AGENCY:

Peace Corps.

ACTION:

Notice of an amendment to a Privacy Act system of records.

SUMMARY:

Pursuant to the provisions of the Privacy Act of 1974 (5 U.S.C. 552a) the Peace Corps is giving notice of a new system of records, PC-33, titled the Consolidated Incident Reporting System (CIRS).

DATES:

This action will be effective without further notice on February 17, 2009 unless comments are received by February 2, 2009 that would result in a contrary determination.

ADDRESSES:

You may submit comments by e-mail to nmiller@peacecorps.gov. You may also submit comments by mail to Nancy G. Miller, Office of the General Counsel, Peace Corps, Suite 8200, 1111 20th Street, NW., Washington, DC 20526. Contact Nancy G. Miller for copies of comments.

FOR FURTHER INFORMATION CONTACT:

Nancy G. Miller, Associate General Counsel, 202-692-2150, nmiller@peacecorps.gov.

SUPPLEMENTARY INFORMATION:

Section 552a provides that the public be given a 30-day period in which to comment on the new system. The Office of Management and Budget (OMB), which has oversight responsibility under the Act, requires a 40-day period in which to review the proposed system. In accordance with 5 U.S.C. 552a, Peace Corps has provided a report on this system to OMB and the Congress.

System name:

PC-33 Consolidated Incident Reporting System (CIRS).

Security classification:

Not applicable.

System location:

Office of the Chief Information Officer and the Office of Safety and Security, Peace Corps, 1111 20th St., NW., Washington, DC 20526, as well as Peace Corps overseas offices.

Categories of individuals covered by the system:

Peace Corps Volunteers, Trainees, Peace Corps Response Volunteers, alleged offenders, and witnesses.

Categories of records in the system:

Volunteer name; Volunteer contact information, including phone number, address, and/or e-mail address; Volunteer Tag (system-generated ID associated with the Volunteer's name); race/ethnicity; sex; country of incident; country of service; sector of assignment; marital status; age; Volunteer site; type of incident; date of incident; date incident was reported to post; time of incident; personnel notified; incident location; size of population of community (i.e., urban, intermediate, rural); nature and details of the incident; alcohol use by Volunteer at time of incident; weapon use by alleged offender; injury sustained; medical/counseling support provided; victim's intention to prosecute; and alleged offender's motive for committing incident; name of alleged offender; age range of alleged offender; gender of alleged offender; relationship of alleged offender to victim; alcohol use by alleged offender at time of incident; whether alleged offender was apprehended; information on witnesses, such as name and contact information; and post follow up or changes to original incident report, as noted in the updates section.

Authority for maintenance of the system:

Peace Corps Act , 22 U.S.C. 2501 et seq.

Purpose(s):

To provide a single central facility within the Peace Corps for tracking crimes against Volunteers; analyzing trends; and responding to requests from executive, legislative, and oversight bodies, as well as the public, for statistical crime data relating to criminal and other high-interest incidents. The Peace Corps will use this information for programmatic and training purposes in order to make informed decisions about potential changes in policy and/or programs. The system notifies in a timely manner Peace Corps headquarters and overseas staff who have a need to know when a crime has occurred against a Volunteer. Such staff make safety and security, medical, or management decisions regarding the Volunteer victim. The system also notifies the U.S. Embassy's Regional Security Officers covering the post whenever a crime against a Volunteer occurs so that they may initiate investigative procedures, as necessary.

Routine uses of records maintained in the system, including categories of users and the purpose of such users:

General routine uses A through M apply to this system. In addition to general routine uses, the Peace Corps will use the data collected via the CIRS for programmatic and training purposes and to make informed decisions about potential changes in policy and/or programs.

Disclosure to consumer reporting agencies:

None.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

In a protected database and in a locked file cabinet in a locked room.

Retrievability:

Records are retrievable by any, all, or any combination of the following data fields: Volunteer name; contact information; Volunteer Tag; race/ethnicity; sex; country of incident, country of service; sector of assignment; marital status; age; Volunteer site; type of incident; date of incident; date incident was reported; time of incident; date of incident; names of personnel notified; size of population of community; incident location; nature and details of the incident/offense; Start Printed Page 132alcohol use by Volunteer at time of incident; whether weapons were involved; type of injury; medical support provided; updates to the incident report; victim's intention to prosecute; and motive for committing incident; name of alleged offender; age range of alleged offender; gender of alleged offender; relationship of alleged offender to victim; alcohol use by alleged offender at time of incident; and whether alleged offender was apprehended; any available information on witness.

Safeguards:

Names and social security numbers have been redacted from paper records that were collected until 2006. After 2006, social security numbers were no longer collected on the Volunteer. The crime incident database does not collect or store previously collected social security numbers. Accounts are created for Peace Corps staff for whom a business need exists, i.e., select staff in Director's office, Safety and Security, Regions, and Volunteer Support. Regional Security Officers and Assistant Regional Security Officers at the U.S. Embassy at post also receive CIRS accounts. Embassy officials must complete a Technology Access Agreement form to receive an account. All CIRS accounts require a user name and password. Access to Volunteer names and addresses in the reports is restricted to only those CIRS users who have a need to know. These include reporting post staff, Office of Volunteer Support staff who are responsible for medical support, and Regional Security Officers with the U.S. Embassy.

Information is encrypted using 128-bit SSL and AES encryptions standards. The system platform went through the accreditation process in February 2008 (i.e., accreditation with the WebTrust seal) and through a SAS-70 Type II audit performed by a third party auditor.

Retention and disposal:

As there is no records disposal schedule for this information, electronic and paper records are being retained indefinitely. Records are retained to allow for historical data and trends analysis. Paper files are redacted to remove Volunteer names and social security numbers. The annual Safety of the Volunteer report is kept on file permanently for historical reference.

System manager(s) and address:

Social Science Analyst, Office Safety and Security, Peace Corps, 1111 20th St., NW., Washington, DC 20526.

Notification procedure:

Any individual who wants notification that this system of records contains a record about him or her should make a written request to the System Manager. Requesters will be required to provide adequate identification, such as a driver's license, employee identification card, or other identifying documentation. Additional identification may be required in some instances. Complete Peace Corps Privacy Act procedures are set out in 22 CFR Part 308.

Record access procedures:

Any individual who wants access to his or her record should make a written request to the System Manager. Requesters will be required to provide adequate identification, such as a driver's license, employee identification card, or other identifying documentation. Additional identification may be required in some instances. Complete Peace Corps Privacy Act procedures are set out in 22 CFR Part 308.

Contesting record procedures:

Any individual who wants to contest the contents of a record should make a written request to the System Manager. Requesters will be required to provide adequate identification, such as a driver's license, employee identification card, or other identifying documentation. Additional identification may be required in some instances. Requests for correction or amendment must identify the record to be changed and the corrective action sought. Complete Peace Corps Privacy Act procedures are set out in 22 CFR Part 308.

Record source categories:

Record Subject.

Exemptions claimed for the system:

None.