Privacy Act of 1974; System of Records, 14529-14531 [2024-04007]
Download as PDF
<![CDATA[
Federal Register / Vol. 89, No. 39 / Tuesday, February 27, 2024 / Notices
Competitive Product List in the Mail
Classification Schedule.
DATES: Date of notice: February 27,
2024.
FOR FURTHER INFORMATION CONTACT:
Christopher C. Meyerson, (202) 268–
7820.
SUPPLEMENTARY INFORMATION: The
United States Postal Service® hereby
gives notice that, pursuant to 39 U.S.C.
3642 and 3632(b)(3), on February 16,
2024, it filed with the Postal Regulatory
Commission a USPS Request to Add
Priority Mail Express International,
Priority Mail International & First-Class
Package International Service Contract
37 to Competitive Product List.
Documents are available at
www.prc.gov, Docket Nos. MC2024–192
and CP2024–198.
Sarah Sullivan,
Attorney, Ethics & Legal Compliance.
[FR Doc. 2024–03892 Filed 2–26–24; 8:45 am]
BILLING CODE 7710–12–P
THE PRESIDIO TRUST
Privacy Act of 1974; System of
Records
The Presidio Trust
ACTION: Notice of a new system of
records.
AGENCY:
Pursuant to the provisions of
the Privacy Act of 1974, as amended,
the Presidio Trust is issuing a public
notice of its intent to establish a
communications solution, system of
records. PRESIDIO TRUST/Department
of Public Safety–01, Genasys Emergency
Management (GEM) Mass
Communications Software Solution.
DATES: This system of records is
effective upon publication. New routine
uses will be effective March 28, 2024.
ADDRESSES: You may send comments,
identified by PRESIDIO TRUST/
Department of Public Safety–01, via
email to the interim Privacy Officer,
within Presidio Trust’s Department of
Administration, Luke Donohue,
LDonohue@presidiotrust.gov.or via U.S.
Mail, 1750 Lincoln Blvd., San
Francisco, CA 94129.
FOR FURTHER INFORMATION CONTACT:
Director of Administration, Luke
Donohue, LDonohue@presidiotrust.gov,
or 415–561–5300.
SUPPLEMENTARY INFORMATION: The
Presidio Trust, Department of Public
Safety, is establishing PRESIDIO
TRUST/Department of Public Safety 01,
Genasys Emergency Management (GEM)
Mass Communications Software
Solution, systems of records. Genasys®
lotter on DSK11XQN23PROD with NOTICES1
SUMMARY:
VerDate Sep<11>2014
16:53 Feb 26, 2024
Jkt 262001
provides multi-channel mass
communication delivered via text,
email, and voice to key stakeholders in
an emergency, and to select target
audiences: Presidio Trust Staff; Presidio
Park Residents and Commercial
Tenants; and Presidio Park Visitors,
Neighborhood Organizations, Partners,
and Hospitality. Presidio Trust staff
information is maintained as standard
employee data. Genasys messaging is
sent only to agency-issued email
accounts and mobile devices. Presidio
Resident and Commercial Tenant
information is maintained in an existing
leasing database; Genasys messaging is
sent to email accounts and mobile
devices provided by the recipient.
Presidio Resident and Commercial
Tenants are offered an opportunity to
opt-out with every message. Presidio
Park visitors and others self-opt into the
system. These individuals provide their
own email and/or mobile numbers and
may opt-out at any time. Personal
contact information will be used to
contact and alert participants to public
safety and emergencies that occur in the
park. To the extent permitted by law,
information may be shared with
Federal, state, local, and tribal agencies,
and organizations as authorized and
compatible with the purpose of this
system, or when proper and necessary,
consistent with the routine uses set
forth in this system of records notice.
SYSTEM NAME AND NUMBER:
PRESIDIO TRUST/Department of
Public Safety 01, Genasys Emergency
Management (GEM) Mass
Communications Software Solution.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Presidio Trust, Department of Public
Safety, 1750 Lincoln Boulevard, San
Francisco, CA 94129. Genasys Inc.,
16262 W Bernardo Drive, San Diego, CA
92127.
SYSTEM MANAGER(S):
Department of Public Safety, 1750
Lincoln Blvd., San Francisco, CA 94129,
Safety@presidiotrust.gov.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 552a.
PURPOSE(S) OF THE SYSTEM:
The primary purpose of this system is
to provide a notification delivered via
text, email, or voice in the event of an
emergency situation.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Individuals covered by the system
include Presidio Trust Staff, Presidio
PO 00000
Frm 00100
Fmt 4703
Sfmt 4703
14529
Park Residents and Commercial
Tenants, and Presidio Park Visitors,
Neighborhood Organizations, Partners,
and Hospitality.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains records which
include first name, last name, personal
cell phone number, and/or email
address.
RECORD SOURCE CATEGORIES:
Records in Genasys are obtained from
multiple sources. Employee and Tenant
information exists in current, existing
databases such as EOPF, and is
maintained as standard employee data.
Staff are not provided with an opt out
option for emergency messaging. Tenant
information exists in an existing Yardi
database; Genasys messaging is sent to
email accounts and mobile devices
provided by the recipient. Presidio
Resident and Commercial Tenants are
offered an opportunity to opt-out with
every message. Presidio Park visitors
and others self-opt into the system.
Individuals provide their own email
and/or mobile numbers and may opt-out
at any time. This audience remains in
the system until they opt-out.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
In addition to those disclosures
generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a
portion of the records or information
contained in this system may be
disclosed outside the Department of
Interior as a routine use pursuant to 5
U.S.C. 552a(b)(3) may be made to:
(1) The appropriate Federal, State,
local or foreign agency responsible for
obtaining information relevant for
investigating, prosecuting, enforcing, or
implementing a statue, rule, regulation,
or order when Presidio Trust becomes
aware of an indication of a violation or
potential violation of civil or criminal
law or regulation.
(2) The U.S. Department of Justice or
in a proceeding before a court or
adjudicative body when:
(a) The United States, the Presidio
Trust, a component of the Presidio
Trust, or, when represented by the
government, an employee of the
Presidio Trust is a party to litigation or
anticipated litigation or has an interest
in such litigation, and
(b) The Presidio Trust determines that
the disclosure is relevant and necessary
to the litigation and is compatible with
the purpose for which the records were
compiled.
(3) To a congressional office from the
record of an individual in response to
E:\FR\FM\27FEN1.SGM
27FEN1
14530
Federal Register / Vol. 89, No. 39 / Tuesday, February 27, 2024 / Notices
an inquiry from the congressional office
made at the request of that individual.
(4) To appropriate agencies, entities,
and persons when:
(a) The Presidio Trust suspects or has
confirmed that there has been a breach
of the system of records
(b) The Presidio Trust has determined
that as a result of the suspected or
confirmed breach there is a risk of harm
to individuals, The Presidio Trust
(including its information systems,
programs, and operations), the Federal
Government, or national security.
(c) The disclosure made to such
agencies, entities, and persons is
reasonably necessary to assist in
connection with The Presidio Trusts
efforts to respond to the suspected or
confirmed breach or to prevent,
minimize, or remedy such harm.
(5) To another Federal agency or
Federal entity, when the Presidio Trust
determines that information from this
system of records is reasonably
necessary to assist the recipient agency
or entity in:
(a) Responding to a suspected or
confirmed breach.
(b) Preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including its information
systems, programs, and operations), the
Federal Government, or national or
national security, resulting from a
suspected or confirmed breach.
(6) To Contractors when the
contractor is working on a contract,
service, job, or other activity for the
Agency and who have a need to have
access to the information in
performance of their duties or activities
for the Agency. Recipients will be
required to comply with the
requirements of the Privacy Act of 1974
as provided in 5 U.S.C. 552a(m).
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
lotter on DSK11XQN23PROD with NOTICES1
Electronic records are contained in
computers, and on secured servers
located in a controlled facility with
limited access and managed by Genasys.
When transmitting highly confidential
information, Genasys uses industry
standard Secure Sockets Layer (SSL)
encryption technology for secure data
transmission. Access is restricted
through physical controls and system
security practices.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Records in this system can be
retrieved by either querying within the
application or generating a report. The
information may be retrieved by various
fields including name, personal email
VerDate Sep<11>2014
16:53 Feb 26, 2024
Jkt 262001
address, home address, or phone
number.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Residential and Commercial tenant
PII is updated as new tenants are
manually registered. PII is retained until
a tenant leaves, or opts-out of the
system, whichever comes first. Visitors
may opt-in at their discretion and optout at a time of their choosing.
Employee PII is retained until an
employee separate from Presidio Trust.
All data held on a Genasys database will
be scrubbed 30 days after a contract
between Presidio Trust and Genasys Inc.
is terminated.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
All records contained in this system
are safeguarded with applicable security
and privacy rules and policies. Genasys
meets ISO 27001 Security and Network
compliance and ISO 22320 Emergency
Management requirements, and all
cloud procedures meet NIST 500–299
recommendations. The software is
hosted on Amazon AWS cloud SSAW–
18, company is SOC1 & SOC2 certified,
27001 certified, and maintains Cloud
Security Genasys emergency
Management (GEM) System of Records
Notice (SORN) Alliance (CSA) STAR
Attestation. Their certifications indicate
that the services, processes, and
facilities have been comprehensively
reviewed and meet stringent security
standards. Genasys uses industrystandard Secure Sockets Layer (SSL)
encryption technology for secure data
transmission. Genasys has a
comprehensive Disaster and Recovery
Plan defining the procedures to recover
backups in the event of an IT systems’
critical failure. Genasys is protected by
industry-standard security measures
that include two factor network
authentication, enterprise-class
firewalls, network-based Intrusion
Detection Software (IDS), network
vulnerability scanning tools, and antivirus software with real-time definition
updates. Genasys’ network is firewall
enabled with a three-layer architecture
that controls HTTPS access, IP address
control access, two-way client server
TLS certificates, and the maximum
number of connections allowed per IP.
Genasys does not access, share, or
distribute any customer data. All
employees with access to privacy data
must review and sign a security access
policy document. Access authorization
is controlled by the HR Manager, IT
Manager, and CEO; Access to the data
is limited to a needs-only basis. The
Presidio Trust has limited access to the
PO 00000
Frm 00101
Fmt 4703
Sfmt 4703
Genasys System to only Department of
Public Safety and Emergency
Communications staff. Application
activities are logged at multiple levels to
provide a full audit of system activity
for monitoring and troubleshooting.
Audit logs, execution logs, and
information to generate KPIs of the
system behavior are stored by Genasys.
Audits comply with applicable industry
regulations and are hardened to prevent
tampering. Daily system scans are
conducted by Genasys and can be
accessed by Trust staff holding
administrative access. The solution
incorporates anti-virus protection to
guard against malicious upload and
distribution of unacceptable content.
Genasys maintains detailed logs on:
Database maintenance activities; System
Administrator; General operator/
administrator access; and Application
configuration changes. Genasys
customer data is logically partitioned
and encrypted at rest.
RECORD ACCESS PROCEDURES:
An individual requesting access to
their records should send a written
inquiry to the applicable System
Manager identified above. Presidio
Trust forms and instructions for
submitting a Privacy Act request may be
obtained from the Presidio Trust Privacy
Act Requests website at https://
www.PresidioTrust.gov/privacy/privacyact requests. The request must include
a general description of the records
sought and the requester’s full name,
current address, and sufficient
identifying information such as date of
birth or other information required for
verification of the requestor’s identity.
The request must be signed and dated
and be either notarized or submitted
under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted
by mail must be clearly marked
‘‘PRIVACY ACT REQUEST FOR
ACCESS’’ on both the envelope and
letter. A request for access must meet
the requirements of 43 CFR 2.238.
CONTESTING RECORD PROCEDURES:
An individual requesting amendment
of their records should send a written
request to the applicable System
Manager as identified above. Presidio
Trust instructions for submitting a
request for amendment of records are
available on the Presidio Trust Privacy
Act Requests website at https://
www.PresidioTrust.gov/privacy/privacy
act-requests. The request must clearly
identify the records for which
amendment is being sought, the reasons
for requesting the amendment, and the
proposed amendment to the record. The
request must include the requester’s full
E:\FR\FM\27FEN1.SGM
27FEN1
Federal Register / Vol. 89, No. 39 / Tuesday, February 27, 2024 / Notices
name, current address, and sufficient
identifying information such as date of
birth or other information required for
verification of the requestor’s identity.
The request must be signed and dated
and be either notarized or submitted
under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted
by mail must be clearly marked
‘‘PRIVACY ACT REQUEST FOR
AMENDMENT’’ on both the envelope
and letter. A request for amendment
must meet the requirements of 43 CFR
2.246.
NOTIFICATION PROCEDURES:
An individual requesting notification
of the existence of records containing
their personally identifying information,
should send a written inquiry to the
applicable System Manager as identified
above. Presidio Trust instructions for
submitting a request for notification are
available on the Presidio Trust Privacy
Act Requests website at https://
www.PresidioTrust.gov/privacy/privacyact-requests. The request must include a
general description of the records and
the requester’s full name, current
address, and sufficient identifying
information such as date of birth or
other information required for
verification of the requestor’s identity.
The request must be signed and dated
and be either notarized or submitted
under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted
by mail must be clearly marked
‘‘PRIVACY ACT INQUIRY’’ on both the
envelope and letter. A request for
notification must meet the requirements
of 43 CFR 2.235.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
No.
HISTORY:
No.
Luke Donohue,
Director of Administration.
[FR Doc. 2024–04007 Filed 2–26–24; 8:45 am]
BILLING CODE P
THE PRESIDIO TRUST
Privacy Act of 1974; System of
Records
The Presidio Trust.
Notice of a new System of
Records.
AGENCY:
lotter on DSK11XQN23PROD with NOTICES1
ACTION:
Pursuant to the provisions of
the Privacy Act of 1974, as amended,
the Presidio Trust is issuing a public
notice of its intent to establish a Parking
Payment Compliance Program, system
of records. INTERIOR PRESIDIO
SUMMARY:
VerDate Sep<11>2014
16:53 Feb 26, 2024
Jkt 262001
TRUST/Department of Planning and
Compliance-XX, Passport Inc.
Enforcement Software Solution.
DATES: This system of records is
effective upon publication. New routine
uses will be effective March 28, 2024.
ADDRESSES: You may send comments
via email to the interim Privacy Officer,
within Presidio Trust’s Department of
Administration, Luke Donohue,
LDonohue@presidiotrust.gov. or via U.S.
Mail 1750 Lincoln Blvd., San Francisco,
CA 94129.
FOR FURTHER INFORMATION CONTACT:
Luke Donohue, interim Privacy Officer,
Presidio Trust, 1750 Lincoln Blvd., San
Francisco, CA 94129, LDonohue@
presidiotrust.gov.
SUPPLEMENTARY INFORMATION: The
purpose of the Presidio Trust’s Parking
Payment Compliance Program is to
encourage voluntary compliance with
the parking payment regulations.
Information collected includes a
database of violations issued, appeals
submitted, and records of
correspondence. The system contains
records which include first name, last
name, cell phone number, email
address, license plate number or VIN
number, vehicle make/model, date/time
of violation issuance, and photos taken
of the vehicle by enforcement staff
member when issuing the citation.
Credit card information is separately
held by the system but not shared with
the Presidio Trust or its contractors. All
information is collected and stored on
the Passport Inc. Enforcement software.
The parking enforcement contractor
utilizes the Passport Inc. Enforcement
software when issuing violations in the
field. The contractor enters the relevant
fields, such as vehicle make and model,
into the Passport system using a
handheld device. Once the required
information has been inputted, a notice
of violation is printed and posted to the
vehicle and a record of the violation is
stored on the Passport system. The
recipient of a violation is provided with
instructions to pay their violation fee
online. When the violation recipient
pays their fee online, the Passport
system collects their name and email
address. If the recipient of a violation
has not paid their violation fee within
10 days, a delinquent letter is sent to the
vehicle’s registered owner. The
registered owner’s mailing address is
accessed from the California DMV
database. If the recipient choses to
appeal their violation, the recipient will
provide their contact information,
including their home address and phone
number.
This information is retained for twoyears, after which it is purged. As per
PO 00000
Frm 00102
Fmt 4703
Sfmt 4703
14531
Passport’s Privacy Policy, California
residents have the right to request, at no
charge, deletion of their personal
information that Passport has collected
about them and to have such personal
information deleted, except where an
exemption applies.
SYSTEM NAME AND NUMBER:
Parking Payment Compliance
Program, Presidio Trust/Internal-2.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Department of Planning &
Compliance, 1750 Lincoln Blvd., San
Francisco CA 94129. transportation@
presidiotrust.gov.
SYSTEM MANAGER(S):
Department of Planning &
Compliance, 1750 Lincoln Blvd., San
Francisco CA 94129. transportation@
presidiotrust.gov.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Title I, Omnibus Parks Public Lands
Act of 1996, Public Law 104–333
(https://www.govinfo.gov/link/plaw/
104/public/333), 110 Stat. 4097.
PURPOSE(S) OF THE SYSTEM:
The primary purpose of the system is
to encourage voluntary compliance with
parking payment regulations by issuing
notices and fees to non-compliant users.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Records of violation are stored by
license plate number. Vehicles that have
been identified as not complying with
the parking payment regulations and
receive a violation are covered by this
system. This includes Presidio Park
Visitors, Presidio Trust Staff, and
Presidio Park Residents and Commercial
Tenants.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains records of
violations issued, which include first
name, last name, cell phone number,
email address, license plate number,
vehicle make/model, date/time of
violation issuance, and photos taken of
the vehicle by enforcement staff member
when issuing the citation. A record of
appeals submitted is maintained and
include written and photographic
evidence submitted by the user. Records
of correspondence are maintained and
include delinquent notices sent to the
registered owner and emails
communicating the result of an appeal.
Mailed letters of correspondence
include the register owner’s mailing
address. Credit card information is
E:\FR\FM\27FEN1.SGM
27FEN1
]]>Agencies
[Federal Register Volume 89, Number 39 (Tuesday, February 27, 2024)]
[Notices]
[Pages 14529-14531]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-04007]
=======================================================================
-----------------------------------------------------------------------
THE PRESIDIO TRUST
Privacy Act of 1974; System of Records
AGENCY: The Presidio Trust
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as
amended, the Presidio Trust is issuing a public notice of its intent to
establish a communications solution, system of records. PRESIDIO TRUST/
Department of Public Safety-01, Genasys Emergency Management (GEM) Mass
Communications Software Solution.
DATES: This system of records is effective upon publication. New
routine uses will be effective March 28, 2024.
ADDRESSES: You may send comments, identified by PRESIDIO TRUST/
Department of Public Safety-01, via email to the interim Privacy
Officer, within Presidio Trust's Department of Administration, Luke
Donohue, [email protected].or via U.S. Mail, 1750 Lincoln
Blvd., San Francisco, CA 94129.
FOR FURTHER INFORMATION CONTACT: Director of Administration, Luke
Donohue, [email protected], or 415-561-5300.
SUPPLEMENTARY INFORMATION: The Presidio Trust, Department of Public
Safety, is establishing PRESIDIO TRUST/Department of Public Safety 01,
Genasys Emergency Management (GEM) Mass Communications Software
Solution, systems of records. Genasys[supreg] provides multi-channel
mass communication delivered via text, email, and voice to key
stakeholders in an emergency, and to select target audiences: Presidio
Trust Staff; Presidio Park Residents and Commercial Tenants; and
Presidio Park Visitors, Neighborhood Organizations, Partners, and
Hospitality. Presidio Trust staff information is maintained as standard
employee data. Genasys messaging is sent only to agency-issued email
accounts and mobile devices. Presidio Resident and Commercial Tenant
information is maintained in an existing leasing database; Genasys
messaging is sent to email accounts and mobile devices provided by the
recipient. Presidio Resident and Commercial Tenants are offered an
opportunity to opt-out with every message. Presidio Park visitors and
others self-opt into the system. These individuals provide their own
email and/or mobile numbers and may opt-out at any time. Personal
contact information will be used to contact and alert participants to
public safety and emergencies that occur in the park. To the extent
permitted by law, information may be shared with Federal, state, local,
and tribal agencies, and organizations as authorized and compatible
with the purpose of this system, or when proper and necessary,
consistent with the routine uses set forth in this system of records
notice.
SYSTEM NAME AND NUMBER:
PRESIDIO TRUST/Department of Public Safety 01, Genasys Emergency
Management (GEM) Mass Communications Software Solution.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Presidio Trust, Department of Public Safety, 1750 Lincoln
Boulevard, San Francisco, CA 94129. Genasys Inc., 16262 W Bernardo
Drive, San Diego, CA 92127.
SYSTEM MANAGER(S):
Department of Public Safety, 1750 Lincoln Blvd., San Francisco, CA
94129, [email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 552a.
PURPOSE(S) OF THE SYSTEM:
The primary purpose of this system is to provide a notification
delivered via text, email, or voice in the event of an emergency
situation.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered by the system include Presidio Trust Staff,
Presidio Park Residents and Commercial Tenants, and Presidio Park
Visitors, Neighborhood Organizations, Partners, and Hospitality.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains records which include first name, last name,
personal cell phone number, and/or email address.
RECORD SOURCE CATEGORIES:
Records in Genasys are obtained from multiple sources. Employee and
Tenant information exists in current, existing databases such as EOPF,
and is maintained as standard employee data. Staff are not provided
with an opt out option for emergency messaging. Tenant information
exists in an existing Yardi database; Genasys messaging is sent to
email accounts and mobile devices provided by the recipient. Presidio
Resident and Commercial Tenants are offered an opportunity to opt-out
with every message. Presidio Park visitors and others self-opt into the
system. Individuals provide their own email and/or mobile numbers and
may opt-out at any time. This audience remains in the system until they
opt-out.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside the
Department of Interior as a routine use pursuant to 5 U.S.C. 552a(b)(3)
may be made to:
(1) The appropriate Federal, State, local or foreign agency
responsible for obtaining information relevant for investigating,
prosecuting, enforcing, or implementing a statue, rule, regulation, or
order when Presidio Trust becomes aware of an indication of a violation
or potential violation of civil or criminal law or regulation.
(2) The U.S. Department of Justice or in a proceeding before a
court or adjudicative body when:
(a) The United States, the Presidio Trust, a component of the
Presidio Trust, or, when represented by the government, an employee of
the Presidio Trust is a party to litigation or anticipated litigation
or has an interest in such litigation, and
(b) The Presidio Trust determines that the disclosure is relevant
and necessary to the litigation and is compatible with the purpose for
which the records were compiled.
(3) To a congressional office from the record of an individual in
response to
[[Page 14530]]
an inquiry from the congressional office made at the request of that
individual.
(4) To appropriate agencies, entities, and persons when:
(a) The Presidio Trust suspects or has confirmed that there has
been a breach of the system of records
(b) The Presidio Trust has determined that as a result of the
suspected or confirmed breach there is a risk of harm to individuals,
The Presidio Trust (including its information systems, programs, and
operations), the Federal Government, or national security.
(c) The disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with The Presidio Trusts
efforts to respond to the suspected or confirmed breach or to prevent,
minimize, or remedy such harm.
(5) To another Federal agency or Federal entity, when the Presidio
Trust determines that information from this system of records is
reasonably necessary to assist the recipient agency or entity in:
(a) Responding to a suspected or confirmed breach.
(b) Preventing, minimizing, or remedying the risk of harm to
individuals, the recipient agency or entity (including its information
systems, programs, and operations), the Federal Government, or national
or national security, resulting from a suspected or confirmed breach.
(6) To Contractors when the contractor is working on a contract,
service, job, or other activity for the Agency and who have a need to
have access to the information in performance of their duties or
activities for the Agency. Recipients will be required to comply with
the requirements of the Privacy Act of 1974 as provided in 5 U.S.C.
552a(m).
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Electronic records are contained in computers, and on secured
servers located in a controlled facility with limited access and
managed by Genasys.
When transmitting highly confidential information, Genasys uses
industry standard Secure Sockets Layer (SSL) encryption technology for
secure data transmission. Access is restricted through physical
controls and system security practices.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records in this system can be retrieved by either querying within
the application or generating a report. The information may be
retrieved by various fields including name, personal email address,
home address, or phone number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Residential and Commercial tenant PII is updated as new tenants are
manually registered. PII is retained until a tenant leaves, or opts-out
of the system, whichever comes first. Visitors may opt-in at their
discretion and opt-out at a time of their choosing. Employee PII is
retained until an employee separate from Presidio Trust. All data held
on a Genasys database will be scrubbed 30 days after a contract between
Presidio Trust and Genasys Inc. is terminated.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
All records contained in this system are safeguarded with
applicable security and privacy rules and policies. Genasys meets ISO
27001 Security and Network compliance and ISO 22320 Emergency
Management requirements, and all cloud procedures meet NIST 500-299
recommendations. The software is hosted on Amazon AWS cloud SSAW-18,
company is SOC1 & SOC2 certified, 27001 certified, and maintains Cloud
Security Genasys emergency Management (GEM) System of Records Notice
(SORN) Alliance (CSA) STAR Attestation. Their certifications indicate
that the services, processes, and facilities have been comprehensively
reviewed and meet stringent security standards. Genasys uses industry-
standard Secure Sockets Layer (SSL) encryption technology for secure
data transmission. Genasys has a comprehensive Disaster and Recovery
Plan defining the procedures to recover backups in the event of an IT
systems' critical failure. Genasys is protected by industry-standard
security measures that include two factor network authentication,
enterprise-class firewalls, network-based Intrusion Detection Software
(IDS), network vulnerability scanning tools, and anti-virus software
with real-time definition updates. Genasys' network is firewall enabled
with a three-layer architecture that controls HTTPS access, IP address
control access, two-way client server TLS certificates, and the maximum
number of connections allowed per IP.
Genasys does not access, share, or distribute any customer data.
All employees with access to privacy data must review and sign a
security access policy document. Access authorization is controlled by
the HR Manager, IT Manager, and CEO; Access to the data is limited to a
needs-only basis. The Presidio Trust has limited access to the Genasys
System to only Department of Public Safety and Emergency Communications
staff. Application activities are logged at multiple levels to provide
a full audit of system activity for monitoring and troubleshooting.
Audit logs, execution logs, and information to generate KPIs of the
system behavior are stored by Genasys. Audits comply with applicable
industry regulations and are hardened to prevent tampering. Daily
system scans are conducted by Genasys and can be accessed by Trust
staff holding administrative access. The solution incorporates anti-
virus protection to guard against malicious upload and distribution of
unacceptable content. Genasys maintains detailed logs on: Database
maintenance activities; System Administrator; General operator/
administrator access; and Application configuration changes. Genasys
customer data is logically partitioned and encrypted at rest.
RECORD ACCESS PROCEDURES:
An individual requesting access to their records should send a
written inquiry to the applicable System Manager identified above.
Presidio Trust forms and instructions for submitting a Privacy Act
request may be obtained from the Presidio Trust Privacy Act Requests
website at https://www.PresidioTrust.gov/privacy/privacy-act requests.
The request must include a general description of the records sought
and the requester's full name, current address, and sufficient
identifying information such as date of birth or other information
required for verification of the requestor's identity. The request must
be signed and dated and be either notarized or submitted under penalty
of perjury in accordance with 28 U.S.C. 1746. Requests submitted by
mail must be clearly marked ``PRIVACY ACT REQUEST FOR ACCESS'' on both
the envelope and letter. A request for access must meet the
requirements of 43 CFR 2.238.
CONTESTING RECORD PROCEDURES:
An individual requesting amendment of their records should send a
written request to the applicable System Manager as identified above.
Presidio Trust instructions for submitting a request for amendment of
records are available on the Presidio Trust Privacy Act Requests
website at https://www.PresidioTrust.gov/privacy/privacy act-requests.
The request must clearly identify the records for which amendment is
being sought, the reasons for requesting the amendment, and the
proposed amendment to the record. The request must include the
requester's full
[[Page 14531]]
name, current address, and sufficient identifying information such as
date of birth or other information required for verification of the
requestor's identity. The request must be signed and dated and be
either notarized or submitted under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted by mail must be clearly marked
``PRIVACY ACT REQUEST FOR AMENDMENT'' on both the envelope and letter.
A request for amendment must meet the requirements of 43 CFR 2.246.
NOTIFICATION PROCEDURES:
An individual requesting notification of the existence of records
containing their personally identifying information, should send a
written inquiry to the applicable System Manager as identified above.
Presidio Trust instructions for submitting a request for notification
are available on the Presidio Trust Privacy Act Requests website at
https://www.PresidioTrust.gov/privacy/privacy-act-requests. The request
must include a general description of the records and the requester's
full name, current address, and sufficient identifying information such
as date of birth or other information required for verification of the
requestor's identity. The request must be signed and dated and be
either notarized or submitted under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted by mail must be clearly marked
``PRIVACY ACT INQUIRY'' on both the envelope and letter. A request for
notification must meet the requirements of 43 CFR 2.235.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
No.
HISTORY:
No.
Luke Donohue,
Director of Administration.
[FR Doc. 2024-04007 Filed 2-26-24; 8:45 am]
BILLING CODE P
