[Federal Register: August 25, 2008 (Volume 73, Number 165)]
[Notices]
[Page 50016-50020]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr25au08-49]
=======================================================================
-----------------------------------------------------------------------
FEDERAL RETIREMENT THRIFT INVESTMENT BOARD
Privacy Act of 1974
AGENCY: Federal Retirement Thrift Investment Board.
ACTION: Notice; initial publication of systems of records.
-----------------------------------------------------------------------
SUMMARY: This notice is being published pursuant to the Privacy Act of
1974 (5 U.S.C. 552a), as amended, in order to update and create systems
of records established by a Federal agency containing information on
individuals.
EFFECTIVE DATE: This proposed action will be effective without further
notice on September 24, 2008 unless comments are received which result
in a contrary determination.
ADDRESSES: Comments may be sent to Megan Graziano, Assistant General
Counsel, Federal Retirement Thrift Investment Board, 1250 H Street,
NW., Washington, DC 20005. The Agency's fax number is (202) 942-1676.
FOR FURTHER INFORMATION CONTACT: Megan Graziano at (202) 942-1660.
SUPPLEMENTARY INFORMATION: FRTIB-2, Personnel Security Files, updates
Agency systems of records so that they are compliant with both HSPD-12
and the Privacy Act and conform to the Privacy Act notices on the
standard forms which are used to initiate the HSPD-12 process. FRTIB-
10, Identity Management Systems, covers the HSPD-12 process after
adjudication determines the individual can receive an identification
card. FRTIB-10 includes both mandatory and optional information
necessary to the request for a card, registration, verification, and
issuance procedures, the index/database of active and invalid cards,
and the information stored on the cards. FRTIB-10 may include records
maintained by agencies of individuals who entered and exited facilities
or accessed systems.
The proposed system reports, as required by 5 U.S.C. 552a(r), of
the Privacy Act of 1974, as amended, were submitted to the House
Committee on Government Reform, the Senate Committee on Homeland
Security and Government Affairs, and the Office of Management and
Budget (OMB) pursuant to paragraph 4c of Appendix I to OMB Circular No.
A-130, ``Federal Agency Responsibilities for Maintaining Records About
Individuals,'' dated February 8, 1996 (February 20, 1996, 61 FR 6427).
Thomas K. Emswiler,
General Counsel, Federal Retirement Thrift Investment Board.
FRTIB-2
SYSTEM NAME:
Personnel Security Files.
SYSTEM LOCATION:
Federal Retirement Thrift Investment Board, 1250 H Street, NW.,
Washington, DC 20005.
SECURITY CLASSIFICATION:
Most personnel identity verification records are not classified.
However, in some cases, records of certain individuals, or portions of
some records, may be classified in the interest of national security.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who require regular, ongoing access to federal
facilities, information technology systems, or information classified
in the interest of
[[Page 50017]]
national security, including applicants for employment or contracts,
federal employees, contractors, students, interns, volunteers,
affiliates, individuals authorized to perform or use services provided
in Agency, and individuals formerly in any of these positions. The
system also includes individuals accused of security violations or
found in violation of security policies.
CATEGORIES OF RECORDS IN THE SYSTEM:
Name, former names, birth date, birth place, Social Security
number, home address, phone numbers, employment history, residential
history, education and degrees earned, names of associates and
references and their contact information, citizenship, names of
relatives, birth dates and places of relatives, citizenship of
relatives, names of relatives who work for the federal government,
criminal history, mental health history, drug use, financial
information, fingerprints, summary report of investigation, results of
suitability decisions, level of security clearance, date of issuance of
security clearance, requests for appeal, witness statements,
investigator's notes, tax return information, credit reports, security
violations, circumstances of violation, and agency action taken.
Forms: SF-85, SF-85P, SF-86, SF-87, FRTIB-2008.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Depending upon the purpose of your investigation, the Federal
Retirement Thrift Investment Board is authorized to ask for this
information under Executive Orders 10450, 10865, 12333, and 12356;
sections 3301 and 9101 of title 5, U.S. Code; sections 2165 and 2201 of
title 42, U.S. Code; sections 781 to 887 of title 50, U.S. Code; parts
5, 732, and 736 of title 5, Code of Federal Regulations; and Homeland
Security Presidential Directive 12 Homeland Security Presidential
Directive (HSPD) 12, Policy for a Common Identification Standard for
Federal Employees and Contractors, August 27, 2004.
PURPOSE(S):
The records in this system of records are used to document and
support decisions regarding clearance for access to classified
information, the ability to receive and the suitability, eligibility,
and fitness for service of applicants for federal employment and
contract positions, including students, interns, or volunteers to the
extent their duties require access to federal facilities, information,
systems, or applications. The records may be used to document security
violations and supervisory actions taken.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
To the Department of Justice when: (a) The FRTIB; (b) any employee
of the FRTIB in his or her official capacity; (c) any employee of the
FRTIB in his or her individual capacity where the FRTIB or the
Department of Justice has agreed to represent the employee; or (d) the
United States Government, is a party to litigation or has an interest
in such litigation, and by careful review, the FRTIB determines that
the records are both relevant and necessary to the litigation and the
use of such records by DOJ is therefore deemed by the FRTIB to be for a
purpose compatible with the purpose for which the FRTIB collected the
records.
To a court or adjudicative body in a proceeding when: (a) The
FRTIB; (b) any employee of the FRTIB in his or her official capacity;
(c) any employee of the FRTIB in his or her individual capacity where
the FRTIB or the Department of Justice has agreed to represent the
employee; or (d) the United States Government, is a party to litigation
or has an interest in such litigation, and by careful review, the FRTIB
determines that the records are both relevant and necessary to the
litigation and the use of such records is therefore deemed by the FRTIB
to be for a purpose that is compatible with the purpose for which the
FRTIB collected the records.
Except as noted on Forms SF-85, SF-85P, SF-86, or FRTIB-2008, when
a record on its face, or in conjunction with other records, indicates a
violation or potential violation of law, whether civil, criminal, or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule, or order issued
pursuant thereto, disclosure may be made to the appropriate public
authority, whether Federal, foreign, State, local, or tribal, or
otherwise, responsible for enforcing, investigating or prosecuting such
violation or charged with enforcing or implementing the statute, or
rule, regulation, or order issued pursuant thereto, if the information
disclosed is relevant to any enforcement, regulatory, investigative or
prosecutorial responsibility of the receiving entity.
To a Member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional office made at the written
request of the constituent about whom the record is maintained.
To the National Archives and Records Administration or to the
General Services Administration for records management inspections
conducted under 44 U.S.C. 2904 and 2906.
To FRTIB contractors, grantees, or volunteers who have been engaged
to assist the agency in the performance of a contract service, grant,
cooperative agreement, or other activity related to this system of
records and who need to have access to the records in order to perform
their activity. Recipients shall be required to comply with the
requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
To any source or potential source from which information is
requested in the course of an investigation concerning the retention of
an employee or other personnel action (other than hiring), or the
retention of a security clearance, contract, grant, license, or other
benefit, to the extent necessary to identify the individual, inform the
source of the nature and purpose of the investigation, and to identify
the type of information requested.
To a Federal, State, local, foreign, or tribal or other public
authority the fact that this system of records contains information
relevant to the retention of an employee, the retention of a security
clearance, the letting of a contract, or the issuance or retention of a
license, grant, or other benefit. The other agency or licensing
organization may then make a request supported by the written consent
of the individual for the entire record if it so chooses. No disclosure
will be made unless the information has been determined to be
sufficiently reliable to support a referral to another office within
the agency or to another Federal agency for criminal, civil,
administrative personnel or regulatory action.
To the news media or the general public, factual information the
disclosure of which would be in the public interest and which would not
constitute an unwarranted invasion of personal privacy, consistent with
Freedom of Information Act standards.
To a Federal, State, or local agency, or other appropriate entities
or individuals, or through established liaison channels to selected
foreign governments, in order to enable an intelligence agency to carry
out its responsibilities under the National Security Act of 1947 as
amended, the CIA Act of 1949 as amended, Executive Order 12333 or any
successor order, applicable national security directives, or classified
implementing procedures approved by the Attorney General and
promulgated pursuant to such statutes, orders or directives.
[[Page 50018]]
To the Office of Management and Budget when necessary to the review
of private relief legislation pursuant to OMB Circular No. A-19.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Records are stored on paper and electronically in a secure
location.
RETRIEVABILITY:
Background investigation files are retrieved by name, Social
Security number (SSN), or fingerprint.
SAFEGUARDS:
Records are maintained in secured areas and electronic systems and
are available only to authorized personnel whose duties require access.
RETENTION AND DISPOSAL:
These records are retained and disposed of in accordance with
General Records Schedule 18, item 22a, approved by the National
Archives and Records Administration (NARA). The records are disposed in
accordance with FRTIB disposal policies which call for burning or
shredding or purging from the Agency's electronic record keeping
systems. Records are destroyed upon notification of death or not later
than five years after separation or transfer of employee to another
agency or department, whichever is applicable.
SYSTEM MANAGERS AND ADDRESS:
The Chief Financial officer maintains the Agency's electronic
background information data and all other records in FRTIB-2. The Chief
Financial Officer may be contacted in writing at 1250 H Street, NW.,
Washington, DC 20005.
NOTIFICATION PROCEDURE:
Individuals seeking to determine whether this system of records
contains information about themselves should send inquiries to the
Chief Financial Officer at Federal Retirement Thrift Investment Board,
1250 H Street, NW., Washington, DC 20005. When requesting notification
of or access to records covered by FRTIB-2, an individual should
provide his/her full name, date of birth, Social Security number, and
home address in order to establish identity.
RECORDS ACCESS PROCEDURES:
Individuals wishing to request access to records about themselves
should contact the Chief Financial Officer. Individuals must supply
their full name for their records to be located and identified.
CONTESTING RECORD PROCEDURES:
Individuals wishing to request amendment of their records under the
provisions of the Privacy Act should contact the Chief Financial
Officer. Individuals must furnish their full names for their records to
be located and identified. Individuals should also reasonably identify
the record, specify the information they are contesting, state the
corrective action sought and the reasons for the correction along with
supporting justification showing why the record is not accurate,
timely, relevant, or complete. Rules regarding amendment of Privacy Act
records appear in 5 CFR part 1630.
RECORD SOURCE CATEGORIES:
Information is obtained from a variety of sources including the
employee, contractor, or applicant via use of the SF-85, SF-85P, SF-86,
or FRTIB-2008, and personal interviews; employers' and former
employers' records; FBI criminal history records and other databases;
financial institutions and credit reports; medical records and health
care providers; educational institutions; interviews of witnesses such
as neighbors, friends, co-workers, business associates, teachers,
landlords, or family members; tax records; and other public records.
Security violation information is obtained from a variety of sources,
such as guard reports, security inspections, witnesses, supervisor's
reports, audit reports.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE PRIVACY ACT:
Upon publication of a final rule in the Federal Register, this
system of records will be exempt in accordance with 5 U.S.C.
552a(k)(5). Information will be withheld to the extent it identifies
witnesses promised confidentiality as a condition of providing
information during the course of the background investigation.
FRTIB-10
SYSTEM NAME:
Identity Management System (IDMS).
SYSTEM LOCATION:
Federal Retirement Thrift Investment Board, 1250 H Street, NW.,
Washington DC 20005. Some data covered by this system may be at Federal
buildings and Federally-leased space where staffed guard-stations have
been established in facilities that have installed the Personal
Identity Verification (PIV) system, as well as the physical security
offices or computer security offices of those locations.
SECURITY CLASSIFICATION:
Most identity records are not classified. However, in some cases,
records of certain individuals, or portions of some records, may be
classified in the interest of national security.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who require regular, ongoing access to Agency
facilities, information technology systems, or information classified
in the interest of national security, including applicants for
employment or contracts, federal employees, contractors, students,
interns, volunteers, affiliates, and individuals formerly in any of
these positions. The system also includes individuals authorized to
perform or use services provided in agency facilities.
The system does not apply to occasional visitors or short-term
guests to whom the Federal Retirement Thrift Investment Board will
issue temporary identification and credentials.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records maintained on individuals issued credentials by the Federal
Retirement Thrift Investment Board include the following data fields:
Full name, Social Security number; date of birth; signature; image
(photograph); fingerprints; hair color; eye color; height; weight;
organization/office of assignment; company name; telephone number; copy
of background investigation form; PIV card issue and expiration dates;
personal identification number (PIN); results of background
investigation; PIV request form; PIV registrar approval signature; PIV
card serial number; emergency responder designation; copies of
documents used to verify identification or information derived from
those documents such as document title, document issuing authority,
document number, document expiration date, document other information);
level of national security clearance and expiration date; computer
system user name; user access and permission rights, authentication
certificates; digital signature information.
Records maintained on card holders entering Federal Retirement
Thrift Investment Board facilities or using Federal Retirement Thrift
Investment Board systems include: Name, PIV Card serial number; date,
time, and location of entry and exit; company name; level of national
security clearance and expiration date; digital signature information;
computer networks/applications/data accessed.
[[Page 50019]]
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301; Federal Information Security Act (Pub. L. 104-106,
sec. 5113); Electronic Government Act (Pub. L. 104-347, sec. 203); the
Paperwork Reduction Act of 1995 (44 U.S.C. 3501); and the Government
Paperwork Elimination Act (Pub. L. 105-277, 44 U.S.C. 3504); Homeland
Security Presidential Directive (HSPD) 12, Policy for a Common
Identification Standard for Federal Employees and Contractors, August
27, 2004; Federal Property and Administrative Act of 1949, as amended.
PURPOSES:
The primary purposes of the system are: (a) To ensure the safety
and security of Federal Retirement Thrift Investment Board facilities,
systems, or information, and our occupants and users; (b) To verify
that all persons entering federal facilities, using federal information
resources, or accessing classified information are authorized to do so;
(c) to track and control PIV cards issued to persons entering and
exiting the facilities, using systems, or accessing classified
information.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
Information about covered individuals may be disclosed without
consent as permitted by the Privacy Act of 1974, 5 U.S.C. 552a(b), and:
To the Department of Justice when: (a) The FRTIB; or (b) any
employee of the FRTIB in his or her official capacity; (c) any employee
of the FRTIB in his or her individual capacity where the FRTIB or the
Department of Justice has agreed to represent the employee; or (d) the
United States Government, is a party to litigation or has an interest
in such litigation, and by careful review, the FRTIB determines that
the records are both relevant and necessary to the litigation and the
use of such records by DOJ is therefore deemed by the agency to be for
a purpose compatible with the purpose for which the FRTIB collected the
records.
To a court or adjudicative body in a proceeding when: (a) The
FRTIB; (b) any employee of the FRTIB in his or her official capacity;
(c) any employee of the FRTIB in his or her individual capacity where
the FRTIB or the Department of Justice has agreed to represent the
employee; or (d) the United States Government, is a party to litigation
or has an interest in such litigation, and by careful review, the FRTIB
determines that the records are both relevant and necessary to the
litigation and the use of such records is therefore deemed by the FRTIB
to be for a purpose that is compatible with the purpose for which the
agency collected the records.
Except as noted on Forms SF-85, SF-85P, SF-86, or FRTIB-2008, when
a record on its face, or in conjunction with other records, indicates a
violation or potential violation of law, whether civil, criminal, or
regulatory in nature, and whether arising by general statute or
particular program statute, or by regulation, rule, or order issued
pursuant thereto, disclosure may be made to the appropriate public
authority, whether Federal, foreign, State, local, or tribal, or
otherwise, responsible for enforcing, investigating or prosecuting such
violation or charged with enforcing or implementing the statute, or
rule, regulation, or order issued pursuant thereto, if the information
disclosed is relevant to any enforcement, regulatory, investigative or
prosecutorial responsibility of the receiving entity.
To a Member of Congress or to a Congressional staff member in
response to an inquiry of the Congressional office made at the written
request of the constituent about whom the record is maintained.
To the National Archives and Records Administration or to the
General Services Administration for records management inspections
conducted under 44 U.S.C. 2904 and 2906.
To FRTIB contractors, grantees, or volunteers who have been engaged
to assist the FRTIB in the performance of a contract service, grant,
cooperative agreement, or other activity related to this system of
records and who need to have access to the records in order to perform
their activity. Recipients shall be required to comply with the
requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.
To a Federal, State, local, foreign, or tribal or other public
authority the fact that this system of records contains information
relevant to the retention of an employee, the retention of a security
clearance, the letting of a contract, or the issuance or retention of a
license, grant, or other benefit. The other agency or licensing
organization may then make a request supported by the written consent
of the individual for the entire record if it so chooses. No disclosure
will be made unless the information has been determined to be
sufficiently reliable to support a referral to another office within
the agency or to another Federal agency for criminal, civil,
administrative personnel or regulatory action.
To the Office of Management and Budget when necessary to the review
of private relief legislation pursuant to OMB Circular No. A-19.
To a Federal, State, or local agency, or other appropriate entities
or individuals, or through established liaison channels to selected
foreign governments, in order to enable an intelligence agency to carry
out its responsibilities under the National Security Act of 1947 as
amended, the CIA Act of 1949 as amended, Executive Order 12333 or any
successor order, applicable national security directives, or classified
implementing procedures approved by the Attorney General and
promulgated pursuant to such statutes, orders or directives.
To notify another federal agency when, or verify whether, a PIV
card is no longer valid.
To the news media or the general public, factual information the
disclosure of which would be in the public interest and which would not
constitute an unwarranted invasion of personal privacy, consistent with
Freedom of Information Act standards.
Note: Disclosures within the Federal Retirement Thrift
Investment Board of data pertaining to date and time of entry and
exit of an agency employee working in the District of Columbia may
not be made to supervisors, managers or any other persons (other
than the individual to whom the information applies) to verify
employee time and attendance record for personnel actions because 5
U.S.C. 6106 prohibits Federal Executive agencies (other than the
Bureau of Engraving and Printing) from using a recording clock
within the District of Columbia, unless used as a part of a flexible
schedule program under 5 U.S.C. 6120 et seq.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Records are stored on paper and electronically in a secure
location.
RETRIEVABILITY:
Identity records are retrieved by name, Social Security number
(SSN), or fingerprint.
SAFEGUARDS:
Records are maintained in secured areas and electronic systems and
are available only to authorized personnel whose duties require access.
Access to individuals working at guard stations will be password-
protected; each person granted access to the system at guard stations
must be individually authorized to use the system. A Privacy Act
Warning Notice will appear on the monitor screen when records
containing information on individuals are first displayed. Data
exchanged between the servers and the client PCs at the guard
[[Page 50020]]
stations and badging office will be encrypted. Backup tapes will be
stored in a locked and controlled room in a secure, off-site location.
An audit trail is maintained and reviewed periodically to identify
unauthorized access. Persons given roles in the PIV process will be
required to complete training specific to their roles to ensure they
are knowledgeable about how to protect individually identifiable
information.
RETENTION AND DISPOSAL:
These records are retained and disposed of in accordance with
General Records Schedule 18, item 22a, approved by the National
Archives and Records Administration (NARA). The records are disposed in
accordance with our disposal policies which call for burning or
shredding or purging from the Agency's electronic record keeping
systems. Records are destroyed upon notification of death or not later
than five years after separation or transfer of employee to another
agency or department, whichever is applicable.
Records relating to persons' access covered by this system are
retained in accordance with General Records Schedule 18, Item 17
approved by the National Archives and Records Administration (NARA).
The records are disposed in accordance with our disposal policies which
call for burning or shredding or purging from the Agency's electronic
record keeping systems. Unless retained for specific, ongoing security
investigations, records are maintained for two years and then
destroyed.
All other records relating to individuals are retained and disposed
of in accordance with General Records Schedule 18, item 22a, approved
by NARA. The records are disposed in accordance with our disposal
policies which call for burning or shredding or purging from the
Agency's electronic record keeping systems. Records are destroyed upon
notification of death or not later than five years after separation or
transfer of employee, whichever is applicable.
In accordance with HSPD-12, PIV Cards are deactivated within 18
hours of cardholder separation, loss of card, or expiration. The
information on PIV Cards is maintained in accordance with General
Records Schedule 11, Item 4. PIV Cards are destroyed by cross-cut
shredding no later than 90 days after deactivation.
SYSTEM MANAGERS AND ADDRESS:
The Chief Financial Officer maintains the Agency's electronic
identity data and all other records in FRTIB-10. The Chief Financial
Officer may be contacted in writing at 1250 H Street, NW., Washington,
DC 20005.
NOTIFICATION PROCEDURE:
Individuals seeking to determine whether this system of records
contains information about themselves should send inquiries to the
Chief Financial Officer at Federal Retirement Thrift Investment Board,
1250 H Street, NW., Washington, DC 20005. When requesting notification
of or access to records covered by FRTIB-10, an individual should
provide his/her full name, date of birth, social security number, and
home address in order to establish identity.
RECORDS ACCESS PROCEDURES:
Individuals wishing to request access to records about themselves
should contact the Chief Financial Officer. Individuals must supply
their full names for their records to be located and identified.
CONTESTING RECORD PROCEDURES:
Individuals wishing to request amendment of their records under the
provisions of the Privacy Act should contact the Chief Financial
Officer. Individuals must furnish full name for their records to be
located and identified. Individuals should also reasonably identify the
record, specify the information they are contesting, state the
corrective action sought and the reasons for the correction along with
supporting justification showing why the record is not accurate,
timely, relevant, or complete. Rules regarding amendment of Privacy Act
records appear in 5 CFR part 1630.
RECORD SOURCE CATEGORIES:
Information is obtained from a variety of sources including the
employee, contractor, or applicant via use of the SF-85, SF-85P, SF-86,
or FRTIB-2008, and personal interviews; employers' and former
employers' records; FBI criminal history records and other databases;
financial institutions and credit reports; medical records and health
care providers; educational institutions; interviews of witnesses such
as neighbors, friends, co-workers, business associates, teachers,
landlords, or family members; tax records; and other public records.
Security violation information is obtained from a variety of sources,
such as guard reports, security inspections, witnesses, supervisor's
reports, audit reports.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE PRIVACY ACT:
Upon publication of a final rule in the Federal Register, this
system of records will be exempt in accordance with 5 U.S.C.
552a(k)(5). Information will be withheld to the extent it identifies
witnesses promised confidentiality as a condition of providing
information during the course of the background investigation.
[FR Doc. E8-19590 Filed 8-22-08; 8:45 am]
BILLING CODE 6760-01-P