Privacy Act of 1974; Notice of New System of Records

AGENCY:

General Services Administration.

ACTION:

Notice.

SUMMARY:

GSA proposes to establish a new system of records subject to the Privacy Act of 1974, as amended, 5 U.S.C. 552a.

DATES:

Effective November 15, 2012.

FOR FURTHER INFORMATION CONTACT:

Call or email the GSA Privacy Act Officer: telephone 202-208-1317; email gsa.privacyact@gsa.gov.

ADDRESSES:

GSA Privacy Act Officer (CIB), General Services Administration, 1275 First Street NE., Washington, DC 20417.

SUPPLEMENTARY INFORMATION:

GSA proposes to establish a new system of records subject to the Privacy Act of 1974, 5 U.S.C. 552a. The new system will allow GSA Users to utilize the SalesForce application environment and the Google Apps for Government platform used by the GSA.

GSA/CIO-3

SYSTEM NAME:

GSA's Enterprise Organization of Google Applications for Government and SalesForce.com for Government.

SYSTEM LOCATION:

Enterprise Application Services (EAS) is a singular component system managed by the Applied Solutions Division, a division of Office of the Chief Information Officer. The EAS system is housed in secure datacenters hosted by GSA in Kansas City (Region 6) and Fort Worth (Region 7) as well as Cloud components as part of GSA's implementation of Google Apps for Government and Salesforce.com for Government. In addition, some employees and contractors may download and store information from this system. Those copies are located within the employees' or contractors' offices or on encrypted workstations issued by GSA for individuals who are teleworking.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Only one category of individual is covered by this system, collectively referred to as “GSA Users”, which are individuals who require routine access to agency information technology systems, including federal employees, contractors, child care workers and other temporary workers with similar access requirements. The system does not apply to or contain information on occasional visitors or short-term guests not cleared for use under HSPD-12.

CATEGORIES OF RECORDS IN THE SYSTEM:

This system contains information needed for the functionality of specific minor applications that are developed for either GSA's implementation of Google Apps for Government or Salesforce.com for Government. This system contains the following information:

Employee/contractor/other worker's full name

Organization/office of assignment

Company/agency name

Work address

GSA assigned work telephone number

Social Security Number

Personal physical home address

Personal home or mobile phone

Personal email addresses

Individual work related records

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 301, 40 U.S.C. 11315, 44 U.S.C. 3506, E.O. 9397, as amended, and Homeland Security Presidential Directive 12 (HSPD-12).

PURPOSES:

For the functionality and use of specific minor applications within GSA's implementation of Google Apps for Government and Salesforce.com for Government. Information may be collected to meet the business requirements of the application, site, group or instance. The new system will allow GSA Users to utilize the SalesForce application environment and the Google Apps for Government platform used by the GSA.

A listing of applications covered by this SORN can be found at: http://goo.gl/Qrj2c.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

a. To a Member of Congress or to a Congressional staff member in response to an inquiry of the Congressional office, made at the written request of the constituent about whom the record is maintained.

b. To the National Archives and Records Administration (NARA) for records management purposes.

c. To Agency contractors, grantees, consultants, or experts who have been engaged to assist the agency in the performance of a Federal duty to which the information is relevant.

d. To a Federal, State, local, foreign, or tribal or other public authority, on request, in connection with the hiring or retention of an employee, the issuance or retention of a security clearance, the letting of a contract, or the issuance or retention of a license, grant, or other benefit, to the extent that the information is relevant and necessary to the requesting agency's decision.

e. To the Office of Management and Budget (OMB) when necessary to the review of private relief legislation pursuant to OMB circular No. A-19.

f. To designated Agency personnel for the purpose of performing an authorized audit or oversight evaluation.

g. To the Office of Personnel Management (OPM), the Office of Management and Budget (OMB), the Government Accountability Office (GAO), or other Federal agencies when the information is required for program evaluation purposes.

h. To appropriate agencies, entities, and persons when (1) the Agency suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) the Agency has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by GSA or another agency or entity) that rely upon the compromised information; (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with GSA's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

i. In any criminal, civil or administrative legal proceeding, where pertinent, to which GSA, a GSA employee, or the United States or other entity of the United States Government is a party before a court or administrative body.

j. To an appeal, grievance, hearing, or complaints examiner; an equal employment opportunity investigator, arbitrator, or mediator; and/or an exclusive representative or other person authorized to investigate or settle a grievance, complaint, or appeal filed by an individual who is the subject of the record.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

Computer records are stored on a secure server and accessed over the Web via encryption software. Paper records, when created, are kept in file folders and cabinets in secure rooms. When individuals download information, it is kept on encrypted, password secured computers and it is their responsibility to protect the data, including compliance with HCO 2180.1, GSA Rules of Behavior for Handling Personally Identifiable Information (PII).

RETRIEVABILITY:

Records are retrievable by a combination of first name and last name. Group records are retrieved by organizational code or other listed identifiers as configured in the application by the program office for their program requirements.

SAFEGUARDS:

Cloud systems are authorized to operate separately by the GSA CIO at the moderate level. All GSA Users utilize two-factor authentication to access Google Apps for Government. Access is limited to authorized individuals with passwords or keys. Computer records are protected by a password system that is compliant with National Institute of Standards and Technology standards. Paper records are stored in locked metal containers or in secured rooms when not in use. Information is released to authorized officials based on their need to know.

RETENTION AND DISPOSAL:

Records are retained and disposed of according to GSA records maintenance and disposition schedules, GSA Records Maintenance and Disposition System (CIO P 1820.1), GSA 1820.2A, and requirements of the National Archives and Records Administration.

SYSTEM MANAGER AND ADDRESS:

Director, Applied Solutions, General Services Administration, 1275 First Street NE., Washington, DC 20417.

NOTIFICATION PROCEDURE:

An individual can determine if this system contains a record pertaining to him/her by sending a request in writing, signed, to the System Manager at the above address. When requesting notification of or access to records covered by this notice, an individual should provide his/her full name, date of birth, region/office, and work location. An individual requesting notification of records in person must provide identity documents sufficient to satisfy the custodian of the records that the requester is entitled to access.

RECORD ACCESS PROCEDURES:

Individuals wishing to access their own records should contact the system manager at the address above.

CONTESTING RECORD PROCEDURES:

Rules for contesting the content of a record and appealing a decision are contained in 41 CFR 105-64.

RECORD SOURCE CATEGORIES:

The sources for information in the system are the individuals about whom the records are maintained, the supervisors of those individuals, existing GSA systems, a sponsoring agency, a former sponsoring agency, other Federal agencies, contract employers, or former employers.