SUPPLEMENTARY INFORMATION:

GSA proposes to establish a system of records subject to the Privacy Act of 1974, 5 U.S.C. 552a, to manage the personal information provided by visitors to GSA properties in connection with scheduled events.

SYSTEM NAME AND NUMBER:

Events Management System, GSA/PBS-9.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Records are maintained in an electronic form on a Software as a Service (SaaS) platform under contract to GSA.

SYSTEM MANAGER(S):

Regional Fine Arts Officer, National Capital Region, Public Buildings Service, General Services Administration, 1800 F Street NW, Washington, DC 20405.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The E-Government Act of 2002 (Pub. L. 107-347, 44 U.S.C. 3601 n.); The Paperwork Reduction Act of 1995 (Pub. L. 104-13, 44 U.S.C. 3501).

PURPOSE(S) OF THE SYSTEM:

The purpose of the system is to collect information about event attendees that can be used to access virtual events or federal government properties for in-person events. This information is only used for a single event and then archived in accordance with the appropriate records retention schedule.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

The system of records includes members of the public who register to attend an event held by GSA (in-person or virtual). The system also includes federal employees of other agencies, federal contractors, or others who may register for an event.

CATEGORIES OF RECORDS IN THE SYSTEM:

Name, email address, affiliation, minor status, and country of citizenship. After registration, individuals may be asked if accommodations are necessary and individuals may disclose additional information in order to obtain such accommodations. As this is a free response, individuals provide what information they believe is necessary to obtain accommodations.

RECORD SOURCE CATEGORIES:

The source for information in the system is the individuals who provide this information or their representative.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed to authorized entities, as is determined to be relevant and necessary, outside GSA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

a. In any legal proceeding, where pertinent, to which GSA, a GSA employee, or the United States is a party before a court or administrative body.

b. To a Federal, State, local, or foreign agency responsible for investigating, prosecuting, enforcing, or carrying out a statute, rule, regulation, or order when GSA becomes aware of a violation or potential violation of civil or criminal law or regulation.

c. To an appeal, grievance, hearing, or complaints examiner; an equal employment opportunity investigator, arbitrator, or mediator; and an exclusive representative or other person authorized to investigate or settle a grievance, complaint, or appeal filed by an individual who is the subject of the record.

d. To the Office of Personnel Management (OPM), the Office of Management and Budget (OMB), and the Government Accountability Office (GAO) in accordance with their responsibilities for evaluating Federal programs.

e. To a Member of Congress or his or her staff on behalf of and at the request of the individual who is the subject of the record.

f. To an expert, consultant, or contractor of GSA in the performance of a Federal duty to which the information is relevant.

g. To the National Archives and Records Administration (NARA) for records management purposes.

h. In connection with any litigation or settlement discussions regarding claims by or against the GSA, including public filing with a court, to the extent that GSA determines the disclosure of the information is relevant and necessary to the litigation or discussions.

i. To appropriate agencies, entities, and persons when (1) GSA suspects or has confirmed that there has been a breach of the system of records, (2) GSA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, GSA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with GSA's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

j. To another Federal agency or Federal entity, when GSA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

k. To compare such records to other agencies' systems of records or to non-Federal records, in coordination with an OIG in conducting an audit, investigation, inspection, evaluation, or some other review as authorized by the IG Act.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

All records are stored electronically in a database. Information is encrypted in transit and at rest.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records can be retrieved by name or other personal identifier.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Records relating to events management will be retained for 6 years from the end of the fiscal year of the event in accordance with the NARA-approved GSA Records Schedule DAA-0269-2016-0007-0003—“Events Records”.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records in the system are protected from unauthorized access and misuse through a combination of administrative, technical and physical security measures. Administrative measures include but are not limited to policies that limit system access to individuals within an agency with a legitimate business need, and regular review of security procedures and best practices to enhance security. Technical measures include but are not limited to system design that allows authorized system users access only to data for which they are responsible; and use of encryption for certain data transfers. Physical security measures include but are not limited to the use of data centers which meet government requirements for storage of sensitive data.

RECORD ACCESS PROCEDURES:

If an individual wishes to access any data or record pertaining to him or her in the system after it has been submitted, that individual should consult the GSA's Privacy Act implementation rules available at 41 CFR part 105-64.2.

CONTESTING RECORD PROCEDURES:

If an individual wishes to contest the content of any record pertaining to him or her in the system after it has been submitted, that individual should consult the GSA's Privacy Act implementation rules available at 41 CFR part 105-64.4.

NOTIFICATION PROCEDURES:

If an individual wishes to be notified at his or her request if the system contains a record pertaining to him or her after it has been submitted, that individual should consult the GSA's Privacy Act implementation rules available at 41 CFR part 105-64.4.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.