Privacy Act of 1974; System of Records, 11277-11278 [2024-03002]

Agencies

• General Services Administration

[Federal Register Volume 89, Number 31 (Wednesday, February 14, 2024)]
[Notices]
[Pages 11277-11278]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-03002]



[[Page 11277]]

=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

[Notice-IE-2024-01 Docket No. 2024-0002; Sequence No. 5]


Privacy Act of 1974; System of Records

AGENCY: General Services Administration.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: GSA reviews its Privacy Act systems to ensure that they are 
relevant, necessary, accurate, up-to-date, and covered by the 
appropriate legal or regulatory authority. This notice is an updated 
Privacy Act system of records notice.

DATES: This system of records will go into effect without further 
notice on March 15, 2024 unless otherwise revised pursuant to comments 
received.

ADDRESSES: Comments may be submitted to the Federal eRulemaking Portal, 
https://www.regulations.gov. Submit comments by searching for GSA/FSS-
13, Personal Property Sales Program. Comments may also be submitted by 
mail at, General Services Administration, Regulatory Secretariat 
Division (MVCB), 1800 F Street NW, Washington, DC 20405.

FOR FURTHER INFORMATION CONTACT: Call or email Richard Speidel, Chief 
Privacy Officer, at 202-969-5830 and [email protected].

SUPPLEMENTARY INFORMATION: GSA proposes to modify a system of records 
subject to the Privacy Act of 1974, 5 U.S.C. 552a, to update its 
routine uses pertaining to breach notification and to coordinate with 
the Office of the Inspector General when conducting an audit. GSA is 
also making technical changes to GSA/FSS-13 consistent with OMB 
Circular No. A-108. Accordingly, GSA has made technical corrections and 
non-substantive language revisions to the following sections: 
``Policies and Practices for Storage of Records,'' ``Policies and 
Practices for Retrieval of Records,'' ``Policies and Practices for 
Retention and Disposal of Records,'' ``Administrative, Technical and 
Physical Safeguards,'' ``Record Access Procedures,'' ``Contesting 
Record Procedures,'' and ``Notification Procedures''. GSA has also 
created the following new sections: ``Security Classification'' and 
``History.''

SYSTEM NAME:
    Personal Property Sales Program.

SYSTEM NUMBER:
    GSA/FSS-13.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    GSA Federal Acquisition Service (FAS) is the owner and is 
responsible for the system. The system is hosted, operated, and 
maintained by contractors. Records are maintained in an electronic form 
on a Software as a Service (SaaS) platform, within the United States. 
Contact the system manager for additional information.

SYSTEM MANAGER(S):
    Narendra Rao Namana, Director of Personal Property and Travel 
Transportation Division, Office of GSA IT, General Services 
Administration, 1800 F Street NW, Washington, DC 20405.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    40 U.S.C. 121(c) and 40 U.S.C. 541, et seq.

PURPOSE(S) OF THE SYSTEM:
    To establish and maintain a system of records for conducting public 
sales of Federal personal property by GSA.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The system will include those individuals who request to be added 
to GSA bidders mailing lists, register to bid on GSA sales, and/or 
enter into contracts to buy Federal personal property at sales 
conducted by GSA.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system contains information needed to identify potential and 
actual bidders and awardees, and transaction information involving 
personal property sales. System records include:
    a. Personal information provided by bidders and buyers, including, 
but not limited to, names, phone numbers, addresses, Social Security 
Numbers, birth dates and credit card numbers or other banking 
information; and
    b. Contract information on Federal personal property sales, 
including whether payment was received, the form of the payment, 
notices of default, and contract claim information.

RECORD SOURCE CATEGORIES:
    Information is provided by individuals who wish to participate in 
the GSA personal property sales program, and system transactions 
designed to gather and maintain data and to manage and evaluate the 
Federal personal property disposal program.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    a. In any criminal, civil, or administrative legal proceeding, 
where pertinent, to which GSA, a GSA employee, or the United States or 
other entity of the United States Government is a party before a court 
or administrative body.
    b. To an appeal, grievance, hearing, or complaints examiner; an 
equal employment opportunity investigator, arbitrator, or mediator; 
and/or an exclusive representative or other person authorized to 
investigate or settle a grievance, complaint, or appeal filed by an 
individual who is the subject of the record.
    c. To a Federal agency, State, local, Tribal or other public 
authority in connection with the hiring or retention of an employee, 
the issuance of a security clearance, the reporting of an 
investigation, the letting of a contract, or the issuance of a grant, 
license, or other benefit to the extent that the information is 
relevant and necessary to a decision.
    d. To the Office of Personnel Management (OPM), the Office of 
Management and Budget (OMB), or the Government Accountability Office 
(GAO) when the information is required for program evaluation purposes.
    e. To a Member of Congress or his or her staff on behalf of and at 
the request of the individual who is the subject of the record.
    f. To an expert, consultant, or contractor of GSA in the 
performance of a Federal duty related to the contract or appointment to 
which the information is relevant.
    g. To the GSA Office of Finance for debt collection purposes (see 
GSA/PPFM-7).
    h. To the National Archives and Records Administration (NARA) for 
records management purposes.
    i. To appropriate agencies, entities, and persons when (1) The 
Agency suspects or has confirmed that the security or confidentiality 
of information in the system of records has been compromised; (2) the 
Agency has determined that as a result of the suspected or confirmed 
compromise there is a risk of harm to economic or property interests, 
identity theft or fraud, or harm to the security or integrity of this 
system or other systems or programs (whether maintained by GSA or 
another agency or entity) that rely upon the compromised information; 
and (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with GSA's efforts to 
respond to the suspected or confirmed

[[Page 11278]]

compromise and prevent, minimize, or remedy such harm.
    j. To a Federal, State, local, or Tribal agency responsible for 
investigating, prosecuting, enforcing, or carrying out a statute, rule, 
regulation, or order when GSA becomes aware of a violation or potential 
violation of civil or criminal law or regulation; or to an agency, 
individual or organization, if there is reason to believe that such 
agency, individual or organization possesses information or is 
responsible for acquiring information relating to the investigation, 
trial or hearing, and the dissemination is reasonably necessary to 
elicit such information or to obtain the cooperation of a witness or an 
informant.
    k. To the Office of Management and Budget (OMB) when necessary to 
the review of private relief legislation pursuant to OMB Circular No. 
A-19.
    l. To designated agency personnel for controlled access to specific 
records for the purpose of performing authorized audit or oversight 
functions.
    m. To another Federal agency or Federal entity, when GSA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    n. To agencies, to compare such records to other agencies' systems 
of records or to non-Federal records, in coordination with an Office of 
Inspector General (OIG) in conducting an audit, investigation, 
inspection, evaluation, or some other review as authorized by the 
Inspector General Act.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    All records are stored electronically in a database. Information is 
encrypted in transit and at rest.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrievable by a personal identifier or by other 
appropriate type of designation approved by GSA.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Content in this system will be disposed according to the following 
GSA schedule:
    137.3/021 Personal Property Case Files And Summary Reports. This 
series describes those records created when accounting for individual 
instances of managing the evaluation, processing, sale, and transfer of 
excess and personal property. Included are personal property sales case 
files (containing routine documents associated with the above-listed 
activities), excess and personal property catalogs, bulletins, and 
lists, utilization surveys, donation case files, reserve excess 
property files, rehabilitated property stock listings and reports, and 
related records.
    Retention Instructions: Temporary. Cut off at the end of the fiscal 
year when the property case file or transaction is completed and the 
final payment is received. Destroy 6 fiscal years after cutoff. Longer 
retention is authorized if needed for business reference purposes, but 
no longer than 10 fiscal years after cutoff.
    Legal Disposition Authority: DAA-0137-2015-0001-0010 (137.3/021)
    Approved by NARA: 4/5/2018.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in the system are protected from unauthorized access and 
misuse through a combination of administrative, technical and physical 
security measures. Administrative measures include but are not limited 
to policies that limit system access to individuals within an agency 
with a legitimate business need, and regular review of security 
procedures and best practices to enhance security. Technical measures 
include but are not limited to system design that allows authorized 
system users access only to data for which they are responsible; 
required use of strong passwords that are frequently changed; and use 
of encryption for certain data transfers. Physical security measures 
include but are not limited to the use of data centers which meet 
government requirements for storage of sensitive data.

RECORD ACCESS PROCEDURES:
    If an individual wishes to access any data or record pertaining to 
him or her in the system after it has been submitted, that individual 
should consult the GSA's Privacy Act implementation rules available at 
41 CFR part 105-64.2.

CONTESTING RECORD PROCEDURES:
    If an individual wishes to contest the content of any record 
pertaining to him or her in the system after it has been submitted, 
that individual should consult the GSA's Privacy Act implementation 
rules available at 41 CFR part 105-64.4.

NOTIFICATION PROCEDURES:
    If an individual wishes to be notified at his or her request if the 
system contains a record pertaining to him or her after it has been 
submitted, that individual should consult the GSA's Privacy Act 
implementation rules available at 41 CFR part 105-64.4.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None

HISTORY:
    This system was previously published in the Federal Register at 73 
FR 18637, 7-22-11.

Richard Speidel,
Chief Privacy Officer, Office of the Deputy Chief Information Officer, 
General Services Administration.
[FR Doc. 2024-03002 Filed 2-13-24; 8:45 am]
BILLING CODE 6820-AB-P