Broadcasting Board of Governors (BBG).
Notice of a new system of records.
BBG proposes to add a new system of records to its inventory of records systems subject to the Privacy Act of 1974 (5 U.S.C. 522a), as amended. The primary purposes of the system are: (a) To ensure the safety and security of BBG facilities, systems, or information, and our occupants and uses; (b) To verify that all persons entering federal facilities, using federal information resources, or accessing classified information are authorized to do so; (c) To track and control PIV card issued to persons entering and exiting the facilities using systems, or accessing classified information. This action is necessary to meet the requirements of the Privacy Act to publish in the Federal Register notice of the existence and character of records maintained by the agency (5 U.S.C. 522a(e)(4)).
This action will be effective without further notice on July 18, 2011 unless comments are received that would result in a contrary determination.
Send written comments to the Broadcasting Board of Governors, Attn: Paul Kollmer, Chief Privacy Officer, 330 Independence Avenue, Room 3349, Washington, DC 20237.Start Further Info
FOR FURTHER INFORMATION CONTACT:
Michael Lawrence, 202-382-7779.End Further Info End Preamble Start Supplemental Information
The creation of this system of records is required to implement the Homeland Security Presidential Directive 12 (HSPD-12) mandate to create a common identification standard for all Federal employees and contractors.Start Signature
International Broadcasting Bureau.
Richard M. Lobo,
Broadcasting Board of Governors (BBG)
System of Records Notice (SORN) for Personal Identity Verification (PIV) System
BROADCASTING BOARD OF GOVERNORS [BBG-20]
M/SEC-Office of Security (Personal Identity Verification (PIV) System).
Broadcasting Board of Governors (BBG), 330 Independence Avenue, SW., Washington, DC 20237.Start Printed Page 32356
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who require regular, ongoing access to BBG facilities, information technology systems, or information classified in the interest of national security, including applicants for employment or contracts, federal employees, contractors, and individuals formerly in any of these positions. The system also includes individuals accused of security violations or found in violation. The system also includes individuals authorized to perform or use services provided in agency facilities (e.g., Fitness Center, Cafeteria, or etc.)
The system does not apply to occasional visitors or short-term guests to whom BBG will issue temporary identification and credentials.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records maintained on individuals issued credentials by BBG include the following data fields: Full name; Social Security number; date of birth; signature; image (photograph); fingerprints; hair color; eye color; height; weight; organization/office of assignment; company name; telephone number; copy of background investigation form; PIV card issue and expiration dates; personal identification number (PIN); results of background investigation; PIV request form; PIV security sponsor approval signature; PIV card serial number; copies of documents used to verify identification or information derived from those documents such as document title, document issuing authority, document number, document expiration date, document other information); computer system user name; user access and permission rights, authentication certificates; and digital signature information.
Records maintained on card holders entering BBG facilities or using BBG systems include: Name, PIV Card serial number; date, time, and location of entry and exit; company name; contain in the record but not on the PIV card and expiration date; digital signature information; computer networks/applications/data accessed.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301; Federal Information Security Act (Pub. L. 104-106, sec. 5113); Electronic Government Act (Pub. L. 104-347, sec. 203); the Paperwork Reduction Act of 1995 (44 U.S.C. 3501); and the Government Paperwork Elimination Act (Pub. L. 105-277, 44 U.S.C. 3504); Homeland Security Presidential Directive (HSPD) 12, Policy for a Common Identification Standard for Federal Employees and Contractors, August 27, 2004; Federal Property and Administrative Act of 1949, as amended.
The primary purposes of the system are: (a) To ensure the safety and security of BBG facilities, systems, or information, and our occupants and users; (b) To verify that all persons entering federal facilities, using federal information resources, or accessing classified information are authorized to do so; (c) To track and control PIV cards issued to persons entering and exiting the facilities, using systems, or accessing classified information.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
Information about covered individuals may be disclosed without consent as permitted by the Privacy Act of 1974, 5 U.S.C. 552a(b) the Statement of General Routine Uses Applicable to All BBG System of Records Files, and:
- To a court or adjudicative body in a proceeding when: (a) The agency or any component thereof; (b) any employee of the agency in his or her official capacity; (c) any employee of the agency in his or her individual capacity where agency or the Department of Justice has agreed to represent the employee; or (d) the United States Government, is a party to litigation or has an interest in such litigation, and by careful review, the agency determines that the records are both relevant and necessary to the litigation and the use of such records is therefore deemed by the agency to be for a purpose that is compatible with the purpose for which the agency collected the records.
- Except as noted on Forms SF 85, 85-P, and 86, when a record on its face, or in conjunction with other records, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or order issued pursuant thereto, disclosure may be made to the appropriate public authority, whether Federal, foreign, State, local, or tribal, or otherwise, responsible for enforcing, investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto, if the information disclosed is relevant to any enforcement, regulatory, investigative or prosecutorial responsibility of the receiving entity.
- To a Federal State, or local agency, or other appropriate entities or individuals, or through established liaison channels to selected foreign governments, in order to enable an intelligence agency to carry out its responsibilities under the National Security Act of 1947 as amended, the CIA Act of 1949 as amended, Executive Order 12333 or any successor order, applicable national security directives, or classified implementing procedures approved by the Attorney General and promulgated pursuant to such statutes, orders or directives.
- To notify another federal agency when, or verify whether, a PIV card is no longer valid.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
Privacy Act information may be reported to consumer reporting agencies pursuant to 5 U.S.C. 552a(b)(12).
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:
Records are stored in electronic media or in paper files in a secured Federal facility and a lockable storage area.
Records are retrievable by name, Social Security number, other ID number, PIV card serial number, image (photograph), and fingerprint.
Paper records are kept in a controlled area, which uses electronic high security lock that is armed with motion detector. The motion detector is connected to a guard station that is manned on a constant basis. The controlled area is equipped with locked cabinets within a Security File Room. Access to paper records is restricted to individuals whose role requires use of the records. The computer servers in which records are stored are located in facilities that are secured by alarm systems and off-master key access. The computer servers themselves are password-protected. Access by individuals working at guard stations is password-protected; each person granted access to the system at guard stations must be individually authorized to use the system. A Privacy Act Warning Notice appears on the monitor screen when records containing information on individuals are first displayed. Data exchanged between the servers and the client PCs at the guard stations and badging office is encrypted. Backup tapes are stored in a locked and controlled room in a secure, off-site location.Start Printed Page 32357
An audit trail is maintained and reviewed periodically to identify unauthorized access. Persons given roles in the PIV process must complete training specific to their roles to ensure they are knowledgeable about how to protect personally identifiable information.
RETENTION AND DISPOSAL:
Pursuant to GRS 18, Item 22a records used to initiate background investigations; register and enroll individuals; manage the PIV card lifecycle; and, verify, authenticate and revoke PIV cardholder access to Federal resources are destroyed upon notification of death or not later than 5 years after separation or transfer of employee or no later than 5 years after contract relationship expires, whichever is applicable.
Pursuant to GRS 11, Item PIV cards are destroyed three months after they are returned to the issuing office. Pursuant to GRS 11, Item 4a identification credentials are destroyed by cross-cut shredding no later than 90 days after deactivation.
Pursuant to GRS 18, Item 17 registers or logs used to record names of outside contractors, service personnel, visitors, employees admitted to areas, and reports on automobiles and passengers for areas under maximum security are destroyed five years after final entry or five years after date of document, as appropriate.
Other documents pursuant to GRS 18, Item 17b are destroyed two years after final entry or two years after date of document, as appropriate.
SYSTEM MANAGER(S) AND ADDRESS:
Michael Lawrence, Director of Security (DAA/SAO), International Broadcasting Bureau, 330 C Street, SW., Room 4117, Washington, DC 20237, (202) 382-7779, firstname.lastname@example.org.
Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the BBG FOIA Office, whose contact information can be found at http://www.bbg.gov/reports/foia/. If an individual believes more than one component maintains Privacy Act records concerning him or her, the individual may submit the request to the Chief FOIA Officer, Broadcasting Board of Governors, 330 Independence Avenue, SW., Room 3349, Washington, DC 20237.
When seeking records about yourself from this system of records or any other Agency system of records your request must conform with the Privacy Act regulations set forth in 6 CFR part 5. You must first verify your identity, meaning that you must provide your full name, current address and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty or perjury as a substitute for notarization. While no specific form is required, you may obtain forms for this purpose from the BBG FOIA Office at the address above or by calling 202-203-4550.
In addition to the requirements above, in your request you should:
—Provide an explanation of why you believe the Agency would have information about you;
—Identify which component(s) of the Agency you believe may have the information about you;
—Specify when you believe the records would have been created;
—Provide any other information that will help the FOIA staff determine which BBG component agency may have responsive records;
—If your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his/her agreement for you to access his/her records.
Without this bulleted information the component(s) will not be able to conduct an effective search, and your request may be denied due to lack of specificity or lack of compliance with applicable regulations.
RECORDS ACCESS PROCEDURES:
See “Notification Procedures” above.
CONTESTING RECORD PROCEDURES:
See “Notification Procedures” above.
RECORD SOURCE CATEGORIES:
Employee, contractor, or applicant; sponsoring agency; former sponsoring agency; other federal agencies; contract employer; former employer.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.End Supplemental Information
[FR Doc. 2011-13364 Filed 6-3-11; 8:45 am]
BILLING CODE 8610-01-P