[Federal Register Volume 88, Number 215 (Wednesday, November 8, 2023)]
[Notices]
[Pages 77088-77090]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-24231]
=======================================================================
-----------------------------------------------------------------------
ENVIRONMENTAL PROTECTION AGENCY
[FRL-10620-01-OMS]
Privacy Act of 1974; System of Records
AGENCY: Office of Inspector General, Environmental Protection Agency
(EPA).
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: The U.S. Environmental Protection Agency's (EPA) Office of
Inspector General (OIG) is giving notice that it proposes to create a
new a system of records pursuant to the provisions of the Privacy Act
of 1974. OIG Data Analytics Enterprise is being created to store and
maintain records collected by EPA OIG that are necessary in order to
fulfill the responsibilities of the Inspector General Act of 1978, as
amended. The EPA OIG will use this system of records to develop data
models and analytical assessments that will assist with the performance
of audits, evaluations, investigations, and reviews in order to
identify fraud, waste, mismanagement, and abuse relating to the
programs and operations of the EPA.
DATES: Persons wishing to comment on this system of records notice must
do so by December 8, 2023. Routine uses for this new system of records
will be effective December 8, 2023.
ADDRESSES: Submit your comments, identified by Docket ID No. EPA-HQ-
OMS-2023-0020, by one of the following methods:
Federal eRulemaking Portal: https://www.regulations.gov. Follow the
online instructions for submitting comments.
Email: [email protected]. Include the Docket ID number in the
subject line of the message.
Fax: (202) 566-1752.
Mail: OMS Docket, Environmental Protection Agency, Mail Code:
2822T, 1200 Pennsylvania Ave. NW, Washington, DC 20460.
Hand Delivery: OMS Docket, EPA/DC, WJC West Building, Room 3334,
1301 Constitution Ave. NW, Washington, DC 20460. Such deliveries are
only accepted during the Docket's normal hours of operation, and
special arrangements should be made for deliveries of boxed
information.
Instructions: Direct your comments to Docket ID No. EPA-HQ-OMS-
2023-0020. The EPA's policy is that all comments received will be
included in the public docket without change and may be made available
online at https://www.regulations.gov, including any personal
information provided, unless the comment includes information claimed
to be Controlled Unclassified Information (CUI) or other information
for which disclosure is restricted by statute. Do not submit
information that you consider to be CUI or otherwise protected through
https://www.regulations.gov. The https://www.regulations.gov website is
an ``anonymous access'' system for the EPA, which means the EPA will
not know your identity or contact information. If you submit an
electronic comment, the EPA recommends that you include your name and
other contact information in the body of your comment. If the EPA
cannot read your comment due to technical difficulties and cannot
contact you for clarification, the EPA may not be able to consider your
comment. If you send an email comment directly to the EPA without going
through https://www.regulations.gov, your email address will be
automatically captured and included as part of the comment that is
placed in the public docket and made available on the internet.
Electronic files should avoid the use of special characters, any form
of encryption, and be free of any defects or viruses. For additional
information about the EPA public docket, visit the EPA Docket Center
homepage at https://www.epa.gov/dockets.
Docket: All documents in the docket are listed in the https://www.regulations.gov index. Although listed in the index, some
information is not publicly available, e.g., CUI or other information
for which disclosure is restricted by statute. Certain other material,
such as copyrighted material, will be publicly available only in hard
copy. Publicly available docket materials are available either
electronically in https://www.regulations.gov or in hard copy at the
OMS Docket, EPA/DC, WJC West Building, Room 3334, 1301 Constitution
Ave. NW, Washington, DC 20460. The Public Reading Room is normally open
from 8:30 a.m. to 4:30 p.m., Monday through Friday excluding legal
holidays. The telephone number for the Public Reading Room is (202)
566-1744, and the telephone number for the OMS Docket is (202) 566-
1752. Further information about EPA Docket Center services and current
operating status is available at https://www.epa.gov/dockets.
FOR FURTHER INFORMATION CONTACT: Daniel Porter, Director, Data
Analytics Directorate, Office of Inspector General, Environmental
Protection Agency, 1200 Pennsylvania Avenue NW, Washington, DC 20004;
phone number: 202-309-6449; email: [email protected].
SUPPLEMENTARY INFORMATION: The EPA OIG will use this system of records
to develop data models and analyses in order to identify fraud, waste
and abuse, and programmatic problems and deficiencies. This system of
records will allow the EPA OIG to identify correlations between
existing EPA data sets and other government agency data sets to
identify patterns and correlations that indicate fraud and issues of
program waste and abuse. EPA OIG will apply analytics and data modeling
principles within this system of records to identify problems or
failures in the implementation or performance of internal controls
within the EPA. EPA will separately add exemptions for this system of
records to the Agency's Privacy Act regulations at 40 CFR part 16.
SYSTEM NAME AND NUMBER:
OIG Data Analytics Enterprise, EPA-100.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Office of Inspector General, Environmental Protection Agency, 109
T.W. Alexander Drive, Durham, NC 27711.
SYSTEM MANAGER(S):
Daniel Porter, EPA Office of Inspector General (OIG), Data
Analytics Directorate (DAD), Director, 1200 Pennsylvania Avenue NW,
Washington, DC 20004, 202-309-6449, [email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The Inspector General Act of 1978, as amended, 5 U.S.C. 401-424
(Inspector General Act).
PURPOSE(S) OF THE SYSTEM:
Records contained in OIG Data Analytics Enterprise may be used in
the course of performing audits, evaluations, and inspections;
investigating individuals and entities suspected of criminal, civil, or
administrative misconduct and in
[[Page 77089]]
supporting related judicial and administrative proceedings; or in
conducting preliminary inquiries undertaken to determine whether to
commence an audit, evaluation, inspection, or investigation.
CATEGORIES OF INDIVIDUALS COVERED BY SYSTEM:
The EPA OIG maintains records in OIG Data Analytics Enterprise on
the following categories of individuals: current, former, and
prospective EPA employees; contractors; subcontractors; recipients of
Federal funds and their contractors/subcontractors and employees;
grantees; sub-grantees; individuals who work on Agency grants (e.g.,
principal investigators); lessees; licensees; persons engaged in
official business with the Agency; or other persons identified by OIG
or by other agencies, constituent units of the Agency, and members of
the general public, in connection with the authorized functions of the
OIG.
CATEGORIES OF RECORDS IN THE SYSTEM:
The OIG Data Analytics Enterprise will contain a wide variety of
records to assist OIG staff in carrying out their work. Categories of
records may include: information obtained from EPA business systems
information, including general ledger data, bank account numbers and
transactions, contracting and business ownership data, Electronic Funds
Transfer Numbers, customer data, and vendor data; Agency payroll,
purchase card, and travel card data; System for Award Management
(SAM.gov) data; general case management documentation; correspondence;
personally identifiable and business identifiable information,
including financial, employment, time and attendance, human resources,
and biometric data and Social Security Numbers; information protected
by Title 13 of the U.S. Code; trade secrets data and similar
proprietary data; import/export data, including Automated Export System
data; law enforcement data; data containing information related to
Agency grants and contracts, and other data and evidence received,
collected, or generated by OIG's Data Analytics group while conducting
its official duties. Social Security Numbers are maintained in the
system pursuant to authority under the Inspector General Act and are
collected or received and maintained in the system as necessary by OIG
to carry out its statutory responsibilities under the Inspector General
Act.
RECORD SOURCE CATEGORIES:
Records and information stored in this system of records are
obtained from both publicly and privately available sources and various
systems of records and information systems within the EPA and other
Federal, State, and local agencies, Federal contractors, and non-
government entities.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
The routine uses below are both related to and compatible with the
original purpose for which the information was collected. The following
general routine uses apply to this system (86 FR 62527): A, B, C, D, E,
F, G, H, I, J, K, L, and M.
Additional routine uses that apply to this system are:
1. To any source, private or public, to the extent necessary to
secure from such source information relevant to a legitimate EPA
investigation, audit, decision, or other inquiry.
2. To a Federal, State, local, Tribal, Territorial, foreign,
international, or other public authority in response to its request in
connection with: the hiring, assignment, or retention of an individual;
the issuance, renewal, retention, or revocation of a security
clearance; the reporting of an investigation of an individual; the
execution of a security or suitability investigation; the letting of a
contract; or the issuance, retention, or revocation of a license,
grant, award, contract, or other benefit conferred by that entity to
the extent that the information is relevant and necessary to the
requesting entity's decision on the matter.
3. To the Department of Justice (DOJ) or any other Federal agency
to the extent necessary to obtain their advice relevant to an OIG
matter, or that has an interest in the record in connection with
determining whether disclosure thereof is required by the Freedom of
Information Act (FOIA) (5 U.S.C. 552).
5. To the Department of the Treasury and the Department of Justice
when EPA is seeking an ex parte court order to obtain taxpayer
information from the Internal Revenue Service.
6. To the news media and public when a public interest justifies
the disclosure of information on public events such as indictments or
similar activities and such disclosure would not cause an unwarranted
invasion of personal privacy.
7. To the public when the matter under audit or investigation has
become public knowledge, or when the Inspector General determines that
such disclosure is necessary to preserve confidence in the integrity of
the OIG audit or investigative process or is necessary to demonstrate
the accountability of EPA officers, employees, or individuals covered
by this system, unless it is determined that disclosure of the specific
information in the context of a particular case could reasonably be
expected to constitute an unwarranted invasion of personal privacy.
8. To Members of Congress and the public in the OIG's Semiannual
Report to Congress when the Inspector General determines that the
matter reported is significant.
9. To a Federal agency responsible for considering suspension or
debarment action where such record would be relevant to such action.
10. In response to a lawful subpoena issued by a Federal agency.
11. To a public or professional licensing organization if the
record indicates, either by itself or in combination with other
information, a violation or potential violation of professional
standards, or reflects on the moral, educational, or professional
qualifications of an individual who is licensed or who is seeking to
become licensed.
12. To any person when disclosure of the record is needed to enable
the recipient of the record to take action to recover money or property
of the EPA, when such recovery will accrue to the benefit of the United
States, or when disclosure of the record is needed to enable the
recipient of the record to take appropriate disciplinary action to
maintain the integrity of EPA programs or operations.
13. To the Office of Government Ethics to comply with agency
reporting requirements in 5 CFR 2638.206.
14. To a foreign government or international organization pursuant
to an international treaty, convention, implementing legislation, or
executive agreement entered into by the United States.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
These records are maintained electronically on computer storage
devices managed by the Office of Inspector General, Environmental
Protection Agency, 1200 Pennsylvania Avenue NW, Washington, DC 20460.
Electronically stored information is hosted at the EPA National
Computer Center (NCC), 109 TW Alexander Drive, Research Triangle Park,
Durham, NC 27711, in agency-owned cloud and on-premise environments.
Paper records are maintained at the Office of the
[[Page 77090]]
Inspector General at 1200 Pennsylvania Avenue NW, Washington, DC 20460.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records may be retrieved by search criteria that include names of
individuals, names of businesses, identifying particulars,
organizations, Social Security Number, EPA ID number, or driver's
license number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained and disposed of in accordance with EPA Records
Retention Schedules approved by the National Archives and Records
Administration (NARA).
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Security controls used to protect personal sensitive data in OIG
Data Analytics Enterprise are commensurate with those required for an
information system rated MODERATE for confidentiality, integrity, and
availability, as prescribed in National Institute of Standards and
Technology (NIST) Special Publication, 800-53, ``Security and Privacy
Controls for Information Systems and Organizations,'' Revision 5.
1. Administrative Safeguards: All users must take annual mandatory
Security Awareness and Privacy training as provided by the Agency.
Additionally, staff determined to have significant security
responsibilities are also required to complete role-based training
(RBT).
2. Technical Safeguards: Access to electronic records is restricted
to the OIG staff and contractors individually authorized to access the
electronic system. Access is restricted based on assigned roles and
responsibilities. Authentication to the system occurs through the
Agency's Active Directory Domain Controller. Passwords must meet
complexity requirements and are changed periodically, in accordance
with OIG policies. Also, all devices that connect to the system use a
screen lock; both (screen lock and password) are enforced by Agency
policy.
3. Physical Safeguards: Electronic records are stored on servers
maintained in a locked facility that is secured at all times. All
electronic media are kept in limited-access areas during duty hours and
in locked offices during nonduty hours and are used only by authorized
screened personnel.
RECORD ACCESS PROCEDURES:
Pursuant to 5 U.S.C. 552a(j)(2), (k)(2), and (k)(5), certain
records maintained in the OIG Data Analytics Enterprise are exempt from
specific access and accounting provisions of the Privacy Act. See 40
CFR 16.11 and 16.12, However, EPA may, in its discretion, grant
individual requests for access if it determines that the exercise of
these rights will not interfere with an interest that the exemption is
intended to protect. Requests for access must be made in accordance
with the procedures described in EPA's Privacy Act regulations at 40
CFR part 16.
CONTESTING RECORD PROCEDURES:
Pursuant to 5 U.S.C. 552a(j)(2), (k)(2), and (k)(5), certain
records maintained in the OIG Data Analytics Enterprise are exempt from
specific access and accounting provisions of the Privacy Act. See 40
CFR 16.11 and 16.12. However, EPA may, in its discretion, grant
individual requests for correction and amendment if it determines that
the exercise of these rights will not interfere with an interest that
the exemption is intended to protect. Requests for correction and
amendment must identify the record to be changed and the correction
sought, and must be made in accordance with the procedures described in
EPA's Privacy Act regulations at 40 CFR part 16.
NOTIFICATION PROCEDURES:
Individuals who wish to be informed whether a Privacy Act system of
records maintained by EPA contains any record pertaining to them,
should make a written request to the EPA, Attn: Agency Privacy Officer,
MC 2831T, 1200 Pennsylvania Ave. NW, Washington, DC 20460, or by email
at: [email protected]. A full description of EPA's Privacy Act procedures
is included in EPA's Privacy Act regulations at 40 CFR part 16.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
EPA has exempted records maintained in this system from 5 U.S.C.
552a(c)(3) and (4); 5 U.S.C. 552a(d); 5 U.S.C. 552a(e)(1), (2) and (3);
5 U.S.C. 552a(e)(4)(G) and (H); 5 U.S.C. 552a(e)(5) and (8); 5 U.S.C.
552a(f)(2) through (5); and 5 U.S.C. 552a(g) of the Privacy Act
pursuant to 5 U.S.C. 552a(j)(2). EPA has also exempted records
maintained in this system from 5 U.S.C. 552a(c)(3), 5 U.S.C. 552a(d), 5
U.S.C. 552a(e)(1), 5 U.S.C. 552a(e)(4)(G) and (H) and 5 U.S.C.
552a(f)(2) through (5) of the Privacy Act under 5 U.S.C. 552a(k)(2).
EPA has also exempted records maintained in this system from 5 U.S.C.
552a(c)(3) and 5 U.S.C. 552a(d) of the Privacy Act pursuant to 5 U.S.C.
552a(k)(5). An exemption rule for this record system has been
promulgated in accordance with the requirements of 5 U.S.C. 553(b)(1),
(2), and (3), (c) and (e) and published in 40 CFR part 16. In addition,
when exempt records received from other systems of records become part
of this system, EPA also claims the same exemptions for those records
that are claimed for the prior system(s) of records from which they
were a part and claims any additional exemptions set forth here.
HISTORY:
None.
Vaughn Noga,
Senior Agency Official for Privacy.
[FR Doc. 2023-24231 Filed 11-7-23; 8:45 am]
BILLING CODE 6560-50-P