[Federal Register Volume 84, Number 170 (Tuesday, September 3, 2019)]
[Notices]
[Pages 45999-46002]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-18918]


=======================================================================
-----------------------------------------------------------------------

CORPORATION FOR NATIONAL AND COMMUNITY SERVICE


Privacy Act of 1974; System of Records

AGENCY: Corporation for National and Community Service.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Corporation 
for National and Community Service (CNCS) Office of General Counsel 
(OGC) proposes to modify and rename a current CNCS system of records, 
Legal Office Litigation/Correspondence Files--Corporation-13 to include 
substantive changes and modifications described in detail in the 
supplementary section.

DATES: You may submit comments until October 3, 2019. This System of 
Records Notice (SORN) will be effective October 3, 2019 unless CNCS 
receives any timely comments which would result in a contrary 
determination.

ADDRESSES: You may submit comments, identified by system name and 
number, to CNCS via any of the following methods:
    1. Electronically through regulations.gov.
    Once you access regulations.gov, locate the web page for this SORN 
by searching for CNCS-01-OGC-Office of General Counsel (OGC) Legal 
Files. If you upload any files, please make sure they include your 
first name, last name, and the name of the proposed SORN.
    2. By email at [email protected].
    3. By mail: Corporation for National and Community Service, Attn: 
Chief Privacy Officer, OIT, 250 E St. SW, Washington, DC 20525.
    4. By hand delivery or courier to CNCS at the address for mail 
between 9:00 a.m. and 4:00 p.m. Eastern Standard Time, Monday through 
Friday, except for Federal holidays.
    Please note that all submissions received may be posted without 
change to regulations.gov, including any personal information.

FOR FURTHER INFORMATION CONTACT: If you have general questions about 
the system of record, you can email them to [email protected] or mail them 
to the address in the ADDRESSES section above. Please include the 
system of record's name and number.

SUPPLEMENTARY INFORMATION: This notice serves to update and modify 
CNCS's SORN titled ``CORPORATION-13'' to incorporate changes to the 
system, include more details, and conform to SORN template requirements 
prescribed in Office of Management and Budget (OMB) Circular No. A-108. 
The substantive changes and modifications to the currently published 
version of CORPORATION-13 include:
    1. Renumbering and renaming the SORN as CNCS-01-OGC-Office of 
General Counsel (OGC) Legal Files.
    2. Stating that the records in the system are unclassified.
    3. Updating all addresses to reflect the system's new location.
    4. Specifying the authorities that permit maintenance of the 
system.
    5. Clarifying and expanding the system purpose to maintain files 
related to legal actions, legal reviews, transactions, and other OGC 
activities consistent with its statutory authorities.
    6. Expanding the categories of individuals, categories of records, 
and records source categories to match that broader purpose.
    7. Replacing the current set of routine uses with new and modified 
routine uses that are specific to the system. This includes routine 
uses to conform with OMB Memorandum M-17-12, Preparing for and 
Responding to a Breach of Personally Identifiable Information (Jan. 3, 
2017).
    8. Expanding and clarifying how records may be stored and 
retrieved.
    9. Revising the retention and disposal section to reflect updated 
guidance from the National Archives and Records Administration.
    10. Revising the safeguards section to reflect updated 
cybersecurity guidance and practices.
    11. Updating the record access, contesting record, and notification 
procedures to inform individuals that they may email an inquiry, 
establish a more efficient process, and clarify what individuals should 
include in an inquiry.
    12. Providing additional information about the exemptions 
promulgated for the system.
    CNCS determined that these changes are the most efficient, logical, 
taxpayer-friendly, and user-friendly method of complying with the 
publication requirements of the Privacy Act of 1974, as amended. The 
subject records reflect a common purpose, common functions, and common 
user community. This Notice of a Modified Systems of Records, as 
required by 5 U.S.C. 552a, also fully complies with all OMB policies.

SYSTEM NAME AND NUMBER:
    CNCS-01-OGC-Office of General Counsel (OGC) Legal Files.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Office of General Counsel, Corporation for National and Community 
Service, 250 E St. SW, Washington, DC 20525.

SYSTEM MANAGER(S):
    Law Office Manager, Office of General Counsel, Corporation for 
National and Community Service, 250 E St. SW, Washington, DC 20525.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    28 U.S.C. Chapter 171--Tort Claims Procedure, 31 U.S.C. Chapter 
37--Claims, 40 U.S.C. Subtitle I--Federal Property and Administrative 
Services, and 42 U.S.C. 12651c--Corporation for National and Community 
Service.

PURPOSE(S) OF THE SYSTEM:
    The Corporation for National and Community Service (CNCS) Office of 
General Counsel (OGC) uses the system to track, store, and manage the 
records it develops and acquires on matters that could or have led to 
investigations, mediation, or other legal actions before a judicial, 
administrative, or adjudicative body (collectively, ``legal action 
records''). OGC also uses the system to track, store, and manage the 
records it develops and acquires to complete legal reviews, provide 
legal opinions, oversee transactions, coordinate with other agencies, 
and perform other legal activities on behalf of CNCS (collectively, 
``legal advice and guidance records'').

[[Page 46000]]

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Categories of individuals covered by the system may include 
individuals who are or were involved in:
     Potential or actual legal actions with CNCS or referenced 
in the legal action. That may include parties to the legal action, 
mediators, arbiters, judges, other court personnel, witnesses, 
individuals with information that pertains to the legal action, CNCS 
employees, grantees, service members, and applicants.
     A transaction with CNCS, contract involving CNCS, or a 
CNCS program or matter that involves a legal or compliance review or 
other legal activity.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Legal action records may include, but are not limited to: 
Complaints, appeals documents, investigation reports, discovery 
documents, affidavits, declarations, witness statements, notes from 
interviews, correspondence within CNCS, documents and correspondence 
between the parties, the courts, or other individuals or entities 
involved in the legal action, court filings, mediations, personnel 
documents, grievance proceedings, and other internal working documents. 
The personal information in these documents may include, but are not 
limited to: names, dates of birth, addresses, telephone numbers, Social 
Security Numbers (SSNs), and salary information.
    Legal advice and guidance records may include, but are not limited 
to: Contracts, Internal reports, notes, legal memoranda, correspondence 
to and from CNCS employees, contractors, grantees, service members, and 
applicants, information regarding grantees, service members, and 
applicants, and other documents about CNCS' operations and services 
that have been reviewed by OGC. The personal information in these 
documents may include, but are not limited to: Names, SSNs, National 
Service Participant Identification (NSPID) Numbers, home addresses, 
phone numbers, email addresses, dates of birth, financial information, 
medical records, salary information, and personnel records.

RECORD SOURCE CATEGORIES:
    Records sources may include: individuals and entities involved in a 
legal action with CNCS and their authorized agents, individuals and 
entities with information relevant to a legal issue or action with CNCS 
and their authorized agents, CNCS employees, service members, grantees, 
applicants, information systems managed and controlled by CNCS and its 
contractors, information gathered from public sources, investigators, 
mediators, court records, grievance proceedings, contractors, and other 
Federal agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act of 1974, as amended, all or a portion of the 
records or information contained in the system may be disclosed to 
authorized entities, as is determined to be relevant and necessary, as 
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. To appropriate agencies, entities, and persons when:
    a. CNCS suspects or has confirmed that there has been a breach of 
the system of records;
    b. CNCS has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, CNCS 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and
    c. The disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with CNCS's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    2. To another Federal agency or Federal entity, when CNCS 
determines that information from the system of records is reasonably 
necessary to assist the recipient agency or entity in:
    a. Responding to a suspected or confirmed breach or
    b. Preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    3. To the National Archives and Records Administration (NARA) as 
needed to assist CNCS with records management, conduct inspections of 
CNCS's records management practices, and carry out other activities 
required by 44 U.S.C. 2904 and 2906.
    4. To NARA's Office of Government Information Services so that it 
may review agency compliance with the Freedom of Information Act of 
1967, as amended, (FOIA) provide mediation services to resolve FOIA 
disputes, and identify policies and procedures for improving FOIA 
compliance, and to the extent necessary to fulfill its responsibilities 
as required by 5 U.S.C. 552(h)(2)(A-B) and (3).
    5. To a Federal agency in connection with hiring or retaining an 
employee, vetting a service member in response to the issuance of a 
security clearance, conducting a background check for suitability or 
security investigation of an individual, classifying jobs, the letting 
of a contract, or the issuance of a license, contract, grant, or other 
benefit by the requesting agency, and to the extent that the 
information is relevant and necessary to the requesting agency's 
decision on the matter.
    6. To the Equal Employment Opportunity Commission when requested in 
connection with investigations into alleged or possible discrimination 
practices in the Federal sector, compliance by Federal agencies with 
the Uniform Guidelines on Employee Selection Procedures, or other 
functions vested in the Commission and to otherwise ensure compliance 
with the provisions of 5 U.S.C. 7201.
    7. To the Office of the President, a Member of Congress, or their 
personnel in response to a request made on behalf of, and at the 
request of, the individual who is the subject of the record. These 
advocates will receive the same records that individuals would have 
received if they filed their own request.
    8. To any official or designee charged with the responsibility to 
conduct qualitative assessments at a designated statistical agency and 
other well established and trusted public or private research 
organizations, academic institutions, or agencies for an evaluation, 
study, research, or other analytical or statistical purpose.
    9. To agency contractors, grantees, interns, and other authorized 
individuals engaged to assist the agency in the performance of a 
project, contract, service, grant, cooperative agreement, or other 
activity and require access to the records to accomplish an agency 
function, task, or assignment. Individuals provided information under 
this routine use are subject to the same Privacy Act requirements and 
limitations on disclosure as are applicable to CNCS employees.
    10. To the news media and the public, with the approval of the 
Chief Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information, when 
disclosure is necessary to preserve confidence in the integrity of 
CNCS, or when disclosure is necessary to demonstrate the accountability 
of CNCS' officers, employees, or individuals covered by the system, 
except to the extent the Chief Privacy Officer determines that

[[Page 46001]]

release of the specific information in the context of a particular case 
would constitute a clearly unwarranted invasion of personal privacy.
    11. To an appropriate Federal, State, local, tribal, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a statute, rule, regulation, or order, when a record, 
either on its face or in conjunction with other information, indicates 
a violation or potential violation of civil or criminal law or 
regulatory violations and such disclosure is proper and consistent with 
the official duties of the person making the disclosure.
    12. To consumer reporting agencies (as defined in the Fair Credit 
Reporting Act, 14 U.S.C. 1681a(f), or the Federal Claims Collection Act 
of 1966, 31 U.S.C. 3701(a)(3)), the U.S. Department of the Treasury, 
other Federal agencies maintaining debt servicing centers, and private 
collection contractors to collect a debt owed to the Federal Government 
as provided in regulations promulgated by CNCS.
    13. To a contractor, grantee, or other recipient of Federal funds 
indebted to the Federal Government through its receipt of Federal 
Government funds if release of the record would allow the debtor to 
collect from a third party.
    14. The names, SSNs, home addresses, dates of birth, dates of hire, 
quarterly earnings, employer identifying information, and state of hire 
of employees may be disclosed to the Office of Child Support 
Enforcement Federal Parent Locator Service and the Treasury Offset 
Program to locate individuals owing child support and identify their 
income sources, establish and modify orders of child support, and for 
other child support enforcement actions.
    15. To a contractor, grantee, or other recipient of Federal funds 
when the record to be released reflects serious inadequacies with the 
recipient's personnel, and disclosure of the record permits the 
recipient to effect corrective action in the Federal Government's best 
interests.
    16. To the Department of Justice (DOJ) when:
    a. The agency, or any component thereof;
    b. Any employee of the agency in his or her official capacity;
    c. Any employee of the agency in his or her individual capacity 
where DOJ has agreed to represent the employee; or
    d. The United States, where the agency determines that litigation 
is likely to affect the agency or any of its components is a party to 
litigation or has an interest in litigation, and the use of such 
records by the DOJ is deemed by the agency to be relevant and necessary 
to the litigation, provided, however, that in each case, the agency 
determines that disclosure of the records to the DOJ is a use of the 
information contained in the records that is compatible with the 
purpose for which the records were collected.
    17. To a court, administrative body, or adjudicative body before 
which the agency is authorized to appear, when:
    a. The agency, or any component thereof;
    b. Any employee of the agency in his or her official capacity;
    c. Any employee of the agency in his or her individual capacity 
where the agency has agreed to represent the employee; or
    d. The United States, where the agency determines that litigation 
is likely to affect the agency or any of its components, is a party to 
litigation or has an interest in litigation, and the use of such 
records by the DOJ is deemed by the agency to be relevant and necessary 
to the litigation, provided, however, that in each case, the agency 
determines that disclosure of the records to the DOJ is a use of the 
information contained in the records that is compatible with the 
purpose for which the records were collected.
    18. To a Federal or State agency, judicial body, administrative 
body, adjudicative body, another party or their representative to a 
legal matter, or witness when (a) the Federal Government is a party or 
potential party to a judicial, administrative, or adjudicative 
proceeding and (b) the record is both necessary and relevant or 
potentially relevant to that proceeding.
    19. To an arbiter, mediator, or another individual authorized to 
investigate or settle a grievance, complaint, or appeal filed by an 
individual who is the subject of, or party to, the record.
    20. To any agency, entity, or individual when necessary to acquire 
information relevant to an investigation.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Paper records are stored in locked rooms, file cabinets, and desks. 
Electronic records and backups are stored on secure servers and 
encrypted media to include, but are not limited to, the computers and 
network drives used by OGC attorneys.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records in the system may be retrieved by a variety of unique 
identifiers including case numbers, NSPID Numbers, names, CNCS email 
addresses, and SSNs.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    System records are retained and disposed according to CNCS records 
maintenance and disposition schedules and the legal records retention 
and disposal requirements of NARA. The records are retained for a 
minimum of five years and many records are retained indefinitely.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Paper records are maintained in locked rooms, file cabinets, and 
desks when not in use. Electronic records are maintained in accordance 
with National Institute of Standards and Technology Special Publication 
800-53 Rev. 4, Security and Privacy Controls for Federal Information 
Systems and Organizations or the updated equivalent. Access to the 
records is limited to authorized personnel who require the information 
to complete their assigned tasks and have been trained how to properly 
handle and safeguard the records.

RECORD ACCESS PROCEDURES:
    In accordance with 45 CFR part 2508--Implementation of the Privacy 
Act of 1974, as amended, individuals wishing to access their own 
records as stored within the system of records may contact the FOIA 
Officer/Privacy Act Officer by sending (1) an email to [email protected] or 
(2) a letter to the System Manager. Individuals may also go in-person 
to the System Location and ask to speak to the FOIA Officer/Privacy Act 
Officer within OGC. Individuals who make a request must include enough 
identifying information (i.e. full name, current address, date, and 
signature) to locate their records, indicate that they want to access 
their records, and be prepared to confirm their identity as required by 
45 CFR part 2508.

CONTESTING RECORD PROCEDURES:
    Individuals who wish to contest their own records as stored within 
the system of records may contact the FOIA Officer/Privacy Act Officer 
in writing via the contact information in the Record Access Procedures 
section. Individuals who make a request must include enough identifying 
information to locate their records, an explanation of why they think 
their records are incomplete or inaccurate, and be prepared to confirm 
their identity as required by 45 CFR part 2508.

[[Page 46002]]

NOTIFICATION PROCEDURES:
    Individuals who wish to contest their own records as stored within 
the system of records may contact the FOIA Officer/Privacy Act Officer 
via the contact information in the Record Access Procedures section. 
Individuals who make a request must include enough identifying 
information to locate their records, indicate that they want to be 
notified whether their records are included in the system, and be 
prepared to confirm their identity as required by 45 CFR part 2508.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    Pursuant to, and limited by, 5 U.S.C. 552a(d)(5) and 45 CFR 
2508.19, the system is exempted from the provisions of 5 U.S.C. 
552a(d)(5) and 45 CFR 2508.4 insofar as the system contains information 
compiled in reasonable anticipation of a civil action or proceeding.

HISTORY:
    64 FR 10879, 10889, March 5, 1999; 65 FR 46890, 46901, August 1, 
2000; 67 FR 4395, 4406, January 30, 2002.

    Dated: August 22, 2019.
Ndiogou Cisse,
Senior Agency Official for Privacy and Chief Information Officer.
[FR Doc. 2019-18918 Filed 8-30-19; 8:45 am]
 BILLING CODE 6050-28-P