Privacy Act of 1974; System of Records

AGENCY:

Corporation for National and Community Service.

ACTION:

Notice of a modified system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, the Corporation for National and Community Service (CNCS) Office of General Counsel (OGC) proposes to modify and rename a current CNCS system of records, Legal Office Litigation/Correspondence Files—Corporation-13 to include substantive changes and modifications described in detail in the supplementary section.

DATES:

You may submit comments until October 3, 2019. This System of Records Notice (SORN) will be effective October 3, 2019 unless CNCS receives any timely comments which would result in a contrary determination.

ADDRESSES:

You may submit comments, identified by system name and number, to CNCS via any of the following methods:

1. Electronically through regulations.gov.

Once you access regulations.gov, locate the web page for this SORN by searching for CNCS-01-OGC-Office of General Counsel (OGC) Legal Files. If you upload any files, please make sure they include your first name, last name, and the name of the proposed SORN.

2. By email at privacy@cns.gov.

3. By mail: Corporation for National and Community Service, Attn: Chief Privacy Officer, OIT, 250 E St. SW, Washington, DC 20525.

4. By hand delivery or courier to CNCS at the address for mail between 9:00 a.m. and 4:00 p.m. Eastern Standard Time, Monday through Friday, except for Federal holidays.

Please note that all submissions received may be posted without change to regulations.gov, including any personal information.

FOR FURTHER INFORMATION CONTACT:

If you have general questions about the system of record, you can email them to FOIA@cns.gov or mail them to the address in the ADDRESSES section above. Please include the system of record's name and number.

SUPPLEMENTARY INFORMATION:

This notice serves to update and modify CNCS's SORN titled “CORPORATION-13” to incorporate changes to the system, include more details, and conform to SORN template requirements prescribed in Office of Management and Budget (OMB) Circular No. A-108. The substantive changes and modifications to the currently published version of CORPORATION-13 include:

1. Renumbering and renaming the SORN as CNCS-01-OGC-Office of General Counsel (OGC) Legal Files.

2. Stating that the records in the system are unclassified.

3. Updating all addresses to reflect the system's new location.

4. Specifying the authorities that permit maintenance of the system.

5. Clarifying and expanding the system purpose to maintain files related to legal actions, legal reviews, transactions, and other OGC activities consistent with its statutory authorities.

6. Expanding the categories of individuals, categories of records, and records source categories to match that broader purpose.

7. Replacing the current set of routine uses with new and modified routine uses that are specific to the system. This includes routine uses to conform with OMB Memorandum M-17-12, Preparing for and Responding to a Breach of Personally Identifiable Information (Jan. 3, 2017).

8. Expanding and clarifying how records may be stored and retrieved.

9. Revising the retention and disposal section to reflect updated guidance from the National Archives and Records Administration.

10. Revising the safeguards section to reflect updated cybersecurity guidance and practices.

11. Updating the record access, contesting record, and notification procedures to inform individuals that they may email an inquiry, establish a more efficient process, and clarify what individuals should include in an inquiry.

12. Providing additional information about the exemptions promulgated for the system.

CNCS determined that these changes are the most efficient, logical, taxpayer-friendly, and user-friendly method of complying with the publication requirements of the Privacy Act of 1974, as amended. The subject records reflect a common purpose, common functions, and common user community. This Notice of a Modified Systems of Records, as required by 5 U.S.C. 552a, also fully complies with all OMB policies.

SYSTEM NAME AND NUMBER:

CNCS-01-OGC-Office of General Counsel (OGC) Legal Files.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Office of General Counsel, Corporation for National and Community Service, 250 E St. SW, Washington, DC 20525.

SYSTEM MANAGER(S):

Law Office Manager, Office of General Counsel, Corporation for National and Community Service, 250 E St. SW, Washington, DC 20525.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

28 U.S.C. Chapter 171—Tort Claims Procedure, 31 U.S.C. Chapter 37—Claims, 40 U.S.C. Subtitle I—Federal Property and Administrative Services, and 42 U.S.C. 12651c—Corporation for National and Community Service.

PURPOSE(S) OF THE SYSTEM:

The Corporation for National and Community Service (CNCS) Office of General Counsel (OGC) uses the system to track, store, and manage the records it develops and acquires on matters that could or have led to investigations, mediation, or other legal actions before a judicial, administrative, or adjudicative body (collectively, “legal action records”). OGC also uses the system to track, store, and manage the records it develops and acquires to complete legal reviews, provide legal opinions, oversee transactions, coordinate with other agencies, and perform other legal activities on behalf of CNCS (collectively, “legal advice and guidance records”).

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Categories of individuals covered by the system may include individuals who are or were involved in:

• Potential or actual legal actions with CNCS or referenced in the legal action. That may include parties to the legal action, mediators, arbiters, judges, other court personnel, witnesses, individuals with information that pertains to the legal action, CNCS employees, grantees, service members, and applicants.
• A transaction with CNCS, contract involving CNCS, or a CNCS program or matter that involves a legal or compliance review or other legal activity.

CATEGORIES OF RECORDS IN THE SYSTEM:

Legal action records may include, but are not limited to: Complaints, appeals documents, investigation reports, discovery documents, affidavits, declarations, witness statements, notes from interviews, correspondence within CNCS, documents and correspondence between the parties, the courts, or other individuals or entities involved in the legal action, court filings, mediations, personnel documents, grievance proceedings, and other internal working documents. The personal information in these documents may include, but are not limited to: names, dates of birth, addresses, telephone numbers, Social Security Numbers (SSNs), and salary information.

Legal advice and guidance records may include, but are not limited to: Contracts, Internal reports, notes, legal memoranda, correspondence to and from CNCS employees, contractors, grantees, service members, and applicants, information regarding grantees, service members, and applicants, and other documents about CNCS' operations and services that have been reviewed by OGC. The personal information in these documents may include, but are not limited to: Names, SSNs, National Service Participant Identification (NSPID) Numbers, home addresses, phone numbers, email addresses, dates of birth, financial information, medical records, salary information, and personnel records.

RECORD SOURCE CATEGORIES:

Records sources may include: individuals and entities involved in a legal action with CNCS and their authorized agents, individuals and entities with information relevant to a legal issue or action with CNCS and their authorized agents, CNCS employees, service members, grantees, applicants, information systems managed and controlled by CNCS and its contractors, information gathered from public sources, investigators, mediators, court records, grievance proceedings, contractors, and other Federal agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, as amended, all or a portion of the records or information contained in the system may be disclosed to authorized entities, as is determined to be relevant and necessary, as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

1. To appropriate agencies, entities, and persons when:

a. CNCS suspects or has confirmed that there has been a breach of the system of records;

b. CNCS has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, CNCS (including its information systems, programs, and operations), the Federal Government, or national security; and

c. The disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with CNCS's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

2. To another Federal agency or Federal entity, when CNCS determines that information from the system of records is reasonably necessary to assist the recipient agency or entity in:

a. Responding to a suspected or confirmed breach or

b. Preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

3. To the National Archives and Records Administration (NARA) as needed to assist CNCS with records management, conduct inspections of CNCS's records management practices, and carry out other activities required by 44 U.S.C. 2904 and 2906.

4. To NARA's Office of Government Information Services so that it may review agency compliance with the Freedom of Information Act of 1967, as amended, (FOIA) provide mediation services to resolve FOIA disputes, and identify policies and procedures for improving FOIA compliance, and to the extent necessary to fulfill its responsibilities as required by 5 U.S.C. 552(h)(2)(A-B) and (3).

5. To a Federal agency in connection with hiring or retaining an employee, vetting a service member in response to the issuance of a security clearance, conducting a background check for suitability or security investigation of an individual, classifying jobs, the letting of a contract, or the issuance of a license, contract, grant, or other benefit by the requesting agency, and to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.

6. To the Equal Employment Opportunity Commission when requested in connection with investigations into alleged or possible discrimination practices in the Federal sector, compliance by Federal agencies with the Uniform Guidelines on Employee Selection Procedures, or other functions vested in the Commission and to otherwise ensure compliance with the provisions of 5 U.S.C. 7201.

7. To the Office of the President, a Member of Congress, or their personnel in response to a request made on behalf of, and at the request of, the individual who is the subject of the record. These advocates will receive the same records that individuals would have received if they filed their own request.

8. To any official or designee charged with the responsibility to conduct qualitative assessments at a designated statistical agency and other well established and trusted public or private research organizations, academic institutions, or agencies for an evaluation, study, research, or other analytical or statistical purpose.

9. To agency contractors, grantees, interns, and other authorized individuals engaged to assist the agency in the performance of a project, contract, service, grant, cooperative agreement, or other activity and require access to the records to accomplish an agency function, task, or assignment. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to CNCS employees.

10. To the news media and the public, with the approval of the Chief Privacy Officer in consultation with counsel, when there exists a legitimate public interest in the disclosure of the information, when disclosure is necessary to preserve confidence in the integrity of CNCS, or when disclosure is necessary to demonstrate the accountability of CNCS' officers, employees, or individuals covered by the system, except to the extent the Chief Privacy Officer determines that release of the specific information in the context of a particular case would constitute a clearly unwarranted invasion of personal privacy.

11. To an appropriate Federal, State, local, tribal, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a statute, rule, regulation, or order, when a record, either on its face or in conjunction with other information, indicates a violation or potential violation of civil or criminal law or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.

12. To consumer reporting agencies (as defined in the Fair Credit Reporting Act, 14 U.S.C. 1681a(f), or the Federal Claims Collection Act of 1966, 31 U.S.C. 3701(a)(3)), the U.S. Department of the Treasury, other Federal agencies maintaining debt servicing centers, and private collection contractors to collect a debt owed to the Federal Government as provided in regulations promulgated by CNCS.

13. To a contractor, grantee, or other recipient of Federal funds indebted to the Federal Government through its receipt of Federal Government funds if release of the record would allow the debtor to collect from a third party.

14. The names, SSNs, home addresses, dates of birth, dates of hire, quarterly earnings, employer identifying information, and state of hire of employees may be disclosed to the Office of Child Support Enforcement Federal Parent Locator Service and the Treasury Offset Program to locate individuals owing child support and identify their income sources, establish and modify orders of child support, and for other child support enforcement actions.

15. To a contractor, grantee, or other recipient of Federal funds when the record to be released reflects serious inadequacies with the recipient's personnel, and disclosure of the record permits the recipient to effect corrective action in the Federal Government's best interests.

16. To the Department of Justice (DOJ) when:

a. The agency, or any component thereof;

b. Any employee of the agency in his or her official capacity;

c. Any employee of the agency in his or her individual capacity where DOJ has agreed to represent the employee; or

d. The United States, where the agency determines that litigation is likely to affect the agency or any of its components is a party to litigation or has an interest in litigation, and the use of such records by the DOJ is deemed by the agency to be relevant and necessary to the litigation, provided, however, that in each case, the agency determines that disclosure of the records to the DOJ is a use of the information contained in the records that is compatible with the purpose for which the records were collected.

17. To a court, administrative body, or adjudicative body before which the agency is authorized to appear, when:

a. The agency, or any component thereof;

b. Any employee of the agency in his or her official capacity;

c. Any employee of the agency in his or her individual capacity where the agency has agreed to represent the employee; or

d. The United States, where the agency determines that litigation is likely to affect the agency or any of its components, is a party to litigation or has an interest in litigation, and the use of such records by the DOJ is deemed by the agency to be relevant and necessary to the litigation, provided, however, that in each case, the agency determines that disclosure of the records to the DOJ is a use of the information contained in the records that is compatible with the purpose for which the records were collected.

18. To a Federal or State agency, judicial body, administrative body, adjudicative body, another party or their representative to a legal matter, or witness when (a) the Federal Government is a party or potential party to a judicial, administrative, or adjudicative proceeding and (b) the record is both necessary and relevant or potentially relevant to that proceeding.

19. To an arbiter, mediator, or another individual authorized to investigate or settle a grievance, complaint, or appeal filed by an individual who is the subject of, or party to, the record.

20. To any agency, entity, or individual when necessary to acquire information relevant to an investigation.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Paper records are stored in locked rooms, file cabinets, and desks. Electronic records and backups are stored on secure servers and encrypted media to include, but are not limited to, the computers and network drives used by OGC attorneys.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records in the system may be retrieved by a variety of unique identifiers including case numbers, NSPID Numbers, names, CNCS email addresses, and SSNs.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

System records are retained and disposed according to CNCS records maintenance and disposition schedules and the legal records retention and disposal requirements of NARA. The records are retained for a minimum of five years and many records are retained indefinitely.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Paper records are maintained in locked rooms, file cabinets, and desks when not in use. Electronic records are maintained in accordance with National Institute of Standards and Technology Special Publication 800-53 Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations or the updated equivalent. Access to the records is limited to authorized personnel who require the information to complete their assigned tasks and have been trained how to properly handle and safeguard the records.

RECORD ACCESS PROCEDURES:

In accordance with 45 CFR part 2508—Implementation of the Privacy Act of 1974, as amended, individuals wishing to access their own records as stored within the system of records may contact the FOIA Officer/Privacy Act Officer by sending (1) an email to FOIA@cns.gov or (2) a letter to the System Manager. Individuals may also go in-person to the System Location and ask to speak to the FOIA Officer/Privacy Act Officer within OGC. Individuals who make a request must include enough identifying information (i.e. full name, current address, date, and signature) to locate their records, indicate that they want to access their records, and be prepared to confirm their identity as required by 45 CFR part 2508.

CONTESTING RECORD PROCEDURES:

Individuals who wish to contest their own records as stored within the system of records may contact the FOIA Officer/Privacy Act Officer in writing via the contact information in the Record Access Procedures section. Individuals who make a request must include enough identifying information to locate their records, an explanation of why they think their records are incomplete or inaccurate, and be prepared to confirm their identity as required by 45 CFR part 2508.

NOTIFICATION PROCEDURES:

Individuals who wish to contest their own records as stored within the system of records may contact the FOIA Officer/Privacy Act Officer via the contact information in the Record Access Procedures section. Individuals who make a request must include enough identifying information to locate their records, indicate that they want to be notified whether their records are included in the system, and be prepared to confirm their identity as required by 45 CFR part 2508.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

Pursuant to, and limited by, 5 U.S.C. 552a(d)(5) and 45 CFR 2508.19, the system is exempted from the provisions of 5 U.S.C. 552a(d)(5) and 45 CFR 2508.4 insofar as the system contains information compiled in reasonable anticipation of a civil action or proceeding.

HISTORY:

64 FR 10879, 10889, March 5, 1999; 65 FR 46890, 46901, August 1, 2000; 67 FR 4395, 4406, January 30, 2002.