Privacy Act of 1974; System of Records

AGENCY:

Office of the Chief Financial Officer (OCFO), HUD.

ACTION:

Notice of a new system of records.

SUMMARY:

The Payroll Data Analytics Project was created to analyze payroll disbursement data. For the HUD employees in the collection, the HUD Office of the Chief Financial Officer (OCFO) collects the first five letters of the first name and the last 4 digits of Social Security Numbers (SSN) from the Department of Treasury, Administrative Resource Center (ARC). This is collected as part of the payroll data used to identify questionable payroll transactions that may require further review by HUD management. If needed, OCFO will request HUD employees' Standard Form 50 (SF-50) from HUD's Office of the Chief Human Capital Officer (OCHCO) for potential outliers that require justification. HUD OCHCO sends the SF-50 to HUD OCFO via encrypted email. The SF-50 includes Personally Identifiable Information (PII) such as full name, date of birth, SSN, pay grade, salary, veterans' preference, and all other data included in the SF-50 template.

DATES:

This notice action shall be applicable immediately, which will become effective December 20, 2021.

Comments will be accepted on or before: December 20, 2021.

ADDRESSES:

You may submit comments, identified by docket number [FR-7046-N-01] by one of the following methods:

Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions provided on that site to submit comments electronically;

Fax: 202-619-8365;

Email: privacy@hud.gov;

Mail: Attention: Privacy Office; Chief Privacy Officer, Mr. LaDonne White, The Executive Secretariat; 451 Seventh Street SW, Room 10139, Washington, DC 20410-0001.

Instructions: All submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to http://www.regulations.gov. including any personal information provided.

Docket: For access to the docket to read background documents or comments received go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

LaDonne White, Chief Privacy Officer, The Privacy Office, 451 Seventh Street SW, Room 10139, Washington, DC 20410-1000; telephone number 202-708-3054 (this is not a toll-free number).

SUPPLEMENTARY INFORMATION:

HUD OCFO is creating a system of records for the Payroll Data Analytics Project to collect HUD employees' PII from the Treasury ARC and HUD OCHCO. The PII that Treasury has is initially collected for payroll purposes. HUD OCFO will collect from Treasury only the first five digits of the first name and the last four digits of the Social Security Number (SSN) for all individuals within HUD's payroll. HUD OCFO will use R Script to review and identify any questionable payroll transactions and/or outliers ( e.g., mismatch of Employee Name and SSN, fraudulent transactions). An R Script is a set of instructions that tells the computer what to do. If any are identified, HUD OCFO will request SF-50s from OCHCO for the specified employee(s) for justification and further review.

SYSTEM NAME AND NUMBER:

Payroll Data Analytics Project.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Records collected by HUD OCFO are maintained at the Department of Housing and Urban Development Local Area Network (LAN), which resides at the National Center for Critical Information Processing and Storage (NCCIPS), Stennis Space Center, MS and at the Mid-Atlantic Data Center, Clarksville, VA.

SYSTEM MANAGER(S):

Director, OCFO Financial Policy and Procedures Division, 451 7th St. SW, Washington, DC 20410-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 6101-6133; 5 U.S.C. 6301-6387; 44 U.S.C. 3101; 5 U.S.C. 5501-5597; 5 CFR part 630; 31 U.S.C. 3512(b); 31 U.S.C. 3351 et seq. —Payment Integrity Information Act (PIIA) of 2019; Executive Order 13478; OMB Circular No. A 123, Appendix A, Management of Reporting and Data Integrity Risk.

PURPOSE(S) OF THE SYSTEM:

Identification and Validation—Payroll data is collected for reviewing and identifying questionable payroll transactions and/or outliers ( e.g., mismatch of Employee Name and SSN) that may require further review by HUD Management to comply with OMB Circular No. A 123, Appendix A, “Management of Reporting and Data Integrity Risk.”

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

All HUD employees from the previous fiscal year.

CATEGORIES OF RECORDS IN THE SYSTEM:

The following data is collected from Treasury ARC: First five characters of HUD employee's first name; last four digits of HUD employee's SSN. If further review needs to be done on an individual's payroll accounting, the SF-50 is collected from HUD OCHCO, which includes: Full name, date of birth, SSN, pay grade, salary, veterans preference, and all other data included in the SF-50 template.

RECORD SOURCE CATEGORIES:

These records contain information obtained from the Department of Treasury, Administrative Resource Center (ARC), which serves as the HR shared service provider for HUD. Note: HUD OCFO is not the initial collector of the information from individuals.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition, the Privacy Act allows HUD to disclose records from its systems of records, from the following headings (1)-(14), to appropriate agencies, entities, and persons, when the records being disclosed are compatible with the purpose for which the system was developed. The routine use statements specified in this notice shall not be used to construe, limit, or waive any other routine use condition or exemption specified in the text of an individual system of records, and may overlap in some cases. The routine use statements and their conditions for disclosure are categorized below.

(1) Department of Treasury for Payroll Adjustments/Corrections Disclosure Routine Use:

To the Department of Treasury's Administrative Resource Center (ARC), for the purpose of adjusting any payroll transactional error findings.

(2) General Service Administration Information Disclosure Routine Use:

To the National Archives and Records Administration (NARA) and the General Services Administration (GSA) for records having sufficient historical or other value to warrant its continued preservation by the United States Government, or for inspection under authority of Title 44, Chapter 29, of the United States Code.

(3) Congressional Inquiries Disclosure Routine Use:

To a congressional office from the record of an individual, in response to an inquiry from the congressional office made at the request of that individual.

(4) Health and Safety Prevention Disclosure Routine Use:

To appropriate Federal, State, and local governments, or persons, pursuant to a showing of compelling circumstances affecting the health or safety or vital interest of an individual or data subject, including assisting such agencies or organizations in preventing the exposure to or transmission of a communicable or quarantinable disease, or to combat other significant public health threats, if upon such disclosure appropriate notice was transmitted to the last known address of such individual to identify the health threat or risk.

(5) Consumer Reporting Agency Disclosure Routine Use:

To a consumer reporting agency, when trying to collect a claim owed on behalf of the Government, in accordance with 31 U.S.C. 3711(e).

(6) Computer Matching Program Disclosure Routine Use:

To Federal, State, and local agencies, their employees, and agents for the purpose of conducting computer matching programs as regulated by the Privacy Act of 1974, as amended (5 U.S.C. 552a).

(7) Prevention of Fraud, Waste, and Abuse Disclosure Routine Use:

To Federal agencies, non-Federal entities, their employees, and agents (including contractors, their agents or employees; employees or contractors of the agents or designated agents); or contractors, their employees or agents with whom HUD has a contract, service agreement, grant, cooperative agreement, or computer matching agreement for the purpose of: (1) Detection, prevention, and recovery of improper payments; (2) detection and prevention of fraud, waste, and abuse in major Federal programs administered by a Federal agency or non-Federal entity; (3) detection of fraud, waste, and abuse by individuals in their operations and programs, but only to the extent that the information shared is necessary and relevant to verify pre-award and prepayment requirements prior to the release of Federal funds, prevent and recover improper payments for services rendered under programs of HUD or of those Federal agencies and non-Federal entities to which HUD provides information under this routine use.

(8) Research and Statistical Analysis Disclosure Routine Uses:

(a) To contractors, grantees, experts, consultants, Federal agencies, and non-Federal entities, including, but not limited to, State and local governments and other research institutions or their parties, and entities and their agents with whom HUD has a contract, service agreement, grant, or cooperative agreement, when necessary to accomplish an agency function, related to a system of records, for the purposes of statistical analysis and research in support of program operations, management, performance monitoring, evaluation, risk management, and policy development, or to otherwise support the Department's mission. Records under this routine use may not be used in whole or in part to make decisions that affect the rights, benefits, or privileges of specific individuals. The results of the matched information may not be disclosed in identifiable form.

(b) To a recipient who has provided the agency with advance, adequate written assurance that the record provided from the system of records will be used solely for statistical research or reporting purposes. Records under this condition will be disclosed or transferred in a form that does not identify an individual.

(9) Information Sharing Environment Disclosure Routine Uses:

To contractors, grantees, experts, consultants and their agents, or others performing or working under a contract, service, grant, or cooperative agreement with HUD, when necessary to accomplish an agency function related to a system of records. Disclosure requirements are limited to only those data elements considered relevant to accomplishing an agency function. Individuals provided information under these routine use conditions are subject to Privacy Act requirements and disclosure limitations imposed on the Department.

(10) Data Testing for Technology Implementation Disclosure Routine Use:

To contractors, experts and consultants with whom HUD has a contract, service agreement, or other assignment of the Department, when necessary to utilize relevant data for the purpose of testing new technology and systems designed to enhance program operations and performance.

(11) Data Breach Remediation Purposes Routine Use:

(a) To appropriate agencies, entities, and persons when (1) HUD suspects or has confirmed that there has been a breach of the system of records; (2) HUD has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, HUD (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with [the agency's] efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(b) To another Federal agency or Federal entity, when HUD determines that information from this systems of record is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal government, or national security resulting from a suspected or confirmed breach.

(12) Disclosures for Law Enforcement Investigations Routine Uses:

(a) To appropriate Federal, State, local, tribal, or governmental agencies or multilateral governmental organizations responsible for investigating or prosecuting the violations of, or for enforcing or implementing, a statute, rule, regulation, order, or license, where HUD determines that the information would assist in the enforcement of civil or criminal laws.

(b) To third parties during the course of a law enforcement investigation, to the extent necessary to obtain information pertinent to the investigation, provided the disclosure of such information is appropriate to the proper performance of the official duties of the officer making the disclosure.

(13) Court or Law Enforcement Proceedings Disclosure Routine Uses:

(a) To a court, magistrate, administrative tribunal, or arbitrator in the course of presenting evidence, including disclosures to opposing counsel or witnesses in the course of civil discovery, litigation, mediation, or settlement negotiations; or in connection with criminal law proceedings; or in response to a subpoena or to a prosecution request when such records to be released are specifically approved by a court provided order.

(b) To appropriate Federal, State, local, tribal, or governmental agencies or multilateral governmental organizations responsible for investigating or prosecuting the violations of, or for enforcing or implementing, a statute, rule, regulation, order, or license, where HUD determines that the information would assist in the enforcement of civil or criminal laws.

(c) To third parties while a law enforcement investigation to the extent necessary to obtain information pertinent to the investigation, provided disclosure is appropriate to the proper performance of the official duties of the officer making the disclosure.

(d) To another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request to the agency that maintains the record, specifying the particular portion desired and the law enforcement activity for which the record is sought.

(14) Department of Justice for Litigation Disclosure Routine Use:

To the Department of Justice (DOJ) when seeking legal advice for a HUD initiative or in response to DOJ's request for the information, after either HUD or DOJ determine that such information is relevant to DOJ's representatives of the United States or any other components in legal proceedings before a court or adjudicative body, provided that, in each case, the agency also determines prior to disclosure that disclosure of the records to DOJ is a use of the information contained in the records that is compatible with the purpose for which HUD collected the records. HUD on its own may disclose records in this system of records in legal proceedings before a court or administrative body after determining that the disclosure of the records to the court or administrative body is a use of the information contained in the records that is compatible with the purpose for which HUD collected the records.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

General Records

Records will be stored on a shared drive (J:/Drive) in a restricted folder with restricted access to specific staff. The shared drive is a part of the HUD Local Area Network (LAN).

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Designated OCFO Financial Management staff members will pull records from the restricted shared drive folder (J:/Drive).

POLICIES AND PRACTICIES FOR RENTENTION AND DISPOSAL OF RECORDS

Destroy 6 years after final payment or cancellation, but longer retention is authorized if required for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Users must log into their workstation with their PIV (ID) badge and a PIN number to log into the computer and access the HUD network. The data is stored on the HUD LAN resides at the Stennis and Clarksville Data Centers. Both data centers are managed by the OCIO Infrastructure and Operations Office (IOO) and are secured by security guards with ID badges and cameras. Files are stored on a shared drive folder J:/Drive in a restricted folder with restricted access to specific staff and the files are encrypted at rest. All OCFO staff must complete annual IT Security Awareness/Privacy Awareness Training, and electronically sign the Enterprise Rules of Behavior.

RECORD ACCESS PROCEDURES:

Individuals seeking to determine whether this System of Records contains information on themselves should address written inquiries to the Department of Housing Urban and Development 451 7th Street SW, Washington, DC. For verification purposes, individuals should provide full name, current address, and telephone number. In addition, the requester must provide either a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format:

If executed outside the United States: “I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on (date). (Signature).”

If executed within the United States, its territories, possessions, or commonwealths: “I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature).”

CONTESTING RECORD PROCEDURES:

The HUD rule for accessing, contesting, and appealing agency determinations by the individual concerned are published in 24 CFR part 16 or may be obtained from the system manager.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether information about themselves is contained in this system should address written inquiries to the Department of Housing Urban Development Chief Financial Officer, 451 7th Street SW, Washington, DC 20410-0001. For verification purposes, individuals should provide full name, office or organization where currently assigned, if applicable, and current address and telephone number. In addition, the requester must provide either a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format:

If executed outside the United States: “I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on (date). (Signature).”

If executed within the United States, its territories, possessions, or commonwealths: “I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature).”

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

N/A.

HISTORY:

N/A.