[Federal Register Volume 79, Number 155 (Tuesday, August 12, 2014)]
[Notices]
[Pages 47138-47139]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2014-19071]



[[Page 47138]]

-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

[Notice-CIB-2014-03; Docket No. 2014-0002; Sequence No. 23]


Privacy Act of 1974; Notice of an Updated System of Records

AGENCY: General Services Administration (GSA).

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: GSA proposes to update a system of records subject to the 
Privacy Act of 1974, as amended, 5 U.S.C. 552a.

DATES: September 11, 2014.

ADDRESSES: GSA Privacy Act Officer (ISP), General Services 
Administration, 1800 F Street NW., Washington, DC 20405.

FOR FURTHER INFORMATION CONTACT: Call or email the GSA Privacy Act 
Officer: telephone 202-208-1317; email [email protected].

SUPPLEMENTARY INFORMATION: GSA proposes to update a system of records 
subject to the Privacy Act of 1974, 5 U.S.C. 552a.
    The updated system will allow the public and GSA Users to utilize 
the SalesForce application environment and the Google Apps platform 
used by the GSA.

    Dated: August 7, 2014.
James L. Atwater,
Director, Policy and Compliance Division, Office of the Chief 
Information Officer.
GSA/CIO-3

SYSTEM NAME:
    GSA's Enterprise Organization of Google Applications, Moderate 
Impact Software as a Service Cloud (SaaS) Minor Applications & GSA's 
EEO Org of Salesforce.com. This system is a compilation of GSA's Cloud 
based minor applications implemented across various vendors as well as 
GSA applications, all of which are part of the Enterprise Cloud 
Services (ECS) system.

SYSTEM LOCATION:
    Enterprise Cloud Services (ECS) is a singular component system 
managed by the Applied Solutions Division, a division of Office of the 
Chief Information Officer. The ECS system is housed in secure 
datacenters hosted by GSA in Kansas City (Region 6) and Fort Worth 
(Region 7) and the Stennis DataCenter in Hancock County, MS as well as 
Cloud components as part of GSA's implementation of Google Apps, 
Moderate Impact SaaS minor applications and GSA's EEO Org of 
Salesforce.com implemented by GSA with varying Cloud based Software as 
a Service (SaaS) vendors. In addition, some employees and contractors 
may download and store information from this system. Those copies are 
located within the employees' or contractors' offices or on encrypted 
workstations issued by GSA for individuals when they are out of the 
office.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The categories of individuals covered by this system are the public 
who access, or are granted access to, specific minor applications in 
either the Google Apps or Salesforce.com environment in GSA and 
individuals collectively referred to as ``GSA Users'', which are GSA 
employed individuals who require routine access to agency information 
technology systems, including federal employees, contractors, child 
care workers and other temporary workers with similar access 
requirements. The system does not apply to or contain occasional 
visitors or short-term guests not cleared for use under HSPD-12.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system contains information needed for the functionality of 
specific minor applications that are developed for either GSA's 
implementation of Google Apps or Salesforce.com. This system contains 
the following information:
    Public individuals defined under Categories of Individuals above/
employee/contractor/other worker's full name.
    Organization/office of assignment.
    Company/agency name.
    Work address.
    Work telephone number.
    Social Security Number.
    Personal physical home address.
    Personal home or mobile phone.
    Personal email addresses.
    Individual work related records.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301, 40 U.S.C. 11315, 44 U.S.C. 3506, E.O. 9397, as 
amended, and Homeland Security Presidential Directive 12 (HSPD-12).

PURPOSES:
    For the functionality and use of specific minor applications within 
GSA's implementation of Google Apps & Salesforce.com. Information may 
be collected to meet the business requirements of the application, 
site, group or instance. The new system will allow users to utilize the 
SalesForce application environment and the Google Apps platform used by 
the GSA.
    A listing of applications covered by this SORN can be found at: 
http://www.gsa.gov/portal/content/102236.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    a. To a Member of Congress or to a Congressional staff member in 
response to an inquiry of the Congressional office, made at the written 
request of the constituent about whom the record is maintained.
    b. To the National Archives and Records Administration (NARA) for 
records management purposes.
    c. To Agency contractors, grantees, consultants, or experts who 
have been engaged to assist the agency in the performance of a Federal 
duty to which the information is relevant.
    d. To a Federal, State, local, foreign, or tribal or other public 
authority, on request, in connection with the hiring or retention of an 
employee, the issuance or retention of a security clearance, the 
letting of a contract, or the issuance or retention of a license, 
grant, or other benefit, to the extent that the information is relevant 
and necessary to the requesting agency's decision.
    e. To the Office of Management and Budget (OMB) when necessary to 
the review of private relief legislation pursuant to OMB circular No. 
A-19.
    f. To designated Agency personnel for the purpose of performing an 
authorized audit or oversight evaluation.
    g. To the Office of Personnel Management (OPM), the Office of 
Management and Budget (OMB), the Government Accountability Office 
(GAO), or other Federal agencies when the information is required for 
program evaluation purposes.
    h. To appropriate agencies, entities, and persons when (1) the 
Agency suspects or has confirmed that the security or confidentiality 
of information in the system of records has been compromised; (2) the 
Agency has determined that as a result of the suspected or confirmed 
compromise there is a risk of harm to economic or property interests, 
identity theft or fraud, or harm to the security or integrity of this 
system or other systems or programs (whether maintained by GSA or 
another agency or entity) that rely upon the compromised information; 
(3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with GSA's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    i. In any criminal, civil or administrative legal proceeding, where 
pertinent, to which GSA, a GSA employee, or the United States or other 
entity of the United States Government

[[Page 47139]]

is a party before a court or administrative body.
    j. To an appeal, grievance, hearing, or complaints examiner; an 
equal employment opportunity investigator, arbitrator, or mediator; 
and/or an exclusive representative or other person authorized to 
investigate or settle a grievance, complaint, or appeal filed by an 
individual who is the subject of the record.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Computer records are stored on a secure server and accessed over 
the Web via encryption software. Paper records, when created, are kept 
in file folders and cabinets in secure rooms. When individuals download 
information it is kept on encrypted computers that are accessed using 
PIV credentials. It is their responsibility to protect the data, 
including compliance with HCO 2180.1, GSA Rules of Behavior for 
Handling Personally Identifiable Information (PII).

RETRIEVABILITY:
    Records are retrievable by a combination of first name and last 
name. Group records are retrieved by organizational code or other 
listed identifiers as configured in the application by the program 
office for their program requirements.

SAFEGUARDS:
    Cloud systems are authorized to operate separately by the GSA CIO 
at the moderate level. All GSA Users utilize two-factor authentication 
to access Google Apps and Salesforce.com. Access is limited to 
authorized individuals with passwords or keys. Computer records are 
protected by a password system that is compliant with National 
Institute of Standards and Technology standards. Paper records are 
stored in locked metal containers or in secured rooms when not in use. 
Information is released to authorized officials based on their need to 
know.

RETENTION AND DISPOSAL:
    Records are retained and disposed of according to GSA records 
maintenance and disposition schedules, GSA Records Maintenance and 
Disposition System (CIO P 1820.1), GSA 1820.2A, and requirements of the 
National Archives and Records Administration.

SYSTEM MANAGER AND ADDRESS:
    Director, Office of Enterprise Solutions, General Services 
Administration, 1800 F Street NW., Washington, DC 20405.

NOTIFICATION PROCEDURE:
    An individual can determine if this system contains a record 
pertaining to him/her by sending a request in writing, signed, to the 
System Manager at the above address. When requesting notification of or 
access to records covered by this notice, an individual should provide 
his/her full name, date of birth, region/office, and work location. An 
individual requesting notification of records in person must provide 
identity documents sufficient to satisfy the custodian of the records 
that the requester is entitled to access.

RECORD ACCESS PROCEDURES:
    Individuals wishing to access their own records should contact the 
system manager at the address above.

CONTESTING RECORD PROCEDURES:
    Rules for contesting the content of a record and appealing a 
decision are contained in 41 CFR 105-64.

RECORD SOURCE CATEGORIES:
    The sources for information in the system are the individuals about 
whom the records are maintained, the supervisors of those individuals, 
existing GSA systems, a sponsoring agency, a former sponsoring agency, 
other Federal agencies, contract employers, or former employers.

[FR Doc. 2014-19071 Filed 8-11-14; 8:45 am]
BILLING CODE 6820-14-P