Privacy Act of 1974; Notice of a Modified System of Records, 11278-11280 [2024-03000]
Download as PDF
<![CDATA[
11278
Federal Register / Vol. 89, No. 31 / Wednesday, February 14, 2024 / Notices
compromise and prevent, minimize, or
remedy such harm.
j. To a Federal, State, local, or Tribal
agency responsible for investigating,
prosecuting, enforcing, or carrying out a
statute, rule, regulation, or order when
GSA becomes aware of a violation or
potential violation of civil or criminal
law or regulation; or to an agency,
individual or organization, if there is
reason to believe that such agency,
individual or organization possesses
information or is responsible for
acquiring information relating to the
investigation, trial or hearing, and the
dissemination is reasonably necessary to
elicit such information or to obtain the
cooperation of a witness or an
informant.
k. To the Office of Management and
Budget (OMB) when necessary to the
review of private relief legislation
pursuant to OMB Circular No. A–19.
l. To designated agency personnel for
controlled access to specific records for
the purpose of performing authorized
audit or oversight functions.
m. To another Federal agency or
Federal entity, when GSA determines
that information from this system of
records is reasonably necessary to assist
the recipient agency or entity in (1)
responding to a suspected or confirmed
breach or (2) preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including its information
systems, programs, and operations), the
Federal Government, or national
security, resulting from a suspected or
confirmed breach.
n. To agencies, to compare such
records to other agencies’ systems of
records or to non-Federal records, in
coordination with an Office of Inspector
General (OIG) in conducting an audit,
investigation, inspection, evaluation, or
some other review as authorized by the
Inspector General Act.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
All records are stored electronically in
a database. Information is encrypted in
transit and at rest.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
ddrumheller on DSK120RN23PROD with NOTICES1
Records are retrievable by a personal
identifier or by other appropriate type of
designation approved by GSA.
Content in this system will be
disposed according to the following
GSA schedule:
137.3/021 Personal Property Case
Files And Summary Reports. This series
describes those records created when
17:50 Feb 13, 2024
Jkt 262001
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Records in the system are protected
from unauthorized access and misuse
through a combination of
administrative, technical and physical
security measures. Administrative
measures include but are not limited to
policies that limit system access to
individuals within an agency with a
legitimate business need, and regular
review of security procedures and best
practices to enhance security. Technical
measures include but are not limited to
system design that allows authorized
system users access only to data for
which they are responsible; required use
of strong passwords that are frequently
changed; and use of encryption for
certain data transfers. Physical security
measures include but are not limited to
the use of data centers which meet
government requirements for storage of
sensitive data.
RECORD ACCESS PROCEDURES:
If an individual wishes to access any
data or record pertaining to him or her
in the system after it has been
submitted, that individual should
consult the GSA’s Privacy Act
implementation rules available at 41
CFR part 105–64.2.
CONTESTING RECORD PROCEDURES:
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
VerDate Sep<11>2014
accounting for individual instances of
managing the evaluation, processing,
sale, and transfer of excess and personal
property. Included are personal
property sales case files (containing
routine documents associated with the
above-listed activities), excess and
personal property catalogs, bulletins,
and lists, utilization surveys, donation
case files, reserve excess property files,
rehabilitated property stock listings and
reports, and related records.
Retention Instructions: Temporary.
Cut off at the end of the fiscal year when
the property case file or transaction is
completed and the final payment is
received. Destroy 6 fiscal years after
cutoff. Longer retention is authorized if
needed for business reference purposes,
but no longer than 10 fiscal years after
cutoff.
Legal Disposition Authority: DAA–
0137–2015–0001–0010 (137.3/021)
Approved by NARA: 4/5/2018.
If an individual wishes to contest the
content of any record pertaining to him
or her in the system after it has been
submitted, that individual should
consult the GSA’s Privacy Act
implementation rules available at 41
CFR part 105–64.4.
PO 00000
Frm 00032
Fmt 4703
Sfmt 4703
NOTIFICATION PROCEDURES:
If an individual wishes to be notified
at his or her request if the system
contains a record pertaining to him or
her after it has been submitted, that
individual should consult the GSA’s
Privacy Act implementation rules
available at 41 CFR part 105–64.4.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None
HISTORY:
This system was previously published
in the Federal Register at 73 FR 18637,
7–22–11.
Richard Speidel,
Chief Privacy Officer, Office of the Deputy
Chief Information Officer, General Services
Administration.
[FR Doc. 2024–03002 Filed 2–13–24; 8:45 am]
BILLING CODE 6820–AB–P
GENERAL SERVICES
ADMINISTRATION
[Notice–IE–2024–01; Docket No. 2024–0002;
Sequence No. 2]
Privacy Act of 1974; Notice of a
Modified System of Records
Office of the Chief Privacy
Officer; General Services
Administration (GSA).
ACTION: Notice.
AGENCY:
GSA proposes to modify an
existing System of Records Notice to
more accurately describe functionality
of the system of records and to bring the
Notice into compliance with the format
promulgated in OMB Guidance A–108.
DATES: Submit comments on or before
March 15, 2024. The new and/or
significantly modified routine uses will
be applicable on March 15, 2024.
ADDRESSES: Comments may be
submitted to the Federal eRulemaking
Portal, https://www.regulations.gov.
Submit comments by searching for
‘‘Notice-IE–2024–01’’, Notice of Revised
System of Records. Comments may also
be submitted by mail at GSA, Regulatory
Secretariat Division (MVCB), 1800 F
Street NW, Washington, DC 20405.
FOR FURTHER INFORMATION CONTACT: Call
or email Richard Speidel, Chief Privacy
Officer at 202–969–5830 and
gsa.privacyact@gsa.gov.
SUPPLEMENTARY INFORMATION: GSA
proposes to update a system of records
subject to the Privacy Act of 1974, as
amended. GSA is modifying the Notice
to update the system name to ‘‘Cloud
Information Infrastructure System,’’
which was previously entitled ‘‘GSA’s
Enterprise Organization of Google
SUMMARY:
E:\FR\FM\14FEN1.SGM
14FEN1
Federal Register / Vol. 89, No. 31 / Wednesday, February 14, 2024 / Notices
Applications, Moderate Impact Software
as a Service Cloud (SaaS) Minor
Applications & GSA’s EEO Org of
Salesforce.com.’’ This system of records
is directed to GSA’s cloud-based
information infrastructure systems and
services implemented across various
vendors as well as GSA applications, all
of which are part of either the Google
Workspace or Salesforce environments.
Substantive updates are being made to
the Name of the System, System
Manager, Authority for Maintenance of
the System, Purpose, Categories of
Individuals Covered by the System,
Categories of Records in the System,
Record Source Categories, Policies and
Practices for Storage of Records, Policies
and Practices for Retrieval of Records,
Policies and Practices for Retention and
Disposal of Records, Administrative,
Technical, and Physical Safeguards,
Record Access Procedures, and
Notification Procedures. Minor
administrative edits are being made to
the Routine Uses and Contesting Record
Procedures.
GSA is also making technical changes
to GSA/CIO–3 consistent with OMB
Circular No. A–108. Accordingly, GSA
has made technical corrections to
identify the newly-renamed sections:
‘‘Policies and Practices for Storage of
Records,’’ ‘‘Policies and Practices for
Retrieval of Records,’’ ‘‘Policies and
Practices for Retention and Disposal of
Records,’’ ‘‘Administrative, Technical
and Physical Safeguards,’’ ‘‘Record
Access Procedures,’’ ‘‘Contesting Record
Procedures,’’ and ‘‘Notification
Procedures.’’ GSA has also created the
following new sections: ‘‘Security
Classification’’ and ‘‘History.’’
PURPOSES:
SYSTEM NAME AND NUMBER:
Information is provided by the
individual to whom the record pertains.
Cloud Information Infrastructure
System, GSA/CIO–3.
Unclassified.
SYSTEM LOCATION:
The Cloud Information Infrastructure
System is operated and maintained by
GSA and on behalf of GSA by its
contractor(s). It is hosted in secure
cloud hosted data centers in the
continental United States.
ddrumheller on DSK120RN23PROD with NOTICES1
SYSTEM MANAGER:
Associate CIO, Office of Corporate IT
Services, Office of GSA IT, General
Services Administration, 1800 F Street
NW, Washington, DC 20405.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
VerDate Sep<11>2014
17:50 Feb 13, 2024
Jkt 262001
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
The categories of individuals covered
by this system include members of the
public, past and present GSA
employees, past and present GSA
contractors, and past and present
employees of other federal agencies.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system of records includes, but
is not limited to Name, Business Contact
Information (business phone number,
business email address, business
location, organizational information),
Social Security Number (SSN), Personal
Contact Information (personal physical
address, personal phone number,
personal email address), information
regarding employee relocations, and/or
information regarding an individual’s
appointment to one or more advisory
committees (title, details of department/
committee, occupation, appointment
type, funding source).
RECORD SOURCE CATEGORIES:
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES:
SYSTEM CLASSIFICATION:
5 U.S.C. 301; 40 U.S.C. 11315; 44
U.S.C. 3506; E.O. 9397, as amended; 5
U.S.C. 1001–14; 40 U.S.C. 3306.
To maintain a system of records
directed to the use of GSA’s cloud
infrastructure systems, which contain a
disparate set of systems and records. For
example, GSA users maintain a limited
set of personal information on the
Google platform in order to facilitate use
and management of information in order
to carry out the requirements of their
positions. Members of the public
provide contact information to
voluntarily participate in public
outreach programs or to participate in
the groups founded by the Federal
Advisory Committee Act.
In addition to those disclosures
generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a
portion of the records or information
contained in this system may be
disclosed to authorized entities, as is
determined to be relevant and
necessary, outside GSA as a routine use
pursuant to 5 U.S.C. 552a(b)(3) as
follows:
a. To a Member of Congress or his or
her staff on behalf of and at the request
of the individual who is the subject of
the record.
b. To the National Archives and
Records Administration (NARA) for
records management purposes.
c. To an expert, consultant, or
contractor of GSA in the performance of
PO 00000
Frm 00033
Fmt 4703
Sfmt 4703
11279
a Federal duty to which the information
is relevant.
d. To an appropriate Federal, State,
tribal, local, international, or foreign law
enforcement agency or other appropriate
authority charged with investigating or
prosecuting a violation or enforcing or
implementing a law, rule, regulation, or
order, where a record, either on its face
or in conjunction with other
information, indicates a violation or
potential violation of law, which
includes criminal, civil, or regulatory
violations.
e. To the Office of Personnel
Management (OPM), the Office of
Management and Budget (OMB), and
the Government Accountability Office
(GAO) in accordance with their
responsibilities for evaluating Federal
programs.
f. To appropriate agencies, entities,
and persons when
(1) GSA suspects or has confirmed
that the security or confidentiality of
information in the system of records has
been compromised;
(2) GSA has determined that as a
result of the suspected or confirmed
compromise there is a risk of harm to
economic or property interests, identity
theft or fraud, or harm to the security or
integrity of this system or other systems
or programs (whether maintained by
GSA or another agency or entity) that
rely upon the compromised
information; and (3) the disclosure
made to such agencies, entities, and
persons is reasonably necessary to assist
in connection with GSA’s efforts to
respond to the suspected or confirmed
compromise and prevent, minimize, or
remedy such harm.
g. To another Federal agency or
Federal entity, when GSA determines
that information from this system of
records is reasonably necessary to assist
the recipient agency or entity in
(1) responding to a suspected or
confirmed breach or (2) preventing,
minimizing, or remedying the risk of
harm to individuals, the recipient
agency or entity (including its
information systems, programs, and
operations), the Federal Government, or
national security, resulting from a
suspected or confirmed breach.
h. In connection with any litigation or
settlement discussions regarding claims
by or against the GSA, including public
filing with a court, to the extent that
GSA determines the disclosure of the
information is relevant and necessary to
the litigation or discussions.
i. To an appeal, grievance, hearing, or
complaints examiner; an equal
employment opportunity investigator,
arbitrator, or mediator; and an exclusive
representative or other person
E:\FR\FM\14FEN1.SGM
14FEN1
11280
Federal Register / Vol. 89, No. 31 / Wednesday, February 14, 2024 / Notices
authorized to investigate or settle a
grievance, complaint, or appeal filed by
an individual who is the subject of the
record.
j. To compare such records to other
agencies’ systems of records or to nonFederal records, in coordination with an
Office of Inspector General (OIG) in
conducting an audit, investigation,
inspection, evaluation, or some other
review as authorized by the Inspector
General Act.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Electronic records are stored on a
secure server with access limited to staff
on a need-to-know basis.
Records may be retrieved by name or
another identifier.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Records are retained and disposed of
according to GSA records maintenance
and disposition schedules, GSA
Directive CIO 1820.2—‘‘GSA Records
Management Program,’’ and
requirements of the National Archives
and Records Administration (e.g.,
NARA General Records Schedule
(GRS)).
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
The underlying information systems
are authorized to operate by the GSA
CIO. Two-factor authentication is
required and used for all individuals
who access this system.
RECORD ACCESS PROCEDURES:
The Privacy Act allows individuals
the right to access records about them in
a system of records. A request for access
must include: 1. Full Name and
Address; 2. A description of the records
sought; the title and number of this
system of records as published in the
Federal Register; 3. A brief description
of the nature, time, and place of
association with GSA; and 4. Any other
information that will help in locating
the record.
ddrumheller on DSK120RN23PROD with NOTICES1
CONTESTING RECORD PROCEDURES:
An individual may request
amendment to a record by writing to the
system manager with the proposed
amendment, which must bear the
following marking: ‘‘Privacy Act
Request to Amend the Record.’’ Certain
records are unable to be amended.
NOTIFICATION PROCEDURES:
An individual may determine if this
system contains a record pertaining to
17:50 Feb 13, 2024
Jkt 262001
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
79 FR 47138, September 11, 2014; 78
FR 35033, July 11, 2013; 77 FR 63316,
November 15, 2012.
Richard Speidel,
Chief Privacy Officer, Office of the Deputy
Chief Information Officer, General Services
Administration.
[FR Doc. 2024–03000 Filed 2–13–24; 8:45 am]
BILLING CODE 6820–AB–P
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
VerDate Sep<11>2014
them by sending a request in writing,
signed, to the System Manager at the
above address. The same requirements
for Record Access Procedures must be
followed for Notification Procedures.
GENERAL SERVICES
ADMINISTRATION
[OMB Control No. 3090–0292; Docket No.
2024–0001; Sequence No. 1]
Information Collection; FFATA
Subaward and Executive
Compensation Reporting
Requirements
Office of the Integrated Award
Environment, General Services
Administration (GSA).
ACTION: Notice of request for comments
regarding an extension to an existing
OMB information collection.
AGENCY:
Under the provisions of the
Paperwork Reduction Act of 1995, the
Regulatory Secretariat Division will be
submitting to the Office of Management
and Budget (OMB) a request to review
and approve a renewal of the currently
approved information collection
requirement regarding FFATA
Subaward and Executive Compensation
Reporting Requirements.
DATES: Submit comments on or before
April 15, 2024.
ADDRESSES: Submit comments regarding
this burden estimate or any other aspect
of this collection of information,
including suggestions for reducing this
burden to GSA via https://
www.regulations.gov. Submit comments
via the Federal eRulemaking portal by
searching the OMB control number
3090–0292. Select the link ‘‘Comment
Now’’ that corresponds with
‘‘Information Collection 3090–0292,
FFATA Subaward and Executive
Compensation Reporting
Requirements’’. Follow the instructions
provided on the screen. Please include
your name, company name (if any), and
‘‘Information Collection 3090–0292,
FFATA Subaward and Executive
SUMMARY:
PO 00000
Frm 00034
Fmt 4703
Sfmt 4703
Compensation Reporting Requirements’’
on your attached document.
If your comment cannot be submitted
using regulations.gov, call or email the
points of contact in the FOR FURTHER
INFORMATION CONTACT section of this
document for alternate instructions.
Instructions: Please submit comments
only and cite Information Collection
3090–0292, FFATA Subaward and
Executive Compensation Reporting
Requirements, in all correspondence
related to this collection. Comments
received generally will be posted
without change to regulations.gov,
including any personal and/or business
confidential information provided. To
confirm receipt of your comment(s),
please check regulations.gov,
approximately two-to-three days after
submission to verify posting.
FOR FURTHER INFORMATION CONTACT: Ms.
Salomeh Ghorbani, Director, IAE
Outreach and Stakeholder Engagement
Division, at 703–605–3467 or IAE_
Admin@gsa.gov.
SUPPLEMENTARY INFORMATION:
A. Purpose
The Federal Funding Accountability
and Transparency Act (Pub. L. 109–282,
as amended by section 6202(a) of Pub.
L. 110–252), known as FFATA or the
Transparency Act requires information
disclosure of entities receiving Federal
financial assistance through Federal
awards such as Federal contracts, subcontracts, grants and sub-grants, FFATA
2(a), (2), (i), (ii). Beginning October 1,
2010, the currently approved Paperwork
Reduction Act submission directed
compliance with the Transparency Act
to report prime and first-tier subaward
data. Specifically, Federal agencies and
prime awardees of grants were to ensure
disclosure of executive compensation of
both prime and subawardees and
subaward data pursuant to the
Transparency Act. This information
collection requires reporting of only the
information enumerated under the
Transparency Act.
B. Annual Reporting Burden
Sub-award Responses: 639,775.
Hours per Response: 1.
Total Burden Hours: 639,775.
Executive Compensation Responses:
387,644.
Hours per Response: 1.
Total Burden Hours: 387,644.
Total Annual Burden Hours:
1,027,419.
C. Public Comments
Public comments are particularly
invited on: Whether this collection of
information is necessary, whether it will
have practical utility; whether our
E:\FR\FM\14FEN1.SGM
14FEN1
]]>Agencies
[Federal Register Volume 89, Number 31 (Wednesday, February 14, 2024)]
[Notices]
[Pages 11278-11280]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-03000]
-----------------------------------------------------------------------
GENERAL SERVICES ADMINISTRATION
[Notice-IE-2024-01; Docket No. 2024-0002; Sequence No. 2]
Privacy Act of 1974; Notice of a Modified System of Records
AGENCY: Office of the Chief Privacy Officer; General Services
Administration (GSA).
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: GSA proposes to modify an existing System of Records Notice to
more accurately describe functionality of the system of records and to
bring the Notice into compliance with the format promulgated in OMB
Guidance A-108.
DATES: Submit comments on or before March 15, 2024. The new and/or
significantly modified routine uses will be applicable on March 15,
2024.
ADDRESSES: Comments may be submitted to the Federal eRulemaking Portal,
https://www.regulations.gov. Submit comments by searching for ``Notice-
IE-2024-01'', Notice of Revised System of Records. Comments may also be
submitted by mail at GSA, Regulatory Secretariat Division (MVCB), 1800
F Street NW, Washington, DC 20405.
FOR FURTHER INFORMATION CONTACT: Call or email Richard Speidel, Chief
Privacy Officer at 202-969-5830 and [email protected].
SUPPLEMENTARY INFORMATION: GSA proposes to update a system of records
subject to the Privacy Act of 1974, as amended. GSA is modifying the
Notice to update the system name to ``Cloud Information Infrastructure
System,'' which was previously entitled ``GSA's Enterprise Organization
of Google
[[Page 11279]]
Applications, Moderate Impact Software as a Service Cloud (SaaS) Minor
Applications & GSA's EEO Org of Salesforce.com.'' This system of
records is directed to GSA's cloud-based information infrastructure
systems and services implemented across various vendors as well as GSA
applications, all of which are part of either the Google Workspace or
Salesforce environments.
Substantive updates are being made to the Name of the System,
System Manager, Authority for Maintenance of the System, Purpose,
Categories of Individuals Covered by the System, Categories of Records
in the System, Record Source Categories, Policies and Practices for
Storage of Records, Policies and Practices for Retrieval of Records,
Policies and Practices for Retention and Disposal of Records,
Administrative, Technical, and Physical Safeguards, Record Access
Procedures, and Notification Procedures. Minor administrative edits are
being made to the Routine Uses and Contesting Record Procedures.
GSA is also making technical changes to GSA/CIO-3 consistent with
OMB Circular No. A-108. Accordingly, GSA has made technical corrections
to identify the newly-renamed sections: ``Policies and Practices for
Storage of Records,'' ``Policies and Practices for Retrieval of
Records,'' ``Policies and Practices for Retention and Disposal of
Records,'' ``Administrative, Technical and Physical Safeguards,''
``Record Access Procedures,'' ``Contesting Record Procedures,'' and
``Notification Procedures.'' GSA has also created the following new
sections: ``Security Classification'' and ``History.''
SYSTEM NAME AND NUMBER:
Cloud Information Infrastructure System, GSA/CIO-3.
SYSTEM CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The Cloud Information Infrastructure System is operated and
maintained by GSA and on behalf of GSA by its contractor(s). It is
hosted in secure cloud hosted data centers in the continental United
States.
SYSTEM MANAGER:
Associate CIO, Office of Corporate IT Services, Office of GSA IT,
General Services Administration, 1800 F Street NW, Washington, DC
20405.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301; 40 U.S.C. 11315; 44 U.S.C. 3506; E.O. 9397, as
amended; 5 U.S.C. 1001-14; 40 U.S.C. 3306.
PURPOSES:
To maintain a system of records directed to the use of GSA's cloud
infrastructure systems, which contain a disparate set of systems and
records. For example, GSA users maintain a limited set of personal
information on the Google platform in order to facilitate use and
management of information in order to carry out the requirements of
their positions. Members of the public provide contact information to
voluntarily participate in public outreach programs or to participate
in the groups founded by the Federal Advisory Committee Act.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The categories of individuals covered by this system include
members of the public, past and present GSA employees, past and present
GSA contractors, and past and present employees of other federal
agencies.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system of records includes, but is not limited to Name,
Business Contact Information (business phone number, business email
address, business location, organizational information), Social
Security Number (SSN), Personal Contact Information (personal physical
address, personal phone number, personal email address), information
regarding employee relocations, and/or information regarding an
individual's appointment to one or more advisory committees (title,
details of department/committee, occupation, appointment type, funding
source).
RECORD SOURCE CATEGORIES:
Information is provided by the individual to whom the record
pertains.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed to authorized
entities, as is determined to be relevant and necessary, outside GSA as
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
a. To a Member of Congress or his or her staff on behalf of and at
the request of the individual who is the subject of the record.
b. To the National Archives and Records Administration (NARA) for
records management purposes.
c. To an expert, consultant, or contractor of GSA in the
performance of a Federal duty to which the information is relevant.
d. To an appropriate Federal, State, tribal, local, international,
or foreign law enforcement agency or other appropriate authority
charged with investigating or prosecuting a violation or enforcing or
implementing a law, rule, regulation, or order, where a record, either
on its face or in conjunction with other information, indicates a
violation or potential violation of law, which includes criminal,
civil, or regulatory violations.
e. To the Office of Personnel Management (OPM), the Office of
Management and Budget (OMB), and the Government Accountability Office
(GAO) in accordance with their responsibilities for evaluating Federal
programs.
f. To appropriate agencies, entities, and persons when
(1) GSA suspects or has confirmed that the security or
confidentiality of information in the system of records has been
compromised;
(2) GSA has determined that as a result of the suspected or
confirmed compromise there is a risk of harm to economic or property
interests, identity theft or fraud, or harm to the security or
integrity of this system or other systems or programs (whether
maintained by GSA or another agency or entity) that rely upon the
compromised information; and (3) the disclosure made to such agencies,
entities, and persons is reasonably necessary to assist in connection
with GSA's efforts to respond to the suspected or confirmed compromise
and prevent, minimize, or remedy such harm.
g. To another Federal agency or Federal entity, when GSA determines
that information from this system of records is reasonably necessary to
assist the recipient agency or entity in
(1) responding to a suspected or confirmed breach or (2)
preventing, minimizing, or remedying the risk of harm to individuals,
the recipient agency or entity (including its information systems,
programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
h. In connection with any litigation or settlement discussions
regarding claims by or against the GSA, including public filing with a
court, to the extent that GSA determines the disclosure of the
information is relevant and necessary to the litigation or discussions.
i. To an appeal, grievance, hearing, or complaints examiner; an
equal employment opportunity investigator, arbitrator, or mediator; and
an exclusive representative or other person
[[Page 11280]]
authorized to investigate or settle a grievance, complaint, or appeal
filed by an individual who is the subject of the record.
j. To compare such records to other agencies' systems of records or
to non-Federal records, in coordination with an Office of Inspector
General (OIG) in conducting an audit, investigation, inspection,
evaluation, or some other review as authorized by the Inspector General
Act.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Electronic records are stored on a secure server with access
limited to staff on a need-to-know basis.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records may be retrieved by name or another identifier.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and disposed of according to GSA records
maintenance and disposition schedules, GSA Directive CIO 1820.2--``GSA
Records Management Program,'' and requirements of the National Archives
and Records Administration (e.g., NARA General Records Schedule (GRS)).
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The underlying information systems are authorized to operate by the
GSA CIO. Two-factor authentication is required and used for all
individuals who access this system.
RECORD ACCESS PROCEDURES:
The Privacy Act allows individuals the right to access records
about them in a system of records. A request for access must include:
1. Full Name and Address; 2. A description of the records sought; the
title and number of this system of records as published in the Federal
Register; 3. A brief description of the nature, time, and place of
association with GSA; and 4. Any other information that will help in
locating the record.
CONTESTING RECORD PROCEDURES:
An individual may request amendment to a record by writing to the
system manager with the proposed amendment, which must bear the
following marking: ``Privacy Act Request to Amend the Record.'' Certain
records are unable to be amended.
NOTIFICATION PROCEDURES:
An individual may determine if this system contains a record
pertaining to them by sending a request in writing, signed, to the
System Manager at the above address. The same requirements for Record
Access Procedures must be followed for Notification Procedures.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
79 FR 47138, September 11, 2014; 78 FR 35033, July 11, 2013; 77 FR
63316, November 15, 2012.
Richard Speidel,
Chief Privacy Officer, Office of the Deputy Chief Information Officer,
General Services Administration.
[FR Doc. 2024-03000 Filed 2-13-24; 8:45 am]
BILLING CODE 6820-AB-P
