[Federal Register Volume 76, Number 108 (Monday, June 6, 2011)]
[Notices]
[Pages 32355-32357]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-13364]


=======================================================================
-----------------------------------------------------------------------

BROADCASTING BOARD OF GOVERNORS


Privacy Act of 1974: New System Of Records

AGENCY: Broadcasting Board of Governors (BBG).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: BBG proposes to add a new system of records to its inventory 
of records systems subject to the Privacy Act of 1974 (5 U.S.C. 522a), 
as amended. The primary purposes of the system are: (a) To ensure the 
safety and security of BBG facilities, systems, or information, and our 
occupants and uses; (b) To verify that all persons entering federal 
facilities, using federal information resources, or accessing 
classified information are authorized to do so; (c) To track and 
control PIV card issued to persons entering and exiting the facilities 
using systems, or accessing classified information. This action is 
necessary to meet the requirements of the Privacy Act to publish in the 
Federal Register notice of the existence and character of records 
maintained by the agency (5 U.S.C. 522a(e)(4)).

DATES: This action will be effective without further notice on July 18, 
2011 unless comments are received that would result in a contrary 
determination.

ADDRESSES: Send written comments to the Broadcasting Board of 
Governors, Attn: Paul Kollmer, Chief Privacy Officer, 330 Independence 
Avenue, Room 3349, Washington, DC 20237.

FOR FURTHER INFORMATION CONTACT: Michael Lawrence, 202-382-7779.

SUPPLEMENTARY INFORMATION: The creation of this system of records is 
required to implement the Homeland Security Presidential Directive 12 
(HSPD-12) mandate to create a common identification standard for all 
Federal employees and contractors.

    International Broadcasting Bureau.
Richard M. Lobo,
Director.

Broadcasting Board of Governors (BBG)

System of Records Notice (SORN) for Personal Identity Verification 
(PIV) System

BROADCASTING BOARD OF GOVERNORS [BBG-20]

SYSTEM NAME:
    M/SEC-Office of Security (Personal Identity Verification (PIV) 
System).

SYSTEM LOCATION:
    Broadcasting Board of Governors (BBG), 330 Independence Avenue, 
SW., Washington, DC 20237.

[[Page 32356]]

SECURITY CLASSIFICATION:
    None.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who require regular, ongoing access to BBG facilities, 
information technology systems, or information classified in the 
interest of national security, including applicants for employment or 
contracts, federal employees, contractors, and individuals formerly in 
any of these positions. The system also includes individuals accused of 
security violations or found in violation. The system also includes 
individuals authorized to perform or use services provided in agency 
facilities (e.g., Fitness Center, Cafeteria, or etc.)
    The system does not apply to occasional visitors or short-term 
guests to whom BBG will issue temporary identification and credentials.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records maintained on individuals issued credentials by BBG include 
the following data fields: Full name; Social Security number; date of 
birth; signature; image (photograph); fingerprints; hair color; eye 
color; height; weight; organization/office of assignment; company name; 
telephone number; copy of background investigation form; PIV card issue 
and expiration dates; personal identification number (PIN); results of 
background investigation; PIV request form; PIV security sponsor 
approval signature; PIV card serial number; copies of documents used to 
verify identification or information derived from those documents such 
as document title, document issuing authority, document number, 
document expiration date, document other information); computer system 
user name; user access and permission rights, authentication 
certificates; and digital signature information.
    Records maintained on card holders entering BBG facilities or using 
BBG systems include: Name, PIV Card serial number; date, time, and 
location of entry and exit; company name; contain in the record but not 
on the PIV card and expiration date; digital signature information; 
computer networks/applications/data accessed.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301; Federal Information Security Act (Pub. L. 104-106, 
sec. 5113); Electronic Government Act (Pub. L. 104-347, sec. 203); the 
Paperwork Reduction Act of 1995 (44 U.S.C. 3501); and the Government 
Paperwork Elimination Act (Pub. L. 105-277, 44 U.S.C. 3504); Homeland 
Security Presidential Directive (HSPD) 12, Policy for a Common 
Identification Standard for Federal Employees and Contractors, August 
27, 2004; Federal Property and Administrative Act of 1949, as amended.

PURPOSE:
    The primary purposes of the system are: (a) To ensure the safety 
and security of BBG facilities, systems, or information, and our 
occupants and users; (b) To verify that all persons entering federal 
facilities, using federal information resources, or accessing 
classified information are authorized to do so; (c) To track and 
control PIV cards issued to persons entering and exiting the 
facilities, using systems, or accessing classified information.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Information about covered individuals may be disclosed without 
consent as permitted by the Privacy Act of 1974, 5 U.S.C. 552a(b) the 
Statement of General Routine Uses Applicable to All BBG System of 
Records Files, and:
     To a court or adjudicative body in a proceeding when: (a) 
The agency or any component thereof; (b) any employee of the agency in 
his or her official capacity; (c) any employee of the agency in his or 
her individual capacity where agency or the Department of Justice has 
agreed to represent the employee; or (d) the United States Government, 
is a party to litigation or has an interest in such litigation, and by 
careful review, the agency determines that the records are both 
relevant and necessary to the litigation and the use of such records is 
therefore deemed by the agency to be for a purpose that is compatible 
with the purpose for which the agency collected the records.
     Except as noted on Forms SF 85, 85-P, and 86, when a 
record on its face, or in conjunction with other records, indicates a 
violation or potential violation of law, whether civil, criminal, or 
regulatory in nature, and whether arising by general statute or 
particular program statute, or by regulation, rule, or order issued 
pursuant thereto, disclosure may be made to the appropriate public 
authority, whether Federal, foreign, State, local, or tribal, or 
otherwise, responsible for enforcing, investigating or prosecuting such 
violation or charged with enforcing or implementing the statute, or 
rule, regulation, or order issued pursuant thereto, if the information 
disclosed is relevant to any enforcement, regulatory, investigative or 
prosecutorial responsibility of the receiving entity.
     To a Federal State, or local agency, or other appropriate 
entities or individuals, or through established liaison channels to 
selected foreign governments, in order to enable an intelligence agency 
to carry out its responsibilities under the National Security Act of 
1947 as amended, the CIA Act of 1949 as amended, Executive Order 12333 
or any successor order, applicable national security directives, or 
classified implementing procedures approved by the Attorney General and 
promulgated pursuant to such statutes, orders or directives.
     To notify another federal agency when, or verify whether, 
a PIV card is no longer valid.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    Privacy Act information may be reported to consumer reporting 
agencies pursuant to 5 U.S.C. 552a(b)(12).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored in electronic media or in paper files in a 
secured Federal facility and a lockable storage area.

RETRIEVABILITY:
    Records are retrievable by name, Social Security number, other ID 
number, PIV card serial number, image (photograph), and fingerprint.

SAFEGUARDS:
    Paper records are kept in a controlled area, which uses electronic 
high security lock that is armed with motion detector. The motion 
detector is connected to a guard station that is manned on a constant 
basis. The controlled area is equipped with locked cabinets within a 
Security File Room. Access to paper records is restricted to 
individuals whose role requires use of the records. The computer 
servers in which records are stored are located in facilities that are 
secured by alarm systems and off-master key access. The computer 
servers themselves are password-protected. Access by individuals 
working at guard stations is password-protected; each person granted 
access to the system at guard stations must be individually authorized 
to use the system. A Privacy Act Warning Notice appears on the monitor 
screen when records containing information on individuals are first 
displayed. Data exchanged between the servers and the client PCs at the 
guard stations and badging office is encrypted. Backup tapes are stored 
in a locked and controlled room in a secure, off-site location.

[[Page 32357]]

    An audit trail is maintained and reviewed periodically to identify 
unauthorized access. Persons given roles in the PIV process must 
complete training specific to their roles to ensure they are 
knowledgeable about how to protect personally identifiable information.

RETENTION AND DISPOSAL:
    Pursuant to GRS 18, Item 22a records used to initiate background 
investigations; register and enroll individuals; manage the PIV card 
lifecycle; and, verify, authenticate and revoke PIV cardholder access 
to Federal resources are destroyed upon notification of death or not 
later than 5 years after separation or transfer of employee or no later 
than 5 years after contract relationship expires, whichever is 
applicable.
    Pursuant to GRS 11, Item PIV cards are destroyed three months after 
they are returned to the issuing office. Pursuant to GRS 11, Item 4a 
identification credentials are destroyed by cross-cut shredding no 
later than 90 days after deactivation.
    Pursuant to GRS 18, Item 17 registers or logs used to record names 
of outside contractors, service personnel, visitors, employees admitted 
to areas, and reports on automobiles and passengers for areas under 
maximum security are destroyed five years after final entry or five 
years after date of document, as appropriate.
    Other documents pursuant to GRS 18, Item 17b are destroyed two 
years after final entry or two years after date of document, as 
appropriate.

SYSTEM MANAGER(S) AND ADDRESS:
    Michael Lawrence, Director of Security (DAA/SAO), International 
Broadcasting Bureau, 330 C Street, SW., Room 4117, Washington, DC 
20237, (202) 382-7779, [email protected].

NOTIFICATION PROCEDURES:
    Individuals seeking notification of and access to any record 
contained in this system of records, or seeking to contest its content, 
may submit a request in writing to the BBG FOIA Office, whose contact 
information can be found at http://www.bbg.gov/reports/foia/. If an 
individual believes more than one component maintains Privacy Act 
records concerning him or her, the individual may submit the request to 
the Chief FOIA Officer, Broadcasting Board of Governors, 330 
Independence Avenue, SW., Room 3349, Washington, DC 20237.
    When seeking records about yourself from this system of records or 
any other Agency system of records your request must conform with the 
Privacy Act regulations set forth in 6 CFR part 5. You must first 
verify your identity, meaning that you must provide your full name, 
current address and date and place of birth. You must sign your 
request, and your signature must either be notarized or submitted under 
28 U.S.C. 1746, a law that permits statements to be made under penalty 
or perjury as a substitute for notarization. While no specific form is 
required, you may obtain forms for this purpose from the BBG FOIA 
Office at the address above or by calling 202-203-4550.
    In addition to the requirements above, in your request you should:
    --Provide an explanation of why you believe the Agency would have 
information about you;
    --Identify which component(s) of the Agency you believe may have 
the information about you;
    --Specify when you believe the records would have been created;
    --Provide any other information that will help the FOIA staff 
determine which BBG component agency may have responsive records;
    --If your request is seeking records pertaining to another living 
individual, you must include a statement from that individual 
certifying his/her agreement for you to access his/her records.
    Without this bulleted information the component(s) will not be able 
to conduct an effective search, and your request may be denied due to 
lack of specificity or lack of compliance with applicable regulations.

RECORDS ACCESS PROCEDURES:
    See ``Notification Procedures'' above.

CONTESTING RECORD PROCEDURES:
    See ``Notification Procedures'' above.

RECORD SOURCE CATEGORIES:
    Employee, contractor, or applicant; sponsoring agency; former 
sponsoring agency; other federal agencies; contract employer; former 
employer.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.
[FR Doc. 2011-13364 Filed 6-3-11; 8:45 am]
BILLING CODE 8610-01-P