[Federal Register Volume 74, Number 133 (Tuesday, July 14, 2009)]
[Notices]
[Pages 34033-34035]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-16595]


-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

Geological Survey


Privacy Act of 1974, as Amended; Notice of a New System of 
Records

AGENCY: U.S. Geological Survey, Department of the Interior.

ACTION: Notice of creation of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended (5 U.S.C. 552a), the Department of the Interior (DOI) is 
issuing a public notice of its intent to create the U.S. Geological 
Survey ``Earthquake Hazards Program Earthquake Information'' system of 
records. The system includes individuals' e-mail addresses, and in some 
cases their name and address, for Program staff to reply to inquiries 
from those individuals for dissemination of requested earthquake-
related information in real time, and for creating Web-accessible maps 
of earthquake-shaking by Zip code in real time.

DATES: Comments must be received by August 24, 2009.

ADDRESSES: Any person interested in commenting on this new notice may 
do so by: Submitting comments in writing to USGS Privacy Act Officer, 
12201 Sunrise Valley Drive, MS807, Reston, Virginia 20192; hand-
delivering comments to 12201 Sunrise Valley Drive, Reston, Virginia 
20192; or e-mailing comments to [email protected]. Before including 
your address, phone number, e-mail address, or other personal 
identifying information in your comment, you should be aware that your 
entire comment--including your personal identifying information--may be 
made publicly available at any time. While you can ask us in your 
comment to withhold your personal identifying information from public 
review, we cannot guarantee that we will be able to do so.

FOR FURTHER INFORMATION CONTACT: U.S. Geological Survey Privacy Act 
Officer, Deborah Kimball, 12201 Sunrise Valley Drive, Reston, Virginia 
20192 by e-mail to [email protected], or by phone at (703) 648-7158.

SUPPLEMENTARY INFORMATION: U.S. Geological Survey maintains the 
Earthquake Hazards Program Earthquake Information system of records. 
The purpose of this system is to make earthquake information available 
to members of the public who request to participate in exchanges of 
earthquake information by e-mail notification, Web site publications, 
and real-time data pushes/pulls to clients. The new system will be 
effective as proposed at the end of the comment period (the comment 
period will end 40 days after the publication of this notice in the 
Federal Register), unless comments are received which would require a 
contrary determination. DOI will publish a revised notice if changes 
are made based upon a review of the comments received.

Deborah Kimball,
USGS Privacy Act Officer.
USGS-2

SYSTEM NAME:
    ``Earthquake Hazards Program Earthquake Information'', USGS-2.

SYSTEM LOCATION(S):
    USGS Geologic Hazards Team, 1711 Illinois St, Golden, CO 80401.
    Denver Federal Center, Building 53, Lakewood, CO 80225.
    USGS Earthquake Hazards Team, 345 Middlefield Rd., Menlo Park, CA 
94025.
    USGS Pasadena Field Office, 525 S. Wilson Ave., Pasadena, CA 91106.
    EROS Data Center, 47914 252nd St., Sioux Falls, SD 57198.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    (1) Individuals who have requested information from the Earthquake 
Hazards Program (EHP) or have reported a Web site problem to the EHP 
Web Team. (2) Individuals who have signed up to receive e-mail 
announcements from various projects within the EHP. (3) Individuals who 
have subscribed to the Earthquake Notification Service. (4) Individuals 
who have entered data in the citizen science system(s).

CATEGORIES OF RECORDS IN THE SYSTEM:
    The information retained in the system contains the following 
information from the individuals covered by the system: e-mail address, 
in some cases login id, login password, username, and non-mandatory 
data that may include the name, affiliation, phone number, and postal 
address.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    This system of records is maintained under the authority of NEHRP 
(National Earthquake Hazards Reduction Program), established by 
Congress in 1977 (Pub. L. 95-124) and the Advanced National Seismic 
System (Pub. L. 106-503 and Pub. L. 108-360).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    The primary purposes of the records is: To make earthquake 
information available to members of the public who request to 
participate in exchanges of earthquake information by e-mail 
notification, Web site publications, and real-time data pushes/pulls to 
clients.

DISCLOSURES OUTSIDE DOI MAY BE MADE WITHOUT THE CONSENT OF THE 
INDIVIDUAL TO WHOM THE RECORD PERTAINS UNDER THE ROUTINE USES LISTED 
BELOW:
    (1)(a) To any of the following entities or individuals, when the 
circumstances set forth in paragraph (b) are met:
    (i) The U.S. Department of Justice (DOJ);
    (ii) A court or an adjudicative or other administrative body;
    (iii) A part in litigation before a court or an adjudicative or 
other administrative body; or
    (iv) Any DOI employee acting in his or her individual capacity if 
DOI or DOJ has agreed to represent that employee or pay for private 
representation of the employee;
    (b) When:
    (i) One of the following is a party to the proceeding or has an 
interest in the proceeding:
    (A) DOI or any component of DOI;
    (B) Any other Federal agency appearing before the Office of 
Hearings and Appeals;
    (C) Any DOI employee acting in his or her official capacity;
    (D) Any DOI employee acting in his or her individual capacity if 
DOI or DOJ has agreed to represent that employee or pay for private 
representation of the employee;
    (E) The United States, when DOJ determines that DOI is likely to be 
affected by the proceeding; and
    (ii) DOI deems the disclosure to be:
    (A) Relevant and necessary to the proceeding; and
    (B) Compatible with the purpose for which the records were 
compiled.
    (2) To a congressional office in response to a written inquiry that 
an individual covered by the system, or the heir of such individual if 
the covered individual is deceased, has made to the office.
    (3) To any criminal, civil, or regulatory law enforcement authority 
(whether Federal, State, territorial, local, Tribal or foreign) when a 
record, either alone or in conjunction with other information, 
indicates a violation or

[[Page 34034]]

potential violation of law--criminal, civil, or regulatory in nature, 
and the disclosure is compatible with the purpose for which the records 
were compiled.
    (4) To an official of another Federal agency to provide information 
needed in the performance of official duties related to reconciling or 
reconstructing data files or to enable that agency to respond to an 
inquiry by the individual to whom the record pertains.
    (5) To Federal, State, territorial, local, Tribal, or foreign 
agencies that have requested information relevant or necessary to the 
hiring, firing or retention of an employee or contractor, or the 
issuance of a security clearance, license, contract, grant or other 
benefit, when the disclosure is compatible with the purpose for which 
the records were compiled.
    (6) To representatives of the National Archives and Records 
Administration to conduct records management inspections under the 
authority of 44 U.S.C. 2904 and 2906.
    (7) To State and local governments and Tribal organizations to 
provide information needed in response to court order and/or discovery 
purposes related to litigation, when the disclosure is compatible with 
the purpose for which the records were compiled.
    (8) To an expert, consultant, or contractor (including employees of 
the contractor) of DOI that performs services requiring access to these 
records on DOI's behalf to carry out the purposes of the system.
    (9) To appropriate agencies, entities, and persons when:
    (a) It is suspected or confirmed that the security or 
confidentiality of information in the system of records has been 
compromised; and
    (b) The Department has determined that as a result of the suspected 
or confirmed compromise there is a risk of harm to economic or property 
interest, identity theft or fraud, or harm to the security or integrity 
of this system or other systems or programs (whether maintained by the 
Department or another agency or entity) that rely upon the compromised 
information; and
    (c) The disclosure is made to such agencies, entities and persons 
who are reasonably necessary to assist in connection with the 
Department's efforts to respond to the suspected or confirmed 
compromise and prevent, minimize, or remedy such harm.
    (10) To the Office of Management and Budget during the coordination 
and clearance process in connection with legislative affairs as 
mandated by OMB Circular A-19.
    (11) To the Department of the Treasury to recover debts owed to the 
United States.
    (12) To the news media when the disclosure is compatible with the 
purpose for which the records were compiled.
    (13) To a consumer reporting agency if the disclosure requirements 
of the Debt Collection Act, as outlined at 31 U.S.C. 3711(e)(1), have 
been met.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    All records are maintained in a relational MySQL database stored on 
hard disk on each of the Web servers in Golden, CO; Denver, CO; Menlo 
Park, CA; Pasadena, CA; Sioux Falls, SD, and backed up on magnetic 
tape. Electronic requests sent to the ``Web Team'' e-mail contact 
designated in the footer of every Web page on the Earthquake Hazards 
Program Web site, which contains the return e-mail address of the 
inquirer, are deleted as soon as a response to the inquiry is sent to 
the inquirer.

RETRIEVABILITY:
    All data in the database can be accessed by the database 
administrators by any mandatory field, which includes e-mail address or 
account name.

SAFEGUARDS:
    (1) Physical Security: The systems are physically housed in 
Government offices consisting of locked rooms with floor to ceiling 
walls. Access is granted through a proximity card system. Backup tapes 
are stored at the Denver Federal Center in Building 25 in Room 1860, 
with access granted through a proximity card system, and in Menlo Park 
Building 11 and 3, with access granted through a proximity card system.
    (2) Technical Security: Electronic records are maintained in 
conformity with Office of Management and Budget, National Institute of 
Standards Technology and Departmental requirements reflecting the 
implementation of the Federal Information Security Management Act. 
Electronic data is protected through user identification, passwords, 
database permissions, a Privacy Act Warning, and software controls. 
These security measures establish different degrees of access for 
different types of users. The security controls protecting these 
databases are implemented in a hierarchical manner. The top layer is 
the Department of the Interior's Enterprise Services Network (ESN) 
security infrastructure which includes firewalls maintained in 
accordance with Department of Interior standards, Active-Scout 
Intrusion Detection, and a Juniper Intrusion Detection and Prevention 
(IDP) system. Additional security methods are implemented at each site: 
Firewalls, SSH, TCPwrappers, and Microsoft Active Directory. In 
addition to the layers of security described above, database access is 
controlled by restricted access to http://usgs.gov domains and by IP 
address, system user authentication, database access (table and row 
level) via grants, and specific database-table access by user account 
restrictions. Privacy information sent via the Internet is encrypted by 
SSL. The Security Plan addresses the Department's Privacy Act safeguard 
requirements for Privacy Act systems at 43 CFR 2.51. A Privacy Impact 
Assessment was completed to ensure that Privacy Act requirements and 
safeguards are sufficient and in place. Its provisions will be updated 
as needed to ensure that Privacy Act requirements continue to be met.
    (3) Administrative Security: Access is strictly limited to 
authorized personnel whose official duties require such access. All 
Departmental and contractor employees with access to the records are 
required to complete Privacy Act, Federal Records Act, and Information 
Technology Security Awareness training prior to being given access to 
the system, and on an annual basis, thereafter. All users sign security 
forms stating they will neither misuse government computers nor the 
information contained therein. In addition, managers and supervisors of 
users monitor the use of the database and ensure that the information 
is used in accordance with certified and accredited business practices.

RETENTION AND DISPOSAL:
    The records in the system are retained and disposed of in 
accordance with National Archives and Records Administration procedures 
and General Records Schedule 308-01 and 310-01.

SYSTEM MANAGER AND ADDRESS:
    ANSS Manager, USGS-GD-GHT, DFC P.O. Box 25046 MS-966, Denver, CO 
80225.

NOTIFICATION PROCEDURES:
    An individual requesting notification of the existence of records 
on himself or herself should send a signed, written inquiry to the 
Systems Manager identified above. The request envelope and letter 
should both be clearly marked ``PRIVACY ACT INQUIRY.'' A request for 
notification must meet the requirements of 43 CFR 2.60.

[[Page 34035]]

RECORDS ACCESS PROCEDURES:
    An individual requesting records on himself or herself should send 
a signed, written inquiry to the System Manager identified above. The 
request should describe the records sought as specifically as possible. 
The request envelopes and letter should both be clearly marked 
``PRIVACY ACT REQUEST FOR ACCESS.'' A request for access must meet the 
requirements of 43 CFR 2.63.

CONTESTING RECORD PROCEDURES:
    An individual requesting corrections or the removal of material 
from his or her records should send a signed, written request to the 
System Manager identified above. A request for corrections or removal 
must meet the requirements of 43 CFR 2.71.

RECORD SOURCE CATEGORIES:
    Information in this system is obtained from the individuals who 
access the Earthquake Hazards Program Web site and fill out one of the 
forms either to provide information or to request information.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.

[FR Doc. E9-16595 Filed 7-13-09; 8:45 am]
BILLING CODE 4311-AM-P