Privacy Act of 1974; System of Records, 36272-36274 [2023-11753]
Download as PDF
<![CDATA[
36272
Notices
Federal Register
Vol. 88, No. 106
Friday, June 2, 2023
This section of the FEDERAL REGISTER
contains documents other than rules or
proposed rules that are applicable to the
public. Notices of hearings and investigations,
committee meetings, agency decisions and
rulings, delegations of authority, filing of
petitions and applications and agency
statements of organization and functions are
examples of documents appearing in this
section.
DEPARTMENT OF AGRICULTURE
Privacy Act of 1974; System of
Records
Office of the Safety, Security,
and Protection, USDA.
ACTION: Notice of a new system of
records.
AGENCY:
In accordance with the
Privacy Act of 1974, as amended, and
Office of Management and Budget
Circular No. A–108 Federal Agency
Responsibilities for Review, Reporting,
and Publication under the Privacy Act,
the U.S. Department of Agriculture
(USDA) proposes a new system of
records, USDA/OSSP–1, the Enterprise
Physical Access Control System
(ePACS). The Office of the Safety,
Security, and Protections maintains
ePACS, which contains the information
required to control physical access to
USDA managed facilities and restricted
areas within the facilities in all regions
across the United States. The notice also
conveys the system location, categories
of records, routine uses (one of which
permits records to be provided to the
National Archives and Records
Administration), storage, safeguards,
retention and disposal, system manager
and address, notification procedures,
records access, and contesting
procedures.
SUMMARY:
In accordance with 5 U.S.C.
552a(e)(4) and (11) this notice is
applicable upon publication; subject to
a 30-day notice and comment period in
which to comment on the routine uses
described in the routine uses section of
this system of records notice. Please
submit any comments by July 3, 2023.
ADDRESSES: Comments may be
submitted by one of the following
methods:
—Federal eRulemaking Portal: This
website provides the ability to type
short comments directly into the
comment field on this web page or
lotter on DSK11XQN23PROD with NOTICES1
DATES:
VerDate Sep<11>2014
17:34 Jun 01, 2023
Jkt 259001
attach a file for lengthier comments.
Go to https://www.regulations.gov.
Follow the on-line instructions at that
site for submitting comments.
—Postal Mail/Commercial Delivery:
Office of Safety, Security and
Protection, 1400 Independence Ave.
SW, Washington, DC 20250.
Instructions: All items submitted by
mail or electronic mail must include the
Agency name and docket number
USDA–2021–13. Comments received in
response to this docket will be made
available for public inspection and
posted without change, including any
personal information, to https://
www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: For
general questions, please contact
Samuel Willis, System Owner/Manager,
Office of Safety, Security and
Protection, 1400 Independence Avenue
SW, Washington, DC 20250, (833) 682–
4675.
For Privacy Act questions concerning
this system of records notice, please
contact Michele Washington, USDA,
Departmental Administration
Information Technology Office, Office of
the Chief Information Officer United
States Department of Agriculture (202)
577–8021.
For general USDA Privacy Act
questions, please contact the USDA
Chief Privacy Officer, Information
Security Center, Office of Chief
Information Officer, USDA, Jamie L.
Whitten Building, 1400 Independence
Ave. SW, Washington, DC 20250; email:
USDAPrivacy@ocio.usda.gov.
SUPPLEMENTARY INFORMATION: USDA is
proposing to establish a new system of
records notice entitled USDA/OSSP–1,
the Enterprise Physical Access Control
System (ePACS). The primary purpose
of this system is to collect data required
to manage physical access to USDA
operated facilities and restricted areas
within the facilities in all regions across
the United States. This system
maintains individuals’ personal
individual verification (PIV)
information to support the USDA’s
efforts related to protecting USDA
facilities and operating the USDA visitor
management program. Efforts have been
made to safeguard records in accordance
with applicable rules and policies,
including all applicable USDA
automated systems security and access
policies. Strict controls have been
imposed to minimize the risk of
PO 00000
Frm 00001
Fmt 4703
Sfmt 4703
compromising the information that is
being stored. Access to the computer
system containing the records in this
system is limited to those individuals
who have a need to know the
information for the performance of their
official duties and who have appropriate
clearances or permissions.
SYSTEM NAME AND NUMBER:
USDA/OSSP–1, Enterprise Physical
Access Control System (ePACS)
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The ePACS is maintained and
physically located at USDA’s Digital
Infrastructure Services Center at 8930
Ward Parkway, Kansas City, Missouri
64114.
SYSTEM MANAGER(S):
Director, Facility Protection Division,
Office of Safety, Security, and
Protection,1400 Independence Avenue
SW, Washington, DC 20250, (202) 260–
8930.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Homeland Security Presidential
Directive–12 (HSPD–12), Departmental
Physical Security Program, DR 1650–
001, December 9, 2021, and Authority to
Operate (ATO), 06/07/2022.
PURPOSE(S) OF THE SYSTEM:
The ePACS provides a centralized
infrastructure for the use of the USDA
standard personal individual
verification (PIV) card for access to
federally controlled facilities as
mandated by HSPD–12. The ePACS
provides a means for USDA Agencies to
deploy electronic access control to its
facilities; supports the mitigation of
identified threats and vulnerabilities;
and ensures that unauthorized
individuals do not have access to
critical USDA assets. Incorporated into
ePACS is the Visitor Management
System (VMS), which allows visitors to
log into a website and request to visit
USDA locations where VMS is
implemented.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Categories of individuals covered by
this system include individuals with
electronic facility physical access
credentials including USDA employees,
contractor employees, building
E:\FR\FM\02JNN1.SGM
02JNN1
Federal Register / Vol. 88, No. 106 / Friday, June 2, 2023 / Notices
occupants, interns, visitors, and
volunteers.
CATEGORIES OF RECORDS IN THE SYSTEM:
Categories of records in the system
consists of records created for
individuals to obtain electronic facility
access credentials as well as temporary
badges for facility access. The ePACS
generally handles physical access
security management information
including physical access card status,
physical access card category, physical
access card expiration date, and
physical access card holder emergency
response responsibilities.
The data stored in ePACS includes:
Federal Agency Smart Credential
Number (FASC–N), Card Category, Card
Status, Card Expiration Date, Photo,
First Name, Middle Name, Last Name,
Employee type, Employee Status,
Emergency Responder, Department,
Agency, Sub-agency, City, State, date of
birth, and entry and exit date and time.
RECORD SOURCE CATEGORIES:
Information in this system is obtained
from an official Department information
technology system and is loaded into
the system of records from the following
source system: the Department’s system
of records entitled USDA/OCIO–2,
eAuthentication Service—71 FR
42346—July 26, 2006, USDA/OCIO–2,
eAuthentication Service (eAuth)—77 FR
15024—March 14, 2012, USDA/OCIO–2
eAuthentication Service—82 FR 8503—
January 26, 2017.
lotter on DSK11XQN23PROD with NOTICES1
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
In addition to those disclosures
generally permitted under 5 U.S.C.
552a(b) of the Privacy Act of 1974,
records contained in this system may be
disclosed outside USDA as a routine use
pursuant to 5 U.S.C. 552a(b)(3), to the
extent that such uses are compatible
with the purposes for which the
information was collected. Such
permitted routine uses include the
following:
A. To the Department of Justice (DOJ)
when: (a) USDA or any component
thereof; or (b) any employee of USDA in
his or her official capacity where the
Department of Justice has agreed to
represent the employee; or (c) the
United States Government, is a party to
litigation or has an interest in such
litigation, and USDA determines that
the records are both relevant and
necessary to the litigation and the use of
such records by the Department of
Justice is deemed by USDA to be for a
purpose that is compatible with the
purpose for which USDA collected the
records.
VerDate Sep<11>2014
17:34 Jun 01, 2023
Jkt 259001
B. To a Congressional Office in
response to an inquiry from that
Congressional Office made at the
written request of the individual about
whom the record pertains.
C. To the National Archives and
Records Administration (NARA) or
other Federal Government agencies
pursuant to records management
activities being conducted under 44
U.S.C. 2904 and 2906.
To appropriate agencies, entities, and
persons when (1) USDA suspects or has
confirmed that the security or
confidentiality of information in the
system of records has been
compromised; (2) USDA has determined
that as a result of the suspected or
confirmed breach, there is a risk of harm
to individuals, USDA (including its
information systems, programs, and
operations), the Federal Government, or
national security; and (3) the disclosure
to such agencies, entities, and persons is
reasonably necessary to assist in
connection with USDA’s efforts to
respond to the suspected or confirmed
compromise and prevent, minimize, or
remedy such harm; or to another
Federal agency or Federal entity, when
information from this system of records
is reasonably necessary to assist the
recipient agency or entity in (1)
responding to a suspected or confirmed
breach; or (2) preventing, minimizing, or
remedying the risk of harm to
individuals, the agency (including its
information systems, programs, and
operations), the Federal Government, or
national security.
When a record on its face, or in
conjunction with other records,
indicates a violation or potential
violation of law, whether civil, criminal
or regulatory in nature, and whether
arising by general statute or particular
program, statute, or by regulation, rule,
or order issued pursuant thereto,
disclosure may be made to the
appropriate Federal, State, local,
foreign, Tribal, or other public authority
responsible for enforcing, investigating,
or prosecuting such violation or charged
with enforcing or implementing the
statute, or rule, regulation, or order
issued pursuant thereto, if the
information disclosed is relevant to any
enforcement, regulatory, investigative or
prosecutive responsibility of the
receiving entity. Referral to the
appropriate agency, whether Federal,
State, local, or foreign, charged with the
responsibility of investigating or
prosecuting violation of law, or of
enforcing or implementing a statute,
rule, regulation, or order issued
pursuant thereto, of any record within
this system when information available
indicates a violation or potential
PO 00000
Frm 00002
Fmt 4703
Sfmt 4703
36273
violation of law, whether civil, criminal,
or regulatory in nature.
D. To a court or adjudicative body in
a proceeding when: (a) USDA or any
component thereof; or (b) any employee
of USDA in his or her official capacity;
or (c) any employee of USDA in his or
her individual capacity where USDA
has agreed to represent the employee; or
the United States Government is a party
to litigation or has an interest in such
litigation, and USDA determines that
the records are both relevant and
necessary to the litigation, and that use
of such records is therefore deemed by
USDA to be for a purpose that is
compatible with the purpose for which
USDA collected the records.
To contractors and their agents,
grantees, experts, consultants, and
others performing or working on a
contract, service, grant, cooperative
agreement, or other assignment for the
USDA, when necessary to accomplish
an agency function related to this
system of records. Individuals providing
information under this routine use are
subject to the same Privacy Act
requirements and limitations on
disclosure as are applicable to USDA
officers and employees.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Records are stored on encrypted
servers within a secured and controlled
environment. Records backup storage is
maintained by the USDA’s Digital
Infrastructure Services Center (DISC) in
a virtual tape library at the USDA’s
DISC facility in Kansas City, MO. Copies
of the backup records are maintained at
the USDA DISC facility in St. Louis,
MO. The ePACS has no hardcopy paper
records that require storage.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Records are retrieved by a
combination of name and date range.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Records compiled under this SORN
will be maintained in accordance with
NARA General Records Schedule (GRS)
Transmittal 32 issued March 2022,
Items 110 and 120, and NARA records
retention schedules DAA–GRS2017–
0006–0014, and DAA–GRS2021–0001–
0005, to the extent applicable. Records
may be retained for a longer period as
required by litigation, investigation,
and/or audit. A master file backup is
created at the end of the calendar year
and maintained in St. Louis, Mo. The St.
Louis offsite storage site is located
approximately 250 miles from the
primary data facility and is not
susceptible to the same hazards.
E:\FR\FM\02JNN1.SGM
02JNN1
36274
Federal Register / Vol. 88, No. 106 / Friday, June 2, 2023 / Notices
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Records in this system are
safeguarded by restricting accessibility,
in accordance with USDA security and
access policies. The safeguarding
includes secured severs, firewall(s),
network protection, and an encrypted
password. Each user is assigned a level
of role-based access, which is strictly
controlled and granted through USDAapproved, secure application (after the
user has successfully completed the
Government National Agency Check
with Inquiries (NACI) investigation).
Physical security measures are in
place to prevent unauthorized persons
from accessing ePACS as only
government furnished equipment is
allowed. The ePACS users are also
required to complete appropriate
training to learn requirements for
safeguarding records maintained under
the Privacy Act. USDA’s Digital
Infrastructure Services Center (DISC)
safeguards records and ensures that
privacy requirements are met in
accordance with Federal and cyber
security mandates. DISC provides
continuous storage management,
encryption, security administration,
regular dataset backups, and
contingency planning/disaster recovery.
RECORD ACCESS PROCEDURES:
Individuals seeking to gain access to
a record in this system of records, must
contact the system manager at the
address listed above and provide the
system manager with the necessary
particulars such as full name, date of
birth, work address, country of
citizenship. Requesters must also
reasonably specify the record contents
sought. The request must meet the
requirements of the regulations at 34
CFR 5b.5, including proof of identity.
All requests for access to records must
be in writing and should be submitted
to the system manager at the address
listed above. A determination whether a
record may be accessed will be made at
the time a request is received. All
inquiries should be addressed in
accordance with the ‘‘Notification
Procedures’’ below.
lotter on DSK11XQN23PROD with NOTICES1
CONTESTING RECORD PROCEDURES:
Individuals seeking to contest or
amend information maintained in the
system should direct their request to the
above listed System Manager and
should include the reason for contesting
it and the proposed amendment to the
information with supporting
information to show how the record is
inaccurate. A request for contesting
records should contain: Name, address
including zip code, name of the system
VerDate Sep<11>2014
17:34 Jun 01, 2023
Jkt 259001
of records, year of records in question,
and any other pertinent information to
help identify the data requested.
NOTIFICATION PROCEDURES:
Any individual may request
information regarding this system of
records, or information as to whether
the system contains records pertaining
to the individual, from the System
Manager listed above: See RECORD
ACCESS PROCEDURES.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
Samuel Willis,
Director—Facility Protection Division, Office
of Safety, Security and Protection,
Departmental Administration, United States
Department of Agriculture.
[FR Doc. 2023–11753 Filed 6–1–23; 8:45 am]
BILLING CODE 3410–98–P
DEPARTMENT OF COMMERCE
Bureau of Economic Analysis
Agency Information Collection
Activities; Submission for Office of
Management and Budget (OMB)
Review; Comment Request;
Expenditures Incurred by Recipients of
Biomedical Research and
Development Awards From the
National Institutes of Health (NIH)
The Department of Commerce will
submit the following information
collection request to the Office of
Management and Budget (OMB) for
review and clearance in accordance
with the Paperwork Reduction Act of
1995, on or after the date of publication
of this notice. We invite the general
public and other Federal agencies to
comment on proposed and continuing
information collections, which helps us
assess the impact of our information
collection requirements and minimize
the public’s reporting burden. Public
comments were previously requested
via the Federal Register on March 21,
2023 during a 60-day comment period.
This notice allows for an additional 30
days for public comments.
Agency: Bureau of Economic Analysis
(BEA), Commerce.
Title: Expenditures Incurred by
Recipients of Biomedical Research and
Development Awards from the National
Institutes of Health (NIH).
OMB Control Number: 0608–0069.
Form Number(s): None.
Type of Request: Regular submission,
extension of a current information
collection.
Number of Respondents: 150.
Average Hours per Response: 16
hours is the average but may vary
PO 00000
Frm 00003
Fmt 4703
Sfmt 4703
among respondents because of
differences in institution structure, size,
and complexity.
Burden Hours: 2,400 hours.
Needs and Uses: The survey obtains
the distribution of expenditures
incurred by recipients of biomedical
research awards from the NIH and will
provide information on how the NIH
award amounts are expended across
several major categories. This
information, along with wage and price
data from other published sources, will
be used to generate the Biomedical
Research and Development Price Index
(BRDPI). The BRDPI is an index of
prices paid for the labor, supplies,
equipment, and other inputs required to
perform the biomedical research the
NIH supports in its intramural
laboratories and through its awards to
extramural organizations. The BRDPI is
a vital tool for planning the NIH
research budget and analyzing future
NIH programs. A survey of award
recipients is currently the only means
for updating the expenditure category
weights that are used to prepare the
BRDPI. BEA develops the index for NIH
under a reimbursable interagency
agreement.
A survey questionnaire with a cover
letter that includes a brief description
of, and rationale for, the survey will be
sent to potential respondents by August
2023, 2024, and 2025. A report of the
respondent’s expenditures of the NIH
award amounts following the proposed
format for expenditure categories
attached to the survey’s cover letter, will
be requested to be returned no later than
December 8 of each survey year, which
in most years will be approximately 120
days after mailing. Survey respondents
will be selected based on award levels,
which determine the weight of the
respondent in the BRDPI. BEA proposes
to survey 150 organizations that receive
NIH biomedical research awards. This
will include the top 100 organizations
in total awards received; 40 additional
organizations that are not primarily in
the ‘‘Research and Development (R&D)
contracts’’ category; and 10 additional
organizations that are primarily in the
‘‘R&D contracts’’ category. Based on
awards data for Fiscal Year 2022 by type
of organization, the top 100
organizations received $25.2 billion in
awards (approximately 76 percent of
total awards); the remaining awardsreceiving organizations received $8.1
billion.
Affected Public: Universities or other
organizations that are NIH award
recipients.
Frequency: Annual.
Respondent’s Obligation: Voluntary.
E:\FR\FM\02JNN1.SGM
02JNN1
]]>Agencies
[Federal Register Volume 88, Number 106 (Friday, June 2, 2023)]
[Notices]
[Pages 36272-36274]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-11753]
�========================================================================
�Notices
� Federal Register
�________________________________________________________________________
�
�This section of the FEDERAL REGISTER contains documents other than rules
�or proposed rules that are applicable to the public. Notices of hearings
�and investigations, committee meetings, agency decisions and rulings,
�delegations of authority, filing of petitions and applications and agency
�statements of organization and functions are examples of documents
�appearing in this section.
�
�========================================================================
�
��Federal Register / Vol. 88, No. 106 / Friday, June 2, 2023 /
Notices��
[[Page 36272]]
DEPARTMENT OF AGRICULTURE
Privacy Act of 1974; System of Records
AGENCY: Office of the Safety, Security, and Protection, USDA.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, as amended, and
Office of Management and Budget Circular No. A-108 Federal Agency
Responsibilities for Review, Reporting, and Publication under the
Privacy Act, the U.S. Department of Agriculture (USDA) proposes a new
system of records, USDA/OSSP-1, the Enterprise Physical Access Control
System (ePACS). The Office of the Safety, Security, and Protections
maintains ePACS, which contains the information required to control
physical access to USDA managed facilities and restricted areas within
the facilities in all regions across the United States. The notice also
conveys the system location, categories of records, routine uses (one
of which permits records to be provided to the National Archives and
Records Administration), storage, safeguards, retention and disposal,
system manager and address, notification procedures, records access,
and contesting procedures.
DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11) this notice is
applicable upon publication; subject to a 30-day notice and comment
period in which to comment on the routine uses described in the routine
uses section of this system of records notice. Please submit any
comments by July 3, 2023.
ADDRESSES: Comments may be submitted by one of the following methods:
--Federal eRulemaking Portal: This website provides the ability to type
short comments directly into the comment field on this web page or
attach a file for lengthier comments. Go to https://www.regulations.gov. Follow the on-line instructions at that site for
submitting comments.
--Postal Mail/Commercial Delivery: Office of Safety, Security and
Protection, 1400 Independence Ave. SW, Washington, DC 20250.
Instructions: All items submitted by mail or electronic mail must
include the Agency name and docket number USDA-2021-13. Comments
received in response to this docket will be made available for public
inspection and posted without change, including any personal
information, to https://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: For general questions, please contact
Samuel Willis, System Owner/Manager, Office of Safety, Security and
Protection, 1400 Independence Avenue SW, Washington, DC 20250, (833)
682-4675.
For Privacy Act questions concerning this system of records notice,
please contact Michele Washington, USDA, Departmental Administration
Information Technology Office, Office of the Chief Information Officer
United States Department of Agriculture (202) 577-8021.
For general USDA Privacy Act questions, please contact the USDA
Chief Privacy Officer, Information Security Center, Office of Chief
Information Officer, USDA, Jamie L. Whitten Building, 1400 Independence
Ave. SW, Washington, DC 20250; email: [email protected].
SUPPLEMENTARY INFORMATION: USDA is proposing to establish a new system
of records notice entitled USDA/OSSP-1, the Enterprise Physical Access
Control System (ePACS). The primary purpose of this system is to
collect data required to manage physical access to USDA operated
facilities and restricted areas within the facilities in all regions
across the United States. This system maintains individuals' personal
individual verification (PIV) information to support the USDA's efforts
related to protecting USDA facilities and operating the USDA visitor
management program. Efforts have been made to safeguard records in
accordance with applicable rules and policies, including all applicable
USDA automated systems security and access policies. Strict controls
have been imposed to minimize the risk of compromising the information
that is being stored. Access to the computer system containing the
records in this system is limited to those individuals who have a need
to know the information for the performance of their official duties
and who have appropriate clearances or permissions.
SYSTEM NAME AND NUMBER:
USDA/OSSP-1, Enterprise Physical Access Control System (ePACS)
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The ePACS is maintained and physically located at USDA's Digital
Infrastructure Services Center at 8930 Ward Parkway, Kansas City,
Missouri 64114.
SYSTEM MANAGER(S):
Director, Facility Protection Division, Office of Safety, Security,
and Protection,1400 Independence Avenue SW, Washington, DC 20250, (202)
260-8930.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Homeland Security Presidential Directive-12 (HSPD-12), Departmental
Physical Security Program, DR 1650-001, December 9, 2021, and Authority
to Operate (ATO), 06/07/2022.
PURPOSE(S) OF THE SYSTEM:
The ePACS provides a centralized infrastructure for the use of the
USDA standard personal individual verification (PIV) card for access to
federally controlled facilities as mandated by HSPD-12. The ePACS
provides a means for USDA Agencies to deploy electronic access control
to its facilities; supports the mitigation of identified threats and
vulnerabilities; and ensures that unauthorized individuals do not have
access to critical USDA assets. Incorporated into ePACS is the Visitor
Management System (VMS), which allows visitors to log into a website
and request to visit USDA locations where VMS is implemented.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Categories of individuals covered by this system include
individuals with electronic facility physical access credentials
including USDA employees, contractor employees, building
[[Page 36273]]
occupants, interns, visitors, and volunteers.
CATEGORIES OF RECORDS IN THE SYSTEM:
Categories of records in the system consists of records created for
individuals to obtain electronic facility access credentials as well as
temporary badges for facility access. The ePACS generally handles
physical access security management information including physical
access card status, physical access card category, physical access card
expiration date, and physical access card holder emergency response
responsibilities.
The data stored in ePACS includes: Federal Agency Smart Credential
Number (FASC-N), Card Category, Card Status, Card Expiration Date,
Photo, First Name, Middle Name, Last Name, Employee type, Employee
Status, Emergency Responder, Department, Agency, Sub-agency, City,
State, date of birth, and entry and exit date and time.
RECORD SOURCE CATEGORIES:
Information in this system is obtained from an official Department
information technology system and is loaded into the system of records
from the following source system: the Department's system of records
entitled USDA/OCIO-2, eAuthentication Service--71 FR 42346--July 26,
2006, USDA/OCIO-2, eAuthentication Service (eAuth)--77 FR 15024--March
14, 2012, USDA/OCIO-2 eAuthentication Service--82 FR 8503--January 26,
2017.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act of 1974, records contained in this system
may be disclosed outside USDA as a routine use pursuant to 5 U.S.C.
552a(b)(3), to the extent that such uses are compatible with the
purposes for which the information was collected. Such permitted
routine uses include the following:
A. To the Department of Justice (DOJ) when: (a) USDA or any
component thereof; or (b) any employee of USDA in his or her official
capacity where the Department of Justice has agreed to represent the
employee; or (c) the United States Government, is a party to litigation
or has an interest in such litigation, and USDA determines that the
records are both relevant and necessary to the litigation and the use
of such records by the Department of Justice is deemed by USDA to be
for a purpose that is compatible with the purpose for which USDA
collected the records.
B. To a Congressional Office in response to an inquiry from that
Congressional Office made at the written request of the individual
about whom the record pertains.
C. To the National Archives and Records Administration (NARA) or
other Federal Government agencies pursuant to records management
activities being conducted under 44 U.S.C. 2904 and 2906.
To appropriate agencies, entities, and persons when (1) USDA
suspects or has confirmed that the security or confidentiality of
information in the system of records has been compromised; (2) USDA has
determined that as a result of the suspected or confirmed breach, there
is a risk of harm to individuals, USDA (including its information
systems, programs, and operations), the Federal Government, or national
security; and (3) the disclosure to such agencies, entities, and
persons is reasonably necessary to assist in connection with USDA's
efforts to respond to the suspected or confirmed compromise and
prevent, minimize, or remedy such harm; or to another Federal agency or
Federal entity, when information from this system of records is
reasonably necessary to assist the recipient agency or entity in (1)
responding to a suspected or confirmed breach; or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the agency
(including its information systems, programs, and operations), the
Federal Government, or national security.
When a record on its face, or in conjunction with other records,
indicates a violation or potential violation of law, whether civil,
criminal or regulatory in nature, and whether arising by general
statute or particular program, statute, or by regulation, rule, or
order issued pursuant thereto, disclosure may be made to the
appropriate Federal, State, local, foreign, Tribal, or other public
authority responsible for enforcing, investigating, or prosecuting such
violation or charged with enforcing or implementing the statute, or
rule, regulation, or order issued pursuant thereto, if the information
disclosed is relevant to any enforcement, regulatory, investigative or
prosecutive responsibility of the receiving entity. Referral to the
appropriate agency, whether Federal, State, local, or foreign, charged
with the responsibility of investigating or prosecuting violation of
law, or of enforcing or implementing a statute, rule, regulation, or
order issued pursuant thereto, of any record within this system when
information available indicates a violation or potential violation of
law, whether civil, criminal, or regulatory in nature.
D. To a court or adjudicative body in a proceeding when: (a) USDA
or any component thereof; or (b) any employee of USDA in his or her
official capacity; or (c) any employee of USDA in his or her individual
capacity where USDA has agreed to represent the employee; or the United
States Government is a party to litigation or has an interest in such
litigation, and USDA determines that the records are both relevant and
necessary to the litigation, and that use of such records is therefore
deemed by USDA to be for a purpose that is compatible with the purpose
for which USDA collected the records.
To contractors and their agents, grantees, experts, consultants,
and others performing or working on a contract, service, grant,
cooperative agreement, or other assignment for the USDA, when necessary
to accomplish an agency function related to this system of records.
Individuals providing information under this routine use are subject to
the same Privacy Act requirements and limitations on disclosure as are
applicable to USDA officers and employees.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored on encrypted servers within a secured and
controlled environment. Records backup storage is maintained by the
USDA's Digital Infrastructure Services Center (DISC) in a virtual tape
library at the USDA's DISC facility in Kansas City, MO. Copies of the
backup records are maintained at the USDA DISC facility in St. Louis,
MO. The ePACS has no hardcopy paper records that require storage.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by a combination of name and date range.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records compiled under this SORN will be maintained in accordance
with NARA General Records Schedule (GRS) Transmittal 32 issued March
2022, Items 110 and 120, and NARA records retention schedules DAA-
GRS2017-0006-0014, and DAA-GRS2021-0001-0005, to the extent applicable.
Records may be retained for a longer period as required by litigation,
investigation, and/or audit. A master file backup is created at the end
of the calendar year and maintained in St. Louis, Mo. The St. Louis
offsite storage site is located approximately 250 miles from the
primary data facility and is not susceptible to the same hazards.
[[Page 36274]]
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records in this system are safeguarded by restricting
accessibility, in accordance with USDA security and access policies.
The safeguarding includes secured severs, firewall(s), network
protection, and an encrypted password. Each user is assigned a level of
role-based access, which is strictly controlled and granted through
USDA-approved, secure application (after the user has successfully
completed the Government National Agency Check with Inquiries (NACI)
investigation).
Physical security measures are in place to prevent unauthorized
persons from accessing ePACS as only government furnished equipment is
allowed. The ePACS users are also required to complete appropriate
training to learn requirements for safeguarding records maintained
under the Privacy Act. USDA's Digital Infrastructure Services Center
(DISC) safeguards records and ensures that privacy requirements are met
in accordance with Federal and cyber security mandates. DISC provides
continuous storage management, encryption, security administration,
regular dataset backups, and contingency planning/disaster recovery.
RECORD ACCESS PROCEDURES:
Individuals seeking to gain access to a record in this system of
records, must contact the system manager at the address listed above
and provide the system manager with the necessary particulars such as
full name, date of birth, work address, country of citizenship.
Requesters must also reasonably specify the record contents sought. The
request must meet the requirements of the regulations at 34 CFR 5b.5,
including proof of identity. All requests for access to records must be
in writing and should be submitted to the system manager at the address
listed above. A determination whether a record may be accessed will be
made at the time a request is received. All inquiries should be
addressed in accordance with the ``Notification Procedures'' below.
CONTESTING RECORD PROCEDURES:
Individuals seeking to contest or amend information maintained in
the system should direct their request to the above listed System
Manager and should include the reason for contesting it and the
proposed amendment to the information with supporting information to
show how the record is inaccurate. A request for contesting records
should contain: Name, address including zip code, name of the system of
records, year of records in question, and any other pertinent
information to help identify the data requested.
NOTIFICATION PROCEDURES:
Any individual may request information regarding this system of
records, or information as to whether the system contains records
pertaining to the individual, from the System Manager listed above: See
RECORD ACCESS PROCEDURES.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
Samuel Willis,
Director--Facility Protection Division, Office of Safety, Security and
Protection, Departmental Administration, United States Department of
Agriculture.
[FR Doc. 2023-11753 Filed 6-1-23; 8:45 am]
BILLING CODE 3410-98-P
