[Federal Register Volume 89, Number 5 (Monday, January 8, 2024)]
[Notices]
[Pages 918-920]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-00104]


=======================================================================
-----------------------------------------------------------------------

FEDERAL LABOR RELATIONS AUTHORITY


Privacy Act of 1974; System of Records

AGENCY: Federal Labor Relations Authority.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Federal Labor 
Relations Authority (FLRA) is issuing public notice of an intent to 
introduce a new system of records entitled, ``Privacy Act Requests and 
Appeals.'' This notice publishes details of the new system as set forth 
below.

DATES: This notice action shall be applicable immediately, which will 
become effective February 7, 2024.
    Comments will be accepted on or before: February 7, 2024.

ADDRESSES: You may send comments, which must include the caption ``SORN 
Notice (Privacy Act),'' by one of the following methods:
    Email: [email protected]. Include ``SORN Notice (Privacy Act)'' in 
the subject line of the message.
    Mail: Thomas Tso, Senior Agency Official for Privacy, Federal Labor 
Relations Authority, 1400 K Street NW, Washington, DC 20424-0001.
    Instructions: Do not mail written comments if they have been 
submitted via email. Interested persons who mail written comments must 
submit an original and 4 copies of each written comment, with any 
enclosures, on 8\1/2\ x 11 inch paper. Do not deliver comments by hand.

FOR FURTHER INFORMATION CONTACT: If you have any questions, please 
contact Thomas Tso, Solicitor, Senior Agency Official for Privacy, at 
(771) 444-5779.

SUPPLEMENTARY INFORMATION:  The Privacy Act of 1974 requires that each 
agency publish notice of all the systems of records that it maintains. 
This document proposes the introduction of a new system of records. The 
``Freedom of Information Act Request and Appeal Files'' is the system 
that the FLRA uses to provide the public with a single location to 
submit and track Freedom of Information Act (FOIA) and related requests 
and appeals filed with the FLRA. The FLRA had used this single system 
to track Privacy Act requests, which are often combined with FOIA 
requests, see 82 FR 49813 (October 27, 2017). Other agencies have also 
treated Privacy Act and FOIA requests as a singular system of records. 
E.g., Department of Treasury, Freedom of Information Act/Privacy Act 
Request Records, 81 FR 78266 (Nov. 7, 2016).
    The FLRA now proposes a new system of records, titled ``Privacy Act 
Requests and Appeals,'' to separate Privacy Act request records as an 
independent system of records. Pursuant to the Creating Advanced 
Streamlined Electronic Services for Constituents Act of 2019 (``CASES 
Act''), Public Law 116-50, 133 Stat. 1073 (2019), the Office of 
Management and Budget's M-21-04, ``Modernizing Access to and Consent 
for Disclosure of Records Subject to the Privacy Act,'' asks agencies 
to ``provide a digital service option to ensure that individuals have 
the ability to digitally request access to or consent to disclosure of 
their records'' covered by the Privacy Act. M-21-04 also asks agencies 
to ``review SORNs governing systems of records that include Privacy Act 
requests for access to and consent to disclosure of records, and, if 
necessary, modify those SORNs, as well.'' The FLRA determined that a 
separate system

[[Page 919]]

of records should be used to track the documents generated by requests 
under the Privacy Act, which may include different information or use 
different forms than requests under FOIA.

SYSTEM NAME AND NUMBER:
    Privacy Act Request and Appeal Files, FLRA/Internal-18.

SECURITY CLASSIFICATION:
    Not applicable.

SYSTEM LOCATION:
    FLRA Headquarters, Office of the Solicitor.

SYSTEM MANAGER(S):
    Senior Agency Official for Privacy, Office of the Solicitor, 
Federal Labor Relations Authority, 1400 K St. NW, Washington, DC 20424.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Privacy Act, 5 U.S.C. 552a.

PURPOSE(S) OF THE SYSTEM:
    To provide the public with portals to submit and track Privacy Act 
requests and appeals filed with the FLRA and to manage internal Privacy 
Act administration activities.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    All persons requesting information or filing appeals under the 
Privacy Act.

CATEGORIES OF RECORDS IN THE SYSTEM:
    A copy of each Privacy Act request received by the FLRA and a copy 
of all correspondence related to the request, including the requesters' 
names, mailing addresses, email addresses, phone numbers, Social 
Security Numbers, birth certificates, evidence of guardianship or 
parentage, dates of birth, any aliases used by the requesters, alien 
numbers assigned to travelers crossing national borders, requesters' 
parents' names, user names and passwords for registered users, Privacy 
Act tracking numbers, dates requests are submitted and received, 
related appeals, and agency responses. Records also include 
communications with requesters, internal Privacy Act administrative 
documents (e.g., billing invoices) and responsive records.

RECORD SOURCE CATEGORIES:
    Information in this system of records is provided by FLRA employees 
and Privacy Act requesters.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to the disclosure generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information in these 
records may be used pursuant to 5 U.S.C. 552a(b)(3):
    a. To disclose pertinent information to the appropriate Federal, 
State, or local agency responsible for investigating, prosecuting, 
enforcing, or implementing a statute, rule, regulation, or order, when 
the FLRA becomes aware of an indication of a violation or potential 
violation of civil or criminal law or regulation.
    b. To provide information to a congressional office from the record 
of an individual in response to an inquiry from that congressional 
office made at the request of that individual.
    c. In an appropriate proceeding before a court, grand jury, or 
administrative or adjudicative body, when the FLRA determines that the 
records are arguably relevant to the proceeding, or in an appropriate 
proceeding before an administrative or adjudicative body when the 
adjudicator determines the records to be relevant to the proceeding.
    d. To a Federal, State, local, or foreign agency or entity for the 
purpose of consulting with that agency or entity to enable the FLRA to 
make a determination as to the propriety of access to or correction of 
information, or for the purpose of verifying the identity of an 
individual or the accuracy of information submitted by an individual 
who has requested access to or amendment of information.
    e. To a Federal agency or entity that furnished the record or 
information for the purpose of permitting that agency or entity to make 
a decision as to access to or correction of the record or information, 
or to a Federal agency or entity for purposes of providing guidance or 
advice regarding the handling of particular requests.
    f. To a submitter or subject of a record or information in order to 
obtain assistance to the FLRA in making a determination as to access or 
amendment.
    g. To a Member of Congress or staff acting upon the Member's behalf 
when the Member or staff requests the information on behalf of, and at 
the request of, the individual who is the subject of the record.
    h. To disclose information to the National Archives and Records 
Administration, the Office of Government Information Services (OGIS), 
only when there is overlap between Privacy Act and FOIA requests, to 
the extent necessary to fulfill its responsibilities in 5 U.S.C. 
552(h), to review administrative agency policies, procedures and 
compliance with FOIA, and to facilitate OGIS's offering of mediation 
services to resolve disputes between persons making FOIA requests and 
administrative agencies.
    i. To appropriate agencies, entities, and persons when (1) the FLRA 
suspects or has confirmed that there has been a breach of the system of 
records; (2) the FLRA has determined that as a result of the suspected 
or confirmed breach there is a risk of harm to individuals, the FLRA 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the FLRA's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    j. To another Federal agency or Federal entity, when the FLRA 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    k. To contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal Government, when 
necessary to accomplish an agency function related to this system of 
records.
    l. To such recipients and under such circumstances and procedures 
as are mandated by Federal statute, regulation, or treaty.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    All Privacy Act records are maintained in a secure, password-
protected FedRAMP-certified third-party cloud environment, which 
utilizes security hardware and software, including multiple firewalls, 
active intruder detection, and role-based accessed controls. Any paper 
records are stored in secure FLRA offices and/or lockable file 
cabinets. Given the common overlap between FOIA and Privacy Act 
requests, Privacy Act request records in this system may be maintained 
within a related FLRA system of records, ``Freedom of Information Act 
Request and Appeal Files, FLRA/Internal-17.''

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Requests are retrieved from the system by numerous data elements 
and

[[Page 920]]

key word searches, including name, agency, dates, subject, Privacy Act 
request tracking number, and other information retrievable with full-
text searching capability.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Privacy Act records are maintained for three years or longer, in 
accordance with item 001 of General Records Schedule 4.2, as approved 
by the Archivist of the United States. Disposal is by shredding and/or 
by deletion of the electronic record.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Computer records are maintained in a secure, password-protected 
computer system. Paper records are maintained in secure offices or 
lockable file cabinets. All records are maintained in secure, access-
controlled areas or buildings.

RECORD ACCESS PROCEDURES:
    Individuals wishing access to records about them should contact the 
System Manager. Individuals must furnish the following information for 
their records to be located and identified:
    a. Full name.
    b. Approximate date of the Privacy Act request or appeal.
    Individuals requesting access must comply with the FLRA's Privacy 
Act regulations regarding access to records (5 CFR 2412).

CONTESTING RECORD PROCEDURES:
    Individuals wishing to request amendment of records about them 
should contact the System Manager. Individuals must furnish the 
following information for their records to be located and identified:
    a. Full name.
    b. Approximate date of the Privacy Act request or appeal.
    Individuals requesting amendment must follow the FLRA's Privacy Act 
regulations regarding amendment of records (5 CFR 2412).

NOTIFICATION PROCEDURES:
    Individuals wishing to determine whether this system of records 
contains information about them should contact the System Manager. 
Individuals must furnish the following for their records to be located 
and identified:
    a. Full name.
    b. Approximate date of the Privacy Act request or appeal.
    Individuals making inquiries must comply with the FLRA's Privacy 
Act regulations regarding the existence of records (5 CFR 2412).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

    Approved: January 3, 2024.
Thomas Tso,
Solicitor and Senior Agency Official for Privacy, Federal Labor 
Relations Authority.
[FR Doc. 2024-00104 Filed 1-5-24; 8:45 am]
BILLING CODE 7627-01-P