[Federal Register Volume 74, Number 65 (Tuesday, April 7, 2009)]
[Pages 15720-15722]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-7818]



[FRL-8789-8; EPA-HQ-OEI-2007-1152]

Amendment to the Toxic Substances Control Act Confidential 
Business Information Records Access System, EPA-20

AGENCY: Environmental Protection Agency (EPA).

ACTION: Notice.


SUMMARY: Pursuant to the provisions of the Privacy Act of 1974 (5 
U.S.C. 552a), the Office of Pollution Prevention and Toxics is giving 
notice that it proposes to amend the ``Toxic Substance Control Act 
Confidential Business Information Records Access System'' to 
``Confidential Business Information Tracking System (CBITS)'' to 
correct the official name of the system of record notice (SORN), system 
location and system manager.

DATES: Persons wishing to comment on this system of records notice must 
do so by May 18, 2009.

ADDRESSES: Submit your comments, identified by Docket ID No. EPA-HQ-
2007-1152, by one of the following methods:
     http://www.regulations.gov: Follow the online instructions 
for submitting comments.
     E-mail: [email protected]
     Fax: 202-566-1752.
     Mail: OEI Docket, Environmental Protection Agency, 
Mailcode: 2822T, 1200 Pennsylvania Ave., NW., Washington, DC 20460.
     Hand Delivery: OEI Docket, EPA/DC, EPA West Building, Room 
B102, 1301 Constitution Ave., NW., Washington, DC. Such deliveries are 
only accepted during the Docket's normal hours of operation and special 
arrangements should be made for deliveries of boxed information.
    Instructions: Direct your comments to Docket ID No. EPA-HQ-OEI-
2007-1152. EPA's policy is that all comments received will be included 
in the public docket without change and may be made available online at 
http://www.regulations.gov, including any personal information 
provided, unless the comment includes information claimed to be 
Confidential Business Information (CBI) or other information for which 
disclosure is restricted by statute. Do not submit information that you 
consider to be CBI or otherwise protected through http://www.regulations.gov. The http://www.regulations.gov Web site is an 
``anonymous access'' system, which means EPA will not know your 
identity or contact information unless you provide it in the body of 
your comment. If you send an e-mail comment directly to EPA without 
going through http://www.regulations.gov your e-mail address will be 
automatically captured and included as part of the comment that is 
placed in the public docket and made available on the Internet. If you 
submit an electronic comment, EPA recommends that you include your name 
and other contact information in the body of your comment and with any 
disk or CD-ROM you submit. If EPA cannot read your comment due to 
technical difficulties and cannot contact you for clarification, EPA 
may not be able to consider your comment. Electronic files should avoid 
the use of special characters, any form of encryption, and be free of 
any defects or viruses. For additional information about EPA's public 
docket visit the EPA Docket Center homepage at http://www.epa.gov/epahome/dockets.htm.
    Docket: All documents in the docket are listed in the http://www.regulations.gov index. Although listed in the index, some 
information is not publicly available, e.g., CBI or other information 
for which disclosure is restricted by statute. Certain other material, 
such as copyrighted material, will be publicly available only in hard 
copy. Publicly available docket materials are available either

[[Page 15721]]

electronically in http://www.regulations.gov or in hard copy at the OEI 
Docket, EPA/DC, EPA West Building, Room B102, 1301 Constitution Ave., 
NW., Washington, DC. The Public Reading Room is open from 8:30 a.m. to 
4:30 p.m., Monday through Friday excluding legal holidays. The 
telephone number for the Public Reading Room is (202) 566-1744, and the 
telephone number for the OEI Docket is (202) 566-1752.

FOR FURTHER INFORMATION CONTACT:  Tony Cheatham, 202-564-8594.


I. General Information

    The ``Confidential Business Information Tracking System (CBITS)'' 
tracks documents received by the Environmental Protection Agency (EPA), 
Office of Pollution Prevention and Toxics (OPPT) as well as all 
information pertaining to the EPA, the contractors, and other 
government staff members that request access to Toxic Substances 
Control Act (TSCA) Confidential Business Information (CBI). CBITS has a 
major security module that tracks information on federal and contractor 
personnel, contractors, and other government staff members that have 
been granted approval to access TSCA CBI. The security module also 
tracks EPA OPPT contracts, contracting companies, and other off-site 
classified CBI locations. The system functionality allows an approved 
OPPT staff member or CBITS data base administrator (DBA) to create and 
modify profiles on federal and contractor personnel and contractor site 
information. Access to CBITS is limited to federal and contractor 
personnel responsible for the systems operations and management.
    In 1986, CBITS was developed to process and track TSCA CBI data and 
users approved to access CBI data. The security module was created to 
validate the user TSCA CBI security clearance in connection with 
reviewing CBI materials. The security module contained vital 
information such as name, social security number (SSN), company/
contractor identification, contractor site, and agency information that 
was required from the TSCA CBI Access Request, Agreement, and Approval 
Form, EPA Form 7740-6 (Rev. 10-03) and TSCA CBI ADP Registration Form, 
EPA Form 7740-25 (10-92). The SSN was a required data field in the 
system linked to user access of TSCA CBI and user profile reports. In 
October 2003, the EPA Form 7740-6 was revised to require the user to 
provide a 9 digit number replacing the SSN. Staff records prior to the 
revision contain the SSN for active and historical records.
    CBITS is maintained in a secured storage facility at EPA 
Headquarters by OPPT in Washington, DC where only authorized and TSCA 
CBI cleared personnel, EPA staff or contractor's that have rights to 
manage the system or have access are allowed. User profiles can only be 
accessed by the CBITS DBA and authorized system users that maintain the 
security module and personnel data. The process of accessing CBITS 
information is compliant with TSCA Security procedures, FISCAM 3.2 and 
NIST 800-18. All precautions and guidelines are met so that the 
confidentiality of the data is not compromised.

    Dated: March 23, 2009.
Linda A. Travers,
Acting Assistant Administrator and Chief Information Officer.

System Name:
    Confidential Business Information Tracking System.

System Location:
    Office of Pollution Prevention and Toxics, Information Management 
Division, Environmental Protection Agency, EPA East Building, 1200 
Pennsylvania Avenue NW., Washington, DC 20460.

Categories of Individuals Covered by the System:
    EPA and other Federal agency employees and Office of Pollution 
Prevention and Toxics contractor employees who are or have ever been 
authorized for access to Toxic Substances Control Act Confidential 
Business Information (TSCA CBI).

Categories of Records in the System:
    The system contains basic identification information such as name, 
EPA identification card number, date and place of birth, office of 
contractor for which the individual works and telephone number. In 
addition, the system contains information pertinent to TSCA CBI access 
such as security briefing date, date added to system, date deleted from 
system and type of access authorized. The system no longer collects 
SSNs but maintains those previously collected.

Authority for Maintenance of the System (includes any revisions or 
    Toxic Substances Control Act, 15 U.S.C. 2601 et seq.

    To maintain a record of those persons cleared for access to TSCA 
CBI and to maintain the security of TSCA CBI.

Routine Uses of Records Maintained in the System, Including Categories 
of Users, and the Purposes of Such Uses:
    General routine uses A, B, C, D, E, F, G, H, K, and L apply to this 
system. Records may also be disclosed:
    1. To other Federal agencies when they possess TSCA CBI and need to 
verify clearance of EPA.

Policies and Practices For Storing, Retrieving, Accessing, Retaining, 
and Disposing of Records in the System:
    Current records are maintained in a computer database. Some older 
records are maintained in hard copy files.

    From the computer database by addressing any type of data contained 
in the database, including name. From alphabetized hard copy files by 

    Computer records are maintained in a secure, password protected 
computer system. Paper records are maintained in safes. All records are 
maintained in secure, access-controlled areas or buildings.

Retention and Disposal:
    Information in this system is maintained and updated for so long as 
individuals identified in the system are authorized for access to TSCA 
CBI. EPA Records Schedule 624, Title: Confidential Business Information 
Access, NARA Disposal Authority: N1-412-03-20

System Manager(s) and Address:
    Director, Information Management Division, Office of Pollution 
Prevention and Toxics, Environmental Protection Agency, EPA East 
Building, 1200 Pennsylvania Avenue NW., Washington, DC 20460.

Notification Procedures:
    Any individual who wants to know whether this system of record 
contains a record about him or her, who wants access to his or her 
record, or who wants to contest the contents of a record, should make a 
written request to the Freedom of Information Office, ATTENTION: 
Privacy Act Officer.

Access Procedure:
    Requesters will be required to provide adequate identification, 
such as a driver's license, employee identification card, or other 
identifying document.

[[Page 15722]]

Additional identification procedures may be required in some instances.

Contesting Procedure:
    Requests for correction or amendment must identify the record to be 
changed and the corrective action sought. Complete EPA Privacy Act 
procedures are set out in 40 CFR Part 16.

Record Source Categories:
    Record subjects provide identification information. EPA personnel 
add information about dates and type of access authorized.

System exempted from certain provisions of the Privacy Act:

[FR Doc. E9-7818 Filed 4-6-09; 8:45 am]