Privacy Act of 1974; System of Records, 14531-14533 [2024-04006]
Download as PDF
<![CDATA[
Federal Register / Vol. 89, No. 39 / Tuesday, February 27, 2024 / Notices
name, current address, and sufficient
identifying information such as date of
birth or other information required for
verification of the requestor’s identity.
The request must be signed and dated
and be either notarized or submitted
under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted
by mail must be clearly marked
‘‘PRIVACY ACT REQUEST FOR
AMENDMENT’’ on both the envelope
and letter. A request for amendment
must meet the requirements of 43 CFR
2.246.
NOTIFICATION PROCEDURES:
An individual requesting notification
of the existence of records containing
their personally identifying information,
should send a written inquiry to the
applicable System Manager as identified
above. Presidio Trust instructions for
submitting a request for notification are
available on the Presidio Trust Privacy
Act Requests website at https://
www.PresidioTrust.gov/privacy/privacyact-requests. The request must include a
general description of the records and
the requester’s full name, current
address, and sufficient identifying
information such as date of birth or
other information required for
verification of the requestor’s identity.
The request must be signed and dated
and be either notarized or submitted
under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted
by mail must be clearly marked
‘‘PRIVACY ACT INQUIRY’’ on both the
envelope and letter. A request for
notification must meet the requirements
of 43 CFR 2.235.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
No.
HISTORY:
No.
Luke Donohue,
Director of Administration.
[FR Doc. 2024–04007 Filed 2–26–24; 8:45 am]
BILLING CODE P
THE PRESIDIO TRUST
Privacy Act of 1974; System of
Records
The Presidio Trust.
Notice of a new System of
Records.
AGENCY:
lotter on DSK11XQN23PROD with NOTICES1
ACTION:
Pursuant to the provisions of
the Privacy Act of 1974, as amended,
the Presidio Trust is issuing a public
notice of its intent to establish a Parking
Payment Compliance Program, system
of records. INTERIOR PRESIDIO
SUMMARY:
VerDate Sep<11>2014
16:53 Feb 26, 2024
Jkt 262001
TRUST/Department of Planning and
Compliance-XX, Passport Inc.
Enforcement Software Solution.
DATES: This system of records is
effective upon publication. New routine
uses will be effective March 28, 2024.
ADDRESSES: You may send comments
via email to the interim Privacy Officer,
within Presidio Trust’s Department of
Administration, Luke Donohue,
LDonohue@presidiotrust.gov. or via U.S.
Mail 1750 Lincoln Blvd., San Francisco,
CA 94129.
FOR FURTHER INFORMATION CONTACT:
Luke Donohue, interim Privacy Officer,
Presidio Trust, 1750 Lincoln Blvd., San
Francisco, CA 94129, LDonohue@
presidiotrust.gov.
SUPPLEMENTARY INFORMATION: The
purpose of the Presidio Trust’s Parking
Payment Compliance Program is to
encourage voluntary compliance with
the parking payment regulations.
Information collected includes a
database of violations issued, appeals
submitted, and records of
correspondence. The system contains
records which include first name, last
name, cell phone number, email
address, license plate number or VIN
number, vehicle make/model, date/time
of violation issuance, and photos taken
of the vehicle by enforcement staff
member when issuing the citation.
Credit card information is separately
held by the system but not shared with
the Presidio Trust or its contractors. All
information is collected and stored on
the Passport Inc. Enforcement software.
The parking enforcement contractor
utilizes the Passport Inc. Enforcement
software when issuing violations in the
field. The contractor enters the relevant
fields, such as vehicle make and model,
into the Passport system using a
handheld device. Once the required
information has been inputted, a notice
of violation is printed and posted to the
vehicle and a record of the violation is
stored on the Passport system. The
recipient of a violation is provided with
instructions to pay their violation fee
online. When the violation recipient
pays their fee online, the Passport
system collects their name and email
address. If the recipient of a violation
has not paid their violation fee within
10 days, a delinquent letter is sent to the
vehicle’s registered owner. The
registered owner’s mailing address is
accessed from the California DMV
database. If the recipient choses to
appeal their violation, the recipient will
provide their contact information,
including their home address and phone
number.
This information is retained for twoyears, after which it is purged. As per
PO 00000
Frm 00102
Fmt 4703
Sfmt 4703
14531
Passport’s Privacy Policy, California
residents have the right to request, at no
charge, deletion of their personal
information that Passport has collected
about them and to have such personal
information deleted, except where an
exemption applies.
SYSTEM NAME AND NUMBER:
Parking Payment Compliance
Program, Presidio Trust/Internal-2.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Department of Planning &
Compliance, 1750 Lincoln Blvd., San
Francisco CA 94129. transportation@
presidiotrust.gov.
SYSTEM MANAGER(S):
Department of Planning &
Compliance, 1750 Lincoln Blvd., San
Francisco CA 94129. transportation@
presidiotrust.gov.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Title I, Omnibus Parks Public Lands
Act of 1996, Public Law 104–333
(https://www.govinfo.gov/link/plaw/
104/public/333), 110 Stat. 4097.
PURPOSE(S) OF THE SYSTEM:
The primary purpose of the system is
to encourage voluntary compliance with
parking payment regulations by issuing
notices and fees to non-compliant users.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Records of violation are stored by
license plate number. Vehicles that have
been identified as not complying with
the parking payment regulations and
receive a violation are covered by this
system. This includes Presidio Park
Visitors, Presidio Trust Staff, and
Presidio Park Residents and Commercial
Tenants.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains records of
violations issued, which include first
name, last name, cell phone number,
email address, license plate number,
vehicle make/model, date/time of
violation issuance, and photos taken of
the vehicle by enforcement staff member
when issuing the citation. A record of
appeals submitted is maintained and
include written and photographic
evidence submitted by the user. Records
of correspondence are maintained and
include delinquent notices sent to the
registered owner and emails
communicating the result of an appeal.
Mailed letters of correspondence
include the register owner’s mailing
address. Credit card information is
E:\FR\FM\27FEN1.SGM
27FEN1
14532
Federal Register / Vol. 89, No. 39 / Tuesday, February 27, 2024 / Notices
separately held by the system but not
shared with the Presidio Trust or its
contractors.
RECORD SOURCE CATEGORIES:
Records maintained by Passport are
obtained from multiple sources. This
includes records inputted by the
enforcement staff member, mailing
addresses from the California DMV
database, and information provided by
the recipient. These records are retained
for two years unless otherwise requested
by the individual. Paid violations and
closed appeals may be deleted at the
request of individual, open violations
cannot be deleted at the request of the
individual.
lotter on DSK11XQN23PROD with NOTICES1
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
In addition to those disclosures
generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a
portion of the records or information
contained in this system may be
disclosed outside the Department of
Interior as a routine use pursuant to 5
U.S.C. 552a(b)(3) may be made to:
(1) The appropriate Federal, State,
local or foreign agency responsible for
obtaining information relevant for
investigating, prosecuting, enforcing, or
implementing a statue, rule, regulation,
or order when Presidio Trust becomes
aware of an indication of a violation or
potential violation of civil or criminal
law or regulation.
(2) The U.S. Department of Justice or
in a proceeding before a court or
adjudicative body when:
(a) The United States, the Presidio
Trust, a component of the Presidio
Trust, or, when represented by the
government, an employee of the
Presidio Trust is a party to litigation or
anticipated litigation or has an interest
in such litigation, and
(b) The Presidio Trust determines that
the disclosure is relevant and necessary
to the litigation and is compatible with
the purpose for which the records were
compiled.
(3) To a congressional office from the
record of an individual in response to
an inquiry from the congressional office
made at the request of that individual.
(4) To appropriate agencies, entities,
and persons when:
(a) The Presidio Trust suspects or has
confirmed that there has been a breach
of the system of records
(b) The Presidio Trust has determined
that as a result of the suspected or
confirmed breach there is a risk of harm
to individuals, The Presidio Trust
(including its information systems,
programs, and operations), the Federal
Government, or national security.
VerDate Sep<11>2014
16:53 Feb 26, 2024
Jkt 262001
(c) The disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with The Presidio Trusts
efforts to respond to the suspected or
confirmed breach or to prevent,
minimize, or remedy such harm.
(5) To another Federal agency or
Federal entity, when the Presidio Trust
determines that information from this
system of records is reasonably
necessary to assist the recipient agency
or entity in:
(a) Responding to a suspected or
confirmed breach.
(b) Preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including its information
systems, programs, and operations), the
Federal Government, or national or
national security, resulting from a
suspected or confirmed breach.
(6) To Contractors when the
contractor is working on a contract,
service, job, or other activity for the
Agency and who have a need to have
access to the information in
performance of their duties or activities
for the Agency. Recipients will be
required to comply with the
requirements of the Privacy Act of 1974
as provided in 5 U.S.C. 552a(m).
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
These records are stored online
within the Passport backend
management system, Operator
Management or ‘‘OpsMan’’. All
functions and features are password
protected. The physical security of the
Passport Inc. data center is managed by
Amazon AWS data centers and physical
access to the Passport office is restricted
using employee ID badges.
Passport has a completely separate
cardholder data environment that is
subject to PCI compliance were all
credit card data is processed and stored.
Credit card numbers are encrypted with
AES–256 with a rotating encryption key.
All information is stored in an isolated
card storage database per best practices.
Passport completes assessments every
year to ensure the effectiveness of its
controls. This includes SOC 1 Type 2,
SOC 2 Type 2, and a PCI DSS.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
The Passport records system may only
be accessed by the Presidio Trust’s
Transportation and the parking
enforcement. Each individual staff
member receives a unique account. The
login requires a multi-factor
authentication.
The Passport system keeps an audit
trail of all actions within. This records
PO 00000
Frm 00103
Fmt 4703
Sfmt 4703
the action performed, date, and user.
The system will also record reports run,
searches performed (With search
parameters) from a CSR perspective as
well. Passport gives the Presidio Trust
full discretion as to how to manage its
system and can limit access by the
individual user or their role within the
Presidio Trust’s administration.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Violation and appeal records are kept
for two years or until requested by the
individual. Records are purged from the
Passport system and no records are
stored outside the Passport system,
either electronically or printed.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Passport’s cybersecurity program
aligns with the NIST Cybersecurity
Framework, and Passport is SOC 2
compliant and PCI DSS Level 1
merchant and service provider certified.
Passport’s defensive line is monitored
24/7, 365 days a year by trained
professionals. Passport complies with
all applicable laws and regulations
concerning privacy and data protection
including the California Consumer
Privacy Act (CCPA) and the EU General
Data Protection Regulation (GDPR).
Passport utilizes intrusion detection
systems, virtual private network (VPN),
and public key infrastructure (PKI)
certificates.
RECORD ACCESS PROCEDURES:
An individual requesting access to
their records should send a written
inquiry to the applicable System
Manager or the Privacy Act Officer
identified above. A Privacy Act request
must meet the requirements of 36 CFR
1008 (https://www.ecfr.gov/current/title36/chapter-X/part-1008). The request
must include a general description of
the records sought and the requester’s
full name, current address, and
sufficient identifying information such
as date of birth or other information
required for verification of the
requestor’s identity. The request must
be signed and dated and be either
notarized or submitted under penalty of
perjury in accordance with 28 U.S.C.
1746.
Requests submitted by mail must be
clearly marked ‘‘PRIVACY ACT
REQUEST FOR ACCESS’’ on both the
envelope and letter. A request to access
records must meet the requirements of
36 CFR 1008 and 36 CFR 1008.13
(https://www.ecfr.gov/current/title-36/
section-1008.13)–.14, .16–.17.
E:\FR\FM\27FEN1.SGM
27FEN1
Federal Register / Vol. 89, No. 39 / Tuesday, February 27, 2024 / Notices
CONTESTING RECORD PROCEDURES:
RAILROAD RETIREMENT BOARD
An individual requesting amendment
of their records should send a written
request to the applicable System
Manager or the Privacy Act Officer as
identified above. DOI instructions for
submitting a request for amendment of
records are available on the DOI Privacy
Act Requests website at https://
www.doi.gov/privacy/privacy-actrequests. The request must clearly
identify the records for which
amendment is being sought, the reasons
for requesting the amendment, and the
proposed amendment to the record. The
request must include the requester’s full
name, current address, and sufficient
identifying information such as date of
birth or other information required for
verification of the requestor’s identity.
The request must be signed and dated
and be either notarized or submitted
under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted
by mail must be clearly marked
‘‘PRIVACY ACT REQUEST FOR
AMENDMENT’’ on both the envelope
and letter. A request to contest or amend
records must meet the requirements of
36 CFR 1008 and 36 CFR 1008.18
(https://www.ecfr.gov/current/title-36/
section-1008.18)–.19, .22, .24.
NOTIFICATION PROCEDURES:
Notice is hereby given in accordance
with Public Law 92–463 that the
Actuarial Advisory Committee will hold
a virtual meeting on April 3, 2024, at 9
a.m. (central standard time) on the
conduct of the 29th Actuarial Valuation
of the Railroad Retirement System. The
agenda for this meeting will include a
discussion of the assumptions to be
used in the 29th Actuarial Valuation. A
report containing recommended
assumptions and the experience on
which the recommendations are based
will have been sent by the Chief Actuary
to the Committee in advance of the
meeting.
The meeting will be open to the
public. Persons wishing to submit
written statements, make oral
presentations, or attend the meeting
should address their communications or
notices to Patricia Pruitt
(Patricia.Pruitt@rrb.gov) so that
information on how to join the virtual
meeting can be provided.
Dated: February 22, 2024.
Stephanie Hillyard,
Secretary to the Board.
[FR Doc. 2024–04016 Filed 2–26–24; 8:45 am]
An individual requesting notification
of the existence of records about them
should send a written inquiry to the
applicable System Manager as or the
Privacy Act Officer identified above. A
Privacy Act request must meet the
requirements of 36 CFR 1008 (https://
www.ecfr.gov/current/title-36/chapterX/part-1008). The request must include
a general description of the records and
the requester’s full name, current
address, and sufficient identifying
information such as date of birth or
other information required for
verification of the requestor’s identity.
The request must be signed and dated
and be either notarized or submitted
under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted
by mail must be clearly marked
‘‘PRIVACY ACT INQUIRY’’ on both the
envelope and letter.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
lotter on DSK11XQN23PROD with NOTICES1
Actuarial Advisory Committee With
Respect to the Railroad Retirement
Account; Notice of Public Meeting
HISTORY:
None.
Luke Donohue,
Director of Administration.
BILLING CODE 7905–01–P
SECURITIES AND EXCHANGE
COMMISSION
[Securities Act of 1933 Release No. 11273/
February 22, 2024; Securities Exchange Act
of 1934 Release No. 99583/February 22,
2024]
Order Regarding Review of Financial
Accounting Standards Board (FASB)
Accounting Support Fee for 2024
Under Section 109 of the SarbanesOxley Act of 2002
The Sarbanes-Oxley Act of 2002
(‘‘SOX’’ or the ‘‘Act’’) provides that the
Securities and Exchange Commission
(the ‘‘Commission’’) may recognize, as
generally accepted for purposes of the
securities laws, any accounting
principles established by a standardsetting body that meets certain criteria.1
Section 109 of SOX provides that all of
the budget of such a standard-setting
body shall be payable from an annual
accounting support fee assessed and
collected against each issuer, as may be
necessary or appropriate to pay for the
budget and provide for the expenses of
the standard-setting body, and to
[FR Doc. 2024–04006 Filed 2–26–24; 8:45 am]
1 See
BILLING CODE 4310–4R–P
VerDate Sep<11>2014
16:53 Feb 26, 2024
Jkt 262001
PO 00000
provide for an independent, stable
source of funding, subject to review by
the Commission. Under Section 109(f)
of the Act, the amount of fees collected
for a fiscal year shall not exceed the
‘‘recoverable budget expenses’’ of the
standard-setting body. Section 109(i) of
SOX amends Section 13(b)(2) of the
Securities Exchange Act of 1934 to
require issuers to pay the allocable share
of a reasonable annual accounting
support fee or fees, determined in
accordance with Section 109 of the Act.
On April 25, 2003, the Commission
issued a policy statement concluding
that the Financial Accounting Standards
Board (‘‘FASB’’) and its parent
organization, the Financial Accounting
Foundation (‘‘FAF’’), satisfied the
criteria for an accounting standardsetting body under the Act, and
recognizing the FASB’s financial
accounting and reporting standards as
‘‘generally accepted’’ under Section 108
of the Act.2 Accordingly, the
Commission undertook a review of the
FASB’s accounting support fee for
calendar year 2024.3 In connection with
its review, the Commission also
reviewed the budget for the FAF and the
FASB for calendar year 2024.
Section 109 of SOX provides that, in
addition to the accounting support fee,
the standard-setting body can have
additional sources of revenue for its
activities, such as earnings from sales of
publications, provided that each
additional source of revenue shall not
jeopardize, in the judgment of the
Commission, the actual or perceived
independence of the standard setter. In
this regard, the Commission also
considered the interrelation of the
operating budgets of the FAF, the FASB,
and the Governmental Accounting
Standards Board (‘‘GASB’’), the FASB’s
sister organization, which sets
accounting standards used by state and
local government entities. The
Commission has been advised by the
FAF that neither the FAF, the FASB, nor
the GASB accept contributions from the
accounting profession.
The Commission understands that the
Office of Management and Budget
(‘‘OMB’’) has determined the FASB’s
spending of the 2024 accounting
support fee is sequestrable under the
Budget Control Act of 2011.4 So long as
2 See Commission Statement of Policy
Reaffirming the Status of the FASB as a Designated
Private-Sector Standard Setter, Release No. 33–8221
(Apr. 25, 2003) [68 FR 23333 (May 1, 2003)].
3 The Financial Accounting Foundation’s Board
of Trustees approved the FASB’s budget on Oct. 30,
2023. The FAF submitted the approved budget to
the Commission on Nov. 1, 2023.
4 See OMB Report to the Congress on the
BBEDCA 251A Sequestration for Fiscal Year 2024,
15 U.S.C. 7201 et seq.
Frm 00104
Fmt 4703
Sfmt 4703
14533
Continued
E:\FR\FM\27FEN1.SGM
27FEN1
]]>Agencies
[Federal Register Volume 89, Number 39 (Tuesday, February 27, 2024)]
[Notices]
[Pages 14531-14533]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-04006]
-----------------------------------------------------------------------
THE PRESIDIO TRUST
Privacy Act of 1974; System of Records
AGENCY: The Presidio Trust.
ACTION: Notice of a new System of Records.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as
amended, the Presidio Trust is issuing a public notice of its intent to
establish a Parking Payment Compliance Program, system of records.
INTERIOR PRESIDIO TRUST/Department of Planning and Compliance-XX,
Passport Inc. Enforcement Software Solution.
DATES: This system of records is effective upon publication. New
routine uses will be effective March 28, 2024.
ADDRESSES: You may send comments via email to the interim Privacy
Officer, within Presidio Trust's Department of Administration, Luke
Donohue, [email protected]. or via U.S. Mail 1750 Lincoln
Blvd., San Francisco, CA 94129.
FOR FURTHER INFORMATION CONTACT: Luke Donohue, interim Privacy Officer,
Presidio Trust, 1750 Lincoln Blvd., San Francisco, CA 94129,
[email protected].
SUPPLEMENTARY INFORMATION: The purpose of the Presidio Trust's Parking
Payment Compliance Program is to encourage voluntary compliance with
the parking payment regulations. Information collected includes a
database of violations issued, appeals submitted, and records of
correspondence. The system contains records which include first name,
last name, cell phone number, email address, license plate number or
VIN number, vehicle make/model, date/time of violation issuance, and
photos taken of the vehicle by enforcement staff member when issuing
the citation. Credit card information is separately held by the system
but not shared with the Presidio Trust or its contractors. All
information is collected and stored on the Passport Inc. Enforcement
software.
The parking enforcement contractor utilizes the Passport Inc.
Enforcement software when issuing violations in the field. The
contractor enters the relevant fields, such as vehicle make and model,
into the Passport system using a handheld device. Once the required
information has been inputted, a notice of violation is printed and
posted to the vehicle and a record of the violation is stored on the
Passport system. The recipient of a violation is provided with
instructions to pay their violation fee online. When the violation
recipient pays their fee online, the Passport system collects their
name and email address. If the recipient of a violation has not paid
their violation fee within 10 days, a delinquent letter is sent to the
vehicle's registered owner. The registered owner's mailing address is
accessed from the California DMV database. If the recipient choses to
appeal their violation, the recipient will provide their contact
information, including their home address and phone number.
This information is retained for two-years, after which it is
purged. As per Passport's Privacy Policy, California residents have the
right to request, at no charge, deletion of their personal information
that Passport has collected about them and to have such personal
information deleted, except where an exemption applies.
System Name and Number:
Parking Payment Compliance Program, Presidio Trust/Internal-2.
Security Classification:
Unclassified.
System Location:
Department of Planning & Compliance, 1750 Lincoln Blvd., San
Francisco CA 94129. [email protected].
System Manager(s):
Department of Planning & Compliance, 1750 Lincoln Blvd., San
Francisco CA 94129. [email protected].
Authority for Maintenance of the System:
Title I, Omnibus Parks Public Lands Act of 1996, Public Law 104-333
(https://www.govinfo.gov/link/plaw/104/public/333), 110 Stat. 4097.
Purpose(s) of the System:
The primary purpose of the system is to encourage voluntary
compliance with parking payment regulations by issuing notices and fees
to non-compliant users.
Categories of Individuals Covered by the System:
Records of violation are stored by license plate number. Vehicles
that have been identified as not complying with the parking payment
regulations and receive a violation are covered by this system. This
includes Presidio Park Visitors, Presidio Trust Staff, and Presidio
Park Residents and Commercial Tenants.
Categories of Records in the System:
The system contains records of violations issued, which include
first name, last name, cell phone number, email address, license plate
number, vehicle make/model, date/time of violation issuance, and photos
taken of the vehicle by enforcement staff member when issuing the
citation. A record of appeals submitted is maintained and include
written and photographic evidence submitted by the user. Records of
correspondence are maintained and include delinquent notices sent to
the registered owner and emails communicating the result of an appeal.
Mailed letters of correspondence include the register owner's
mailing address. Credit card information is
[[Page 14532]]
separately held by the system but not shared with the Presidio Trust or
its contractors.
Record Source Categories:
Records maintained by Passport are obtained from multiple sources.
This includes records inputted by the enforcement staff member, mailing
addresses from the California DMV database, and information provided by
the recipient. These records are retained for two years unless
otherwise requested by the individual. Paid violations and closed
appeals may be deleted at the request of individual, open violations
cannot be deleted at the request of the individual.
Routine Uses Of Records Maintained in The System, Including Categories
of Users and Purposes of Such Uses:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside the
Department of Interior as a routine use pursuant to 5 U.S.C. 552a(b)(3)
may be made to:
(1) The appropriate Federal, State, local or foreign agency
responsible for obtaining information relevant for investigating,
prosecuting, enforcing, or implementing a statue, rule, regulation, or
order when Presidio Trust becomes aware of an indication of a violation
or potential violation of civil or criminal law or regulation.
(2) The U.S. Department of Justice or in a proceeding before a
court or adjudicative body when:
(a) The United States, the Presidio Trust, a component of the
Presidio Trust, or, when represented by the government, an employee of
the Presidio Trust is a party to litigation or anticipated litigation
or has an interest in such litigation, and
(b) The Presidio Trust determines that the disclosure is relevant
and necessary to the litigation and is compatible with the purpose for
which the records were compiled.
(3) To a congressional office from the record of an individual in
response to an inquiry from the congressional office made at the
request of that individual.
(4) To appropriate agencies, entities, and persons when:
(a) The Presidio Trust suspects or has confirmed that there has
been a breach of the system of records
(b) The Presidio Trust has determined that as a result of the
suspected or confirmed breach there is a risk of harm to individuals,
The Presidio Trust (including its information systems, programs, and
operations), the Federal Government, or national security.
(c) The disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with The Presidio Trusts
efforts to respond to the suspected or confirmed breach or to prevent,
minimize, or remedy such harm.
(5) To another Federal agency or Federal entity, when the Presidio
Trust determines that information from this system of records is
reasonably necessary to assist the recipient agency or entity in:
(a) Responding to a suspected or confirmed breach.
(b) Preventing, minimizing, or remedying the risk of harm to
individuals, the recipient agency or entity (including its information
systems, programs, and operations), the Federal Government, or national
or national security, resulting from a suspected or confirmed breach.
(6) To Contractors when the contractor is working on a contract,
service, job, or other activity for the Agency and who have a need to
have access to the information in performance of their duties or
activities for the Agency. Recipients will be required to comply with
the requirements of the Privacy Act of 1974 as provided in 5 U.S.C.
552a(m).
Policies and Practices for Storage of Records:
These records are stored online within the Passport backend
management system, Operator Management or ``OpsMan''. All functions and
features are password protected. The physical security of the Passport
Inc. data center is managed by Amazon AWS data centers and physical
access to the Passport office is restricted using employee ID badges.
Passport has a completely separate cardholder data environment that
is subject to PCI compliance were all credit card data is processed and
stored. Credit card numbers are encrypted with AES-256 with a rotating
encryption key. All information is stored in an isolated card storage
database per best practices. Passport completes assessments every year
to ensure the effectiveness of its controls. This includes SOC 1 Type
2, SOC 2 Type 2, and a PCI DSS.
Policies and Practices for Retrieval of Records:
The Passport records system may only be accessed by the Presidio
Trust's Transportation and the parking enforcement. Each individual
staff member receives a unique account. The login requires a multi-
factor authentication.
The Passport system keeps an audit trail of all actions within.
This records the action performed, date, and user. The system will also
record reports run, searches performed (With search parameters) from a
CSR perspective as well. Passport gives the Presidio Trust full
discretion as to how to manage its system and can limit access by the
individual user or their role within the Presidio Trust's
administration.
Policies and Practices for Retention and Disposal of Records:
Violation and appeal records are kept for two years or until
requested by the individual. Records are purged from the Passport
system and no records are stored outside the Passport system, either
electronically or printed.
Administrative, Technical, and Physical Safeguards:
Passport's cybersecurity program aligns with the NIST Cybersecurity
Framework, and Passport is SOC 2 compliant and PCI DSS Level 1 merchant
and service provider certified. Passport's defensive line is monitored
24/7, 365 days a year by trained professionals. Passport complies with
all applicable laws and regulations concerning privacy and data
protection including the California Consumer Privacy Act (CCPA) and the
EU General Data Protection Regulation (GDPR). Passport utilizes
intrusion detection systems, virtual private network (VPN), and public
key infrastructure (PKI) certificates.
Record Access Procedures:
An individual requesting access to their records should send a
written inquiry to the applicable System Manager or the Privacy Act
Officer identified above. A Privacy Act request must meet the
requirements of 36 CFR 1008 (https://www.ecfr.gov/current/title-36/chapter-X/part-1008). The request must include a general description of
the records sought and the requester's full name, current address, and
sufficient identifying information such as date of birth or other
information required for verification of the requestor's identity. The
request must be signed and dated and be either notarized or submitted
under penalty of perjury in accordance with 28 U.S.C. 1746.
Requests submitted by mail must be clearly marked ``PRIVACY ACT
REQUEST FOR ACCESS'' on both the envelope and letter. A request to
access records must meet the requirements of 36 CFR 1008 and 36 CFR
1008.13 (https://www.ecfr.gov/current/title-36/section-1008.13)-.14,
.16-.17.
[[Page 14533]]
Contesting Record Procedures:
An individual requesting amendment of their records should send a
written request to the applicable System Manager or the Privacy Act
Officer as identified above. DOI instructions for submitting a request
for amendment of records are available on the DOI Privacy Act Requests
website at https://www.doi.gov/privacy/privacy-act-requests. The
request must clearly identify the records for which amendment is being
sought, the reasons for requesting the amendment, and the proposed
amendment to the record. The request must include the requester's full
name, current address, and sufficient identifying information such as
date of birth or other information required for verification of the
requestor's identity. The request must be signed and dated and be
either notarized or submitted under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted by mail must be clearly marked
``PRIVACY ACT REQUEST FOR AMENDMENT'' on both the envelope and letter.
A request to contest or amend records must meet the requirements of 36
CFR 1008 and 36 CFR 1008.18 (https://www.ecfr.gov/current/title-36/section-1008.18)-.19, .22, .24.
Notification Procedures:
An individual requesting notification of the existence of records
about them should send a written inquiry to the applicable System
Manager as or the Privacy Act Officer identified above. A Privacy Act
request must meet the requirements of 36 CFR 1008 (https://www.ecfr.gov/current/title-36/chapter-X/part-1008). The request must
include a general description of the records and the requester's full
name, current address, and sufficient identifying information such as
date of birth or other information required for verification of the
requestor's identity. The request must be signed and dated and be
either notarized or submitted under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted by mail must be clearly marked
``PRIVACY ACT INQUIRY'' on both the envelope and letter.
Exemptions Promulgated for the System:
None.
HISTORY:
None.
Luke Donohue,
Director of Administration.
[FR Doc. 2024-04006 Filed 2-26-24; 8:45 am]
BILLING CODE 4310-4R-P
