AGENCY:

Federal Labor Relations Authority.

ACTION:

Notice of a new system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, the Federal Labor Relations Authority (FLRA) is issuing public notice of an intent to introduce a new system of records entitled, “Privacy Act Requests and Appeals.” This notice publishes details of the new system as set forth below.

DATES:

This notice action shall be applicable immediately, which will become effective February 7, 2024.

Comments will be accepted on or before: February 7, 2024.

ADDRESSES:

You may send comments, which must include the caption “SORN Notice (Privacy Act),” by one of the following methods:

Email: SolMail@flra.gov. Include “SORN Notice (Privacy Act)” in the subject line of the message.

Mail: Thomas Tso, Senior Agency Official for Privacy, Federal Labor Relations Authority, 1400 K Street NW, Washington, DC 20424–0001.

Instructions: Do not mail written comments if they have been submitted via email. Interested persons who mail written comments must submit an original and 4 copies of each written comment, with any enclosures, on 8 1/2 x 11 inch paper. Do not deliver comments by hand.

FOR FURTHER INFORMATION CONTACT:

If you have any questions, please contact Thomas Tso, Solicitor, Senior Agency Official for Privacy, at (771) 444–5779.

SUPPLEMENTARY INFORMATION:

The Privacy Act of 1974 requires that each agency publish notice of all the systems of records that it maintains. This document proposes the introduction of a new system of records. The “Freedom of Information Act Request and Appeal Files” is the system that the FLRA uses to provide the public with a single location to submit and track Freedom of Information Act (FOIA) and related requests and appeals filed with the FLRA. The FLRA had used this single system to track Privacy Act requests, which are often combined with FOIA requests, see 82 FR 49813 (October 27, 2017). Other agencies have also treated Privacy Act and FOIA requests as a singular system of records. E.g., Department of Treasury, Freedom of Information Act/Privacy Act Request Records,81 FR 78266 (Nov. 7, 2016).

The FLRA now proposes a new system of records, titled “Privacy Act Requests and Appeals,” to separate Privacy Act request records as an independent system of records. Pursuant to the Creating Advanced Streamlined Electronic Services for Constituents Act of 2019 (“CASES Act”), Public Law 116–50, 133 Stat. 1073 (2019), the Office of Management and Budget's M–21–04, “Modernizing Access to and Consent for Disclosure of Records Subject to the Privacy Act,” asks agencies to “provide a digital service option to ensure that individuals have the ability to digitally request access to or consent to disclosure of their records” covered by the Privacy Act. M–21–04 also asks agencies to “review SORNs governing systems of records that include Privacy Act requests for access to and consent to disclosure of records, and, if necessary, modify those SORNs, as well.” The FLRA determined that a separate system Start Printed Page 919 of records should be used to track the documents generated by requests under the Privacy Act, which may include different information or use different forms than requests under FOIA.

SYSTEM NAME AND NUMBER:

Privacy Act Request and Appeal Files, FLRA/Internal–18.

SECURITY CLASSIFICATION:

Not applicable.

SYSTEM LOCATION:

FLRA Headquarters, Office of the Solicitor.

SYSTEM MANAGER(S):

Senior Agency Official for Privacy, Office of the Solicitor, Federal Labor Relations Authority, 1400 K St. NW, Washington, DC 20424.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Privacy Act, 5 U.S.C. 552a.

PURPOSE(S) OF THE SYSTEM:

To provide the public with portals to submit and track Privacy Act requests and appeals filed with the FLRA and to manage internal Privacy Act administration activities.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

All persons requesting information or filing appeals under the Privacy Act.

CATEGORIES OF RECORDS IN THE SYSTEM:

A copy of each Privacy Act request received by the FLRA and a copy of all correspondence related to the request, including the requesters' names, mailing addresses, email addresses, phone numbers, Social Security Numbers, birth certificates, evidence of guardianship or parentage, dates of birth, any aliases used by the requesters, alien numbers assigned to travelers crossing national borders, requesters' parents' names, user names and passwords for registered users, Privacy Act tracking numbers, dates requests are submitted and received, related appeals, and agency responses. Records also include communications with requesters, internal Privacy Act administrative documents ( e.g., billing invoices) and responsive records.

RECORD SOURCE CATEGORIES:

Information in this system of records is provided by FLRA employees and Privacy Act requesters.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to the disclosure generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, these records or information in these records may be used pursuant to 5 U.S.C. 552a(b)(3):

a. To disclose pertinent information to the appropriate Federal, State, or local agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order, when the FLRA becomes aware of an indication of a violation or potential violation of civil or criminal law or regulation.

b. To provide information to a congressional office from the record of an individual in response to an inquiry from that congressional office made at the request of that individual.

c. In an appropriate proceeding before a court, grand jury, or administrative or adjudicative body, when the FLRA determines that the records are arguably relevant to the proceeding, or in an appropriate proceeding before an administrative or adjudicative body when the adjudicator determines the records to be relevant to the proceeding.

d. To a Federal, State, local, or foreign agency or entity for the purpose of consulting with that agency or entity to enable the FLRA to make a determination as to the propriety of access to or correction of information, or for the purpose of verifying the identity of an individual or the accuracy of information submitted by an individual who has requested access to or amendment of information.

e. To a Federal agency or entity that furnished the record or information for the purpose of permitting that agency or entity to make a decision as to access to or correction of the record or information, or to a Federal agency or entity for purposes of providing guidance or advice regarding the handling of particular requests.

f. To a submitter or subject of a record or information in order to obtain assistance to the FLRA in making a determination as to access or amendment.

g. To a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.

h. To disclose information to the National Archives and Records Administration, the Office of Government Information Services (OGIS), only when there is overlap between Privacy Act and FOIA requests, to the extent necessary to fulfill its responsibilities in 5 U.S.C. 552(h), to review administrative agency policies, procedures and compliance with FOIA, and to facilitate OGIS's offering of mediation services to resolve disputes between persons making FOIA requests and administrative agencies.

i. To appropriate agencies, entities, and persons when (1) the FLRA suspects or has confirmed that there has been a breach of the system of records; (2) the FLRA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the FLRA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the FLRA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

j. To another Federal agency or Federal entity, when the FLRA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

k. To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal Government, when necessary to accomplish an agency function related to this system of records.

l. To such recipients and under such circumstances and procedures as are mandated by Federal statute, regulation, or treaty.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

All Privacy Act records are maintained in a secure, password-protected FedRAMP-certified third-party cloud environment, which utilizes security hardware and software, including multiple firewalls, active intruder detection, and role-based accessed controls. Any paper records are stored in secure FLRA offices and/or lockable file cabinets. Given the common overlap between FOIA and Privacy Act requests, Privacy Act request records in this system may be maintained within a related FLRA system of records, “Freedom of Information Act Request and Appeal Files, FLRA/Internal-17.”

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Requests are retrieved from the system by numerous data elements and Start Printed Page 920 key word searches, including name, agency, dates, subject, Privacy Act request tracking number, and other information retrievable with full-text searching capability.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Privacy Act records are maintained for three years or longer, in accordance with item 001 of General Records Schedule 4.2, as approved by the Archivist of the United States. Disposal is by shredding and/or by deletion of the electronic record.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Computer records are maintained in a secure, password-protected computer system. Paper records are maintained in secure offices or lockable file cabinets. All records are maintained in secure, access-controlled areas or buildings.

RECORD ACCESS PROCEDURES:

Individuals wishing access to records about them should contact the System Manager. Individuals must furnish the following information for their records to be located and identified:

a. Full name.

b. Approximate date of the Privacy Act request or appeal.

Individuals requesting access must comply with the FLRA's Privacy Act regulations regarding access to records (5 CFR 2412).

CONTESTING RECORD PROCEDURES:

Individuals wishing to request amendment of records about them should contact the System Manager. Individuals must furnish the following information for their records to be located and identified:

a. Full name.

b. Approximate date of the Privacy Act request or appeal.

Individuals requesting amendment must follow the FLRA's Privacy Act regulations regarding amendment of records (5 CFR 2412).

NOTIFICATION PROCEDURES:

Individuals wishing to determine whether this system of records contains information about them should contact the System Manager. Individuals must furnish the following for their records to be located and identified:

a. Full name.

b. Approximate date of the Privacy Act request or appeal.

Individuals making inquiries must comply with the FLRA's Privacy Act regulations regarding the existence of records (5 CFR 2412).

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.