[Federal Register Volume 73, Number 122 (Tuesday, June 24, 2008)]
[Notices]
[Pages 35690-35692]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-14199]


=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION


Privacy Act of 1974; Notice of Updated Systems of Records

AGENCY: General Services Administration.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: GSA reviewed its Privacy Act systems to ensure that they are 
relevant, necessary, accurate, up-to-date, covered by the appropriate 
legal or regulatory authority, and compliant with OMB M-07-16. This 
notice is an updated Privacy Act system of records notice.

DATES: Effective July 24, 2008.

FOR FURTHER INFORMATION CONTACT: Call or e-mail the GSA Privacy Act 
Officer: telephone 202-208-1317; e-mail [email protected].

ADDRESSES: GSA Privacy Act Officer (CIB), General Services 
Administration, 1800 F Street, NW., Washington, DC 20405.

SUPPLEMENTARY INFORMATION: GSA undertook and completed an agency-wide 
review of its Privacy Act systems of records. As a result of the 
review, GSA is publishing an updated Privacy Act system of records 
notice. The revised system notice clarifies the authorities and 
practices regarding the collection and maintenance of information, but 
does not change individuals' rights to access or amend their records in 
the system of records. The updated system notice also

[[Page 35691]]

includes the new requirement from OMB Memorandum M-07-16 regarding a 
new routine use that allows agencies to disclose information in 
connection with a response and remedial efforts in the event of a data 
breach.

    Dated: June 12, 2008.
Cheryl M. Paige,
Director, Office of Information Management.
GSA/CIO-1

SYSTEM NAME:
    Enterprise Level Identity Verification System (ELIVS).

SYSTEM LOCATION:
    ELIVS comprises a Web based application and data is maintained in a 
secure server facility at GSA Central Office, located at 1800 F Street, 
NW., Washington, DC 20405. Additionally, some fingerprint data may be 
located in GSA facilities where staffed fingerprint collection stations 
(Live Scan system) have been established to handle the contractor 
Personal Identity Verification (PIV) process. Contact the System 
Manager for additional information.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who require routine access to agency facilities and 
information technology systems, including:
    a. Federal employees.
    b. Contractors.
    c. Child care workers and other temporary workers with similar 
access requirements.
    The system does not apply to occasional visitors or short-term 
guests, to whom GSA facilities may issue local Facility Access Cards 
(FAC).

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system contains information needed for issuing and maintaining 
HSPD-12 credentials and also access privilege information. Records may 
include:
     Employee/contractor/other worker full name
     Social Security Number (SSN)
     Date of birth
     Facial Image
     Fingerprints (within the Live Scan systems)
     Organization/office of assignment
     Company/agency name
     Telephone number
     ID card issuance and expiration dates
     ID card number
     Emergency responder designation
     Home address and work location
     Contract and supervisor information

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301, 40 U.S.C. 121, 40 U.S.C. 582, 40 U.S.C. 3101, 44 
U.S.C. 3501, 44 U.S.C. 3506, 44 U.S.C. 3602, E.O. 9397, and Homeland 
Security Presidential Directive 12 (HSPD-12).

PURPOSE:
    The primary purposes of the system are:
    To act as an authoritative source for GSA identities including 
employees, contractors, and other workers to verify that all persons 
requiring routine access to GSA facilities or using GSA information 
resources have sufficient background investigations and are permitted 
access, to track and manage HSPD-12 ID cards issued to persons who have 
routine access to GSA facilities and information systems, and to 
provide reports of identity data for administrative and staff offices 
to efficiently track and manage contractors.

ROUTINE USES OF THE SYSTEM RECORDS, INCLUDING CATEGORIES OF USERS AND 
THEIR PURPOSE FOR USING THE SYSTEM:
    System information may be accessed and used by:
    a. GSA Personnel when needed for official business, including the 
Security Office, HSPD-12 Points of Contacts, and designated analysts 
and managers for official business; PIV card requesting officials and 
Human Resource Officers to track, verify, and update identity 
information of GSA personnel; and Regional Credential Officers (RCOs) 
to issue and track PIV ID cards;
    b. To verify suitability of an employee or contractor before 
granting access to specific resources;
    c. To disclose information to agency staff and administrative 
offices who may restructure the data for management purposes;
    d. An authoritative source of identities for Active Directory and 
Lotus Notes and other GSA systems;
    e. In any legal proceeding, where pertinent, to which GSA is a 
party before a court or administrative body;
    f. To authorized officials engaged in investigating or settling a 
grievance, complaint, or appeal filed by an individual who is the 
subject of the record.
    g. To a Federal, state, local, foreign, or tribal agency in 
connection with the hiring or retention of an employee; the issuance of 
a security clearance; the reporting of an investigation; the letting of 
a contract; or the issuance of a grant, license, or other benefit to 
the extent that the information is relevant and necessary to a 
decision;
    h. To the Office of Personnel Management (OPM), the Office of 
Management and Budget (OMB), or the Government Accountability Office 
(GAO) when the information is required for program evaluation purposes;
    i. To a Member of Congress or staff on behalf of and at the request 
of the individual who is the subject of the record;
    j. To an expert, consultant, or contractor of GSA in the 
performance of a Federal duty to which the information is relevant;
    k. To the National Archives and Records Administration (NARA) for 
records management purposes;
    l. To appropriate agencies, entities, and persons when (1) the 
Agency suspects or has confirmed that the security or confidentiality 
of information in the system of records has been compromised; (2) the 
Agency has determined that as a result of the suspected or confirmed 
compromise there is a risk of harm to economic or property interests, 
identity theft or fraud, or harm to the security or integrity of this 
system or other systems or programs (whether maintained by GSA or 
another agency or entity) that rely upon the compromised information; 
and (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with GSA's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING RECORDS IN THE SYSTEM:
STORAGE:
    Computer records are stored on a secure server and accessed over 
the web using encryption software. Paper records, when created, are 
kept in file folders and cabinets in secure rooms. The Live Scan 
systems are kept in secure locations with limited access to authorized 
personnel only.

RETRIEVABILITY:
    Records are retrievable by a combination of first name and last 
name. Group records are retrieved by organizational code.

SAFEGUARDS:
    Computer records are protected by a password system. Paper records 
are stored in locked metal containers or in secured rooms when not in 
use. Information is released to authorized officials based on their 
need to know.

RETENTION AND DISPOSAL:
    Records are disposed of as specified in the handbook, GSA Records 
Maintenance and Disposition System (CIO P 1820.1).

[[Page 35692]]

SYSTEM MANAGER AND ADDRESS:
    Program Manager, HSPD-12 Program Management Office, General 
Services Administration, 1800 F Street, NW., Room 2208 Washington, DC 
20405.

NOTIFICATION PROCEDURE:
    An individual can determine if this system contains a record 
pertaining to him/her by sending a request in writing, signed, to the 
System Manager at the above address. When requesting notification of or 
access to records covered by this notice, an individual should provide 
his/her full name, date of birth, region/office, and work location. An 
individual requesting notification of records in person must provide 
identity documents sufficient to satisfy the custodian of the records 
that the requester is entitled to access, such as a government-issued 
photo ID.

CONTESTING RECORD PROCEDURES:
    Rules for contesting the content of a record and appealing a 
decision are contained in 41 CFR 105-64.

RECORD SOURCES CATEGORIES:
    The sources for information in the system are the individuals about 
whom the records are maintained, the supervisors of those individuals, 
existing GSA systems, sponsoring agency, former sponsoring agency, 
other Federal agencies, contract employer, former employer, and the 
U.S. Office of Personnel Management (OPM).

[FR Doc. E8-14199 Filed 6-23-08; 8:45 am]
BILLING CODE 6820-34-P