[Federal Register Volume 76, Number 154 (Wednesday, August 10, 2011)]
[Notices]
[Pages 49484-49485]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-20271]


=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

[Notice CIB-2011-2; Docket-2011-0004; Sequence 4]


Privacy Act of 1974; Notice of New System of Records

AGENCY: General Services Administration.

ACTION: New notice.

-----------------------------------------------------------------------

SUMMARY: GSA proposes to establish a new system of records subject to 
the Privacy Act of 1974, as amended, 5 U.S.C. 552a.

DATES: Effective September 9, 2011.

FOR FURTHER INFORMATION CONTACT: Call or e-mail the GSA Privacy Act 
Officer: telephone 202-208-1317; e-mail [email protected].

ADDRESSES: GSA Privacy Act Officer (CIB), General Services 
Administration, 1275 First Street, NE., Washington, DC 20417.

SUPPLEMENTARY INFORMATION: GSA proposes to establish a new system of 
records subject to the Privacy Act of 1974, 5 U.S.C. 552a. The new 
system will allow GSA Users to utilize two factor authentication to 
access Google Apps for Government implementation used by the GSA.

    Dated: July 26, 2011.
Cheryl M. Paige,
Director, Office of Information Management.
GSA/CIO-2

SYSTEM NAME:
    Enterprise Server Services (ESS)

SYSTEM LOCATION:
    Enterprise Server Services is a singular component system managed 
by the Systems Solutions Division, a division of Office of the Chief 
Information Officer. The ESS system is housed in secure datacenters 
hosted by GSA in each of its regional office buildings and in various 
additional secure datacenters throughout the National Capital Region, 
including Crystal City, Willow Wood, GSA Central Office Building, and 
GSA's temporary facility at Constitution Square. In addition, some 
employees and contractors may download and store information from this 
system. Those copies are located within the employee and contractor's 
office.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Only one category of individual is covered by this system, 
collectively referred to as ``GSA Users'', which are individuals who 
require routine access to agency information technology systems, 
including federal employees, contractors, child care workers and other 
temporary workers with similar access requirements. The system does 
apply to or contain occasional visitors or short-term guests.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system contains information needed to utilize two factor 
authentication to access Google Apps for Government. Records may 
include, but not necessarily be limited to:
     Employee/contractor/other worker's full name
     Organization/office of assignment
     Company/agency name
     Work Address
     GSA Assigned work telephone number
     Personal home or mobile phone
     Personal e-mail addresses

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301, 40 U.S.C. 121, 40 U.S.C. 11315, 44 U.S.C. 3506, E.O. 
9397, as amended, and Homeland Security Presidential Directive 12 
(HSPD-12).

PURPOSES:
    To allow GSA to utilize two factor authentication to access Google 
Apps for Government implementation used by the GSA.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    All GSA Users utilize two factor authentication to access Google 
Apps for Government.
    a. To a Member of Congress or to a Congressional staff member in 
response to an inquiry of the Congressional office, made at the written 
request of the constituent about whom the record is maintained.
    b. To the National Archives and Records Administration (NARA) or to 
the General Services Administration for records management purposes.
    c. To agency contractors, grantees, consultants or volunteers who 
have been engaged to assist the agency in the performance of a contract 
service, grant, cooperative agreement, or other activity related to 
this system of records and who needs to have access to records in order 
to perform their activity. Recipients shall be required to comply with 
the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a, 
the Federal Information Security Management Act (Pub. L. 107-296), and 
associated OMB policies, standards and guidance from the National 
Institute of Standards of Technology, and the General Services 
Administration.
    d. To a Federal agency, State, local, foreign, or tribal or other 
public authority, on request, in connection with the hiring or 
retention of an employee, the issuance or retention of a security 
clearance, the letting of a contract, or the issuance or retention of a 
license, grant, or other benefit, to the extent that the information is 
relevant and necessary to the requesting agency's decision.
    e. To the Office of Management and Budget (OMB) when necessary to 
the review of private relief legislation pursuant to OMB circular No. 
A-19.
    f. To designated agency personnel for controlled access to specific 
records for the purpose of performing authorized audit or authorized 
oversight and administrative credentials based on access and 
authorization rules specific audit and administrative functions.
    g. To the Office of Personnel Management (OPM), the Office of 
Management and Budget (OMB), the Government Accountability Office 
(GAO), or other Federal agencies when the information is required for 
program evaluation purposes.
    h. To appropriate agencies, entities, and persons when (1) the 
Agency suspects or has confirmed that the security or confidentiality 
of

[[Page 49485]]

information in the system of records has been compromised; (2) the 
Agency has determined that as a result of the suspected or confirmed 
compromise there is a risk of harm to economic or property interests, 
identity theft or fraud, or harm to the security or integrity of this 
system or other systems or programs (whether maintained by GSA or 
another agency or entity) that rely upon the compromised information; 
(3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with GSA's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    i. In any criminal, civil or administrative legal proceeding, where 
pertinent, to which GSA, a GSA employee, or the United States or other 
entity of the United States Government is a party before a court or 
administrative body.
    j. To an appeal, grievance, hearing, or complaints examiner; an 
equal employment opportunity investigator, arbitrator, or mediator; 
and/or an exclusive representative or other person authorized to 
investigate or settle a grievance, complaint, or appeal filed by an 
individual who is the subject of the record.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING 
AND DISPOSING OF RECORDS IN THE SYTEM:
STORAGE:
    Computer records are stored on a secure server and accessed over 
the Web via encryption software. Paper records, when created, are kept 
in file folders and cabinets in secure rooms. When individuals download 
information, it is kept on password secured computer and it is their 
responsibility to protect the data, including compliance with HCO 
2180.1, GSA Rules of Behavior for Handling Personally Identifiable 
Information (PII).

RETRIEVABILITY:
    Records are retrievable by a combination of first name and last 
name. Group records are retrieved by organizational code.

SAFEGUARDS:
    Access is limited to authorized individuals with passwords or keys. 
Computer records are protected by a password system that is compliant 
with National Institute of Standards and Technology standards. Paper 
records are stored in locked metal containers or in secured rooms when 
not in use. Information is released to authorized officials based on 
their need to know.

RETENTION AND DISPOSAL:
    Records are retained and disposed of according to GSA records 
maintenance and disposition schedules, GSA Records Maintenance and 
Disposition System (CIO P 1820.1), and requirements of the National 
Archives and Records Administration.

SYSTEM MANAGER AND ADDRESS:
    Program Manager, Center for Applied Solutions, General Services 
Administration, 1275 First Street, N.E., Washington, DC 20417.

NOTIFICATION PROCEDURE:
    An individual can determine if this system contains a record 
pertaining to him/her by sending a request in writing, signed, to the 
System Manager at the above address. When requesting notification of or 
access to records covered by this notice, an individual should provide 
his/her full name, date of birth, region/office, and work location. An 
individual requesting notification of records in person must provide 
identity documents sufficient to satisfy the custodian of the records 
that the requester is entitled to access.

RECORD ACCESS PROCEDURES:
    Individuals wishing to access their own records should contact the 
system manager at the address above.

CONTESTING RECORD PROCEDURES:
    Rules for contesting the content of a record and appealing a 
decision are contained in 41 CFR 105-64.

RECORD SOURCE CATEGORIES:
    The sources for information in the system are the individuals about 
whom the records are maintained, the supervisors of those individuals, 
existing GSA systems, sponsoring agency, former sponsoring agency, 
other Federal agencies, contract employer, former employer, and the 
U.S. Office of Personnel Management (OPM).

[FR Doc. 2011-20271 Filed 8-9-11; 8:45 am]
BILLING CODE 6820-34-P