Privacy Act of 1974; System of Records

AGENCY:

Office of the Assistant Secretary for Civil Rights (OASCR), USDA.

ACTION:

Notice of a new system of records.

SUMMARY:

Pursuant to the Privacy Act of 1974 and Office of Management and Office of Management and Budget Circular No. A-108, the U.S. Department of Agriculture (USDA) proposes to create a new system of records, USDA/OASCR-2, Civil Rights Management System (CRMS). The Office of the Assistant Secretary for Civil Rights (OASCR) maintains CRMS, which contains program discrimination complaints, alleging unlawful discrimination arising within programs or activities conducted or assisted by USDA. The notice also conveys updates to the system location, categories of records, routine uses (one of which permits records to be provided to the National Archives and Records Administration), storage, safeguards, retention and disposal, system manager and address, notification procedures, records access, and contesting procedures.

DATES:

In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of records is subject to a 30-day notice and comment period in which to comment on the routine uses described in the routine uses section of this system of records notice. Please submit your comments by September 16, 2021.

ADDRESSES:

You may submit comments by either of the following methods:

—Federal eRulemaking Portal: Go to: http://www.regulations.gov/#!docketDetail:D=USDA-2021-0007.

—Postal Mail/Commercial Delivery: Please send one copy of our comment to Docket No. USDA-2021-0007, OASCR, Center for Civil Rights Enforcement, 1400 Independence Ave. SW, Mailstop 9410, Washington, DC 20250, or at ProgramComplaints@usda.gov or Executive Director at Center for Civil Rights Enforcement, OASCR, USDA, 1400 Independence Ave. SW, Mailstop 9410, Washington, DC 20250.

FOR FURTHER INFORMATION CONTACT:

For general questions, please contact: Sandra Hammond, USDA, OASCR, Center for Civil Rights Enforcement, 1400 Independence Avenue SW, Mailstop 9410, Washington, DC 20250, or at ProgramComplaints@usda.gov. or Executive Director at Center for Civil Rights Enforcement, OASCR, USDA, 1400 Independence Avenue SW, Mailstop 9410, Washington, DC 20250.

For Privacy Act Questions: Please contact Michele Washington, michele.washington@usda.gov and for USDA Privacy Act general questions, please contact: Sm.ocio.cio.usdaprivacy@usda.gov.

SUPPLEMENTARY INFORMATION:

The CRMS provides core support for the mission of Civil Rights (CR) offices, both at the department and sub-agency levels. The CRMS serves management needs of agency heads who are, by law, charged with the responsibility for agency compliance with civil rights laws and regulations. CRMS is a cloud- based enterprise-wide complaint tracking system, consisting of a suite of applications supporting USDA and all Department agencies by tracking complaints. Additionally, CRMS adheres to the regulatory reporting requirements and provides data for Civil Rights Reporting. The program discrimination complaints process supports enforcement of Title VI of the Civil Rights Act of 1964, the Rehabilitation Act, the implementing regulations at 7 CFR part 15, and any other applicable anti-discrimination statutes, rules, and regulations.

The CRMS, formerly known as PCMS, will be housed on the Salesforce platform supported by USDA Office of the Chief Information Officer (OCIO).

The proposed revisions to the notice convey updates to the system location, categories of records, storage, safeguards, retention and disposal, system manager and address, notification procedures, records access, and contesting procedures.

USDA/OASCR will share information from the system in accordance with the requirements of the Privacy Act. A full list of routine uses is included in the routine uses section of the document published with this notice.

A report on the new system of records, required by 5 U.S.C. 552a(r), as implemented by Office of Management and Budget Circular A-108, was sent to the Chairman, Committee on Homeland Security and Government Affairs, United States Senate; the Chairwoman, Committee on Oversight and Reform, House of Representatives; and the Administrator, Office of Information and Regulatory Affairs, Office of Management and Budget.

SYSTEM NAME AND NUMBER:

USDA/OASCR-2, Civil Rights Management System, (CRMS).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

OASCR maintains the records in this system and stores a hard copy at the National Archives and Records Administration. The electronic record systems are maintained on USDA servers physically located at the United States Department of Agriculture, 1400 Independence Drive, Washington, DC 20024. USDA records are housed within the SalesForce platform, managed and maintained by USDA/Office of the Chief Information Officer. These records may reside at another location within the Continental United States. Additionally, USDA employees may maintain hard or electronic copies at USDA offices.

SYSTEM MANAGER(S):

Executive Director, Center for Civil Rights Enforcement, OASCR, USDA,1400 Independence Avenue SW, Washington, DC 20250, 202-720-8106.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 301, 42 U.S.C. 2000d, et seq., 42 U.S.C. 3608(d); 42 U.S.C. 12101, et seq.; 20 U.S.C. 1681, et seq.; 29 U.S.C. 794; 15 U.S.C. 1691, et seq; and 7 U.S.C. 2011, et seq.

PURPOSE(S) OF THE SYSTEM:

CRMS provides core support for the mission of Civil Rights (CR) offices, both at the department and sub-agency levels. CRMS serves management needs of agency heads who are, by law, charged with the responsibility for agency compliance with civil rights laws and regulations. CRMS is a cloud-based enterprise-wide complaint tracking system, consisting of a suite of applications supporting USDA and all Department agencies by tracking complaints. CRMS will facilitate the improved management of program discrimination complaints.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Categories of individuals covered by this system include, but not limited to, individuals who have filed complaints of program discrimination by USDA, and the Department and sub-agencies. In addition, the system may capture information about individuals referenced or identified in records created or compiled as part of the process of documenting and processing program discrimination complaints.

Individuals who may have information in the system include contractors, complainants, witnesses, investigators, third parties, Administrative Judges, legal representatives, applicants for employment who have filed informal or formal complaints alleging discrimination, customers, members of the public who have filed a complaint, and others who have participated or otherwise been involved in proceedings relating to a program discrimination complaint.

Individuals, even if they are not users of the USDA/OASCR-2, who are mentioned or referenced in any documents entered into USDA/OASCR-2 by a user are also covered. This group may include, but is not limited to: Vendors, agents and other business personnel.

CATEGORIES OF RECORDS IN THE SYSTEM:

Categories of records in the system consists of records created or compiled as part of the process of documenting and processing program discrimination complaints. Such records include the following: Records created or compiled in response to complainants' statements of alleged discrimination; respondents' statements; witnesses' statements; names and addresses of complainants and respondents; personal, employment, or program participation information; medical records; conciliation and settlement agreements; related correspondence; initial and final determinations; and any other records related to the intake, investigation, or adjudication of discrimination complaints.

RECORD SOURCE CATEGORIES:

Information in this system of records is obtained from the covered individuals as follow: Members of the public, USDA employees, contractors, USDA applicants, and other individuals or entities participating in program complaint matters or is taken from other program discrimination complaints.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, records contained in this system may be disclosed outside USDA as a routine use pursuant to 5 U.S.C. 552a(b)(3), to the extent that such uses are compatible with the purposes for which the information was collected. Such permitted routine uses include the following:

A. To the Department of Justice (DOJ) when: (a) USDA or any component thereof; or (b) any employee of USDA in his or her official capacity where the Department of Justice has agreed to represent the employee; or (c) the United States Government, is a party to litigation or has an interests in such litigation, and USDA determines that the records are both relevant and necessary to the litigation and the use of such records by the Department of Justice is deemed by USDA to be for a purpose that is compatible with the purpose for which USDA collected the records.

B. To a congressional office in response to an inquiry from that Congressional office made at the written request of the individual about whom the record pertains.

C. To the United States Civil Rights Commission in response to its request for information, per 42 U.S.C. 1975a.

D. To the National Archives and Records Administration (NARA) or other Federal government agencies pursuant to records management activities being conducted under 44 U.S.C. 2904 and 2906.

E. To appropriate agencies, entities, and persons when (1) USDA suspects or has confirmed that there has been a breach of the system of records; (2) USDA has determined that as a result of the suspected or confirmed breach, there is a risk of harm to individuals, USDA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure to such agencies, entities, and persons is reasonably necessary to assist in connection with USDA's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

F. To another Federal agency or Federal entity, when information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach; or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

When a record on its face, or in conjunction with other records, indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or order issued pursuant thereto, USDA may disclose the record to the appropriate Federal, State, local, foreign, Tribal, or other public authority responsible for enforcing, investigating, or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto, if the information disclosed is relevant to any enforcement, regulatory, investigative or prosecutive responsibility of the receiving entity.

G. In an appropriate proceeding before a court, grand jury, or administrative or adjudicative body or official, when the USDA or other Agency representing the USDA determines that the records are both relevant and necessary to the proceeding; or in an appropriate proceeding before an administrative or adjudicative body when the adjudicator determines the records to be relevant to the proceeding.

H. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the USDA, when necessary to accomplish an agency function related to this system of records.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

OASCR, Records Management Services (RMS) is responsible for maintaining its program complaint records. These records are electronically stored in CRMS and OCIO. They are under the care and maintenance of OASCR.

Records maintained by OASCR are accessioned to NARA, as permanent records. Electronic records are stored at the USDA OCIO. USDA employees also may maintain paper or electronic copies at USDA offices.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Electronic and paper records are indexed by name of complainant, agency, and address. Paper records are retrieved from NARA. Electronic records are retrieved from USDA OCIO Data Center. Electronic and/or paper records are retrieved from USDA employees at USDA offices.

To retrieve an individual record, an employee (with approval) would access CRMS or OCIO legacy database for an individual complaint file and enter the complainant's last and first name or the case number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records are retained indefinitely in accordance with NARA's General Records Schedule 16. OASCR is working closely with the National Archives and Records Administration to update retention schedules. Records will be retained indefinitely pending NARA's approval of a records retention schedule.

USDA's General Records Schedule covers records-documenting activities related to managing relationships among the agency, its employees, and its unions and bargaining units.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Physical security measures are in place to prevent unauthorized persons from accessing OASCR. Electronic records are stored on secure file servers. OASCR includes physical access controls, firewalls, intrusion detection systems, and system auditing to prevent unauthorized access. To access OASCR, users are required to complete the USDA eAuthentication registration process and are validated through role-based authentication and authorization.

Paper files are kept in a safeguarded environment with controlled access only by authorized personnel. All OASCR users are also required to complete appropriate training to learn requirements for safeguarding records maintained under the Privacy Act. Digital Infrastructure Services Center (DISC) safeguards records and ensures that privacy requirements are met in accordance with Federal and cyber security mandates. DISC provides continuous storage management, security administration, regular dataset backups, and contingency planning/disaster recovery. DISC employs automated mechanisms to restrict access to media storage areas. This is done by requiring a successful scan from the Facility Security System prior to entrance. The Facility Security System requires an employee to successfully scan both their badge and a fingerprint to access areas containing stored media. The DISC also employs automated mechanisms to audit access attempts and access granted into these areas.

RECORD ACCESS PROCEDURES:

All requests for access to records must be in writing and should be submitted to the OASCR FOIA Officer, 1400 Independence Avenue SW, Washington, DC 20250; or by email at USDAFOIA@usda.gov. In accordance with 7 CFR part 1, subpart G, § 1.112 (Procedures for requests pertaining to individual records in a record system), the request must include the full name of the individual making the request; the name of the system of records; and preference of inspection, in person or by mail. In accordance with 7 CFR 1.113, prior to inspection of the records, the requester shall present sufficient identification (e.g., driver's license, employee identification card, social security card, credit cards) to establish that the requester is the individual to whom the records pertain. In addition, if an individual submitting a request for access wishes to be supplied with copies of the records by mail, the requester must include with his or her request sufficient data for the agency to verify the requester's identity.

CONTESTING RECORD PROCEDURES:

Individuals seeking to contest or amend records maintained in this system of records must direct their request to the address indicated in the “RECORD ACCESS PROCEDURES” paragraph, above and must follow the procedures set forth in 7 CFR part 1, subpart G, § 1.116 (Request for correction or amendment to record). All requests must state clearly and concisely what record is being contested, the reasons for contesting it, and the proposed amendment to the record.

NOTIFICATION PROCEDURES:

Individuals may be notified if a record in this system of records pertains to them when the individuals request information utilizing the same procedures as those identified in the “RECORD ACCESS PROCEDURES” paragraph, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.