[Federal Register Volume 88, Number 139 (Friday, July 21, 2023)]
[Notices]
[Pages 47139-47141]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-15460]


=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

[Notice-ID-2023-09; Docket No. 2023-0002; Sequence No. 16]


Privacy Act of 1974; System of Records

AGENCY: Office of the Chief Privacy Officer, General Services 
Administration (GSA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: GSA proposes to modify a system of records subject to the 
Privacy Act of 1974, as amended. GSA is updating the outdated following 
systems: Policies and Practices for Storage of Records, Policies and 
Practices for Retrieval of records, and documented the Policies and 
Practice for Retention and Disposal of records.

DATES: Submit comments on or before August 21, 2023. The new and/or 
significantly modified routine uses will be applicable on August 21, 
2023.

ADDRESSES: Submit comments identified by ``Notice-ID-2023-09, Modify 
System of Records'' via http://www.regulations.gov. Search 
regulations.gov for Notice-ID-2023-09, Modified System of Records 
Notice. Select the link ``Comment'' that corresponds with ``Notice-ID-
2023-09, Modified System of Records Notice.'' Follow the instructions 
provided on the screen. Please include your name, company name (if 
any), and ``Notice-ID-2023-09, Modified System of Records Notice'' on 
your attached document. If your comment cannot be submitted using 
regulations.gov, call or email the points of contact in the FOR FURTHER 
INFORMATION CONTACT section of this document for alternate 
instructions.

FOR FURTHER INFORMATION CONTACT: Call or email Richard Speidel, the GSA 
Chief Privacy Officer (Office of the Deputy Chief Information Officer): 
telephone 202-969-5830; email [email protected].

SUPPLEMENTARY INFORMATION: GSA proposes to modify a system of records 
subject to the Privacy Act of 1974, 5 U.S.C. 552a. This notice is 
regarding the Agency's update to Policies and Practices for Storage of 
Records, Policies and Practices for Retrieval of records, and 
documented the Policies and Practice for Retention and Disposal of 
records because they are outdated.

SYSTEM NAME AND NUMBER:
    Employee-related files, GSA/Agency-1.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    GSA owns the system. The system of records may be located at the 
supervisory or administrative office level at all GSA facilities and at 
commissions, committees, and small agencies serviced by GSA.

SYSTEM MANAGER(S):
    Director, Office of Human Resources Management (OHRM), GSA, 1800 F 
Street NW, Washington, DC 20405. Email at [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Authority for the system comes from the Federal Property and 
Administrative Services Act of 1949 (63 Stat. 377); title 5 U.S.C. and 
title 31 U.S.C., generally; and Executive Order (E.O.) 12953, February 
27, 1995.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to maintain personnel record system 
covering employees and uncompensated workers. The system is used to 
initiate personnel actions, schedule training, counsel employees on 
their performance, propose disciplinary action, and manage personnel in 
general.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The individuals covered are as follows;

     Present and Former Employees of GSA and of Commissions
     Committees
     Small Agencies Serviced by GSA
     Applicants or Potential Applicants for Positions in GSA, 
Persons Employed by Other Agencies for Employee Relief Bills
     Volunteer Workers
     Uncompensated Workers

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system records contain the following;
     Individual's Name
     Social Security Number
     Birth Date
     Home and Emergency Addresses and Telephone Numbers
     Employee ID number
     Personnel Actions
     Professional Registration
     Qualifications
     Training
     Employment History
     Awards
     Counseling
     Reprimands
     Grievances
     Appeals
     Leave
     Pay Attendance
     Work Assignments
     Performance Ratings
     Injuries
     Parking Permit and Pass Applications
     Unpaid Debt Complaints (including nonpayment of child 
support)
     Travel
     Outside Employment
     Congressional Employee Relief Bills
     Telephone Call Details.
    The system does not include official personnel files covered by 
OPM/GOVT-1.

RECORD SOURCE CATEGORIES:
    The sources for the information are individuals themselves, other 
employees, personnel records, and persons who have complained of unpaid 
debts, including nonpayment of child support.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed to authorized 
entities, as is determined to be relevant and necessary, outside GSA as 
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    a. To disclose information to a Federal, State, local, or foreign 
agency responsible for investigating, prosecuting, enforcing or 
carrying out a statute, rule, regulation, or order where GSA becomes 
aware of a violation or potential violation of civil or criminal law or 
regulation.

[[Page 47140]]

    b. To disclose information to another Federal agency or a court 
when the Government is a party to a judicial proceeding.
    c. To disclose requested information to a Federal agency in 
connection with hiring or retaining an employee; issuing a security 
clearance; reporting an employee investigation; clarifying a job; 
letting a contract; or issuing a license, grant, or other benefit by 
the requesting agency when the information is needed for a decision.
    d. To disclose information to the Merit Systems Protection Board, 
including its Office of Special Counsel; the Federal Labor Relations 
Authority and its general counsel; or the Equal Employment Opportunity 
Commission in performing their duties.
    e. To disclose information to the Federal Parent Locator Service to 
assist in locating an absent parent and enforce child support 
obligations against a delinquent parent. This includes routinely cross-
matching Federal personnel records with State records of persons who 
owe child support to learn if there are any Federal employees 
delinquent in supporting a dependent child.
    f. To disclose information to an appeal, grievance, or formal 
complaints examiner; equal employment opportunity investigator; 
arbitrator; union representative; or other official engaged in 
investigating or settling a grievance, complaint, or appeal filed by an 
employee.
    g. To disclose information to the Office of Personnel Management 
(OPM) under the agency's responsibility for evaluating Federal 
personnel management. When personnel records in the custody of GSA are 
covered in a record system published by OPM as a Governmentwide record 
system, they are considered part of that system. Other personnel record 
systems covered by notices published by GSA as separate systems may 
also be transferred to OPM as a routine use.
    h. To disclose information to a Member of Congress or to a 
congressional staff member in response to a request from the person who 
is the subject of the records.
    i. To disclose information to an expert, consultant, or contractor 
of GSA in performing a Federal duty.
    j. To appropriate agencies, entities, and persons when (1) the 
Agency suspects or has confirmed that the security or confidentiality 
of information in the system of records has been compromised; (2) the 
Agency has determined that as a result of the suspected or confirmed 
compromise there is a risk of harm to economic or property interests, 
identity theft or fraud, or harm to the security or integrity of this 
system or other systems or programs (whether maintained by GSA or 
another agency or entity) that rely upon the compromised information; 
and (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with GSA's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system of records are stored electronically in 
secure facilities. Electronic records are stored on GSA's secure 
network which is managed by the Office of GSA IT.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by an individual's name, employee ID number, 
or social security number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Record disposal is controlled by the GSA directive, ``Records 
Management Program'', CIO 1820.2. Applicable records series include the 
following and contain associated records disposition authorities key to 
employee-related records:
    GRS 2.1--Employee Acquisition Records
    GRS 2.2--Employee Management Records
    GRS 2.3--Employee Relations Records
    GRS 2.4--Employee Compensation and Benefits Records
    GRS 2.5--Employee Separation Records
    GRS 2.6--Employee Training Records
    GRS 2.7--Employee Health and Safety Records
    GRS 2.8--Employee Ethics Records
    GSA 269.16--Human Resource Records
    The records are reviewed and updated yearly, and records past their 
disposition date are destroyed. Once paper originals and copies are 
purged from the official personnel folder, no other paper copies are 
kept. When the employee transfers or separates from the agency, records 
are promptly sent to the office that is to maintain the official 
personnel folder. The records are screened to ensure that nothing is 
missing.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in the system are protected from unauthorized access and 
misuse through a combination of administrative, technical and physical 
security measures. Administrative measures include but are not limited 
to policies that limit system access to individuals within an agency 
with a legitimate business need, and regular review of security 
procedures and best practices to enhance security. Technical measures 
include but are not limited to system design that allows authorized 
system users access only to data for which they are responsible; 
required use of strong passwords that are frequently changed; and use 
of encryption for certain data transfers. Physical security measures 
include but are not limited to the use of data centers which meet 
government requirements for storage of sensitive data.

RECORD ACCESS PROCEDURES:
    An individual request to review a record can be addressed to the 
supervisor, team leader, or official at the address where the employee 
worked. If that is unknown, a general request can be addressed to the 
head of the service or staff office for Central Office employees, or to 
the regional administrator at the address given in the appendix to this 
notice. For the identification required, see 41 CFR part 105-64 
published in the Federal Register (https://www.ecfr.gov/current/title-41/subtitle-C/chapter-105/part-105-64).

CONTESTING RECORD PROCEDURES:
    The GSA procedures for contesting the content of a record and 
appealing an initial denial of a request to access or amend a record 
may be found in 41 CFR part 105-64. If an individual wishes to contest 
the content of any record pertaining to him or her in the system after 
it has been submitted, that individual should consult the GSA's Privacy 
Act implementation rules available at 41 CFR part 105-64.4.

NOTIFICATION PROCEDURES:
    An individual who wishes to be notified whether the system contains 
a record related to him- or herself should address an inquiry to the 
supervisor or team leader where the employee worked. If that is 
unknown, general requests can be addressed to the head of the service 
or staff office for Central Office employees, or to the regional 
administrator for regional office employees at the address listed in 
the appendix (https://www.ecfr.gov/current/title-41/subtitle-C/chapter-105/part-105-64).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

[[Page 47141]]

HISTORY:
    61 FR 60103.

Richard Speidel,
Chief Privacy Officer, Office of the Deputy Chief Information Officer, 
General Services Administration.
[FR Doc. 2023-15460 Filed 7-20-23; 8:45 am]
BILLING CODE 6820-34-P