82 FR 20878 - Privacy Act System of Records Notice; EIB 2017-0002-Federal Personnel and Payroll System (FPPS)

EXPORT-IMPORT BANK OF THE UNITED STATES

Federal Register Volume 82, Issue 85 (May 4, 2017)

The Export-Import Bank of the United States (EXIM Bank) proposes to add a new electronic system of records to coincide with migrating its personnel and payroll administration to the Department of Interior (DOI) Interior Business Center's (IBC) Federal Personnel and Payroll Systems (FPPS) and Time and Attendance system known as Quicktime, which are subject to the Privacy Act of 1974 (5 U.S.C. 522a), as amended. This notice is required to meet the requirements of the Privacy Act, which is to publish in the Federal Register a notice of the existence and character of records maintained by the agency (5 U.S.C. 522a(e)(4)). Included in this notice is the System of Records Notice (SORN) for FPPS and Quicktime. The system will be operational in the next 60 days. EXIM Bank will rescind current personnel and payroll Systems of Records Notices (SORN) as they cease being operational.

[Federal Register Volume 82, Number 85 (Thursday, May 4, 2017)]
[Notices]
[Pages 20878-20880]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2017-08995]


=======================================================================
-----------------------------------------------------------------------

EXPORT-IMPORT BANK OF THE UNITED STATES


Privacy Act System of Records Notice; EIB 2017-0002--Federal 
Personnel and Payroll System (FPPS)

ACTION: Notice of new electronic Privacy Act system of records. EIB 
2017-0002--Federal Personnel and Payroll System (FPPS).

-----------------------------------------------------------------------

SUMMARY: The Export-Import Bank of the United States (EXIM Bank) 
proposes to add a new electronic system of records to coincide with 
migrating its personnel and payroll administration to the Department of 
Interior (DOI) Interior Business Center's (IBC) Federal Personnel and 
Payroll Systems (FPPS) and Time and Attendance system known as 
Quicktime, which are subject to the Privacy Act of 1974 (5 U.S.C. 
522a), as amended. This notice is required to meet the requirements of 
the Privacy Act, which is to publish in the Federal Register a notice 
of the existence and character of records maintained by the agency (5 
U.S.C. 522a(e)(4)). Included in this notice is the System of Records 
Notice (SORN) for FPPS and Quicktime. The system will be operational in 
the next 60 days. EXIM Bank will rescind current personnel and payroll 
Systems of Records Notices (SORN) as they cease being operational.

DATES: This action will be effective without further notice on June 4, 
2017 unless comments are received that would result in a contrary 
determination.

ADDRESSES: Comments may be submitted electronically on 
www.regulations.gov or by mail to John Lowry, Director, IT Security 
Systems and Assurance, Export-Import Bank of the United States, 811 
Vermont Ave. NW., Washington, DC 20571.

SUPPLEMENTARY INFORMATION: The FPPS is an online personnel and payroll 
system providing support to Federal agency customers through DOI's IBC. 
FPPS is customized to meet customer needs for creating and generating 
the full life cycle of personnel transactions. FPPS allows for 
immediate updates and edits of personnel and payroll data.

Bassam Doughman,
Agency Clearance Officer.
SYSTEM OF RECORDS NOTICE
    EIB 2017-0002--Federal Personnel and Payroll System (FPPS).

SYSTEM IDENTIFIER:
    EXIM/FPPS.

SYSTEM NAME:
    EIB 2017-0002--Federal Personnel and Payroll System (FPPS).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    This electronic system will be used via a web interface by 
employees of the EXIM Bank through an electronic database managed by 
the DOI IBC in Denver, Colorado. FPPS customers will use a web-enabled 
interface, WebFPPS, to access FPPS through a web browser to perform 
personnel and payroll tasks. The FPPS functionality of certain 
applications are only accessible via the IBC or EXIM Bank intranets, 
and interconnections with the FPPS are outlined in the Interconnection 
Security Agreement and/or Memorandum of Understanding between EXIM Bank 
and IBC.
    The system is located and managed at U.S. Department of the 
Interior, Interior Business Center, Human Resources and Payroll 
Services, 7301 W Mansfield Ave., MS D-2000, Denver, CO 80235.

CATEGORIES OF INDIVIDUALS COVERED BY THIS SYSTEM:
    The FPPS system data contains Personally Identifiable Information 
(PII) on current and former EXIM Bank employees, including volunteers 
and emergency employees, and limited information regarding employee 
spouses, dependents, emergency contact, or in the case of an estate, a 
trustee.

CATEGORIES OF RECORDS IN THIS SYSTEM:
    Name, Citizenship, Gender, Birth Date, Group Affiliation, Marital 
Status, Other Names Used, Truncated SSN, Legal Status, Place of Birth, 
Security Clearance, Spouse Information, Financial Information, Medical 
Information Disability Information, Education Information, Emergency 
Contact, Race/Ethnicity, Social Security Number (SSN), Personal Cell 
Telephone Number, Personal Email Address, Home Telephone Number, 
Employment Information, Military Status/Service Mailing/Home Address. 
Taxpayer Identification Number; Bank Account Information such as 
Routing and Account Numbers; Beneficiary Information; Savings Bond Co-
Owner Name(S) and Information; Family Member and Dependents 
Information; Professional Licensing and Credentials; Family 
Relationships; Age; Involuntary Debt (Garnishments or Child Support 
Payments); Court Order Information; Back Pay Information; User ID; Time 
and Attendance Data; Leave Time Information; Employee Common Identifier 
(ECI); Volunteer Emergency Contact Information; Person Number which is 
a unique number that identifies a person within FPPS; Person Number-
Emergency which is a unique number identifying an individual within 
FPPS for a Leave Share Occurrence; and Person Number-Volunteer which is 
a unique number identifying an individual within the FPPS Volunteer 
Database.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    EXIM Bank is authorized to request this information pursuant to the 
following: The Export-Import Bank Act of 1945, as amended (12 U.S.C. 
635 et seq.); 5 U.S.C. 5101, et seq., 5501 et seq., 5525 et seq., and 
6301 et seq.; 31 U.S.C. 3512; Executive Order 9397 as amended by 
Executive Order 13478, relating to Federal agency use of Social 
Security numbers. 31 U.S.C. 3512 et seq.; and 5 CFR part 293.

PURPOSE:
    EXIM Bank proposes to add a new electronic system of records to 
coincide with its migration of personnel and payroll administration to 
the FPPS. FPPS is an online personnel and payroll system providing 
support to Federal agency customers through interagency agreement with 
the IBC. FPPS is customized to meet customer needs for creating and 
generating the full life cycle of personnel transactions. FPPS allows 
for immediate updates and edits of personnel and payroll data. FPPS 
also handles regulatory requirements such as specialized pay, 
garnishments, and special appointment programs. FPPS also operates in 
batch mode for performing close of business, payroll calculation, and 
other processes. FPPS customers can use a web-enabled interface, 
WebFPPS, to access FPPS through a web browser to perform personnel and 
payroll tasks. FPPS is a major application that consists of several 
minor applications to include time and attendance applications, a 
system for creating retirement cards and updating retirement records, a 
system for converting client data for integration into FPPS. The 
purpose of this system

[[Page 20879]]

is to ensure proper payment of salary and benefits to EXIM personnel, 
and to track time worked, leave, or other absences for reporting and 
compliance purposes. Use of this system will streamline EXIM Bank's 
personnel, payroll and other human resources functions into a unified, 
secure system, thereby improving employee input into these systems 
while enhancing data integrity and security and improving operational 
efficiency.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures that are generally permitted under 
5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed to authorized 
entities determined to be relevant and necessary outside EXIM Bank as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    a. EXIM Bank employees will have access to their own data.
    b. Data will be accessed by officials and employees of EXIM in the 
performance of their official duties, including, but not limited to, 
employees of the Division of Human Capital, Office of General Counsel, 
Office of the Chief Financial Officer and the Office of Inspector 
General.
    c. EXIM Bank is sharing this data with IBC as the service provider 
for FPPS.
    d. FPPS data is shared and reported to other Federal agencies, 
including the Department of the Treasury and the Office of Personnel 
Management, as required for human resources, payroll, and tax purposes.
    e. FPPS data may be shared with other Federal agencies pursuant to 
applicable law.
    f. FPPS data may be shared with the Department of Justice in the 
event information is required for litigation or law enforcement 
purposes and to any administrative State or Federal court in a relevant 
litigation matter (subject to appropriate process).
    g. To provide information to a Congressional Office from the record 
of an individual in response to an inquiry from that Office;
    h. For investigations of potential violations of law;
    i. By National Archives and Records Administration for record 
management inspections in its role as Archivist;
    j. For data breach and mitigation response.
    k. Disclosure to consumer reporting agencies:
    Disclosures pursuant to 5 U.S.C. 552a(b)(12). Disclosures may be 
made from this system to ``consumer reporting agencies'' as defined in 
the Fair Credit Reporting Act (15 U.S.C. 1681a(f) or the Federal Claims 
Collection Act of 1966 (31 U.S.C. 3701(a)(3)).

STORAGE:
    Data will be stored electronically by IBC. Data is protected by the 
following electronic security systems: Password, Firewall, Encryption, 
User ID, Intrusion Detection System, Virtual Private Network (VPN), 
Public Key Infrastructure (PKI) Certificates, Personal Identity 
Verification (PIV) Card.

RETRIEVABILITY:
    FPPS authorized users, including EXIM authorized Human Capital 
personnel, may retrieve information on an individual using full name, 
SSN and Employee Common Identifier (ECI). Certain personnel within EXIM 
and IBC, involved in operations and maintenance of FPPS payroll 
operations, can retrieve information on an individual using:
     ECI--unique number identifying employees across Federal 
automated systems.
     SSN and full name.
     Person Number--unique number which identifies a person 
within FPPS.
     Person Number-Emergency--unique number identifying an 
individual within FPPS for a leave share occurrence.
     Person Number-Volunteer--unique number identifying an 
individual within the FPPS volunteer database.
     Taxpayer Identification Number (TIN)--unique number 
identifying a trustee for the estate of a deceased employee.
    Additionally, reports can be produced on an individual containing 
many of the data elements in FPPS. FPPS also routinely generates a 
variety of reports related to employment that are required by law, such 
as Internal Revenue Service (IRS) forms (1099-MISC and W-2); reports of 
withholdings and contributions for benefits and union dues; and reports 
on individuals who are delinquent on child-support payments. Access to 
the reports is limited to employees who process or file the reports and 
individuals who are granted access on a need-to-know basis. Copies of 
the reports may also be provided to government entities as required by 
law, such as tax forms to the IRS.

SAFEGUARDS:
    Information about individuals whose data is in FPPS cannot be 
retrieved without knowing specific information about the employee. FPPS 
supports a full suite of human resources functions, including 
calculating payroll. The data in FPPS is necessary to perform those 
functions and to comply with related Federal laws and regulations. To 
prevent misuse, (e.g., unauthorized browsing) EXIM Bank signed a 
Service Level Agreement (SLA) with the IBC to clearly establish and 
document IBC and client security roles and responsibilities. Most of 
the employee data in FPPS is collected from individuals and entered 
into FPPS by an authorized Federal human resources professional with 
access to the system.
    The FPPS system has undergone a formal Security Authorization and 
Accreditation and has been granted an authority to operate by DOI in 
accordance with FISMA and NIST standards. FPPS is rated as FISMA 
moderate based upon the type of data, and it requires strict security 
and privacy controls to protect the confidentiality, integrity, and 
availability of the sensitive PII contained in the system.

RETENTION AND DISPOSAL:
    Both EXIM Bank and IBC maintain records as needed under NARA 
approved records schedules for the retention of reports and data. 
Specifically, General Records Schedule (GRS) 1, ``Civilian Personnel 
Records'' and GRS 2 ``Payrolling and Pay Administration Records,'' 
would be applicable to the FPPS system.
    EXIM Bank is responsible for purging employee data according to the 
records schedule after an employee's access authority is terminated or 
the employee retires, changes jobs, or dies. The IBC may purge or 
delete any customer payroll or personnel records if it is agreed upon 
in the Inter-Agency Agreement with the IBC.

SYSTEM MANAGER AND ADDRESS:
    Chief Human Capital Officer, Export-Import Bank of the United 
States, 811 Vermont Ave. NW., Washington, DC 20571.

NOTIFICATION AND RECORD ACCESS PROCEDURE:
    Individuals wishing to determine whether this system of records 
contains information about them may do so by accessing EXIM Bank's Web 
page: http://www.exim.gov/about/freedom-information-act/privacy-act-requests.
    By email to [email protected] or by U.S. mail to: ``PRIVACY ACT 
REQUEST'', Freedom of Information and Privacy Office, 811 Vermont 
Avenue NW., Washington, DC 20571.
    The request must include a return address that identifies 
individual's street name/number and must (1)

[[Page 20880]]

include verification of identity attesting that the requesting 
individual is the record's subject (or his/her legal guardian) or a 
notarized consent form from the record's subject; and (2) clearly 
identifies the particular record(s). Record(s) at issue must be 
described in sufficient detail to enable EXIM Bank staff to conduct a 
search for the requested records.

CONTESTING OR AMENDING RECORD PROCEDURES:
    Individuals wishing to contest records or to make an amendment of 
records about them may do so by accessing EXIM Bank's Web page: http://www.exim.gov/about/freedom-information-act/privacy-act-requests.
    By email to [email protected] or by U.S. mail to: ``PRIVACY ACT 
REQUEST'', Freedom of Information and Privacy Office, 811 Vermont 
Avenue NW., Washington, DC 20571.
    The procedures for requesting amendment are to submit the request 
in writing; including a description of the information to be amended; 
reason for amendment; type of amendment sought and copies of available 
evidence supporting the request.

RECORD SOURCE CATEGORIES:
    Sources of information are generated through employee resources and 
obtained using one of three methods: Manual entry, direct database 
connection to supply the required information, and through consumption 
of source flat files imported using PL/SQL procedural upload to the 
FPPS database.

EXEMPTIONS CLAIMED FOR THIS SYSTEM:
    None.

Kita L. Hall,

Program Specialist, Office of the General Counsel.


[FR Doc. 2017-08995 Filed 5-3-17; 8:45 am]
 BILLING CODE 6690-01-P