Privacy Act of 1974; System of Records

AGENCY:

U.S. Department of Agriculture; Forest Service.

ACTION:

Notice of a new system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, the U.S. Department of Agriculture (USDA or Department) proposes to create a new system of records titled “Department of Agriculture Forest Service Application Cloud Environment (FS ACE).” ACE is a general support system owned by the Forest Service Chief Information Officer (CIO) and operated by the Data Center Services Branch of the Forest Service CIO Operations Division. The system is located and managed in two geographically separated USDA Digital Infrastructure Services Centers (DISC), Class 4 data centers: One in Kansas City, MO; and the other in St. Louis, MO. Each provide alternate processing and data storage services in support of disaster recovery activities. Additionally, DISC-Kansas City provides off-site tape storage in Lenexa, KS, through a third-party vendor, Recall. All three locations are addressed within the DISC authorization boundaries.

DATES:

In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is effective upon publication, subject to a 30-day notice and comment period to comment on the routine uses described below. Please submit any comments by August 5, 2021.

ADDRESSES:

You may submit comments, identified by docket number FS-2021-0004 by one of the following methods:

• Federal e-Rulemaking Portal: http://www.regulations.gov —follow the instructions for submitting comments.
• Cynthia Towers, NRE Forest Service Privacy Officer, Office of the Chief Information Officer, U.S. Department of Agriculture, 1400 Independence Avenue SW, Washington, DC 20250.
• email to SM.FS.WOFOIA@usda.gov.

Instructions: All submissions received must include the Agency name and docket number for this rulemaking. All comments received will be posted without change to http://www.regulations.gov,, including any personal information provided.

Docket: For access to the docket to read the background document or comments received go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

For general questions about this notice, please contact Cynthia Towers, NRE Forest Service Privacy Officer, at 816-286-5272 or by email at cynthia.towers@usda.gov.

For privacy issue questions, please contact: Sullie Coleman, Chief Privacy Officer, Office of the Chief Information Officer, U.S. Department of Agriculture, 1400 Independence Avenue SW, Washington, DC 20250 or by email at sullie.coleman@usda.gov or by telephone at (202) 604-0467.

SUPPLEMENTARY INFORMATION:

The Privacy Act of 1974, as amended (5 U.S.C. 552a), requires agencies to publish in the Federal Register notice of new systems of records maintained by the Agency. A system of records is a group of any records under the control of any agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to an individual.

The Forest Service proposes to create a system of records entitled USDA/FS-63 Application Cloud Environment (FS ACE) that will be used to maintain records of activities conducted by the Agency pursuant to its mission and responsibilities.

TITLE OF BUSINESS ADDRESS OF THE AGENCY OFFICIAL RESPONSIBLE FOR THE SYSTEM OF RECORD:

Chief Information Officer, U.S. Department of Agriculture, 1400 Independence Avenue SW, Washington, DC 20250.

SYSTEM NAME AND NUMBER:

USDA/FS-63 Application Cloud Environment (FS ACE). Forest Service Application Cloud Environment (FS ACE) CSAM ID 1991, External ID: UII Code: 005-000000243; 005-000003304; 005-000003305; 005-000000257.

SECURITY CLASSIFICATION:

Controlled Unclassified Information (CUI).

SYSTEM LOCATION:

The system is located and managed in two geographically-separated U.S. Department of Agriculture (USDA) Digital Infrastructure Services Centers (DISC), Class 4 data centers, one at 8930 Ward Parkway, Kansas City, MO 64114 and the second at 4300 Goodfellow Blvd., St. Louis, MO 63120. Each provide alternate processing and data storage services in support of disaster recovery activities. Additionally, Kansas City provides off-site tape storage through Recall, located at 16150 W 110th St., Lenexa, KS. All three locations are addressed within the DISC authorization boundaries.

SYSTEM MANAGER:

ACE System Owner, Management Office 903 E 104th Street, Ste. 210, Kansas City, MO 64131. Additional location: Production DC—DISC Kansas City, MO.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

For FS ACE, authorities for general collection of information come from by 31 U.S.C. 3512, Executive Agency Accounting Systems Act of September 12,1950, and 16 U.S. Code § 551—Protection of national forests; rules and regulations. For Federal requirements for the collection of information, also see: 5 U.S.C. Chapter 552 (Freedom of Information Act), 44 U.S.C. Chapters 21, 29, 31, and 33 (Records Management), and 18 U.S.C. 2071 (Concealment, removal, or mutilation of government records).

PURPOSE(S) OF THE SYSTEM:

The purpose of this system of records is to manage a set of projects that is part of the Digital Infrastructure Services Center cloud migration. The goal of the FS ACE is to enable the Agency to concentrate on building integrated business solutions rather than managing separate technology issues. This system provides general hosting services to applications within the Forest Service. Hosting services include Virtual Data Center (VDC) environment, storage, backup and recovery, monitoring, etc. The FS ACE hosts the applications that collects an individual's personal information (PII) as a part of doing business with the Forest Service. FS ACE houses sensitive data from various FS programs and allows FS authorized users the ability to access and update this information. For example:

• Integrates the information for reporting, analysis, and management of various Human Resource Management processes and functions, which includes both PII, and budget and finance data;
• Contains applications to collect, store, edit, compile and report on field collected resource data for our nation's forests and grasslands per the Farm Bill requirement; and
• FS ACE collects PII from several applications that include short term (seasonal) contractors and researchers in support of the Forest Inventory & Analysis program.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

All individuals granted access to the FS ACE are covered: All individuals, even if they are not users of the FS ACE who are mentioned or referenced in any documents entered into FS ACE by a user are also covered. This group may include, but is not limited to, vendors, agents, and other business personnel.

CATEGORIES OF RECORDS IN THE SYSTEM:

The system of records includes the following required information about an individual: The individual's first and last name, social security number, tax identification number, passport number, driver's license number, or unique identification number.

RECORDS SOURCE CATEGORIES:

Information contained in FS ACE may be collected from an individual via fax, email, form, telephone, or website, depending on the application used.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, records contained in a system may be disclosed outside USDA as a routine use under 5 U.S.C. 552a(b)(3) to the extent that such uses are compatible with the purposes for which the information was collected. Such permitted routine uses include the following disclosures:

A. To the appropriate agency, whether Federal, State, local, Tribal, foreign, or other public authority responsible for enforcing, investigating, or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto, when a record on its face, or in conjunction with other records, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute or particular program, statute, or by regulation, rule, or order issued pursuant thereto, disclosure may be made if the information disclosed is relevant to any enforcement, regulatory, investigative, or prospective responsibility of the receiving entity and. Referral to the appropriate agency occurs, whether Federal, State, local, Tribal, or foreign, charged with the responsibility of investigating or prosecuting violation of law, or of enforcing or implementing a statute, rule, regulation, or order issued pursuant thereto of any record within this system when information available indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature;

B. To the Department of Justice (DOJ), when: (a) USDA or any component thereof; or (b) any employee of USDA in his or her official capacity where the DOJ has agreed to represent the employee; or (c) the United States Government, is a party to litigation or has an interest in such litigation, and USDA determines that the records are both relevant and necessary to the litigation and the use of such records by the DOJ is therefore deemed by USDA to be for a purpose that is compatible with the purpose for which USDA collected the records;

C. To a court or adjudicative body in a proceeding when: (a) USDA or any component thereof; or (b) any employee of USDA in his or her official capacity; or (c) any employee of the Agency in his or her individual capacity where USDA has agreed to represent the employee, or the United States Government, is a party to litigation or has an interest in such litigation, and USDA determines that the records are both relevant and necessary to the litigation and that use of such records is therefore deemed by USDA to be for a purpose that is compatible with the purpose for which USDA collected the records;

D. To appropriate agencies, entities, and persons when: (1) USDA suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) USDA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, USDA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with USDA's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm; or to another Federal agency or Federal entity, when information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the agency (including its information systems, programs, and operations), the Federal Government, or national security;

E. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the USDA, when necessary, to accomplish an agency function related to this system of records. Individuals providing information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to USDA officers and employees;

F. To a congressional office in response to an inquiry from that congressional office made at the written request of the individual about whom the record pertains.

G. To the National Archives and Records Administration (NARA) or other Federal government agencies pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

H. To an agency, organization, or individual for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

I. To appropriate Federal, state, local, tribal, or foreign governmental agencies or multilateral governmental organizations, with the approval of the Chief Privacy Officer, when USDA is aware of a need to use relevant data for purposes of testing new technology.

J. To the news media and the public, with the approval of the Chief Privacy Officer in consultation with counsel, when there exists a legitimate public interest in the disclosure of the information, or when disclosure is necessary to preserve confidence in the integrity of USDA, or when disclosure is necessary to demonstrate the accountability of USDA's officers, employees, or individuals covered by the system, except to the extent the Chief Privacy Officer determines that release of the specific information in the context of a particular case would constitute a clearly unwarranted invasion of personal privacy.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:

None.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

All records are stored electronically or on paper in secure facilities in a locked drawer behind a locked door. The records may be stored on digital media. Each USDA mission area, agency, and staff office creates and maintains proper and adequate documentation of the organization, functions, policies, decisions, procedures, and essential transactions of the Department. This documentation protects the legal and financial rights of the Government and of persons directly affected by the Department's activities (44 U.S.C. 3101). U.S.C. Title 7, Chapters 55 2204 state that the Secretary of Agriculture may conduct any survey or other information collection and employ any sampling or other statistical method that the Secretary determines is appropriate.

The Department is also authorized to obtain certain information under Sec. 515 of the Treasury and General Government Appropriations Act for Fiscal Year 2001 (44 U.S.C. 3516, Pub. L. 106-554) as well as Title 5 Part I Chapter 3-301, and 5 U.S.C. 552 § 552a.

See also: 5 U.S.C. Chapter 552; 44 U.S.C. Chapters 21, 29, 31, and 33 (Records Management); 18 U.S.C. 2071; 44 U.S.C. 3101 et seq.; 44 U.S.C. 3506; Title 7 CFR 2.37; 36 CFR Chapter 12, Subpart B; 36 CFR part 1234, eGovernment Act of 2002 (Pub. L. 107-347, 44 U.S.C. Ch. 36); OMB Circular A-130; NARA General Records Schedules and Forest Service Mission-specific records retention schedules approved by NARA for NARA Records Group 95.

POLICIES AND PRACTICES FOR RETRIEVABILITY OF RECORDS:

Records are maintained in accordance with Forest Service records management policy and NARA's General Records Schedule, and/or NARA-approved records schedules for NARA Records Group 95. Depending on the application being used, records may be retrieved by Name or Unique identifier such as: Social security number, tax identification number, passport number, driver's license number, agency assigned number, case number, account number or permit number, as appropriate.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records covered by this Privacy Act System of Records Notices (SORN) are managed according to records retention schedules approved by the NARA. Records schedules used to retain and manage records are found in Chapter 40 of Forest Service Handbook 6209.11—Records Management Handbook. This Handbook is available on the Forest Service website at https://www.fs.fed.us/about-agency/regulations-policies. All unscheduled records meaning records without a National Archives-approved records retention schedule are retained until a records retention schedule is approved by the National Archives. Once a schedule is approved, all existing records will be processed according to the requirements set forth in that schedule.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

When applicable, paper records are kept in a locked or secured office or office building, and/or retained in a Forest Service secured computer system and can only be accessed by authorized Forest Service employees. Department/Forest Service safeguards electronic records in this system according to applicable rules and policies, including all applicable automated systems' security and access policies. The Forest Service has imposed strict controls to minimize the risk of compromising stored information. System access, including access to records stored in an Agency-approved repository (such as Pinyon or its successor) is limited to individuals with appropriate clearances or permissions who need to know the information for performance of official duties.

RECORD ACCESS PROCEDURES:

An individual who is the subject of a record in this system may seek access to those records that are not exempt from the access provisions set forth at 5 U.S.C. 552a(k)(2). A determination whether a record may be accessed will be made at the time a request is received. All inquiries should be addressed in accordance with the “Notification procedures” below.

CONTESTING RECORDS PROCEDURES:

Any individual may contest information contained within a record in the system that pertains to him/her by submitting a written request to the system manager at the address indicated in the “Notification procedures” section. Include the reason for contesting the record and the proposed amendment to the information with supporting documentation to show how the record is inaccurate.

NOTIFICATION PROCEDURES:

Individuals seeking access to records contained in this system of records, or seeking to contest content, may submit a request in writing to the Forest Service FOIA/Privacy Act Officer (contact information at https://www.dm.usda.gov/foia/poc.htm ). If an individual believes more than one Department component maintains Privacy Act records concerning him or her, the individual may submit the request to the Departmental FOIA Officer, 1400 Independence Avenue SW, South Building Room 4104, Washington, DC 20250-0706; email: USDAFOIA@ocio.usda.gov.

The request should include a daytime phone number and email. Provide as much information as possible about the subject matter of the records you are requesting. This will help facilitate the search process.

If you are making a request for records about yourself, you may receive greater access by providing either a notarized statement or a statement signed under penalty of perjury stating that you are the person who you say you are.

Provide your full name, date, and either: (1) Have your signature witnessed by a notary; or (2) include the following statement immediately above the signature on your request letter: “I declare under penalty of perjury that the foregoing is true and correct. Executed on [date].” Requests that do not contain the required declaration will be processed under the Freedom of Information Act (FOIA), and, if records are found, you may not receive as much information, including information about you. If additional information is required to fulfill a Privacy Act request, you will be notified.

If you want records about yourself to be released to a third party (such as a law firm or other organization requesting records on your behalf), the third party may receive greater access if they have permission from you.

You will need a signed and dated statement that the Forest Service may release records pertaining to you. Include your name; date of birth; name of the person or organization to whom you want your records disclosed (where applicable); their contact information; and list of records that may be released (all, emails, medical records, etc.). The person about whom the records will be released should include a statement indicating that they understand that knowingly or willingly seeking or obtaining access to records about another person under false pretenses and or without their consent is punishable by a fine of up to $5,000.

Requests must be for access to existing records. The Forest Service FOIA Office will not create records for the purpose of responding to a FOIA or Privacy Act request.

• FOIA excludes Federal agencies from its definition of persons permitted to make FOIA requests [see 5 U.S.C. 552(a)(3)(A) and 5 U.S.C. 551(2)]. To avoid confusion as to whether Federal employees are requesting information in their personal or official capacities, requests from Federal employees should be submitted using personal resources.

Any individual may request general information regarding this system of records or information as to whether the system contains records pertaining to him/her. All inquiries pertaining to this system should be in writing, must name the system of records as set forth in the system notice, and must contain the individual's name, telephone number, address, and email address (see specific instructions above).

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

HISTORY:

The Forest Service proposes to create a new system of records entitled “USDA/Forest Service-63 Application Cloud Environment (FS ACE) System of Records” that will be used to maintain records of activities conducted by the Agency pursuant to its mission and responsibilities.