[Federal Register Volume 87, Number 132 (Tuesday, July 12, 2022)]
[Notices]
[Pages 41275-41278]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-14842]



[[Page 41275]]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF AGRICULTURE

Foreign Agricultural Service


Privacy Act of 1974: New System of Records

AGENCY: Foreign Agricultural Service, USDA.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The U.S. Department of Agriculture, Foreign Agricultural 
Service, proposes a new system of records USDA/FAS-10, Foreign 
Agricultural Service International Fellowship and Exchanges Database 
System (FAS-IFEDS). This system is being developed for Global Programs 
to store crucial fellowship information and to document the 
relationship of a fellow with USDA. In accordance with the Privacy Act 
of 1974, and Office of Management and Budget (OMB) Circular No. A-108, 
the U.S. Department of Agriculture, Foreign Agricultural Service, 
proposes a new system of records entitled ``Department of Agriculture, 
Foreign Agricultural Service, International Fellowship and Exchanges 
Database System''. This system is maintained by Global Programs and 
centralizes data from all constituent groups across all fellowships, in 
a single system.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is 
effective upon publication, subject to a 30-day notice and comment 
period in which to comment on the routine uses described in the routine 
uses section of this system of records notice. Please submit your 
comments by August 11, 2022.

ADDRESSES: You may submit comments by either of the following methods:
     Federal eRulemaking Portal: Go to www.regulations.gov and 
follow the directions in the instructions paragraph.
     Mail: Please send one copy of your comment to USDA/FAS-10, 
to Assistant Chief Information Officer, FAS, USDA 1400 Independence 
Avenue SW, Mail Stop 1063, Washington, DC 20250-0002. Supporting 
documents and any comments we receive on this docket may be viewed at 
http://www.regulations.gov/.
     Email: [email protected]. Include USDA/FAS-10 in the 
subject line of the message.
    Instructions: All submissions received must include the agency name 
and docket number FAS 2021-0001 for this notice of proposed rulemaking 
(``NPRM'' or ``proposed rule''). All properly completed comments 
received will be posted without change to the Federal eRulemaking 
portal, www.regulations.gov, including any personal information 
provided.

FOR FURTHER INFORMATION CONTACT: Christopher Wood, Assistant Chief 
Information Officer, FAS, USDA, [email protected], 202-369-
5946.
    Docket: Access to the rulemaking docket associated with this 
document can be obtained through the Federal eRulemaking Portal at 
www.regulations.gov.

SUPPLEMENTARY INFORMATION: The Privacy Act of 1974, (5 U.S.C. 552a), 
requires the Department to publish in the Federal Register this notice 
of a new system of records maintained by the Department. The 
Department's Regulations implementing the Privacy Act are contained in 
the Code of Federal Regulations in 7 CFR 1, subpart G. USDA/Foreign 
Agricultural Service system of records was last published in the 
Federal Register in +FR FAS 9 (November 19, 2019). The Foreign 
Agricultural Service International Fellowship and Exchanges Database 
System (FAS-IFEDS) serves a Global Programs need under the authority of 
Congress in Section 3306 of the Agriculture Improvement Act of 2018, 
Public Law 115-334, amending Section 1473G of the National Agricultural 
Research, Extension, and Teaching Policy Act of 1977, to leverage 
alumni engagement. FAS is initiating the SORN to include, all fellows 
and alumni, and all USDA Fellowship Programs.
    The Foreign Agricultural Service International Fellowship and 
Exchanges Database System (FAS-IFEDS) is primarily a personal database 
and is used to collect information concerning fellows and alumni that 
includes the personally-identifiable information (PII) related to 
fellows and alumni, in addition to the information pertaining to the 
institution, implementer, and fellowship. The FAS-IFEDS system collects 
the following information (that may be considered PII): first name, 
middle name, last name, gender, salutation, birth date, birth city, 
citizenship country, country of residence, work phone, permanent home 
address, work address, personal email, work email, emergency contact 
information (US implementer), and emergency contact information (family 
contact: name, relationship, home phone, cell phone, and email).
    FAS will share information from the system in accordance with the 
requirements of the Privacy Act. A full list of routine uses is 
included in the routine uses section of the document published with 
this notice.
    A report on the new system of records, required by 5 U.S.C. 
552a(r), as implemented by Office of Management and Budget Circular A-
108, was sent to the Chairman, Committee on Homeland Security and 
Government Affairs, United States Senate; the Chairwoman, Committee on 
Oversight and Reform, House of Representatives; and the Administrator, 
Office of Information and Regulatory Affairs, Office of Management and 
Budget.

Daniel Whitley,
Administrator,
Foreign Agricultural Service.
    In accordance with 5 U.S.C. 552a(r), USDA has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.

SYSTEM NAME AND NUMBER:
    USDA/FAS-10, USDA/FAS, Foreign Agricultural Service International 
Fellowship and Exchanges Database System, (FAS-IFEDS). USDA/FAS-10 is 
also referred to as the Foreign Agricultural Service International 
Fellowship and Exchange Database System (FAS-IFEDS).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The system owner is USDA/FAS, 1400 Independence Avenue SW, Mail 
Stop 1063, Washington, DC 20250-0002. The electronic record system is 
maintained on servers that are physically hosted in the Salesforce 
Government Cloud. Salesforce is located at The Landmark @On Market 
Street, Suite 300, San Francisco, California 94105. The physical 
location and technical operation of the system is at the Salesforce 
Government Cloud's Chicago (Elk Grove, IL) and Washington (Ashburn, VA) 
data centers. The HubSpot application uses cloud storage and computes 
services from Amazon Web Services (AWS) and Google Cloud Platform 
(GCP). HubSpot's production infrastructure is centralized in AWS and 
GCP cloud hosting facilities and is managed by the HubSpot engineering 
team.

SYSTEM MANAGER(S):
    Information Technology Project Manager, FAS, USDA, 1400 
Independence Avenue SW, Mail Stop 1063, Washington DC 20250-0002, 202-
843-3857.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    7 U.S.C. 2.601

[[Page 41276]]

PURPOSE(S) OF THE SYSTEM:
    The USDA Foreign Agricultural Service International Fellowship and 
Exchange Database System (IFEDS) is a database used by the FAS' 
Fellowship Programs Division to record relevant data pertaining to 
individuals and organizations that have taken part in the various 
programs and exchanges the division coordinates. As a system of record, 
IFEDS will better enable Fellowship Programs staff by enabling accurate 
and efficient data input as well as timely data retrieval. Records 
contained withing IFEDS will be used to satisfy statistical inquiries, 
communicate with Fellows and alumni, and associate multiple relevant 
datapoints with each other. IFEDS will not be accessible to the public, 
the data will be shared on a need-to-know basis with partners in other 
agencies, universities, or other affiliated organizations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Categories of individuals covered by this system include, 
individuals who are referenced or identified in records created or 
compiled as part of the process of documenting the USDA Fellowship 
Programs including, but not limited to, fellows, fellowships, 
institutions, implementors, or alumni. All individuals, even if they 
are not users of the FAS-IFEDS, who are mentioned or referenced in any 
documents entered into FAS-IFEDS by a user are also covered. This group 
may include, but is not limited to, vendors, agents, and other business 
personnel.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Categories of records in the system are created or compiled as part 
of the process of documenting the USDA Fellowship Program. Such records 
include: first name, middle name, last name, gender, salutation, birth 
date, birth city, citizenship country, country of residence, work 
phone, permanent home address, work address, personal email, work 
email, emergency contract information (US implementer), and emergency 
contact information (family contact: name, relationship, home phone, 
cell phone, and email). This information is collected from the 
applicant process that occurs prior to acceptance into the fellowship 
program. Information is updated with fellows and alumni, after the 
application process to reflect current information.

RECORD SOURCE CATEGORIES:
    Information in this system of records is obtained from, but not 
limited to, fellows, fellowships, institutions, implementors, or alumni 
as well as other individuals or groups. This group may include, but is 
not limited to, vendors, agents, and other business personnel.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, records contained in this system may be 
disclosed outside of USDA as a routine use pursuant to 5 U.S.C. 
552a(b)(3), to the extent that such uses are compatible with the 
purposes for which the information was collected. Such permitted 
routine uses include the following:
    a. To the Department of Justice when: (a) USDA or any component 
thereof; or (b) any employee of USDA in his or her official capacity, 
or any employee of the agency in his or her official capacity where the 
Department of Justice has agreed to represent the employee; or (c) the 
United States Government, is a party to litigation or has an interest 
in such litigation, and USDA determines that the records are both 
relevant and necessary to the litigation and the use of such records by 
the Department of Justice is deemed by USDA to be for a purpose that is 
compatible with the purpose for which USDA collected the records.
    b. To a congressional office in response to an inquiry from that 
congressional office made at the written request of the individual 
about whom the records pertains.
    c. Disclosure may be made to the United States Civil Rights 
Commission in response to its request for information, per 42 U.S.C. 
1975a.
    d. To the National Archives and Records Administration (NARA) or 
other Federal government agencies pursuant to records management 
activities being conducted under 44 U.S.C. 2904 and 2906.
    e. To appropriate agencies, entities, and persons when (1) USDA 
suspects or has confirmed that there has been a breach of the system of 
records; (2) USDA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, USDA 
(including its information system, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with USDA's efforts to respond to the suspected or 
confirmed compromise and to prevent, minimize, or remedy such harm.
    f. To another Federal agency or Federal entity, when information 
from this system of records is reasonably necessary to assist the 
recipient agency or entity in (1) responding to a suspected or 
confirmed breach or (2) preventing, minimizing, or remedying the risk 
of harm to individuals, the recipient agency or entity (including its 
information systems, programs, and operations), the Federal Government, 
or national security, resulting from a suspected or confirmed breach.
    g. When a record on its face, or in conjunction with other records, 
indicates a violation or potential violation of law, whether civil, 
criminal, or regulatory in nature, and whether arising by general 
statute or particular program statute, or by regulation, rule, or order 
issued pursuant thereto, USDA may disclose the record to the 
appropriate agency, whether Federal, foreign, State, local, tribal, or 
other public authority responsible for enforcing, investigating, or 
prosecuting such violation or charged with enforcing or implementing 
the statute, or rule, regulation, or order issued pursuant thereto, if 
the information disclosed is relevant to any enforcement, regulatory, 
investigative, or prosecutive responsibility of the receiving entity.
    h. In an appropriate proceeding before a court, grand jury, or 
administrative or adjudicative body or official, when the USDA or other 
agency representing the USDA determines that the records are both 
relevant and necessary to the proceeding; or in an appropriate 
proceeding before an administrative or adjudicative body when the 
adjudicator determines the records to be relevant to the proceeding.
    i. To contractors and their agents, grantees, experts, consultants, 
and other performing or working on a contract, service, grant, 
cooperative agreement, or other assignment for the USDA, when necessary 
to accomplish an agency function related to this system of records.
    j. To the news media and the public, with the approval of the Chief 
Privacy Officer, the Office of Communications and in consultation with 
counsel, unless it is determined that release of the specific 
information in the context of a particular case would constitute an 
unwarranted invasion of personal privacy.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    FAS is responsible for maintaining the storage of FAS-IFEDS 
records. Electronic records are stored within Salesforce Government 
Cloud, who maintains the physical aspects of the

[[Page 41277]]

system and records storage. The physical location and technical 
operation of the system is at the Salesforce Government Cloud's Chicago 
(Elk Grove, IL) and Washington (Ashburn, VA) data centers. FAS requires 
users to take specific measures to safeguard authenticators. FAS 
manages authenticators by requiring individuals to take and have 
devices implement authentication protection measures. All user roles 
safeguard authenticators by not divulging or posting PIN data and 
protecting authentication devices. Device authenticators use 
safeguarding by restricting access to devices based on the principle of 
least privilege and separation of duties. Use of control enhancement 
prevents non-privileged users from executing privileged functions to 
include disabling, circumventing, or altering implemented security 
safeguards and countermeasures. Electronic storage is on and maintained 
through a storage area network (SAN) at the Salesforce Government 
Cloud. Records are maintained on storage arrays occurring through the 
redundant SAN fabrics built using Cisco MDS 9513 switches. A 
contingency plan is in place that maintains, full restoration without 
deterioration of the security safeguards originally planned and 
implemented. Use of an alternate storage maintains security safeguards 
equivalent to the primary site. Salesforce uses IPsec to encrypt the 
SAN replication between Production data centers. Storage arrays send 
encrypted data between data centers using AES-256 via a FIPS 140-2 
validated encryption module. The storage array includes high-speed 
Fiber Channel disks with large caches. DataGuard servers protect 
against data corruption of the records at the SAN layer. Maintenance 
and use of user and admin roles protect against data corruption of the 
records at the application layer.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Access to and use of FAS-IFEDS records are limited to individuals 
with appropriate clearance or permission who need to know for the 
performance of official duties. Users complete security awareness 
training, covering procedures for handling sensitive information, 
including personally identifiable information (PII). Annual refresher 
training is mandatory. All USDA employees and contractors with 
authorized access undergo thorough background security investigation. 
FAS-IFEDS does not interface or connect directly with Salesforce 
Government Cloud for personnel data. USDA personnel with user or 
administrative role access may enter data into FAS-IFEDS, on a periodic 
basis. USDA personnel with user or administrative role access may 
search and retrieve records by (1) date of birth, (2) country, (3) 
region, (4) institution, (5) subject matter expertise, (6) gender, (7) 
fellowship, (8) program, (9) fellowship start date, (10) fellowship end 
date, or (11) agricultural topic. An individual record search can occur 
by name using the global search. Users are limited to conducting 
searches electronically from within the FAS-IFEDS application. Search 
results are displayed through the graphical user interface (GUI) and in 
the form of reports. Salesforce Government Cloud is the retrieval 
location of electronic records.
    FAS-IFEDS access and authentication meets USDA policies and 
practices for the retrievability of records including the use of 
identification cards, network access, and electronic authentication 
methods. FAS-IFEDS user access is role, responsibility, and privilege 
based; centralized on a need to know. Documented in a user guide are 
the policies and procedures of user access. User access is managed by 
the FAS-IFEDS administrator.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained and disposed of in accordance with National 
Archives and Records Administration (NARA) General Record Schedule 
(GRS) 2.3.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The administrative, technical, and physical safeguards implemented 
for FCRMS meet the policy and control requirements set forth in system 
security plan documentation and subject to monitoring consistent with 
applicable laws, regulations, agency policies, procedures, and 
practices. Access to and use of FAS-IFEDS records are limited to 
individuals with appropriate clearances or permissions who need to know 
the information for performance of official duties. Users complete 
security awareness training, covering procedures for handling sensitive 
information, including personally identifiable information (PII). 
Annual refresher training is mandatory. All USDA employees and 
contractors with authorized access undergo thorough background security 
investigation. Personnel retain paper records, when applicable, in a 
locked or secured office or office building that can only be accessed 
by authorized FAS employees. Electronic records are stored within 
Salesforce, who maintains the system. FAS requires users to take 
specific measures to safeguard authenticators. Manages authenticators 
by requiring individuals to take and have devices implement 
authentication protection measures. All user roles safeguard 
authenticators by not divulging or posting PIN data and protecting 
authentication devices. Device authenticators use safeguarding by 
restricting access to devices based on the principle of least privilege 
and separation of duties. Use of control enhancement prevents non-
privileged users from executing privileged functions to include 
disabling, circumventing, or altering implemented security safeguards 
and countermeasures. Implements a contingency plan that maintains full 
restoration without deterioration of the security safeguards originally 
planned and implemented. Use of an alternate storage provides security 
safeguards equivalent to the primary site. Enforcing physical access 
authorizations at entry and exit points to the facility where the 
system resides by verifying individual access; controlling ingress and 
egress; maintaining physical access audit logs; controlling areas 
designated as publicly accessible; escorting visitors and monitoring 
visitor activity; securing keys, combinations, and other physical 
access devices; conducting inventories, at least annually; and changing 
combinations and keys, at least annually and, or when keys are lost, 
combinations are compromised, or individuals are transferred or 
terminated.

RECORD ACCESS PROCEDURES:
    Individuals seeking notification of and access to any record 
contained in this system of records, or seeking to contest its content, 
may submit a request in writing to the Foreign Agricultural Service 
FOIA/Privacy Act Officer, whose contact information can be found at 
https://www.dm.usda.gov/foia/poc.htm. If an individual believes more 
than one component maintains Privacy Act records concerning him or her, 
the individual may submit the request to the Chief FOIA Officer, 
Department of Agriculture, 1400 Independence Avenue SW, South Building 
Room 4104, Washington, DC 20250-0706, email: [email protected].
    The request should include a daytime phone number and email. 
Provide as much information as possible about the subject matter of the 
records you are requesting. This will help facilitate the search 
process.

[[Page 41278]]

    When seeking records about yourself from this FAS-IFEDS system of 
records, or any other Department system of records, your request must 
conform with the Privacy Act regulations set forth in 7 CFR 1.112 
(Procedures for requests pertaining to individual records in a record 
system.) You must submit a written request in accordance with the 
instructions set forth in the system of records.
    Provide your full name, date, name of system of records, and 
either: (1) have your signature witnessed by a notary; or (2) include 
the following statement immediately above the signature on your request 
letter: ``I declare under penalty of perjury that the foregoing is true 
and correct. Executed on [date].'' Requests that do not contain the 
required declaration will be processed under the Freedom of Information 
Act (FOIA) and, if records are found, you may not receive as much 
information, including information about you. If additional information 
is required to fulfill a Privacy Act request, you will be notified. If 
you want records about yourself to be released to a third party (such 
as an academic institution, foreign government entity, or other 
organization requesting records on your behalf), the third party may 
receive greater access if they have permission from you. You will need 
a signed and dated statement that the Foreign Agricultural Service may 
release records pertaining to you. Include your name; date of birth; 
name of the person or organization to whom you want your records 
disclosed (where applicable); their contact information; list of 
records that may be released (all, emails, contact records, etc.). The 
person about whom the records will be released should include a 
statement indicating that they understand that knowingly or willingly 
seeking records about another person under false pretenses and or 
without their consent is punishable by a fine of up to $5,000.
    When the request if for one of access, the request should include 
the full name of the individual making the request, the name of the 
system of records, a statement of whether the requester desires to make 
a personal inspection of the records or to be supplied with copies by 
mail or email. In accordance with 7 CFR 1.113, prior to inspection of 
the records, the requester shall present sufficient identification 
(e.g. driver's license, employee identification card, social security 
card, credit cards) to establish that the requester is the individual 
to whom the records pertain. No identification shall be required, 
however, if the records are required by 5 U.S.C. 552 to be released. If 
FAS determines to grant the requested access, fees may be charge in 
accordance with Sec.  1.120 before making the necessary copies. In 
place of a notarization, your signature may be submitted under 28 
U.S.C. 1746, a law that permits statements to be made under penalty of 
perjury as a substitute for notarization.

CONTESTING RECORDS PROCEDURES:
    Individuals seeking to contest or amend records maintained in this 
system of records must direct their request to the address indicated in 
the ``RECORD ACCESS PROCEDURES'' paragraph, above and must follow the 
procedures set forth in 7 CFR part 1, subpart G, 1.116 (Request for 
correction or amendment to record). All request must state clearly and 
concisely what records is being contested, the reasons for contesting 
it, and the proposed amendment to the record. A determination whether a 
record may be amended will be made within 10 days of its receipt.

NOTIFICATION PROCEDURES:
    Individuals may be notified if a record in this system of records 
pertains to them when the individuals request information utilizing the 
same procedures as those identified in the ``RECORD ACCESS PROCEDURES'' 
paragraph, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None

[FR Doc. 2022-14842 Filed 7-11-22; 8:45 am]
BILLING CODE 3410-10-P