[Federal Register Volume 88, Number 168 (Thursday, August 31, 2023)]
[Notices]
[Pages 60241-60243]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-18848]


=======================================================================
-----------------------------------------------------------------------

MERIT SYSTEMS PROTECTION BOARD


Privacy Act of 1974; System of Records

AGENCY: Merit Systems Protection Board.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the U.S. Merit 
Systems Protection Board (MSPB) proposes to establish a new system of 
records titled ``MSPB-4, Emergency Alert System.'' This system of 
records includes information that MSPB collects, maintains, and uses 
for operational response to critical events to ensure the safety and 
security of MSPB personnel and physical locations, as well as to keep 
MSPB personnel up to date on emergencies that may impact MSPB personnel 
and operations, such as active shooter situations, terrorist attacks, 
or severe weather conditions.

DATES: Please submit comments on or before October 2, 2023. This new 
system is effective upon publication in today's Federal Register, with 
the exception of the routine uses, which are effective October 2, 2023.

ADDRESSES: You may submit written comments to the Office of the Clerk 
of the Board by email to [email protected] or by mail to Clerk of the 
Board, U.S. Merit Systems Protection Board, 1615 M Street NW, 
Washington, DC 20419. All comments must reference ``MSPB-4, Emergency 
Alert System SORN.'' Regardless of the method used for submitting 
comments or material, all submissions will be posted, without change, 
to MSPB's website (https://www.mspb.gov) and will include any personal 
information you provide, such as your name, address, phone number, 
email address, or any other personally identifying information in your 
comment or materials. Therefore, any submissions will be made public 
and without change.

FOR FURTHER INFORMATION CONTACT: For general questions or privacy 
issues, please contact: D. Fon Muttamara, Chief Privacy Officer, Office 
of the Clerk of the Board, 1615 M Street NW, Washington, DC 20419; 
(202) 653-7200; [email protected]. Please include ``MSPB-4 Emergency 
Alert System'' with your question(s).

SUPPLEMENTARY INFORMATION: In accordance with the Privacy Act of 1974, 
5 U.S.C. 552a, the MSPB proposes to establish a new system of records 
titled ``MSPB-4, Emergency Alert System.'' MSPB's Office of Financial 
and Administrative Management (FAM) is responsible for, among other 
things, the security of personnel and physical locations. This system 
of records includes information that MSPB collects, maintains, and uses 
for operational response to critical events to ensure the safety and 
security of MSPB personnel and physical locations, as well as to keep 
MSPB personnel up to date on emergencies that may impact MSPB personnel 
and operations, such as active shooter situations, terrorist attacks, 
or severe weather conditions.
    The Privacy Act embodies fair information practice principles in a 
statutory framework governing how Federal agencies collect, maintain, 
use, and disseminate individuals' records. The Privacy Act applies to 
records about individuals that are maintained in a ``system of 
records.'' A system of records is a group of records under the control 
of an agency from which information is retrieved by the name of an 
individual or by some identifying number, symbol, or other identifying 
particular assigned to the individual. The Privacy Act defines an 
individual as a United States citizen or lawful permanent resident. 
Individuals may request access to their own records that are maintained 
in a system of records in the possession or under the control of MSPB 
by complying with MSPB Privacy Act regulations at 5 CFR part 1205, and 
following the procedures outlined in the Records Access, Contesting 
Record, and Notification Procedures sections of this notice. The 
Privacy Act requires each agency to publish in the Federal Register a 
description denoting the existence and character of each system of 
records that the agency maintains and the routine uses of each system. 
The new ``Emergency Alert System'' System of Records Notice is 
published in its entirety below. In accordance with the Privacy Act, 5 
U.S.C. 552a(r), and OMB Circular A-108, ``Federal Agency 
Responsibilities for Review, Reporting, and Publication under the 
Privacy Act'' (Dec. 2016), MSPB has submitted a report of a new system 
of records to the Office of Management and Budget and Congress.

Jennifer Everling,
Acting Clerk of the Board, U.S. Merit Systems Protection Board.

SYSTEM NAME AND NUMBER:
    MSPB-4, Emergency Alert System.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained by the Office of Financial and 
Administrative Management, U.S. Merit Systems Protection Board, 1615 M 
Street NW, Washington, DC 20419. Records may be located in locked 
cabinets and offices, on MSPB's local area network, or in designated 
U.S. data centers for cloud service providers certified by the Federal 
Risk and Authorization Management Program or FedRAMP.

SYSTEM MANAGER(S):
    Kevin Nash, Director of the Office of Financial and Administrative 
Management, U.S. Merit Systems Protection Board, 1615 M Street NW, 
Washington, DC 20419, [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 1204; Federal Continuity Directive (FCD) 1, Federal 
Executive Branch National Continuity Program and Requirements, January 
17, 2017; FCD 2, Federal Executive Branch Mission Essential Functions 
and Candidate Primary Mission Essential Functions Identification and 
Submission Process, June 13, 2017; Directive on National Continuity 
Policy (National Security Presidential Directive 51/Homeland Security 
Presidential Directive 20), May 4, 2007.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system of records is to allow MSPB to collect 
and maintain records of employees who receive emergency alerts.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Current and former employees of MSPB.

CATEGORIES OF RECORDS IN THE SYSTEM:
    1. MSPB employee name;
    2. MSPB email addresses;
    3. MSPB-assigned office phone numbers;
    4. MSPB-issued mobile device numbers;
    5. Personal email addresses (if provided);
    6. Personal home phone numbers (if provided); and

[[Page 60242]]

    7. Personal mobile device numbers (if provided).

RECORD SOURCE CATEGORIES:
    Information contained in this system is obtained from MSPB's Office 
of Information Resources Management (IRM). IRM will provide a .csv file 
to FAM, the .csv file will contain MSPB employee email addresses and 
MSPB-assigned office phone numbers (and extensions if applicable) from 
MSPB's Microsoft Active Directory, as well as MSPB-issued mobile device 
numbers. FAM will then provide the file to Everbridge (the emergency 
alert system vendor) through MSPB's secure file sharing system, 
Box.com. As new hires onboard at MSPB, FAM will manually enter the 
required PII into the Everbridge system. Additionally, FAM will 
manually delete the PII of departing employees 30 days from departure. 
Employees may voluntarily provide personal contact information, which 
FAM will add to the information maintained in Everbridge for those 
employees.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside MSPB as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    a. To the Department of Justice (DOJ), including Offices of the 
U.S. Attorneys; or another Federal agency conducting litigation or in 
proceedings before any court, adjudicative, or administrative body; 
another party or potential party or the party's or potential party's 
authorized representative in litigation before a court, adjudicative, 
or administrative body; or to a court, adjudicative, or administrative 
body. Such disclosure is permitted only when it is relevant or 
necessary to the litigation or proceeding, and one of the following is 
a party to the litigation or has an interest in such litigation:
    (1) MSPB, or any component thereof;
    (2) Any employee or former employee of MSPB in his or her official 
capacity;
    (3) Any employee or former employee of MSPB in his or her 
individual capacity where DOJ or MSPB has agreed to represent the 
employee;
    (4) The United States or a Federal agency in litigation before a 
court, adjudicative, or administrative body;
    (5) A party, other than the United States or a Federal agency, in 
litigation before a court, adjudicative, or administrative body, upon 
the MSPB General Counsel's approval, pursuant to 5 CFR part 1216 or 
otherwise.
    b. To the appropriate Federal, State, or local agency responsible 
for investigating, prosecuting, enforcing, or implementing a statute, 
rule, regulation, or order, when a record, either on its face or in 
conjunction with other information, indicates or is relevant to a 
violation or potential violation of civil or criminal law or 
regulation.
    c. To a member of Congress or the White House from the record of an 
individual in response to an inquiry made at the request of the 
individual to whom the record pertains.
    d. To the National Archives and Records Administration (NARA) in 
records management inspections conducted under the authority of 44 
U.S.C. 2904 and 2906.
    e. To appropriate agencies, entities, and persons when (1) MSPB 
suspects or has confirmed that there has been a breach of the system of 
records; (2) MSPB has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, MSPB 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with MSPB's efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm.
    f. To another Federal agency or Federal entity, when MSPB 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    g. To contractors, grantees, experts, consultants, or volunteers 
performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for MSPB when MSPB determines that it is 
necessary to accomplish an agency function related to this system of 
records. Individuals provided information under this routine use are 
subject to the same Privacy Act requirements and limitations on 
disclosure as are applicable to MSPB employees.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    The records in this system of records are stored electronically on 
an MSPB vendor's system(s) to facilitate the administration of the 
alerts. Access is limited to a small number of authorized personnel at 
MSPB and at MSPB's vendor.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by name or other unique personal 
identifier.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The records maintained in this system of records are subject to 
NARA General Records Schedule 5.4. Records of departing employees will 
be removed from the system by FAM 30 days after departure from MSPB. 
The information will be removed from the Everbridge servers after 30 
days once the contract is completed.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in the system are protected from unauthorized access and 
misuse through various administrative and technical security measures, 
such as role-based access controls, mandatory security and privacy 
training, encryption, and multi-factor authentication.

RECORD ACCESS PROCEDURES:
    Individuals seeking notification of and access to their records in 
this system of records may submit a request in writing to the Office of 
the Clerk of the Board, Merit Systems Protection Board, 1615 M Street 
NW, Washington, DC 20419. Individuals requesting access must comply 
with MSPB's Privacy Act regulations regarding verification of identity 
and access to records (5 CFR part 1205).

CONTESTING RECORD PROCEDURES:
    Individuals may request that records about them be amended by 
writing to the Office of the Clerk of the Board, Merit Systems 
Protection Board, 1615 M Street NW, Washington, DC 20419. Individuals 
requesting amendment must follow MSPB's Privacy Act regulations 
regarding verification of identity and amendment to records (5 CFR part 
1205).

NOTIFICATION PROCEDURES:
    See Record Access Procedures above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

[[Page 60243]]

HISTORY:
    None.

[FR Doc. 2023-18848 Filed 8-30-23; 8:45 am]
BILLING CODE 7401-01-P