Privacy Act of 1974; System of Records

AGENCY:

Office of the Chief Financial Officer, Environmental Protection Agency (EPA).

ACTION:

Notice of a new system of records.

SUMMARY:

The U.S. Environmental Protection Agency's (EPA) Office of the Controller is giving notice that it proposes to create a new system of records pursuant to the provisions of the Privacy Act of 1974. MoveLINQS Relocation Software was created to assist in the processing of relocation related expenses for government employees. Originally published under EPA SORN-29, which also covers EPA travel, other accounts payable, and accounts receivable files, the EPA proposes this new SORN to transition MoveLINQS from its prior location to a separate Microsoft Azure Government Cloud. The MoveLINQS system provides the capability to allow external relocation customers (EPA employees) to enter and update their own relocation requests. In order to make payments on behalf of the requestor, certain information is collected due to IRS requirements. This information is collected via a form that is submitted by the requestor and contains the requestor's name, Social Security Number (SSN), address, email address, spouse's name, filing status (for tax purposes), and children's names and dates of birth (DOB).

DATES:

Persons wishing to comment on this system of records notice must do so by June 11, 2021. New routine uses for this new system of records will be effective June 11, 2021.

ADDRESSES:

Submit your comments, identified by Docket ID No. EPA-HQ-OMS-2021-0143, by one of the following methods:

Regulations.gov: www.regulations.gov . Follow the online instructions for submitting comments.

Email: docket_oms@epa.gov.

Fax: 202-566-1752.

Mail: OMS Docket, Environmental Protection Agency, Mail Code: 2822T, 1200 Pennsylvania Ave. NW, Washington, DC 20460.

Hand Delivery: OMS Docket, EPA/DC, WJC West Building, Room 3334, 1301 Constitution Ave. NW, Washington, DC 20460. Such deliveries are only accepted during the Docket's normal hours of operation, and special arrangements should be made for deliveries of boxed information.

Instructions: Direct your comments to Docket ID No. EPA-HQ-OMS-2021-0143. The EPA policy is that all comments received will be included in the public docket without change and may be made available online at www.regulations.gov,, including any personal information provided, unless the comment includes information claimed to be Controlled Unclassified Information (CUI) or other information for which disclosure is restricted by statute. Do not submit information that you consider to be CUI or otherwise protected through www.regulations.gov . The www.regulations.gov website is an “anonymous access” system for the EPA, which means the EPA will not know your identity or contact information unless you provide it in the body of your comment. If you send an email comment directly to the EPA without going through www.regulations.gov your email address will be automatically captured and included as part of the comment that is placed in the public docket and made available on the internet. If you submit an electronic comment, the EPA recommends that you include your name and other contact information in the body of your comment. If the EPA cannot read your comment due to technical difficulties and cannot contact you for clarification, the EPA may not be able to consider your comment. Electronic files should avoid the use of special characters, any form of encryption, and be free of any defects or viruses. For additional information about the EPA public docket, visit the EPA Docket Center homepage at http://www.epa.gov/epahome/dockets.htm .

Docket: All documents in the docket are listed in the www.regulations.gov index. Although listed in the index, some information is not publicly available, e.g., CUI or other information for which disclosure is restricted by statute. Certain other material, such as copyrighted material, will be publicly available only in hard copy. Publicly available docket materials are available either electronically in www.regulations.gov or in hard copy at the OMS Docket, EPA/DC, WJC West Building, Room 3334, 1301 Constitution Ave. NW, Washington. DC 20460. The Public Reading Room is open from 8:30 a.m. to 4:30 p.m., Monday through Friday excluding legal holidays. The telephone number for the Public Reading Room is (202) 566-1744, and the telephone number for the OMS Docket is (202) 566-1752.

Out of an abundance of caution for members of the public and our staff, the EPA Docket Center and Reading Room are closed to the public, with limited exceptions, to reduce the risk of transmitting COVID-19. Our Docket Center staff will continue to provide remote customer service via email, phone, and webform. We encourage the public to submit comments via https://www.regulations.gov/ or email, as there may be a delay in processing mail and faxes. Hand deliveries and couriers may be received by scheduled appointment only. For further information on EPA Docket Center services and the current status, please visit us online at https://www.epa.gov/dockets .

FOR FURTHER INFORMATION CONTACT:

Rhonda Gerdsen, Business Development and Services Branch; Gerdsen.Rhonda@epa.gov; 1-513-487-2028.

SUPPLEMENTARY INFORMATION:

MoveLINQS Relocation Software is an EPA major information system (MIS) that was originally published under the EPA-29 SORN, which also covers EPA travel, other accounts payable, and accounts receivable files. Relocation request data was tracked and coordinated by an EPA-hosted version of the MoveLINQS software. The EPA now proposes this new SORN to reflect a relocation of the MoveLINQS software from an EPA-hosted environment into a separate FedRAMP Government Cloud environment (Microsoft Azure) under the Software as a Service (SaaS) platform. The EPA utilizes the MoveLINQS application to help manage the Federal Employee Relocation Center (FERC), where they process employee relocation moves for the EPA.

SYSTEM NAME AND NUMBER:

MoveLINQS; EPA-87

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

101 Herbert Drive, Boydton, Va. 23917; Microsoft Azure Government Cloud (Azure-Va).

SYSTEM MANAGER(S):

William E. Wiggins Jr., Branch Chief, Business Development & Services Branch (BDSB), EPA's Federal Employee Relocation Center (FERC), Wiggins.William@epa.gov, (513) 487-2013, 26 W Martin Luther King Dr., Cincinnati, OH 45268.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 5753; 5 CFR part 575, subpart B.

PURPOSE(S) OF THE SYSTEM:

MoveLINQS, is an EPA major information system (MIS). It was originally published under the EPA-29 SORN, which also covers EPA travel, other accounts payable, and accounts receivable files. However, the EPA proposes to move the MoveLINQS application to a separate Microsoft Azure Government Cloud under the new SORN EPA-87. The EPA utilizes MoveLINQS to help manage the BDSB Federal Employee Relocation Center, where they process employee relocation moves for the EPA.

CATEGORIES OF INDIVIDUALS COVERED BY SYSTEM:

Federal employees and their family members who are eligible for move-related reimbursements will be covered.

CATEGORIES OF RECORDS IN THE SYSTEM:

SSN, name, address, email address, children's names and DOB, spouse's name, filing status (for tax purposes).

RECORD SOURCE CATEGORIES:

The employees are the source of information.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

MoveLINQS is used internally to maintain and store pertinent employee and relocation expense data. It uses its features and flexible controls to automate and streamline the permanent change of station (PCS) travel cost management process, eliminating errors and simplifying the enforcement of complex federal policy throughout the Agency. General routine uses D, E, F, G, K, L, and M apply to this system. Records may also be disclosed: 1. To the Office of Management and Budget, and Department of Treasury for paying taxes on relocation expenses; and 2. to provide information to contracted agencies of the EPA for the purposes of relocation. This information may contain monthly reports such as taxes that were paid, invoices and travel authorizations that were obligated. The routine uses below are both related to and compatible with the original purpose for which the information was collected. The following general routine uses apply to this system (73 FR 2245):

D. Disclosure to Office of Management and Budget: Information may be disclosed to the Office of Management and Budget at any stage in the legislative coordination and clearance process in connection with private relief legislation as set forth in OMB Circular No. A-19.

E. Disclosure to Congressional Offices: Information may be disclosed to a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of the individual.

F. Disclosure to Department of Justice: Information may be disclosed to the Department of Justice, or in a proceeding before a court, adjudicative body, or other administrative body before which the Agency is authorized to appear, when:

1. The Agency, or any component thereof;

2. Any employee of the Agency in his or her official capacity;

3. Any employee of the Agency in his or her individual capacity where the Department of Justice or the Agency have agreed to represent the employee; or

4. The United States, if the Agency determines that litigation is likely to affect the Agency or any of its components,

Is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice or the Agency is deemed by the Agency to be relevant and necessary to the litigation provided, however, that in each case it has been determined that the disclosure is compatible with the purpose for which the records were collected.

G. Disclosure to the National Archives: Information may be disclosed to the National Archives and Records Administration in records management inspections.

K. Disclosure in Connection With Litigation: Information from this system of records may be disclosed in connection with litigation or settlement discussions regarding claims by or against the Agency, including public filing with a court, to the extent that disclosure of the information is relevant and necessary to the litigation or discussions and except where court orders are otherwise required under section (b)(11) of the Privacy Act of 1974, 5 U.S.C. 552a(b)(11).

The two routine uses below (L and M) are required by OMB Memorandum M-17-12.

L. Disclosure to Persons or Entities in Response to an Actual of or Suspected Breach of Personally Identifiable Information: To appropriate agencies, entities, and persons when (1) the Agency suspects or has confirmed that there has been a breach of the system of records, (2) the Agency has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Agency (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Agency's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

M. Disclosure to Assist Another Agency in Its Efforts to Respond to a Breach of Personally Identifiable Information: To another Federal agency or Federal entity, when the Agency determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are maintained electronically on computer storage devices such as servers and cloud storage. The computer storage devices are located at the EPA; MoveLINQS backups will be maintained at a disaster recovery site designated by Microsoft Azure Government. Computer records are maintained in a secure password protected environment. Access to computer records is limited to those who have a need to know. Permission level assignments will allow users access only to those functions for which they are authorized. All records are maintained in secure, access-controlled areas or buildings.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Retrieval of computer records is limited to those who have a need to know. Currently requestors (end users) do not have access to records using the MoveLINQS system. All users are required to have appropriate permission levels assigned before accessing the system. The permission levels are determined by the type of user. The MoveLINQS system is the only method of retrieval. Users input the information themselves and only authorized users can access.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

MoveLINQS is listed on EPA Records Control Schedule 0089 under Chief Financial Officer as Relocation Expense Management System. The disposition is to close when no longer needed for current agency business and destroy immediately after file closure.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Security controls used to protect personal sensitive data in MoveLINQS are commensurate with those required for an information system rated moderate for confidentiality, integrity, and availability, as prescribed in NIST Special Publication, 800-53, “Recommended Security Controls for Federal Information Systems,” Revision 4. Administrative controls include the policies and procedures governing the agency program and systems operated within, background investigations for privileged users and rules of behavior. Technical controls include role-based, user access controls, and data encryption. All MoveLINQS servers and software are stored in the Microsoft Azure Va. Datacenter. All security measures for the physical space are the responsibility of Microsoft. Microsoft Azure Government must in addition adhere to FedRAMP regulations and policies set forth by the Joint Authorization Board, which is the primary authority and decision-making board that ensures FedRAMP Cloud System compliance.

RECORD ACCESS PROCEDURES:

Individuals seeking access to information in this system of records about themselves are required to provide adequate identification (e.g., driver's license, military identification card, employee badge or identification card). Additional identity verification procedures may be required, as warranted. Requests must meet the requirements of EPA regulations that implement the Privacy Act of 1974, at 40 CFR part 16.

CONTESTING RECORDS PROCEDURES:

Requests for correction or amendment must identify the record to be changed and the corrective action sought. Complete EPA Privacy Act procedures are described in the EPA's Privacy Act regulations at 40 CFR part 16.

NOTIFICATION PROCEDURE:

Any individual who wants to know whether this system of records contains a record about him or her, should make a written request to the EPA Attn: Agency Privacy Officer, MC 2831T, 1200 Pennsylvania Ave. NW, Washington, DC 20460, privacy@epa.gov.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

67 FR 8255—Posted on February 22, 2002—The EPA provided notice that it proposed to establish a new system of records, the EPA Travel, Other Accounts Payable, and Accounts Receivable Files.