[Federal Register Volume 79, Number 244 (Friday, December 19, 2014)]
[Notices]
[Pages 75810-75811]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2014-29719]


=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

[Notice-CIB-2014-04; Docket No. 2014-0002; Sequence No. 37]


Privacy Act of 1974; Notice of Updated Systems of Records

AGENCY: General Services Administration.

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: The General Services Administration (GSA) reviewed its Privacy 
Act systems to ensure that they are relevant, necessary, accurate, up-
to-date, and covered by the appropriate legal or regulatory authority.

DATES: January 20, 2015.

ADDRESSES: GSA Privacy Act Officer (ISP), General Services 
Administration, 1800 F Street NW., Washington, DC 20405.

FOR FURTHER INFORMATION CONTACT: Call or email the GSA Privacy Act 
Officer telephone 202-208-1317; email [email protected].

SUPPLEMENTARY INFORMATION: GSA is creating a new system of record 
notice. This system collects the information required to control 
physical access to GSA-managed facilities and restricted areas within 
the facilities in all regions across the United States. Refer to the 
system notice regarding what information is collected and where it will 
be stored. Nothing in the notice will impact individuals' rights to 
access or amend their records in the systems of records.

    Dated: December 11, 2014.
James L. Atwater,
Director, Policy and Compliance Division, Office of the Chief 
Information Officer.
GSA/OMA-1

SYSTEM NAME:
    E-PACS

SYSTEM LOCATION:
    GSA Enterprise Service Center (ESC), 14426 Albemarle Point, Suite 
120, Chantilly, VA 20151; GSA Headquarters, 1800 F Street NW., 
Washington, DC 20405; and other Federal facilities with electronic 
identification card access controls (Enterprise Physical Access Control 
System, E-PACS).

CATEGORIES OF INDIVIDUALS IN THE SYSTEM:
    This system covers individual with electronic facility access 
credentials including GSA employees, contractor employees, building 
occupants, interns, and volunteers.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Photo, Full Cardholder Unique Identifier (CHUID), Public Key 
Infrastructure (PKI) Certificate--(X509), Card Authentication Key (CAK) 
Certificate, Full Name, Person Classification, Badge Expiration Date, 
Card State, User Principal Name (UPN), Federal Agency Smart Card Number 
(FASC-N), and Globally Unique Identifier (GUID).

AUTHORITIES FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301, 40 U.S.C. 582, 40 U.S.C. 585, 40 U.S.C. 3101, 40 
U.S.C. 11315, and HSPD-12.

PURPOSE:
    This system (E-PACS) collects the information required for and 
related to physical access to GSA-managed facilities and restricted 
areas within facilities in all regions across the United States.

ROUTINE USES OF THE SYSTEM RECORDS, INCLUDING CATEGORIES OF USERS AND 
THEIR PURPOSE FOR USING THE SYSTEM:
    System information may be accessed and used by authorized GSA 
employees and contractors to conduct official duties associated with 
Federal government building security and access responsibilities. 
Information from this system may be disclosed as a routine use:
    a. In any legal proceeding, where pertinent, to which GSA is a 
party before a court or administrative body.
    b. To a Federal, State, local, or foreign agency responsible for 
investigating, prosecuting, enforcing, or carrying out a statute, rule, 
regulation, or order when GSA becomes aware of a violation or potential 
violation of civil or criminal law or regulation.
    c. To duly authorized officials engaged in investigating or 
settling a grievance, complaint, or appeal filed by an individual who 
is the subject of the record.
    d. To the Office of Personnel Management (OPM), the Office of 
Management and Budget (OMB), the Government Accountability Office (GAO) 
or other Federal agency when the information is required for program 
evaluation purposes.
    e. To another Federal agency in connection with the hiring or 
retention of an employee; the issuance of a security clearance; the 
reporting of an investigation; clarifying a job; the letting of a 
contract; or the issuance of a grant, license, or other benefit to the 
extent that the information is relevant and necessary to a decision.
    f. To a Member of Congress or his or her staff on behalf of and at 
the request

[[Page 75811]]

of the individual who is the subject of the record.
    g. To an expert, consultant, or contractor of GSA in the 
performance of a Federal duty to which the information is relevant.
    h. To the National Archives and Records Administration (NARA) for 
records management purposes.
    i. To appropriate agencies, entities, and persons when (1) The 
Agency suspects or has confirmed that the security or confidentiality 
of information in the system of records has been compromised; (2) the 
Agency has determined that as a result of the suspected or confirmed 
compromise there is a risk of harm to economic or property interests, 
identity theft or fraud, or harm to the security or integrity of this 
system or other systems or programs (whether maintained by GSA or 
another agency or entity) that rely upon the compromised information; 
and (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with GSA's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    j. To the workspace and room scheduling system. When an individual 
swipes their card the information automatically checks them into 
previously reserved workspace. This is done as a convenience so the 
individual won't lose a seat assignment or conference room.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF SYSTEM RECORDS:
STORAGE:
    System records and documents are electronically stored on servers 
and/or compact discs.

RETRIEVABILITY:
    Records may be retrieved by name and/or other personal identifier 
or appropriate type of designation.

SAFEGUARDS:
    System records are safeguarded in accordance with the requirements 
of the Privacy Act, the Computer Security Act, and the System Security 
Plan. Technical, administrative, and personnel security measures are 
implemented to ensure confidentiality and integrity of the data. 
Security measures include password protections, assigned roles, and 
transaction tracking.

RETENTION AND DISPOSAL:
    Disposition of records will be according to the National Archives 
and Records Administration (NARA) guidelines, set forth in the GSA 
Records Maintenance and Disposition System (OAD P 1820.2A) handbook.

SYSTEM MANAGER AND ADDRESS:
    Office of Mission Assurance (OMA), Identity, Credential and Access 
Management, 1800 F Street, NW., Washington DC 20405.

NOTIFICATION PROCEDURES:
    Individuals may obtain information about their records from the E-
PACS Program Manager at the above address.

RECORD ACCESS PROCEDURES:
    Requests from individuals for access to their records should be 
addressed to the E-PACS Program Manager. GSA rules for individuals 
requesting access to their records are published in 41 CFR part 105-64.

CONTESTING RECORD PROCEDURES:
    Individuals may contest their records' contents and appeal 
determinations according to GSA rules published in 41 CFR part 105-64.

RECORD SOURCE CATEGORIES:
    Information is obtained from individuals who are receiving 
credentials to enter a federal facility and the Government 
credentialing authorities.

[FR Doc. 2014-29719 Filed 12-18-14; 8:45 am]
BILLING CODE 6820-20-P