AGENCY:

Recovery Accountability and Transparency Board.

ACTION:

Notice of new Privacy Act systems of records.

SUMMARY:

The Recovery Accountability and Transparency Board (Board) proposes two new systems of records subject to the Privacy Act of 1974, as amended (Privacy Act or the Act), entitled “FederalReporting.gov Section 1512 Data System” (1512 Data System) and “FederalReporting.gov Recipient Registration System” (FRRS). The 1512 Data System will contain information on recipients of funding from the American Recovery and Reinvestment Act, Public Law 111-5 (Recovery Act). Under section 1512 of the Recovery Act, as well as implementing guidance promulgated by the Office of Management and Budget (OMB), recipients are required to report certain data elements relating to their receipt of funds. The 1512 Data System will include data collected from recipients reporting data pursuant to the Recovery Act, and that data will then flow to and be posted publicly on the Web site Recovery.gov, which was also established by the Recovery Act. The FRRS will contain information on individuals who have registered and established accounts to access FederalReporting.gov, the Board's Web-based inbound reporting system. The information maintained by the FRRS includes the first name, last name, phone number, extension, agency code (for individuals associated with a Federal agency), and DUNS number. This information is used to retrieve additional recipient organizational information from the Central Contractor Registry (CCR), Federal Procurement Data System (FPDS), and Dun and Bradstreet database systems. This information will be used to protect and manage access to the individual's account on FederalReporting.gov. In this notice, the Board provides the required information on the systems of records.

ADDRESSES:

Comments may be submitted:

By Mail or Hand Delivery: Jennifer Dure, Office of General Counsel, Recovery Accountability and Transparency Board, 1717 Pennsylvania Avenue, NW., Suite 700, Washington, DC 20006;

By Fax: (202) 254-7970; or

By E-mail to the Board: comments@ratb.gov.

All comments on the proposed new systems of records should be clearly identified as such.

FOR FURTHER INFORMATION CONTACT:

Jennifer Dure, General Counsel, Recovery Accountability and Transparency Board, 1717 Pennsylvania Avenue, NW., Suite 700, Washington, DC 20006, (202) 254-7900.

SUPPLEMENTARY INFORMATION:

Title 5 U.S.C. 552a(e)(4) and (11) provide that the public be given a 30-day period in which to comment on any new routine use of a system of records. OMB, which has oversight responsibilities under the Act, requires a 40-day period in which to conclude its review of the new systems. Therefore, please submit any comments by September 21, 2009.

In accordance with 5 U.S.C. 552a(r), the Board has provided a report to OMB and the Congress on the proposed systems of records.

Recovery Accountability and Transparency Board

Table of Contents

RATB-9—FederalReporting.gov Section 1512 Data System.

RATB-10—FederalReporting.gov Recipient Registration System.

RATB-9

SYSTEM NAME:

FederalReporting.gov Section 1512 Data System (1512 Data System).

SECURITY CLASSIFICATION:

None.

SYSTEM LOCATION:

The principal management entity for the system is the Recovery Accountability and Transparency Board, located at 1717 Pennsylvania Avenue, NW., Suite 700, Washington, DC 20006. The physical location for the system will be the CGI Phoenix Data Center, located at 10007 South 51st Street, Phoenix, AZ 85044. The system will be operated at this facility.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system contains records that all recipients of Recovery funds, as defined by section 1512(b)(1) of the Recovery Act, are required to report. This system includes information on individuals who are sole proprietors.

CATEGORIES OF RECORDS IN THE SYSTEM:

This system contains records described in OMB's June 22, 2009, Implementing Guidance for the Reports on Use of Funds Pursuant to the American Recovery and Reinvestment Act of 2009. The record description in this document includes data on prime recipients, subrecipients, and vendors receiving funding under the Recovery Act. The system will also store other system-generated data such as the recipient's report submission date and time and other identifiers for internal tracking.

AUTHORITY FOR MAINTENANCE OF SYSTEM:

The Recovery Act was enacted on February 17, 2009, in order to make supplemental appropriations for job preservation and creation, infrastructure investment, energy efficiency and science, assistance to the unemployed, and State and local fiscal stabilization.

PURPOSE(S):

FederalReporting.gov is the Board's inbound Recovery reporting solution. Recipients of Recovery funds are required to disclose certain information, which must then be posted on the public-facing Web site, Recovery.gov. The purpose of collecting this information is to provide the public with information as to how the government spends money, and also to assist with the prevention of fraud, waste, and mismanagement of Recovery funds.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

1512 Data System records will be used to collect information about recipients' use of Recovery funds, as well as to populate the public-facing Web site Recovery.gov. The records may Start Printed Page 40156also be used for auditing or other internal purpose of the Board, including but not limited to: investigation of possible fraud, waste, abuse, and mismanagement of Recovery funds; litigation purposes related to information reported to the Board; and contacting the recipient in the event of a system modification or change to FederalReporting.gov, including the data elements required to be reported.

The Board may disclose information contained in a record in this system of records under the routine uses listed in this notice without the consent of the recipient if the disclosure is compatible with the purposes for which the record was collected.

The general routine uses for the Board's 1512 Data System records are listed as follows:

A. As set forth above, and pursuant to the Recovery Act, 1512 Data System records will be used to collect information about recipients' use of Recovery funds, as well as to populate the public-facing Web site Recovery.gov, where disclosure of the specified data elements will be made to the public.

B. Information may be disclosed to the appropriate Federal, State, local, or Tribal agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order, if the information is relevant to a violation or potential violation of civil or criminal law or regulation within the jurisdiction of the receiving entity.

C. Disclosure may be made to a Federal, State, local, or Tribal or other public authority of the fact that this system of records contains information relevant to the retention of an employee, the retention of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit. That entity, authority or licensing organization may then make a request supported by the written consent of the individual for the entire record if it so chooses.

D. Information may be disclosed to a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of the individual.

E. Information may be disclosed to the Department of Justice (DOJ), or in a proceeding before a court, adjudicative body, or other administrative body before which the Board is authorized to appear, when:

1. The Board, or any component thereof; or

2. Any employee of the Board in his or her official capacity; or

3. Any employee of the Board in his or her individual capacity where the DOJ or the Board has agreed to represent the employee; or

4. The United States, if the Board determines that litigation is likely to affect the Board or any of its components, is a party to litigation or has an interest in such litigation, and the use of such records by the DOJ or the Board is deemed by the Board to be relevant and necessary to the litigation, provided, however, that in each case it has been determined that the disclosure is compatible with the purpose for which the records were collected.

F. Information may be disclosed to the National Archives and Records Administration in records management inspections.

G. Information may be disclosed to contractors, grantees, consultants, or volunteers performing or working on a contract, service, grant, cooperative agreement, job, or other activity for the Board and who have a need to have access to the information in the performance of their duties or activities for the Board.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE:

The 1512 Data System records will be stored in digital format on a digital storage device. Long-term 1512 Data System records will be stored on magnetic tape format. All record storage procedures are in accordance with current applicable regulations.

RETRIEVABILITY:

Records are retrievable by database management systems software designed to retrieve recipient reporting elements based upon role-based user access privileges.

SAFEGUARDS:

The Board has minimized the risk of unauthorized access to the system by establishing a secure environment for exchanging electronic information. Physical access uses a defense in-depth approach restricting access at each layer closest to where the actual system resides. The entire complex is patrolled by security during non-business hours. Physical access to the data system housed within the facility is controlled by a computerized badge-reading system. Multiple levels of security are maintained via dual factor authentication for access using biometrics. The computer system offers a high degree of resistance to tampering and circumvention. This system limits data access to Board and contract staff on a need-to-know basis, and controls individuals' ability to access and alter records within the system. All users of the system of records are given a unique user identification (ID) with personal identifiers. All interactions between the system and the authorized individual users are recorded.

RETENTION AND DISPOSAL:

The Board will retain and dispose of these records in accordance with National Archives and Records Administration General Records Schedule 20, Item 1.c. This schedule provides disposal authorization for electronic files and hard copy printouts created to monitor system usage, including but not limited to log-in files, audit trail files, system usage files, and cost-back files used to access charges for system use. Records will be deleted or destroyed when the Board determines they are no longer needed for administrative, legal, audit, or other program purposes.

SYSTEM MANAGER AND ADDRESS:

Michael Wood, Recovery Accountability and Transparency Board, 1717 Pennsylvania Avenue, NW., Suite 700, Washington, DC 20006.

NOTIFICATION PROCEDURE:

Any individual who wants to know whether this system of records contains a record about him or her, who wants access to his or her record, or who wants to contest the contents of a record should make a written request to the system manager.

RECORD ACCESS PROCEDURES:

A request for record access shall follow the directions described under Notification Procedure and will be addressed to the system manager at the address listed above.

CONTESTING RECORDS PROCEDURES:

If you wish to contest a record in the system of records, contact the system manager and identify the record to be changed, identify the corrective action sought, and provide a written justification.

RECORD SOURCE CATEGORIES:

Information is obtained from individuals who have had or seek to have their identity authenticated except that a password and a username are explicitly self-assigned by the user registering to gain access to the 1512 Data System.

RATB-10

SYSTEM NAME:

FederalReporting.gov Recipient Registration System (FRRS).

SECURITY CLASSIFICATION:

None.Start Printed Page 40157

SYSTEM LOCATION:

The principal management entity for the FRRS system is the Recovery Accountability and Transparency Board, located at 1717 Pennsylvania Avenue, NW., Suite 700, Washington, DC 20006. The physical location for the system will be the CGI Phoenix Data Center, located at 10007 South 51st Street, Phoenix, AZ 85044. The system will be operated at this facility.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

This system contains records on all individuals that have either attempted to register or have registered to obtain an account to use FederalReporting.gov to report recipient data elements related to Recovery funds.

CATEGORIES OF RECORDS IN THE SYSTEM:

This system contains records including individual's name, self-assigned user name and security question, work address and related contact information (e.g., phone and fax numbers, e-mail address), organizational point of contact, and related contact information. The individual registering for FederalReporting.gov will generate a self-assigned password that will be stored on the FRRS, but will only be accessible to the registering individual. The system will also store other system-generated data such as the registration date, time, and other identifiers for internal tracking. Upon assignment of the password and ID code, the user may subsequently access FederalReporting.gov by entering these data.

AUTHORITY FOR MAINTENANCE OF SYSTEM:

The Recovery Act was enacted on February 17, 2009, in order to make supplemental appropriations for job preservation and creation, infrastructure investment, energy efficiency and science, assistance to the unemployed, and State and local fiscal stabilization.

PURPOSE(S):

FederalReporting.gov is the Board's inbound Recovery reporting solution. Recipients of Recovery funds are required to disclose certain information, which must then be posted on the public-facing Web site, Recovery.gov. The purpose of collecting this information is to provide the public with information as to how the government spends money, and also to assist with the prevention of fraud, waste, and mismanagement of Recovery funds. FRRS was developed to protect the Board and FederalReporting.gov users from individuals seeking to gain unauthorized access to user accounts on FederalReporting.gov. FederalReporting.gov is the sole source for reporting Recovery Act information.

The information contained in records maintained in the FRRS is used for the purposes of verifying the identity of the individual, allowing individual users to establish an account on FederalReporting.gov, providing individual users access to their FederalReporting.gov account for reporting data, allowing individual users to customize, update or terminate their account with FederalReporting.gov, renewing or revoking an individual user's account on FederalReporting.gov, supporting the FederalReporting.gov help desk functions, investigating possible fraud and verifying compliance with program regulations, and initiating legal action against an individual involved in program fraud, abuse, or noncompliance. The information is also used to provide authenticated protected access to FederalReporting.gov, thereby protecting FederalReporting.gov and FederalReporting.gov users from potential harm caused by individuals with malicious intentions gaining unauthorized access to the system.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

FRRS records will be used to facilitate registering FederalReporting.gov system users, issuing a username and password, and subsequently, verifying an individual's identity as he/she seeks to gain routine access to his/her account. In some cases, the organizational point of contact has the ability to deny access or reporting privileges for the organization, based on the registration information provided by the user. The system has secondary uses that include: using the established username to facilitate tracking service calls or e-mails from the user in the event that there is a change in registration status or a problem the user has with FederalReporting.gov; facilitating the retrieval of user actions (e.g., historical submissions and help tickets) and events while on the FederalReporting.gov system. The records may also be subsequently used for auditing or other internal purpose of the Board, including but not limited to: Instances where enforcement of the conditions of using FederalReporting.gov are necessary; investigation of possible fraud involving a registered user; litigation purposes related to information reported to the Board; contacting the individual in the event of a system modification; a change to FederalReporting.gov; or modification, revocation or termination of user's access privileges to FederalReporting.gov.

The Board may disclose information contained in a record in this system of records under the routine uses listed in this notice without the consent of the individual if the disclosure is compatible with the purposes for which the record was collected.

The general routine uses for the Board's FRRS are listed as follows:

A. Information may be disclosed to the appropriate Federal, State, local, or Tribal agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order, if the information is relevant to a violation or potential violation of civil or criminal law or regulation within the jurisdiction of the receiving entity.

B. Disclosure may be made to a Federal, State, local, or Tribal or other public authority of the fact that this system of records contains information relevant to the retention of an employee, the retention of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit. That entity, authority or licensing organization may then make a request supported by the written consent of the individual for the entire record if it so chooses.

C. Information may be disclosed to a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of the individual.

D. Information may be disclosed to the Department of Justice (DOJ), or in a proceeding before a court, adjudicative body, or other administrative body before which the Board is authorized to appear, when:

1. The Board, or any component thereof; or

2. Any employee of the Board in his or her official capacity; or

3. Any employee of the Board in his or her individual capacity where the DOJ or the Board has agreed to represent the employee; or

4. The United States, if the Board determines that litigation is likely to affect the Board or any of its components, is a party to litigation or has an interest in such litigation, and the use of such records by the DOJ or the Board is deemed by the Board to be relevant and necessary to the litigation, provided, however, that in each case it has been determined that the disclosure is compatible with the purpose for which the records were collected.

E. Information may be disclosed to the National Archives and Records Start Printed Page 40158Administration in records management inspections.

F. Information may be disclosed to contractors, grantees, consultants, or volunteers performing or working on a contract, service, grant, cooperative agreement, job, or other activity for the Board and who have a need to have access to the information in the performance of their duties or activities for the Board.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

The FRRS records will be stored in digital format on a digital storage device. Long-term FRRS Data System records will be stored on magnetic tape format. All record storage procedures are in accordance with current applicable regulations.

RETRIEVABILITY:

Records are retrievable by database management systems software designed to retrieve FRRS elements based upon role-based user access privileges. Records are retrievable by the FRRS user name.

SAFEGUARDS:

The Board has minimized the risk of unauthorized access to the system by establishing a secure environment for exchanging electronic information. Physical access uses a defense in-depth approach restricting access at each layer closest to where the actual system resides. The entire complex is patrolled by security during non-business hours. Physical access to the data system housed within the facility is controlled by a computerized badge reading system. Multiple levels of security are maintained via dual factor authentication for access using biometrics. The computer system offers a high degree of resistance to tampering and circumvention. This system limits data access to Board and contract staff on a need-to-know basis, and controls individuals' ability to access and alter records within the system. All users of the system of records are given a unique user identification (ID) with personal identifiers. All interactions between the system and the authorized individual users are recorded.

RETENTION AND DISPOSAL:

The Board will retain and dispose of these records in accordance with National Archives and Records Administration General Records Schedule 20, Item 1.c. This schedule provides disposal authorization for electronic files and hard copy printouts created to monitor system usage, including but not limited to log-in files, audit trail files, system usage files, and cost-back files used to access charges for system use. Records will be deleted or destroyed when the Board determines they are no longer needed for administrative, legal, audit, or other program purposes.

SYSTEM MANAGERS AND ADDRESS:

Michael Wood, Recovery Accountability and Transparency Board, 1717 Pennsylvania Avenue, NW., Suite 700, Washington, DC 20006.

NOTIFICATION PROCEDURE:

Any individual who wants to know whether this system of records contains a record about him or her, who wants access to his or her record, or who wants to contest the contents of a record should make a written request to the system manager.

RECORD ACCESS PROCEDURES:

A request for record access shall follow the directions described under Notification Procedure and will be addressed to the system manager at the address listed above.

CONTESTING RECORDS PROCEDURES:

If you wish to contest a record in the system of records, contact the system manager and identify the record to be changed, identify the corrective action sought, and provide a written justification.

RECORD SOURCE CATEGORIES:

Information is obtained from individuals who have had or seek to have their identity authenticated except that a password and a username are explicitly self-assigned by the user registering to gain access to FederalReporting.gov.