84 FR 18268 - Privacy Act of 1974; System of Records

The Freedom of Information Act (FOIA) gives the public the right to access many types of records which are maintained by a Federal agency. The Privacy Act gives the public the right to access and amend many types of records about themselves which are maintained by a Federal agency. In accordance with the Privacy Act, the Corporation for National and Community Service (CNCS) Office of General Counsel proposes to modify and rename a current CNCS system of records, Freedom of Information Act and Privacy Act Request Files--Corporation-12 (67 FR 4395, 4406, January 30, 2002), to include substantive changes and modifications described in detail in the supplementary section. CNCS uses the system of records to: 1. Track, process, and respond to CNCS's FOIA and Privacy Act inquiries and any disputes involving those inquiries (collectively, ``Requests''); 2. Create reports about those Requests for oversight and reporting purposes; and 3. Execute other responsibilities related to FOIA and the Privacy Act. The records in the system, stored in both paper and electronic form include, but are not limited to: FOIA and Privacy Act requests, follow- up correspondence, documents created to prepare responses, redacted and unredacted copies of responsive records, and final responses.

[Federal Register Volume 84, Number 83 (Tuesday, April 30, 2019)]
[Notices]
[Pages 18268-18270]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2019-08657]


=======================================================================
-----------------------------------------------------------------------

CORPORATION FOR NATIONAL AND COMMUNITY SERVICE


Privacy Act of 1974; System of Records

AGENCY: Corporation for National and Community Service.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: The Freedom of Information Act (FOIA) gives the public the 
right to access many types of records which are maintained by a Federal 
agency. The Privacy Act gives the public the right to access and amend 
many types of records about themselves which are maintained by a 
Federal agency. In accordance with the Privacy Act, the Corporation for 
National and Community Service (CNCS) Office of General Counsel 
proposes to modify and rename a current CNCS system of records, Freedom 
of Information Act and Privacy Act Request Files--Corporation-12 (67 FR 
4395, 4406, January 30, 2002), to include substantive changes and 
modifications described in detail in the supplementary section.
    CNCS uses the system of records to:
    1. Track, process, and respond to CNCS's FOIA and Privacy Act 
inquiries and any disputes involving those inquiries (collectively, 
``Requests'');
    2. Create reports about those Requests for oversight and reporting 
purposes; and
    3. Execute other responsibilities related to FOIA and the Privacy 
Act.
    The records in the system, stored in both paper and electronic form 
include, but are not limited to: FOIA and Privacy Act requests, follow-
up correspondence, documents created to prepare responses, redacted and 
unredacted copies of responsive records, and final responses.

DATES: You may submit comments until May 30, 2019. This System of 
Records Notice (SORN) will be effective May 31, 2019 unless CNCS 
receives any timely comments which would result in a contrary 
determination.

ADDRESSES: You may submit comments, identified by system name and 
number, to CNCS via any of the following methods:
    1. Electronically through regulations.gov.
    Once you access regulations.gov, locate the web page for this SORN 
by searching for CNCS-02-OGC-FOIA/PA--Freedom of Information Act 
(FOIA)/Privacy Act (PA) Request Files. If you upload any files, please 
make sure they include your first name, last name, and the name of the 
proposed SORN.
    2. By email at [email protected].
    3. By mail: Corporation for National and Community Service, Attn: 
Chief Privacy Officer, OIT, 250 E St. SW, Washington, DC 20525.
    4. By hand delivery or courier to CNCS at the address for mail 
between 9:00 a.m. and 4:00 p.m. Eastern Standard Time, Monday through 
Friday, except for Federal holidays.
    Please note that all submissions received may be posted without 
change to regulations.gov, including any personal information.

FOR FURTHER INFORMATION CONTACT: If you have general questions about 
the system of record, you can email them to [email protected] or mail them 
to the address in the ADDRESSES section above. Please include the 
system of record's name and number.

SUPPLEMENTARY INFORMATION: This notice serves to update and modify 
CNCS's system of records notice titled ``CORPORATION-12'' to 
incorporate changes to the system, include more details, and conform to 
SORN template requirements prescribed in Office of Management and 
Budget Circular No. A-108. The substantive changes and modifications to 
the currently published version of CORPORATION-12 include:
    1. Renumbering and renaming the SORN as CNCS-02-OGC-FOIA/PA--
Freedom of Information Act (FOIA)/Privacy Act (PA) Request Files.
    2. Stating that the records in the system are Unclassified.
    3. Updating all addresses to reflect the system's new location.
    4. Expanding the purpose of the system to manage all aspects of the 
FOIA and Privacy Act Request process.
    5. Stating that the system may also include information about 
individuals who help fulfill a Request or are referenced in the 
requested records.
    6. Replacing the current set of routine uses with new and modified 
routine uses that are specific to the system.
    7. Stating that records may also be retrieved by the name of the 
individual who filed a Request.
    8. Revising the retention and disposal section to reflect updated 
guidance from the National Archives and Records Administration.
    9. Revising the safeguards section to reflect updated cybersecurity 
guidance and practices.
    10. Updating the record access, contesting record, and notification 
procedures to inform individuals that they may email or fax an inquiry, 
establish a more efficient process, and clarify what individuals should 
include in an inquiry.
    CNCS determined that these changes are the most efficient, logical, 
taxpayer-friendly, and user-friendly method of complying with the 
publication requirements of the Privacy Act. The subject records 
reflect a common purpose, common functions, and common user community. 
This Notice of a Modified Systems of Records, as required by 5 U.S.C. 
552a, also fully complies with all Office of Management and Budget 
policies.
SYSTEM NAME AND NUMBER
    CNCS-02-OGC-FOIA/PA--Freedom of Information Act (FOIA)/Privacy Act 
(PA) Request Files.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Office of General Counsel, Corporation for National and Community 
Service, 250 E St. SW, Washington, DC 20525.

SYSTEM MANAGER(S):
    FOIA Officer/Privacy Act Officer, Office of General Counsel, 
Corporation for National and Community Service, 250 E St. SW, 
Washington, DC 20525.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The Freedom of Information Act of 1966, as amended, and the Privacy 
Act of 1974, as amended.

PURPOSE(S) OF THE SYSTEM:
    The Corporation for National and Community Service (CNCS) Office of 
General Counsel uses the system to:
     Track, process, and respond to CNCS's FOIA and Privacy Act 
inquiries and any disputes involving those inquiries (collectively, 
``Requests'');
     Create reports about those Requests for oversight and 
reporting purposes; and
     Execute other responsibilities related to those Requests.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The system contains records about individuals who:
     Sent a written Request to CNCS which cited to, or was 
handled according to, FOIA or the Privacy Act, plus anyone who 
represented those individuals (collectively, ``Requestors'');
     Participate in responding to a Request on behalf of CNCS 
(collectively, ``Respondents'');

[[Page 18269]]

     Are the subject of a Request;
     Are referenced in the requested records; and
     Are otherwise connected to a Request.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Records in the system may contain:
     Requests;
     Correspondence with Requestors to establish their 
identities, clarify Requests, discuss fees, and discuss the timing of 
responses;
     Intra-agency search process correspondence;
     Written decisions to release or withhold requested 
records;
     Redacted and unredacted copies of responsive records; and
     Final responses to Requesters.

RECORD SOURCE CATEGORIES:
    The sources of records in the system include Requestors and 
Respondents. The documents gathered to respond to a Request can come 
from, but are not limited to, CNCS'S system of records, individuals and 
their representatives, public sources, and other entities connected to 
CNCS.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in the system may be disclosed to authorized 
entities, as is determined to be relevant and necessary, as a routine 
use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. To another Federal, foreign, state, local, tribal, or other 
public agency with an interest in, or control over, information in 
records responsive to or otherwise related to a Request, for the 
following purposes:
    a. Consulting the other agency for its views about providing access 
to the information or assistance in verifying the identity or 
background information of an individual or the accuracy of information 
sought to be amended or corrected;
    b. Informing the other agency of CNCS'S response or intended 
response; or
    c. Referring the request to the most appropriate federal agency for 
response.
    2. When FOIA permits CNCS to exempt a record from disclosure, the 
identity of the Requestor and a description of the requested record may 
be disclosed to the subject of the record, or the individual or entity 
that provided the record, to obtain their view on whether the 
information should be released.
    3. To the Office of the President, a Member of Congress, or their 
staff in response to a Request made on behalf of, and at the request 
of, the individual who is the subject of the record. These advocates 
will receive the same records that individuals would have received if 
they filed their own Request.
    4. To the Department of Justice (DOJ) to obtain DOJ's advice on 
whether records must be disclosed under FOIA and the Privacy Act in 
response to a Request.
    5. To the DOJ when:
    a. The agency, or any component thereof;
    b. Any employee of the agency in his or her official capacity;
    c. Any employee of the agency in his or her individual capacity 
where DOJ has agreed to represent the employee; or
    d. The United States, where the agency determines that litigation 
is likely to affect the agency or any of its components is a party to 
litigation or has an interest in litigation, and the use of such 
records by the DOJ is deemed by the agency to be relevant and necessary 
to the litigation, provided, however, that in each case, the agency 
determines that disclosure of the records to the DOJ is a use of the 
information contained in the records that is compatible with the 
purpose for which the records were collected.
    6. To a court, administrative body, or adjudicative body before 
which the agency is authorized to appear, when:
    a. The agency, or any component thereof;
    b. Any employee of the agency in his or her official capacity;
    c. Any employee of the agency in his or her individual capacity 
where the agency has agreed to represent the employee; or
    d. The United States, where the agency determines that litigation 
is likely to affect the agency or any of its components, is a party to 
litigation or has an interest in litigation, and the use of such 
records by the DOJ is deemed by the agency to be relevant and necessary 
to the litigation, provided, however, that in each case, the agency 
determines that disclosure of the records to the DOJ is a use of the 
information contained in the records that is compatible with the 
purpose for which the records were collected.
    7. To prospective claimants and their attorneys to negotiate the 
settlement of an actual or prospective claim against CNCS or its 
current or former employees, in advance of the initiation of formal 
litigation or proceedings.
    8. To another Federal or State agency, a court, or a party in 
litigation or in an administrative or adjudicative proceeding conducted 
by a Federal or State agency, when the Government is a party to the 
judicial or administrative proceeding and the record is relevant and 
necessary to that proceeding.
    9. To an appropriate Federal, State, local, tribal, international, 
or foreign law enforcement agency or other appropriate authority 
charged with investigating or prosecuting a violation or enforcing or 
implementing a statute, rule, regulation, or order, when a record, 
either on its face or in conjunction with other information, indicates 
a violation or potential violation of civil or criminal law or 
regulatory violations and such disclosure is proper and consistent with 
the official duties of the person making the disclosure.
    10. To an agency or organization to audit or oversee operations as 
authorized by law, but only such information as is necessary and 
relevant to such audit or oversight function.
    11. To appropriate agencies, entities, and persons when:
    a. CNCS suspects or has confirmed that there has been a breach of 
the system of records;
    b. CNCS has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, CNCS 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and
    c. The disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with CNCS's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    12. To another Federal agency or Federal entity, when CNCS 
determines that information from the system of records is reasonably 
necessary to assist the recipient agency or entity in:
    a. Responding to a suspected or confirmed breach or
    b. Preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    13. To the National Archives and Records Administration (NARA) as 
needed to assist CNCS with records management, conduct inspections of 
CNCS's records management practices, and carry out other activities 
required by 44 U.S.C. 2904 and 2906.
    14. To NARA's Office of Government Information Services so that it 
may review agency compliance with FOIA, provide mediation services to 
resolve

[[Page 18270]]

FOIA disputes, and identify policies and procedures for improving FOIA 
compliance, and to the extent necessary to fulfill its responsibilities 
as required by 5 U.S.C. 552(h)(2-3).
    15. To a Federal agency in connection with hiring or retaining an 
employee, vetting a service member, in response to the issuance of a 
security clearance, conducting of a background, suitability or security 
investigation of an individual, classifying jobs, the letting of a 
contract, or the issuance of a license, contract, grant, or other 
benefit by the requesting agency, and to the extent that the 
information is relevant and necessary to the requesting agency's 
decision on the matter.
    16. To agency contractors, grantees, interns, and other authorized 
individuals engaged to assist the agency in the performance of a 
contract, service, grant, cooperative agreement, or other activity and 
require access to the records to accomplish an agency function, task or 
assignment. Individuals provided information under this routine use are 
subject to the same Privacy Act requirements and limitations on 
disclosure as are applicable to CNCS officials and employees.
    17. To the Equal Employment Opportunity Commission when requested 
in connection with investigations into alleged or possible 
discrimination practices in the Federal sector, compliance by Federal 
agencies with the Uniform Guidelines on Employee Selection Procedures 
or other functions vested in the Commission and to otherwise ensure 
compliance with the provisions of 5 U.S.C. 7201.
    18. To any official or designee charged with the responsibility to 
conduct qualitative assessments at a designated statistical agency as 
defined under 42 U.S.C 3501 Sec. 522 (e.g., U.S. Census Bureau, U.S. 
Department of Labor, Social Security Administration), and other well 
established and trusted public or private research organizations, 
academic institutions, or agencies for an evaluation, study, research, 
or other analytic or statistical purposes.
    19. To the news media and the public, with the approval of the 
Chief Privacy Officer in consultation with counsel, when there exists a 
legitimate public interest in the disclosure of the information, when 
disclosure is necessary to preserve confidence in the integrity of 
CNCS, or when disclosure is necessary to demonstrate the accountability 
of CNCS'S officers, employees, or individuals covered by the system, 
except to the extent the Chief Privacy Officer determines that release 
of the specific information in the context of a particular case would 
constitute a clearly unwarranted invasion of personal privacy.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Paper records are stored in locked rooms, file cabinets, and desks. 
Electronic records and backups are stored on secure servers and 
encrypted media to include, but are not limited to, the computers and 
network drives used by Respondents.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records in the system may be retrieved by year of the Request, 
Request tracking number, name of Requestor, or any combination of these 
items.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in the system are maintained according to General Records 
Schedule 4.2, Information Access and Protection Records, as listed in 
NARA's most recent General Records Schedule Transmittal.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Paper records are maintained in locked rooms, file cabinets, and 
desks when not in use. Electronic records are maintained in accordance 
with National Institute of Standards and Technology Special Publication 
800-53 Rev. 4, Security and Privacy Controls for Federal Information 
Systems and Organizations or the updated equivalent. Access to the 
records is limited to authorized personnel who require the information 
to complete their assigned tasks and have been trained how to properly 
handle and safeguard the records.

RECORD ACCESS PROCEDURES:
    In accordance with 45 CFR part 2508, Implementation of the Privacy 
Act of 1974, individuals wishing to access their own records as stored 
within the system of records may contact the FOIA Officer/Privacy Act 
Officer by sending (1) an email to [email protected], (2) a letter to the 
System Manager, or (3) a facsimile to 202-606-3467. Individuals may 
also go in-person to the System Location and ask to speak to the FOIA 
Officer/Privacy Act Officer within the Office of General Counsel. 
Individuals who make a request must include enough identifying 
information (i.e., full name, current address, date, and signature) to 
locate their records, indicate that they want to access their records, 
and be prepared to confirm their identity as required by 45 CFR part 
2508.

CONTESTING RECORD PROCEDURES:
    Individuals who wish to contest their own records as stored within 
the system of records may contact the FOIA Officer/Privacy Act Officer 
in writing via the contact information in the RECORD ACCESS PROCEDURES 
section. Individuals who make a request must include enough identifying 
information to locate their records, an explanation of why they think 
their records are incomplete or inaccurate, and be prepared to confirm 
their identity as required by 45 CFR part 2508.

NOTIFICATION PROCEDURES:
    Individuals who wish to contest their own records as stored within 
the system of records may contact the FOIA Officer/Privacy Act Officer 
via the contact information in the RECORD ACCESS PROCEDURES section. 
Individuals who make a request must include enough identifying 
information to locate their records, indicate that they want to be 
notified whether their records are included in the system, and be 
prepared to confirm their identity as required by 45 CFR part 2508.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    64 FR 10879, 10889, March 5, 1999; 65 FR 46890, 46900, August 1, 
2000; 67 FR 4395, 4406, January 30, 2002.

    Dated: April 24, 2019.
Ndiogou Cisse,
Senior Agency Official for Privacy and Chief Information Officer.
[FR Doc. 2019-08657 Filed 4-29-19; 8:45 am]
 BILLING CODE 6050-28-P