[Federal Register Volume 88, Number 63 (Monday, April 3, 2023)]
[Notices]
[Pages 19631-19634]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-06871]


-----------------------------------------------------------------------

DEPARTMENT OF EDUCATION

[Docket ID ED-2023-OFO-0021]


Privacy Act of 1974; System of Records

AGENCY: Office of Security, Facilities and Logistics, Office of Finance 
and Operations, U.S. Department of Education.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended 
(Privacy Act), the U.S. Department of Education (Department) publishes 
this notice of a new system of records entitled ``Emergency 
Notification System (ENS)'' (18-03-06). The Emergency Notification 
System (ENS) provides a notification system for the Department's 
internal Continuity of Operations (COOP) and Pandemic plans, as well as 
day-to-day emergency management efforts. ENS provides real-time 
notifications to Department employees during an emergency event. ENS 
also gives Department employees the ability to access and modify their 
own personal information and preferences via a self-service portal, and 
system administrators the ability to generate reports to verify the 
status of the aforementioned emergency alerts.

DATES: Submit your comments on this new system of records notice on or 
before May 3, 2023.
    This new system of records notice will become applicable upon 
publication in the Federal Register on April 3, 2023, unless it needs 
to be changed as a result of public comment. The routine uses outlined 
in the section titled ``ROUTINE USES OF RECORDS MAINTAINED IN THE 
SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES'' will 
become effective on the expiration of the 30-day period of public 
comment on May 3, 2023, unless they need to be changed as a result of 
public comment. The Department will publish any significant changes to 
the system of records or routine uses resulting from public comment.

ADDRESSES: Comments must be submitted via the Federal eRulemaking 
Portal at www.regulations.gov. However, if you require an accommodation 
or cannot otherwise submit your comments via www.regulations.gov, 
please contact the program contact person listed under FOR FURTHER 
INFORMATION CONTACT. The Department will not accept comments submitted 
by fax or by email, or comments submitted after the comment period 
closes. To ensure that the Department does not receive duplicate 
copies, please submit your comments only once. In addition, please 
include the Docket ID at the top of your comments.
     Federal eRulemaking Portal: Go to www.regulations.gov to 
submit your comments electronically. Information on using 
www.regulations.gov, including instructions for accessing agency 
documents, submitting comments, and viewing the docket, is available on 
the site under the ``help'' tab.
    Privacy Note: The Department's policy is to make all comments 
received from members of the public available for public viewing in 
their entirety on the Federal eRulemaking Portal at 
www.regulations.gov. Therefore, commenters should be careful to include 
in their comments only information that they wish to make publicly 
available.
    Assistance to Individuals with Disabilities in Reviewing the 
Rulemaking Record: On request we will provide an appropriate 
accommodation or auxiliary aid to an individual with a disability who 
needs assistance to review the comments or other documents in the 
public rulemaking record for this notice. If you want to schedule an 
appointment for this type of accommodation or auxiliary aid, please 
contact the person listed under FOR FURTHER INFORMATION CONTACT.

FOR FURTHER INFORMATION CONTACT: Lisa Senecal, Information System 
Owner, Office of Security, Facilities and Logistics, Office of Finance 
and Operations, U.S. Department of Education, 400 Maryland Avenue SW, 
Room 224-50, Washington, DC 20202-6110. Telephone: (202) 205-8123. 
Email: [email protected].

SUPPLEMENTARY INFORMATION: 

Introduction

    In support of the Department's COOP, Devolution, Pandemic, and 
Reconstitution Plans, as well as day-to-day emergency management 
efforts, the ENS provides the Department an emergency alert tool to 
communicate, via real-time notifications, pertinent information to 
Department employees during emergencies (e.g., severe weather events). 
More specifically, the ENS sends a mass message to the email addresses 
and phone numbers associated with Department employees located in the 
emergency's area. Depending on the alert type, the system can also 
solicit a response from recipients to verify their status during an 
emergency. In addition, the system can generate reports regarding the

[[Page 19632]]

responses received, which system administrators can monitor in real 
time. System administrators can also generate reports on whom alerts 
were sent to and when these alerts were sent.
    ENS consists of two components: a desktop application accessed by 
all users and a browser-based web application accessed by system 
administrators. Once ENS is deployed, the desktop application will be 
installed on all Government Furnished Equipment (GFE) computers but 
will only be accessible to current Department employees.
    Accessible Format: On request to the program contact person listed 
under FOR FURTHER INFORMATION CONTACT, individuals with disabilities 
can obtain this document in an accessible format. The Department will 
provide the requestor with an accessible format that may include Rich 
Text Format (RTF) or text format (txt), a thumb drive, an MP3 file, 
braille, large print, audiotape, compact disc, or other accessible 
format.
    Electronic Access to This Document: The official version of this 
document is the document published in the Federal Register. You may 
access the official edition of the Federal Register and the Code of 
Federal Regulations at www.govinfo.gov. At this site you can view this 
document, as well as all other documents of this Department published 
in the Federal Register, in text or Portable Document Format (PDF). To 
use PDF, you must have Adobe Acrobat Reader, which is available free at 
the site.
    You may also access documents of the Department published in the 
Federal Register by using the article search feature at 
www.federalregister.gov. Specifically, through the advanced search 
feature at this site, you can limit your search to documents published 
by the Department.

Denise L. Carter,
Acting Assistant Secretary, Office of Finance and Operations.

    For the reasons discussed in the preamble, the Acting Assistant 
Secretary for the Office of Finance and Operations of the U.S. 
Department of Education (Department) publishes a notice of a new system 
of records to read as follows:

SYSTEM NAME AND NUMBER:
    Emergency Notification System (ENS) (18-03-06).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    U.S. Department of Education, Office of Security, Facilities and 
Logistics, Office of Finance and Operations, 400 Maryland Avenue SW, 
Washington, DC 20202-6110.
    BlackBerry, 2988 Campus Drive, Suite 200, San Mateo, CA 94403. 
Blackberry hosts the infrastructure that supports the ENS applications, 
as a Software-as-a-Service, including backend application processing 
and data hosting.

SYSTEM MANAGER(S):
    Lisa Senecal, Information System Owner, Office of Security, 
Facilities and Logistics, Office of Finance and Operations, U.S. 
Department of Education, 400 Maryland Avenue SW, Room 224-50, 
Washington, DC 20202-6110.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Presidential Policy Directive 40, National Continuity Policy (July 
15, 2016), Federal Continuity Directive 1, Federal Executive Branch 
National Continuity Program and Requirements (January 17, 2017), and 
Executive Order 13618 (July 6, 2012), as amended by Executive Order 
13961 (December 7, 2020).

PURPOSE(S) OF THE SYSTEM:
    The purposes of the ENS are to store and maintain emergency contact 
information for current Department employees:
    (1) To maintain and implement emergency plans, including Continuity 
of Operations and facility evacuation plans; and
    (2) To notify, locate, and mobilize individuals as necessary during 
emergency or other threatening situations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Current Department employees.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The categories of records in the system are comprised of the 
primary contact information for current Department employees, such as 
their first name, last name, business phone number, business email 
address, and business location, and, where provided by current 
Department employees on a voluntarily basis, their alternate contact 
information, such as their personal email address and personal phone 
number.

RECORD SOURCE CATEGORIES:
    Current Department employees, and the Department Active Directory 
System.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    The Department may disclose information contained in a record in 
this system of records under the routine uses listed in this system of 
records without the consent of the individual if the disclosure is 
compatible with the purposes for which the record was collected. The 
Department may make these disclosures on a case-by-case basis or, if 
the Department has complied with the computer matching requirements of 
the Privacy Act of 1974, as amended (Privacy Act) (5 U.S.C. 552a), 
under a computer matching agreement.
    (1) Congressional Member Disclosure. The Department may disclose 
the records of an individual to a member of Congress or the member's 
staff when necessary to respond to an inquiry from the member made at 
the written request of and on behalf of the individual. The member's 
right to the information is no greater than the right of the individual 
who requested it.
    (2) Enforcement Disclosure. In the event that information in this 
system of records indicates, either on its face or in connection with 
other information, a violation or potential violation of any applicable 
statute, regulation, or order of a competent authority, the Department 
may disclose the relevant records to the appropriate agency, whether 
Federal, State, Tribal, or local, charged with the responsibility of 
investigating or prosecuting that violation or charged with enforcing 
or implementing the statute, Executive Order, rule, regulation, or 
order issued pursuant thereto.
    (3) Litigation and Alternative Dispute Resolution (ADR) Disclosure.
    (a) Introduction. In the event that one of the following parties 
listed in sub-paragraphs (i) through (v) of this routine use is 
involved in judicial or administrative litigation or ADR, or has an 
interest in judicial or administrative litigation or ADR, the 
Department may disclose certain records from this system of records to 
the parties described in paragraphs (b), (c), and (d) of this routine 
use under the conditions specified in those paragraphs:
    (i) The Department or any of its components;
    (ii) Any Department employee in their official capacity;
    (iii) Any Department employee in their individual capacity where 
the U.S. Department of Justice (DOJ) has been requested to or has 
agreed to provide or arrange for representation of the employee;
    (iv) Any Department employee in their individual capacity when the

[[Page 19633]]

Department has agreed to represent the employee; and
    (v) The United States, where the Department determines that the 
litigation is likely to affect the Department or any of its components.
    (b) Disclosure to DOJ. If the Department determines that disclosure 
of certain records to DOJ is relevant and necessary to judicial or 
administrative litigation or ADR, the Department may disclose those 
records as a routine use to DOJ.
    (c) Adjudicative Disclosure. If the Department determines that it 
is relevant and necessary to judicial or administrative litigation or 
ADR to disclose certain records from this system of records to an 
adjudicative body before which the Department is authorized to appear 
or to a person or an entity designated by the Department or otherwise 
empowered to resolve or mediate disputes, the Department may disclose 
those records as a routine use to the adjudicative body, person, or 
entity.
    (d) Disclosure to Parties, Counsel, Representatives, and Witnesses. 
If the Department determines that disclosure of certain records to a 
party, counsel, representative, or witness is relevant and necessary to 
judicial or administrative litigation or ADR, the Department may 
disclose those records as a routine use to the party, counsel, 
representative, or witness.
    (4) Freedom of Information Act (FOIA) and Privacy Act Advice 
Disclosure. The Department may disclose records to DOJ or the Office of 
Management and Budget (OMB) if the Department concludes that disclosure 
is desirable or necessary in determining whether particular records are 
required to be disclosed under the FOIA or the Privacy Act.
    (5) Disclosure to DOJ. The Department may disclose records to DOJ 
to the extent necessary for obtaining DOJ advice on any matter relevant 
to an audit, inspection, or other inquiry related to the programs 
covered by this system.
    (6) Contract Disclosure. If the Department contracts with an entity 
to perform any function that requires disclosing records in this system 
to employees of the contractor, the Department may disclose the records 
to those employees. As part of such contract, the Department shall 
require the contractor to agree to establish and maintain safeguards to 
protect the security and confidentiality of the disclosed records.
    (7) Employee Grievance, Complaint, or Conduct Disclosure. If a 
record is relevant and necessary to a grievance, complaint, or 
disciplinary proceeding involving a present or former employee of the 
Department, the Department may disclose the record during 
investigation, fact-finding, or adjudication to any party to the 
grievance, complaint, or action; to the party's counsel or 
representative; to a witness; or to a designated factfinder, mediator, 
or other person designated to resolve issues or decide the matter.
    (8) Labor Organization Disclosure. The Department may disclose a 
record to an arbitrator to resolve disputes under a negotiated 
grievance procedure or to officials of a labor organization recognized 
under 5 U.S.C. chapter 71 when relevant and necessary to their duties 
of exclusive representation.
    (9) Employment, Benefit, and Contracting Disclosure.
    (a) For Decisions by the Department. The Department may disclose a 
record from this system of records to a Federal, State, Tribal, or 
local agency, or to another public agency or professional organization, 
maintaining civil, criminal, or other relevant enforcement or other 
pertinent records, if necessary to obtain information relevant to a 
Department decision concerning the hiring or retention of an employee 
or other personnel action, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit.
    (b) For Decisions by Other Public Agencies and Professional 
Organizations. The Department may disclose a record to a Federal, 
State, Tribal, local, or other public agency or professional 
organization, in connection with the hiring or retention of an employee 
or other personnel action, the issuance of a security clearance, the 
reporting of an investigation of an employee, the letting of a 
contract, or the issuance of a license, grant, or other benefit, to the 
extent that the record is relevant and necessary to the receiving 
entity's decision on the matter.
    (10) Disclosure in the Course of Responding to a Breach of Data. 
The Department may disclose records from this system of records to 
appropriate agencies, entities, and persons when (a) the Department 
suspects or has confirmed that there has been a breach of the system of 
records; (b) the Department has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
the Department (including its information systems, programs, and 
operations), the Federal government, or national security; and (c) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with the Department's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    (11) Disclosure in Assisting Another Agency in Responding to a 
Breach of Data. The Department may disclose records from this system of 
records to another Federal agency or Federal entity, when the 
Department determines that information from this system of records is 
reasonably necessary to assist the recipient agency or entity in (a) 
responding to a suspected or confirmed breach, or (b) preventing, 
minimizing, or remedying the risk of harm to individuals, the recipient 
agency or entity (including its information systems, programs, and 
operations), the Federal Government, or national security, resulting 
from a suspected or confirmed breach.
    (12) Disclosure to National Archives and Records Administration 
(NARA). The Department may disclose records from this system of records 
to NARA for the purpose of records management inspections conducted 
under authority of 44 U.S.C. 2904 and 2906.

POLICIES AND PRACTICES FOR STORAGE OR RECORDS:
    Records are stored on an encrypted system within a secured and 
controlled environment.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by an employee's name only for administrative 
purposes to include associating a Department employee to a specific 
region or building to receive tailored alerts for their geographic 
area.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The records in this system of records will be retained and disposed 
of in accordance with NARA General Records Schedule 5.3, Item 020.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    A vendor that is Federal Risk and Authorization Management Program 
(FedRAMP) certified hosts the ENS system outside the Department's 
network. The Department access and uses this system as a Software as a 
Service (SaaS) and requires the vendor to complete routine testing of 
its environment to ensure the confidentially, integrity, and 
availability of the information in the system and services provided. 
The Cloud Service Provider enforces security controls over the physical 
facility where the system is hosted in adherence with FedRAMP standards 
and provides continuous monitoring reports to the Department.

[[Page 19634]]

    The ENS system utilizes role-based authentication to ensure only 
authorized users can access information, and they can only access the 
information needed to perform their duties. Authentication to the 
system is permitted only over secure, encrypted connections.

RECORD ACCESS PROCEDURES:
    If you wish to request access to records regarding you in this 
system of records, contact the system manager at the address listed 
under SYSTEM MANAGER. You must provide necessary particulars such as 
your full name, address, and telephone number, and any other 
identifying information requested by the Department while processing 
the request to distinguish between individuals with the same name. Your 
request must meet the requirements of the Department's Privacy Act 
regulations in 34 CFR 5b.5, including proof of identity.

CONTESTING RECORD PROCEDURES:
    If you wish to contest the content of a record regarding you in 
this system of records, contact the system manager at the address 
listed under SYSTEM MANAGER. You must provide your full name, address, 
and telephone number, and any other identifying information requested 
by the Department to distinguish between individuals with the same 
name. Your request must also identify the particular record within the 
system that you wish to have changed, state whether you seek an 
addition to or a deletion or substitution of the record, and explain 
the reasons why you wish to have the record changed. Your request must 
meet the requirements of the Department's Privacy Act regulations in 34 
CFR 5b.7.

NOTIFICATION PROCEDURES:
    If you wish to determine whether a record exists regarding you in 
this system of records, contact the system manager at the address 
listed under SYSTEM MANAGER. You must provide your full name, address, 
and telephone number, and any other identifying information requested 
by the Department while processing the request to distinguish between 
individuals with the same name. Your request must meet the requirements 
of the Department's Privacy Act regulations in 34 CFR 5b.5, including 
proof of identity.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

[FR Doc. 2023-06871 Filed 3-31-23; 8:45 am]
BILLING CODE 4000-01-P