Privacy Act of 1974; System of Records, 51524-51527 [2024-13262]

Agencies

• General Services Administration

[Federal Register Volume 89, Number 118 (Tuesday, June 18, 2024)]
[Notices]
[Pages 51524-51527]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-13262]


=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

[Notice-IEB-2024-06; Docket No. 2024-0002; Sequence No. 28]


Privacy Act of 1974; System of Records

AGENCY: General Services Administration.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: GSA proposes to modify a system of records subject to the 
Privacy Act of 1974, as amended. This system of records was established 
to collect and maintain records concerning GSA Office of Inspector 
General (OIG) investigations, including allegations of misconduct, 
violations of criminal, civil, and administrative laws and regulations 
pertaining to GSA programs, operations, employees, contractors, and 
other individuals or entities associated with GSA. This system of 
records is intended to support and protect the integrity of GSA OIG's 
investigations and operations; ensure compliance with applicable laws, 
regulations, and policies; and ensure the integrity of GSA employees' 
conduct and the conduct of contractors and other entities which have 
business with GSA. The previously published notice is being revised to 
update the categories of records in the system to include video and 
audio recordings, add two new routine uses, and to update additional 
information in the system of records notice.

DATES: Submit comments on or before July 18, 2024.

ADDRESSES: Comments may be submitted to the Federal eRulemaking Portal, 
https://www.regulations.gov. Submit comments by searching for GSA/ADM-
24, Office of Inspector General Investigation Case Files.

FOR FURTHER INFORMATION CONTACT: Call or email Richard Speidel, Chief 
Privacy Officer at 202-969-5830 and [email protected].

SUPPLEMENTARY INFORMATION: GSA proposes to modify a system of records 
subject to the Privacy Act of 1974, 5 U.S.C. 552a. GSA intends to add 
two new routine uses that are consistent with the purpose of this 
system of records.
    The Inspector General Empowerment Act of 2016 (IGEA), 5 U.S.C. 
406(j), exempts certain computerized data comparisons performed by or 
in coordination with Inspectors General from the Computer Matching and 
Privacy Protection Act of 1988, Public Law 100-503. GSA proposes adding 
a new routine use (routine use ``u'') to clarify that the GSA Office of 
Inspector General (OIG) has authority to compare OIG records contained 
in the system with the records of other federal agencies and non-
federal records.
    Additionally, GSA proposes adding a second routine use (routine use 
``q'') and revising routine use ``p'' to reflect the current Office of 
Management and Budget (OMB) breach response guidance

[[Page 51525]]

in M-17-12, Preparing for and Responding to a Breach of Personally 
Identifiable Information.
    GSA also proposes to update the categories of records in the system 
to include video and audio recordings, which will facilitate the GSA 
OIG's compliance with Executive Order (E.O.) 14074, Advancing 
Effective, Accountable Policing and Criminal Justice Practices To 
Enhance Public Trust and Public Safety, issued May, 25, 2022. Video and 
audio recordings of individuals may be captured by GSA OIG criminal 
investigators during investigations and operations, e.g., body worn 
cameras, surveillance equipment etc. The recordings will be used for 
gathering and preserving evidence.
    GSA proposes updating the system location to include the GSA OIG 
field offices and secure sites and secure servers maintained by third-
party secure providers. This modification is being made in conjunction 
with the implementation of a solution to support GSA OIG's compliance 
with E.O. 14074, as well as to support other solutions or processes 
that may require the support of third-party service providers.
    Additionally, GSA is making changes to the system of records notice 
(SORN) to update the information in the SORN. In addition to making 
minor technical and administrative corrections and changes to format, 
GSA proposes: (1) a new description of the purpose of the SORN to 
better summarize the purpose of this system of records; (2) updating 
the (a) categories of individuals covered by the system, (b) categories 
of records in the system, and (c) adding a new section titled records 
source categories; (3) updating the location of electronic records, 
record storage and safeguarding procedures to reflect new technology 
and procedures used to protect government records; and (4) changing the 
notification, access, and amendment procedures to align with the 
corresponding GSA Code of Federal Regulations. The proposed revisions 
are compatible with the purpose of this system of record.

Richard Speidel,
Chief Privacy Officer, Office of the Deputy Chief Information Officer, 
General Services Administration.

SYSTEM NAME:
    Investigation Case Files.

SYSTEM NUMBER:
    GSA/ADM-24.

SECURITY CLASSIFICATION:
    Some of the material contained in the system has been classified in 
the interests of national security.

SYSTEM LOCATION:
    This system is located at the GSA Office of Inspector General, 1800 
F Street NW, Washington, DC 20405. The database for the system is known 
as the E-Investigative Documentation Electronic Administrative System 
(E-IDEAS). In addition, records are maintained in GSA OIG field 
offices. GSA OIG field office locations can be obtained by contacting 
the GSA OIG at the address above. Original and duplicate systems may 
exist, in whole or in part, at secure sites and on secure servers 
maintained by third-party service providers for the GSA OIG. These 
systems are FedRAMP Moderate compliant and have all applicable Federal 
Information Security Modernization Act (FISMA), Federal Information 
Processing Standards (FIPS), security controls as applicable.

SYSTEM MANAGER(S):
    Director, Information Technology of the Office of Inspector General 
(JPM), 1800 F Street NW, Washington, DC 20405.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    General authority to maintain the system is contained in the 
Inspector General Act of 1978, as amended, 5 U.S.C. 401-424.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to collect and maintain records 
concerning GSA OIG investigations, including allegations of misconduct, 
violations of criminal, civil, and administrative laws and regulations 
pertaining to GSA programs, operations, employees, contractors, and 
other individuals or entities associated with GSA. This system of 
records is intended to support and protect the integrity of GSA OIG's 
investigations and operations; ensure compliance with applicable laws, 
regulations, and policies; and ensure the integrity of GSA employees' 
conduct and the conduct of contractors and other entities which have 
business with GSA. The system also tracks issuance of GSA OIG equipment 
and GSA OIG personnel training.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by the system are present and former GSA and 
GSA OIG employees, applicants for employment with GSA OIG, as well as 
individuals associated with commissions, committees and small agencies 
serviced by GSA. The system also includes historical researchers, 
employees of government contractors, any person who was the source of a 
complaint or an allegation of misconduct, a witness who has information 
or evidence on any side of an investigation, and any possible or actual 
suspect in a criminal, administrative (including suspension and/or 
debarment actions), or civil action, as well as individuals referenced 
in potential or actual cases and matters being investigated by the 
Office of Investigations.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Investigative files contain personal information, including name, 
date, and place of birth, contact information, social security number, 
experience, work history, photographs, video, audio recordings, and 
other investigative material that is used in GSA OIG investigations and 
operations. The system also contains GSA OIG inventory records of gear 
and equipment purchased by the OIG for use by OIG personnel in the 
performance of their official duties. Additionally, the system stores 
GSA OIG employees' training records, which document employees' training 
requirements.

RECORD SOURCE CATEGORIES:
    Records are collected from other systems, individuals or their 
representatives, present and former GSA and OIG employees, informants, 
law enforcement agencies, other government agencies, state agencies, 
credit bureaus, data services, government contractors, private 
companies, employers, references, co-workers, neighbors, educational 
institutions, public sources, and intelligence sources.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to other disclosures generally permitted under 
subsection (b) of the Privacy Act of 1974, 5 U.S.C. 552a(b), the GSA 
OIG may disclose records for the following routine uses:
    a. A record of any case in which there is an indication of a 
violation or potential violation of law, whether civil, criminal, or 
regulatory in nature, may be disseminated to the appropriate federal, 
state, local, or foreign agency charged with the responsibility for 
investigating or prosecuting such a violation or charged with enforcing 
or implementing the law.
    b. A record may be disclosed to a federal, state, local, or foreign 
agency or to an individual or organization in the course of 
investigating a potential or actual violation of any law, whether 
civil, criminal, or regulatory in nature, or during the course of a 
trial or hearing or the preparation for a trial or hearing for such a 
violation, if there is reason to

[[Page 51526]]

believe that such agency, individual, or organization possesses 
information relating to the investigation, and disclosing the 
information is reasonably necessary to elicit such information or to 
obtain the cooperation of a witness or an informant.
    c. A record relating to a case or matter may be disclosed in an 
appropriate federal, state, local, or foreign court or grand jury 
proceeding in accordance with established constitutional, substantive, 
or procedural law or practice, even when the agency is not a party to 
the litigation.
    d. A record relating to a case or matter may be disclosed to an 
actual or potential party or to his or her attorney for the purpose of 
negotiation or discussion on matters such as settlement of the case or 
matter, plea-bargaining, or informal discovery proceedings.
    e. A record relating to a case or matter that has been referred by 
an agency for investigation, prosecution, or enforcement or that 
involves a case or matter within the jurisdiction of any agency may be 
disclosed to the agency to notify it of the status of the case or 
matter or of any decision or determination that has been made, or to 
make such other inquiries and reports as are necessary during the 
processing of the case or matter.
    f. A record relating to a case or matter may be disclosed to a 
foreign country pursuant to an international treaty or convention 
entered into and ratified by the United States, or to an Executive 
agreement.
    g. A record may be disclosed to a federal, state, local, foreign, 
or international law enforcement agency to assist in crime prevention 
and detection or to provide leads for investigation.
    h. A record may be disclosed to a federal, state, local, foreign, 
tribal, or other public authority in response to its request in 
connection with the assignment, hiring or retention of an individual 
and/or employee, or disciplinary or other administrative action 
concerning an employee, the issuance or revocation of a security 
clearance, the reporting of an investigation of an individual and/or 
employee, or the award of a contract, grant, or other benefit by the 
requesting agency, to the extent that the information relates to the 
requesting agency's decision on the matter.
    i. A record may be disclosed to the news media and public in order 
to provide information on events in an investigation or administrative 
or judicial proceeding when the Inspector General determines there 
exists a legitimate public interest, unless the Inspector General 
determines that release of the specific information in the context of a 
particular case would constitute an unwarranted invasion of personal 
privacy.
    j. A record may be disclosed to an appeal, grievance, hearing, or 
complaint examiner; an equal opportunity investigator, arbitrator, or 
mediator; and/or an exclusive representative or other person authorized 
to investigate or settle a grievance, complaint, or appeal filed by an 
individual who is the subject of the record.
    k. A record may be disclosed as a routine use to a Member of 
Congress or to a congressional staff member in response to an inquiry 
of the congressional office made at the request of the person who is 
the subject of the record.
    l. Information may be disclosed at any stage of the legislative 
coordination and clearance process to the Office of Management and 
Budget (OMB) for reviewing of private relief legislation as set forth 
in OMB Circular No. A-19.
    m. A record may be disclosed: (a) to an expert, a consultant, or 
contractor of GSA or GSA OIG engaged in a duty related to an agency 
function to the extent necessary to perform the function; and (b) to a 
physician to conduct a fitness-for-duty examination of a GSA or GSA OIG 
officer or employee.
    n. A record may be disclosed to an official charged with the 
responsibility to conduct qualitative assessment reviews of internal 
safeguards and management procedures employed in investigative 
operations. This disclosure category includes members of the Council of 
the Inspectors General on Integrity and Efficiency (CIGIE) and 
officials and administrative staff within their investigative chain of 
command, as well as authorized officials of the Department of Justice 
and the Federal Bureau of Investigation.
    o. A record relating to a case may be disclosed to the GSA Office 
of Acquisition Policy for a decision or determination regarding 
suspension and debarment measures taken by the government to disqualify 
contractors from participation in government contracting or 
subcontracting.
    p. To appropriate agencies, entities, and persons when (1) GSA and/
or GSA OIG suspects or has confirmed that there has been a breach of 
the system of records, (2) GSA and/or GSA OIG has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, GSA and/or GSA OIG (including its information systems, 
programs, and operations), the federal government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with GSA's and/
or GSA OIG's efforts to respond to the suspected or confirmed breach or 
to prevent, minimize, or remedy such harm.
    q. To another federal agency or federal entity, when GSA and/or GSA 
OIG determines that information from this system of records is 
reasonably necessary to assist the recipient agency or entity in (1) 
responding to a suspected or confirmed breach or (2) preventing, 
minimizing, or remedying the risk of harm to individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the federal government, or national security, resulting 
from a suspected or confirmed breach.
    r. In any legal proceeding, where pertinent, to which GSA or GSA 
OIG is a party before a court or administrative body.
    s. To the Office of Personnel Management (OPM), the Office of 
Management and Budget (OMB), and the Government Accountability Office 
(GAO) in accordance with their responsibilities for evaluating federal 
programs.
    t. To the National Archives and Records Administration (NARA) for 
records management purposes.
    u. A record may be disclosed to compare such record with records in 
other federal agencies' systems of records or to non-federal records.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records and backups are stored on secure servers and 
accessed only by authorized personnel, in accordance with GSA OIG IT 
Security Policy. Paper files are stored in locked rooms or filing 
cabinets with access limited to authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    System records are retrievable by searching for information in the 
case file, including but not limited to, name of an individual, case 
name, case number, or social security number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    System records are retained and disposed of according to GSA's 
records maintenance and disposition schedules and the requirements of 
the National Archives and Records Administration.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in the system are protected from unauthorized access and 
misuse

[[Page 51527]]

through a combination of administrative, technical, and physical 
security measures. Administrative measures include but are not limited 
to policies that limit system access to individuals within an agency 
with a legitimate business need, and regular review of security 
procedures and best practices to enhance security. Technical measures 
include but are not limited to system design that allows authorized 
system users access only to data for which they are responsible per 
FISMA requirements; required use of strong passwords that are 
frequently changed; and use of encryption for certain data transfers 
using current FIPS compliant protocols. Physical security measures 
include but are not limited to the use of data centers which meet 
government requirements for storage of sensitive data. Paper files are 
stored in locked rooms or filing cabinets and can only be accessed by 
authorized users.

RECORD ACCESS PROCEDURES:
    This system of record is exempt from certain notification, access, 
and amendment procedures of the Privacy Act, as described below. 
However, GSA OIG will consider individual requests to determine whether 
or not information may be released. If an individual wishes to access 
any record pertaining to him or her in the system, that individual 
should consult the GSA's Privacy Act implementation rules available at 
41 CFR part 105-64.2.

CONTESTING RECORD PROCEDURES:
    If an individual wishes to contest the content of any record 
pertaining to him or her in the system, that individual should consult 
the GSA's Privacy Act implementation rules available at 41 CFR part 
105-64.4.

NOTIFICATION PROCEDURES:
    Individuals seeking notification of any records about themselves 
contained in this system of records should contact the system manager 
at the address above. Follow the procedures on accessing records in 41 
CFR part 105-64, subpart 105-64.2 to request such notification.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    a. In accordance with 5 U.S.C. 552a(j), this system of records is 
exempt from all provisions of the Privacy Act of 1974 with the 
exception of subsections (b); (c)(1) and (2); (e)(4)(A) through (F); 
(e)(6), (7), (9), (10), and (11); and (i) of the Act, to the extent 
that information in the system pertains to the enforcement of criminal 
laws, including police efforts to prevent, control, or reduce crime or 
to apprehend criminals; to the activities of prosecutors, courts, and 
correctional, probation, pardon, or parole authorities; and to (a) 
information compiled for the purpose of identifying individual criminal 
offenders and alleged offenders and consisting only of identifying data 
and notations of arrests, the nature and disposition of criminal 
charges, sentencing, confinement, release, and parole and probation 
status; (b) information compiled for the purpose of a criminal 
investigation, including reports of informants and investigators, that 
is associated with an identifiable individual; or (c) reports of 
enforcement of the criminal laws, from arrest or indictment through 
release from supervision. This system is exempted to maintain the 
efficacy and integrity of the Office of Inspector General's law 
enforcement function.
    In accordance with 5 U.S.C. 552a(k), this system of records is 
exempt from subsections (c)(3); (d); (e)(1); (e)(4)(G), (H), and (I); 
and (f) of the Privacy Act of 1974 to the extent that the system 
consists of investigatory material compiled for law enforcement 
purposes, other than material within the scope of 5 U.S.C. 552a(j). 
However, if an individual is denied any right, privilege, or benefit to 
which the individual would otherwise be eligible as a result of the 
maintenance of such material, such material shall be provided to such 
individual, except to the extent that the disclosure of such material 
would reveal the identity of a source who furnished information to the 
government under an express promise that the identity of the source 
would be held in confidence, or, prior to the effective date of the 
Act, under an implied promise that the identity of the source would be 
held in confidence; and
    b. To the extent the system consists of investigatory material 
compiled solely for the purpose of determining suitability, 
eligibility, or qualifications for federal civilian employment, 
military service, federal contracts, or access to classified 
information, but only to the extent that the disclosure of such 
material would reveal the identity of a source who furnished 
information to the government under an express promise that the 
identity of the source would be held in confidence, or, prior to the 
effective date of the Act, under an implied promise that the identity 
of the source would be held in confidence.
    This system has been exempted to maintain the efficacy and 
integrity of lawful investigations conducted pursuant to the Office of 
Inspector General's law enforcement responsibilities and 
responsibilities in the areas of federal employment, government 
contracts, and access to security classified information.

HISTORY:
    This notice revises the previously published notice (74 FR 6038, 
February 4, 2009).

[FR Doc. 2024-13262 Filed 6-17-24; 8:45 am]
BILLING CODE 6820-AB-P