89 FR 31 pgs. 11281-11283 - Privacy Act of 1974; System of Records
Type: NOTICEVolume: 89Number: 31Pages: 11281 - 11283
Pages: 11281, 11282, 11283Docket number: [Notice-IE-2024-02; Docket No. 2024-002; Sequence No. 6]
FR document: [FR Doc. 2024-03007 Filed 2-13-24; 8:45 am]
Agency: General Services Administration
Official PDF Version: PDF Version
[top]
GENERAL SERVICES ADMINISTRATION
[Notice-IE-2024-02; Docket No. 2024-002; Sequence No. 6]
Privacy Act of 1974; System of Records
AGENCY:
General Services Administration (GSA).
ACTION:
Notice of a modified system of records.
SUMMARY:
GSA reviewed its Privacy Act systems to ensure that they are relevant, necessary, accurate, up-to-date, covered by the appropriate legal or regulatory authority, and in response to OMB M-07-16. This notice is a compilation of the updated Privacy Act system of record notices.
DATES:
This system of records will go into effect without further notice on March 15, 2024 unless otherwise revised pursuant to comments received.
ADDRESSES:
Comments may be submitted to the Federal eRulemaking Portal, http://www.regulations.gov. Submit comments by searching for "GSA/OAP-3", Notice of Revised System of Records.
Comments may also be submitted by mail at, General Services Administration, Regulatory Secretariat Division (MVCB), 1800 F Street NW, Washington, DC 20405.
FOR FURTHER INFORMATION CONTACT:
Call or email Richard Speidel, Chief Privacy Officer at 202-969-5830 and gsa.privacyact@gsa.gov.
SUPPLEMENTARY INFORMATION:
GSA proposes to modify a system of records subject to the Privacy Act of 1974, 5 U.S.C. 552a, to update its routine uses pertaining to breach notification and to coordinate with the Office of the Inspector General when conducting an audit. GSA is also making technical changes to GSA/OAP-3 consistent with OMB Circular No. A-108. Accordingly, GSA has made technical corrections and non-substantive language revisions to the following sections: "Policies and Practices for Storage of Records," "Policies and Practices for Retrieval of Records," "Policies and Practices for Retention and Disposal of Records," "Administrative, Technical and Physical Safeguards," "Record Access Procedures," "Contesting Record Procedures," and "Notification Procedures." GSA has also created the following new sections: "Security Classification" and "History."
SYSTEM NAME:
Federal Procurement Data System (FPDS).
SYSTEM NUMBER:
GSA/OAP-3.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
GSA Privacy Act Officer, General Services Administration, 1800 F Street NW, Washington, DC 20405.
SYSTEM MANAGER(S):
Arda Odabasio, System Owner-General Services Administration, 1800 F Street NW, Washington, DC 20405.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Public Law 93-400 Office of Federal Procurement Policy Act, as amended; 41 U.S.C. 405, 417, and 1122(a)(4)(A).
PURPOSE(S) OF THE SYSTEM:
To establish and maintain a system for assembling, organizing, and presenting contract procurement data for the Federal Government and the public sector.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
FPDS includes information on individuals who are sole proprietors who have or had contracts with the Federal Government. Those individuals include government users and public users. Authentication of Government and Public users are provided by Login.gov which maintains all the related user information.
For both public and government users, valid email-identification is maintained in the FPDS system to authorize the access control list within FPDS.
For System Users, only System ID and valid Government Agency POC details are maintained.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system collects, processes, and maintains official statistical data on Federal contracting, including:
a. Information on individual federal contractors that may include name, and Unique Entity Identifier (UEI).
FPDS receives and displays/shares UEI and Contractor Name details. The Taxpayer Identification Number (TIN) is not used anywhere in the FPDS system. Rather, FPDS receives the TIN from SAM and extracts it, but it is not used anywhere else in the FPDS application.
b. Contracts that are unclassified but may be considered sensitive due to insight they may provide into federal government activities in conjunction with data from other federal contracts.
RECORD SOURCE CATEGORIES:
Information is obtained from federal agencies who report federal contracts after award according to the reporting requirements included in the Federal Acquisition Regulation Subpart 4.6-Contract Reporting. These records may contain the names of individuals, their Unique Entity Identifier (UEI), and TIN.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed to authorized entities, as is determined to be relevant and necessary, outside GSA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
a. In any legal proceeding, where pertinent, to which GSA is a party before a court or administrative body.
b. To a Federal, State, local, or foreign agency responsible for investigating, prosecuting, enforcing, or carrying out a statute, rule, regulation, or order when GSA becomes aware of a violation or potential violation of civil or criminal law or regulation.
[top] c. To an authorized appeal or grievance examiner, formal complaints examiner, equal employment opportunity investigator, arbitrator, or other duly authorized official engaged in investigation or settlement of a grievance, complaint, or appeal filed by
d. To the Office of Management and Budget (OMB) and the Government Accountability Office (GAO) in accordance with their responsibilities for evaluating Federal programs.
e. To a Member of Congress or his or her staff on behalf of and at the request of the individual who is the subject of the record.
f. To authorized officials of the agency that provided the information for inclusion in the system.
g. To an expert, consultant, or contractor in the performance of a Federal duty to which the information is relevant.
h. To provide recurring or special reports to the President, Congress, the Government Accountability Office, Federal Executive agencies, and the general public.
i. As a means of measuring and assessing the impact of Federal contracting on the nation's economy and the extent to which small, veteran-owned small, service-disabled veteran-owned small, HUBZone small, small disadvantaged and woman-owned small business concerns are sharing in Federal contracts.
j. To provide information for policy and management control purposes.
k. To appropriate agencies, entities, and persons when (1) the Agency suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) the Agency has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by GSA or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with GSA's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
l. To another Federal agency or Federal entity, when GSA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
m. To agencies, to compare such records to other agencies' systems of records or to non-Federal records, in coordination with an Office of Inspector General (OIG) in conducting an audit, investigation, inspection, evaluation, or some other review as authorized by the Inspector General Act.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Information may be collected electronically and may be stored on electronic media, as appropriate. Electronic records are kept on server hard drives and electronic backup devices.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrievable by a variety of fields, the key for individual records being the unique Procurement Instrument Identifier (PIID).
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records in this system are used to generate annual reports that are sent to Congress and posted publicly. This compiled annual report follows the following GSA records retention schedule:
269.11/020 Annual Significant Reports And Studies.
This series includes documents created in reporting on management improvement goals, progress reports, and accomplishments for GSA internal and external Governmentwide programs. Also included in this series are special studies conducted at the request of the Congress, the Office of Management and Budget (OMB), or the Office of Personnel Management (OMB), and the GSA Annual Report issued by the Administrator's Office and related records.
Retention Instructions: Permanent. Cut off at the end of the fiscal year that the report has been issued. Transfer to NARA 15 years after cutoff.
Legal Disposition Authority: DAA-0269-2016-0006-0003 (269.11/020).
Date NARA Approved: 8/17/2018.
Records accumulated from agencies are stored under the following schedule:
GRS 05.2/020 Intermediary Records.
Records that meet the following conditions:
• They exist for the sole purpose of creating a subsequent record and
• They are not required to meet legal or fiscal obligations, or to initiate, sustain, evaluate, or provide evidence of decision-making.
This includes certain analog and electronic source records for electronic systems that are not otherwise excluded. For specific examples, see the GRS 5.2 Frequently Asked Questions (FAQs).
Exclusion: Source records that have been digitized. GRS 4.5, item 010, covers these records.
Note: The GRS provides disposition authority for copies of electronic records from one system that are used as source records to another system, for example an extracted data set. The GRS does not apply to either the originating system or the final system in which the final records reside. These systems must be disposed of per an agency-specific schedule, or if appropriate, another GRS. It is possible that sometimes information is moved from one system to another without the creation of an intermediary copy.
Retention Instructions: Temporary. Destroy upon creation or update of the final record, or when no longer needed for business use, whichever is later.
Legal Disposition Authority: DAA-GRS-2022-0009-0002 (GRS 05.2/020)
Date Approved by NARA: 6/30/2023.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
System records are safeguarded in accordance with the requirements of the Privacy Act, the Computer Security Act, and the FPDS System Security Plan. Technical, administrative, and personnel security measures are implemented to ensure confidentiality and integrity of the system data that is stored, processed, and transmitted. Electronic records are protected by passwords and other appropriate security measures.
Data entry is limited to authorized users whose names and levels of access are maintained by federal agencies and the information is securely stored online. Unclassified but sensitive contract data in the system is restricted to those who have access within the federal agency. Agencies determine when their contract information may be made available for viewing by other agencies and the public.
RECORD ACCESS PROCEDURES:
If an individual wishes to access any data or record pertaining to him or her in the system after it has been submitted, that individual should consult the GSA's Privacy Act implementation rules available at 41 CFR part 105-64.2.
CONTESTING RECORD PROCEDURES:
[top] If an individual wishes to contest the content of any record pertaining to him or her in the system after it has been submitted, that individual should consult the GSA's Privacy Act
NOTIFICATION PROCEDURES:
If an individual wishes to be notified at his or her request if the system contains a record pertaining to him or her after it has been submitted, that individual should consult the GSA's Privacy Act implementation rules available at 41 CFR part 105-64.4.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
This system was previously published in the Federal Register at 73 FR 22388, April 24, 2008.
Richard Speidel,
Chief Privacy Officer, Office of the Deputy Chief Information Officer, General Services Administration.
[FR Doc. 2024-03007 Filed 2-13-24; 8:45 am]
BILLING CODE 6820-AB-P