Privacy Act of 1974; System of Records

AGENCY:

Corporation for National and Community Service.

ACTION:

Notice of new systems of records.

SUMMARY:

In accordance with the Privacy Act of 1974, as amended, the Corporation for National and Community Service (operating as AmeriCorps) proposes to establish a new system of records entitled “CNCS-20-COO-ERC Emergency Response Communication System of Records.” This system of records allows AmeriCorps to maintain information to administer operational response to critical events.

DATES:

You may submit comments on or before April 29, 2024. Unless timely comments are received that would require a revision, this new system of records will become effective on April 29, 2024.

ADDRESSES:

You may submit comments identified by system name and number by any of the following methods:

1. Electronically through regulations.gov. Once you access regulations.gov, find the web page for this SORN by searching for CNCS-20-COO-ERC.

2. By email at privacy@americorps.gov.

3. By mail: AmeriCorps, Attn: Bilal Razzaq, Chief Privacy Officer, OIT, 250 E Street SW, Washington, DC 20525.

4. By hand delivery or courier to AmeriCorps at the address for mail between 9:00 a.m. and 4:00 p.m. Eastern Standard Time, Monday through Friday, except for Federal holidays.

Please note that all submissions received may be posted without change to regulations.gov, including any personal information. Commenters should be careful to include in their comments only information that they wish to make publicly available.

FOR FURTHER INFORMATION CONTACT:

If you have general questions about the system of records, please contact ZhuoHong Liu at zliu@americorps.gov, by phone at 202-938-7868, or mail them to the address in the ADDRESSES section above. Please include the system of records' name and number.

SUPPLEMENTARY INFORMATION:

I. Background

In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, AmeriCorps' Office of Facilities and Support Services proposes to establish a new agency-wide system of records titled “CNCS-20-COO-ERC Emergency Response Communication System of Records.” This system will enhance AmeriCorps' flexibility to execute pre-defined communication processes in emergency situations and improve its capacity to administer its operational response to critical events to maintain business continuity and to keep its personnel safe.

II. Privacy Act

The Privacy Act codifies fair information practice principles in a statutory framework governing the means by which federal government agencies collect, maintain, use, and disseminate individuals' records. The Privacy Act applies to information that is maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. In the Privacy Act, an individual is defined to encompass U.S. citizens and lawful permanent residents. In accordance with 5 U.S.C. 552a(r), AmeriCorps has provided a report of this system of records to the Office of Management and Budget and to Congress.

Below is the description of CNCS-20-COO-ERC Emergency Response Communication System of Records.

SYSTEM NAME AND NUMBER:

CNCS-20-COO-ERC Emergency Response Communication System of Records.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

This system of record is maintained by the Office of Facilities and Support Services, Office of the Chief Operating Officer, AmeriCorps. 250 E Street SW, Washington, DC 20525. The system is run by a cloud service provider certified by the Federal Risk and Authorization Management Program.

SYSTEM MANAGER(S):

Director, Office of Facilities and Support Services, Office of the Chief Operating Officer, AmeriCorps. 250 E Street SW, Washington, DC 20525.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Federal Continuity Directive 1, Federal Executive Branch National Continuity Program and Requirements, January 17, 2017; Federal Property Management Regulation 101-20.103-4, Occupant Emergency Program; Homeland Security Presidential Directive 20, National Continuity Policy, May 4, 2007.

PURPOSE(S) OF THE SYSTEM:

AmeriCorps uses this system to collect and maintain the contact information of its personnel to whom the system will send emergency notifications. AmeriCorps uses this system to execute pre-defined communication processes in emergency situations and to administer its operational response to critical events to maintain business continuity and to keep its personnel safe.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The federal employees and contractors of AmeriCorps.

CATEGORIES OF RECORDS IN THE SYSTEM:

The full names of AmeriCorps personnel; AmeriCorps-assigned office email addresses; AmeriCorps-assigned office phone numbers; the office mobile phone numbers that AmeriCorps issues to its employees; personal email addresses that AmeriCorps personnel provide at their own choice; personal home or mobile phone numbers that AmeriCorps personnel provide at their own choice; office locations of AmeriCorps personnel (city and state).

RECORD SOURCE CATEGORIES:

The office contact information in the records is obtained from the official staff directory maintained in the Microsoft Active Directory of AmeriCorps. The personal home and mobile phone numbers and personal email addresses are collected directly from AmeriCorps personnel.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b), all or a portion of the records or information contained in this system of records may be disclosed as a routine use pursuant to 5 U.S.C. 552a(b)(3) under the circumstances or for the purposes described below, to the extent such disclosures are compatible with the purposes for which the information was collected:

1. To the Department of Justice (DOJ), including the U.S. Attorneys Offices, or other federal agency conducting litigation or proceedings before any court, adjudicative, or administrative body, when it is relevant or necessary to the litigation or proceeding and one of the following is a party to the litigation or has an interest in such litigation:

a. AmeriCorps;

b. Any employee or former employee of AmeriCorps in his/her official capacity;

c. Any employee or former employee of AmeriCorps in his/her individual capacity, only when DOJ or AmeriCorps has agreed to represent the employee; or

d. The United States or any agency thereof.

2. To a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of the individual to whom the record pertains.

3. To the National Archives and Records Administration (NARA) or General Services Administration pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

4. To an agency or organization for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

5. To the Executive Office of the President in response to an inquiry from that office made at the request of the subject of a record or a third party on that person's behalf, or for a purpose compatible with the reason for which the records are collected or maintained.

6. To an official of another federal agency to provide information needed in the performance of official duties related to reconciling or reconstructing data files or to enable that agency to respond to an inquiry by the individual to whom the record pertains.

7. To state, territorial and local governments and tribal organizations to provide information needed in response to court order and/or discovery purposes related to litigation, when the disclosure is compatible with the purpose for which the records were compiled.

8. To an expert, consultant, grantee, or contractor (including employees of the contractor) of AmeriCorps that performs services requiring access to these records on AmeriCorps' behalf to carry out the purposes of the system.

9. To appropriate agencies, entities, and persons when

a. AmeriCorps suspects or has confirmed that there has been a breach of the system of records;

b. AmeriCorps has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, AmeriCorps (including its information systems, programs, and operations), the federal government, or national security; and

c. the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with AmeriCorps' efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

10. To another federal agency or federal entity, when AmeriCorps determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in

a. responding to a suspected or confirmed breach or

b. preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

11. To an appropriate federal, state, tribal, local, international, or foreign law enforcement agency or other appropriate authority charged with investigating or prosecuting a violation or enforcing or implementing a law, rule, regulation, or order, when a record, either on its face or in conjunction with other information, indicates a violation or potential violation of law, which includes criminal, civil, or regulatory violations and such disclosure is proper and consistent with the official duties of the person making the disclosure.

12. To a court, magistrate, or administrative tribunal in the course of presenting evidence, including disclosures to opposing counsel or witnesses in the course of civil discovery, litigation, or settlement negotiations or in connection with criminal law proceedings, when it is relevant and necessary to the litigation or proceeding.

13. To contractors and their agents, grantees, experts, consultants, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for AmeriCorps, when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same requirements and limitations on disclosure as are applicable to AmeriCorps officers and employees.

14. To appropriate third parties contracted by AmeriCorps to investigate a complaint or appeal filed by an employee or applicant, or to facilitate and conduct mediation or other alternative dispute resolution (ADR) procedures or programs.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

AmeriCorps stores records in this system electronically.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records may be retrieved by name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The records maintained in this system of records are subject to National Archives and Records Administration General Records Schedule 5.3, item 20. The Disposition Authority is DAA-GRS2016-0004-0002. The disposition is temporary. The records will be destroyed when superseded or obsolete, or upon separation or transfer of an employee.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

AmeriCorps safeguards records in this system according to applicable laws, rules, and policies, including all applicable AmeriCorps automated systems security and access policies. AmeriCorps has strict controls in place to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions.

RECORD ACCESS PROCEDURES:

In accordance with 45 CFR part 2508—Implementation of the Privacy Act of 1974, as amended, individuals wishing to access their own records that are stored within the system of records may contact the FOIA Officer/Privacy Act Officer by sending (1) an email to FOIA@americorps.gov or (2) a letter addressed to the System Manager, attention Privacy Inquiry. Individuals who make a request must include enough identifying information ( i.e., full name, current address, date, and signature) to locate their records, indicate that they want to access their records, and be prepared to confirm their identity as required by 45 CFR part 2508.

CONTESTING RECORD PROCEDURES:

All requests to contest or amend information maintained in the system will be directed to the FOIA Officer/Privacy Act Officer. Individuals who make a request must include enough identifying information to locate their records, in the manner described above in the Record Access Procedures section. Requests should state clearly and concisely what information is being contested, the reasons for contesting it, and the proposed amendment to the information.

NOTIFICATION PROCEDURES:

Any individual desiring to contest or amend information not subject to exemption may contact the FOIA Officer/Privacy Act Officer via the contact information in the Record Access Procedures section. Individuals who make a request must include enough identifying information to locate their records, indicate that they want to be notified whether their records are included in the system, and be prepared to confirm their identity as required by 45 CFR part 2508.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.