[Federal Register Volume 88, Number 216 (Thursday, November 9, 2023)]
[Notices]
[Pages 77365-77368]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-24692]


=======================================================================
-----------------------------------------------------------------------

OFFICE OF MANAGEMENT AND BUDGET


Privacy Act of 1974; System of Records

AGENCY: Office of Management and Budget.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974 and Office of Management 
and Budget Circular No. A-108, Federal Agency Responsibilities for 
Review, Reporting, and Publication under the Privacy Act, notice is 
hereby given that the Office of Management and Budget (OMB) is 
establishing the following new system of records: ``OMB Freedom of 
Information Act and Privacy Act Requests System of Records, OMB/FOIAPA/
01.'' This system covers all information pertaining to Freedom of 
Information (FOIA) or Privacy Act requests and information relating to 
other agencies' FOIA or Privacy Act requests received through the 
National FOIA Portal (www.foia.gov), email, hardcopy communications, 
and other authorized means, including OMB's FOIA and Privacy Act 
tracking, management, reporting, and e-Discovery software and tools. 
This system also covers information pertaining to any administrative 
appeals or litigation relating to FOIA or Privacy Act requests to OMB 
or to another agency.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of 
records notice (SORN) is effective upon its publication in today's 
Federal Register, with the exception of the routine uses, which are 
subject to a 30-day comment period, and will be effective December 11, 
2023. Please submit any comments on or before December 11, 2023.

ADDRESSES: You may submit comments by:
    Email: [email protected].
    Instructions: All submissions must contain the subject heading 
``OMB FOIA/PA Requests System.''
    Privacy Act Statement: Submission of comments is voluntary. The 
information will be used to inform sound decision making. Please note 
that all comments received in response to this notice may be posted or 
released in their entirety, including any personal and business 
confidential information provided. Do not include any information you 
would not like to be made publicly available. Additionally, the OMB 
System of Records Notice, OMB Public Input System of Records, OMB/
INPUT/01 includes a list of routine uses associated with the collection 
of this information.

FOR FURTHER INFORMATION CONTACT: For general questions and privacy 
issues, please contact Shraddha A. Upadhyaya by email at 
[email protected] or by phone at (202) 395-9225. You must include ``OMB 
FOIA/PA Requests System'' in the subject line.

SUPPLEMENTARY INFORMATION:

I. Background

    In accordance with the Privacy Act of 1974, 5 U.S.C. 552, and the 
Office of Management and Budget (OMB), Circular No. A-108, OMB proposes 
to create a new system of records for OMB titled, ``OMB Freedom of 
Information Act and Privacy Act Requests System of Records, OMB/FOIAPA/
01'' (OMB FOIA/PA Requests System).''
    The OMB FOIA/PA Requests System covers all information related to 
Freedom of Information Act (FOIA) or

[[Page 77366]]

Privacy Act requests and information relating to other agencies' FOIA 
or Privacy Act requests received through the National FOIA Portal 
(www.foia.gov), email, hardcopy communications, and other authorized 
means. This system also covers information pertaining to any 
administrative appeals or litigation relating to FOIA or Privacy Act 
requests to OMB or to another agency.

II. Privacy Act

    The Privacy Act embodies fair information practice principles in a 
statutory framework governing the means by which Federal Government 
agencies collect, maintain, use, and disseminate individuals' records. 
The Privacy Act applies to information that is maintained in a ``system 
of records.'' A ``system of records'' is a group of any records under 
the control of an agency from which information is retrieved by the 
name of an individual or by some identifying number, symbol, or other 
identifying particular assigned to the individual. In the Privacy Act, 
an individual is defined to encompass U.S. citizens and lawful 
permanent residents. Additionally, the Judicial Redress Act of 2015 
(JRA), 5 U.S.C. 552a note, provides citizens of designated foreign 
countries with certain rights of redress for intentional or willful 
disclosures of covered records, as defined by the JRA, except as 
otherwise permitted by the Privacy Act.
    Under the Privacy Act, 5 U.S.C. 552a, OMB receives requests from 
individuals for access to their own records or information pertaining 
to them, as well as requests from individuals to amend records 
pertaining to them, requests from individuals for notification if a 
record pertains to them, or requests from individuals for an accounting 
of disclosures of records pertaining to them. OMB's Privacy Act 
Procedures can be found at 5 CFR 1302.

III. Freedom of Information Act

    The FOIA provides a right of access to certain records and 
information Federal agencies maintain and control. Any agency, upon any 
request for records which (i) reasonably describes such records and 
(ii) is made in accordance with published rules stating the time, 
place, fees (if any), and procedures to be followed, shall make the 
records promptly available to any person. The FOIA does not apply to 
information that satisfies one of nine exemptions under 5 U.S.C. 
552(b), unless disclosure is warranted under the foreseeable harm 
standard. Additionally, any reasonably segregable portion of a record 
shall be provided after deletion of the portions which are exempt under 
5 U.S.C. 552(b).
    Under the FOIA, 5 U.S.C. 552, OMB receives requests for records 
from ``any person'' within the meaning of the statute. OMB makes 
available records in accordance with OMB's FOIA Procedures which can be 
found at 5 CFR 1303.

IV. Other Agencies

    OMB also engages in inter-agency consultations of these requests 
when necessary to comply with OMB's legal obligations under FOIA and 
the Privacy Act. Inter-agency consultations include requests for 
consultation between OMB and other agencies and entities, which include 
requests for consultation from other agencies to OMB and from OMB to 
other agencies and entities.
    In accordance with 5 U.S.C. 552a(r), OMB has provided a report of 
this system of records to OMB and to Congress.
    Below is the description of the OMB FOIA/PA Requests System.

SYSTEM NAME AND NUMBER:
    OMB Freedom of Information Act and Privacy Act Requests System of 
Records, OMB/FOIAPA/01.

SECURITY CLASSIFICATION:
    The system may contain classified information, but only to the 
extent the FOIA or Privacy Act request requires review of classified 
information. Any classified information will be maintained on systems 
rated to store such information, in accordance with E.O. 12958, 60 FR 
19825 (Apr. 20, 1995) and applicable executive order(s) governing 
classified information, 32 CFR 2001, and 5 CFR 1312.

SYSTEM LOCATION:
    Records are maintained at OMB, 725 17th Street NW, Washington, DC 
20503.

SYSTEM MANAGER(S):
    OMB FOIA Officer, 725 17th Street NW, Washington, DC; 
[email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Freedom of Information Act, 5 U.S.C. 552; Privacy Act, 5 U.S.C. 
552a; 44 U.S.C. 3101; 5 U.S.C. 301; and E.O. 12598 and applicable 
executive order(s) governing classified information.

PURPOSE(S) OF THE SYSTEM:
    OMB receives requests pursuant to FOIA and the Privacy Act, 
including inter-agency consultations. OMB also adjudicates 
administrative appeals and handles litigation relating to these 
requests. The purpose of this system of records is:
    --To fulfill obligations under the FOIA, and related policy and 
guidance, and to assist other agencies in doing the same.
    --To fulfill obligations under the Privacy Act, and related policy 
and guidance, and to assist other agencies in doing the same.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system includes all individuals who submit FOIA or Privacy Act 
requests and administrative appeals to OMB; individuals whose requests 
for records have been referred to OMB by other agencies or entities; 
attorneys or other persons representing individuals submitting such 
requests and appeals; individuals who are the subject of such requests 
and appeals or whose information may appear in records required for 
processing requests and appeals; and individuals who file litigation 
based on their requests.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system includes records created, compiled, or received in 
response to FOIA and Privacy Act requests and administrative appeals 
and includes: The original requests and administrative appeals; 
responses to such requests and administrative appeals; all related 
memoranda, correspondence, notes, and other related or supporting 
documentation; and, in some instances, copies of requested records and 
records under administrative appeal.

RECORD SOURCE CATEGORIES:
    OMB receives records from members of the public, including 
representatives of Federal, State, or local governments, non-government 
organizations, and the private sector, as well as from other federal 
agencies and entities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under the 
Privacy Act, 5 U.S.C. 552a(b), all or a portion of the records or 
information contained therein may be disclosed outside of OMB as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To a federal, state, local, tribal, or foreign agency or entity 
for the purpose of consulting with that agency or entity to enable OMB 
to make a determination as to the propriety of access to, accounting 
of, or amendment of information, or for the purpose of verifying the 
identity of an individual or the accuracy of information submitted by 
an individual who has requested access to, accounting of, or amendment 
of information.

[[Page 77367]]

    B. To any agency or entity that furnished the record or information 
for the purpose of permitting that agency or entity to make a decision 
as to access to or amendment of the record or information, or to a 
federal agency or entity for purposes of providing guidance or advice 
regarding the handling of particular requests.
    C. To a submitter or subject of a record or information in order to 
obtain assistance to OMB in making a determination as to access, 
amendment, or accounting.
    D. To appropriate agencies and entities, for the purpose of 
resolving an inquiry regarding compliance with the Freedom of 
Information Act.
    E. To the Department of Justice (DOJ) when any of the following is 
a party to litigation before any court, adjudicative, or administrative 
body or has an interest in such litigation, and the use of such records 
by DOJ is deemed by OMB to be relevant and necessary to the litigation:
    (1) OMB, or any component thereof;
    (2) any employee or former employee of OMB in the employee's 
official capacity;
    (3) any employee or former of employee of OMB in the employee's 
individual capacity where DOJ has agreed to represent the employee; or
    (4) a Federal agency, a Federal entity, a Federal official, or the 
United States, where OMB determines that litigation is likely to affect 
OMB or any of its components.
    F. In a proceeding before a court or adjudicative body before which 
OMB is authorized to appear, when OMB determines that the records are 
relevant and necessary to the litigation; or in an appropriate 
proceeding before an administrative or adjudicative body when the 
adjudicator determines the records to be relevant to the proceeding.
    G. To a congressional office in response to an inquiry from that 
congressional office made at the request of the individual to whom the 
record pertains.
    H. To any agency or organization for the purpose of performing 
audit or oversight operations as authorized by law, but only such 
information as is necessary and relevant to such audit or oversight 
function.
    I. To the National Archives and Records Administration (NARA) for 
purposes of records management and mail processing inspections 
conducted under the authority of 44 U.S.C. 2904 and 2906.
    J. To NARA, Office of Government Information Services (OGIS), to 
the extent necessary to fulfil its responsibilities in 5 U.S.C. 552(h), 
to review administrative agency policies, procedures, and compliance 
with the Freedom of Information Act, and to facilitate OGIS' offering 
of mediation services to resolve disputes between persons making FOIA 
requests and administrative agencies.
    K. To appropriate officials and employees of a federal agency or 
entity when the information is relevant to a decision concerning the 
hiring, appointment, or retention of an employee; the assignment, 
detail, or deployment of an employee; the issuance, renewal, 
suspension, or revocation of a security clearance; the execution of a 
security or suitability investigation; the letting of a contract; or 
the issuance of a grant or benefit.
    L. To appropriate agencies, entities, and persons when
    (1) OMB suspects or has confirmed that there has been a breach of 
the system of records;
    (2) OMB has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, OMB (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and
    (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with OMB's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    M. To another Federal agency or Federal entity, when OMB determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in
    (1) responding to a suspected or confirmed breach; or
    (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    N. Where a record, either alone or in conjunction with other 
information, indicates a violation or potential violation of law--
criminal, civil, or regulatory in nature--the relevant records may be 
referred to the appropriate Federal, state, local, territorial, tribal, 
international, or foreign law enforcement authority or other 
appropriate entity charged with the responsibility for investigating or 
prosecuting such violation or charged with enforcing or implementing 
such law.
    O. To contractors and their agents, grantees, experts, consultants, 
students, and others performing or working on a contract, service, 
grant, cooperative agreement, or other assignment for OMB, when 
necessary to accomplish an agency function related to this system of 
records. Individuals provided information under this routine use are 
subject to the same requirements and limitations on disclosure as are 
applicable to OMB officers and employees.
    P. To such recipients and under such circumstances and procedures 
as are mandated by Federal statute or treaty.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system are stored in electronic or paper form in 
secure facilities. The records may be stored on magnetic disc, tape, 
and digital media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by full-text search or by individuals' 
FOIA/PA case number, name, title, or organization.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    These records will be retired and destroyed in accordance with 
published records schedules of the Office of Management and Budget and 
the General Records Schedules as approved by NARA.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    All electronic records are maintained in secure systems which 
require multi-factor authentication and that use security hardware and 
software to include multiple firewalls, encryption, identification, and 
authentication of users. All security controls are reviewed on a 
periodic basis by external assessors. The controls themselves include 
measures for access control, security awareness training, audits, 
configuration management, contingency planning, incident response, and 
maintenance. Access to the information technology systems containing 
the records in this system is limited to those individuals who need the 
information for the performance of their official duties and who have 
appropriate clearances or permissions.

RECORD ACCESS PROCEDURES:
    Individuals' requests for access to records in this system of 
records may be sent to OMB's Privacy Officer, by mail to Office of 
Management and Budget, 725 17th Street NW, Room 9268, Washington, DC 
20503, or by email to [email protected], and should be made in 
accordance with OMB's Privacy Act Procedures which can be found at 5 
CFR 1302.

[[Page 77368]]

CONTESTING RECORD PROCEDURES:
    Individuals' requests for amendment of a record in this system of 
records may be sent to OMB's Privacy Officer, by mail to Office of 
Management and Budget, 725 17th Street NW, Room 9268, Washington, DC 
20503, or by email to [email protected], and should be made in 
accordance with OMB's Privacy Act Procedures, which can be found at 5 
CFR 1302.

NOTIFICATION PROCEDURES:
    Individuals' requests for notification as to whether this system of 
records contains a record pertaining to them may be sent to OMB's 
Privacy Officer, by mail to Office of Management and Budget, 725 17th 
Street NW, Room 9268, Washington, DC 20503, or by email to 
[email protected], and should be made in accordance with OMB's Privacy 
Act Procedures, which can be found at 5 CFR 1302.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    During the course of a FOIA or a PA action, exempt materials from 
other systems of records may in turn become part of the case records in 
this system. To the extent that copies of exempt records from those 
other systems of records are maintained in the OMB FOIA/PA Requests 
System, OMB hereby claims the same exemptions for the records from 
those other systems that are entered into this system, as claimed for 
the original primary systems of records of which they are a part.

HISTORY:
    None.

Shraddha A. Upadhyaya,
Senior Agency Official for Privacy, Office of Management and Budget.
[FR Doc. 2023-24692 Filed 11-8-23; 8:45 am]
BILLING CODE 3110-01-P