[Federal Register Volume 79, Number 148 (Friday, August 1, 2014)]
[Notices]
[Pages 44854-44856]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2014-18271]


-----------------------------------------------------------------------

DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT

[Docket No. FR-5763-N-07]


Privacy Act; Notification of Amended Privacy Act System of 
Records, Privacy Act Request and Appeals Files

AGENCY: Office of the Chief Information Officer, HUD.

ACTION: Notification of amended system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974 (U.S.C. 552a(e)(4)), as 
amended, and Office of Management and Budget (OMB), Circular No. A-130, 
notice is hereby given that the Department of Housing and Urban 
Development (HUD), Office of the Chief Information Officer (OCIO) has 
amended one of its system of records entitled the ``Privacy Act Request 
and Appeals Files'', previously known as ``HUD/Dept-52, Privacy Act 
Record Files''. Additionally, the amended notices serve to convey 
information established under the previously published system of 
records in a more clear and cohesive format. The amended system of 
records will be included in the Department of Housing and Urban 
Development's inventory of systems of records and will replace the HUD/
Dept-52, Privacy Act Record Files system of records reported under 
HUD's Library of Routine Uses, published in the Federal Register on 
(July 17, 2012 at 77 FR 41996). The changes under this notice are non-
substantive and thus do not meet the threshold requirements for filing 
a report to OMB and Congress.

DATES: Effective Date: This action shall be effective immediately 
August 1, 2014.

ADDRESSES: Interested persons are invited to submit comments regarding 
this notice to the Rules Docket Clerk, Office of the General Counsel, 
Department of Housing and Urban Development, 451 Seventh Street SW., 
Room 10276, Washington, DC 20410-0500. Communication should refer to 
the above docket number and title. A copy of each communication 
submitted will be available for public inspection and copying between 
8:00 a.m. and 5:00 p.m. weekdays at the above address.

FOR FURTHER INFORMATION CONTACT: Donna Robinson-Staton, Chief Privacy 
Officer, 451 Seventh Street SW., Washington, DC 20410 (Attention: 
Capitol View Building, 4th Floor), telephone number: (202) 402-8073. 
[The above telephone number is not a toll free number.] A 
telecommunications device for hearing- and speech-impaired persons 
(TTY) is available by calling the Federal Information Relay Service's 
toll-free telephone number (800) 877-8339.

SUPPLEMENTARY INFORMATION: This system of records is maintained by 
HUD's Office of the Chief Information Officer, and includes personally 
identifiable information submitted by individuals requesting access or 
amendment to records maintained by the Department. The system 
encompasses programs and services in place for the Department's data 
collection and management practices. Publication of this notice allows 
HUD to

[[Page 44855]]

publish up-to-date and clear information on the system of records. The 
revised proposal will incorporate Federal privacy requirements, and HUD 
policy requirements. The Privacy Act provides certain safeguards for an 
individual against an invasion of personal privacy by requiring Federal 
agencies to protect records contained in an agency system of records 
from unauthorized disclosure, by ensuring that information is current 
for its intended use, and by providing adequate safeguards to prevent 
misuse of such information. Additionally, this notice demonstrates the 
Department's focus on industry best practices in protecting the 
personal privacy of the individuals covered by this system 
notification. This notice states the name and location of the record 
system, the authority for and manner of its operations, the categories 
of individuals that it covers, the type of records that it contains, 
the sources of the information for those records, the routine uses made 
of the records and the types of exemption in place for the records. In 
addition, the notice includes the business address of the HUD officials 
who will inform interested persons of the procedures whereby they may 
gain access to and/or request amendments to records pertaining to them.
    This publication does not meet the threshold requirements for 
filing a report to the Office of Management and Budget (OMB), the 
Senate Committee on Homeland Security and Governmental Affairs, and the 
House Committee on Government Reform as instructed by Paragraph 4c of 
Appendix 1 to OMB Circular No. A-130, ``Federal Agencies 
Responsibilities for Maintaining Records About Individuals,'' July 25, 
1994 (59 FR 37914).

    Authority:  5 U.S.C. 552a; 88 Stat. 1896; 42 U.S.C. 3535(d).

    Dated: July 28, 2014.
Rafael C. Diaz,
Chief Information Officer.
CIO/QMPP.01

SYSTEM NAME:
    Privacy Act Request and Appeals Files.

SYSTEM LOCATION:
    Privacy Act Office, Freedom of Information Act Office, 451 Seventh 
Street SW., Washington, DC 20715. The system file may be accessible at 
HUD Field and Regional offices \1\ where in some cases Privacy Act 
records are maintained.
---------------------------------------------------------------------------

    \1\ http://portal.hud.gov/hudportal/HUD?src=/localoffices.
---------------------------------------------------------------------------

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system contains correspondence and other documents related to 
request made by individuals to HUD's Privacy Office or Freedom of 
Information Act (FOIA) Office when inquiring about the existence of 
records about themselves, access and/or correction to those records, or 
when requesting review of an initial denial of a request.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Name, address, telephone number, Social Security Number, and other 
individually identifying information of requester, nature of the 
request, and records reflecting processing and disposition of the 
request by the Department.

AUTHORITY FOR MAINTNENACE OF THE SYSTEM:
    Privacy Act, 5 U.S.C. 552a(c).

PURPOSE(S):
    This system is used to handle the workload for Privacy Act 
requests. This includes the assigning of work, processing work 
electronically, tracking requests, and responding to requests received 
by the Department. The records in the systems are used by the Privacy 
Act and FOIA staff involved in the processing of Privacy Act requests, 
as well as by appeals officials and members of the Office of General 
Counsel, when applicable.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    Records may be disclosed from this system for routine uses to:
    1. A congressional office, from the record of an individual, in 
response to a verified inquiry from the congressional office made at 
the written request of that individual.
    2. The Department of Justice for the purpose of obtaining advice 
regarding whether or not the records should be disclosed, when 
applicable.
    3. Records may be disclosed to student volunteers, individuals 
working under a personal services contract, and other individuals 
performing functions for the Department but technically not having the 
status of agency employees, if they need access to the records in order 
to perform their assigned agency functions.
    4. To contractors, grantees, experts, consultants, and the agents 
of thereof, and others performing or working on a contract, service, 
grant, cooperative agreement with HUD, when necessary to accomplish an 
agency function related to its system of records, limited to only those 
data elements considered relevant to accomplishing an agency function. 
Individuals provided information under this routine use is subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to HUD officers and employees.
    5. To appropriate agencies, entities, and persons when: (a) HUD 
suspects or has confirmed that the security or confidentiality of 
information in a system of records has been compromised; (b) HUD has 
determined that, as a result of the suspected or confirmed compromise, 
there is a risk of harm to economic or property interests, identity 
theft or fraud, or harm to the security or integrity of systems or 
programs (whether maintained by HUD or another agency or entity) that 
rely upon the compromised information; and (c) the disclosure made to 
such agencies, entities, and persons is reasonably necessary to assist 
in connection with HUD's efforts to respond to the suspected or 
confirmed compromise and prevent, minimize, or remedy such harm for 
purposes of facilitating responses and remediation efforts in the event 
of a data breach.
    6. To appropriate agencies, entities, and persons to the extent 
such disclosures are compatible with the purpose for which the records 
in this system were collected, as set forth by Appendix I \2\--HUD's 
Library of Routine Uses published in the Federal Register on (July 17, 
2012 at 77 FR 41996).
---------------------------------------------------------------------------

    \2\ http://portal.hud.gov/hudportal/documents/huddoc?id=append1.pdf.
---------------------------------------------------------------------------

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    The original, or a copy, of the incoming request and the written 
response are maintained in case file folders and stored in metal file 
cabinets. Cross-reference data is maintained in a correspondence 
control log stored in a personal computer and printed as hard copy on 
paper file and stored in file metal file cabinets as needed.

RETRIEVABILITY:
    Records are almost always retrieved by the name of the individual 
who made the Privacy Act and FOIA related request during a given 
calendar year. Incoming Privacy Act requests that are related to FOIA 
are assigned a system-generated case file number that identifies the 
year in which the request was made, and the number of the request. 
Requests unrelated to FOIA are

[[Page 44856]]

submitted to the Privacy Act Office, and assigned the requestors name 
that identifies the year in which the request was made and the number 
of the request made.

SAFEGUARDS:
    1. Access to records is restricted to Privacy Act staff, involved 
program officials, FOIA staff, appeals officials, and members of the 
Office of General Counsel involved in the processing of Privacy Act 
requests and/or appeals.
    2. Physical Safeguards: The case file folders are stored in file 
cabinets in secure areas that are either occupied by staff personnel 
involved in processing Privacy Act requests and appeals or locked up 
during non-working hours, or whenever staff is not present in these 
areas. In addition, entrance to the buildings where case files are 
maintained is controlled by security guards.
    3. Procedural Safeguards: Access to records is limited to those 
staff members who are familiar with Privacy Act or FOIA related request 
that have a need-to-know. System Managers are held responsible for 
safeguarding the records under their control. Cross-reference data is 
maintained in a correspondence control log stored in a personal 
computer for which access is granted by User ID and Password.

RETENTIONAL AND DISPOSAL:
    The National Archives and Records Administration issues General 
Records Schedules 14 provide disposition authorization for records 
related to Privacy Act Request as follows:
    1. Case files are retained for two years after date of response, 
and destroyed when access to all requested records is granted, and not 
appealed (NC1-64-77-1, item 25a1).
    2. Case files are retained for two years after date of response for 
nonexistent records and then destroyed, when not appealed (NCI-64-77-1, 
Item 25a2a).
    3. Case files are retained and destroyed five years when access to 
all or part of the records is denied, and not appealed (NC1-64-77-1, 
Item 25a3a).
    4. In the event of an appeal, the files are destroyed six years 
after final determination by the Department, or three years after final 
adjudication by the courts, or six years after the time at which a 
requester could file suit, whichever is later.
    5. Correspondence control logs are destroyed six years after the 
date of last entry. Records are to be destroyed when superseded or when 
requested documents are declassified or destroyed under the prescribed 
General Records Schedule (NCI87-7, Item31c). Hence, paper based records 
will be destroyed by burning; Electronic records will be destroyed per 
NIST SP 800-88 ``Guidelines for Media Sanitization'' (September 2006).

SYSTEM MANAGER(S) AND ADDRESS:
    Donna Robinson-Staton, Chief Privacy Officer, 451 Seventh Street 
SW., Washington, DC 20410 (Attention: Capitol View Building, 4th 
Floor), telephone number: (202) 402-8073. (see Appendix I, following, 
for additional locations where in some cases Privacy Act records are 
accessed and maintained.

NOTIFICATION AND ACCESS PROCEDURES:
    Donna Robinson-Staton, Chief Privacy Officer, 451 Seventh Street 
SW., Washington, DC 20410 (Attention: Capitol View Building, 4th 
Floor), telephone number: (202) 402-8073, in accordance with the 
procedures in 24 CFR Part 16. The Department's rules for providing 
access to records to the individual concerned appear in 24 CFR Part 16. 
A person may request access to these records in writing.

CONTESTING RECORDS PROCEDURES:
    The Department's rules for contesting the contents of records and 
appealing initial denials, by the individual concerned, appear in 24 
CFR Part 16. If additional information or assistance is needed, it may 
be obtained by contacting:
    (i) In relation to contesting contents of records, the Departmental 
Privacy Act, Department of Housing and Urban Development, 451 Seventh 
Street SW., Room 2256, Washington, DC 20410, or
    (ii) In relation to appeals of initial denials, the HUD 
Departmental Privacy Appeals Officers, Office of General Counsel, 
Department of Housing and Urban Development, 451 Seventh Street SW., 
Washington, DC 20410.

RECORD SOURCE CATEGORIES:
    The source of information is from the individuals making a request 
for Privacy Act records, and components of the Department and other 
agencies that search for, and provide, records and related 
correspondence maintained in the case files.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
    Pursuant to 5 U.S.C. 552a(k)(2), records in this system, which 
reflect records that are contained in other systems of records that are 
designated as exempt, are exempt from the requirements of subsections 
(c)(3), (d), (e)(1), (e)(4)(G), (H), (I), and (f) of 5 U.S.C. 552a.

[FR Doc. 2014-18271 Filed 7-31-14; 8:45 am]
BILLING CODE 4210-67-P