[Federal Register Volume 86, Number 34 (Tuesday, February 23, 2021)]
[Notices]
[Pages 10953-10955]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-03584]


-----------------------------------------------------------------------

ENVIRONMENTAL PROTECTION AGENCY

[FRL-10017-77-OMS]


Privacy Act of 1974; System of Records

AGENCY: Office of Mission Support (OMS), Environmental Protection 
Agency (EPA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The U.S. Environmental Protection Agency's (EPA), Office of 
Mission Support (OMS) is giving notice that it proposes to create a new 
system of records pursuant to the provisions of the Privacy Act of 1974 
(Privacy Act). The Online Library System (OLS) is being created as a 
data management system that allows the EPA to collect, store, retrieve 
and upload data about the collection of the libraries within the EPA 
National Library Network. The Circulation module of OLS collects 
Personally Identifiable Information (PII) that is subject to the 
Privacy Act.

DATES: Persons wishing to comment on this system of records notice must 
do so by March 25, 2021. Routine uses for this new system of records 
will be effective March 25, 2021.

ADDRESSES: Submit your comments, identified by Docket ID No.OMS-2019-
0646, by one of the following methods:
    Regulations.gov: www.regulations.gov. Follow the online 
instructions for submitting comments.
    Email: oei.docket@epa.gov.
    Fax: 202-566-1752.
    Mail: OMS Docket, Environmental Protection Agency, Mail Code: 
2822T, 1200 Pennsylvania Ave. NW, Washington, DC 20460.
    Hand Delivery: OMS Docket, EPA/DC, WJC West Building, Room 3334, 
1301 Constitution Ave. NW, Washington, DC 20460. Such deliveries are 
only accepted during the Docket's hours of operation, and special 
arrangements should be made for deliveries of boxed information.
    Instructions: Direct your comments to Docket ID No. OMS-2019-0646. 
The EPA's policy is that all comments received will be included in the 
public docket without change and may be made available online at 
www.regulations.gov, including any personal information provided, 
unless the comment includes information claimed to be Controlled 
Unclassified Information (CUI) or other information for which 
disclosure is restricted by statute. Do not submit information that you 
consider to be CUI or otherwise protected through www.regulations.gov. 
The www.regulations.gov website is an ``anonymous access'' system for 
EPA, which means the EPA will not know your identity or contact 
information unless you provide it in the body of your comment. Each 
agency determines submission requirements within their own internal 
processes and standards. EPA has no requirement of personal 
information. If you send an email comment directly to the EPA without 
going through www.regulations.gov your email address will be 
automatically captured and included as part of the comment that is 
placed in the public docket and made available on the internet. If you 
submit an electronic comment, the EPA recommends that you include your 
name and other contact information in the body of your comment. If the 
EPA cannot read your comment due to technical difficulties and cannot 
contact you for clarification, the EPA may not be able to consider your 
comment. Electronic files should avoid the use of special characters, 
any form of encryption, and be free of any defects or viruses. For 
additional information about the EPA public docket, visit the EPA 
Docket Center homepage at http://www.epa.gov/epahome/dockets.htm.
    Docket: All documents in the docket are listed in the 
www.regulations.gov index. Although listed in the index, some 
information is not publicly available, e.g., CUI or other information 
for which disclosure is restricted by statute. Certain other material, 
such as copyrighted material, will be publicly available only in hard 
copy. Publicly available docket materials are available either 
electronically in www.regulations.gov or in hard copy at the OMS 
Docket, EPA/DC, WJC West Building, Room 3334, 1301 Constitution Ave. 
NW, Washington, DC 20460. The Public Reading Room is normally open from 
8:30 a.m. to 4:30 p.m., Monday through Friday excluding legal holidays. 
The telephone number for the Public Reading Room is (202) 566-1744, and 
the telephone number for the OMS Docket is (202) 566-1752.
    Out of an abundance of caution for members of the public and our 
staff, the EPA Docket Center and Reading Room are closed to the public, 
with limited exceptions, to reduce the risk of transmitting COVID-19. 
Our Docket Center staff will continue to provide remote customer 
service via email, phone, and webform. We encourage the public to 
submit comments via https://www.regulations.gov/ or email, as there may 
be a delay in processing mail and faxes. Hand deliveries and couriers 
may be received by scheduled appointment only. For further information 
on EPA Docket Center services and the current status, please visit us 
online at https://www.epa.gov/dockets.

FOR FURTHER INFORMATION CONTACT: Deborah Balsamo, OMS, Office of 
Enterprise Information Programs, 109 T.W. Alexander Dr., Mail code 
N127-05, Research Triangle Park, NC 27709; balsamo.deborah@epa.gov, 
(919) 541-9412.

SUPPLEMENTARY INFORMATION: OLS is a data management system that serves 
the EPA National Library Network. OLS is comprised of the National 
Library Catalog database and four operations modules: Serials 
Management, to track library subscriptions; Dispersals Management, to 
track the removal of library materials from their collections; Catalog 
Maintenance, which allows libraries to manage their specific library 
holdings records; and Circulation Management, which allows authorized 
library staff to register individuals who wish to borrow materials held 
in the library and track borrowed materials. The National Library 
Catalog database allows individuals to search for materials available 
in the collections of the 24 libraries within the EPA National Library 
Network. While the library holdings records in the National Library 
Catalog are accessible by the public, the operations and records 
management tools of the four modules are solely maintained by 
authorized library staff. The Circulation Management module is the only 
module of OLS that collects and uses PII that is also Privacy Act 
information.

SYSTEM NAME AND NUMBER:
    Online Library System (OLS)--EPA-82.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    OLS is owned by the Office of Mission Support (OMS) and hosted at 
the EPA's National Computer Center at Research Triangle Park, NC. OMS 
Headquarters is located at Environmental Protection Agency (EPA), 1301 
Constitution Ave. NW, Washington, DC 20460. The EPA's National Computer 
Center is at 109

[[Page 10954]]

Alexander Drive, Research Triangle Park, NC 27709.

SYSTEM MANAGER(S):
    Deborah Balsamo, National Program Manager, OMS, Office of 
Enterprise Information Programs, 109 T.W. Alexander Dr., Research 
Triangle Park, NC 27709, Mail code N127-05; balsamo.deborah@epa.gov; 
(919) 541-9412.

AUTHORITY FOR MAINTENANCE OR THE SYSTEM:
    5 U.S.C. 301 ``Departmental Regulations,'' 44 U.S.C. 3101 ``Records 
Management by Federal Agency Heads.''

PURPOSE(S) OF THE SYSTEM:
    OLS is the data management system that serves to enable and enhance 
operations of the libraries in the EPA National Library Network.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who register to borrow materials from the Library can 
be EPA employees, EPA contractors, and non-EPA individuals.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Circulation data consists of descriptive information about the 
library materials each patron has requested. Patron data consists of 
category (EPA employee, contractor, general public), name, optional 
address, email address, and optional phone number (for EPA staff and 
contractors these data consist only of work address, work email, work 
phone number, EPA office, and project officer (for contractors)).

RECORD SOURCE CATEGORIES:
    The information for establishing a patron record in the Circulation 
module is obtained from the patron themselves and entered into the 
system by authorized library staff. There are three mandatory fields 
(name, email, office/division). If a requestor does not have an office 
the librarian can enter (N/A or none).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    The following routine uses apply to this system because the use of 
the record is necessary for the efficient conduct of government 
operations. The routine uses are related to and compatible with the 
original purpose for which the information was collected. The last two 
routine uses are required under OMB M-17-12.
    A. Disclosure for Law Enforcement Purposes: Information may be 
disclosed to the appropriate Federal, State, local, tribal or foreign 
agency responsible for investigating, prosecuting, enforcing, or 
implementing a statute, rule, regulation, or order, if the information 
is relevant to a violation or potential violation of civil or criminal 
law or regulation within the jurisdiction of the receiving entity.
    B. Disclosure Incident to Requesting Information: Information may 
be disclosed to any source from which additional information is 
requested (to the extent necessary to identify the individual, inform 
the source of the purpose of the request, and to identify the type of 
information requested) when necessary to obtain information relevant to 
an agency decision concerning retention of an employee or other 
personnel action (other than hiring) retention of a security clearance, 
the letting of a contract, or the issuance or retention of a grant, or 
other benefit.
    C. Disclosure to Requesting Agency: Disclosure may be made to a 
Federal, State, local, foreign, or tribal or other public authority of 
the fact that this system of records contains information relevant to 
the retention of an employee, the retention of a security clearance, 
the letting of a contract, or the issuance or retention of a license, 
grant, or other benefit. The other agency or licensing organization may 
then make a request supported by the written consent of the individual 
for the entire record if it so chooses. No disclosure will be made 
unless the information has been determined to be sufficiently reliable 
to support a referral to another office within the agency or to another 
Federal agency for criminal, civil, administrative, personnel, or 
regulatory action.
    D. Disclosure to Office of Management and Budget: Information may 
be disclosed to the Office of Management and Budget at any stage in the 
legislative coordination and clearance process in connection with 
private relief legislation as set forth in OMB Circular No. A-19.
    E. Disclosure to Congressional Offices: Information may be 
disclosed to a congressional office from the record of an individual in 
response to an inquiry from the congressional office made at the 
request of the individual.
    F. Disclosure to Department of Justice: Information may be 
disclosed to the Department of Justice, or in a proceeding before a 
court, adjudicative body, or other administrative body before which the 
Agency is authorized to appear when:
    1. The Agency, or any component thereof;
    2. Any employee of the Agency in his or her official capacity;
    3. Any employee of the Agency in his or her individual capacity 
where the Department of Justice or the Agency have agreed to represent 
the employee; or
    4. The United States, if the Agency determines that litigation is 
likely to affect the Agency or any of its components, is a party to 
ligation or has an interest in such litigation, and the use of such 
records by the Department of Justice or the Agency is deemed by the 
Agency to be relevant and necessary to the litigation provided, 
however, that in each case it has been determined that the disclosure 
is compatible with the purpose for which the records were collected.
    G. Disclosure to the National Archives: Information may be 
disclosed to the National Archives and Records Administration in 
records management inspections.
    H. Disclosure to Contractors, Grantees, and Others: Information may 
be disclosed to EPA employees, contractors, grantees, consultants, or 
volunteers performing or working on a contract, service, grant, 
cooperative agreement, job or other activity for the Agency and who 
have a need to have access to the information in the performance of 
their duties or activities for the Agency. When appropriate, recipients 
will be required to comply with the requirement of the Privacy Act of 
1974, as provided in 5 U.S.C. 552a(m).
    I. Disclosures for Administrative Claims, Complaints and Appeals: 
Information from this system of records may be disclosed to an 
authorized appeal grievance examiner, formal complaints examiner, equal 
employment opportunity investigator, arbitrator or other person 
properly engaged in investigation or settlement of an administrative 
grievance, complaint, claim, or appeal filed by an employee, but only 
to the extent that the information is relevant and necessary to the 
proceeding. Agencies that may obtain information under this routine use 
include, but are not limited to, the Office of Personnel Management, 
Office of Special Counsel, Merit Systems Protection Board, Federal 
Labor Relations Authority, Equal Employment Opportunity Commission, and 
Office of Government Ethics.
    J. Disclosure to the Office of Personnel Management: Information 
from this system of records may be disclosed to the Office of Personnel 
Management pursuant to that agency's responsibility for evaluation and 
oversight of Federal personnel management.
    K. Disclosure in Connection With Litigation: Information from this 
system

[[Page 10955]]

of records may be disclosed in connection with litigation or settlement 
discussions regarding claims by or against the Agency, including public 
filing with a court, to the extent that disclosure of the information 
is relevant and necessary to the litigation or discussions and except 
where court orders are otherwise required under section (b)(11) of the 
Privacy Act of 1974, 5 U.S.C. 552a(b)(11).
    L. Disclosure to Persons or Entities in Response to an Actual of 
Suspected Breach of Personally Identifiable Information: To appropriate 
agencies, entities, and persons when (1) the Agency suspects or has 
confirmed that there has been a breach of the system of records; (2) 
the Agency has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, the Agency 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the Agency's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    M. Disclosure To Assist Another Agency in Its Efforts to Respond to 
a Breach: To another Federal agency or Federal entity, when the Agency 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    These records are maintained electronically on secure password 
protected servers. The secure servers and storage system reside in the 
National Computer Center's second floor computer room, 109 T.W. 
Alexander Drive, Research Triangle Park, NC 27709. Backups reside on a 
backup disk-based appliance and are replicated daily to an EPA-approved 
offsite location at Room S4730, 2777 Crystal Drive, Arlington, VA 
22202.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by patron's first and last name, email 
address, and system-generated unique patron ID. Records are only 
retrievable by authorized library employees (who are EPA employees and 
contractors). These authorized library employees may only access patron 
data for the library at which the library employee works. The OLS 
Database Administrator, a library contractor, has access to all records 
in the OLS system and its modules.

 POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    EPA will retain and dispose of these records in accordance with the 
National Archives and Records Administration General Records Schedule. 
OMS has established EPA record schedule 0088 for OLS. Records will be 
deleted or destroyed when the Agency determines they are no longer 
needed for administrative, legal, audit, or other purposes. The 
schedule provides disposal authorization for electronic files and hard 
copy printouts created to monitor system usage, including log-in files, 
audit trail files, and system usage files. EPA will delete or destroy 
records when it determines they are no longer needed for 
administrative, legal, audit, or other purposes.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    EPA uses security controls to protect PII/Privacy Act information 
in OLS commensurate with controls required for an information system 
rated moderate for confidentiality, integrity, and availability, as 
prescribed in NIST Special Publication, 800-53, ``Recommended Security 
Controls for Federal Information Systems,'' Revision 4.
    Administrative Safeguards: EPA employees and contractors must 
complete annual agency training for Information Security and Privacy. 
EPA instructs contractors and employees to lock and secure their 
computers when unattended.
    Technical Safeguards: The OLS Database Administrator, a library 
contractor, establishes authorized library employees upon request of 
the local library manager (EPA staff). Permission level assignments 
allow authorized users to access only those functions and records 
specific to the module they are using and their local library. EPA also 
has technical security measures including restrictions on computer 
access to authorized individuals and required use of a personal 
identity verification (PIV) card and password.
    Physical Safeguards: EPA equipment used for OLS is located in a 
secure area of the National Computer Center, 109 T.W. Alexander Drive, 
Research Triangle Park, NC 27709.

RECORD ACCESS PROCEDURES:
    EPA requires individuals seeking access to information in this 
system of records about themselves to provide adequate identification 
documentation (e.g., driver's license, military identification card, 
employee badge or identification card). Additional identity 
verification procedures may be required, as warranted. Requests must 
meet the requirements of EPA regulations that implement the Privacy Act 
of 1974, at 40 CFR part 16.

CONTESTING RECORD PROCEDURES:
    Any individual who requests correction or amendment of OLS records 
must identify the record to be changed and the corrective action 
sought. Complete EPA Privacy Act procedures are described in EPA's 
Privacy Act regulations at 40 CFR part 16.

NOTIFICATION PROCEDURE:
    Any individual who wishes to know whether this system of records 
contains a record about themselves, and to obtain a copy of any such 
record(s), should make a written request to the Attn: Agency Privacy 
Officer, MC 2831T, 1200 Pennsylvania Ave. NW, Washington, DC 20460, 
privacy@epa.gov.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Vaughn Noga,
Senior Agency Official for Privacy.
[FR Doc. 2021-03584 Filed 2-22-21; 8:45 am]
BILLING CODE 6560-50-P


