AGENCY:

Office of Mission Support (OMS), Environmental Protection Agency (EPA).

ACTION:

Notice of a new system of records.

SUMMARY:

The U.S. Environmental Protection Agency's (EPA) Office of Mission Support is giving notice that it proposes to create a new system of records pursuant to the provisions of the Privacy Act of 1974. The Data Management and Analytics Platform (DMAP) is an existing analytical tool that EPA uses to store data and to create data maps, pie charts, and run statistics. EPA intends to expand DMAP to include personally identifiable information already collected by the EPA from databases recording drinking water intake locations; EPA property databases; and EPA personnel information databases.

DATES:

Persons wishing to comment on this system of records notice must do so by December 5, 2022. New routine uses for this new system of records will be effective December 5, 2022.

ADDRESSES:

Submit your comments, identified by Docket ID No. EPA-HQ-OMS-2022-0383, by one of the following methods:

Federal eRulemaking Portal: https://www.regulations.gov. Follow the online instructions for submitting comments.

Email: docket_oms@epa.gov. Include the Docket ID number in the subject line of the message.

Fax: (202) 566-1752.

Mail: OMS Docket, Environmental Protection Agency, Mail Code: 2822T, 1200 Pennsylvania Ave. NW, Washington, DC 20460.

Hand Delivery: OMS Docket, EPA/DC, WJC West Building, Room 3334, 1301 Constitution Ave. NW, Washington, DC 20460. Such deliveries are only accepted during the Docket's normal hours of operation, and special arrangements should be made for deliveries of boxed information.

Instructions: Direct your comments to Docket ID No. EPA-HQ-OMS-2022-0383. The EPA's policy is that all comments received will be included in the public docket without change and may be made available online at https://www.regulations.gov, including any personal information provided, unless the comment includes information claimed to be Controlled Unclassified Information (CUI) or other information for which disclosure is restricted by statute. Do not submit information that you consider to be CUI or otherwise protected through https://www.regulations.gov. The https://www.regulations.gov website is an “anonymous access” system for the EPA, which means the EPA will not know your identity or contact information. If you submit an electronic comment, the EPA recommends that you include your name and other contact information in the body of your comment. If the EPA cannot read your comment due to technical difficulties and cannot contact you for clarification, the EPA may not be able to consider your comment. If you send an email comment directly to the EPA without going through https://www.regulations.gov, your email address will be automatically captured and included as part of the comment that is placed in the public docket and made available on the internet. Electronic files should avoid the use of special characters, any form of encryption, and be free of any defects or viruses. For additional information about the EPA public docket, visit the EPA Docket Center homepage at https://www.epa.gov/​dockets.

Docket: All documents in the docket are listed in the https://www.regulations.gov index. Although listed in the index, some information is not publicly available, e.g., CUI or other information for which disclosure is restricted by statute. Certain other material, such as copyrighted material, will be publicly available only in hard copy. Publicly available docket materials are available either electronically in https://www.regulations.gov or in hard copy at the OMS Docket, EPA/DC, WJC West Start Printed Page 66693 Building, Room 3334, 1301 Constitution Ave. NW, Washington, DC 20460. The Public Reading Room is normally open from 8:30 a.m. to 4:30 p.m., Monday through Friday excluding legal holidays. The telephone number for the Public Reading Room is (202) 566-1744, and the telephone number for the OMS Docket is (202) 566-1752. Further information about EPA Docket Center services and current operating status is available at https://www.epa.gov/​dockets.

FOR FURTHER INFORMATION CONTACT:

enviromail_group@epa.gov, to the attention of DMAP System Owner: Shane Knipschild.

SUPPLEMENTARY INFORMATION:

EPA's Data Management and Analytics Platform (DMAP) is designed to help users better understand environmental data by allowing them to visualize them in graphics, like maps and pie charts, and combine them together across data systems. DMAP is available to EPA agency employees and partners who have a mission-based need to access the data therein. DMAP users maintain control over the workspaces created for them and may use the system to develop analytic products as needed to support mission needs. DMAP is populated by data from other EPA systems as well as data purchased under commercial license. EPA intends to expand DMAP to include personally identifiable information already collected by the EPA from these sources.

SYSTEM NAME AND NUMBER:

Data Management and Analytics Platform (DMAP), EPA-97.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

The system is managed by the Office of Mission Support, Environmental Protection Agency, 1301 Constitution Ave. NW, Washington, DC 20460. Electronically stored information is hosted at Amazon Web Services US East (Northern Virginia).

SYSTEM MANAGER(S):

Shane Knipschild, Program Analyst, 1301 Constitution Avenue NW Washington, DC 20460, 202-566-2712, Knipschild.shane@epa.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

44 U.S.C. 3506, Federal Agency Responsibilities; 5 U.S.C. 301, Departmental Regulations; 40 U.S.C. 1401, the Clinger-Cohen Act; and 44 U.S.C. 3541 et seq., Federal Information Security Modernization Act of 2014; Public Law 107-347.

PURPOSE(S) OF THE SYSTEM:

The purpose of this system is to provide EPA staff and partners with a platform to access and analyze data sets collected from other EPA managed systems and purchased commercial sources. DMAP allows EPA staff and contractors to combine these data in analytic views such as maps and dashboards. EPA intends to use DMAP for administrative purposes, such as provision of information technology services in EPA facilities and to use DMAP in support of its programmatic activities, such as to facilitate other statistical analysis of the data across the source systems.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The categories of individuals on whom records will be maintained include federal employees, contractors and members of the public.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records maintained in the system will include contact email, contact extension, contact name, and contact phone number, property owner name, property address and coordinate location information.

RECORD SOURCE CATEGORIES:

The categories of sources of the records in the system include data from internal EPA systems, such as ServiceNow (EPA-78) and Emergency Response (EPA-74) as well as data purchased under commercial license.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

The routine uses below are both related to and compatible with the original purpose for which the information was collected. The following general routine uses apply to this system ( 86 FR 62527): A, D, E, F, G, H, I, J, K, L, M.

Additional routine uses that apply to this system are:

1. Records may be disclosed to federal, state, local, and tribal authorities in conformity with federal, state, local, and tribal laws when necessary to protect the environment or public health or safety, including carrying out an investigation or response.

2. In case of emergency, EPA may share information with members of the public to assure protection of the environment or public health and safety.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

These records are maintained electronically via EPA-managed cloud-based storage services. The cloud storage services are located at Amazon Web Services East (Northern Virginia), and are managed by Office of Mission Support, Office of Information Management, Information Access and Analysis Division. Backup files will be maintained according to EPA backup protocols as documented in FISMA compliant DMAP system security plan. Digital records are maintained in a secure password protected environment and are encrypted. Access to digital records is limited to those who have a need to know. Permission level assignments will allow users access only to those functions for which they are authorized. All records are maintained in encrypted formats and in restricted folders.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Personal information will be retrieved by contact name, contact email, contact extension, contact phone number, or address.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

DMAP follows the EPA Records Policy for retention and disposal, per schedule 1012 (Information and Technology Management) and schedule 1049 (Information Access and Protection Records). https://www.epa.gov/​records/​epa-records-policy-and-guidance.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Security controls used to protect personal sensitive data in DMAP are commensurate with those required for an information system rated MODERATE for confidentiality, integrity, and availability, as prescribed in National Institute of Standards and Technology (NIST) Special Publication, 800-53, “Security and Privacy Controls for Information Systems and Organizations,” Revision 5.

1. Administrative Safeguards: Those accessing the DMAP system are required to complete annual privacy and security trainings. Background checks and PIV cards are required for system administrators.

2. Technical Safeguards: Information is maintained in a secure username/password protected environment. Permission-level assignments allow users access only to those functions for which they are authorized. Audit logs are reviewed on a monthly basis to identify system access outside of normal business hours, anomalous user accounts or server names, or login failures. No external access to DMAP is Start Printed Page 66694 available without formal onboarding through system administrators.

3. Physical Safeguards: Access to all information and hardware is maintained in a secure, access-controlled facility managed under conditions specified in EPA's AWS cloud provider agreement.

RECORD ACCESS PROCEDURES:

All requests for access to personal records should cite the Privacy Act of 1974 and reference the type of request being made ( i.e., access). Requests must include: (1) the name and signature of the individual making the request; (2) the name of the Privacy Act system of records to which the request relates; (3) a statement whether a personal inspection of the records or a copy of them by mail is desired; and (4) proof of identity. A full description of EPA's Privacy Act procedures for requesting access to records is included in EPA's Privacy Act regulations at 40 CFR part 16.

CONTESTING RECORD PROCEDURES:

Requests for correction or amendment must include: (1) the name and signature of the individual making the request; (2) the name of the Privacy Act system of records to which the request relates; (3) a description of the information sought to be corrected or amended and the specific reasons for the correction or amendment; and (4) proof of identity. A full description of EPA's Privacy Act procedures for the correction or amendment of a record is included in EPA's Privacy Act regulations at 40 CFR part 16.

NOTIFICATION PROCEDURES:

Individuals who wish to be informed whether a Privacy Act system of records maintained by EPA contains any record pertaining to them, should make a written request to the EPA, Attn: Agency Privacy Officer, MC 2831T, 1200 Pennsylvania Ave. NW, Washington, DC 20460, or by email at: privacy@epa.gov. A full description of EPA's Privacy Act procedures is included in EPA's Privacy Act regulations at 40 CFR part 16.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.