AGENCY:

General Services Administration.

ACTION:

Notice of a modified system of records.

SUMMARY:

GSA reviews its Privacy Act systems to ensure that they are relevant, necessary, accurate, up-to-date, and covered by the appropriate legal or regulatory authority. This notice is an updated Privacy Act system of records notice.

DATES:

This system of records will go into effect without further notice on March 15, 2024 unless otherwise revised pursuant to comments received.

ADDRESSES:

Comments may be submitted to the Federal eRulemaking Portal, http://www.regulations.gov. Submit comments by searching for GSA/FSS–13, Personal Property Sales Program. Comments may also be submitted by mail at, General Services Administration, Regulatory Secretariat Division (MVCB), 1800 F Street NW, Washington, DC 20405.

FOR FURTHER INFORMATION CONTACT:

Call or email Richard Speidel, Chief Privacy Officer, at 202–969–5830 and gsa.privacyact@gsa.gov.

SUPPLEMENTARY INFORMATION:

GSA proposes to modify a system of records subject to the Privacy Act of 1974, 5 U.S.C. 552a, to update its routine uses pertaining to breach notification and to coordinate with the Office of the Inspector General when conducting an audit. GSA is also making technical changes to GSA/FSS–13 consistent with OMB Circular No. A–108. Accordingly, GSA has made technical corrections and non-substantive language revisions to the following sections: “Policies and Practices for Storage of Records,” “Policies and Practices for Retrieval of Records,” “Policies and Practices for Retention and Disposal of Records,” “Administrative, Technical and Physical Safeguards,” “Record Access Procedures,” “Contesting Record Procedures,” and “Notification Procedures”. GSA has also created the following new sections: “Security Classification” and “History.”

SYSTEM NAME:

Personal Property Sales Program.

SYSTEM NUMBER:

GSA/FSS–13.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

GSA Federal Acquisition Service (FAS) is the owner and is responsible for the system. The system is hosted, operated, and maintained by contractors. Records are maintained in an electronic form on a Software as a Service (SaaS) platform, within the United States. Contact the system manager for additional information.

SYSTEM MANAGER(S):

Narendra Rao Namana, Director of Personal Property and Travel Transportation Division, Office of GSA IT, General Services Administration, 1800 F Street NW, Washington, DC 20405.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

40 U.S.C. 121(c) and 40 U.S.C. 541, et seq.

PURPOSE(S) OF THE SYSTEM:

To establish and maintain a system of records for conducting public sales of Federal personal property by GSA.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The system will include those individuals who request to be added to GSA bidders mailing lists, register to bid on GSA sales, and/or enter into contracts to buy Federal personal property at sales conducted by GSA.

CATEGORIES OF RECORDS IN THE SYSTEM:

The system contains information needed to identify potential and actual bidders and awardees, and transaction information involving personal property sales. System records include:

a. Personal information provided by bidders and buyers, including, but not limited to, names, phone numbers, addresses, Social Security Numbers, birth dates and credit card numbers or other banking information; and

b. Contract information on Federal personal property sales, including whether payment was received, the form of the payment, notices of default, and contract claim information.

RECORD SOURCE CATEGORIES:

Information is provided by individuals who wish to participate in the GSA personal property sales program, and system transactions designed to gather and maintain data and to manage and evaluate the Federal personal property disposal program.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

a. In any criminal, civil, or administrative legal proceeding, where pertinent, to which GSA, a GSA employee, or the United States or other entity of the United States Government is a party before a court or administrative body.

b. To an appeal, grievance, hearing, or complaints examiner; an equal employment opportunity investigator, arbitrator, or mediator; and/or an exclusive representative or other person authorized to investigate or settle a grievance, complaint, or appeal filed by an individual who is the subject of the record.

c. To a Federal agency, State, local, Tribal or other public authority in connection with the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation, the letting of a contract, or the issuance of a grant, license, or other benefit to the extent that the information is relevant and necessary to a decision.

d. To the Office of Personnel Management (OPM), the Office of Management and Budget (OMB), or the Government Accountability Office (GAO) when the information is required for program evaluation purposes.

e. To a Member of Congress or his or her staff on behalf of and at the request of the individual who is the subject of the record.

f. To an expert, consultant, or contractor of GSA in the performance of a Federal duty related to the contract or appointment to which the information is relevant.

g. To the GSA Office of Finance for debt collection purposes (see GSA/PPFM–7).

h. To the National Archives and Records Administration (NARA) for records management purposes.

i. To appropriate agencies, entities, and persons when (1) The Agency suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) the Agency has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by GSA or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with GSA's efforts to respond to the suspected or confirmed Start Printed Page 11278 compromise and prevent, minimize, or remedy such harm.

j. To a Federal, State, local, or Tribal agency responsible for investigating, prosecuting, enforcing, or carrying out a statute, rule, regulation, or order when GSA becomes aware of a violation or potential violation of civil or criminal law or regulation; or to an agency, individual or organization, if there is reason to believe that such agency, individual or organization possesses information or is responsible for acquiring information relating to the investigation, trial or hearing, and the dissemination is reasonably necessary to elicit such information or to obtain the cooperation of a witness or an informant.

k. To the Office of Management and Budget (OMB) when necessary to the review of private relief legislation pursuant to OMB Circular No. A–19.

l. To designated agency personnel for controlled access to specific records for the purpose of performing authorized audit or oversight functions.

m. To another Federal agency or Federal entity, when GSA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

n. To agencies, to compare such records to other agencies' systems of records or to non-Federal records, in coordination with an Office of Inspector General (OIG) in conducting an audit, investigation, inspection, evaluation, or some other review as authorized by the Inspector General Act.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

All records are stored electronically in a database. Information is encrypted in transit and at rest.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrievable by a personal identifier or by other appropriate type of designation approved by GSA.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Content in this system will be disposed according to the following GSA schedule:

137.3/021 Personal Property Case Files And Summary Reports. This series describes those records created when accounting for individual instances of managing the evaluation, processing, sale, and transfer of excess and personal property. Included are personal property sales case files (containing routine documents associated with the above-listed activities), excess and personal property catalogs, bulletins, and lists, utilization surveys, donation case files, reserve excess property files, rehabilitated property stock listings and reports, and related records.

Retention Instructions: Temporary. Cut off at the end of the fiscal year when the property case file or transaction is completed and the final payment is received. Destroy 6 fiscal years after cutoff. Longer retention is authorized if needed for business reference purposes, but no longer than 10 fiscal years after cutoff.

Legal Disposition Authority: DAA–0137–2015–0001–0010 (137.3/021)

Approved by NARA: 4/5/2018.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records in the system are protected from unauthorized access and misuse through a combination of administrative, technical and physical security measures. Administrative measures include but are not limited to policies that limit system access to individuals within an agency with a legitimate business need, and regular review of security procedures and best practices to enhance security. Technical measures include but are not limited to system design that allows authorized system users access only to data for which they are responsible; required use of strong passwords that are frequently changed; and use of encryption for certain data transfers. Physical security measures include but are not limited to the use of data centers which meet government requirements for storage of sensitive data.

RECORD ACCESS PROCEDURES:

If an individual wishes to access any data or record pertaining to him or her in the system after it has been submitted, that individual should consult the GSA's Privacy Act implementation rules available at 41 CFR part 105–64.2.

CONTESTING RECORD PROCEDURES:

If an individual wishes to contest the content of any record pertaining to him or her in the system after it has been submitted, that individual should consult the GSA's Privacy Act implementation rules available at 41 CFR part 105–64.4.

NOTIFICATION PROCEDURES:

If an individual wishes to be notified at his or her request if the system contains a record pertaining to him or her after it has been submitted, that individual should consult the GSA's Privacy Act implementation rules available at 41 CFR part 105–64.4.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None

HISTORY:

This system was previously published in the Federal Register at 73 FR 18637, 7–22–11.