AGENCY:

National Aeronautics and Space Administration (NASA).

ACTION:

Notice of a modified system of records.

SUMMARY:

In accordance with the requirements of the Privacy Act of 1974, the National Aeronautics and Space Administration (NASA) is providing public notice of modification to a previously announced system of records, Earth Observing System Data, and Information System (EOSDIS) User Information, NASA 10EUI. This notice incorporates locations and NASA Standard Routine Uses previously published separately from and cited by reference in this and other NASA systems of records notices. This notice also updates the name of the SORN; location and system manager information; records access, notification, and contesting procedures; categories of records and individuals; technical safeguards; and revises routine uses as set forth below under the caption SUPPLEMENTARY INFORMATION .

DATES:

Submit comments within 30 calendar days from the date of this publication. The changes will take effect at the end of that period if no adverse comments are received.

ADDRESSES:

Bill Edwards-Bodmer, Privacy Act Officer, Office of the Chief Information Officer, National Aeronautics and Space Administration Headquarters, Washington, DC 20546–0001, (757) 864–7998, NASA-PAOfficer@nasa.gov.

FOR FURTHER INFORMATION CONTACT:

NASA Privacy Act Officer, Bill Edwards-Bodmer, (757) 864–7998, NASA-PAOfficer@nasa.gov.

SUPPLEMENTARY INFORMATION:

The records in this system are used to establish user accounts that enable user notification of improved or altered data and services, as well as actual science data from the Earth Observing System Data and Information System (EOSDIS), most often via on-line mechanisms. This system notice includes minor revisions to NASA's existing system of records notice to bring its format into compliance with Office of Management and Budget (OMB) guidance and to update records access, notification, and contesting procedures consistent with NASA Privacy Act regulations. The SORN name is updated to align with NASA SORN naming conventions. It also includes the following substantial revisions: adds one new location to the System Location section, removes previous locations which are no longer in use and the corresponding subsystem managers from the System Manager section; adds data elements to the Categories of Records in the System; clarifies the Record Access, Contesting Record, and Notification Procedures; and updates the Technical Safeguards to reflect the use of cloud storage. It also incorporates information formerly published separately in the Federal Register as appendix A, Location Numbers and Mailing Addresses of NASA Installations at which Records are Located, and appendix B, Standard Routine Uses—NASA.

SYSTEM NAME AND NUMBER:

Earth Observing System Data and Information System (EOSDIS) User Information, NASA 10EUI.

SECURITY CLASSIFICATION:

None.

SYSTEM LOCATION:

Electronic records are maintained on secure NASA and NASA partner servers at:

• Goddard Space Flight Center (NASA), Greenbelt, MD 20771–0001. Electronic records will also be kept on NASA CIO-approved, commercial cloud resources provided by and located at:
• Amazon Web Services AWS-West, 410 Terry Avenue N, Seattle, WA 98109.

SYSTEM MANAGER(S):

System Manager: 423/Deputy Project Manager for Operations, ESDIS Project, Goddard Space Flight Center (NASA), Greenbelt, MD 20771–0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

51 U.S.C. 20113(a).

PURPOSE(S) OF THE SYSTEM:

These records are used to establish user accounts that enable user notification of improved or altered data and services, as well as actual science data from EOSDIS, most often via on-line mechanisms.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals from the (1) NASA, university, and research communities who request satellite data or other data products from any of the EOSDIS DAACs indicated above; (2) members of the general public who request satellite data or other data products from any of the EOSDIS DAACs indicated above; or (3) individuals who register to save their data search parameters for reuse in the future.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records in this system consist of information obtained from individual users to establish user accounts that enable user notification of improved or altered data and services, as well as actual science data from EOSDIS, most often via on-line mechanisms. Records include an individual's name, email address, organizational affiliation, study area, phone number, and country of residence.

RECORD SOURCE CATEGORIES:

The information is received directly from users needing to obtain or access NASA's Earth science data products.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSE OF SUCH USES:

Any disclosures of information will be compatible with the purpose for which the Agency collected the information. The records and information in these records may be disclosed:

1. To government contractors conducting OMB-approved annual user satisfaction surveys collecting user feedback for aggregating reports to OMB Start Printed Page 30170 and enabling NASA to improve its systems, processes, and services to the user community.

2. To the European Space Agency (ESA) in order to achieve ESA member nation awareness of the breadth of their scientific data use (including ESA scientific data hosted by NASA).

In addition, information may be disclosed under the following NASA Standard Routine Uses.

1. Law Enforcement —When a record on its face, or in conjunction with other information, indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or order, disclosure may be made to the appropriate agency, whether Federal, foreign, State, local, or tribal, or other public authority responsible for enforcing, investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order, if NASA determines by careful review that the records or information are both relevant and necessary to any enforcement, regulatory, investigative or prosecutive responsibility of the receiving entity.

2. Certain Disclosures to Other Agencies —A record from this SOR may be disclosed to a Federal, State, or local agency maintaining civil, criminal, or other relevant enforcement information or other pertinent information, such as current licenses, if necessary, to obtain information relevant to a NASA decision concerning the hiring or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit.

3. Certain Disclosures to Other Federal Agencies —A record from this SOR may be disclosed to a Federal agency, in response to its request, for a matter concerning the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.

4. Department of Justice —A record from this SOR may be disclosed to the Department of Justice when (a) NASA, or any component thereof; or (b) any employee of NASA in his or her official capacity; or (c) any employee of NASA in his or her individual capacity where the Department of Justice has agreed to represent the employee; or (d) the United States, where NASA determines that litigation is likely to affect NASA or any of its components, is a party to litigation or has an interest in such litigation, and by careful review, the use of such records by the Department of Justice is deemed by NASA to be relevant and necessary to the litigation.

5. Courts —A record from this SOR may be disclosed in an appropriate proceeding before a court, grand jury, or administrative or adjudicative body, when NASA determines that the records are relevant and necessary to the proceeding; or in an appropriate proceeding before an administrative or adjudicative body when the adjudicator determines the records to be relevant and necessary to the proceeding.

6. Response to an Actual or Suspected Compromise or Breach of Personally Identifiable Information —A record from this SOR may be disclosed to appropriate agencies, entities, and persons when (1) NASA suspects or has confirmed that there has been a breach of the system of records; (2) NASA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NASA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NASA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

7. Contractors —A record from this SOR may be disclosed to contractors, grantees, experts, consultants, students, volunteers, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal Government, when necessary to accomplish a NASA function related to this SOR. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to NASA employees.

8. Members of Congress —A record from this SOR may be disclosed to a Member of Congress or to a Congressional staff member in response to an inquiry of the Congressional office made at the written request of the constituent about whom the record is maintained.

9. Disclosures to Other Federal Agencies in Response to an Actual or Suspected Compromise or Breach of Personally Identifiable Information —A record from this SOR may be disclosed to another Federal agency or Federal entity, when NASA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

10. National Archives and Records Administration —A record from this SOR may be disclosed as a routine use to the officers and employees of the National Archives and Records Administration (NARA) pursuant to records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.

11. Audit —A record from this SOR may be disclosed to another agency, or organization for purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are stored electronically on secure servers.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

User account records are typically indexed and retrieved by user's name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The Earth Science Data and Information System (ESDIS) Project has a plan under configuration control according to which the original data are deleted in accordance with NASA Records Retention Schedule (NRRS) 2, Item 15A.3. The ESDIS Project and DAACs reauthorize specific users' information on an approved basis and user information is deleted when no longer needed in accordance with NRRS 2, Item 19A. Mailing lists containing user information are maintained in order to permit distribution of newsletters to users and are disposed of according to the NRRS 1, Item 88.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Electronic records are maintained on secure NASA servers and protected in accordance with all Federal standards and those established in NASA regulations at 14 CFR 1212.605. Approved security plans for each of the DAACs at NASA and contractor facilities have been established in accordance with the Federal Information Security Management Act of 2002 (FISMA) and OMB Circular A– Start Printed Page 30171 130, Management of Federal Information Resources. The aggregation of these plans constitutes the security plan for EOSDIS. Authorized individuals will have access to the system only in accordance with approved authentication methods. With the exception of the records of ESA scientific data users' information posted in accordance with Routine Use (2) above, all user information is protected according to NASA guidelines for managing sensitive information. The NASA SEWP–V Four Points Technology and Amazon Web Services maintain documentation and verification of commensurate safeguards in accordance with FISMA, NASA Procedural Requirements (NPR) 2810.1A, and NASA ITS–HBK–2810.02–05.

RECORD ACCESS PROCEDURES:

In accordance with 14 CFR part 1212, Privacy Act—NASA Regulations, information may be obtained by contacting in person or in writing the system or subsystem manager listed above at the location where the records are created and/or maintained. Requests must contain the identifying data concerning the requester, e.g., first, middle and last name; date of birth; description and time periods of the records desired. NASA Regulations also address contesting contents and appealing initial determinations regarding records access.

CONTESTING RECORD PROCEDURES:

In accordance with 14 CFR part 1212, Privacy Act—NASA Regulations, information may be obtained by contacting in person or in writing the system or subsystem manager listed above at the location where the records are created and/or maintained. Requests must contain the identifying data concerning the requester, e.g., first, middle and last name; date of birth; description and time periods of the records desired. NASA Regulations also address contesting contents and appealing initial determinations regarding records access.

NOTIFICATION PROCEDURES:

In accordance with 14 CFR part 1212, Privacy Act—NASA Regulations, information may be obtained by contacting in person or in writing the system or subsystem manager listed above at the location where the records are created and/or maintained. Requests must contain the identifying data concerning the requester, e.g., first, middle and last name; date of birth; description and time periods of the records desired. NASA Regulations also address contesting contents and appealing initial determinations regarding records access.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

(15–116, 80 FR 79949, pp. 79949–79950).

(12–100, 77 FR 69898, pp. 69898–69899).

(07–080, 72 FR 56388, pp. 56388–56391).