U.S. Geological Survey, Department of the Interior.
Notice of creation of a new system of records.
Pursuant to the provisions of the Privacy Act of 1974, as amended (5 U.S.C. 552a), the Department of the Interior (DOI) is issuing a public notice of its intent to create the U.S. Geological Survey “Earthquake Hazards Program Earthquake Information” system of records. The system includes individuals’ e-mail addresses, and in some cases their name and address, for Program staff to reply to inquiries from those individuals for dissemination of requested earthquake-related information in real time, and for creating Web-accessible maps of earthquake-shaking by Zip code in real time.
Comments must be received by August 24, 2009.
Any person interested in commenting on this new notice may do so by: Submitting comments in writing to USGS Privacy Act Officer, 12201 Sunrise Valley Drive, MS807, Reston, Virginia 20192; hand-delivering comments to 12201 Sunrise Valley Drive, Reston, Virginia 20192; or e-mailing comments to firstname.lastname@example.org. Before including your address, phone number, e-mail address, or other personal identifying information in your comment, you should be aware that your entire comment—including your personal identifying information—may be made publicly available at any time. While you can ask us in your comment to withhold your personal identifying information from public review, we cannot guarantee that we will be able to do so.Start Further Info
FOR FURTHER INFORMATION CONTACT:
U.S. Geological Survey Privacy Act Officer, Deborah Kimball, 12201 Sunrise Valley Drive, Reston, Virginia 20192 by e-mail to email@example.com, or by phone at (703) 648-7158.End Further Info End Preamble Start Supplemental Information
U.S. Geological Survey maintains the Earthquake Hazards Program Earthquake Information system of records. The purpose of this system is to make earthquake information available to members of the public who request to participate in exchanges of earthquake information by e-mail notification, Web site publications, and real-time data pushes/pulls to clients. The new system will be effective as proposed at the end of the comment period (the comment period will end 40 days after the publication of this notice in the Federal Register), unless comments are received which would require a contrary determination. DOI will publish a revised notice if changes are made based upon a review of the comments received.Start Signature
USGS Privacy Act Officer.
“Earthquake Hazards Program Earthquake Information”, USGS-2.
USGS Geologic Hazards Team, 1711 Illinois St, Golden, CO 80401.
Denver Federal Center, Building 53, Lakewood, CO 80225.
USGS Earthquake Hazards Team, 345 Middlefield Rd., Menlo Park, CA 94025.
USGS Pasadena Field Office, 525 S. Wilson Ave., Pasadena, CA 91106.
EROS Data Center, 47914 252nd St., Sioux Falls, SD 57198.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
(1) Individuals who have requested information from the Earthquake Hazards Program (EHP) or have reported a Web site problem to the EHP Web Team. (2) Individuals who have signed up to receive e-mail announcements from various projects within the EHP. (3) Individuals who have subscribed to the Earthquake Notification Service. (4) Individuals who have entered data in the citizen science system(s).
CATEGORIES OF RECORDS IN THE SYSTEM:
The information retained in the system contains the following information from the individuals covered by the system: e-mail address, in some cases login id, login password, username, and non-mandatory data that may include the name, affiliation, phone number, and postal address.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
This system of records is maintained under the authority of NEHRP (National Earthquake Hazards Reduction Program), established by Congress in 1977 (Pub. L. 95-124) and the Advanced National Seismic System (Pub. L. 106-503 and Pub. L. 108-360).
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
The primary purposes of the records is: To make earthquake information available to members of the public who request to participate in exchanges of earthquake information by e-mail notification, Web site publications, and real-time data pushes/pulls to clients.
DISCLOSURES OUTSIDE DOI MAY BE MADE WITHOUT THE CONSENT OF THE INDIVIDUAL TO WHOM THE RECORD PERTAINS UNDER THE ROUTINE USES LISTED BELOW:
(1)(a) To any of the following entities or individuals, when the circumstances set forth in paragraph (b) are met:
(i) The U.S. Department of Justice (DOJ);
(ii) A court or an adjudicative or other administrative body;
(iii) A part in litigation before a court or an adjudicative or other administrative body; or
(iv) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee;
(i) One of the following is a party to the proceeding or has an interest in the proceeding:
(A) DOI or any component of DOI;
(B) Any other Federal agency appearing before the Office of Hearings and Appeals;
(C) Any DOI employee acting in his or her official capacity;
(D) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee;
(E) The United States, when DOJ determines that DOI is likely to be affected by the proceeding; and
(ii) DOI deems the disclosure to be:
(A) Relevant and necessary to the proceeding; and
(B) Compatible with the purpose for which the records were compiled.
(2) To a congressional office in response to a written inquiry that an individual covered by the system, or the heir of such individual if the covered individual is deceased, has made to the office.
(3) To any criminal, civil, or regulatory law enforcement authority (whether Federal, State, territorial, local, Tribal or foreign) when a record, either alone or in conjunction with other information, indicates a violation or Start Printed Page 34034potential violation of law—criminal, civil, or regulatory in nature, and the disclosure is compatible with the purpose for which the records were compiled.
(4) To an official of another Federal agency to provide information needed in the performance of official duties related to reconciling or reconstructing data files or to enable that agency to respond to an inquiry by the individual to whom the record pertains.
(5) To Federal, State, territorial, local, Tribal, or foreign agencies that have requested information relevant or necessary to the hiring, firing or retention of an employee or contractor, or the issuance of a security clearance, license, contract, grant or other benefit, when the disclosure is compatible with the purpose for which the records were compiled.
(6) To representatives of the National Archives and Records Administration to conduct records management inspections under the authority of 44 U.S.C. 2904 and 2906.
(7) To State and local governments and Tribal organizations to provide information needed in response to court order and/or discovery purposes related to litigation, when the disclosure is compatible with the purpose for which the records were compiled.
(8) To an expert, consultant, or contractor (including employees of the contractor) of DOI that performs services requiring access to these records on DOI's behalf to carry out the purposes of the system.
(9) To appropriate agencies, entities, and persons when:
(a) It is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; and
(b) The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interest, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the compromised information; and
(c) The disclosure is made to such agencies, entities and persons who are reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
(10) To the Office of Management and Budget during the coordination and clearance process in connection with legislative affairs as mandated by OMB Circular A-19.
(11) To the Department of the Treasury to recover debts owed to the United States.
(12) To the news media when the disclosure is compatible with the purpose for which the records were compiled.
(13) To a consumer reporting agency if the disclosure requirements of the Debt Collection Act, as outlined at 31 U.S.C. 3711(e)(1), have been met.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:
All records are maintained in a relational MySQL database stored on hard disk on each of the Web servers in Golden, CO; Denver, CO; Menlo Park, CA; Pasadena, CA; Sioux Falls, SD, and backed up on magnetic tape. Electronic requests sent to the “Web Team” e-mail contact designated in the footer of every Web page on the Earthquake Hazards Program Web site, which contains the return e-mail address of the inquirer, are deleted as soon as a response to the inquiry is sent to the inquirer.
All data in the database can be accessed by the database administrators by any mandatory field, which includes e-mail address or account name.
(1) Physical Security: The systems are physically housed in Government offices consisting of locked rooms with floor to ceiling walls. Access is granted through a proximity card system. Backup tapes are stored at the Denver Federal Center in Building 25 in Room 1860, with access granted through a proximity card system, and in Menlo Park Building 11 and 3, with access granted through a proximity card system.
(2) Technical Security: Electronic records are maintained in conformity with Office of Management and Budget, National Institute of Standards Technology and Departmental requirements reflecting the implementation of the Federal Information Security Management Act. Electronic data is protected through user identification, passwords, database permissions, a Privacy Act Warning, and software controls. These security measures establish different degrees of access for different types of users. The security controls protecting these databases are implemented in a hierarchical manner. The top layer is the Department of the Interior's Enterprise Services Network (ESN) security infrastructure which includes firewalls maintained in accordance with Department of Interior standards, Active-Scout Intrusion Detection, and a Juniper Intrusion Detection and Prevention (IDP) system. Additional security methods are implemented at each site: Firewalls, SSH, TCPwrappers, and Microsoft Active Directory. In addition to the layers of security described above, database access is controlled by restricted access to http://usgs.gov domains and by IP address, system user authentication, database access (table and row level) via grants, and specific database-table access by user account restrictions. Privacy information sent via the Internet is encrypted by SSL. The Security Plan addresses the Department's Privacy Act safeguard requirements for Privacy Act systems at 43 CFR 2.51. A Privacy Impact Assessment was completed to ensure that Privacy Act requirements and safeguards are sufficient and in place. Its provisions will be updated as needed to ensure that Privacy Act requirements continue to be met.
(3) Administrative Security: Access is strictly limited to authorized personnel whose official duties require such access. All Departmental and contractor employees with access to the records are required to complete Privacy Act, Federal Records Act, and Information Technology Security Awareness training prior to being given access to the system, and on an annual basis, thereafter. All users sign security forms stating they will neither misuse government computers nor the information contained therein. In addition, managers and supervisors of users monitor the use of the database and ensure that the information is used in accordance with certified and accredited business practices.
RETENTION AND DISPOSAL:
The records in the system are retained and disposed of in accordance with National Archives and Records Administration procedures and General Records Schedule 308-01 and 310-01.
SYSTEM MANAGER AND ADDRESS:
ANSS Manager, USGS-GD-GHT, DFC P.O. Box 25046 MS-966, Denver, CO 80225.
An individual requesting notification of the existence of records on himself or herself should send a signed, written inquiry to the Systems Manager identified above. The request envelope and letter should both be clearly marked “PRIVACY ACT INQUIRY.” A request for notification must meet the requirements of 43 CFR 2.60. Start Printed Page 34035
RECORDS ACCESS PROCEDURES:
An individual requesting records on himself or herself should send a signed, written inquiry to the System Manager identified above. The request should describe the records sought as specifically as possible. The request envelopes and letter should both be clearly marked “PRIVACY ACT REQUEST FOR ACCESS.” A request for access must meet the requirements of 43 CFR 2.63.
CONTESTING RECORD PROCEDURES:
An individual requesting corrections or the removal of material from his or her records should send a signed, written request to the System Manager identified above. A request for corrections or removal must meet the requirements of 43 CFR 2.71.
RECORD SOURCE CATEGORIES:
Information in this system is obtained from the individuals who access the Earthquake Hazards Program Web site and fill out one of the forms either to provide information or to request information.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.End Supplemental Information
[FR Doc. E9-16595 Filed 7-13-09; 8:45 am]
BILLING CODE 4311-AM-P