Privacy Act of 1974; System of Records, 77088-77090 [2023-24231]

Agencies

• ENVIRONMENTAL PROTECTION AGENCY

[Federal Register Volume 88, Number 215 (Wednesday, November 8, 2023)]
[Notices]
[Pages 77088-77090]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-24231]


=======================================================================
-----------------------------------------------------------------------

ENVIRONMENTAL PROTECTION AGENCY

[FRL-10620-01-OMS]


Privacy Act of 1974; System of Records

AGENCY: Office of Inspector General, Environmental Protection Agency 
(EPA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The U.S. Environmental Protection Agency's (EPA) Office of 
Inspector General (OIG) is giving notice that it proposes to create a 
new a system of records pursuant to the provisions of the Privacy Act 
of 1974. OIG Data Analytics Enterprise is being created to store and 
maintain records collected by EPA OIG that are necessary in order to 
fulfill the responsibilities of the Inspector General Act of 1978, as 
amended. The EPA OIG will use this system of records to develop data 
models and analytical assessments that will assist with the performance 
of audits, evaluations, investigations, and reviews in order to 
identify fraud, waste, mismanagement, and abuse relating to the 
programs and operations of the EPA.

DATES: Persons wishing to comment on this system of records notice must 
do so by December 8, 2023. Routine uses for this new system of records 
will be effective December 8, 2023.

ADDRESSES: Submit your comments, identified by Docket ID No. EPA-HQ-
OMS-2023-0020, by one of the following methods:
    Federal eRulemaking Portal: https://www.regulations.gov. Follow the 
online instructions for submitting comments.
    Email: [email protected]. Include the Docket ID number in the 
subject line of the message.
    Fax: (202) 566-1752.
    Mail: OMS Docket, Environmental Protection Agency, Mail Code: 
2822T, 1200 Pennsylvania Ave. NW, Washington, DC 20460.
    Hand Delivery: OMS Docket, EPA/DC, WJC West Building, Room 3334, 
1301 Constitution Ave. NW, Washington, DC 20460. Such deliveries are 
only accepted during the Docket's normal hours of operation, and 
special arrangements should be made for deliveries of boxed 
information.
    Instructions: Direct your comments to Docket ID No. EPA-HQ-OMS-
2023-0020. The EPA's policy is that all comments received will be 
included in the public docket without change and may be made available 
online at https://www.regulations.gov, including any personal 
information provided, unless the comment includes information claimed 
to be Controlled Unclassified Information (CUI) or other information 
for which disclosure is restricted by statute. Do not submit 
information that you consider to be CUI or otherwise protected through 
https://www.regulations.gov. The https://www.regulations.gov website is 
an ``anonymous access'' system for the EPA, which means the EPA will 
not know your identity or contact information. If you submit an 
electronic comment, the EPA recommends that you include your name and 
other contact information in the body of your comment. If the EPA 
cannot read your comment due to technical difficulties and cannot 
contact you for clarification, the EPA may not be able to consider your 
comment. If you send an email comment directly to the EPA without going 
through https://www.regulations.gov, your email address will be 
automatically captured and included as part of the comment that is 
placed in the public docket and made available on the internet. 
Electronic files should avoid the use of special characters, any form 
of encryption, and be free of any defects or viruses. For additional 
information about the EPA public docket, visit the EPA Docket Center 
homepage at https://www.epa.gov/dockets.
    Docket: All documents in the docket are listed in the https://www.regulations.gov index. Although listed in the index, some 
information is not publicly available, e.g., CUI or other information 
for which disclosure is restricted by statute. Certain other material, 
such as copyrighted material, will be publicly available only in hard 
copy. Publicly available docket materials are available either 
electronically in https://www.regulations.gov or in hard copy at the 
OMS Docket, EPA/DC, WJC West Building, Room 3334, 1301 Constitution 
Ave. NW, Washington, DC 20460. The Public Reading Room is normally open 
from 8:30 a.m. to 4:30 p.m., Monday through Friday excluding legal 
holidays. The telephone number for the Public Reading Room is (202) 
566-1744, and the telephone number for the OMS Docket is (202) 566-
1752. Further information about EPA Docket Center services and current 
operating status is available at https://www.epa.gov/dockets.

FOR FURTHER INFORMATION CONTACT: Daniel Porter, Director, Data 
Analytics Directorate, Office of Inspector General, Environmental 
Protection Agency, 1200 Pennsylvania Avenue NW, Washington, DC 20004; 
phone number: 202-309-6449; email: [email protected].

SUPPLEMENTARY INFORMATION: The EPA OIG will use this system of records 
to develop data models and analyses in order to identify fraud, waste 
and abuse, and programmatic problems and deficiencies. This system of 
records will allow the EPA OIG to identify correlations between 
existing EPA data sets and other government agency data sets to 
identify patterns and correlations that indicate fraud and issues of 
program waste and abuse. EPA OIG will apply analytics and data modeling 
principles within this system of records to identify problems or 
failures in the implementation or performance of internal controls 
within the EPA. EPA will separately add exemptions for this system of 
records to the Agency's Privacy Act regulations at 40 CFR part 16.

SYSTEM NAME AND NUMBER:
    OIG Data Analytics Enterprise, EPA-100.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Office of Inspector General, Environmental Protection Agency, 109 
T.W. Alexander Drive, Durham, NC 27711.

SYSTEM MANAGER(S):
    Daniel Porter, EPA Office of Inspector General (OIG), Data 
Analytics Directorate (DAD), Director, 1200 Pennsylvania Avenue NW, 
Washington, DC 20004, 202-309-6449, [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The Inspector General Act of 1978, as amended, 5 U.S.C. 401-424 
(Inspector General Act).

PURPOSE(S) OF THE SYSTEM:
    Records contained in OIG Data Analytics Enterprise may be used in 
the course of performing audits, evaluations, and inspections; 
investigating individuals and entities suspected of criminal, civil, or 
administrative misconduct and in

[[Page 77089]]

supporting related judicial and administrative proceedings; or in 
conducting preliminary inquiries undertaken to determine whether to 
commence an audit, evaluation, inspection, or investigation.

CATEGORIES OF INDIVIDUALS COVERED BY SYSTEM:
    The EPA OIG maintains records in OIG Data Analytics Enterprise on 
the following categories of individuals: current, former, and 
prospective EPA employees; contractors; subcontractors; recipients of 
Federal funds and their contractors/subcontractors and employees; 
grantees; sub-grantees; individuals who work on Agency grants (e.g., 
principal investigators); lessees; licensees; persons engaged in 
official business with the Agency; or other persons identified by OIG 
or by other agencies, constituent units of the Agency, and members of 
the general public, in connection with the authorized functions of the 
OIG.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The OIG Data Analytics Enterprise will contain a wide variety of 
records to assist OIG staff in carrying out their work. Categories of 
records may include: information obtained from EPA business systems 
information, including general ledger data, bank account numbers and 
transactions, contracting and business ownership data, Electronic Funds 
Transfer Numbers, customer data, and vendor data; Agency payroll, 
purchase card, and travel card data; System for Award Management 
(SAM.gov) data; general case management documentation; correspondence; 
personally identifiable and business identifiable information, 
including financial, employment, time and attendance, human resources, 
and biometric data and Social Security Numbers; information protected 
by Title 13 of the U.S. Code; trade secrets data and similar 
proprietary data; import/export data, including Automated Export System 
data; law enforcement data; data containing information related to 
Agency grants and contracts, and other data and evidence received, 
collected, or generated by OIG's Data Analytics group while conducting 
its official duties. Social Security Numbers are maintained in the 
system pursuant to authority under the Inspector General Act and are 
collected or received and maintained in the system as necessary by OIG 
to carry out its statutory responsibilities under the Inspector General 
Act.

RECORD SOURCE CATEGORIES:
    Records and information stored in this system of records are 
obtained from both publicly and privately available sources and various 
systems of records and information systems within the EPA and other 
Federal, State, and local agencies, Federal contractors, and non-
government entities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    The routine uses below are both related to and compatible with the 
original purpose for which the information was collected. The following 
general routine uses apply to this system (86 FR 62527): A, B, C, D, E, 
F, G, H, I, J, K, L, and M.
    Additional routine uses that apply to this system are:
    1. To any source, private or public, to the extent necessary to 
secure from such source information relevant to a legitimate EPA 
investigation, audit, decision, or other inquiry.
    2. To a Federal, State, local, Tribal, Territorial, foreign, 
international, or other public authority in response to its request in 
connection with: the hiring, assignment, or retention of an individual; 
the issuance, renewal, retention, or revocation of a security 
clearance; the reporting of an investigation of an individual; the 
execution of a security or suitability investigation; the letting of a 
contract; or the issuance, retention, or revocation of a license, 
grant, award, contract, or other benefit conferred by that entity to 
the extent that the information is relevant and necessary to the 
requesting entity's decision on the matter.
    3. To the Department of Justice (DOJ) or any other Federal agency 
to the extent necessary to obtain their advice relevant to an OIG 
matter, or that has an interest in the record in connection with 
determining whether disclosure thereof is required by the Freedom of 
Information Act (FOIA) (5 U.S.C. 552).
    5. To the Department of the Treasury and the Department of Justice 
when EPA is seeking an ex parte court order to obtain taxpayer 
information from the Internal Revenue Service.
    6. To the news media and public when a public interest justifies 
the disclosure of information on public events such as indictments or 
similar activities and such disclosure would not cause an unwarranted 
invasion of personal privacy.
    7. To the public when the matter under audit or investigation has 
become public knowledge, or when the Inspector General determines that 
such disclosure is necessary to preserve confidence in the integrity of 
the OIG audit or investigative process or is necessary to demonstrate 
the accountability of EPA officers, employees, or individuals covered 
by this system, unless it is determined that disclosure of the specific 
information in the context of a particular case could reasonably be 
expected to constitute an unwarranted invasion of personal privacy.
    8. To Members of Congress and the public in the OIG's Semiannual 
Report to Congress when the Inspector General determines that the 
matter reported is significant.
    9. To a Federal agency responsible for considering suspension or 
debarment action where such record would be relevant to such action.
    10. In response to a lawful subpoena issued by a Federal agency.
    11. To a public or professional licensing organization if the 
record indicates, either by itself or in combination with other 
information, a violation or potential violation of professional 
standards, or reflects on the moral, educational, or professional 
qualifications of an individual who is licensed or who is seeking to 
become licensed.
    12. To any person when disclosure of the record is needed to enable 
the recipient of the record to take action to recover money or property 
of the EPA, when such recovery will accrue to the benefit of the United 
States, or when disclosure of the record is needed to enable the 
recipient of the record to take appropriate disciplinary action to 
maintain the integrity of EPA programs or operations.
    13. To the Office of Government Ethics to comply with agency 
reporting requirements in 5 CFR 2638.206.
    14. To a foreign government or international organization pursuant 
to an international treaty, convention, implementing legislation, or 
executive agreement entered into by the United States.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    These records are maintained electronically on computer storage 
devices managed by the Office of Inspector General, Environmental 
Protection Agency, 1200 Pennsylvania Avenue NW, Washington, DC 20460. 
Electronically stored information is hosted at the EPA National 
Computer Center (NCC), 109 TW Alexander Drive, Research Triangle Park, 
Durham, NC 27711, in agency-owned cloud and on-premise environments. 
Paper records are maintained at the Office of the

[[Page 77090]]

Inspector General at 1200 Pennsylvania Avenue NW, Washington, DC 20460.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by search criteria that include names of 
individuals, names of businesses, identifying particulars, 
organizations, Social Security Number, EPA ID number, or driver's 
license number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained and disposed of in accordance with EPA Records 
Retention Schedules approved by the National Archives and Records 
Administration (NARA).

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Security controls used to protect personal sensitive data in OIG 
Data Analytics Enterprise are commensurate with those required for an 
information system rated MODERATE for confidentiality, integrity, and 
availability, as prescribed in National Institute of Standards and 
Technology (NIST) Special Publication, 800-53, ``Security and Privacy 
Controls for Information Systems and Organizations,'' Revision 5.
    1. Administrative Safeguards: All users must take annual mandatory 
Security Awareness and Privacy training as provided by the Agency. 
Additionally, staff determined to have significant security 
responsibilities are also required to complete role-based training 
(RBT).
    2. Technical Safeguards: Access to electronic records is restricted 
to the OIG staff and contractors individually authorized to access the 
electronic system. Access is restricted based on assigned roles and 
responsibilities. Authentication to the system occurs through the 
Agency's Active Directory Domain Controller. Passwords must meet 
complexity requirements and are changed periodically, in accordance 
with OIG policies. Also, all devices that connect to the system use a 
screen lock; both (screen lock and password) are enforced by Agency 
policy.
    3. Physical Safeguards: Electronic records are stored on servers 
maintained in a locked facility that is secured at all times. All 
electronic media are kept in limited-access areas during duty hours and 
in locked offices during nonduty hours and are used only by authorized 
screened personnel.

RECORD ACCESS PROCEDURES:
    Pursuant to 5 U.S.C. 552a(j)(2), (k)(2), and (k)(5), certain 
records maintained in the OIG Data Analytics Enterprise are exempt from 
specific access and accounting provisions of the Privacy Act. See 40 
CFR 16.11 and 16.12, However, EPA may, in its discretion, grant 
individual requests for access if it determines that the exercise of 
these rights will not interfere with an interest that the exemption is 
intended to protect. Requests for access must be made in accordance 
with the procedures described in EPA's Privacy Act regulations at 40 
CFR part 16.

CONTESTING RECORD PROCEDURES:
    Pursuant to 5 U.S.C. 552a(j)(2), (k)(2), and (k)(5), certain 
records maintained in the OIG Data Analytics Enterprise are exempt from 
specific access and accounting provisions of the Privacy Act. See 40 
CFR 16.11 and 16.12. However, EPA may, in its discretion, grant 
individual requests for correction and amendment if it determines that 
the exercise of these rights will not interfere with an interest that 
the exemption is intended to protect. Requests for correction and 
amendment must identify the record to be changed and the correction 
sought, and must be made in accordance with the procedures described in 
EPA's Privacy Act regulations at 40 CFR part 16.

NOTIFICATION PROCEDURES:
    Individuals who wish to be informed whether a Privacy Act system of 
records maintained by EPA contains any record pertaining to them, 
should make a written request to the EPA, Attn: Agency Privacy Officer, 
MC 2831T, 1200 Pennsylvania Ave. NW, Washington, DC 20460, or by email 
at: [email protected]. A full description of EPA's Privacy Act procedures 
is included in EPA's Privacy Act regulations at 40 CFR part 16.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    EPA has exempted records maintained in this system from 5 U.S.C. 
552a(c)(3) and (4); 5 U.S.C. 552a(d); 5 U.S.C. 552a(e)(1), (2) and (3); 
5 U.S.C. 552a(e)(4)(G) and (H); 5 U.S.C. 552a(e)(5) and (8); 5 U.S.C. 
552a(f)(2) through (5); and 5 U.S.C. 552a(g) of the Privacy Act 
pursuant to 5 U.S.C. 552a(j)(2). EPA has also exempted records 
maintained in this system from 5 U.S.C. 552a(c)(3), 5 U.S.C. 552a(d), 5 
U.S.C. 552a(e)(1), 5 U.S.C. 552a(e)(4)(G) and (H) and 5 U.S.C. 
552a(f)(2) through (5) of the Privacy Act under 5 U.S.C. 552a(k)(2). 
EPA has also exempted records maintained in this system from 5 U.S.C. 
552a(c)(3) and 5 U.S.C. 552a(d) of the Privacy Act pursuant to 5 U.S.C. 
552a(k)(5). An exemption rule for this record system has been 
promulgated in accordance with the requirements of 5 U.S.C. 553(b)(1), 
(2), and (3), (c) and (e) and published in 40 CFR part 16. In addition, 
when exempt records received from other systems of records become part 
of this system, EPA also claims the same exemptions for those records 
that are claimed for the prior system(s) of records from which they 
were a part and claims any additional exemptions set forth here.

HISTORY:
    None.

Vaughn Noga,
Senior Agency Official for Privacy.
[FR Doc. 2023-24231 Filed 11-7-23; 8:45 am]
BILLING CODE 6560-50-P