80 FR 66551 - Privacy Act of 1974, as Amended; Notice To Amend an Existing System of Records

DEPARTMENT OF THE INTERIOR
Office of the Secretary

Federal Register Volume 80, Issue 209 (October 29, 2015)

Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of the Interior is issuing a public notice of its intent to amend the system of records titled ``Oracle Federal Financials (OFF), DOI-91.'' The system provides the Interior Business Center customer agencies with a web-based financial accounting application for financial management purposes such as for budgeting, purchasing, procurement, reimbursement, and reporting and collection functions. This amendment will update the system name, system location, categories of records, authority, routine uses, system manager and address, safeguards, retention and disposal, notification procedures, record access procedures, contesting record procedures, and provide additional information about the system.

[Federal Register Volume 80, Number 209 (Thursday, October 29, 2015)]
[Notices]
[Pages 66551-66554]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2015-27595]


-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

Office of the Secretary

[XXXD4523WD DWDFSE000.RV0000 DS68664000]


Privacy Act of 1974, as Amended; Notice To Amend an Existing 
System of Records

AGENCY: Office of the Secretary, Interior.

ACTION: Notice of an amendment to an existing system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Department of the Interior is issuing a public notice of 
its intent to amend the system of records titled ``Oracle Federal 
Financials (OFF), DOI-91.'' The system provides the Interior Business 
Center customer agencies with a web-based financial accounting 
application for financial management purposes such as for budgeting, 
purchasing, procurement, reimbursement, and reporting and collection 
functions. This amendment will update the system name, system location, 
categories of records, authority, routine uses, system manager and 
address, safeguards, retention and disposal, notification procedures, 
record access procedures, contesting record procedures, and provide 
additional information about the system.

DATES: Comments must be received by November 30, 2015. The amendments 
to the system will be effective November 30, 2015.

ADDRESSES: Any person interested in commenting on this amendment may do 
so by submitting written comments to Teri Barnett, Departmental Privacy 
Officer, U.S. Department of the Interior, 1849 C Street NW., Mail Stop 
5547 MIB, Washington, DC 20240; hand-delivering comments to Teri 
Barnett, Departmental Privacy Officer, U.S. Department of the Interior, 
1849 C Street NW., Mail Stop 5547 MIB, Washington, DC 20240; or 
emailing comments to [email protected].

FOR FURTHER INFORMATION CONTACT: Chief, Application Management Section, 
Finance and Procurement Systems Division, Interior Business Center, 
U.S. Department of the Interior, 7401 West Mansfield Avenue, Mail Stop 
D-2782, Denver, CO 80235-2230; or by telephone at (303) 969-5023.

SUPPLEMENTARY INFORMATION:

I. Background

    The Department of the Interior (DOI) Interior Business Center (IBC) 
maintains the ``Oracle Federal Financials (OFF), DOI-91'' system of 
records. The IBC is a service provider that performs services for other 
Federal government agencies, both inside and outside the DOI. The IBC's 
service offerings include providing and maintaining various types of 
business management systems for its clients, including human resources 
and financial management applications. The Oracle Federal Financial 
(OFF) system includes the OFF and OFF-VE applications, which are 
components of the Oracle eBusiness Suite. The OFF system provides IBC 
clients with a web-based application that contains customizable 
financial management modules that combine to provide a comprehensive 
financial software package to support budgeting, purchasing, Federal 
procurement, accounts payable, fixed assets, general ledger, inventory, 
accounts receivable, reimbursement, reporting, and collection 
functions.
    The IBC hosts the OFF system and is responsible for system 
administration functions. Each client agency retains control over its 
data in the system and has one or more designated managers who are 
responsible for maintaining client agency data in the OFF system. While 
DOI records generated and maintained in OFF are covered under this 
system of records notice, each client agency that maintains records 
within the system has published system notices that cover these 
financial management activities. Therefore, individuals seeking access 
to or amendment of their records under the control of a client agency 
should follow the access procedures outlined in the applicable client 
agency system of records notice or send a written inquiry to that 
agency Chief Privacy Officer.
    Additionally, the records maintained within the OFF system may also 
be covered by existing government-wide system of records notices, 
including GSA/GOVT-3, Travel Charge Card Program; GSA/GOVT-4, 
Contracted Travel Services Program; and GSA/GOVT-6, GSA SmartPay 
Purchase Charge Card Program, and may be subject to handling and 
disclosure requirements under published routine uses pursuant to the 
government-wide notices as applicable. Client agencies are responsible 
for ensuring the handling, use, and sharing of their records in OFF is 
in compliance with the Privacy Act of 1974, including the provisions 
regarding notice, access, collection, use, retention, and disclosure of 
records from this system. The Oracle Federal Financials (OFF), DOI-91 
system of records notice was last published in the Federal Register on 
September 10, 2013, 78 FR 55284.
    The amendments to the system will be effective as proposed at the 
end of

[[Page 66552]]

the comment period (the comment period will end 30 days after 
publication of this notice in the Federal Register), unless comments 
are received which would require a contrary determination. DOI will 
publish a revised notice if changes are made based upon a review of the 
comments received.

II. Privacy Act

    The Privacy Act of 1974, as amended, embodies fair information 
practice principles in a statutory framework governing the means by 
which Federal agencies collect, maintain, use, and disseminate 
individuals' personal information. The Privacy Act applies to 
information that is maintained in a ``system of records.'' A ``system 
of records'' is a group of any records under the control of an agency 
for which information about an individual is retrieved by the name or 
by some identifying number, symbol, or other identifying particular 
assigned to the individual. The Privacy Act defines an individual as a 
United States citizen or lawful permanent resident. As a matter of 
policy, DOI extends Privacy Act protections to all individuals. 
Individuals may request access to their own records that are maintained 
in a system of records in the possession or under the control of DOI by 
complying with DOI Privacy Act Regulations located at 43 CFR part 2, 
subpart K.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the type and character of each system 
of records that the agency maintains and the routine uses of the 
information in each system in order to make agency record keeping 
practices transparent, notify individuals regarding the uses of their 
records, and assist individuals to more easily find these records 
within the agency. Below is the description of the ``Oracle Federal 
Financials (OFF), DOI-91'' system of records.
    In accordance with 5 U.S.C. 552a(r), DOI has provided a report 
concerning this system of records to the Office of Management and 
Budget and to Congress.

III. Public Disclosure

    Before including your address, phone number, email address, or 
other personal identifying information in your comment, you should be 
aware that your entire comment, including your personal identifying 
information, may be made publicly available at any time. While you can 
ask us in your comment to withhold your personal identifying 
information from public review, we cannot guarantee that we will be 
able to do so.

     Dated: October 23, 2015.
Teri Barnett,
Departmental Privacy Officer.
SYSTEM NAME:
    Oracle Federal Financials (OFF), DOI-91.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    The system is located and managed at (1) U.S. Department of the 
Interior, Interior Business Center, Finance and Procurement Systems 
Division, 12201 Sunrise Valley Drive, MS-206, Reston, VA 20192; and (2) 
U.S. Department of the Interior, Interior Business Center, Finance and 
Procurement Systems Division, 7401 West Mansfield Avenue, MS D-2782, 
Denver, CO 80235-2230.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by the system include employees of various 
Federal agencies that are Interior Business Center (IBC) clients using 
OFF, as well as employees or agents for third party vendors, 
contractors and suppliers who provide OFF clients with related 
financial services. This system also contains information about 
individuals, either employees or non-employees, who owe debts to the 
Federal agencies that use the system. Records relating to corporations 
and other business entities contained in this system are not subject to 
the Privacy Act, only records relating to individuals containing 
personal information are subject to the Privacy Act.

CATEGORIES OF RECORDS IN THE SYSTEM:
    (1) Accounts receivable for OFF clients, including individuals who 
may be employees or non-employees and employees who owe money to OFF 
clients and are the subject of collections actions. Information in the 
system may include first and last names, home addresses, phone numbers, 
email addresses, employee identification numbers, and Social Security 
numbers.
    (2) Accounts payable information about non-employee individuals and 
sole proprietors, including individuals who provide services to OFF 
clients. Information may include names, home or business addresses, 
phone or fax numbers, email addresses, Tax identification numbers, 
Social Security numbers, banking account numbers for electronic fund 
transfer payments, invoices and claims for reimbursement.
    (3) Employees of OFF clients who submit claims for reimbursable 
expenses. Information may include names, employee identification 
numbers, Social Security numbers, work addresses, phone numbers, email 
addresses, receipts and claims for reimbursement.
    (4) Employees of OFF clients who hold government bank or debit 
cards for purchases or travel. Information may include names, employee 
identification numbers, Social Security Numbers, home or work 
addresses, phone numbers, email addresses, card numbers and purchase 
histories.
    The system contains additional business and financial records for 
OFF clients that do not include personal information. Records in this 
system are subject to the Privacy Act only if they are about an 
individual within the meaning of the Privacy Act, and not if they are 
about a business, organization, or other non-individual.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    31 U.S.C. 3512, Executive Agency Accounting and Other Financial 
Management Reports and Plans; 5 U.S.C. 4111, Acceptance of 
Contributions, Awards, and Other Payments; 5 U.S.C. 5514, Installment 
deduction for indebtedness to the United States; 5 U.S.C. 5701, et seq. 
Travel and Subsistence Expenses, Mileage Allowances; 31 U.S.C. 3512, 
Executive agency accounting and other financial management reports and 
plans; 31 U.S.C. 3711, Collection and Compromise; and the Office of 
Management and Budget Circular A-127, Policies and Standards for 
Financial Management Systems.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    The primary purpose of the system is to support financial 
management for Federal agencies by providing a standardized, automated 
capability for performing administrative control of funds, general 
accounting, billing and collecting, payments, management reporting, and 
regulatory reporting.
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, disclosures outside DOI may be made as a 
routine use under 5 U.S.C. 552a(b)(3) as follows:
    (1) (a) To any of the following entities or individuals, when the 
circumstances set forth in paragraph (b) are met:
    (i) The U.S. Department of Justice (DOJ);
    (ii) A court or an adjudicative or other administrative body;

[[Page 66553]]

    (iii) A party in litigation before a court or an adjudicative or 
other administrative body; or
    (iv) Any DOI employee acting in his or her individual capacity if 
DOI or DOJ has agreed to represent that employee or pay for private 
representation of the employee;
    (b) When:
    (i) One of the following is a party to the proceeding or has an 
interest in the proceeding:
    (A) DOI or any component of DOI;
    (B) Any other Federal agency appearing before the Office of 
Hearings and Appeals;
    (C) Any DOI employee acting in his or her official capacity;
    (D) Any DOI employee acting in his or her individual capacity if 
DOI or DOJ has agreed to represent that employee or pay for private 
representation of the employee;
    (E) The United States, when DOJ determines that DOI is likely to be 
affected by the proceeding; and
    (ii) DOI deems the disclosure to be:
    (A) Relevant and necessary to the proceeding; and
    (B) Compatible with the purpose for which the records were 
compiled.
    (2) To a congressional office in response to a written inquiry that 
an individual covered by the system, or the heir of the individual if 
the covered individual is deceased, has made a written request to the 
office.
    (3) To the Executive Office of the President in response to an 
inquiry from that office made at the request of the subject of a record 
or a third party on that person's behalf, or for a purpose compatible 
for which the records are collected or maintained.
    (4) To any criminal, civil, or regulatory law enforcement authority 
(whether Federal, state, territorial, local, tribal or foreign) when a 
record, either alone or in conjunction with other information, 
indicates a violation or potential violation of law--criminal, civil, 
or regulatory in nature, and the disclosure is compatible with the 
purpose for which the records were compiled.
    (5) To an official of another Federal agency to provide information 
needed in the performance of official duties related to reconciling or 
reconstructing data files or to enable that agency to respond to an 
inquiry by the individual to whom the record pertains.
    (6) To Federal, state, territorial, local, tribal, or foreign 
agencies that have requested information relevant to hiring, firing or 
retention of an employee or contractor, or the issuance of a security 
clearance, license, contract, grant or other benefit, when the 
disclosure is compatible with the purpose for which the records were 
compiled.
    (7) To representatives of the National Archives and Records 
Administration to conduct records management inspections under the 
authority of 44 U.S.C. 2904 and 2906.
    (8) To state and local governments and tribal organizations to 
provide information needed in response to court order and/or discovery 
purposes related to litigation, when the disclosure is compatible with 
the purpose for which the records were compiled.
    (9) To an expert, consultant, or contractor (including employees of 
the contractor) of DOI that performs services requiring access to these 
records on DOI's behalf to carry out the purposes of the system.
    (10) To appropriate agencies, entities, and persons when:
    (a) It is suspected or confirmed that the security or 
confidentiality of information in the system of records has been 
compromised; and
    (b) The Department has determined that as a result of the suspected 
or confirmed compromise there is a risk of harm to economic or property 
interest, identity theft or fraud, or harm to the security or integrity 
of this system or other systems or programs (whether maintained by the 
Department or another agency or entity) that rely upon the compromised 
information; and
    (c) The disclosure is made to such agencies, entities and persons 
who are reasonably necessary to assist in connection with the 
Department's efforts to respond to the suspected or confirmed 
compromise and prevent, minimize, or remedy such harm.
    (11) To the Office of Management and Budget during the coordination 
and clearance process in connection with legislative affairs as 
mandated by OMB Circular A-19.
    (12) To the Department of the Treasury to recover debts owed to the 
United States.
    (13) To a commercial credit card contractor(s) for the accounting 
and payment of employee obligation for travel, purchasing and fleet 
management credit card usage.
    (14) To OFF clients, for the purpose of processing, using and 
maintaining their agency's data in the OFF system.
    (15) To the Department of Justice or other federal agency for 
further collection action on any delinquent debt when circumstances 
warrant.
    (16) To the General Accounting Office, Department of Justice, or a 
United States Attorney, for actions regarding debt and attempts to 
collect monies owed.
    (17) To the news media and the public, with the approval of the 
Public Affairs Officer in consultation with counsel and the Senior 
Agency Official for Privacy, where there exists a legitimate public 
interest in the disclosure of the information, except to the extent it 
is determined that release of the specific information in the context 
of a particular case would constitute an unwarranted invasion of 
personal privacy.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    Pursuant to 5 U.S.C. 552a(b)(12), disclosures may be made to a 
consumer reporting agency as defined in the Fair Credit Reporting Act 
(15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1996 (31 
U.S.C. 3701(a)(3)).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Electronic records are maintained on servers located at IBC's data 
centers in Denver, CO and Reston, VA. Records are accessed only by 
authorized personnel who have a need to access the records in the 
performance of their official duties. Paper records are contained in 
file folders stored in file cabinets in accordance with 383 
Departmental Manual 8.

RETRIEVABILITY:
    The personal identifiers that can be used to retrieve information 
on individuals are name, Social Security number, employee 
identification numbers, bank account number, government travel/small 
purchase bank card number, employee number and supplier number.

SAFEGUARDS:
    The records contained in this system are safeguarded in accordance 
with 43 CFR 2.226 and all other applicable security rules and policies. 
Manual or paper records are maintained in locked file cabinets located 
in secure facilities under the control of authorized personnel. 
Security controls to prevent unauthorized access include network access 
security limits, physical and logical access controls for the data 
center hosting the system, operating system controls, application 
passwords, and application data group security levels. Access to 
servers containing system records is limited to authorized personnel 
with a need to know the information to perform their official duties 
and requires a valid username and password.

[[Page 66554]]

    Unique user identification and authentication, such as passwords, 
least privileges and audit logs are utilized to ensure appropriate 
permissions and access levels. Access to the system is also limited by 
network access or security controls such as firewalls, and system data 
is encrypted. Facilities that host the system are guarded and monitored 
by security personnel, cameras, ID checks, and other physical security 
measures. Server rooms are locked and accessible only by authorized 
personnel. DOI personnel authorized to access the system must complete 
mandatory Security, Privacy, and Records Management training and sign 
the DOI Rules of Behavior. A privacy impact assessment was conducted to 
ensure appropriate controls and safeguards are in place to protect the 
information within the system.

RETENTION AND DISPOSAL:
    Each Federal agency client maintains records in the system in 
accordance with records retention schedules approved by the National 
Archives and Records Administration (NARA), and agency clients are 
responsible for the retention and disposal of their own records. 
Financial management records are retained in accordance with General 
Records Schedule (GRS) 1.1, and records are destroyed six years after 
final payment or cancellation. While the IBC provides system 
administration and management support to agency clients, any records 
disposal is in accordance with client agency approved data disposal 
procedures.
    DOI records are maintained under Departmental Records Schedules and 
GRS that cover administrative and financial management records, and 
retention periods may vary according to the subject matter and needs of 
the agency. Approved disposition methods include shredding or pulping 
for paper records, and degaussing or erasing electronic records in 
accordance with NARA Guidelines and 384 Departmental Manual 1.

SYSTEM MANAGER AND ADDRESS:
    Chief, Application Management Section, Finance & Procurement 
Systems Division, U.S. Department of the Interior, Interior Business 
Center, 7401 West Mansfield Avenue, MS D-2782, Denver, CO 80235-2230.

NOTIFICATION PROCEDURES:
    An individual requesting notification of the existence of DOI 
records on himself or herself should send a signed, written inquiry to 
the System Manager identified above. The request envelope and letter 
should be clearly marked ``PRIVACY ACT INQUIRY.'' A request for 
notification must meet the requirements of 43 CFR 2.235.
    Individuals seeking notification of records under the control of a 
client agency serviced by IBC under a cross-servicing agreement for 
financial management services should follow the notification procedures 
outlined in the applicable client agency system of records notice or 
send a written inquiry to that agency Chief Privacy Officer.

RECORDS ACCESS PROCEDURES:
    An individual requesting access to DOI records on himself or 
herself should send a signed, written inquiry to the System Manager 
identified above. The request envelope and letter should be clearly 
marked ``PRIVACY ACT REQUEST FOR ACCESS''. The request letter should 
describe the records sought as specifically as possible. A request for 
access must meet the requirements of 43 CFR 2.238.
    Individuals seeking access to their records under the control of a 
client agency serviced by IBC under a cross-servicing agreement for 
financial management services should follow the access procedures 
outlined in the applicable client agency system of records notice or 
send a written inquiry to that agency Chief Privacy Officer.

CONTESTING RECORDS PROCEDURES:
    An individual requesting corrections or contesting information 
contained in DOI records must send a signed, written request to the 
System Manager identified above. A request for corrections or removal 
must meet the requirements of 43 CFR 2.246.
    Individuals seeking to contest their records under the control of a 
client agency serviced by IBC under a cross-servicing agreement for 
financial management services should follow the procedures outlined in 
the applicable client agency system of records notice or send a written 
inquiry to that agency Chief Privacy Officer.

RECORD SOURCE CATEGORIES:
    Information in the system is obtained from IBC's Federal agency 
clients, as well as third party vendors, contractors and suppliers who 
provide related financial services to the clients using the system.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.

[FR Doc. 2015-27595 Filed 10-28-15; 8:45 am]
 BILLING CODE 4334-63-P