[Federal Register Volume 88, Number 49 (Tuesday, March 14, 2023)]
[Notices]
[Pages 15720-15722]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-05191]


=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

[Notice-ID-2023-03; Docket No. 2023-0002; Sequence No. 9]


Privacy Act of 1974; Notice of a Modified System of Records

AGENCY: Office of the Chief Information Officer, General Services 
Administration (GSA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: GSA proposes to modify a system of records subject to the 
Privacy Act of 1974. GSA is modifying the notice to update the system 
name to ``Office of the Chief Financial Officer's (OCFO) Imaging/
Workflow Solution''. It is a subsystem within the Ancillary Corporate 
Applications (ACA) at GSA. OCFO's Imaging/Workflow Solution allows 
users in the Payroll Services Branch, Accounts Payable and customer 
agencies to annotate metadata to scanned images, and search and view 
documents (i.e., invoices, payroll, property records, deeds, transfers) 
that have been scanned/stored.

DATES: Submit comments on or before April 13, 2023. The new and/or 
significantly modified routine uses will be applicable on April 13, 
2023.

ADDRESSES: Submit comments by any of the following methods:
     Regulations.gov: https://www.regulations.gov. Search for 
Notice-ID-2023-03, Rescindment of a System of Records Notice. Select 
the link ``Comment Now'' that corresponds with ``Notice-ID-2023-03, 
Rescindment of a System of Records Notice.'' Follow the instructions 
provided on the screen. Please include your name, company name (if 
any), and ``Notice-ID-2023-03, Rescindment of a System of Records 
Notice'' on your attached document.
     By email to the GSA Privacy Act Officer: 
[email protected].
     By mail to: Privacy Office (IDE), GSA, 1800 F Street NW, 
Washington, DC 20405.

FOR FURTHER INFORMATION CONTACT: Call or email Richard Speidel, the GSA 
Chief Privacy Officer (Office of the Deputy Chief Information Officer): 
telephone 202-969-5830; email [email protected].

SUPPLEMENTARY INFORMATION: GSA proposes to modify a system of records 
subject to the Privacy Act of 1974, 5 U.S.C. 552a. Office of the Chief 
Financial Officer's (OCFO) Imaging/Workflow Solution (previously named 
ImageNow), is the subsystem within the Ancillary Corporate Applications 
(ACA) at GSA. Please refer to the SORN link below: https://www.federalregister.gov/documents/2009/08/10/E9-19102/privacy-act-of-1974-notice-of-new-system-of-records.

SYSTEM NAME AND NUMBER:
    OCFO Imaging/Workflow Solution GSA/PPFM-12.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The system is maintained in Kansas City, MO, in the Financial 
Administrative Systems Division (BDT).

SYSTEM MANAGER:
    Director, Financial and Payroll Services Division, OCFO, GSA (BCE), 
1500 E Bannister Road, Kansas City, MO 66085.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. Part III, Subparts D and E, 26 U.S.C. Chapter 24 and 2501, 
and Executive Order 9397, and the Chief Financial Officers (CFO) Act of 
1990 (Pub. L. 101-576) as amended (Chapter 9 of Title 31 of the U.S. 
Code (2009)).

[[Page 15721]]

PURPOSES OF THE SYSTEM:
    The purpose of the system is to capture electronic images of 
financial documents, and store, retrieve, and process these images. It 
will maintain these images in order to support the day-to-day official 
operating needs of GSA's financial and payroll operations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system covers individuals with electronic facility access 
credentials including GSA employees, contractor employees, building 
occupants, interns, and volunteers.

CATEGORIES OF RECORDS IN THE SYSTEM:
    System records include information that identify vendors and/or 
employees by their names or other unique identifier in conjunction with 
other data elements such as gender, birth date, age, marital status, 
spouse and dependents, home email addresses, home addresses, home phone 
numbers, health records, Social Security Numbers, Employer 
Identification Numbers, payroll deductions, banking information, 
personal credit card information, and similar personally identifiable 
information.

RECORD SOURCE CATEGORIES:
    The source for the image data in the system originates from the 
individuals and vendors who submit the documents on their own behalf. 
In addition, documents may come from Federal Government Agencies that 
may include Privacy Act information.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    System users will be limited to those U.S. government employees 
that require this information to perform their assigned official 
responsibilities. All access will be reviewed and approved by the 
employee's supervisor, system owner and the information system security 
officer. Information from this system also may be disclosed as a 
routine use:
    a. In any legal proceeding, where pertinent, to which GSA is a 
party before a court or administrative body.
    b. To a Federal, State, local, or foreign agency responsible for 
investigating, prosecuting, enforcing, or carrying out a statute, rule, 
regulation, or order when GSA becomes aware of a violation or potential 
violation of civil or criminal law or regulation.
    c. To conduct investigations, by authorized officials, that are 
investigating or settling a grievance, complaint, or appeal filed by an 
individual who is the subject of the record.
    d. To the Office of Personnel Management (OPM), the Office of 
Management and Budget (OMB), and the Government Accountability Office 
(GAO) when the information is required for program evaluation purposes.
    e. To a Member of Congress or his or her staff on behalf of and at 
the request of the individual who is the subject of the record.
    f. To a federal agency in connection with the hiring or retention 
of an employee; the issuance of a security clearance; the reporting of 
an investigation; the letting of a contract; or the issuance of a 
grant, license, or other benefit to the extent that the information is 
relevant and necessary to a decision.
    g. To authorized officials of the agency that provided the 
information for inclusion in ACMIS.
    h. To an expert, consultant, or contractor of GSA in the 
performance of Start Printed Page 39962a Federal duty to which the 
information is relevant.
    i. To the National Archives and Records Administration (NARA) for 
records management purposes.
    j. To appropriate agencies, entities, and persons when (1) The 
Agency suspects or has confirmed that the security or confidentiality 
of information in the system of records has been compromised; (2) the 
Agency has determined that as a result of the suspected or confirmed 
compromise there is a risk of harm to economic or property interests, 
identity theft or fraud, or harm to the security or integrity of this 
system or other systems or programs (whether maintained by GSA or 
another agency or entity) that rely upon the compromised information; 
and (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with GSA's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS: STORAGE:
    All records are stored electronically in client-server computer 
format.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrievable with indexing values or other unique 
identifiers such as name or Social Security Number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    System records are retained and disposed of according to GSA 
records maintenance and disposition schedules and the requirements of 
the National Archives and Records Administration (General Records 
Schedule 2.3, item 20).

RETENTION AND DISPOSAL:
    Records created for input to other financial systems are 
intermediary records according to NARA's General Records Schedule 5.2 
item 020 and can be destroyed upon verification of successful creation 
of the final document or file, or when no longer needed for business 
use, whichever is later.
    Records managed by the system and accessed by other financial 
systems such as through an Application Programming Interface (API) are 
treated as financial records and their disposition is determined by the 
type of financial record and disposed according to the appropriate item 
in GRS schedule 1.1, Financial Management and Reporting Records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: Safeguards
    System records are safeguarded in accordance with the requirements 
of the Privacy Act, the Computer Security Act, and the System Security 
Plan. Technical, administrative, and personnel security measures are 
implemented to ensure confidentiality and integrity of the data. 
Security measures include password protections, assigned roles, and 
transaction tracking.

RECORD ACCESS PROCEDURES:
    Individuals wishing to access their own records may do so by 
sending a request to the program manager. Director, Financial and 
Payroll Services Division, OCFO, GSA (BCE), 1500 E Bannister Road, 
Kansas City, Missouri 66085.

CONTESTING RECORD PROCEDURES:
    GSA rules for access to records, and for contesting the contents 
and appealing initial determinations are provided in 41 CFR part 105-
64.

NOTIFICATION PROCEDURES:
    Individuals wishing to inquire if the system contains information 
about them should contact the program manager. Director, Financial and 
Payroll Services Division, OCFO, GSA (BCE), 1500 E Bannister Road, 
Kansas City, Missouri 66085.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    This notice modifies the Supplemental Information section of the 
system of records notice that is

[[Page 15722]]

published in full at 74 FR 39961, September 09, 2009.

Richard Speidel,
Chief Privacy Officer, Office of the Deputy Chief Information Officer, 
General Services Administration.
[FR Doc. 2023-05191 Filed 3-13-23; 8:45 am]
BILLING CODE 6820-34-P