[Federal Register Volume 86, Number 34 (Tuesday, February 23, 2021)]
[Notices]
[Pages 10949-10952]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-03582]


=======================================================================
-----------------------------------------------------------------------

ENVIRONMENTAL PROTECTION AGENCY

[FRL-10019-64-OMS]


Privacy Act of 1974; System of Records

AGENCY: Office of Mission Support (OMS), Environmental Protection 
Agency (EPA).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The U.S. Environmental Protection Agency's (EPA), Office of 
Acquisition Solutions is giving notice that it proposes to create a new 
system of records pursuant to the provisions of the Privacy Act of 
1974. Environmental Protection Agency's Acquisition System (EAS) is an 
automated contract writing and management system with configurable 
workflow used to initiate, award, modify and track acquisition actions 
for the procurement of goods and services.

DATES: Persons wishing to comment on this system of records notice must 
do so by March 25, 2021. New routine uses for this new system of 
records will be effective March 25, 2021.

ADDRESSES: Submit your comments, identified by Docket ID No. EPA-HQ-
OMS-2020-0210, by one of the following methods:
    Regulations.gov: www.regulations.gov. Follow the online 
instructions for submitting comments.
    Email: oei.docket@epa.gov.
    Fax: 202-566-1752.
    Mail: OMS Docket, Environmental Protection Agency, Mail Code: 
2822T, 1200 Pennsylvania Ave. NW, Washington, DC 20460.
    Hand Delivery: OMS Docket, EPA/DC, WJC West Building, Room 3334, 
1301 Constitution Ave. NW, Washington, DC 20460. Such deliveries are 
only accepted during the Docket's normal hours of operation, and 
special arrangements should be made for deliveries of boxed 
information.
    Instructions: Direct your comments to Docket ID No. EPA-HQ-OMS-
2020-0210. The EPA policy is that all comments received will be 
included in the public docket without change and may be made available 
online at www.regulations.gov, including any personal information 
provided, unless the comment includes information claimed to be 
Controlled Unclassified Information (CUI) or other information for 
which disclosure is restricted by statute. Do not submit information 
that you consider to be CUI or otherwise protected through 
www.regulations.gov. The www.regulations.gov website is an ``anonymous 
access'' system for EPA, which means the EPA will not know your 
identity or contact information unless you provide it in the body of 
your comment. Each agency determines submission requirements within 
their own internal processes and standards. EPA has no requirement to 
include personal information. If you send an email comment directly to 
the EPA without going through www.regulations.gov your email address 
will be automatically captured and included as part of the comment that 
is placed in the public docket and made available on the internet. If 
you submit an electronic comment, the EPA recommends that you include 
your name and other contact information in the body of your comment. If 
the EPA cannot read your comment due to technical difficulties and 
cannot contact you for clarification, the EPA may not be able to 
consider your comment. Electronic files should avoid the use of special 
characters, any form of encryption, and be free of any defects or 
viruses. For additional information about the EPA public docket, visit 
the EPA Docket Center homepage at http://www.epa.gov/epahome/dockets.htm.
    Docket: All documents in the docket are listed in the 
www.regulations.gov index. Although listed in the index, some 
information is not publicly available, e.g., CUI or other information 
for which disclosure is restricted by statute. Certain other material, 
such as copyrighted material, will be publicly available only in hard 
copy. Publicly available docket materials are available either 
electronically in www.regulations.gov or in hard copy at the OMS 
Docket, EPA/DC, WJC West Building, Room 3334, 1301 Constitution Ave. 
NW, Washington, DC 20460.

Temporary Hours During COVID-19

    Out of an abundance of caution for members of the public and our 
staff, the EPA Docket Center and Reading Room are closed to the public, 
with limited exceptions, to reduce the risk of transmitting COVID-
19.Our Docket Center staff will continue to provide remote customer 
service via email, phone, and webform. We encourage the public to 
submit comments via https://www.regulations.gov/ or email, as there may 
be a delay in processing mailand faxes. Hand deliveries and couriers 
may be received by scheduled appointment only. For further information 
on EPA Docket Center services and the current status, please visit us 
online at https://www.epa.gov/dockets. The telephone number for the 
Public Reading Room is (202) 566-1744, and the telephone

[[Page 10950]]

number for the OMS Docket is (202) 566-1752.

FOR FURTHER INFORMATION CONTACT: Please submit questions to Victor 
Rodriguez, rodriguez.victor@epa.gov at 202-564-2212 or Richard Belles, 
belles.richard@epa.gov at 202-564-4339.

SUPPLEMENTARY INFORMATION: EAS is built using a commercial off the 
shelf product called PRISM that includes a purchase request form and 
workflow. EAS identifies employees who initiate acquisition actions or 
are assigned to work on these actions and includes those employees' 
Personally Identifiable Information (PII). EAS contains employee first 
name, last name, work email, work telephone number, and Local Area 
Network User Identification. This information is collected and used for 
internal EPA communication purposes and approval routing of the 
acquisition action. Privacy information is protected by limiting EAS 
access to authenticated users. Authentication is controlled using the 
agency's central authentication security controls.

SYSTEM NAME AND NUMBER:
    EPA Acquisition System (EAS), EPA-86.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Office of Acquisition Solutions, Environmental Protection Agency, 
Ronald Reagan Building, 1200 Pennsylvania Avenue NW, Washington, DC 
20460 and at the National Computer Center (NCC), 109 T.W. Alexander 
Drive RTP, NC 27711 for hosting.

SYSTEM MANAGER:
    Kimberly Patrick, patrick.kimberly@epa.gov, 202-566-2605, Director, 
Office of Acquisition Solutions, Environmental Protection Agency, 
Ronald Reagan Building, 1200 Pennsylvania Avenue NW, Washington, DC 
20460.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Executive Order 12072 (Aug. 16, 1978); Federal Property and 
Administrative Services Act of 1949, 40 U.S.C. 121; Office of Federal 
Procurement Policy Act of 1974 41 U.S.C. 1702.

PURPOSE(S) OF THE SYSTEM:
    EPA uses EAS to initiate, award, modify and track acquisition 
actions. EAS identifies employees who initiate acquisition actions or 
are assigned to work on these actions. Specifically, the system tracks 
the requisitioner, contract official, contract specialist, and 
approving officials for each acquisition action.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Categories of individuals covered are EPA employees, that are the: 
(a) EPA Project Officer, i.e., the individual who is responsible for 
the review and evaluation of the application or proposal and the 
monitoring of a resulting contract acquisition; (b) EPA Program 
Official, i.e., the individual who is responsible for review and 
approval of applications or proposals for funding; (c) EPA Budget 
Official, i.e., the individual who is responsible for certifying 
availability of funds for approved applications or proposals; (d) EPA 
Contracting Officer or Contract Specialist, i.e., individuals who are 
responsible for awarding and administering contracts and (e) EPA Merit/
Peer Reviewers, i.e., individuals who provide a written review or 
evaluation of the application or proposal to the EPA Project Officer.

CATEGORIES OF RECORDS IN THE SYSTEM:
    EAS collects employee first name, last name, work email, work 
telephone, EPA employee ID and LAN User ID information. The system also 
collects other information required for the tracking or approval of a 
contract action including contract proposals, technical reviews by a 
peer reviewer, records of contract awards, financial data, and other 
information. EAS also collects Vendor Contact information including 
Vendor Code, Legal Name, Data Universal Numbering System (DUNS) ID (a 9 
character identifier used for identifying the Vendor), Cage Code (used 
to provide a standardized method of identifying a given facility at a 
specific location), address, phone number, fax number, and email 
address.

RECORD SOURCE CATEGORIES:
    EAS collects EPA employee information from EPA's directory service. 
Contract proposals and vendor information is collected directly from 
the user via the federal government's System for Award Management 
(SAM).

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    The following new or modified routine uses apply to this system 
because the use of the record is necessary for the efficient conduct of 
the government. The routine uses for this system are compatible with 
the purpose for which their records are collected. The information may 
be disclosed to and for the following EPA General Routine Uses, 
published at 73 FR 2245: A, B, C, D, E, F, G, H, I, J and K. Routine 
uses L, and M apply in accordance with OMB M-17-12.
    A. Disclosure for Law Enforcement Purposes. Information may be 
disclosed to the appropriate Federal, State, local, tribal, or foreign 
agency responsible for investigating, prosecuting, enforcing, or 
implementing a statute, rule, regulation, or order, if the information 
is relevant to a violation or potential violation of civil or criminal 
law or regulation within the jurisdiction of the receiving entity.
    B. Disclosure Incident to Requesting Information. Information may 
be disclosed to any source from which additional information is 
requested (to the extent necessary to identify the individual, inform 
the source of the purpose of the request, and to identify the type of 
information requested), when necessary to obtain information relevant 
to an agency decision concerning retention of an employee or other 
personnel action (other than hiring), retention of a security 
clearance, the letting of a contract, or the issuance or retention of a 
grant, or other benefit.
    C. Disclosure to Requesting Agency. Disclosure may be made to a 
Federal, State, local, foreign, or tribal or other public authority of 
the fact that this system of records contains information relevant to 
the retention of an employee, the retention of a security clearance, 
the letting of a contract, or the issuance or retention of a license, 
grant, or other benefit. The other agency or licensing organization may 
then make a request supported by the written consent of the individual 
for the entire record if it so chooses. No disclosure will be made 
unless the information has been determined to be sufficiently reliable 
to support a referral to another office within the agency or to another 
Federal agency for criminal, civil, administrative, personnel, or 
regulatory action.
    D. Disclosure to Office of Management and Budget. Information may 
be disclosed to the Office of Management and Budget at any stage in the 
legislative coordination and clearance process in connection with 
private relief legislation as set forth in OMB Circular No. A-19.
    E. Disclosure to Congressional Offices. Information may be 
disclosed to a congressional office from the record of an individual in 
response to an inquiry from the congressional office made at the 
request of the individual.
    F. Disclosure to Department of Justice. Information may be 
disclosed to the Department of Justice, or in a proceeding before a 
court, adjudicative body, or other administrative body

[[Page 10951]]

before which the Agency is authorized to appear, when:
    1. The Agency, or any component thereof;
    2. Any employee of the Agency in his or her official capacity;
    3. Any employee of the Agency in his or her individual capacity 
where the Department of Justice or the Agency have agreed to represent 
the employee; or
    4. The United States, if the Agency determines that litigation is 
likely to affect the Agency or any of its components, is a party to 
litigation or has an interest in such litigation, and the use of such 
records by the Department of Justice or the Agency is deemed by the 
Agency to be relevant and necessary to the litigation provided, 
however, that in each case it has been determined that the disclosure 
is compatible with the purpose for which the records were collected.
    G. Disclosure to the National Archives. Information may be 
disclosed to the National Archives and Records Administration in 
records management inspections.
    H. Disclosure to Contractors, Grantees, and Others. Information may 
be disclosed to contractors, grantees, consultants, or volunteers 
performing or working on a contract, service, grant, cooperative 
agreement, job, or other activity for the Agency and who have a need to 
have access to the information in the performance of their duties or 
activities for the Agency. When appropriate, recipients will be 
required to comply with the requirements of the Privacy Act of 1974 as 
provided in 5 U.S.C. 552a(m).
    I. Disclosures for Administrative Claims, Complaints and Appeals. 
Information from this system of records may be disclosed to an 
authorized appeal grievance examiner, formal complaints examiner, equal 
employment opportunity investigator, arbitrator or other person 
properly engaged in investigation or settlement of an administrative 
grievance, complaint, claim, or appeal filed by an employee, but only 
to the extent that the information is relevant and necessary to the 
proceeding. Agencies that may obtain information under this routine use 
include, but are not limited to, the Office of Personnel Management, 
Office of Special Counsel, Merit Systems Protection Board, Federal 
Labor Relations Authority, Equal Employment Opportunity Commission, and 
Office of Government Ethics.
    J. Disclosure to the Office of Personnel Management. Information 
from this system of records may be disclosed to the Office of Personnel 
Management pursuant to that agency's responsibility for evaluation and 
oversight of Federal personnel management.
    K. Disclosure in Connection with Litigation. Information from this 
system of records may be disclosed in connection with litigation or 
settlement discussions regarding claims by or against the Agency, 
including public filing with a court, to the extent that disclosure of 
the information is relevant and necessary to the litigation or 
discussions and except where court orders are otherwise required under 
section (b)(11) of the Privacy Act of 1974, 5 U.S.C. 552a(b)(11).
    L. Disclosure to Persons or Entities in Response to an Actual or 
Suspected Breach of Personally Identifiable Information. To appropriate 
agencies, entities, and persons when (1) the Agency suspects or has 
confirmed that there has been a breach of the system of records, (2) 
the Agency has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, the Agency 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the Agency's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    M. Disclosure to assist another agency in its efforts to respond to 
a breach. To another Federal agency or Federal entity, when the Agency 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    These records are maintained electronically on computer storage 
devices such as computer tapes and disks. The computer storage devices 
are located at EPA, Office of Acquisition Solutions, 1200 Pennsylvania 
Ave. NW, Washington, DC 20460. Backups will be maintained at disaster 
recovery sites, located at EPA Potomac Yards South (PYS) Data Center, 
2777 Crystal Drive, Arlington, VA 22202 and EPA's National Computing 
Data Center (NCC), 109 T.W. Alexander Drive, Durham, NC 27709. Computer 
records are maintained in a secure, password protected environment. 
Access to computer records is limited to those who have a need to know. 
All EAS user accounts are assigned permissions as needed based on their 
job functions. Permission level assignments will allow users access 
only to those functions for which they are authorized. All records are 
maintained in secure, access-controlled areas or buildings.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by the first name and last name of EPA 
employee, User ID, or Vendor ID (DUNS codes) associated with contracts.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    EPA will retain and dispose of EAS records in accordance with the 
National Archives and Records Administration General Records Schedule, 
and EPA Records Schedule 055. EAS records are retained for at least 6 
years after contract closeout for non-Superfund actions, and 30 years 
after contract closeout for Superfund site actions.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Security controls used to protect Personally Identifiable 
Information in EPA Acquisition System (EAS) are commensurate with those 
required for an information system rated moderate for confidentiality, 
integrity, and availability, as prescribed in NIST Special Publication, 
800-53, ``Recommended Security Controls for Federal Information 
Systems,'' Revision 4.

ADMINISTRATIVE SAFEGUARDS:
    EPA personnel are required to complete annual agency Information 
Security and Privacy training. EPA personnel are instructed to lock 
their computers when they leave their desks.

TECHNICAL SAFEGUARDS:
    Electronic records are maintained in a secure, password protected 
electronic system. EAS access is limited to authorized, authenticated 
users. All of the system's electronic communication utilizes Transport 
Layer Security (TLS) secure communication protocol for all 
transactions.

PHYSICAL SAFEGUARDS:
    All records are maintained in secure, access-controlled areas or 
buildings.
    Paper records are maintained in locked file cabinets.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to information in this system of records

[[Page 10952]]

about themselves are required to provide adequate identification (e.g., 
driver's license, military identification card, employee badge or 
identification card). Additional identity verification procedures may 
be required, as warranted. Requests must meet the requirements of EPA 
regulations that implement the Privacy Act of 1974, at 40 CFR part 16.

CONTESTING RECORD PROCEDURES:
    Requests for correction or amendment must identify the record to be 
changed and the corrective action sought. Complete EPA Privacy Act 
procedures are described in EPA's Privacy Act regulations at 40 CFR 
part 16.

NOTIFICATION PROCEDURE:
    Any individual who wants to know whether this system of records 
contains a record about themselves, should make a written request to 
the Attn: Agency Privacy Officer, MC 2831T, 1200 Pennsylvania Ave. NW, 
Washington, DC 20460, privacy@epa.gov.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Vaughn Noga,
Senior Agency Official for Privacy.
[FR Doc. 2021-03582 Filed 2-22-21; 8:45 am]
BILLING CODE 6560-50-P


