[Federal Register Volume 89, Number 147 (Wednesday, July 31, 2024)]
[Notices]
[Pages 61425-61426]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-16845]



[[Page 61425]]

=======================================================================
-----------------------------------------------------------------------

GENERAL SERVICES ADMINISTRATION

[Notice-IE-2024-04; Docket No. 2024-0002; Sequence No. 33]


Privacy Act of 1974; System of Records

AGENCY: General Services Administration (GSA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, notice 
is given that the General Services Administration (GSA) proposes to 
establish a new system of records, entitled Events Management System, 
GSA/PBS-9. This system of records manages registration and attendance 
for virtual events and in-person events on GSA-managed properties.

DATES: Submit comments on or before August 30, 2024.

ADDRESSES: Comments may be submitted to the Federal eRulemaking Portal, 
http://www.regulations.gov. Submit comments by searching for GSA/PBS-9, 
Events Management System.

FOR FURTHER INFORMATION CONTACT: Call or email Richard Speidel, Chief 
Privacy Officer at 202-969-5830 and [email protected].

SUPPLEMENTARY INFORMATION: GSA proposes to establish a system of 
records subject to the Privacy Act of 1974, 5 U.S.C. 552a, to manage 
the personal information provided by visitors to GSA properties in 
connection with scheduled events.

SYSTEM NAME AND NUMBER:
    Events Management System, GSA/PBS-9.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained in an electronic form on a Software as a 
Service (SaaS) platform under contract to GSA.

SYSTEM MANAGER(S):
    Regional Fine Arts Officer, National Capital Region, Public 
Buildings Service, General Services Administration, 1800 F Street NW, 
Washington, DC 20405.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The E-Government Act of 2002 (Pub. L. 107-347, 44 U.S.C. 3601 n.); 
The Paperwork Reduction Act of 1995 (Pub. L. 104-13, 44 U.S.C. 3501).

PURPOSE(S) OF THE SYSTEM:
    The purpose of the system is to collect information about event 
attendees that can be used to access virtual events or federal 
government properties for in-person events. This information is only 
used for a single event and then archived in accordance with the 
appropriate records retention schedule.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The system of records includes members of the public who register 
to attend an event held by GSA (in-person or virtual). The system also 
includes federal employees of other agencies, federal contractors, or 
others who may register for an event.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Name, email address, affiliation, minor status, and country of 
citizenship. After registration, individuals may be asked if 
accommodations are necessary and individuals may disclose additional 
information in order to obtain such accommodations. As this is a free 
response, individuals provide what information they believe is 
necessary to obtain accommodations.

RECORD SOURCE CATEGORIES:
    The source for information in the system is the individuals who 
provide this information or their representative.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed to authorized 
entities, as is determined to be relevant and necessary, outside GSA as 
a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    a. In any legal proceeding, where pertinent, to which GSA, a GSA 
employee, or the United States is a party before a court or 
administrative body.
    b. To a Federal, State, local, or foreign agency responsible for 
investigating, prosecuting, enforcing, or carrying out a statute, rule, 
regulation, or order when GSA becomes aware of a violation or potential 
violation of civil or criminal law or regulation.
    c. To an appeal, grievance, hearing, or complaints examiner; an 
equal employment opportunity investigator, arbitrator, or mediator; and 
an exclusive representative or other person authorized to investigate 
or settle a grievance, complaint, or appeal filed by an individual who 
is the subject of the record.
    d. To the Office of Personnel Management (OPM), the Office of 
Management and Budget (OMB), and the Government Accountability Office 
(GAO) in accordance with their responsibilities for evaluating Federal 
programs.
    e. To a Member of Congress or his or her staff on behalf of and at 
the request of the individual who is the subject of the record.
    f. To an expert, consultant, or contractor of GSA in the 
performance of a Federal duty to which the information is relevant.
    g. To the National Archives and Records Administration (NARA) for 
records management purposes.
    h. In connection with any litigation or settlement discussions 
regarding claims by or against the GSA, including public filing with a 
court, to the extent that GSA determines the disclosure of the 
information is relevant and necessary to the litigation or discussions.
    i. To appropriate agencies, entities, and persons when (1) GSA 
suspects or has confirmed that there has been a breach of the system of 
records, (2) GSA has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, GSA (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with GSA's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    j. To another Federal agency or Federal entity, when GSA determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    k. To compare such records to other agencies' systems of records or 
to non-Federal records, in coordination with an OIG in conducting an 
audit, investigation, inspection, evaluation, or some other review as 
authorized by the IG Act.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    All records are stored electronically in a database. Information is 
encrypted in transit and at rest.

[[Page 61426]]

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records can be retrieved by name or other personal identifier.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records relating to events management will be retained for 6 years 
from the end of the fiscal year of the event in accordance with the 
NARA-approved GSA Records Schedule DAA-0269-2016-0007-0003--``Events 
Records''.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records in the system are protected from unauthorized access and 
misuse through a combination of administrative, technical and physical 
security measures. Administrative measures include but are not limited 
to policies that limit system access to individuals within an agency 
with a legitimate business need, and regular review of security 
procedures and best practices to enhance security. Technical measures 
include but are not limited to system design that allows authorized 
system users access only to data for which they are responsible; and 
use of encryption for certain data transfers. Physical security 
measures include but are not limited to the use of data centers which 
meet government requirements for storage of sensitive data.

RECORD ACCESS PROCEDURES:
    If an individual wishes to access any data or record pertaining to 
him or her in the system after it has been submitted, that individual 
should consult the GSA's Privacy Act implementation rules available at 
41 CFR part 105-64.2.

CONTESTING RECORD PROCEDURES:
    If an individual wishes to contest the content of any record 
pertaining to him or her in the system after it has been submitted, 
that individual should consult the GSA's Privacy Act implementation 
rules available at 41 CFR part 105-64.4.

NOTIFICATION PROCEDURES:
    If an individual wishes to be notified at his or her request if the 
system contains a record pertaining to him or her after it has been 
submitted, that individual should consult the GSA's Privacy Act 
implementation rules available at 41 CFR part 105-64.4.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Richard Speidel,
Chief Privacy Officer, Office of Enterprise Data & Privacy Management, 
General Services Administration.
[FR Doc. 2024-16845 Filed 7-30-24; 8:45 am]
BILLING CODE 6820-AB-P