[Federal Register Volume 87, Number 132 (Tuesday, July 12, 2022)]
[Notices]
[Pages 41275-41278]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-14842]
[[Page 41275]]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF AGRICULTURE
Foreign Agricultural Service
Privacy Act of 1974: New System of Records
AGENCY: Foreign Agricultural Service, USDA.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: The U.S. Department of Agriculture, Foreign Agricultural
Service, proposes a new system of records USDA/FAS-10, Foreign
Agricultural Service International Fellowship and Exchanges Database
System (FAS-IFEDS). This system is being developed for Global Programs
to store crucial fellowship information and to document the
relationship of a fellow with USDA. In accordance with the Privacy Act
of 1974, and Office of Management and Budget (OMB) Circular No. A-108,
the U.S. Department of Agriculture, Foreign Agricultural Service,
proposes a new system of records entitled ``Department of Agriculture,
Foreign Agricultural Service, International Fellowship and Exchanges
Database System''. This system is maintained by Global Programs and
centralizes data from all constituent groups across all fellowships, in
a single system.
DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is
effective upon publication, subject to a 30-day notice and comment
period in which to comment on the routine uses described in the routine
uses section of this system of records notice. Please submit your
comments by August 11, 2022.
ADDRESSES: You may submit comments by either of the following methods:
Federal eRulemaking Portal: Go to www.regulations.gov and
follow the directions in the instructions paragraph.
Mail: Please send one copy of your comment to USDA/FAS-10,
to Assistant Chief Information Officer, FAS, USDA 1400 Independence
Avenue SW, Mail Stop 1063, Washington, DC 20250-0002. Supporting
documents and any comments we receive on this docket may be viewed at
http://www.regulations.gov/.
Email: [email protected]. Include USDA/FAS-10 in the
subject line of the message.
Instructions: All submissions received must include the agency name
and docket number FAS 2021-0001 for this notice of proposed rulemaking
(``NPRM'' or ``proposed rule''). All properly completed comments
received will be posted without change to the Federal eRulemaking
portal, www.regulations.gov, including any personal information
provided.
FOR FURTHER INFORMATION CONTACT: Christopher Wood, Assistant Chief
Information Officer, FAS, USDA, [email protected], 202-369-
5946.
Docket: Access to the rulemaking docket associated with this
document can be obtained through the Federal eRulemaking Portal at
www.regulations.gov.
SUPPLEMENTARY INFORMATION: The Privacy Act of 1974, (5 U.S.C. 552a),
requires the Department to publish in the Federal Register this notice
of a new system of records maintained by the Department. The
Department's Regulations implementing the Privacy Act are contained in
the Code of Federal Regulations in 7 CFR 1, subpart G. USDA/Foreign
Agricultural Service system of records was last published in the
Federal Register in +FR FAS 9 (November 19, 2019). The Foreign
Agricultural Service International Fellowship and Exchanges Database
System (FAS-IFEDS) serves a Global Programs need under the authority of
Congress in Section 3306 of the Agriculture Improvement Act of 2018,
Public Law 115-334, amending Section 1473G of the National Agricultural
Research, Extension, and Teaching Policy Act of 1977, to leverage
alumni engagement. FAS is initiating the SORN to include, all fellows
and alumni, and all USDA Fellowship Programs.
The Foreign Agricultural Service International Fellowship and
Exchanges Database System (FAS-IFEDS) is primarily a personal database
and is used to collect information concerning fellows and alumni that
includes the personally-identifiable information (PII) related to
fellows and alumni, in addition to the information pertaining to the
institution, implementer, and fellowship. The FAS-IFEDS system collects
the following information (that may be considered PII): first name,
middle name, last name, gender, salutation, birth date, birth city,
citizenship country, country of residence, work phone, permanent home
address, work address, personal email, work email, emergency contact
information (US implementer), and emergency contact information (family
contact: name, relationship, home phone, cell phone, and email).
FAS will share information from the system in accordance with the
requirements of the Privacy Act. A full list of routine uses is
included in the routine uses section of the document published with
this notice.
A report on the new system of records, required by 5 U.S.C.
552a(r), as implemented by Office of Management and Budget Circular A-
108, was sent to the Chairman, Committee on Homeland Security and
Government Affairs, United States Senate; the Chairwoman, Committee on
Oversight and Reform, House of Representatives; and the Administrator,
Office of Information and Regulatory Affairs, Office of Management and
Budget.
Daniel Whitley,
Administrator,
Foreign Agricultural Service.
In accordance with 5 U.S.C. 552a(r), USDA has provided a report of
this system of records to the Office of Management and Budget and to
Congress.
SYSTEM NAME AND NUMBER:
USDA/FAS-10, USDA/FAS, Foreign Agricultural Service International
Fellowship and Exchanges Database System, (FAS-IFEDS). USDA/FAS-10 is
also referred to as the Foreign Agricultural Service International
Fellowship and Exchange Database System (FAS-IFEDS).
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The system owner is USDA/FAS, 1400 Independence Avenue SW, Mail
Stop 1063, Washington, DC 20250-0002. The electronic record system is
maintained on servers that are physically hosted in the Salesforce
Government Cloud. Salesforce is located at The Landmark @On Market
Street, Suite 300, San Francisco, California 94105. The physical
location and technical operation of the system is at the Salesforce
Government Cloud's Chicago (Elk Grove, IL) and Washington (Ashburn, VA)
data centers. The HubSpot application uses cloud storage and computes
services from Amazon Web Services (AWS) and Google Cloud Platform
(GCP). HubSpot's production infrastructure is centralized in AWS and
GCP cloud hosting facilities and is managed by the HubSpot engineering
team.
SYSTEM MANAGER(S):
Information Technology Project Manager, FAS, USDA, 1400
Independence Avenue SW, Mail Stop 1063, Washington DC 20250-0002, 202-
843-3857.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
7 U.S.C. 2.601
[[Page 41276]]
PURPOSE(S) OF THE SYSTEM:
The USDA Foreign Agricultural Service International Fellowship and
Exchange Database System (IFEDS) is a database used by the FAS'
Fellowship Programs Division to record relevant data pertaining to
individuals and organizations that have taken part in the various
programs and exchanges the division coordinates. As a system of record,
IFEDS will better enable Fellowship Programs staff by enabling accurate
and efficient data input as well as timely data retrieval. Records
contained withing IFEDS will be used to satisfy statistical inquiries,
communicate with Fellows and alumni, and associate multiple relevant
datapoints with each other. IFEDS will not be accessible to the public,
the data will be shared on a need-to-know basis with partners in other
agencies, universities, or other affiliated organizations.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Categories of individuals covered by this system include,
individuals who are referenced or identified in records created or
compiled as part of the process of documenting the USDA Fellowship
Programs including, but not limited to, fellows, fellowships,
institutions, implementors, or alumni. All individuals, even if they
are not users of the FAS-IFEDS, who are mentioned or referenced in any
documents entered into FAS-IFEDS by a user are also covered. This group
may include, but is not limited to, vendors, agents, and other business
personnel.
CATEGORIES OF RECORDS IN THE SYSTEM:
Categories of records in the system are created or compiled as part
of the process of documenting the USDA Fellowship Program. Such records
include: first name, middle name, last name, gender, salutation, birth
date, birth city, citizenship country, country of residence, work
phone, permanent home address, work address, personal email, work
email, emergency contract information (US implementer), and emergency
contact information (family contact: name, relationship, home phone,
cell phone, and email). This information is collected from the
applicant process that occurs prior to acceptance into the fellowship
program. Information is updated with fellows and alumni, after the
application process to reflect current information.
RECORD SOURCE CATEGORIES:
Information in this system of records is obtained from, but not
limited to, fellows, fellowships, institutions, implementors, or alumni
as well as other individuals or groups. This group may include, but is
not limited to, vendors, agents, and other business personnel.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, records contained in this system may be
disclosed outside of USDA as a routine use pursuant to 5 U.S.C.
552a(b)(3), to the extent that such uses are compatible with the
purposes for which the information was collected. Such permitted
routine uses include the following:
a. To the Department of Justice when: (a) USDA or any component
thereof; or (b) any employee of USDA in his or her official capacity,
or any employee of the agency in his or her official capacity where the
Department of Justice has agreed to represent the employee; or (c) the
United States Government, is a party to litigation or has an interest
in such litigation, and USDA determines that the records are both
relevant and necessary to the litigation and the use of such records by
the Department of Justice is deemed by USDA to be for a purpose that is
compatible with the purpose for which USDA collected the records.
b. To a congressional office in response to an inquiry from that
congressional office made at the written request of the individual
about whom the records pertains.
c. Disclosure may be made to the United States Civil Rights
Commission in response to its request for information, per 42 U.S.C.
1975a.
d. To the National Archives and Records Administration (NARA) or
other Federal government agencies pursuant to records management
activities being conducted under 44 U.S.C. 2904 and 2906.
e. To appropriate agencies, entities, and persons when (1) USDA
suspects or has confirmed that there has been a breach of the system of
records; (2) USDA has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, USDA
(including its information system, programs, and operations), the
Federal Government, or national security; and (3) the disclosure made
to such agencies, entities, and persons is reasonably necessary to
assist in connection with USDA's efforts to respond to the suspected or
confirmed compromise and to prevent, minimize, or remedy such harm.
f. To another Federal agency or Federal entity, when information
from this system of records is reasonably necessary to assist the
recipient agency or entity in (1) responding to a suspected or
confirmed breach or (2) preventing, minimizing, or remedying the risk
of harm to individuals, the recipient agency or entity (including its
information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
g. When a record on its face, or in conjunction with other records,
indicates a violation or potential violation of law, whether civil,
criminal, or regulatory in nature, and whether arising by general
statute or particular program statute, or by regulation, rule, or order
issued pursuant thereto, USDA may disclose the record to the
appropriate agency, whether Federal, foreign, State, local, tribal, or
other public authority responsible for enforcing, investigating, or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation, or order issued pursuant thereto, if
the information disclosed is relevant to any enforcement, regulatory,
investigative, or prosecutive responsibility of the receiving entity.
h. In an appropriate proceeding before a court, grand jury, or
administrative or adjudicative body or official, when the USDA or other
agency representing the USDA determines that the records are both
relevant and necessary to the proceeding; or in an appropriate
proceeding before an administrative or adjudicative body when the
adjudicator determines the records to be relevant to the proceeding.
i. To contractors and their agents, grantees, experts, consultants,
and other performing or working on a contract, service, grant,
cooperative agreement, or other assignment for the USDA, when necessary
to accomplish an agency function related to this system of records.
j. To the news media and the public, with the approval of the Chief
Privacy Officer, the Office of Communications and in consultation with
counsel, unless it is determined that release of the specific
information in the context of a particular case would constitute an
unwarranted invasion of personal privacy.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
FAS is responsible for maintaining the storage of FAS-IFEDS
records. Electronic records are stored within Salesforce Government
Cloud, who maintains the physical aspects of the
[[Page 41277]]
system and records storage. The physical location and technical
operation of the system is at the Salesforce Government Cloud's Chicago
(Elk Grove, IL) and Washington (Ashburn, VA) data centers. FAS requires
users to take specific measures to safeguard authenticators. FAS
manages authenticators by requiring individuals to take and have
devices implement authentication protection measures. All user roles
safeguard authenticators by not divulging or posting PIN data and
protecting authentication devices. Device authenticators use
safeguarding by restricting access to devices based on the principle of
least privilege and separation of duties. Use of control enhancement
prevents non-privileged users from executing privileged functions to
include disabling, circumventing, or altering implemented security
safeguards and countermeasures. Electronic storage is on and maintained
through a storage area network (SAN) at the Salesforce Government
Cloud. Records are maintained on storage arrays occurring through the
redundant SAN fabrics built using Cisco MDS 9513 switches. A
contingency plan is in place that maintains, full restoration without
deterioration of the security safeguards originally planned and
implemented. Use of an alternate storage maintains security safeguards
equivalent to the primary site. Salesforce uses IPsec to encrypt the
SAN replication between Production data centers. Storage arrays send
encrypted data between data centers using AES-256 via a FIPS 140-2
validated encryption module. The storage array includes high-speed
Fiber Channel disks with large caches. DataGuard servers protect
against data corruption of the records at the SAN layer. Maintenance
and use of user and admin roles protect against data corruption of the
records at the application layer.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Access to and use of FAS-IFEDS records are limited to individuals
with appropriate clearance or permission who need to know for the
performance of official duties. Users complete security awareness
training, covering procedures for handling sensitive information,
including personally identifiable information (PII). Annual refresher
training is mandatory. All USDA employees and contractors with
authorized access undergo thorough background security investigation.
FAS-IFEDS does not interface or connect directly with Salesforce
Government Cloud for personnel data. USDA personnel with user or
administrative role access may enter data into FAS-IFEDS, on a periodic
basis. USDA personnel with user or administrative role access may
search and retrieve records by (1) date of birth, (2) country, (3)
region, (4) institution, (5) subject matter expertise, (6) gender, (7)
fellowship, (8) program, (9) fellowship start date, (10) fellowship end
date, or (11) agricultural topic. An individual record search can occur
by name using the global search. Users are limited to conducting
searches electronically from within the FAS-IFEDS application. Search
results are displayed through the graphical user interface (GUI) and in
the form of reports. Salesforce Government Cloud is the retrieval
location of electronic records.
FAS-IFEDS access and authentication meets USDA policies and
practices for the retrievability of records including the use of
identification cards, network access, and electronic authentication
methods. FAS-IFEDS user access is role, responsibility, and privilege
based; centralized on a need to know. Documented in a user guide are
the policies and procedures of user access. User access is managed by
the FAS-IFEDS administrator.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and disposed of in accordance with National
Archives and Records Administration (NARA) General Record Schedule
(GRS) 2.3.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The administrative, technical, and physical safeguards implemented
for FCRMS meet the policy and control requirements set forth in system
security plan documentation and subject to monitoring consistent with
applicable laws, regulations, agency policies, procedures, and
practices. Access to and use of FAS-IFEDS records are limited to
individuals with appropriate clearances or permissions who need to know
the information for performance of official duties. Users complete
security awareness training, covering procedures for handling sensitive
information, including personally identifiable information (PII).
Annual refresher training is mandatory. All USDA employees and
contractors with authorized access undergo thorough background security
investigation. Personnel retain paper records, when applicable, in a
locked or secured office or office building that can only be accessed
by authorized FAS employees. Electronic records are stored within
Salesforce, who maintains the system. FAS requires users to take
specific measures to safeguard authenticators. Manages authenticators
by requiring individuals to take and have devices implement
authentication protection measures. All user roles safeguard
authenticators by not divulging or posting PIN data and protecting
authentication devices. Device authenticators use safeguarding by
restricting access to devices based on the principle of least privilege
and separation of duties. Use of control enhancement prevents non-
privileged users from executing privileged functions to include
disabling, circumventing, or altering implemented security safeguards
and countermeasures. Implements a contingency plan that maintains full
restoration without deterioration of the security safeguards originally
planned and implemented. Use of an alternate storage provides security
safeguards equivalent to the primary site. Enforcing physical access
authorizations at entry and exit points to the facility where the
system resides by verifying individual access; controlling ingress and
egress; maintaining physical access audit logs; controlling areas
designated as publicly accessible; escorting visitors and monitoring
visitor activity; securing keys, combinations, and other physical
access devices; conducting inventories, at least annually; and changing
combinations and keys, at least annually and, or when keys are lost,
combinations are compromised, or individuals are transferred or
terminated.
RECORD ACCESS PROCEDURES:
Individuals seeking notification of and access to any record
contained in this system of records, or seeking to contest its content,
may submit a request in writing to the Foreign Agricultural Service
FOIA/Privacy Act Officer, whose contact information can be found at
https://www.dm.usda.gov/foia/poc.htm. If an individual believes more
than one component maintains Privacy Act records concerning him or her,
the individual may submit the request to the Chief FOIA Officer,
Department of Agriculture, 1400 Independence Avenue SW, South Building
Room 4104, Washington, DC 20250-0706, email: [email protected].
The request should include a daytime phone number and email.
Provide as much information as possible about the subject matter of the
records you are requesting. This will help facilitate the search
process.
[[Page 41278]]
When seeking records about yourself from this FAS-IFEDS system of
records, or any other Department system of records, your request must
conform with the Privacy Act regulations set forth in 7 CFR 1.112
(Procedures for requests pertaining to individual records in a record
system.) You must submit a written request in accordance with the
instructions set forth in the system of records.
Provide your full name, date, name of system of records, and
either: (1) have your signature witnessed by a notary; or (2) include
the following statement immediately above the signature on your request
letter: ``I declare under penalty of perjury that the foregoing is true
and correct. Executed on [date].'' Requests that do not contain the
required declaration will be processed under the Freedom of Information
Act (FOIA) and, if records are found, you may not receive as much
information, including information about you. If additional information
is required to fulfill a Privacy Act request, you will be notified. If
you want records about yourself to be released to a third party (such
as an academic institution, foreign government entity, or other
organization requesting records on your behalf), the third party may
receive greater access if they have permission from you. You will need
a signed and dated statement that the Foreign Agricultural Service may
release records pertaining to you. Include your name; date of birth;
name of the person or organization to whom you want your records
disclosed (where applicable); their contact information; list of
records that may be released (all, emails, contact records, etc.). The
person about whom the records will be released should include a
statement indicating that they understand that knowingly or willingly
seeking records about another person under false pretenses and or
without their consent is punishable by a fine of up to $5,000.
When the request if for one of access, the request should include
the full name of the individual making the request, the name of the
system of records, a statement of whether the requester desires to make
a personal inspection of the records or to be supplied with copies by
mail or email. In accordance with 7 CFR 1.113, prior to inspection of
the records, the requester shall present sufficient identification
(e.g. driver's license, employee identification card, social security
card, credit cards) to establish that the requester is the individual
to whom the records pertain. No identification shall be required,
however, if the records are required by 5 U.S.C. 552 to be released. If
FAS determines to grant the requested access, fees may be charge in
accordance with Sec. 1.120 before making the necessary copies. In
place of a notarization, your signature may be submitted under 28
U.S.C. 1746, a law that permits statements to be made under penalty of
perjury as a substitute for notarization.
CONTESTING RECORDS PROCEDURES:
Individuals seeking to contest or amend records maintained in this
system of records must direct their request to the address indicated in
the ``RECORD ACCESS PROCEDURES'' paragraph, above and must follow the
procedures set forth in 7 CFR part 1, subpart G, 1.116 (Request for
correction or amendment to record). All request must state clearly and
concisely what records is being contested, the reasons for contesting
it, and the proposed amendment to the record. A determination whether a
record may be amended will be made within 10 days of its receipt.
NOTIFICATION PROCEDURES:
Individuals may be notified if a record in this system of records
pertains to them when the individuals request information utilizing the
same procedures as those identified in the ``RECORD ACCESS PROCEDURES''
paragraph, above.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None
[FR Doc. 2022-14842 Filed 7-11-22; 8:45 am]
BILLING CODE 3410-10-P