[Federal Register Volume 88, Number 90 (Wednesday, May 10, 2023)]
[Notices]
[Pages 30169-30171]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-09931]


-----------------------------------------------------------------------

NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

[NOTICE: 23-043]


Privacy Act of 1974; System of Records

AGENCY: National Aeronautics and Space Administration (NASA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, the National Aeronautics and Space Administration (NASA) is 
providing public notice of modification to a previously announced 
system of records, Earth Observing System Data, and Information System 
(EOSDIS) User Information, NASA 10EUI. This notice incorporates 
locations and NASA Standard Routine Uses previously published 
separately from and cited by reference in this and other NASA systems 
of records notices. This notice also updates the name of the SORN; 
location and system manager information; records access, notification, 
and contesting procedures; categories of records and individuals; 
technical safeguards; and revises routine uses as set forth below under 
the caption SUPPLEMENTARY INFORMATION.

DATES: Submit comments within 30 calendar days from the date of this 
publication. The changes will take effect at the end of that period if 
no adverse comments are received.

ADDRESSES: Bill Edwards-Bodmer, Privacy Act Officer, Office of the 
Chief Information Officer, National Aeronautics and Space 
Administration Headquarters, Washington, DC 20546-0001, (757) 864-7998, 
[email protected].

FOR FURTHER INFORMATION CONTACT: NASA Privacy Act Officer, Bill 
Edwards-Bodmer, (757) 864-7998, [email protected].

SUPPLEMENTARY INFORMATION: The records in this system are used to 
establish user accounts that enable user notification of improved or 
altered data and services, as well as actual science data from the 
Earth Observing System Data and Information System (EOSDIS), most often 
via on-line mechanisms. This system notice includes minor revisions to 
NASA's existing system of records notice to bring its format into 
compliance with Office of Management and Budget (OMB) guidance and to 
update records access, notification, and contesting procedures 
consistent with NASA Privacy Act regulations. The SORN name is updated 
to align with NASA SORN naming conventions. It also includes the 
following substantial revisions: adds one new location to the System 
Location section, removes previous locations which are no longer in use 
and the corresponding subsystem managers from the System Manager 
section; adds data elements to the Categories of Records in the System; 
clarifies the Record Access, Contesting Record, and Notification 
Procedures; and updates the Technical Safeguards to reflect the use of 
cloud storage. It also incorporates information formerly published 
separately in the Federal Register as appendix A, Location Numbers and 
Mailing Addresses of NASA Installations at which Records are Located, 
and appendix B, Standard Routine Uses--NASA.

William Edwards-Bodmer,
NASA Privacy Act Officer.

SYSTEM NAME AND NUMBER:
    Earth Observing System Data and Information System (EOSDIS) User 
Information, NASA 10EUI.

SECURITY CLASSIFICATION:
    None.

SYSTEM LOCATION:
    Electronic records are maintained on secure NASA and NASA partner 
servers at:
     Goddard Space Flight Center (NASA), Greenbelt, MD 20771-
0001. Electronic records will also be kept on NASA CIO-approved, 
commercial cloud resources provided by and located at:
     Amazon Web Services AWS-West, 410 Terry Avenue N, Seattle, 
WA 98109.

SYSTEM MANAGER(S):
    System Manager: 423/Deputy Project Manager for Operations, ESDIS 
Project, Goddard Space Flight Center (NASA), Greenbelt, MD 20771-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    51 U.S.C. 20113(a).

PURPOSE(S) OF THE SYSTEM:
    These records are used to establish user accounts that enable user 
notification of improved or altered data and services, as well as 
actual science data from EOSDIS, most often via on-line mechanisms.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals from the (1) NASA, university, and research communities 
who request satellite data or other data products from any of the 
EOSDIS DAACs indicated above; (2) members of the general public who 
request satellite data or other data products from any of the EOSDIS 
DAACs indicated above; or (3) individuals who register to save their 
data search parameters for reuse in the future.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in this system consist of information obtained from 
individual users to establish user accounts that enable user 
notification of improved or altered data and services, as well as 
actual science data from EOSDIS, most often via on-line mechanisms. 
Records include an individual's name, email address, organizational 
affiliation, study area, phone number, and country of residence.

RECORD SOURCE CATEGORIES:
    The information is received directly from users needing to obtain 
or access NASA's Earth science data products.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSE OF SUCH USES:
    Any disclosures of information will be compatible with the purpose 
for which the Agency collected the information. The records and 
information in these records may be disclosed:
    1. To government contractors conducting OMB-approved annual user 
satisfaction surveys collecting user feedback for aggregating reports 
to OMB

[[Page 30170]]

and enabling NASA to improve its systems, processes, and services to 
the user community.
    2. To the European Space Agency (ESA) in order to achieve ESA 
member nation awareness of the breadth of their scientific data use 
(including ESA scientific data hosted by NASA).
    In addition, information may be disclosed under the following NASA 
Standard Routine Uses.
    1. Law Enforcement--When a record on its face, or in conjunction 
with other information, indicates a violation or potential violation of 
law, whether civil, criminal or regulatory in nature, and whether 
arising by general statute or particular program statute, or by 
regulation, rule, or order, disclosure may be made to the appropriate 
agency, whether Federal, foreign, State, local, or tribal, or other 
public authority responsible for enforcing, investigating or 
prosecuting such violation or charged with enforcing or implementing 
the statute, or rule, regulation, or order, if NASA determines by 
careful review that the records or information are both relevant and 
necessary to any enforcement, regulatory, investigative or prosecutive 
responsibility of the receiving entity.
    2. Certain Disclosures to Other Agencies--A record from this SOR 
may be disclosed to a Federal, State, or local agency maintaining 
civil, criminal, or other relevant enforcement information or other 
pertinent information, such as current licenses, if necessary, to 
obtain information relevant to a NASA decision concerning the hiring or 
retention of an employee, the issuance of a security clearance, the 
letting of a contract, or the issuance of a license, grant, or other 
benefit.
    3. Certain Disclosures to Other Federal Agencies--A record from 
this SOR may be disclosed to a Federal agency, in response to its 
request, for a matter concerning the hiring or retention of an 
employee, the issuance of a security clearance, the reporting of an 
investigation of an employee, the letting of a contract, or the 
issuance of a license, grant, or other benefit by the requesting 
agency, to the extent that the information is relevant and necessary to 
the requesting agency's decision on the matter.
    4. Department of Justice--A record from this SOR may be disclosed 
to the Department of Justice when (a) NASA, or any component thereof; 
or (b) any employee of NASA in his or her official capacity; or (c) any 
employee of NASA in his or her individual capacity where the Department 
of Justice has agreed to represent the employee; or (d) the United 
States, where NASA determines that litigation is likely to affect NASA 
or any of its components, is a party to litigation or has an interest 
in such litigation, and by careful review, the use of such records by 
the Department of Justice is deemed by NASA to be relevant and 
necessary to the litigation.
    5. Courts--A record from this SOR may be disclosed in an 
appropriate proceeding before a court, grand jury, or administrative or 
adjudicative body, when NASA determines that the records are relevant 
and necessary to the proceeding; or in an appropriate proceeding before 
an administrative or adjudicative body when the adjudicator determines 
the records to be relevant and necessary to the proceeding.
    6. Response to an Actual or Suspected Compromise or Breach of 
Personally Identifiable Information--A record from this SOR may be 
disclosed to appropriate agencies, entities, and persons when (1) NASA 
suspects or has confirmed that there has been a breach of the system of 
records; (2) NASA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, NASA 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with NASA's efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm.
    7. Contractors--A record from this SOR may be disclosed to 
contractors, grantees, experts, consultants, students, volunteers, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal Government, when 
necessary to accomplish a NASA function related to this SOR. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as are 
applicable to NASA employees.
    8. Members of Congress--A record from this SOR may be disclosed to 
a Member of Congress or to a Congressional staff member in response to 
an inquiry of the Congressional office made at the written request of 
the constituent about whom the record is maintained.
    9. Disclosures to Other Federal Agencies in Response to an Actual 
or Suspected Compromise or Breach of Personally Identifiable 
Information--A record from this SOR may be disclosed to another Federal 
agency or Federal entity, when NASA determines that information from 
this system of records is reasonably necessary to assist the recipient 
agency or entity in (1) responding to a suspected or confirmed breach 
or (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    10. National Archives and Records Administration--A record from 
this SOR may be disclosed as a routine use to the officers and 
employees of the National Archives and Records Administration (NARA) 
pursuant to records management inspections being conducted under the 
authority of 44 U.S.C. 2904 and 2906.
    11. Audit--A record from this SOR may be disclosed to another 
agency, or organization for purpose of performing audit or oversight 
operations as authorized by law, but only such information as is 
necessary and relevant to such audit or oversight function.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are stored electronically on secure servers.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    User account records are typically indexed and retrieved by user's 
name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The Earth Science Data and Information System (ESDIS) Project has a 
plan under configuration control according to which the original data 
are deleted in accordance with NASA Records Retention Schedule (NRRS) 
2, Item 15A.3. The ESDIS Project and DAACs reauthorize specific users' 
information on an approved basis and user information is deleted when 
no longer needed in accordance with NRRS 2, Item 19A. Mailing lists 
containing user information are maintained in order to permit 
distribution of newsletters to users and are disposed of according to 
the NRRS 1, Item 88.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Electronic records are maintained on secure NASA servers and 
protected in accordance with all Federal standards and those 
established in NASA regulations at 14 CFR 1212.605. Approved security 
plans for each of the DAACs at NASA and contractor facilities have been 
established in accordance with the Federal Information Security 
Management Act of 2002 (FISMA) and OMB Circular A-

[[Page 30171]]

130, Management of Federal Information Resources. The aggregation of 
these plans constitutes the security plan for EOSDIS. Authorized 
individuals will have access to the system only in accordance with 
approved authentication methods. With the exception of the records of 
ESA scientific data users' information posted in accordance with 
Routine Use (2) above, all user information is protected according to 
NASA guidelines for managing sensitive information. The NASA SEWP-V 
Four Points Technology and Amazon Web Services maintain documentation 
and verification of commensurate safeguards in accordance with FISMA, 
NASA Procedural Requirements (NPR) 2810.1A, and NASA ITS-HBK-2810.02-
05.

RECORD ACCESS PROCEDURES:
    In accordance with 14 CFR part 1212, Privacy Act--NASA Regulations, 
information may be obtained by contacting in person or in writing the 
system or subsystem manager listed above at the location where the 
records are created and/or maintained. Requests must contain the 
identifying data concerning the requester, e.g., first, middle and last 
name; date of birth; description and time periods of the records 
desired. NASA Regulations also address contesting contents and 
appealing initial determinations regarding records access.

CONTESTING RECORD PROCEDURES:
    In accordance with 14 CFR part 1212, Privacy Act--NASA Regulations, 
information may be obtained by contacting in person or in writing the 
system or subsystem manager listed above at the location where the 
records are created and/or maintained. Requests must contain the 
identifying data concerning the requester, e.g., first, middle and last 
name; date of birth; description and time periods of the records 
desired. NASA Regulations also address contesting contents and 
appealing initial determinations regarding records access.

NOTIFICATION PROCEDURES:
    In accordance with 14 CFR part 1212, Privacy Act--NASA Regulations, 
information may be obtained by contacting in person or in writing the 
system or subsystem manager listed above at the location where the 
records are created and/or maintained. Requests must contain the 
identifying data concerning the requester, e.g., first, middle and last 
name; date of birth; description and time periods of the records 
desired. NASA Regulations also address contesting contents and 
appealing initial determinations regarding records access.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    (15-116, 80 FR 79949, pp. 79949-79950).
    (12-100, 77 FR 69898, pp. 69898-69899).
    (07-080, 72 FR 56388, pp. 56388-56391).

[FR Doc. 2023-09931 Filed 5-9-23; 8:45 am]
BILLING CODE 7510-13-P