[Federal Register Volume 88, Number 219 (Wednesday, November 15, 2023)]
[Notices]
[Pages 78292-78294]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-25194]


=======================================================================
-----------------------------------------------------------------------

ARCHITECTURAL AND TRANSPORTATION BARRIERS COMPLIANCE BOARD


Privacy Act of 1974; System of Records

AGENCY: Architectural and Transportation Barriers Compliance Board.

ACTION: Notice; proposed new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended, the 
Architectural and Transportation Barriers Compliance Board (Access 
Board or Board) gives notice of the establishment of a new Privacy Act 
System of Records, entitled, ``USAB.002--Complaint Tracking System''. 
This system of records covers records related to the investigation and 
adjudication of complaints filed with the agency alleging violations of 
the Architectural Barriers Act.

DATES: This Notice is effective on publication, with the exception of 
the routine uses. The routine uses will be effective 30 days after 
publication, unless comments are received that dictate otherwise. 
Written comments should be submitted December 15, 2023.

ADDRESSES: You may submit comments on this notice by any of the 
following methods:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Email: board.gov">privacy@access-board.gov.
     Mail: Office of General Counsel, U.S. Access Board, 1331 F 
Street NW, Suite 1000, Washington, DC 20004-1111.
    Instructions: All comments received will be posted without change 
to http://www.regulations.gov, including any personal information 
provided.

FOR FURTHER INFORMATION CONTACT: Wendy Marshall, Attorney-Advisor and 
Privacy Officer, (202) 272-0043, board.gov">marshall@access-board.gov.

SUPPLEMENTARY INFORMATION: The Access Board is publishing this notice 
to inform the public of the creation of a new system of records 
relating to the investigation and adjudication of complaints filed with 
the agency alleging violations of the Architectural Barriers Act of 
1968 (ABA). The ABA requires that buildings or facilities that were 
constructed or altered by or on behalf of the United States, or leased 
or financed in whole or in part by the United States, after August 12, 
1968, be accessible to individuals with disabilities. The Access Board 
enforces the ABA through the investigation of complaints filed by 
members of the public or federal employees. See 29 U.S.C. 792(b)(1). 
Complaints may be submitted by any person and may be filed anonymously. 
Once a complaint is filed, it is electronically entered into the 
agency's complaint tracking system and the Board investigates the 
complaint according to the procedures in 36 CFR part 1150. Complainants 
who choose to provide their contact information (name, phone number, 
email address, and/or physical mailing address), will be kept up to 
date on the status of the investigation and any corrective action taken 
by the agency or department in question. In the past, this information 
was not considered to be kept in a system of records, because while the 
contact information was contained within the complaint system, 
individual complaints were not pulled by an identifier related to the 
complainant. The Board recently updated to a new platform for this 
system and now believes it necessary to establish this system as a 
system of records, so that on occasion the compliance specialist can 
pull specific complaints by complainant name or email address. This 
will not change the processing of the complaint and complaints can 
still be filed anonymously or complainants can choose which personally 
identifying information to provide, such as just their name and email.

SYSTEM NAME:
    USAB.002--Complaint Tracking System.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    U.S. Access Board, 1331 F Street NW, Suite 1000, Washington, DC 
20004.

SYSTEM MANAGER:
    Senior Compliance Specialist, U.S. Access Board, 1331 F Street NW, 
Suite 1000, Washington, DC 20004.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    29 U.S.C. 792(b)(1); 42 U.S.C. 4151 et seq.; 36 CFR 1150; and 36 
CFR 1191.

PURPOSE(S) OF THE SYSTEM:
    This system of records supports the receipt and investigation of 
complaints alleging violations of the ABA, to

[[Page 78293]]

monitor the progress of any corrective action in response to such 
complaints, and to ensure the Access Board can communicate with 
complainants throughout the investigative process who choose to provide 
identifying information. Additionally, this record system tracks and 
reports the number of complaints received, the current status of active 
complaints, and the disposition of complaints. However, these reports 
do not include any personally identifiable information.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system include any individual that 
chooses to file a complaint alleging a violation of the ABA with the 
Board and to provide personally identifiable information with that 
complaint.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Name, email address, physical address, and phone number of 
individual filing complaint; any additional information about the 
complainant, including potentially the nature of the individual's 
disability, provided by the complainant relating to the filing of the 
complaint; communications between the complainant and the compliance 
specialist regarding the complaint; communications between the 
compliance specialist and the agency in charge of the facility or 
building regarding the complaint and any corrective action to be taken.

RECORD SOURCE CATEGORIES:
    Records in the system are obtained from individual members of the 
public or employees of federal agencies who file a complaint, agency 
officials from the Federal agency that manages the building or facility 
named in the complaint, and the compliance specialist who processes and 
investigates the complaint.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    The identity of the complainant may only be disclosed with written 
authorization, as required in 36 CFR 1150.12(b). The routine uses of 
the records maintained in the Complaint Tracking System include, in 
addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, disclosures outside the agency as a routine 
use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. Disclosure to a Federal Agency--To disclose information to a 
Federal agency for the purpose of investigation and informal or formal 
resolution of the alleged violation of the ABA or if requested by 
another Federal agency pursuant to an administrative, civil, or 
criminal legal proceeding in which the Federal agency is a party.
    2. Contractors, Experts, and Consultants--To contractors, experts, 
consultants, and the agents thereof, and others performing or working 
on a contract, service, cooperative agreement, or other assignment for 
the Access Board when necessary to accomplish an agency function. 
Individuals provided information under this routine use are subject to 
the same Privacy Act requirements and limitations on disclosure as 
Access Board employees.
    3. Congressional Inquiries--A record from this system of records 
may be disclosed to a congressional office from the record of an 
individual in response to an inquiry from the congressional office made 
at the request of the individual.
    4. Law Enforcement--In the event that a system of records 
maintained by the Access Board to carry out its functions indicates a 
violation or potential violation of law, whether criminal, civil, or 
regulatory in nature, and whether arising by general statute or 
particular program pursuant thereto, the relevant records in the system 
of records may be disclosed to the appropriate agency, whether Federal, 
state, local, or foreign, charged with the responsibility of 
investigating or prosecuting such violation or charged with enforcing 
or implementing the statute, or rule, regulation, or order issued 
pursuant thereto.
    5. Disclosure in Litigation--A record from this system of records 
may be disclosed in a proceeding before a court or other adjudicative 
body in which the Access Board, an employee of the Access Board in his 
or her official capacity, or an employee of the Access Board in his or 
her individual capacity if the Access Board (or the Department of 
Justice (``DOJ'')) has agreed to represent him or her is a party, or 
the United States or any other Federal agency is a party and the Access 
Board determines that it has an interest in the proceeding, if the 
Access Board determines that the record is relevant to the proceeding 
and that the use is compatible with the purpose for which the Access 
Board collected the information.
    6. Disclosure to the Department of Justice in Litigation--When the 
Access Board, an employee of the Access Board in his or her official 
capacity, or an employee of the Access Board in his or her individual 
capacity whom the Access Board has agreed to represent is a party to a 
proceeding before a court or other adjudicative body, or the United 
States or any other Federal agency is a party and the Access Board 
determines that it has an interest in the proceeding, a record from 
this system of records may be disclosed to the DOJ if the Access Board 
is consulting with the DOJ regarding the proceeding or has decided that 
the DOJ will represent the Access Board, or its interest, in the 
proceeding and the Access Board determines that the record is relevant 
to the proceeding and that the use is compatible with the purpose for 
which the Access Board collected the information.
    7. Disclosure in Response to a Federal Data Breach--A record from 
this system of records may be disclosed to appropriate agencies, 
entities, and persons when (1) the Access Board suspects or has 
confirmed that there has been a breach of the system of records; (2) 
the Access Board has determined that, as a result of the suspected or 
confirmed breach, there is a risk of harm to individuals, the Board 
(including its information systems, operations, and programs), the 
Federal government or national security; and (3) the disclosure made to 
such agencies, entities, and persons is reasonably necessary to assist 
in connection with the Access Board's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    8. Records Management--To the National Archives and Records 
Administration or to the General Services Administration for records 
management inspections conducted under 44 U.S.C. 2904 and 2906.
    9. Assistance to Federal Agencies and Entities--To another Federal 
agency or Federal entity, when the Board determines that information 
from this system is reasonably necessary to assist the recipient agency 
or entity in: (a) Responding to a suspected or confirmed breach or (b) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
program, and operations), the Federal Government, or national security, 
resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system consist of electronic records. Electronic 
records are maintained within a restricted access system, namely the 
Board's Complaint Tracking System. Access is limited to the system 
owner(s) and other agency personnel who have an official need for 
access to perform their duties (e.g., contractor who manages the system 
and compliance staff). Access

[[Page 78294]]

Board policy requires new employees to read and acknowledge the rules 
of behavior applicable to all agency information technology systems 
(including appropriate protection and handling of personally 
identifiable information) before getting access to these systems and 
complete annual cybersecurity awareness training.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are routinely retrieved by Access Board complaint number or 
the name of the facility to which a complaint relates. Records can also 
be retrieved by a variety of other fields, including the name and/or 
email address of the complainant, while this is not the routine method 
of retrieval, it is available for use by the compliance specialist, 
when needed.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Electronic records are retained in accordance with the Access Board 
File Plan 500- Complaint Files, which prescribes a three-year retention 
period. For administrative program files, the retention period dates 
from file supersession. For these records, five years after the closure 
of the complaint the files are transferred to Washington National 
Records Center (WNRC). Ten years after closure, these records are 
eligible for destruction, electronic records are securely destroyed or 
erased using methods prescribed by the National Institute of Standards 
and Technology.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access to system records is restricted to authorized Access Board 
personnel who are system owners or have an official need to access such 
records to perform their duties. Electronic records are stored in a 
restricted-access separate system. Access to electronic records is 
controlled by technical safeguards through assignment of system roles 
and permissions, secure log-ins, multi-factor authentication, time-out 
features, firewalls, and cybersecurity monitoring systems. Access Board 
policy also requires all emails, email strings, and attachments that 
contain sensitive personally identifiable information to be protected 
by encryption or password protection before transmission, absent 
express waiver from an agency privacy officer.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to, or notification of, any record 
contained in this system of records, or seeking to contest its content, 
may inquire in writing in accordance with instructions appearing in the 
Access Board's Privacy Act Implementation rule, 36 CFR part 1121, which 
also appear on the Access Board's website at www.access-board.gov/privacy.

CONTESTING RECORD PROCEDURES:
    See ``Record Access Procedures,'' above.

NOTIFICATION PROCEDURE:
    See ``Record Access Procedures,'' above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Christopher Kuczynski,
Senior Agency Official for Privacy, General Counsel.
[FR Doc. 2023-25194 Filed 11-14-23; 8:45 am]
BILLING CODE 8150-01-P