Skip to Content

Notice

Privacy Act of 1974, as Amended; Notice of a New System of Records

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Office of the Secretary, Department of the Interior.

ACTION:

Notice of creation of a new system of records.

SUMMARY:

Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of the Interior is issuing a public notice regarding the Department of the Interior system of records titled “Oracle Federal Financials.” The Oracle Federal Financials application is a financial software package that clients may use to perform budgeting, purchasing, and procurement functions. The related system of records contains information relating to corporations and other business entities as well as individuals. Records in this system are subject to the Privacy Act only if they are about an individual within the meaning of the Act, and not if they are about a business or other non-individual.

DATE:

Comments must be received by October 21, 2013. This new system will be effective October 21, 2013.

ADDRESSES:

Submit comments either by mail or by hand-delivery to the OS/IBC Privacy Act Officer, U.S. Department of the Interior, 1849 C Street NW., Mail Stop 2650 MIB, Washington, DC 20240; or by email to privacy@IBC.gov.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Chief, Application Management Branch, Finance & Procurement Systems Division, U.S. Department of the Interior, Interior Business Center, 625 Herndon Parkway, Herndon, VA 20170, or by telephone at (703) 735-4131.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

I. Background

The Department of the Interior's (DOI) Interior Business Center (IBC) is a service provider that performs services for other Federal government agencies, both inside and outside the DOI. The IBC's service offerings include providing and maintaining various types of business management systems for its clients, including human resources and financial management applications. The Oracle Federal Financials (OFF) application will offer IBC clients a suite of customized Oracle financial management modules that combine to provide a comprehensive financial software package. The OFF modules address budgeting, purchasing, Federal procurement, accounts payable, fixed assets, general ledger, inventory, and accounts receivable. The OFF application is hosted by the IBC; each client agency accesses the system remotely to populate and manage its own data. Clients can contract with the IBC for an OFF package that includes a full set of modules or for a more limited set. The IBC is responsible for system administration functions, while each client has one or more designated managers who are responsible for maintaining the client's data in the OFF system.

Some OFF records are covered by three existing system of records notices (SORNs), which are GSA/GOVT-3, Travel Charge Card Program; GSA/GOVT-4, Contracted Travel Services Program; and GSA/GOVT-6, GSA SmartPay Purchase Charge Card Program. This notice incorporates GSA/GOVT-3, GSA/GOVT-4, and GSA/GOVT-6 by reference.

Client data maintained within the OFF System is covered by this SORN. Clients that remove records from OFF for use outside of the system will be responsible for ensuring the use of the records is consistent with this SORN, or other published SORN, as indicated above, and the requirements of the Privacy Act.

The system will be effective as proposed on October 21, 2013, unless comments are received which would require a contrary determination. DOI will publish a revised notice if changes are made based upon a review of the comments received.

II. Privacy Act

The Privacy Act of 1974, as amended, embodies fair information practice principles in a statutory framework governing the means by which Federal agencies collect, maintain, use, and disseminate individuals' personal information. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency for which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. The Privacy Act defines an individual as a United States citizen or lawful permanent resident. As a matter of policy, DOI extends Privacy Act protections to all individuals. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of DOI by complying with DOI Privacy Act Regulations, 43 CFR Part 2.

The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains and the routine uses made of the information in each system. The purposes of the notice are to make agency record keeping practices transparent, to notify individuals regarding the uses of their records, and Start Printed Page 55285to assist individuals to more easily find these records within the agency. Below is the description of the OFF system of records.

In accordance with 5 U.S.C. 552a(r), DOI has provided a report of this system of records to the Office of Management and Budget and to Congress.

III. Public Disclosure

Before including your address, phone number, email address, or other personal identifying information in your comment, you should be aware that your entire comment, including your personal identifying information, may be made publicly available at any time. While you can ask us in your comment to withhold your personal identifying information from public review, we cannot guarantee that we will be able to do so.

Start Signature

Dated: August 26, 2013.

David D. Alspach,

OS/IBC Privacy Act Officer.

End Signature

SYSTEM OF RECORDS:

DOI-91.

SYSTEM NAME:

Oracle Federal Financials (OFF).

SYSTEM CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

1. Finance and Procurement Systems Division, Interior Business Center, U.S. Department of the Interior, 12201 Sunrise Valley Drive, MS-206, Reston, VA 20192.

2. Finance and Procurement Systems Division, Interior Business Center, MS D-2790, 7401 West Mansfield Avenue, Denver, CO 80235-2230.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The system contains information about employees of various Federal agencies that are Interior Business Center (IBC) clients using OFF, as well as employees or agents for third party vendors, contractors and suppliers who provide OFF clients with related financial services. In addition, the system contains information about individuals, either employees or non-employees, who owe debts to the Federal agencies that use the system.

Note: This system also contains records relating to corporations and other business entities. These records are not subject to the Privacy Act. Only records relating to individuals containing personal information are subject to the Privacy Act.

CATEGORIES OF RECORDS IN THE SYSTEM:

The system contains the information shown in the following table:

The system contains information about . . .That includes . . .
(1) Accounts receivable for IBC's OFF clients, including individuals who may be employees or non-employees and employees who owe money to OFF clients and are the subject of collections actionsfirst and last names, home addresses, employee identification numbers, and Social Security numbers.
(2) Accounts payable information about non-employee individuals and sole proprietors, including individuals who provide services to IBC's OFF clientsnames, home or business addresses, Social Security numbers, banking account numbers for electronic fund transfer payments, invoices and claims for reimbursement.
(3) Employees of IBC's OFF clients who submit claims for reimbursable expensesnames, employee identification numbers, Social Security Numbers, work address, receipts and claims for reimbursement.
(4) Employees of IBC's OFF clients who hold government bank or debit cards for purchases or travelnames, employee identification numbers, Social Security Numbers, work address, card numbers and purchase histories.

The system contains additional business and financial records for IBC's OFF clients that do not include personal information.

Records in this system are subject to the Privacy Act only if they are about an individual within the meaning of the Act, and not if they are about a business or other non-individual. This includes information provided by individuals operating solely in a business or entrepreneurial capacity.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The Office of Management and Budget Circular A-127, Policies and Standards for Financial Management Systems; 31 U.S.C. 3512, Executive Agency Accounting and Other Financial Management Reports and Plans; 5 U.S.C. 4111, Acceptance of Contributions, Awards, and Other Payments; 5 U.S.C. 5514, Installment deduction for indebtedness to the United States; 5 U.S.C. 5701, et seq. Travel And Subsistence Expenses, Mileage Allowances; 31 U.S.C. 3512, Executive agency accounting and other financial management reports and plans; 31 U.S.C. 3711, Collection and Compromise.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

(a) The system will support financial management for Federal agencies by providing a standardized, automated capability for performing administrative control of funds, general accounting, billing and collecting, payments, management reporting, and regulatory reporting. In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, disclosures outside DOI may be made as a routine use under 5 U.S.C. 552a(b)(3) as shown in the following table:

Information will be disclosed to . . .If . . .
(1) The U.S. Department of Justice (DOJ)the circumstances in paragraph (b) are met.
(2) A court or an adjudicative or other administrative bodythe circumstances in paragraph (b) are met.
(3) A party in litigation before a court or an adjudicative or other administrative bodythe circumstances in paragraph (b) are met.
(4) A DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for their private representationthe circumstances in paragraph (b) are met.
(5) A congressional officean individual covered by the system, or the heir of the individual if the covered individual is deceased, has made a written request to the office.
Start Printed Page 55286
(6) The Executive Office of the Presidentthat office makes an inquiry either: (i) at the request of the subject of a record or a third party on that person's behalf; and (ii) for a purpose compatible with the purpose for which the records are collected or maintained.
(7) A criminal, civil, or regulatory law enforcement authority (whether Federal, state, territorial, local, tribal or foreign)(i) a record, either alone or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil, or regulatory in nature; and (ii) disclosure is compatible with the purpose for which the records were compiled.
(8) An official of another Federal agencyneeded in the performance of official duties related to reconciling or reconstructing data files or to enable the agency to respond to an inquiry by the individual to whom the record pertains.
(9) Federal, state, territorial, local, tribal, or foreign agencies(i) they have requested information relevant to hiring, firing, or retention of an employee or contractor, or to issuance of a security clearance, license, contract, grant or other benefit; and (ii) disclosure is compatible with the purpose for which the records were compiled.
(10) Representatives of the National Archives and Records Administrationnecessary to conduct records management inspections under the authority of 44 U.S.C. 2904 and 2906.
(11) State and local governments and tribal organizationsnecessary to provide information needed in response to court order and/or discovery purposes related to litigation, when the disclosure is compatible with the purpose for which the records were compiled.
(12) An expert, consultant, or contractor (including employees of the contractor) of DOI that performs services requiring access to these records on DOI's behalfnecessary to carry out the purposes of the system.
(13) Appropriate agencies, entities, and persons when:the conditions in paragraph (c) are met.
(14) The Office of Management and Budget during the coordination and clearance processnecessary in connection with legislative affairs as mandated by OMB Circular A-19.
(15) The Department of the Treasurynecessary to recover debts owed to the United States.
(16) A consumer reporting agencythe disclosure requirements of the Debt Collection Act, as outlined at 31 U.S.C. 3711(e)(1), have been met.
(17) A commercial credit card contractor(s)necessary for accounting and payment of employee obligation for travel, purchasing and fleet management credit card usage.
(18) IBC's OFF clientsnecessary for using and maintaining their agency's data in the OFF system.

(b) DOI will disclose information under paragraphs (a)(1) through (a)(4) only if all of the conditions in the following paragraphs (b)(1) and (b)(2) are met.

(1) One of the following must be a party to the proceeding or have an interest in the proceeding:

(i) DOI or a component of DOI;

(ii) Another other Federal agency appearing before the Office of Hearings and Appeals;

(iii) A DOI employee acting in his or her official capacity;

(iv) A DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee;

(v) The United States, when DOJ determines that DOI is likely to be affected by the proceeding.

(2) DOI must deem the disclosure to be both:

(i) Relevant and necessary to the proceeding; and

(ii) Compatible with the purpose for which the records were compiled.

(c) DOI will disclose information under paragraph (a)(13) only if all of the following conditions are met:

(1) DOI suspects or confirms that the security or confidentiality of information in the system of records has been compromised;

(2) DOI determines that as a result of the compromise there is a risk of harm to economic or property interest, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the compromised information; and

(3) The disclosure is made to agencies, entities, and persons who are reasonably necessary to assist the Department's efforts to respond to the suspected or confirmed compromise and to prevent, minimize, or remedy the harm caused by the compromise.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

Electronic records are maintained on servers located at IBC's data centers in Denver, CO and Herndon, VA. Records are accessed only by authorized personnel who have a need to access the records in the performance of their official duties. Paper records are contained in file folders stored in file cabinets in accordance with 383 Departmental Manual 8.

RETRIEVABILITY:

The personal identifiers that can be used to retrieve information on individuals are name, Social Security number, employee identification numbers, bank account number, government travel/small purchase bank card number, employee number and supplier number.

SAFEGUARDS:

The records contained in this system are safeguarded in accordance with 43 CFR 2.226 and all other applicable security rules and policies. Paper records are maintained in locked file cabinets under the control of authorized personnel.

There are five available levels of electronic security to prevent unauthorized access, which include network access security limits, physical and logical access controls for the data center hosting the system, operating system controls, application passwords, and application data group security levels. Access to servers containing system records is limited to authorized Start Printed Page 55287personnel with a need to know the information to perform their official duties and requires a valid username and password. Unique user identification and authentication, such as passwords, least privileges and audit logs are utilized to ensure appropriate permissions and access levels. Access to the system is also limited by network access or security controls such as firewalls, and system data is encrypted. Facilities that host the system are guarded and monitored by security personnel, cameras, ID checks, and other physical security measures. Server rooms are locked and accessible only by authorized personnel.

RETENTION AND DISPOSAL:

Each Federal agency client storing data in the system has its own National Archives and Records Administration (NARA) approved records schedule for the retention of its reports and data. Data is disposed of in accordance with client-agency approved data disposal procedures. Paper records are disposed of by shredding or pulping, and records contained on electronic media are degaussed or erased in accordance with NARA Guidelines and 384 Departmental Manual 1.

SYSTEM MANAGER AND ADDRESS:

Chief, Application Management Branch, Finance & Procurement Systems Division, U.S. Department of the Interior, Interior Business Center, 625 Herndon Parkway, Herndon, VA 20170.

NOTIFICATION PROCEDURES:

An individual requesting notification of the existence of records on himself or herself should send a signed, written inquiry to the System Manager identified above. The request envelope and letter should be clearly marked “PRIVACY ACT INQUIRY.” A request for notification must meet the requirements of 43 CFR 2.235.

RECORDS ACCESS PROCEDURES:

An individual requesting access to records on himself or herself should send a signed, written inquiry to the System Manager identified above. The request envelope and letter should be clearly marked “PRIVACY ACT REQUEST FOR ACCESS”. The request letter should describe the records sought as specifically as possible. A request for access must meet the requirements of 43 CFR 2.238.

CONTESTING RECORDS PROCEDURES:

An individual requesting corrections or contesting information contained in his or her records must send a signed, written request to the System Manager identified above. A request for corrections or removal must meet the requirements of 43 CFR 2.246.

RECORD SOURCE CATEGORIES:

Information in the system is obtained from IBC's Federal agency clients, as well as third party vendors, contractors and suppliers who provide related financial services to the clients using the system.

EXEMPTIONS CLAIMED FOR THE SYSTEM:

None.

End Supplemental Information

[FR Doc. 2013-21955 Filed 9-9-13; 8:45 am]

BILLING CODE 4310-RK-P