Privacy Act of 1974; System of Records

AGENCY:

Office of Mission Support (OMS), Environmental Protection Agency (EPA).

ACTION:

Notice of a new system of records.

SUMMARY:

The U.S. Environmental Protection Agency's (EPA), Office of Human Resources is giving notice that it proposes to create a new system of records pursuant to the provisions of the Privacy Act of 1974. The Talent Enterprise Diagnostic (TED) system is being created to establish a new tool within Sharepoint, the Agency's existing Microsoft O365 web-based document management and storage system. TED provides for the collection of information to track, update, and assess the skills of positions throughout EPA along with the corresponding skills of incumbents in those positions. TED supports the Agency's efforts to: (1) Develop policies and programs that are based on comprehensive workforce planning and analysis; and (2) meet requirements under 5 CFR 250, such as monitoring and addressing government-wide and Agency-specific skill gaps in mission-critical occupations. The system information will be accessed and used by EPA's supervisors, designated human resources specialists and analysts, managers within each office and region, Agency-wide senior leaders, and the Agency's training branch. TED provides for the collection of information to track, update, and assess the skills of positions throughout EPA along with the corresponding skills of incumbents in those positions.

DATES:

Persons wishing to comment on this system of records notice must do so by May 7, 2021. New routine uses for this new system of records will be effective May 7, 2021.

ADDRESSES:

Submit your comments, identified by Docket ID No. OMS-2020-0483, by one of the following methods:

Regulations.gov: www.regulations.gov Follow the online instructions for submitting comments.

Email: oei.docket@epa.gov.

Fax: 202-566-1752.

Mail: OMS Docket, Environmental Protection Agency, Mail Code: 2822T, 1200 Pennsylvania Ave. NW, Washington, DC 20460.

Hand Delivery: OMS Docket, EPA/DC, WJC West Building, Room 3334, 1301 Constitution Ave. NW, Washington, DC 20460. Such deliveries are only accepted during the Docket's normal hours of operation, and special arrangements should be made for deliveries of boxed information.

Instructions: Direct your comments to Docket ID No. OMS-2020-0483. The EPA policy is that all comments received will be included in the public docket without change and may be made available online at www.regulations.gov,, including any personal information provided, unless the comment includes information claimed to be Controlled Unclassified Information (CUI) or other information for which disclosure is restricted by statute. Do not submit information that you consider to be CUI or otherwise protected through www.regulations.gov. The www.regulations.gov website is an “anonymous access” system for EPA, which means the EPA will not know your identity or contact information unless you provide it in the body of your comment. Each agency determines submission requirements within their own internal processes and standards. EPA has no requirement of personal information. If you send an email comment directly to the EPA without going through www.regulations.gov your email address will be automatically captured and included as part of the comment that is placed in the public docket and made available on the internet. If you submit an electronic comment, the EPA recommends that you include your name and other contact information in the body of your comment. If the EPA cannot read your comment due to technical difficulties and cannot contact you for clarification, the EPA may not be able to consider your comment. Electronic files should avoid the use of special characters, any form of encryption, and be free of any defects or viruses. For additional information about the EPA public docket, visit the EPA Docket Center homepage at http://www.epa.gov/epahome/dockets.htm.

Docket: All documents in the docket are listed in the www.regulations.gov index. Although listed in the index, some information is not publicly available, e.g., CUI or other information for which disclosure is restricted by statute. Certain other material, such as copyrighted material, will be publicly available only in hard copy. Publicly available docket materials are available either electronically in www.regulations.gov or in hard copy at the OMS Docket, EPA/DC, WJC West Building, Room 3334, 1301 Constitution Ave. NW, Washington, DC 20460.

Temporary Hours During COVID-19

Out of an abundance of caution for members of the public and our staff, the EPA Docket Center and Reading Room are closed to the public, with limited exceptions, to reduce the risk of transmitting COVID-19. Our Docket Center staff will continue to provide remote customer service via email, phone, and webform. We encourage the public to submit comments via https://www.regulations.gov/ or email, as there may be a delay in processing mailand faxes. Hand deliveries and couriers may be received by scheduled appointment only. For further information on EPA Docket Center services and the current status, please visit us online at https://www.epa.gov/dockets. The telephone number for the Public Reading Room is (202) 566-1744, and the telephone number for the OMS Docket is (202) 566-1752.

FOR FURTHER INFORMATION CONTACT:

Please submit questions to Mara Kamen, kamen.mara@epa.gov, 202-564-7159, Director, Office of Human Resources, Office of Mission Support, U.S. Environmental Protection Agency, 1200 Pennsylvania Avenue NW, Washington, DC 20460.

SUPPLEMENTARY INFORMATION:

TED is a workforce planning tool that helps managers and supervisors identify competency gaps. Agency leaders will use data from TED to develop strategies to mitigate future occupational and skill gaps. TED consists of personalized profiles for each employee. The profiles include work-related information to help supervisors identify and select staff from a directory and determine competency gaps for workforce planning. The system information is derived from EPA's personnel and payroll system called the U.S. Department of Interior's Oracle Business Intelligence Enterprise Edition (IBC/OBIEE). EPA plans to institute several security controls to protect personally identifiable information in TED.

SYSTEM NAME AND NUMBER:

Talent Enterprise Diagnostic (TED), EPA-84.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Office of Human Resources, U.S. Environmental Protection Agency, 1200 Pennsylvania Avenue NW, Washington, DC 20460.

SYSTEM MANAGER(S):

Mara Kamen, kamen.mara@epa.gov, 202-564-7159, Director, Office of Human Resources, U.S. Environmental Protection Agency, 1200 Pennsylvania Avenue NW, Washington, DC 20460.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S. Code 1401 (Establishment of Agency Chief Human Capital Officers); 5 U.S.C. 1402 (a)(2), (b)(1), (b)(2) (Authority and functions of Agency Chief Human Capital Officers, as it applies to identifying and closing competency gaps): 5 CFR 250.203 (b)(1) and (b)(3); and 5 CFR 250.204 (a)(3).

PURPOSE(S) OF THE SYSTEM:

To monitor, address, report and track government-wide and Agency-specific skill gaps within mission critical occupations as required under 5 CFR 250 through a Microsoft O365 SharePoint-based application. To share data resulting from these competency assessments with Agency senior leaders and management for the purpose of developing strategies to close competency gaps.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

EPA employees, and their supervisors or managers.

CATEGORIES OF RECORDS IN THE SYSTEM:

Name of supervisor, randomized SharePoint incumbent ID number, first and last name of employee, pay plan, grade, location, occupational series, organization to which the position is assigned, occupational series, role, name of competency and the proficiency level required for each position, name of competency and the proficiency level required for each incumbent in each position.

RECORD SOURCE CATEGORIES:

The sources of information include: (1) Data pulled from EPA's personnel and payroll system (IBC/OBIEE); and (2) EPA supervisors' assessments of: (a) The skills proficiency levels required of each position under the supervisor's immediate chain of command; and (b) assessments of the skills proficiency levels of each incumbent occupying those positions.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

The routine uses for this system are compatible with the purpose for which their records are collected. The information may be disclosed to and for the following EPA General Routine Uses: A, B, C, D, E, F, G, H, I, J, and K apply to this system. Routine uses L, and M are required in accordance with OMB-M-17-12.

A. Disclosure for Law Enforcement Purposes:

Information may be disclosed to the appropriate Federal, State, local, tribal, or foreign agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order, if the information is relevant to a violation or potential violation of civil or criminal law or regulation within the jurisdiction of the receiving entity.

B. Disclosure Incident to Requesting Information:

Information may be disclosed to any source from which additional information is requested (to the extent necessary to identify the individual, inform the source of the purpose of the request, and to identify the type of information requested,) when necessary to obtain information relevant to an Agency decision concerning retention of an employee or other personnel action (other than hiring,) retention of a security clearance, the letting of a contract, or the issuance or retention of a grant, or other benefit.

C. Disclosure to Requesting Agency:

Disclosure may be made to a Federal, State, local, foreign, or tribal or other public authority of the fact that this system of records contains information relevant to the retention of an employee, the retention of a security clearance, the letting of a contract, or the issuance or retention of a license, grant, or other benefit. The other agency or licensing organization may then make a request supported by the written consent of the individual for the entire record if it so chooses. No disclosure will be made unless the information has been determined to be sufficiently reliable to support a referral to another office within the agency or to another Federal agency for criminal, civil, administrative, personnel, or regulatory action.

D. Disclosure to Office of Management and Budget:

Information may be disclosed to the Office of Management and Budget at any stage in the legislative coordination and clearance process in connection with private relief legislation as set forth in OMB Circular No. A-19.

E. Disclosure to Congressional Offices:

Information may be disclosed to a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of the individual.

F. Disclosure to Department of Justice:

Information may be disclosed to the Department of Justice, or in a proceeding before a court, adjudicative body, or other administrative body before which the Agency is authorized to appear, when:

1. The Agency, or any component thereof;

2. Any employee of the Agency in his or her official capacity;

3. Any employee of the Agency in his or her individual capacity where the Department of Justice or the Agency have agreed to represent the employee; or

4. The United States, if the Agency determines that litigation is likely to affect the Agency or any of its components, is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice or the Agency is deemed by the Agency to be relevant and necessary to the litigation provided, however, that in each case it has been determined that the disclosure is compatible with the purpose for which the records were collected.

G. Disclosure to the National Archives:

Information may be disclosed to the National Archives and Records Administration in records management inspections.

H. Disclosure to Contractors, Grantees, and Others:

Information may be disclosed to contractors, grantees, consultants, or volunteers performing or working on a contract, service, grant, cooperative agreement, job, or other activity for the Agency and who have a need to have access to the information in the performance of their duties or activities for the Agency. When appropriate, recipients will be required to comply with the requirements of the Privacy Act of 1974 as provided in 5 U.S.C. 552a(m).

I. Disclosures for Administrative Claims, Complaints and Appeals:

Information from this system of records may be disclosed to an authorized appeal grievance examiner, formal complaints examiner, equal employment opportunity investigator, arbitrator or other person properly engaged in investigation or settlement of an administrative grievance, complaint, claim, or appeal filed by an employee, but only to the extent that the information is relevant and necessary to the proceeding. Agencies that may obtain information under this routine use include, but are not limited to, the Office of Personnel Management, Office of Special Counsel, Merit Systems Protection Board, Federal Labor Relations Authority, Equal Employment Opportunity Commission, and Office of Government Ethics.

J. Disclosure to the Office of Personnel Management:

Information from this system of records may be disclosed to the Office of Personnel Management pursuant to that agency's responsibility for evaluation and oversight of Federal personnel management.

K. Disclosure in Connection With Litigation:

Information from this system of records may be disclosed in connection with litigation or settlement discussions regarding claims by or against the Agency, including public filing with a court, to the extent that disclosure of the information is relevant and necessary to the litigation or discussions and except where court orders are otherwise required under section (b)(11) of the Privacy Act of 1974, 5 U.S.C. 552a(b)(11).

L. Disclosure to Persons or Entities in Response to an Actual or Suspected Breach of Personally Identifiable Information:

To appropriate agencies, entities, and persons when (1) the Agency suspects or has confirmed that there has been a breach of the system of records, (2) the Agency has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Agency (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Agency's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

M. Disclosure to assist another agency in its efforts to respond to a breach:

To another Federal agency or Federal entity, when the Agency determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

These records are maintained electronically on computer storage devices such as computer tapes and disks. The records are also stored on the access restricted TED SharePoint site. Electronic files are labeled with within TED according to the randomly generated ID number.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

EPA will retrieve records by first and last name of employee, pay plan, grade or level, location, series, organization to which the position is assigned and occupational series/family. Designated points of contact can request organization-level, Excel-based reports from the TED Program Managers with results of incumbent and position assessments, which might include the names of individuals. The reports are accessed via SharePoint through a password-restricted system.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Information in TED and the data which is downloaded into Excel spreadsheets will be destroyed when 3 years old, or 3 years after superseded or obsolete, whichever is appropriate, but longer retention is authorized if required for business use. Information stored in TED falls under EPA's Records Control Schedule 1029 (Employee Training Program Records).

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Security controls used to protect personally identifiable information in TED are commensurate with those required for an information system rated moderate for confidentiality, integrity, and availability, as prescribed in NIST Special Publication, 800-53, “Recommended Security Controls for Federal Information Systems,” Revision 4.

Administrative Safeguards. EPA implements role-based access controls. TED has three permission level assignments which will allow users access only to those functions for which they are authorized: Owners, Members and Visitors. The TED Owners (Contractor, TED Program Managers and OHR managers) have full control of the system. The TED Owners can give access to TED Members (managers and supervisors) so that they can claim employees and complete the assessments. The third group, the TED Visitors, is anyone who can access EPA's SharePoint and know how to find the landing page. In addition, EPA personnel are required to complete annual Agency Information Security and Privacy training. EPA personnel are instructed to lock their computers when they leave their desks.

Technical Safeguards. Computer records are maintained in a secure, password-protected computer system. TED access is restricted to authorized, authenticated users. In addition, users are required to have strong passwords that are frequently changed. The Agency uses encryption for transmitting organization-level reports, and regularly reviews security procedures and best practices to enhance security.

Physical Safeguards. All records are maintained in secure, access-controlled areas or buildings. Backups will be maintained at a disaster recovery site.

RECORD ACCESS PROCEDURES:

Individuals seeking access to information in this system of records about themselves are required to provide adequate identification (e.g., driver's license, military identification card, employee badge or identification card). Additional identity verification procedures may be required, as warranted. Requests must meet the requirements of EPA regulations that implement the Privacy Act of 1974, at 40 CFR part 16.

CONTESTING RECORD PROCEDURES:

Requests for correction or amendment must identify the record to be changed and the corrective action sought. Complete EPA Privacy Act procedures are described in EPA's Privacy Act regulations at 40 CFR part 16.

NOTIFICATION PROCEDURE:

Any individual who wants to know whether this system of records contains a record about him or her, should make a written request to the Attn: Agency Privacy Officer, MC 2831T, 1200 Pennsylvania Ave. NW, Washington, DC 20460, privacy@epa.gov.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.