[Federal Register Volume 88, Number 179 (Monday, September 18, 2023)]
[Notices]
[Pages 63930-63933]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-19829]
[[Page 63930]]
-----------------------------------------------------------------------
DEPARTMENT OF AGRICULTURE
Food and Nutrition Service
Privacy Act of 1974; New System of Records
AGENCY: Food and Nutrition Service (FNS), USDA.
ACTION: Notice of a new system of record.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, and
Office of Management and Budget (OMB) Circular No. A-108, notice is
given that the Food and Nutrition Service (FNS) of the U.S. Department
of Agriculture (USDA) is proposing to add a new system of records,
entitled USDA/FNS-13, Mercury (``Mercury''), which is a Consumer Off
the Shelf (COTS) workflow system designed to automate the
correspondence tracking and management process within FNS. It will be
used by the Supplemental Nutrition Assistance Program (SNAP), Child
Nutrition Program (CNP), the Supplemental Nutrition and Safety Program
(SNAS), and Regional Operations and Compliance (ROC).
DATES: This notice is effective upon publication, subject to a 30-day
notice and comment period in which to comment on the routine uses
described below. Comments, if any, must be submitted by October 18,
2023.
ADDRESSES: You may submit comments by one of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov
provides the ability to type short comments directly into the comment
field on this web page or attach a file for lengthier comments. Follow
the online instructions at that site for submitting comments.
By Mail:
[cir] SNAP: Laura Griffin, Senior Policy Advisor, SNAP, USDA/Food
and Nutrition Service, Braddock Metro Center II, 1320 Braddock Place,
Alexandria, VA 22314.
[cir] SNAS: Clarissa Brown, SNAS Special Assistant, SNAS, USDA/Food
and Nutrition Service, Braddock Metro Center II, 1320 Braddock Place,
Alexandria, VA 22314.
[cir] CNP: Shawn Martin, CNP Special Assistant--USDA/Child
Nutrition, Food and Nutrition Service, 1320 Braddock Place, Alexandria,
VA 22314.
[cir] ROC: Andrew Furbee, Director, ROC, USDA/Food and Nutrition
Service, Braddock Metro Center II, 1320 Braddock Place, Alexandria, VA
22314.
By Email:
[cir] SNAP: [email protected].
[cir] SNAS: [email protected].
[cir] CNP: [email protected].
[cir] ROC: [email protected].
Instructions: All comment submissions received must
include the agency name and docket number for this rulemaking. All
comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
Docket: For access to the docket to read background
documents or comments received go to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: For general questions please contact
the FNS Privacy Officer via telephone at (703) 305-1627, Danaeka Wilkes
at (703) 305-2874 or via email at [email protected].
SUPPLEMENTARY INFORMATION:
Background
The Food and Nutrition Service (FNS) receives hundreds of pieces of
correspondence each year from Congress, program partners, and the
general public regarding the interpretation of legislation for the
delivery of FNS nutrition programs or for general information about
access to the nutrition programs. Each piece of correspondence is
responded to with information about one or more of the 15 nutrition
assistance programs administered by the agency, and each one is tracked
to ensure it is answered accurately and timely and that all necessary
reviews are complete before it is signed and sent to the correspondent.
Mercury is a customized Salesforce solution to automate the intake,
review, response writing, review, and approval of these correspondences
for program offices within the FNS. The program offices currently
supported are the Supplemental Nutrition Assistance Program (SNAP);
Child Nutrition Programs (CN); the Supplemental Nutrition and Safety
Program (SNAS), and Retailer Operations & Compliance (ROC).
Mercury provides a replacement for a legacy Mercury Correspondence
Management application that was built upon SharePoint 2007 and Web
Components. The legacy SharePoint platform was decommissioned by FNS
shortly after new Mercury went live on April 12, 2021.
Privacy Act
The Privacy Act of 1974 (the Privacy Act), 5 U.S.C. 552a, embodies
fair information principles in a statutory framework governing the
means by which the United States Government collects, maintains, uses,
and disseminates personally identifiable information. The Privacy Act
applies to information that is maintained in a system of records. A
system of records is a group of any records under the control of an
agency for which information is retrieved by the name of an individual
or by some identifying number, symbol, or other identifying particular
assigned to the individual. In the Privacy Act, an individual is
defined to encompass United States citizens and legal permanent
residents.
The Privacy Act requires each agency to publish in the Federal
Register a description denoting the type and character of each system
of records that the agency maintains, the routine uses that are
contained in each system in order to make agency record keeping
practices transparent, to notify individuals regarding the uses to
which personally identifiable information is put, and to assist
individuals to more easily find such files within the agency.
In accordance with 5 U.S.C. 552a(r), USDA has provided a report of
this new system to the Office of Management and Budget and to Congress.
SYSTEM NAME AND NUMBER:
USDA/FNS-13, Mercury
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Mercury is maintained in Gov Cloud, a cloud infrastructure
environment that is used only by Federal employees and FNS contractors.
There are no users external to FNS. The Digital Service Center (DSC)
and FNS Office of Information Technology (OIT) manage and administer
the Salesforce application and organization. Mercury does not support
any external-facing or publicly accessible website or interface. The
data is processed and stored solely within the continental United
States. The agency, US Department of Agriculture Food and Nutrition
Service (FNS), address is 1320 Braddock Place, Alexandria, VA 22314 and
the address of the third-party service provider is Salesforce, The
Landmark at One Market, San Francisco, CA 94105.
SYSTEM MANAGER(S):
FNS OIT Project Manager: Kathleen McKillen (OIT)_
[email protected]. Mailing Address: USDA/Food Nutrition
Service, 1320 Braddock Place, Alexandria, VA 22314.
Business/Program Contacts:
Laura Griffin (SNAP)_[email protected]--SNAP Business
Representative.
Clarissa Brown (SNAS)_[email protected]--SNAS Business
Representative.
[[Page 63931]]
Kiley Larson (SNAS)[email protected] Business
Representative.
Shawn Martin (CNP)_[email protected]--CNP Business
Representative.
Andrew Furbee (ROC)_[email protected]--ROC Business
Representative.
Mailing Address for all Business/Program Contacts: USDA/Food
Nutrition Service, Braddock Metro Center II, 1320 Braddock Place,
Alexandria, VA 22314.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
7 CFR 2.97 (1) and Sec. 210.3 (a) and USDA Departmental Regulation
3060-01.
PURPOSE(S) OF THE SYSTEM:
Mercury provides FNS the ability to track the writing, editing, and
approval of correspondence documents through an established set of
business processes. Primarily these documents are responses to inbound
correspondence from the public or Congress, but the documents can also
be internally focused documents such as memos or reports. The
combination of the inbound correspondence, FNS's response, and approval
history is referred to in Mercury as a work package. The business
processes of a work package differ based on various characteristics
such as the document type, the originator of a correspondence, or other
factors. Mercury supports a variety of writing and review processes
that enables an FNS user to quickly identify the status and approval
history of a work package. This ensures timely and accurate responses.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Categories of individuals covered by this system include any entity
that has submitted correspondence to FNS, including the general public,
external partners such as state agencies that operate nutrition
assistance programs, advocacy organizations or members of congress.
CATEGORIES OF RECORDS IN THE SYSTEM:
The following are the Categories of Records for Mercury:
correspondence (letters or emails) sent from individuals (recipients),
partner organizations, congressional letters, congressional report
requests, FNS internal sources, and other correspondence requiring USDA
response. Personally identifiable information (PII) stored in the
system is identified as first name, last name, and work email of
internal USDA employees (Users), and external USDA partners and
contractors (Contacts). Also, first name, last name, physical address,
and email of individuals (recipients), partner organizations, and the
general public who correspond with FNS via letters and emails.
RECORD SOURCE CATEGORIES:
The source of information stored in Mercury includes correspondence
(letters or emails) sent from individuals (general public), external
partners such as state agencies that operate nutrition assistance
programs, advocacy organizations, or members of congress. FNS initiated
documents such as memos, guidance, or similar materials are also a
category source.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed to authorized
entities, as is determined to be relevant and necessary, outside USDA
as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
(1) To the Department of Justice when: (a) USDA or any component
thereof; or (b) any employee of USDA in his or her official capacity,
or any employee of the agency in his or her individual capacity where
the Department of Justice has agreed to represent the employee; or (c)
the United States Government, is a party to litigation or has an
interest in such litigation, and USDA determines that the records are
both relevant and necessary to the litigation and the use of such
records by the Department of Justice is deemed by USDA to be for a
purpose that is compatible with the purpose for which USDA collected
the records.
(2) In an appropriate proceeding before a court, grand jury, or
administrative or adjudicative body or official, when the USDA or other
Agency representing the USDA determines that the records are both
relevant and necessary to the proceeding; or in an appropriate
proceeding before an administrative or adjudicative body when the
adjudicator determines the records to be relevant to the proceeding.
(3) To a congressional office in response to an inquiry from that
congressional office made at the written request of the individual
about whom the record pertains.
(4) To the National Archives and Records Administration or other
Federal government agencies pursuant to records management activities
being conducted under 44 U.S.C. 2904 and 2906.
(5) To an agency, organization, or individual for the purpose of
performing audit or oversight operations as authorized by law, but only
such information as is necessary and relevant to such audit or
oversight function.
(6) To other Federal agencies or non-Federal entities under
approved computer matching efforts, limited to only those data elements
considered relevant to determine eligibility under particular benefit
programs administered by those agencies or entities or by USDA or any
component thereof, to improve program integrity, and to collect debts
and other monies owed under those programs.
(7) To another Federal agency or Federal entity, when information
from this system of records is reasonably necessary to assist the
recipient agency or entity in: (1) responding to a suspected or
confirmed breach or (2) preventing, minimizing, or remedying the risk
of harm to individuals, the recipient agency or entity (including its
information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
(8) To appropriate agencies, entities, and persons when: (1) USDA
suspects or has confirmed that there has been a breach of the system of
records; (2) USDA has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, USDA
(including its information systems, programs, and operations), the
Federal Government, or national security; and (3) the disclosure made
to such agencies, entities, and persons is reasonably necessary to
assist in connection with USDA's efforts to respond to the suspected or
confirmed compromise and prevent, minimize, or remedy such harm.
(9) To contractors and their agents, grantees, experts,
consultants, and other performing or working on a contract, service,
grant, cooperative agreement, or other assignment for the USDA, when
necessary to accomplish an agency function related to this system of
records.
(10) When a record on its face, or in conjunction with other
records, indicates a violation or potential violation of law, whether
civil, criminal or regulatory in nature, and whether arising by general
statute or particular program statute, or by regulation, rule, or order
issued pursuant thereto, USDA may disclose the record to the
appropriate agency, whether Federal, foreign, State, local, or tribal,
or other
[[Page 63932]]
public authority responsible for enforcing, investigating, or
prosecuting such violation or charged with enforcing or implementing
the statute, or rule, regulation, or order issued pursuant thereto, if
the information disclosed is relevant to any enforcement, regulatory,
investigative or prosecutive responsibility of the receiving entity.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The Mercury application is hosted in GovCloud, a cloud
infrastructure environment. These records are electronic.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
The user's permission level will dictate what records they can
retrieve. All users of Mercury are FNS employees or contractors working
on FNS computers. Each user of Mercury will be assigned specific
permissions in the platform based on the role they take in the business
process as a Process Manager, Writer, or Reviewer.
The Process Managers, who orchestrate most of the business process,
have the ability to create, edit, and move work packages through all
stages of the process. This allows Process Managers to ensure the
response is delivered in a timely manner and gives them the ability to
overcome any roadblocks as needed. Process Managers have the ability to
mark work packages as Delivered or Canceled as needed to indicate
completion. Persons designated by the Associate Administrators have the
same permissions as Process Managers, allowing them to act not only as
a reviewer of a draft, but allows them to step into the Process Manager
role to fill in if needed.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Mercury will retain and dispose of records in accordance with the
following NARA-approved records schedule file code(s) and disposition
authorities:
(1) FNS-22 Controlled Correspondence Files Correspondence,
memoranda, reports, and other records related to congressional
inquiries and other correspondence sent to the secretary of Agriculture
which is controlled by Secretary's records. Includes memoranda and
correspondence about various FNS programs signed by the Administrator,
Assistance Secretaries, or the Secretary of Agriculture. Disposition
Authority: NC1-462-79-2. Disposition: Washington Office: Permanent.
Transfer to FRC when 5 years old, Offer to NARA when 10 years old.
Other Offices: Temporary. Destroy when 1 year old.
(2) FRS 5.1-20 Non-recordkeeping copies of electronic records- Non-
recordkeeping copies of electronic records agencies maintain in email
systems, computer hard drives or networks, web servers, or other
locations after agencies copy the records to a recordkeeping system or
otherwise preserve the recordkeeping version.
Disposition Authority: DAA-GRS2016-00160002. Disposition:
Temporary. Destroy immediately after copying to a recordkeeping system
or otherwise preserving.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
USDA safeguards records in this system according to applicable
rules and policies, including all applicable USDA automated systems
security and access policies. USDA has imposed strict controls to
minimize the risk of compromising the information that is being stored.
Access to the computer system containing the records in this system is
limited to those individuals who have a need to know the information
for the performance of their official duties and who have appropriate
clearances or permissions.
Mercury utilizes a robust collection of technical safeguards to
ensure the integrity of the platform. Mercury is hosted in secure
server environment that uses a firewall to prevent interference or
access from outside intruders. When accessing Mercury, Secure Socket
Layer (SSL) technology protects the user's information by using both
server authentication and data encryption. Users will only access
Mercury by USDA eAuthentication through Personal Identity Verification
(PIV) Card and Personal Identification Number (PIN) entry. Mercury
administrators will have a suite of security tools that can be used to
increase the security of the system. From a physical security
standpoint, the servers that host Mercury are fed ramped certified and
managed by the USDA's Digital Services Center (DSC). The DSC is
responsible for ensuring strict physical access control procedures are
in place to prevent unauthorized access. Salesforce is contractually
obligated to provide data backups and disaster recovery, and the DSC
provides oversight of the contractor.
RECORD ACCESS PROCEDURES:
Individuals seeking notification of and access to any record
contained in this system of records, or seeking to contest its content,
may submit a request in writing to the component's FOIA Officer, whose
contact information can be found at http://www.da.usda.gov/foia_agency_pocs.htm. If an individual believes more than one component
maintains Privacy Act records concerning him or her, the individual may
submit the request to the Chief FOIA Officer, Department of
Agriculture, 1400 Independence Avenue SW, Washington, DC 20250.
When seeking records about yourself from this system of records or
any other Departmental system of records, your request must conform
with the Privacy Act regulations set forth in 7 CFR 1.112. You must
submit a written request in accordance with the instructions set forth
in the system of records. The request should include the name of the
individual making the request, the name of the system of records, any
other information specified in the system notice, and when the request
is one for access, a statement of whether the requester desires to make
a personal inspection of the records or by supplied with copies by mail
or email.
You must also include with your request sufficient data for FNS to
verify your identity. If the sensitivity of the records warrants it,
FNS may require that you submit a signed, notarized statement
indicating that you are the individual to whom the records pertain and
stipulating that you understand that knowingly or willfully seeking or
obtaining access to records about another individual under false
pretenses is a misdemeanor punishable by fine up to $5,000. No
identification shall be required, however, if the records are required
by 5 U.S.C. 552 to be released. If FNS determines to grant the
requested access, fees may be charged in accordance with 7 CFR part 1,
subpart G, 1.120 before making the necessary copies. In place of a
notarization, your signature may be submitted under 28 U.S.C. 1746, a
law that permits statements to be made under penalty of perjury as a
substitute for notarization.
CONTESTING RECORD PROCEDURES:
Individuals desiring to contest or amend information maintained in
the system should direct their requests to the System Manager listed
above. The request should identify each particular record in question,
state the amendment or correction desired, and state why the individual
believes that the record is not accurate, relevant, timely, or
complete. The individual may submit any documentation that would be
helpful. If the individual believes that the same record is in more
than one system of records, the request should state that and be
addressed to each component that maintains a system of records
[[Page 63933]]
containing the record. This request must follow the procedures set
forth in 7 CFR part 1, subpart G, 1.116 (Request for correction or
amendment to record).
NOTIFICATION PROCEDURES:
Individuals seeking notification of and access to any record
contained in this system of records or seeking to contest its content,
may submit a request in writing to the component's FOIA Officer, Kevin
Lynch, whose contact information is: Kevin Lynch, FOIA Officer, USDA/
Food and Nutrition Service, Braddock Metro Center II, 1320 Braddock
Place, Alexandria, VA 22314, email: [email protected], phone: 703-305-
2155. If an individual believes more than one component maintains
Privacy Act records concerning him or her the individual may submit the
request to the Chief FOIA Officer, Department of Agriculture, 1400
Independence Avenue SW, Washington, DC 20250.
When seeking records about yourself from this system of records or
any other Departmental system of records your request must conform with
the Privacy Act regulations set forth in 6CFR part 5. You must first
verify your identity, meaning that you must provide your full name,
current address, and date and place of birth. You must sign your
request, and your signature must either be notarized or submitted under
28 U.S.C. 1746, a law that permits statements to be made under penalty
of perjury as a substitute for notarization. In addition you should
provide the following: (1) An explanation of why you believe the
Department would have information on you; (2) identify which
component(s) of the Department you believe may have the information
about you; (3) specify when you believe the records would have been
created; (4) provide any other information that will help the FOIA
staff determine which USDA component agency may have responsive
records; (5) if your request is seeking records pertaining to another
living individual, you must include a statement from that individual
certifying his or her agreement for you to access his or her records.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
Tameka Owens,
Assistant Administrator, Food and Nutrition Service.
[FR Doc. 2023-19829 Filed 9-15-23; 8:45 am]
BILLING CODE 3410-30-P