System of Records

AGENCY:

Government Accountability Office.

ACTION:

Notice of modified system of records.

SUMMARY:

The Government Accountability Office (GAO) proposes to revise its system of personnel records under its privacy regulations, Privacy Procedures for Personnel Records. This system of records encompasses records collected, maintained, used and disseminated in the course of conducting GAO human capital management activities. Further, this notice is intended to notify individuals about personally identifiable information (PII) maintained in this system of records and the manner in which that information is maintained and protected.

DATES:

Comments may be submitted on or before March 10, 2021. Unless comments are received that would result in a contrary determination, this revised system of records will become effective thereafter.

ADDRESSES:

Comments should be sent to: Government Accountability Office, Chief Agency Privacy Officer, Room 1127, 441 G St. NW, Washington, DC 20548, or by email to records@gao.gov. Please include reference to “Comment: Human Capital System of Records” at the top of a comment letter or in the subject line of an email.

FOR FURTHER INFORMATION CONTACT:

For information about the management of personally identifiable information (PII) maintained in this system of records, contact Sonya R. Johnson, Records and Privacy Office, Infrastructure Operations, Government Accountability Office, Room 1127, 441 G St. NW, Washington, DC 20548; 202-512-9576; email, records@gao.gov. For information about GAO privacy protections, contact the Chief Agency Privacy Officer, Government Accountability Office, Room 1127, 441 G St., NW, Washington, DC 20548; email, records@gao.gov.

SUPPLEMENTARY INFORMATION:

Background

A. GAO. GAO is an independent, non-partisan legislative branch agency that examines government activities and provides analyses, recommendations, and other assistance to help Congress in making sound oversight, policy, and funding decisions. As a legislative branch agency, GAO is not subject to the privacy and information security laws applicable to executive branch agencies, such as the Privacy Act of 1974 (Privacy Act), Federal Information Security Modernization Act of 2014 (FISMA), the E-Government Act of 2002 (E-Government Act), and Office of Management and Budget (OMB) and National Institute of Standards and Technology (NIST) guidance issued under those laws. Nonetheless, it is GAO policy to conduct its activities, to the maximum extent practicable, in a manner consistent with the spirit of the laws and guidance generally applicable to the executive branch agencies. Accordingly, as a matter of policy, GAO has established an agency-wide privacy program. Notwithstanding the similarities between GAO's privacy program and information security laws, regulations, or policies applicable to executive branch agencies, GAO's application of, or compliance with, those laws, regulations, or policies shall not be interpreted as controlling legal authorities over GAO.

GAO's regulations at 4 CFR part 83, Privacy Procedures for Personnel Records, provide the basis for this notice.

B. Human Capital System of Records. The Human Capital System of Records, managed by GAO's Human Capital Office, is a series of systems comprised of information collected and maintained in the course of activities relating to hiring and separation management; pay, benefits, and performance management; and related talent management activities. The system of records includes GAO-operated systems which track employee performance reviews, compile GAO employee contact information, maintain GAO staff's Federal employment information over the course of their career, and record time and attendance for GAO employees.

GAO Human Capital Management information is also maintained and managed in systems of records operated by the U.S. Department of Agriculture (USDA), the U.S. Department of the Treasury (Treasury) (hereafter shared service providers), and by contractors supporting these agencies. USDA's National Finance Center (NFC) provides payroll processing-related services. Treasury operates an automated human resources system, HRConnect, to support human capital management activities in Treasury and other Federal agencies through cross-servicing agreements.

Authorized GAO employees access human capital information maintained in GAO systems and in systems maintained by GAO's shared service providers and their contractors. Information is securely transmitted to and from GAO and its shared service providers and their contractors as necessary to support agreed-upon human capital management activities (e.g., employment application processing, recruiting, hiring, pay, promotions, employee awards processing, and compiling reports).

Privacy protections for GAO information maintained by contractors of shared service providers are provided under contracts between the shared service providers and their contractors. Privacy risks, and steps taken to mitigate such risks, associated with the use of information systems to collect, maintain, and disseminate this information have been evaluated in privacy impact assessments conducted by both GAO and the applicable shared service provider. The text of GAO's human capital management system of records is set forth below.

For a description of the protections provided by USDA/NFC and Treasury, see the following: Treasury Privacy Act System of Records Notice, 81 FR 78266; USDA/NFC Privacy Act System of Records Notice, USDA/OP-1; OPM Privacy Act System of Records Notice for General Personnel Records, 77 FR 73694.

System Name and Number:

Government Accountability Office, Human Capital Management System of Records.

Security Classification:

This system of records contains no classified information.

System Location:

Information maintained in this system of records is located at GAO headquarters in Washington, DC, and GAO field offices. Major service providers and their systems are: USDA's National Finance Center (NFC), which provides payroll processing-related services; and the Treasury-operated HRConnect, which is an automated human resources system that supports Federal human capital management activities. GAO human capital information maintained by contractors of those shared service providers is maintained at information processing facilities under the control of those contractors.

System Manager(s):

The GAO official responsible for this system of records is the Chief Human Capital Officer, U.S. Government Accountability Office, Room 1193, 441 G St. NW, Washington, DC, 20548.

Authority for Maintenance of the System:

Section 711 of title 31, United States Code; General Authority of the Comptroller General, U.S. Government Accountability Office.

Categories of Individuals Covered by the System:

The system of records contains PII concerning:

(a) Individuals who are or have been employed by GAO (including interns, consultants, volunteers, and reemployed annuitants), individuals who have applied for employment by GAO; and

(b) Family members or other individuals who have been identified for personnel records purposes by an individual otherwise covered by this system of records.

Categories of Records in the System:

Categories of records in this system include:

(a) Biographic/identifying information (e.g. name, Social Security number, address, telephone numbers), or

(b) Other information about an individual (e.g. information about a person's education, employment, performance appraisals, payroll data, and medical or physical condition if mandated by the position an employee occupies).

These records are maintained for identification and data analysis purposes. The information in this system of records generally originates from the individual or the individual's current or previous agency or organization of employment.

Record Source Categories:

The information is collected through various means, including but not limited to: Directly by GAO staff via interviews, reports, sign-in sheets, or forms; extracted from other GAO systems or systems maintained by third parties, such as the U.S. Department of Agriculture's National Finance Center; or created through audio, photographic, or video recording.

Routine Uses of Records Maintained in the System, Including Categories of Users and Purposes of Such Uses:

The purpose of this system of records is to maintain records that are relevant and necessary to ensure GAO personnel, information, property, and assets receive an appropriate level of protection.

The purpose of this system of records is to maintain records as are relevant and necessary to efficiently and effectively manage human capital functions such as hiring and separation of employees; pay, benefits, and performance; employee relations; and telework applications.

Disclosures:

PII in this system of records may be disclosed, as permitted by 4 CFR part 83 to those GAO employees and contractors who have a need for the record in the performance of their official duties that is consistent with the purpose of the use of the information as described in this notice. In addition, PII in this system of records may be otherwise disclosed under the following circumstances as a use consistent with the specified purpose of the use of the information identified in this notice:

(a) Information from this system of records may be disclosed to other Federal agencies, such as General Services Administration, Office of Personnel Management, U.S. Department of Agriculture, and U.S. Department of Transportation; and

(b) Information from this system of records may be released to the public in response to a request for records under 4 CFR part 81, Public Availability of GAO Records (similar to provisions of the Freedom of Information Act, 5 U.S.C. 552, which applies to executive branch agencies).

Records released under 4 CFR part 81 may be exempted from public release as information the release of which would cause an unwarranted invasion of privacy, or is otherwise confidential or covered by a legal privilege (4 CFR 81.6). Further, to the extent the requested information is contained in records originating in another agency or nonfederal organization, the requester will be referred to such agency or organization, and GAO will not release the records (4 CFR 81.5).

For other permitted disclosures of PII in this system of records, see 4 CFR 83.5.

Policies and Practices for Retrieval of Records:

Information maintained in this system of records may be retrieved only by employees of GAO who have a need for the information in the performance of their official duties. Information is retrieved primarily by the individual's name and/or Social Security number, in combination with any other biographical identifier such as date of birth.

Policies and Practices for Retention and Disposal of Records:

In accordance with GAO record retention schedule, the majority of records in this system of records are administrative in nature and must be destroyed or deleted after seven years. Official Personnel Folders (OPFs) are retained pursuant to GAO's Records Schedule 1.1, NARA General Records Schedule 2.2, and 4 CFR 83.11—Official Personnel Folder. Certain transitory records are destroyed when no longer needed for business purposes. Compelling legal or policy purposes (e.g., ongoing or potential litigation) may require retention of certain records beyond the retention periods identified above. Extra copies of records in this system of records are destroyed when no longer needed. Disposal is by shredding if paper, purging if in an electronic records management system (e.g., DM/ERMS), or pulverizing if in electronic media (e.g., tapes and disks). Disposal of information contained in electronic systems owned or operated by external service providers is subject to that organization's retention policy.

Administrative, Technical, and Physical Safeguards:

Pursuant to 4 CFR part 83, information maintained in this system of records is safeguarded under GAO information systems security policies and procedures which are consistent with the requirements of the Federal Information Security Management Act (FISMA) and related National Institute of Standards and Technology (NIST) standards and guidelines, approved for the processing of controlled unclassified information (CUI). Strict controls are imposed to minimize the risk of compromising the information maintained in this system of records and any of its supporting information systems. Any information maintained by external service providers, including the FBI and USDA, is protected under memorandums of understanding (MOUs), contracts, and other agreements with those providers. Physical security protections are required for handling any information maintained in paper formats or otherwise removed from the GAO network.

Record Access Procedures:

Individuals interested in knowing whether this system of records contains information about them, how to obtain access to such information, or how to contest any element of such information may submit a request in writing to the Chief Agency Privacy Officer, U.S. Government Accountability Office, Room 1137, 441 G St. NW, Washington, DC 20548, or by email to records@gao.gov.

Exemptions Promulgated for the System:

Records contained in this system of records may be exempt from access, amendment, and other procedural requirements to the extent 4 CFR 83.21 applies to such records.

History:

86 FR 8645, February 8, 2021.