[Federal Register Volume 74, Number 1 (Friday, January 2, 2009)]
[Notices]
[Pages 131-132]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E8-31221]


=======================================================================
-----------------------------------------------------------------------

PEACE CORPS


Privacy Act System of Records

AGENCY: Peace Corps.

ACTION: Notice of an amendment to a Privacy Act system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974 (5 
U.S.C. 552a) the Peace Corps is giving notice of a new system of 
records, PC-33, titled the Consolidated Incident Reporting System 
(CIRS).

DATES: This action will be effective without further notice on February 
17, 2009 unless comments are received by February 2, 2009 that would 
result in a contrary determination.

ADDRESSES: You may submit comments by e-mail to [email protected]. 
You may also submit comments by mail to Nancy G. Miller, Office of the 
General Counsel, Peace Corps, Suite 8200, 1111 20th Street, NW., 
Washington, DC 20526. Contact Nancy G. Miller for copies of comments.

FOR FURTHER INFORMATION CONTACT: Nancy G. Miller, Associate General 
Counsel, 202-692-2150, [email protected].

SUPPLEMENTARY INFORMATION: Section 552a provides that the public be 
given a 30-day period in which to comment on the new system. The Office 
of Management and Budget (OMB), which has oversight responsibility 
under the Act, requires a 40-day period in which to review the proposed 
system. In accordance with 5 U.S.C. 552a, Peace Corps has provided a 
report on this system to OMB and the Congress.


System name:
    PC-33 Consolidated Incident Reporting System (CIRS).

Security classification:
    Not applicable.

System location:
    Office of the Chief Information Officer and the Office of Safety 
and Security, Peace Corps, 1111 20th St., NW., Washington, DC 20526, as 
well as Peace Corps overseas offices.

Categories of individuals covered by the system:
    Peace Corps Volunteers, Trainees, Peace Corps Response Volunteers, 
alleged offenders, and witnesses.

Categories of records in the system:
    Volunteer name; Volunteer contact information, including phone 
number, address, and/or e-mail address; Volunteer Tag (system-generated 
ID associated with the Volunteer's name); race/ethnicity; sex; country 
of incident; country of service; sector of assignment; marital status; 
age; Volunteer site; type of incident; date of incident; date incident 
was reported to post; time of incident; personnel notified; incident 
location; size of population of community (i.e., urban, intermediate, 
rural); nature and details of the incident; alcohol use by Volunteer at 
time of incident; weapon use by alleged offender; injury sustained; 
medical/counseling support provided; victim's intention to prosecute; 
and alleged offender's motive for committing incident; name of alleged 
offender; age range of alleged offender; gender of alleged offender; 
relationship of alleged offender to victim; alcohol use by alleged 
offender at time of incident; whether alleged offender was apprehended; 
information on witnesses, such as name and contact information; and 
post follow up or changes to original incident report, as noted in the 
updates section.

Authority for maintenance of the system:
    Peace Corps Act , 22 U.S.C. 2501 et seq.

Purpose(s):
    To provide a single central facility within the Peace Corps for 
tracking crimes against Volunteers; analyzing trends; and responding to 
requests from executive, legislative, and oversight bodies, as well as 
the public, for statistical crime data relating to criminal and other 
high-interest incidents. The Peace Corps will use this information for 
programmatic and training purposes in order to make informed decisions 
about potential changes in policy and/or programs. The system notifies 
in a timely manner Peace Corps headquarters and overseas staff who have 
a need to know when a crime has occurred against a Volunteer. Such 
staff make safety and security, medical, or management decisions 
regarding the Volunteer victim. The system also notifies the U.S. 
Embassy's Regional Security Officers covering the post whenever a crime 
against a Volunteer occurs so that they may initiate investigative 
procedures, as necessary.

Routine uses of records maintained in the system, including categories 
of users and the purpose of such users:
    General routine uses A through M apply to this system. In addition 
to general routine uses, the Peace Corps will use the data collected 
via the CIRS for programmatic and training purposes and to make 
informed decisions about potential changes in policy and/or programs.

Disclosure to consumer reporting agencies:
    None.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    In a protected database and in a locked file cabinet in a locked 
room.

Retrievability:
    Records are retrievable by any, all, or any combination of the 
following data fields: Volunteer name; contact information; Volunteer 
Tag; race/ethnicity; sex; country of incident, country of service; 
sector of assignment; marital status; age; Volunteer site; type of 
incident; date of incident; date incident was reported; time of 
incident; date of incident; names of personnel notified; size of 
population of community; incident location; nature and details of the 
incident/offense;

[[Page 132]]

alcohol use by Volunteer at time of incident; whether weapons were 
involved; type of injury; medical support provided; updates to the 
incident report; victim's intention to prosecute; and motive for 
committing incident; name of alleged offender; age range of alleged 
offender; gender of alleged offender; relationship of alleged offender 
to victim; alcohol use by alleged offender at time of incident; and 
whether alleged offender was apprehended; any available information on 
witness.

Safeguards:
    Names and social security numbers have been redacted from paper 
records that were collected until 2006. After 2006, social security 
numbers were no longer collected on the Volunteer. The crime incident 
database does not collect or store previously collected social security 
numbers. Accounts are created for Peace Corps staff for whom a business 
need exists, i.e., select staff in Director's office, Safety and 
Security, Regions, and Volunteer Support. Regional Security Officers 
and Assistant Regional Security Officers at the U.S. Embassy at post 
also receive CIRS accounts. Embassy officials must complete a 
Technology Access Agreement form to receive an account. All CIRS 
accounts require a user name and password. Access to Volunteer names 
and addresses in the reports is restricted to only those CIRS users who 
have a need to know. These include reporting post staff, Office of 
Volunteer Support staff who are responsible for medical support, and 
Regional Security Officers with the U.S. Embassy.
    Information is encrypted using 128-bit SSL and AES encryptions 
standards. The system platform went through the accreditation process 
in February 2008 (i.e., accreditation with the WebTrust seal) and 
through a SAS-70 Type II audit performed by a third party auditor.

Retention and disposal:
    As there is no records disposal schedule for this information, 
electronic and paper records are being retained indefinitely. Records 
are retained to allow for historical data and trends analysis. Paper 
files are redacted to remove Volunteer names and social security 
numbers. The annual Safety of the Volunteer report is kept on file 
permanently for historical reference.

System manager(s) and address:
    Social Science Analyst, Office Safety and Security, Peace Corps, 
1111 20th St., NW., Washington, DC 20526.

Notification procedure:
    Any individual who wants notification that this system of records 
contains a record about him or her should make a written request to the 
System Manager. Requesters will be required to provide adequate 
identification, such as a driver's license, employee identification 
card, or other identifying documentation. Additional identification may 
be required in some instances. Complete Peace Corps Privacy Act 
procedures are set out in 22 CFR Part 308.

Record access procedures:
    Any individual who wants access to his or her record should make a 
written request to the System Manager. Requesters will be required to 
provide adequate identification, such as a driver's license, employee 
identification card, or other identifying documentation. Additional 
identification may be required in some instances. Complete Peace Corps 
Privacy Act procedures are set out in 22 CFR Part 308.

Contesting record procedures:
    Any individual who wants to contest the contents of a record should 
make a written request to the System Manager. Requesters will be 
required to provide adequate identification, such as a driver's 
license, employee identification card, or other identifying 
documentation. Additional identification may be required in some 
instances. Requests for correction or amendment must identify the 
record to be changed and the corrective action sought. Complete Peace 
Corps Privacy Act procedures are set out in 22 CFR Part 308.

Record source categories:
    Record Subject.

Exemptions claimed for the system:
    None.

    Dated: December 23, 2008.
Carl R. Sosebee,
Acting General Counsel.
 [FR Doc. E8-31221 Filed 12-31-08; 8:45 am]
BILLING CODE 6015-01-P