[Federal Register Volume 89, Number 31 (Wednesday, February 14, 2024)]
[Notices]
[Pages 11281-11283]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-03007]


-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

[Notice-IE-2024-02; Docket No. 2024-002; Sequence No. 6]


Privacy Act of 1974; System of Records

AGENCY: General Services Administration (GSA).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: GSA reviewed its Privacy Act systems to ensure that they are 
relevant, necessary, accurate, up-to-date, covered by the appropriate 
legal or regulatory authority, and in response to OMB M-07-16. This 
notice is a compilation of the updated Privacy Act system of record 
notices.

DATES: This system of records will go into effect without further 
notice on March 15, 2024 unless otherwise revised pursuant to comments 
received.

ADDRESSES: Comments may be submitted to the Federal eRulemaking Portal, 
http://www.regulations.gov. Submit comments by searching for ``GSA/OAP-
3'', Notice of Revised System of Records.
    Comments may also be submitted by mail at, General Services 
Administration, Regulatory Secretariat Division (MVCB), 1800 F Street 
NW, Washington, DC 20405.

FOR FURTHER INFORMATION CONTACT: Call or email Richard Speidel, Chief 
Privacy Officer at 202-969-5830 and [email protected].

SUPPLEMENTARY INFORMATION: GSA proposes to modify a system of records 
subject to the Privacy Act of 1974, 5 U.S.C. 552a, to update its 
routine uses pertaining to breach notification and to coordinate with 
the Office of the Inspector General when conducting an audit. GSA is 
also making technical changes to GSA/OAP-3 consistent with OMB Circular 
No. A-108. Accordingly, GSA has made technical corrections and non-
substantive language revisions to the following sections: ``Policies 
and Practices for Storage of Records,'' ``Policies and Practices for 
Retrieval of Records,'' ``Policies and Practices for Retention and 
Disposal of Records,'' ``Administrative, Technical and Physical 
Safeguards,'' ``Record Access Procedures,'' ``Contesting Record 
Procedures,'' and ``Notification Procedures.'' GSA has also created the 
following new sections: ``Security Classification'' and ``History.''

SYSTEM NAME:
    Federal Procurement Data System (FPDS).

SYSTEM NUMBER:
    GSA/OAP-3.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    GSA Privacy Act Officer, General Services Administration, 1800 F 
Street NW, Washington, DC 20405.

SYSTEM MANAGER(S):
    Arda Odabasio, System Owner--General Services Administration, 1800 
F Street NW, Washington, DC 20405.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Public Law 93-400 Office of Federal Procurement Policy Act, as 
amended; 41 U.S.C. 405, 417, and 1122(a)(4)(A).

PURPOSE(S) OF THE SYSTEM:
    To establish and maintain a system for assembling, organizing, and 
presenting contract procurement data for the Federal Government and the 
public sector.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    FPDS includes information on individuals who are sole proprietors 
who have or had contracts with the Federal Government. Those 
individuals include government users and public users. Authentication 
of Government and Public users are provided by Login.gov which 
maintains all the related user information.
    For both public and government users, valid email-identification is 
maintained in the FPDS system to authorize the access control list 
within FPDS.
    For System Users, only System ID and valid Government Agency POC 
details are maintained.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system collects, processes, and maintains official statistical 
data on Federal contracting, including:
    a. Information on individual federal contractors that may include 
name, and Unique Entity Identifier (UEI).
    FPDS receives and displays/shares UEI and Contractor Name details. 
The Taxpayer Identification Number (TIN) is not used anywhere in the 
FPDS system. Rather, FPDS receives the TIN from SAM and extracts it, 
but it is not used anywhere else in the FPDS application.
    b. Contracts that are unclassified but may be considered sensitive 
due to insight they may provide into federal government activities in 
conjunction with data from other federal contracts.

RECORD SOURCE CATEGORIES:
    Information is obtained from federal agencies who report federal 
contracts after award according to the reporting requirements included 
in the Federal Acquisition Regulation Subpart 4.6--Contract Reporting. 
These records may contain the names of individuals, their Unique Entity 
Identifier (UEI), and TIN.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed to authorized 
entities, as is determined to be relevant and necessary, outside GSA as 
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    a. In any legal proceeding, where pertinent, to which GSA is a 
party before a court or administrative body.
    b. To a Federal, State, local, or foreign agency responsible for 
investigating, prosecuting, enforcing, or carrying out a statute, rule, 
regulation, or order when GSA becomes aware of a violation or potential 
violation of civil or criminal law or regulation.
    c. To an authorized appeal or grievance examiner, formal complaints 
examiner, equal employment opportunity investigator, arbitrator, or 
other duly authorized official engaged in investigation or settlement 
of a grievance, complaint, or appeal filed by

[[Page 11282]]

an individual to whom the information pertains.
    d. To the Office of Management and Budget (OMB) and the Government 
Accountability Office (GAO) in accordance with their responsibilities 
for evaluating Federal programs.
    e. To a Member of Congress or his or her staff on behalf of and at 
the request of the individual who is the subject of the record.
    f. To authorized officials of the agency that provided the 
information for inclusion in the system.
    g. To an expert, consultant, or contractor in the performance of a 
Federal duty to which the information is relevant.
    h. To provide recurring or special reports to the President, 
Congress, the Government Accountability Office, Federal Executive 
agencies, and the general public.
    i. As a means of measuring and assessing the impact of Federal 
contracting on the nation's economy and the extent to which small, 
veteran-owned small, service-disabled veteran-owned small, HUBZone 
small, small disadvantaged and woman-owned small business concerns are 
sharing in Federal contracts.
    j. To provide information for policy and management control 
purposes.
    k. To appropriate agencies, entities, and persons when (1) the 
Agency suspects or has confirmed that the security or confidentiality 
of information in the system of records has been compromised; (2) the 
Agency has determined that as a result of the suspected or confirmed 
compromise there is a risk of harm to economic or property interests, 
identity theft or fraud, or harm to the security or integrity of this 
system or other systems or programs (whether maintained by GSA or 
another agency or entity) that rely upon the compromised information; 
and (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with GSA's efforts to 
respond to the suspected or confirmed compromise and prevent, minimize, 
or remedy such harm.
    l. To another Federal agency or Federal entity, when GSA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    m. To agencies, to compare such records to other agencies' systems 
of records or to non-Federal records, in coordination with an Office of 
Inspector General (OIG) in conducting an audit, investigation, 
inspection, evaluation, or some other review as authorized by the 
Inspector General Act.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Information may be collected electronically and may be stored on 
electronic media, as appropriate. Electronic records are kept on server 
hard drives and electronic backup devices.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrievable by a variety of fields, the key for 
individual records being the unique Procurement Instrument Identifier 
(PIID).

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system are used to generate annual reports that are 
sent to Congress and posted publicly. This compiled annual report 
follows the following GSA records retention schedule:
    269.11/020 Annual Significant Reports And Studies.
    This series includes documents created in reporting on management 
improvement goals, progress reports, and accomplishments for GSA 
internal and external Governmentwide programs. Also included in this 
series are special studies conducted at the request of the Congress, 
the Office of Management and Budget (OMB), or the Office of Personnel 
Management (OMB), and the GSA Annual Report issued by the 
Administrator's Office and related records.
    Retention Instructions: Permanent. Cut off at the end of the fiscal 
year that the report has been issued. Transfer to NARA 15 years after 
cutoff.
    Legal Disposition Authority: DAA-0269-2016-0006-0003 (269.11/020).
    Date NARA Approved: 8/17/2018.
    Records accumulated from agencies are stored under the following 
schedule:
    GRS 05.2/020 Intermediary Records.
    Records that meet the following conditions:
     They exist for the sole purpose of creating a subsequent 
record and
     They are not required to meet legal or fiscal obligations, 
or to initiate, sustain, evaluate, or provide evidence of decision-
making.
    This includes certain analog and electronic source records for 
electronic systems that are not otherwise excluded. For specific 
examples, see the GRS 5.2 Frequently Asked Questions (FAQs).
    Exclusion: Source records that have been digitized. GRS 4.5, item 
010, covers these records.
    Note: The GRS provides disposition authority for copies of 
electronic records from one system that are used as source records to 
another system, for example an extracted data set. The GRS does not 
apply to either the originating system or the final system in which the 
final records reside. These systems must be disposed of per an agency-
specific schedule, or if appropriate, another GRS. It is possible that 
sometimes information is moved from one system to another without the 
creation of an intermediary copy.
    Retention Instructions: Temporary. Destroy upon creation or update 
of the final record, or when no longer needed for business use, 
whichever is later.
    Legal Disposition Authority: DAA-GRS-2022-0009-0002 (GRS 05.2/020)
    Date Approved by NARA: 6/30/2023.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    System records are safeguarded in accordance with the requirements 
of the Privacy Act, the Computer Security Act, and the FPDS System 
Security Plan. Technical, administrative, and personnel security 
measures are implemented to ensure confidentiality and integrity of the 
system data that is stored, processed, and transmitted. Electronic 
records are protected by passwords and other appropriate security 
measures.
    Data entry is limited to authorized users whose names and levels of 
access are maintained by federal agencies and the information is 
securely stored online. Unclassified but sensitive contract data in the 
system is restricted to those who have access within the federal 
agency. Agencies determine when their contract information may be made 
available for viewing by other agencies and the public.

RECORD ACCESS PROCEDURES:
    If an individual wishes to access any data or record pertaining to 
him or her in the system after it has been submitted, that individual 
should consult the GSA's Privacy Act implementation rules available at 
41 CFR part 105-64.2.

CONTESTING RECORD PROCEDURES:
    If an individual wishes to contest the content of any record 
pertaining to him or her in the system after it has been submitted, 
that individual should consult the GSA's Privacy Act

[[Page 11283]]

implementation rules available at 41 CFR part 105-64.4.

NOTIFICATION PROCEDURES:
    If an individual wishes to be notified at his or her request if the 
system contains a record pertaining to him or her after it has been 
submitted, that individual should consult the GSA's Privacy Act 
implementation rules available at 41 CFR part 105-64.4.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    This system was previously published in the Federal Register at 73 
FR 22388, April 24, 2008.

Richard Speidel,
Chief Privacy Officer, Office of the Deputy Chief Information Officer, 
General Services Administration.
[FR Doc. 2024-03007 Filed 2-13-24; 8:45 am]
BILLING CODE 6820-AB-P