[Federal Register Volume 88, Number 119 (Thursday, June 22, 2023)]
[Notices]
[Pages 40871-40873]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-13276]


=======================================================================
-----------------------------------------------------------------------

NATIONAL TRANSPORTATION SAFETY BOARD

[Docket No.: NTSB-2023-0004]


Privacy Act of 1974; System of Records

AGENCY: National Transportation Safety Board (NTSB).

ACTION: Notice of new system of records.

-----------------------------------------------------------------------

SUMMARY: The National Transportation Safety Board (NTSB) proposes 
adding a new system of records to its inventory of system of records: 
Data Analytics Records. Subject to the Privacy Act of 1974, the agency 
proposes this new system for individually identifying information 
gathered or created from existing systems of records maintained by the 
NTSB, other NTSB records, and other governmental sources supporting 
NTSB operations. The new system will be used, primarily through data 
analytics techniques, to improve processes by enhancing data-driven 
decision-making, analyzing mission costs, managing resources, and 
otherwise assisting the NTSB in the performance of its statutory and 
regulatory duties, or in participating in Federal agency audits or 
other studies.

DATES: This system is effective on June 22, 2023, with the exception of 
the routine uses which will be effective on July 24, 2023. Submit 
written comments by July 24, 2023.

ADDRESSES: You may send comments, identified by Docket Number (No.) 
NTSB-2023-0004, by any of the following methods:
     Federal e-Rulemaking Portal: https://www.regulations.gov.
     Email: [email protected].
     Fax: 202-314-6090.
     Mail/Hand Delivery/Courier: NTSB, Office of General 
Counsel, 490 L'Enfant Plaza East SW, Washington, DC 20594.
    Instructions: All submissions in response to this Notice must 
include Docket No. NTSB-2023-0004. All comments, including any personal 
information, received will be posted without change to https://www.regulations.gov.
    Docket: For access to the docket, including comments received, go 
to https://www.regulations.gov and search under Docket No. NTSB-2023-
0004.

FOR FURTHER INFORMATION CONTACT: Casey Blaine, Deputy General Counsel, 
(202) 314-6036, [email protected].

SUPPLEMENTARY INFORMATION: Under the Foundations for Evidence-Based 
Policymaking Act of 2018 and related guidance from the Office of 
Management and Budget (OMB), including OMB M-21-27, OMB M-19-23, OMB M-
20-12, and OMB Circular A-11, the NTSB proposes adding a new system of 
records to its inventory of system of records titled, ``Data Analytics 
Records.'' The agency proposes this new system for information from 
existing and future business data sources regarding prospective, 
current, and former NTSB employees to allow the agency to evaluate the 
data and reach decisions pertinent and necessary to effectively achieve 
mission, strategic, and operational outcomes using high-quality 
evidence.

SYSTEM NAME AND NUMBER:
    NTSB Data Analytics Records, NTSB-36.

SECURITY CLASSIFICATION:
    Controlled Unclassified Information (CUI).

SYSTEM LOCATION:
    Records are located in the NTSB's cloud system, managed by 
Microsoft, which is a Federal Risk and Authorization Management Program 
(FEDRAMP) product. The Microsoft System is hosted in the Microsoft 
AZURE Government Cloud, a Software as a Service (SaaS), platform as a 
service (PaaS), and infrastructure as a service (IaaS) product. The 
NTSB's Azure system is a collection of NTSB custom-built applications, 
commercial off-the-shelf systems (COTS) and internal databases used by 
the NTSB to manage enterprise business processes.

SYSTEM MANAGER:
    Office of the Chief Information Officer, National Transportation 
Safety Board, 490 L'Enfant Plaza East SW, Washington, DC 20594.

[[Page 40872]]

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Foundations for Evidence-Based Policymaking Act of 2018, Public Law 
115-435, 132 Stat. 5529 (2019); Federal Data Strategy (OMB, Memorandum 
19-18, 19-23); 5 U.S.C. 301; 44 U.S.C. 3101.

PURPOSE(S) OF THE SYSTEM:
    This system of records will permit the NTSB to engage in evidence-
based decision-making by integrating data from multiple sources and 
will contain information regarding prospective, current, and former 
NTSB employees, including but not limited to, time and attendance 
records, payroll records, performance and performance awards records, 
telework agreements, travel records and travel card data, purchase card 
records, training records, human resources records, cost accounting 
records, portfolio and project management records, and investigative 
case management records. The new system will be used, primarily through 
data analytics techniques, to improve agency processes, identify 
operational costs, manage resources, and otherwise assist the NTSB in 
the performance of its statutory and regulatory duties, or while 
participating or responding to requests during federal agency audits or 
other studies or inquiries. Further, this system will permit the NTSB 
to increase its effectiveness and efficiency in conducting its 
operations by merging data across various components into a centralized 
system.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Prospective, current, and former NTSB employees.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system contains materials regarding prospective, current, and 
former NTSB employees received, gathered, or created in connection with 
agency operations. Categories of records may include: name, title, pay 
series or grade, duty station, and NTSB office of prospective, current, 
and former NTSB employees; employee time and attendance records; 
employee payroll information; employee performance records and 
performance awards; employee telework records; employee travel records 
and travel card data; purchase card records; employee training records; 
human resources records; internal surveys; cost accounting records; 
portfolio and project management records; and NTSB investigative case 
management records.

RECORD SOURCE CATEGORIES:
    Existing sources of data, including but not limited to, time and 
attendance records, payroll records, performance award records, 
telework agreements, travel records and travel card data, purchase card 
records, training records, human resources records, employee surveys, 
cost accounting records, portfolio and project management records, and 
investigative case management records.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USES AND THE PURPOSES OF SUCH USES:
    In addition to the disclosures permitted under subsection (b) of 
the Privacy Act, the NTSB may disclose information contained in this 
system of records without the consent of the subject individual if the 
disclosure is compatible with the purpose for which the record was 
collected under the following routine uses:
    1. Disclosure to the Office of Personnel Management for personnel 
research purposes; as a data source for management information; for the 
production of summary descriptive statistics and analytical studies in 
support of the function for which the records are collected and 
maintained; or for related workforce studies;
    2. Disclosure to the Office of Personnel Management, Department of 
Labor, Merit Systems Protection Board, Office of the Special Counsel, 
Equal Employment Opportunity Commission, the Federal Labor Relations 
Authority (including the General Counsel of the Authority and the 
Federal Service Impasses Panel), the Federal Mediation and Conciliation 
Service, the Office of Government Ethics, and to an arbitrator, when 
that agency or office is properly engaged in investigation or 
settlement of an administrative grievance, complaint, claim, or appeal 
filed by an employee or former employee, or to obtain advice regarding 
statutory, regulatory, policy, or other requirements, but only to the 
extent that the information is relevant and necessary to the 
proceeding, in carrying out their functions;
    3. Disclosure to other Federal agencies that need the information 
for an audit or investigation of a civil, criminal, or regulatory 
violation or potential violation where a record, either on its face or 
in conjunction with other information, indicates a violation or 
potential violation of law;
    4. Where a contract between an NTSB office and a labor organization 
recognized under Executive Order No. 11,491 or 5 U.S.C. Chapter 71 
provides that the agency will disclose personal records relevant to the 
organization's mission, the NTSB may disclose records in this system of 
records to such organizations;
    5. Information may be disclosed to the National Archives and 
Records Administration (NARA) or General Services Administration for 
records management inspections conducted under 44 U.S.C. 2904 and 2906;
    6. Disclosure to a private entity with which the NTSB maintains a 
contractual relationship for the purposes of collating, analyzing, 
aggregating, or otherwise refining records in this system, where the 
private entity is subject to a non-disclosure agreement and understands 
that it must honor Privacy Act safeguards with respect to such records;
    7. In the event of litigation where the defendant is (a) the NTSB, 
any component of the NTSB, or any employee of the NTSB in his or her 
official capacity; (b) the United States, where the NTSB determines 
that the claim, if successful, is likely to directly affect the 
operations of the NTSB or any of its components; or (c) any NTSB 
employee in his or her individual capacity where the Department of 
Justice has agreed to represent such employee, the NTSB may disclose 
such records as it deems relevant and necessary to the Department of 
Justice or NTSB's outside counsel to enable the NTSB to present an 
effective defense, provided such disclosure is compatible with the 
purpose for which the records were collected;
    8. Information may be disclosed to a congressional office from the 
record of an individual in response to an inquiry from the 
congressional office made at the written request of the individual 
about whom the record is maintained. The NTSB will not make such a 
disclosure until the congressional office has furnished appropriate 
documentation of the individual's request, such as a copy of the 
individual's written request;
    9. To the Office of Government Information Services (OGIS), NARA to 
the extent necessary to fulfill its responsibilities in 5 U.S.C. 552(h) 
to review administrative policies, procedures, and compliance with the 
FOIA, and to facilitate OGIS' offering of mediation services to resolve 
disputes between persons making FOIA requests and administrative 
agencies;
    10. To appropriate agencies, entities, and persons when (1) the 
NTSB suspects or has confirmed that there has been a breach of the 
system of records, (2) the NTSB has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
the NTSB (including its information systems, programs, and operations), 
the Federal Government, or national security; and (3) the disclosure

[[Page 40873]]

made to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the NTSB's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm;
    11. To another Federal agency or Federal entity, when the NTSB 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The NTSB maintains the records in this system electronically in its 
enterprise databases. Data from disparate data sources will be brought 
into a secured and governed, cloud-based enterprise data analytics 
infrastructure to support data analysis.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    These records may be retrieved by employee identification number, 
title, or other personal identifier.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Data Analytics Records are maintained as described in the 
applicable agency records schedules being developed and subject to NARA 
approval.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The NTSB maintains electronic records within this system, which are 
stored on protected computer networks that are accessible by authorized 
users with Personal Identity Verification (PIV) cards and/or secure 
passwords. This system conforms to all applicable Federal laws and 
regulations, as well as NTSB policies and standards, as they relate to 
information security and data privacy. In this regard, the following 
laws and regulations may apply: the Privacy Act of 1974; the Federal 
Information Security Modernization Act of 2014; the Computer Fraud and 
Abuse Act of 1986; the E-Government Act of 2002; and corresponding 
regulations implementing these statutes.

RECORD ACCESS PROCEDURE:
    Same as ``Notification Procedure.''

CONTESTING RECORD PROCEDURE:
    Same as ``Notification Procedure.''

NOTIFICATION PROCEDURES:
    Individuals wishing to inquire about whether this system of records 
contains information about them may contact the Chief, Records 
Management Division, National Transportation Safety Board, 490 L'Enfant 
Plaza East SW, Washington, DC 20594.
    Individuals must comply with NTSB regulations regarding the Privacy 
Act, at 49 CFR part 802, and must furnish the following information for 
their records to be located and identified:
    1. Full name(s);
    2. Dates of employment, NTSB service, or application; and
    3. Signature.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

History:
    None.

Jennifer Homendy,
Chair.
[FR Doc. 2023-13276 Filed 6-21-23; 8:45 am]
BILLING CODE 7533-01-P