gsa.privacyact@gsa.gov.
• By mail to: Privacy Office (IDE),
GSA, 1800 F Street NW, Washington,
DC 20405.
FOR FURTHER INFORMATION CONTACT: Call
or email Richard Speidel, the GSA Chief
Privacy Officer (Office of the Deputy
Chief Information Officer): telephone
202–969–5830; email gsa.privacyact@
gsa.gov.
DATES:
Sfmt 4703
SYSTEM NAME AND NUMBER:
OCFO Imaging/Workflow Solution
GSA/PPFM–12.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The system is maintained in Kansas
City, MO, in the Financial
Administrative Systems Division (BDT).
SYSTEM MANAGER:
Director, Financial and Payroll
Services Division, OCFO, GSA (BCE),
1500 E Bannister Road, Kansas City, MO
66085.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. Part III, Subparts D and E, 26
U.S.C. Chapter 24 and 2501, and
Executive Order 9397, and the Chief
Financial Officers (CFO) Act of 1990
(Pub. L. 101–576) as amended (Chapter
9 of Title 31 of the U.S. Code (2009)).
E:\FR\FM\14MRN1.SGM
14MRN1
Federal Register / Vol. 88, No. 49 / Tuesday, March 14, 2023 / Notices
PURPOSES OF THE SYSTEM:
The purpose of the system is to
capture electronic images of financial
documents, and store, retrieve, and
process these images. It will maintain
these images in order to support the
day-to-day official operating needs of
GSA’s financial and payroll operations.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
This system covers individuals with
electronic facility access credentials
including GSA employees, contractor
employees, building occupants, interns,
and volunteers.
CATEGORIES OF RECORDS IN THE SYSTEM:
System records include information
that identify vendors and/or employees
by their names or other unique
identifier in conjunction with other data
elements such as gender, birth date, age,
marital status, spouse and dependents,
home email addresses, home addresses,
home phone numbers, health records,
Social Security Numbers, Employer
Identification Numbers, payroll
deductions, banking information,
personal credit card information, and
similar personally identifiable
information.
RECORD SOURCE CATEGORIES:
The source for the image data in the
system originates from the individuals
and vendors who submit the documents
on their own behalf. In addition,
documents may come from Federal
Government Agencies that may include
Privacy Act information.
ddrumheller on DSK120RN23PROD with NOTICES1
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
System users will be limited to those
U.S. government employees that require
this information to perform their
assigned official responsibilities. All
access will be reviewed and approved
by the employee’s supervisor, system
owner and the information system
security officer. Information from this
system also may be disclosed as a
routine use:
a. In any legal proceeding, where
pertinent, to which GSA is a party
before a court or administrative body.
b. To a Federal, State, local, or foreign
agency responsible for investigating,
prosecuting, enforcing, or carrying out a
statute, rule, regulation, or order when
GSA becomes aware of a violation or
potential violation of civil or criminal
law or regulation.
c. To conduct investigations, by
authorized officials, that are
investigating or settling a grievance,
complaint, or appeal filed by an
VerDate Sep<11>2014
21:09 Mar 13, 2023
Jkt 259001
individual who is the subject of the
record.
d. To the Office of Personnel
Management (OPM), the Office of
Management and Budget (OMB), and
the Government Accountability Office
(GAO) when the information is required
for program evaluation purposes.
e. To a Member of Congress or his or
her staff on behalf of and at the request
of the individual who is the subject of
the record.
f. To a federal agency in connection
with the hiring or retention of an
employee; the issuance of a security
clearance; the reporting of an
investigation; the letting of a contract; or
the issuance of a grant, license, or other
benefit to the extent that the information
is relevant and necessary to a decision.
g. To authorized officials of the
agency that provided the information for
inclusion in ACMIS.
h. To an expert, consultant, or
contractor of GSA in the performance of
Start Printed Page 39962a Federal duty
to which the information is relevant.
i. To the National Archives and
Records Administration (NARA) for
records management purposes.
j. To appropriate agencies, entities,
and persons when (1) The Agency
suspects or has confirmed that the
security or confidentiality of
information in the system of records has
been compromised; (2) the Agency has
determined that as a result of the
suspected or confirmed compromise
there is a risk of harm to economic or
property interests, identity theft or
fraud, or harm to the security or
integrity of this system or other systems
or programs (whether maintained by
GSA or another agency or entity) that
rely upon the compromised
information; and (3) the disclosure
made to such agencies, entities, and
persons is reasonably necessary to assist
in connection with GSA’s efforts to
respond to the suspected or confirmed
compromise and prevent, minimize, or
remedy such harm.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS: STORAGE:
All records are stored electronically in
client-server computer format.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Records are retrievable with indexing
values or other unique identifiers such
as name or Social Security Number.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
System records are retained and
disposed of according to GSA records
maintenance and disposition schedules
and the requirements of the National
PO 00000
Frm 00083
Fmt 4703
Sfmt 4703
15721
Archives and Records Administration
(General Records Schedule 2.3, item 20).
RETENTION AND DISPOSAL:
Records created for input to other
financial systems are intermediary
records according to NARA’s General
Records Schedule 5.2 item 020 and can
be destroyed upon verification of
successful creation of the final
document or file, or when no longer
needed for business use, whichever is
later.
Records managed by the system and
accessed by other financial systems
such as through an Application
Programming Interface (API) are treated
as financial records and their
disposition is determined by the type of
financial record and disposed according
to the appropriate item in GRS schedule
1.1, Financial Management and
Reporting Records.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS: SAFEGUARDS
System records are safeguarded in
accordance with the requirements of the
Privacy Act, the Computer Security Act,
and the System Security Plan.
Technical, administrative, and
personnel security measures are
implemented to ensure confidentiality
and integrity of the data. Security
measures include password protections,
assigned roles, and transaction tracking.
RECORD ACCESS PROCEDURES:
Individuals wishing to access their
own records may do so by sending a
request to the program manager.
Director, Financial and Payroll Services
Division, OCFO, GSA (BCE), 1500 E
Bannister Road, Kansas City, Missouri
66085.
CONTESTING RECORD PROCEDURES:
GSA rules for access to records, and
for contesting the contents and
appealing initial determinations are
provided in 41 CFR part 105–64.
NOTIFICATION PROCEDURES:
Individuals wishing to inquire if the
system contains information about them
should contact the program manager.
Director, Financial and Payroll Services
Division, OCFO, GSA (BCE), 1500 E
Bannister Road, Kansas City, Missouri
66085.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
This notice modifies the
Supplemental Information section of the
system of records notice that is
E:\FR\FM\14MRN1.SGM
14MRN1
15722
Federal Register / Vol. 88, No. 49 / Tuesday, March 14, 2023 / Notices
published in full at 74 FR 39961,
September 09, 2009.
The SORN
should be removed from GSA’s
inventory once OMB reviews and
approves. The records are only stored in
a Dept of Labor system. GSA’s
replacement for the SORN is now
obsolete as the records described in it
are instead stored in a Dept of Labor
system [DOL/OASAM–4—Safety and
Health Information Management System
(SHIMS)]—(https://www.dol.gov/
agencies/sol/privacy) and https://
www.dol.gov/agencies/sol/privacy/govt1.
SUPPLEMENTARY INFORMATION:
Richard Speidel,
Chief Privacy Officer, Office of the Deputy
Chief Information Officer, General Services
Administration.
[FR Doc. 2023–05191 Filed 3–13–23; 8:45 am]
BILLING CODE 6820–34–P
GENERAL SERVICES
ADMINISTRATION
[Notice–ID–2023–05; Docket No. 2023–0002;
Sequence No. 11]
SYSTEM NAME AND NUMBER:
Privacy Act of 1974; System of
Records
GSA/HRO–3—Occupational Health
and Injury Files SORN.
Office of the Chief Privacy
Officer, General Services
Administration, (GSA).
ACTION: Rescindment of a system of
records notice.
AGENCY:
73 FR 22389.
Pursuant to the Privacy Act of
1974, notice is hereby given that the
General Services Administration (GSA)
proposes to rescind the GSA/HRO–3
Occupational Health and Injury Files
SORN. GSA is rescinding the system of
records notice, GSA/HRO–3
Occupational Health and Injury Files.
The rescinded system of records
described in this notice no longer
maintains any Personally Identifiable
Information (PII). Additionally, GSA
uses the Employees’ Compensation
Operations & Management Portal
(ECOMP) system to report an incident.
GSA uses the ECOMP system to track
injuries and illnesses. Link to ECOMP
system at DOL: https://
www.ecomp.dol.gov.
DATES: Submit comments on or before
April 13, 2023.
ADDRESSES: Submit comments by any of
the following methods:
• Regulations.gov: Search https://
www.regulations.gov for ID–2023–05,
Rescindment of a System of Records
Notice. Select the link ‘‘Comment Now’’
that corresponds with ‘‘ID–2023–05,
Rescindment of a System of Records
Notice.’’ Follow the instructions
provided on the screen. Please include
your name, company name (if any), and
‘‘ID–2023–05, Rescindment of a System
of Records Notice’’ on your attached
document.
• By email to the GSA Privacy Act
Officer: gsa.privacyact@gsa.gov.
• By mail to: Privacy Office (IDE),
GSA, 1800 F Street NW, Washington,
DC 20405.
FOR FURTHER INFORMATION CONTACT: Call
or email Richard Speidel, the GSA Chief
Privacy Officer: telephone 202–969–
5830; email gsa.privacyact@gsa.gov.
SUMMARY:
ddrumheller on DSK120RN23PROD with NOTICES1
HISTORY:
VerDate Sep<11>2014
21:09 Mar 13, 2023
Jkt 259001
Richard Speidel,
Chief Privacy Officer, Office of the Deputy
Chief Information Officer, General Services
Administration.
[FR Doc. 2023–05192 Filed 3–13–23; 8:45 am]
name (if any), and ‘‘ID–2023–04,
Rescindment of a System of Records
Notice’’ on your attached document.
• By email to the GSA Privacy Act
Officer: gsa.privacyact@gsa.gov.
• By mail to: Privacy Office (IDE),
GSA, 1800 F Street NW, Washington,
DC 20405.
FOR FURTHER INFORMATION CONTACT: Call
or email Richard Speidel, the GSA Chief
Privacy Officer: telephone 202–969–
5830; email gsa.privacyact@gsa.gov.
SUPPLEMENTARY INFORMATION: Enterprise
Server Services (ESS)system was
migrated from all ESS subsystems to the
new Enterprise Infrastructure
Operations (EIO) system and those
elements being placed as subsystems to
the Enterprise Infrastructure Operations
(EIO). For more information, refer to this
link below: https://www.govinfo.gov/
content/pkg/FR-2011-08-10/pdf/201120271.pdf.
SYSTEM NAME AND NUMBER:
GSA/CIO–2 Enterprise Server
Services (ESS).
BILLING CODE 6820–34–P
HISTORY:
73 FR 22389.
GENERAL SERVICES
ADMINISTRATION
[Notice–ID–2023–04; Docket No. 2023–0002;
Sequence No. 10]
Privacy Act of 1974; System of
Records
Office of the Chief Privacy
Officer, General Services
Administration, (GSA).
ACTION: Rescindment of a system of
records notice.
AGENCY:
Pursuant to the Privacy Act of
1974, notice is hereby given that GSA
proposes to rescind the GSA/CIO–2
Enterprise Server Services (ESS) SORN.
The ESS no longer maintains any
Personally Identifiable Information (PII).
GSA’s replacement for ESS migrated all
subsystems to the new Enterprise
Infrastructure Operations (EIO) system
and those elements were placed as
subsystems to the Enterprise
Infrastructure Operations (EIO).
DATES: Submit comments on or before
April 13, 2023.
ADDRESSES: Submit comments by any of
the following methods:
• Regulations.gov: https://
www.regulations.gov. Search for ID–
2023–04, Rescindment of a System of
Records Notice. Select the link
‘‘Comment Now’’ that corresponds with
‘‘ID–2023–04, Rescindment of a System
of Records Notice.’’ Follow the
instructions provided on the screen.
Please include your name, company
SUMMARY:
PO 00000
Frm 00084
Fmt 4703
Sfmt 4703
Richard Speidel,
Chief Privacy Officer, Office of the Deputy
Chief Information Officer, General Services
Administration.
[FR Doc. 2023–05193 Filed 3–13–23; 8:45 am]
BILLING CODE 6820–34–P
GENERAL SERVICES
ADMINISTRATION
[Notice–ID–2023–02; Docket No. 2023–0002;
Sequence No. 8]
Privacy Act of 1974; System of
Records
Office of the Chief Privacy
Officer, General Services
Administration (GSA).
ACTION: Rescindment of a system of
records notice.
AGENCY:
Pursuant to the Privacy Act of
1974, notice is hereby given that the
General Services Administration (GSA)
proposes to rescind the system GSA/
HRO–2—Employee Drug Abuse
Alcoholism Files, as the records are now
with the U.S. Department of Health and
Human Services (HHS), not GSA, as
GSA entered an interagency agreement
with HHS for support so the records are
covered by the HHS SORN, 09–90–0010,
Employee Assistance Program (EAP)
Records.
DATES: Submit comments on or before
April 13, 2023.
ADDRESSES: Submit comments by any of
the following methods:
SUMMARY:
E:\FR\FM\14MRN1.SGM
14MRN1
]]>Agencies
[Federal Register Volume 88, Number 49 (Tuesday, March 14, 2023)]
[Notices]
[Pages 15720-15722]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-05191]
=======================================================================
-----------------------------------------------------------------------
GENERAL SERVICES ADMINISTRATION
[Notice-ID-2023-03; Docket No. 2023-0002; Sequence No. 9]
Privacy Act of 1974; Notice of a Modified System of Records
AGENCY: Office of the Chief Information Officer, General Services
Administration (GSA).
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: GSA proposes to modify a system of records subject to the
Privacy Act of 1974. GSA is modifying the notice to update the system
name to ``Office of the Chief Financial Officer's (OCFO) Imaging/
Workflow Solution''. It is a subsystem within the Ancillary Corporate
Applications (ACA) at GSA. OCFO's Imaging/Workflow Solution allows
users in the Payroll Services Branch, Accounts Payable and customer
agencies to annotate metadata to scanned images, and search and view
documents (i.e., invoices, payroll, property records, deeds, transfers)
that have been scanned/stored.
DATES: Submit comments on or before April 13, 2023. The new and/or
significantly modified routine uses will be applicable on April 13,
2023.
ADDRESSES: Submit comments by any of the following methods:
Regulations.gov: https://www.regulations.gov. Search for
Notice-ID-2023-03, Rescindment of a System of Records Notice. Select
the link ``Comment Now'' that corresponds with ``Notice-ID-2023-03,
Rescindment of a System of Records Notice.'' Follow the instructions
provided on the screen. Please include your name, company name (if
any), and ``Notice-ID-2023-03, Rescindment of a System of Records
Notice'' on your attached document.
By email to the GSA Privacy Act Officer:
[email protected].
By mail to: Privacy Office (IDE), GSA, 1800 F Street NW,
Washington, DC 20405.
FOR FURTHER INFORMATION CONTACT: Call or email Richard Speidel, the GSA
Chief Privacy Officer (Office of the Deputy Chief Information Officer):
telephone 202-969-5830; email [email protected].
SUPPLEMENTARY INFORMATION: GSA proposes to modify a system of records
subject to the Privacy Act of 1974, 5 U.S.C. 552a. Office of the Chief
Financial Officer's (OCFO) Imaging/Workflow Solution (previously named
ImageNow), is the subsystem within the Ancillary Corporate Applications
(ACA) at GSA. Please refer to the SORN link below: https://www.federalregister.gov/documents/2009/08/10/E9-19102/privacy-act-of-1974-notice-of-new-system-of-records.
SYSTEM NAME AND NUMBER:
OCFO Imaging/Workflow Solution GSA/PPFM-12.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The system is maintained in Kansas City, MO, in the Financial
Administrative Systems Division (BDT).
SYSTEM MANAGER:
Director, Financial and Payroll Services Division, OCFO, GSA (BCE),
1500 E Bannister Road, Kansas City, MO 66085.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. Part III, Subparts D and E, 26 U.S.C. Chapter 24 and 2501,
and Executive Order 9397, and the Chief Financial Officers (CFO) Act of
1990 (Pub. L. 101-576) as amended (Chapter 9 of Title 31 of the U.S.
Code (2009)).
[[Page 15721]]
PURPOSES OF THE SYSTEM:
The purpose of the system is to capture electronic images of
financial documents, and store, retrieve, and process these images. It
will maintain these images in order to support the day-to-day official
operating needs of GSA's financial and payroll operations.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
This system covers individuals with electronic facility access
credentials including GSA employees, contractor employees, building
occupants, interns, and volunteers.
CATEGORIES OF RECORDS IN THE SYSTEM:
System records include information that identify vendors and/or
employees by their names or other unique identifier in conjunction with
other data elements such as gender, birth date, age, marital status,
spouse and dependents, home email addresses, home addresses, home phone
numbers, health records, Social Security Numbers, Employer
Identification Numbers, payroll deductions, banking information,
personal credit card information, and similar personally identifiable
information.
RECORD SOURCE CATEGORIES:
The source for the image data in the system originates from the
individuals and vendors who submit the documents on their own behalf.
In addition, documents may come from Federal Government Agencies that
may include Privacy Act information.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
System users will be limited to those U.S. government employees
that require this information to perform their assigned official
responsibilities. All access will be reviewed and approved by the
employee's supervisor, system owner and the information system security
officer. Information from this system also may be disclosed as a
routine use:
a. In any legal proceeding, where pertinent, to which GSA is a
party before a court or administrative body.
b. To a Federal, State, local, or foreign agency responsible for
investigating, prosecuting, enforcing, or carrying out a statute, rule,
regulation, or order when GSA becomes aware of a violation or potential
violation of civil or criminal law or regulation.
c. To conduct investigations, by authorized officials, that are
investigating or settling a grievance, complaint, or appeal filed by an
individual who is the subject of the record.
d. To the Office of Personnel Management (OPM), the Office of
Management and Budget (OMB), and the Government Accountability Office
(GAO) when the information is required for program evaluation purposes.
e. To a Member of Congress or his or her staff on behalf of and at
the request of the individual who is the subject of the record.
f. To a federal agency in connection with the hiring or retention
of an employee; the issuance of a security clearance; the reporting of
an investigation; the letting of a contract; or the issuance of a
grant, license, or other benefit to the extent that the information is
relevant and necessary to a decision.
g. To authorized officials of the agency that provided the
information for inclusion in ACMIS.
h. To an expert, consultant, or contractor of GSA in the
performance of Start Printed Page 39962a Federal duty to which the
information is relevant.
i. To the National Archives and Records Administration (NARA) for
records management purposes.
j. To appropriate agencies, entities, and persons when (1) The
Agency suspects or has confirmed that the security or confidentiality
of information in the system of records has been compromised; (2) the
Agency has determined that as a result of the suspected or confirmed
compromise there is a risk of harm to economic or property interests,
identity theft or fraud, or harm to the security or integrity of this
system or other systems or programs (whether maintained by GSA or
another agency or entity) that rely upon the compromised information;
and (3) the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with GSA's efforts to
respond to the suspected or confirmed compromise and prevent, minimize,
or remedy such harm.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS: STORAGE:
All records are stored electronically in client-server computer
format.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrievable with indexing values or other unique
identifiers such as name or Social Security Number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
System records are retained and disposed of according to GSA
records maintenance and disposition schedules and the requirements of
the National Archives and Records Administration (General Records
Schedule 2.3, item 20).
RETENTION AND DISPOSAL:
Records created for input to other financial systems are
intermediary records according to NARA's General Records Schedule 5.2
item 020 and can be destroyed upon verification of successful creation
of the final document or file, or when no longer needed for business
use, whichever is later.
Records managed by the system and accessed by other financial
systems such as through an Application Programming Interface (API) are
treated as financial records and their disposition is determined by the
type of financial record and disposed according to the appropriate item
in GRS schedule 1.1, Financial Management and Reporting Records.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: Safeguards
System records are safeguarded in accordance with the requirements
of the Privacy Act, the Computer Security Act, and the System Security
Plan. Technical, administrative, and personnel security measures are
implemented to ensure confidentiality and integrity of the data.
Security measures include password protections, assigned roles, and
transaction tracking.
RECORD ACCESS PROCEDURES:
Individuals wishing to access their own records may do so by
sending a request to the program manager. Director, Financial and
Payroll Services Division, OCFO, GSA (BCE), 1500 E Bannister Road,
Kansas City, Missouri 66085.
CONTESTING RECORD PROCEDURES:
GSA rules for access to records, and for contesting the contents
and appealing initial determinations are provided in 41 CFR part 105-
64.
NOTIFICATION PROCEDURES:
Individuals wishing to inquire if the system contains information
about them should contact the program manager. Director, Financial and
Payroll Services Division, OCFO, GSA (BCE), 1500 E Bannister Road,
Kansas City, Missouri 66085.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
This notice modifies the Supplemental Information section of the
system of records notice that is
[[Page 15722]]
published in full at 74 FR 39961, September 09, 2009.
Richard Speidel,
Chief Privacy Officer, Office of the Deputy Chief Information Officer,
General Services Administration.
[FR Doc. 2023-05191 Filed 3-13-23; 8:45 am]
BILLING CODE 6820-34-P
