Privacy Act; Notification of Amended Privacy Act System of Records, Privacy Act Request and Appeals Files

AGENCY:

Office of the Chief Information Officer, HUD.

ACTION:

Notification of amended system of records.

SUMMARY:

Pursuant to the Privacy Act of 1974 (U.S.C. 552a(e)(4)), as amended, and Office of Management and Budget (OMB), Circular No. A-130, notice is hereby given that the Department of Housing and Urban Development (HUD), Office of the Chief Information Officer (OCIO) has amended one of its system of records entitled the “Privacy Act Request and Appeals Files”, previously known as “HUD/Dept-52, Privacy Act Record Files”. Additionally, the amended notices serve to convey information established under the previously published system of records in a more clear and cohesive format. The amended system of records will be included in the Department of Housing and Urban Development's inventory of systems of records and will replace the HUD/Dept-52, Privacy Act Record Files system of records reported under HUD's Library of Routine Uses, published in the Federal Register on (July 17, 2012 at 77 FR 41996). The changes under this notice are non-substantive and thus do not meet the threshold requirements for filing a report to OMB and Congress.

DATES:

Effective Date: This action shall be effective immediately August 1, 2014.

ADDRESSES:

Interested persons are invited to submit comments regarding this notice to the Rules Docket Clerk, Office of the General Counsel, Department of Housing and Urban Development, 451 Seventh Street SW., Room 10276, Washington, DC 20410-0500. Communication should refer to the above docket number and title. A copy of each communication submitted will be available for public inspection and copying between 8:00 a.m. and 5:00 p.m. weekdays at the above address.

FOR FURTHER INFORMATION CONTACT:

Donna Robinson-Staton, Chief Privacy Officer, 451 Seventh Street SW., Washington, DC 20410 (Attention: Capitol View Building, 4th Floor), telephone number: (202) 402-8073. [The above telephone number is not a toll free number.] A telecommunications device for hearing- and speech-impaired persons (TTY) is available by calling the Federal Information Relay Service's toll-free telephone number (800) 877-8339.

SUPPLEMENTARY INFORMATION:

This system of records is maintained by HUD's Office of the Chief Information Officer, and includes personally identifiable information submitted by individuals requesting access or amendment to records maintained by the Department. The system encompasses programs and services in place for the Department's data collection and management practices. Publication of this notice allows HUD to publish up-to-date and clear information on the system of records. The revised proposal will incorporate Federal privacy requirements, and HUD policy requirements. The Privacy Act provides certain safeguards for an individual against an invasion of personal privacy by requiring Federal agencies to protect records contained in an agency system of records from unauthorized disclosure, by ensuring that information is current for its intended use, and by providing adequate safeguards to prevent misuse of such information. Additionally, this notice demonstrates the Department's focus on industry best practices in protecting the personal privacy of the individuals covered by this system notification. This notice states the name and location of the record system, the authority for and manner of its operations, the categories of individuals that it covers, the type of records that it contains, the sources of the information for those records, the routine uses made of the records and the types of exemption in place for the records. In addition, the notice includes the business address of the HUD officials who will inform interested persons of the procedures whereby they may gain access to and/or request amendments to records pertaining to them.

This publication does not meet the threshold requirements for filing a report to the Office of Management and Budget (OMB), the Senate Committee on Homeland Security and Governmental Affairs, and the House Committee on Government Reform as instructed by Paragraph 4c of Appendix 1 to OMB Circular No. A-130, “Federal Agencies Responsibilities for Maintaining Records About Individuals,” July 25, 1994 (59 FR 37914).

Authority: 5 U.S.C. 552a; 88 Stat. 1896; 42 U.S.C. 3535(d).

CIO/QMPP.01

SYSTEM NAME:

Privacy Act Request and Appeals Files.

SYSTEM LOCATION:

Privacy Act Office, Freedom of Information Act Office, 451 Seventh Street SW., Washington, DC 20715. The system file may be accessible at HUD Field and Regional offices where in some cases Privacy Act records are maintained.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system contains correspondence and other documents related to request made by individuals to HUD's Privacy Office or Freedom of Information Act (FOIA) Office when inquiring about the existence of records about themselves, access and/or correction to those records, or when requesting review of an initial denial of a request.

CATEGORIES OF RECORDS IN THE SYSTEM:

Name, address, telephone number, Social Security Number, and other individually identifying information of requester, nature of the request, and records reflecting processing and disposition of the request by the Department.

AUTHORITY FOR MAINTNENACE OF THE SYSTEM:

Privacy Act, 5 U.S.C. 552a(c).

PURPOSE(S):

This system is used to handle the workload for Privacy Act requests. This includes the assigning of work, processing work electronically, tracking requests, and responding to requests received by the Department. The records in the systems are used by the Privacy Act and FOIA staff involved in the processing of Privacy Act requests, as well as by appeals officials and members of the Office of General Counsel, when applicable.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Records may be disclosed from this system for routine uses to:

1. A congressional office, from the record of an individual, in response to a verified inquiry from the congressional office made at the written request of that individual.

2. The Department of Justice for the purpose of obtaining advice regarding whether or not the records should be disclosed, when applicable.

3. Records may be disclosed to student volunteers, individuals working under a personal services contract, and other individuals performing functions for the Department but technically not having the status of agency employees, if they need access to the records in order to perform their assigned agency functions.

4. To contractors, grantees, experts, consultants, and the agents of thereof, and others performing or working on a contract, service, grant, cooperative agreement with HUD, when necessary to accomplish an agency function related to its system of records, limited to only those data elements considered relevant to accomplishing an agency function. Individuals provided information under this routine use is subject to the same Privacy Act requirements and limitations on disclosure as are applicable to HUD officers and employees.

5. To appropriate agencies, entities, and persons when: (a) HUD suspects or has confirmed that the security or confidentiality of information in a system of records has been compromised; (b) HUD has determined that, as a result of the suspected or confirmed compromise, there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of systems or programs (whether maintained by HUD or another agency or entity) that rely upon the compromised information; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with HUD's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm for purposes of facilitating responses and remediation efforts in the event of a data breach.

6. To appropriate agencies, entities, and persons to the extent such disclosures are compatible with the purpose for which the records in this system were collected, as set forth by Appendix I —HUD's Library of Routine Uses published in the Federal Register on (July 17, 2012 at 77 FR 41996).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

The original, or a copy, of the incoming request and the written response are maintained in case file folders and stored in metal file cabinets. Cross-reference data is maintained in a correspondence control log stored in a personal computer and printed as hard copy on paper file and stored in file metal file cabinets as needed.

RETRIEVABILITY:

Records are almost always retrieved by the name of the individual who made the Privacy Act and FOIA related request during a given calendar year. Incoming Privacy Act requests that are related to FOIA are assigned a system-generated case file number that identifies the year in which the request was made, and the number of the request. Requests unrelated to FOIA are submitted to the Privacy Act Office, and assigned the requestors name that identifies the year in which the request was made and the number of the request made.

SAFEGUARDS:

1. Access to records is restricted to Privacy Act staff, involved program officials, FOIA staff, appeals officials, and members of the Office of General Counsel involved in the processing of Privacy Act requests and/or appeals.

2. Physical Safeguards: The case file folders are stored in file cabinets in secure areas that are either occupied by staff personnel involved in processing Privacy Act requests and appeals or locked up during non-working hours, or whenever staff is not present in these areas. In addition, entrance to the buildings where case files are maintained is controlled by security guards.

3. Procedural Safeguards: Access to records is limited to those staff members who are familiar with Privacy Act or FOIA related request that have a need-to-know. System Managers are held responsible for safeguarding the records under their control. Cross-reference data is maintained in a correspondence control log stored in a personal computer for which access is granted by User ID and Password.

RETENTIONAL AND DISPOSAL:

The National Archives and Records Administration issues General Records Schedules 14 provide disposition authorization for records related to Privacy Act Request as follows:

1. Case files are retained for two years after date of response, and destroyed when access to all requested records is granted, and not appealed (NC1-64-77-1, item 25a1).

2. Case files are retained for two years after date of response for nonexistent records and then destroyed, when not appealed (NCI-64-77-1, Item 25a2a).

3. Case files are retained and destroyed five years when access to all or part of the records is denied, and not appealed (NC1-64-77-1, Item 25a3a).

4. In the event of an appeal, the files are destroyed six years after final determination by the Department, or three years after final adjudication by the courts, or six years after the time at which a requester could file suit, whichever is later.

5. Correspondence control logs are destroyed six years after the date of last entry. Records are to be destroyed when superseded or when requested documents are declassified or destroyed under the prescribed General Records Schedule (NCI87-7, Item31c). Hence, paper based records will be destroyed by burning; Electronic records will be destroyed per NIST SP 800-88 “Guidelines for Media Sanitization” (September 2006).

SYSTEM MANAGER(S) AND ADDRESS:

Donna Robinson-Staton, Chief Privacy Officer, 451 Seventh Street SW., Washington, DC 20410 (Attention: Capitol View Building, 4th Floor), telephone number: (202) 402-8073. (see Appendix I, following, for additional locations where in some cases Privacy Act records are accessed and maintained.

NOTIFICATION AND ACCESS PROCEDURES:

Donna Robinson-Staton, Chief Privacy Officer, 451 Seventh Street SW., Washington, DC 20410 (Attention: Capitol View Building, 4th Floor), telephone number: (202) 402-8073, in accordance with the procedures in 24 CFR Part 16. The Department's rules for providing access to records to the individual concerned appear in 24 CFR Part 16. A person may request access to these records in writing.

CONTESTING RECORDS PROCEDURES:

The Department's rules for contesting the contents of records and appealing initial denials, by the individual concerned, appear in 24 CFR Part 16. If additional information or assistance is needed, it may be obtained by contacting:

(i) In relation to contesting contents of records, the Departmental Privacy Act, Department of Housing and Urban Development, 451 Seventh Street SW., Room 2256, Washington, DC 20410, or

(ii) In relation to appeals of initial denials, the HUD Departmental Privacy Appeals Officers, Office of General Counsel, Department of Housing and Urban Development, 451 Seventh Street SW., Washington, DC 20410.

RECORD SOURCE CATEGORIES:

The source of information is from the individuals making a request for Privacy Act records, and components of the Department and other agencies that search for, and provide, records and related correspondence maintained in the case files.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:

Pursuant to 5 U.S.C. 552a(k)(2), records in this system, which reflect records that are contained in other systems of records that are designated as exempt, are exempt from the requirements of subsections (c)(3), (d), (e)(1), (e)(4)(G), (H), (I), and (f) of 5 U.S.C. 552a.