AGENCY:

Office of Security, Facilities and Logistics, Office of Finance and Operations, U.S. Department of Education.

ACTION:

Notice of a new system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, as amended (Privacy Act), the U.S. Department of Education (Department) publishes this notice of a new system of records entitled “Emergency Notification System (ENS)” (18–03–06). The Emergency Notification System (ENS) provides a notification system for the Department's internal Continuity of Operations (COOP) and Pandemic plans, as well as day-to-day emergency management efforts. ENS provides real-time notifications to Department employees during an emergency event. ENS also gives Department employees the ability to access and modify their own personal information and preferences via a self-service portal, and system administrators the ability to generate reports to verify the status of the aforementioned emergency alerts.

DATES:

Submit your comments on this new system of records notice on or before May 3, 2023.

This new system of records notice will become applicable upon publication in the Federal Register on April 3, 2023, unless it needs to be changed as a result of public comment. The routine uses outlined in the section titled “ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES” will become effective on the expiration of the 30-day period of public comment on May 3, 2023, unless they need to be changed as a result of public comment. The Department will publish any significant changes to the system of records or routine uses resulting from public comment.

ADDRESSES:

Comments must be submitted via the Federal eRulemaking Portal at www.regulations.gov. However, if you require an accommodation or cannot otherwise submit your comments via www.regulations.gov, please contact the program contact person listed under FOR FURTHER INFORMATION CONTACT . The Department will not accept comments submitted by fax or by email, or comments submitted after the comment period closes. To ensure that the Department does not receive duplicate copies, please submit your comments only once. In addition, please include the Docket ID at the top of your comments.

• Federal eRulemaking Portal: Go to www.regulations.gov to submit your comments electronically. Information on using www.regulations.gov, including instructions for accessing agency documents, submitting comments, and viewing the docket, is available on the site under the “help” tab.

Privacy Note: The Department's policy is to make all comments received from members of the public available for public viewing in their entirety on the Federal eRulemaking Portal at www.regulations.gov. Therefore, commenters should be careful to include in their comments only information that they wish to make publicly available.

Assistance to Individuals with Disabilities in Reviewing the Rulemaking Record: On request we will provide an appropriate accommodation or auxiliary aid to an individual with a disability who needs assistance to review the comments or other documents in the public rulemaking record for this notice. If you want to schedule an appointment for this type of accommodation or auxiliary aid, please contact the person listed under FOR FURTHER INFORMATION CONTACT .

FOR FURTHER INFORMATION CONTACT:

Lisa Senecal, Information System Owner, Office of Security, Facilities and Logistics, Office of Finance and Operations, U.S. Department of Education, 400 Maryland Avenue SW, Room 224–50, Washington, DC 20202–6110. Telephone: (202) 205–8123. Email: lisa.senecal@ed.gov.

SUPPLEMENTARY INFORMATION:

Introduction

In support of the Department's COOP, Devolution, Pandemic, and Reconstitution Plans, as well as day-to-day emergency management efforts, the ENS provides the Department an emergency alert tool to communicate, via real-time notifications, pertinent information to Department employees during emergencies ( e.g., severe weather events). More specifically, the ENS sends a mass message to the email addresses and phone numbers associated with Department employees located in the emergency's area. Depending on the alert type, the system can also solicit a response from recipients to verify their status during an emergency. In addition, the system can generate reports regarding the Start Printed Page 19632 responses received, which system administrators can monitor in real time. System administrators can also generate reports on whom alerts were sent to and when these alerts were sent.

ENS consists of two components: a desktop application accessed by all users and a browser-based web application accessed by system administrators. Once ENS is deployed, the desktop application will be installed on all Government Furnished Equipment (GFE) computers but will only be accessible to current Department employees.

Accessible Format: On request to the program contact person listed under FOR FURTHER INFORMATION CONTACT , individuals with disabilities can obtain this document in an accessible format. The Department will provide the requestor with an accessible format that may include Rich Text Format (RTF) or text format (txt), a thumb drive, an MP3 file, braille, large print, audiotape, compact disc, or other accessible format.

Electronic Access to This Document: The official version of this document is the document published in the Federal Register . You may access the official edition of the Federal Register and the Code of Federal Regulations at www.govinfo.gov. At this site you can view this document, as well as all other documents of this Department published in the Federal Register , in text or Portable Document Format (PDF). To use PDF, you must have Adobe Acrobat Reader, which is available free at the site.

You may also access documents of the Department published in the Federal Register by using the article search feature at www.federalregister.gov. Specifically, through the advanced search feature at this site, you can limit your search to documents published by the Department.

For the reasons discussed in the preamble, the Acting Assistant Secretary for the Office of Finance and Operations of the U.S. Department of Education (Department) publishes a notice of a new system of records to read as follows:

SYSTEM NAME AND NUMBER:

Emergency Notification System (ENS) (18–03–06).

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

U.S. Department of Education, Office of Security, Facilities and Logistics, Office of Finance and Operations, 400 Maryland Avenue SW, Washington, DC 20202–6110.

BlackBerry, 2988 Campus Drive, Suite 200, San Mateo, CA 94403. Blackberry hosts the infrastructure that supports the ENS applications, as a Software-as-a-Service, including backend application processing and data hosting.

SYSTEM MANAGER(S):

Lisa Senecal, Information System Owner, Office of Security, Facilities and Logistics, Office of Finance and Operations, U.S. Department of Education, 400 Maryland Avenue SW, Room 224–50, Washington, DC 20202–6110.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

Presidential Policy Directive 40, National Continuity Policy (July 15, 2016), Federal Continuity Directive 1, Federal Executive Branch National Continuity Program and Requirements (January 17, 2017), and Executive Order 13618 (July 6, 2012), as amended by Executive Order 13961 (December 7, 2020).

PURPOSE(S) OF THE SYSTEM:

The purposes of the ENS are to store and maintain emergency contact information for current Department employees:

(1) To maintain and implement emergency plans, including Continuity of Operations and facility evacuation plans; and

(2) To notify, locate, and mobilize individuals as necessary during emergency or other threatening situations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Current Department employees.

CATEGORIES OF RECORDS IN THE SYSTEM:

The categories of records in the system are comprised of the primary contact information for current Department employees, such as their first name, last name, business phone number, business email address, and business location, and, where provided by current Department employees on a voluntarily basis, their alternate contact information, such as their personal email address and personal phone number.

RECORD SOURCE CATEGORIES:

Current Department employees, and the Department Active Directory System.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

The Department may disclose information contained in a record in this system of records under the routine uses listed in this system of records without the consent of the individual if the disclosure is compatible with the purposes for which the record was collected. The Department may make these disclosures on a case-by-case basis or, if the Department has complied with the computer matching requirements of the Privacy Act of 1974, as amended (Privacy Act) (5 U.S.C. 552a), under a computer matching agreement.

(1) Congressional Member Disclosure. The Department may disclose the records of an individual to a member of Congress or the member's staff when necessary to respond to an inquiry from the member made at the written request of and on behalf of the individual. The member's right to the information is no greater than the right of the individual who requested it.

(2) Enforcement Disclosure. In the event that information in this system of records indicates, either on its face or in connection with other information, a violation or potential violation of any applicable statute, regulation, or order of a competent authority, the Department may disclose the relevant records to the appropriate agency, whether Federal, State, Tribal, or local, charged with the responsibility of investigating or prosecuting that violation or charged with enforcing or implementing the statute, Executive Order, rule, regulation, or order issued pursuant thereto.

(3) Litigation and Alternative Dispute Resolution (ADR) Disclosure.

(a) Introduction. In the event that one of the following parties listed in sub-paragraphs (i) through (v) of this routine use is involved in judicial or administrative litigation or ADR, or has an interest in judicial or administrative litigation or ADR, the Department may disclose certain records from this system of records to the parties described in paragraphs (b), (c), and (d) of this routine use under the conditions specified in those paragraphs:

(i) The Department or any of its components;

(ii) Any Department employee in their official capacity;

(iii) Any Department employee in their individual capacity where the U.S. Department of Justice (DOJ) has been requested to or has agreed to provide or arrange for representation of the employee;

(iv) Any Department employee in their individual capacity when the Start Printed Page 19633 Department has agreed to represent the employee; and

(v) The United States, where the Department determines that the litigation is likely to affect the Department or any of its components.

(b) Disclosure to DOJ. If the Department determines that disclosure of certain records to DOJ is relevant and necessary to judicial or administrative litigation or ADR, the Department may disclose those records as a routine use to DOJ.

(c) Adjudicative Disclosure. If the Department determines that it is relevant and necessary to judicial or administrative litigation or ADR to disclose certain records from this system of records to an adjudicative body before which the Department is authorized to appear or to a person or an entity designated by the Department or otherwise empowered to resolve or mediate disputes, the Department may disclose those records as a routine use to the adjudicative body, person, or entity.

(d) Disclosure to Parties, Counsel, Representatives, and Witnesses. If the Department determines that disclosure of certain records to a party, counsel, representative, or witness is relevant and necessary to judicial or administrative litigation or ADR, the Department may disclose those records as a routine use to the party, counsel, representative, or witness.

(4) Freedom of Information Act (FOIA) and Privacy Act Advice Disclosure. The Department may disclose records to DOJ or the Office of Management and Budget (OMB) if the Department concludes that disclosure is desirable or necessary in determining whether particular records are required to be disclosed under the FOIA or the Privacy Act.

(5) Disclosure to DOJ. The Department may disclose records to DOJ to the extent necessary for obtaining DOJ advice on any matter relevant to an audit, inspection, or other inquiry related to the programs covered by this system.

(6) Contract Disclosure. If the Department contracts with an entity to perform any function that requires disclosing records in this system to employees of the contractor, the Department may disclose the records to those employees. As part of such contract, the Department shall require the contractor to agree to establish and maintain safeguards to protect the security and confidentiality of the disclosed records.

(7) Employee Grievance, Complaint, or Conduct Disclosure. If a record is relevant and necessary to a grievance, complaint, or disciplinary proceeding involving a present or former employee of the Department, the Department may disclose the record during investigation, fact-finding, or adjudication to any party to the grievance, complaint, or action; to the party's counsel or representative; to a witness; or to a designated factfinder, mediator, or other person designated to resolve issues or decide the matter.

(8) Labor Organization Disclosure. The Department may disclose a record to an arbitrator to resolve disputes under a negotiated grievance procedure or to officials of a labor organization recognized under 5 U.S.C. chapter 71 when relevant and necessary to their duties of exclusive representation.

(9) Employment, Benefit, and Contracting Disclosure.

(a) For Decisions by the Department. The Department may disclose a record from this system of records to a Federal, State, Tribal, or local agency, or to another public agency or professional organization, maintaining civil, criminal, or other relevant enforcement or other pertinent records, if necessary to obtain information relevant to a Department decision concerning the hiring or retention of an employee or other personnel action, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit.

(b) For Decisions by Other Public Agencies and Professional Organizations. The Department may disclose a record to a Federal, State, Tribal, local, or other public agency or professional organization, in connection with the hiring or retention of an employee or other personnel action, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit, to the extent that the record is relevant and necessary to the receiving entity's decision on the matter.

(10) Disclosure in the Course of Responding to a Breach of Data. The Department may disclose records from this system of records to appropriate agencies, entities, and persons when (a) the Department suspects or has confirmed that there has been a breach of the system of records; (b) the Department has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Department (including its information systems, programs, and operations), the Federal government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(11) Disclosure in Assisting Another Agency in Responding to a Breach of Data. The Department may disclose records from this system of records to another Federal agency or Federal entity, when the Department determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (a) responding to a suspected or confirmed breach, or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

(12) Disclosure to National Archives and Records Administration (NARA). The Department may disclose records from this system of records to NARA for the purpose of records management inspections conducted under authority of 44 U.S.C. 2904 and 2906.

POLICIES AND PRACTICES FOR STORAGE OR RECORDS:

Records are stored on an encrypted system within a secured and controlled environment.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved by an employee's name only for administrative purposes to include associating a Department employee to a specific region or building to receive tailored alerts for their geographic area.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The records in this system of records will be retained and disposed of in accordance with NARA General Records Schedule 5.3, Item 020.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

A vendor that is Federal Risk and Authorization Management Program (FedRAMP) certified hosts the ENS system outside the Department's network. The Department access and uses this system as a Software as a Service (SaaS) and requires the vendor to complete routine testing of its environment to ensure the confidentially, integrity, and availability of the information in the system and services provided. The Cloud Service Provider enforces security controls over the physical facility where the system is hosted in adherence with FedRAMP standards and provides continuous monitoring reports to the Department. Start Printed Page 19634

The ENS system utilizes role-based authentication to ensure only authorized users can access information, and they can only access the information needed to perform their duties. Authentication to the system is permitted only over secure, encrypted connections.

RECORD ACCESS PROCEDURES:

If you wish to request access to records regarding you in this system of records, contact the system manager at the address listed under SYSTEM MANAGER. You must provide necessary particulars such as your full name, address, and telephone number, and any other identifying information requested by the Department while processing the request to distinguish between individuals with the same name. Your request must meet the requirements of the Department's Privacy Act regulations in 34 CFR 5b.5, including proof of identity.

CONTESTING RECORD PROCEDURES:

If you wish to contest the content of a record regarding you in this system of records, contact the system manager at the address listed under SYSTEM MANAGER. You must provide your full name, address, and telephone number, and any other identifying information requested by the Department to distinguish between individuals with the same name. Your request must also identify the particular record within the system that you wish to have changed, state whether you seek an addition to or a deletion or substitution of the record, and explain the reasons why you wish to have the record changed. Your request must meet the requirements of the Department's Privacy Act regulations in 34 CFR 5b.7.

NOTIFICATION PROCEDURES:

If you wish to determine whether a record exists regarding you in this system of records, contact the system manager at the address listed under SYSTEM MANAGER. You must provide your full name, address, and telephone number, and any other identifying information requested by the Department while processing the request to distinguish between individuals with the same name. Your request must meet the requirements of the Department's Privacy Act regulations in 34 CFR 5b.5, including proof of identity.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.