Skip to Content

Notice

Privacy Act of 1974; System of Records

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Office of the Deputy Chief Information Officer, General Services Administration, GSA.

ACTION:

Notice of a new system of records.

SUMMARY:

GSA proposes a new government-wide system of records subject to the Privacy Act of 1974.

DATES:

The system of records notice is effective upon its publication in today's Federal Register, with the exception of the routine uses which are effective April 3, 2017. Comments on the routine uses or other aspects of the system of records notice must be submitted by April 3, 2017.

ADDRESSES:

Submit comments identified by “Notice-ID-2016-02, Notice of New System of Records” by any of the following methods:

  • Regulations.gov: http://www.regulations.gov. Submit comments via the Federal eRulemaking portal by searching for Notice-ID-2016-02, Notice of New System of Records. Select the link “Comment Now” that corresponds with “Notice-ID-2016-02, Notice of New System of Records. Follow the instructions provided on the screen. Please include your name, company name (if any), and “Notice-ID-2016-02, Notice of New System of Records” on your attached document.
  • Mail: General Services Administration, Regulatory Secretariat Division (MVCB), 1800 F Street NW., Washington, DC 20405. ATTN: Ms. Flowers/Notice-ID-2016-02, Notice of New System of Records.

Instructions: Comments received generally will be posted without change to http://www.regulations.gov, including any personal and/or business confidential information provided. To confirm receipt of your comment(s), please check www.regulations.gov, approximately two to three days after submission to verify posting (except allow 30 days for posting of comments submitted by mail).

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Call or email the GSA Chief Privacy Officer at telephone 202-322-8246, or email gsa.privacyact@gsa.gov.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

GSA proposes to establish a new government-wide system of records subject to the Privacy Act of 1974, 5 U.S.C. 552a. Pursuant to Section 5 of the Digital Accountability and Transparency Act (DATA Act), Public Law 113-101, the Office of Management and Budget (OMB), in collaboration with the Chief Acquisition Officers Council, Department of Health and Human Services (HHS) and GSA, is engaged in a multifaceted effort that aims to reduce reporting burden, standardize processes, and reduce costs for Federal awardees. OMB is providing strategic leadership for the procurement pilot and collaborating with GSA and the Chief Acquisition Officers Council for implementation. The objectives of the Section 5 procurement pilot focus are to:

  • Identify recommendations in the National Dialogue for further review
  • Develop a central reporting portal prototype and collection tool for FAR required reports, and
  • Test the portal by centrally collecting select FAR required reports that are currently reported across the Federal government, beginning with collection of reports required under FAR 22.406-6.

The goal is to allow contractors doing business with the Federal Government to submit FAR required reports to one central location in an efficient and effective manner rather than multiple locations and to each contracting officer (CO).

As part of this collaboration, GSA is developing and will operate the Federal Acquisition Regulation (FAR) Data Collection System. The system allows prime contractors and subcontractors (“submitters”), performing work on federal contract awards to enter and certify various reports required by the FAR. The system is intended to decrease the reporting burden on submitters and prior to full adoption the system will be used in a pilot to measure and demonstrate that burden reduction.

Submitters will use the system to report data on their applicable awards. Each awarding agency will access the data provided pursuant to its award(s) and share it internally as required and Start Printed Page 12353provided by law. Each agency is responsible for the collection and use of data pertaining to the submitters. GSA is the system owner and operator.

OMB and GSA will use ongoing feedback from pilot participants, and modify the pilot reporting tool as necessary; and will analyze the feedback on pilot and other relevant information to determine expansion to other FAR required reports.

Start Signature

Richard Speidel,

Chief Privacy Officer, Office of the Deputy Chief Information Officer, General Services Administration.

End Signature

SYSTEM NUMBER

GSA/GOVT-10

SYSTEM NAME:

Federal Acquisition Regulation (FAR) Data Collection System.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

The General Services Administration's (GSA) Federal Acquisition Service (FAS) owns the FAR Data Collection System, which is housed in secure datacenters in the continental United States. Each agency that makes awards has custody of the records pertaining to its own contracts. Contact the system manager for additional information.

SYSTEM MANAGER:

Integrated Award Environment Assistant Commissioner, Office of Integrated Award Environment, Federal Acquisition Service, General Services Administration, 1800 F Street NW., Washington, DC 20405.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

E-Government Act of 2002 (Pub. L. 107-347) Section 204; Davis-Bacon and Related Acts: 40 U.S.C. 3141-3148 40 U.S.C. 276a; 29 CFR parts 1, 3, 5, 6 and 7; Section 5 of the Digital Accountability and Transparency Act (DATA Act), Public Law 113-101.

PURPOSES OF THE SYSTEM:

The system facilitates collection of data that prime contractors and their subcontractors are required to submit. Each agency is responsible for the collection, use and review of data pertaining to its contracts to verify contractor compliance with applicable requirements. The system includes an online portal that allows prime or subcontractors to enter, review and as applicable, certify FAR-required reports. While logged in, a prime or subcontractor is able to enter data and review reports. After a required report has been entered by the prime contractor or a subcontractor on a contract, the prime contractor certifies that the report is correct and submits it to the contracting officer. Contracting officers and other authorized officials in the awarding agency use the data from the system to review submissions for compliance with contractual terms and conditions for contracts for which they are responsible.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The FAR Data Collection System contains records related to prime contractors who are performing on federal contract awards (“prime contractor”), subcontractors, their employees (“prime or subcontractor employees”) and employed by the Federal Government. An owner, agent, or employee of a prime or subcontractor may enter or certify information, as applicable.

CATEGORIES OF RECORDS IN THE SYSTEM:

Categories of records include the name of the person entering, and as applicable, certifying, information on behalf of the prime or subcontractor, their position within the company, phone number, and email address. Categories of records related to employees of prime and subcontractors include, but are not limited to: Name, unique identifier assigned by the prime or subcontractor, work classification (per the Department of Labor's job classifications), regular and overtime hours worked by day/date, total hours worked, fringe benefits, whether paid as hourly rate in cash amounts or as an employer-paid benefit, and federal projects gross earnings. Some prime or subcontractors may be obligated to provide contractor employee information about themselves if they are self-employed. Categories of records related to acquisition personnel include name, position, work phone number, email address and other similar records related to their official responsibilities.

RECORD SOURCE CATEGORIES:

Employee records are created, reviewed and, as appropriate, certified by the prime or subcontractor. Records pertaining to the individual entering and certifying data in the system may be created by the individual, by a contracting officer, or in the case of a subcontractor by the prime contractor or another subcontractor. Records pertaining to federal acquisition personnel using the system may be entered by the individual or by other federal employees at the individual's agency.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed to authorized entities, as is determined to be relevant and necessary, outside GSA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

a. To an appropriate Federal, State, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, where a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.

b. To a Member of Congress or his or her staff in response to a request made on behalf of and at the request of the individual who is the subject of the record.

c. To the Department of Justice or other Federal agency conducting litigation or in proceedings before any court, adjudicative or administrative body, when: (a) GSA or any component thereof, or (b) any employee of GSA in his/her official capacity, or (c) any employee of GSA in his/her individual capacity where DOJ or GSA has agreed to represent the employee, or (d) the United States or any agency thereof, is a party to the litigation or has an interest in such litigation, and GSA determines that the records are both relevant and necessary to the litigation.

d. To the National Archives and Records Administration (NARA) for records management purposes.

e. To the Office of Management and Budget (OMB) and the Government Accountability Office (GAO) in accordance with their responsibilities for evaluation or oversight of Federal programs.

f. To an expert, consultant, or contractor of GSA in the performance of a Federal duty to which the information is relevant.

g. To appropriate agencies, entities, and persons when (1) GSA suspects or has confirmed that there has been a breach of the system of records; (2) GSA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, GSA (including its information systems, programs and operations), the Federal Start Printed Page 12354Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with GSA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

h. To another Federal agency or Federal entity, when GSA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Electronic records and backups are stored on secure servers approved by GSA Office of the Chief Information Security Officer (OCISO) and accessed only by authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

System records are retrievable by searching against information in the record pertaining to the prime or subcontractor (e.g., the prime or subcontractor's company's name; the name of the individual entering or certifying information on behalf of the prime or subcontractor), the contract, (e.g., the contract number), or the contracting officer; however, each agency can only access and retrieve the records pertaining to contracts being administered by its acquisition personnel.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

System records are retained and disposed of according to each respective agency's records maintenance and disposition schedules including, as applicable, the NARA General Records Schedule 1.1, Financial Management and Reporting Records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records in the system are protected from unauthorized access and misuse through a combination of administrative, technical and physical security measures. Administrative measures include but are not limited to policies that limit system access to individuals within an agency with a legitimate business need, and regular review of security procedures and best practices to enhance security. Technical measures include but are not limited to system design that allows prime contractor and subcontractor employees access only to data for which they are responsible; role-based access controls that allow government employees access only to data regarding contracts awarded by their agency or reporting unit; required use of strong passwords that are frequently changed; and use of encryption for certain data transfers. Physical security measures include but are not limited to the use of data centers which meet government requirements for storage of sensitive data.

RECORD ACCESS PROCEDURES:

Prime and subcontractors enter and review their own data in to the system, and are responsible for indicating that those data are correct. If an individual wishes to access any data or record pertaining to him or her in the system after it has been submitted, that individual should consult the Privacy Act implementation rules of the agency to which the report was submitted. For example, for reports submitted to GSA, procedures for accessing the content of a record can be found at 41 CFR part 105-64.2.

CONTESTING RECORD PROCEDURES:

Prime and subcontractors with access to the FAR Data Collection System can edit their own reports before submitting them. If an individual wishes to contest the content of any record pertaining to him or her in the system after it has been submitted, that individual should consult the Privacy Act implementation rules of the agency to which the report was submitted. For example, for reports submitted to GSA, procedures for contesting the content of a record and appeal procedures can be found at 41 CFR part 105-64.4.

NOTIFICATION PROCEDURES:

Prime and subcontractors with access to the FAR Data Collection System enter and review their own data in the system. If an individual wishes to be notified at his or her request if the system contains a record pertaining to him or her after it has been submitted, that individual should consult the Privacy Act implementation rules of the agency to which the report was submitted. For example, for reports submitted to GSA, procedures for receiving notice can be found at 41 CFR part 105-64.4.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

End Supplemental Information

[FR Doc. 2017-04037 Filed 3-1-17; 8:45 am]

BILLING CODE 6820-34-P