AGENCY:

Merit Systems Protection Board.

ACTION:

Notice of a new system of records.

SUMMARY:

In accordance with the Privacy Act of 1974, the U.S. Merit Systems Protection Board (MSPB) proposes to establish a new system of records titled “MSPB–4, Emergency Alert System.” This system of records includes information that MSPB collects, maintains, and uses for operational response to critical events to ensure the safety and security of MSPB personnel and physical locations, as well as to keep MSPB personnel up to date on emergencies that may impact MSPB personnel and operations, such as active shooter situations, terrorist attacks, or severe weather conditions.

DATES:

Please submit comments on or before October 2, 2023. This new system is effective upon publication in today's Federal Register , with the exception of the routine uses, which are effective October 2, 2023.

ADDRESSES:

You may submit written comments to the Office of the Clerk of the Board by email to privacy@mspb.gov or by mail to Clerk of the Board, U.S. Merit Systems Protection Board, 1615 M Street NW, Washington, DC 20419. All comments must reference “MSPB–4, Emergency Alert System SORN.” Regardless of the method used for submitting comments or material, all submissions will be posted, without change, to MSPB's website ( https://www.mspb.gov) and will include any personal information you provide, such as your name, address, phone number, email address, or any other personally identifying information in your comment or materials. Therefore, any submissions will be made public and without change.

FOR FURTHER INFORMATION CONTACT:

For general questions or privacy issues, please contact: D. Fon Muttamara, Chief Privacy Officer, Office of the Clerk of the Board, 1615 M Street NW, Washington, DC 20419; (202) 653–7200; privacy@mspb.gov. Please include “MSPB–4 Emergency Alert System” with your question(s).

SUPPLEMENTARY INFORMATION:

In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the MSPB proposes to establish a new system of records titled “MSPB–4, Emergency Alert System.” MSPB's Office of Financial and Administrative Management (FAM) is responsible for, among other things, the security of personnel and physical locations. This system of records includes information that MSPB collects, maintains, and uses for operational response to critical events to ensure the safety and security of MSPB personnel and physical locations, as well as to keep MSPB personnel up to date on emergencies that may impact MSPB personnel and operations, such as active shooter situations, terrorist attacks, or severe weather conditions.

The Privacy Act embodies fair information practice principles in a statutory framework governing how Federal agencies collect, maintain, use, and disseminate individuals' records. The Privacy Act applies to records about individuals that are maintained in a “system of records.” A system of records is a group of records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. The Privacy Act defines an individual as a United States citizen or lawful permanent resident. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of MSPB by complying with MSPB Privacy Act regulations at 5 CFR part 1205, and following the procedures outlined in the Records Access, Contesting Record, and Notification Procedures sections of this notice. The Privacy Act requires each agency to publish in the Federal Register a description denoting the existence and character of each system of records that the agency maintains and the routine uses of each system. The new “Emergency Alert System” System of Records Notice is published in its entirety below. In accordance with the Privacy Act, 5 U.S.C. 552a(r), and OMB Circular A–108, “Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act” (Dec. 2016), MSPB has submitted a report of a new system of records to the Office of Management and Budget and Congress.

SYSTEM NAME AND NUMBER:

MSPB–4, Emergency Alert System.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Records are maintained by the Office of Financial and Administrative Management, U.S. Merit Systems Protection Board, 1615 M Street NW, Washington, DC 20419. Records may be located in locked cabinets and offices, on MSPB's local area network, or in designated U.S. data centers for cloud service providers certified by the Federal Risk and Authorization Management Program or FedRAMP.

SYSTEM MANAGER(S):

Kevin Nash, Director of the Office of Financial and Administrative Management, U.S. Merit Systems Protection Board, 1615 M Street NW, Washington, DC 20419, kevin.nash@mspb.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 1204; Federal Continuity Directive (FCD) 1, Federal Executive Branch National Continuity Program and Requirements, January 17, 2017; FCD 2, Federal Executive Branch Mission Essential Functions and Candidate Primary Mission Essential Functions Identification and Submission Process, June 13, 2017; Directive on National Continuity Policy (National Security Presidential Directive 51/Homeland Security Presidential Directive 20), May 4, 2007.

PURPOSE(S) OF THE SYSTEM:

The purpose of this system of records is to allow MSPB to collect and maintain records of employees who receive emergency alerts.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Current and former employees of MSPB.

CATEGORIES OF RECORDS IN THE SYSTEM:

1. MSPB employee name;

2. MSPB email addresses;

3. MSPB-assigned office phone numbers;

4. MSPB-issued mobile device numbers;

5. Personal email addresses (if provided);

6. Personal home phone numbers (if provided); and Start Printed Page 60242

7. Personal mobile device numbers (if provided).

RECORD SOURCE CATEGORIES:

Information contained in this system is obtained from MSPB's Office of Information Resources Management (IRM). IRM will provide a .csv file to FAM, the .csv file will contain MSPB employee email addresses and MSPB-assigned office phone numbers (and extensions if applicable) from MSPB's Microsoft Active Directory, as well as MSPB-issued mobile device numbers. FAM will then provide the file to Everbridge (the emergency alert system vendor) through MSPB's secure file sharing system, Box.com. As new hires onboard at MSPB, FAM will manually enter the required PII into the Everbridge system. Additionally, FAM will manually delete the PII of departing employees 30 days from departure. Employees may voluntarily provide personal contact information, which FAM will add to the information maintained in Everbridge for those employees.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside MSPB as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

a. To the Department of Justice (DOJ), including Offices of the U.S. Attorneys; or another Federal agency conducting litigation or in proceedings before any court, adjudicative, or administrative body; another party or potential party or the party's or potential party's authorized representative in litigation before a court, adjudicative, or administrative body; or to a court, adjudicative, or administrative body. Such disclosure is permitted only when it is relevant or necessary to the litigation or proceeding, and one of the following is a party to the litigation or has an interest in such litigation:

(1) MSPB, or any component thereof;

(2) Any employee or former employee of MSPB in his or her official capacity;

(3) Any employee or former employee of MSPB in his or her individual capacity where DOJ or MSPB has agreed to represent the employee;

(4) The United States or a Federal agency in litigation before a court, adjudicative, or administrative body;

(5) A party, other than the United States or a Federal agency, in litigation before a court, adjudicative, or administrative body, upon the MSPB General Counsel's approval, pursuant to 5 CFR part 1216 or otherwise.

b. To the appropriate Federal, State, or local agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order, when a record, either on its face or in conjunction with other information, indicates or is relevant to a violation or potential violation of civil or criminal law or regulation.

c. To a member of Congress or the White House from the record of an individual in response to an inquiry made at the request of the individual to whom the record pertains.

d. To the National Archives and Records Administration (NARA) in records management inspections conducted under the authority of 44 U.S.C. 2904 and 2906.

e. To appropriate agencies, entities, and persons when (1) MSPB suspects or has confirmed that there has been a breach of the system of records; (2) MSPB has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, MSPB (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with MSPB's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

f. To another Federal agency or Federal entity, when MSPB determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

g. To contractors, grantees, experts, consultants, or volunteers performing or working on a contract, service, grant, cooperative agreement, or other assignment for MSPB when MSPB determines that it is necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to MSPB employees.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

The records in this system of records are stored electronically on an MSPB vendor's system(s) to facilitate the administration of the alerts. Access is limited to a small number of authorized personnel at MSPB and at MSPB's vendor.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records may be retrieved by name or other unique personal identifier.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

The records maintained in this system of records are subject to NARA General Records Schedule 5.4. Records of departing employees will be removed from the system by FAM 30 days after departure from MSPB. The information will be removed from the Everbridge servers after 30 days once the contract is completed.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records in the system are protected from unauthorized access and misuse through various administrative and technical security measures, such as role-based access controls, mandatory security and privacy training, encryption, and multi-factor authentication.

RECORD ACCESS PROCEDURES:

Individuals seeking notification of and access to their records in this system of records may submit a request in writing to the Office of the Clerk of the Board, Merit Systems Protection Board, 1615 M Street NW, Washington, DC 20419. Individuals requesting access must comply with MSPB's Privacy Act regulations regarding verification of identity and access to records (5 CFR part 1205).

CONTESTING RECORD PROCEDURES:

Individuals may request that records about them be amended by writing to the Office of the Clerk of the Board, Merit Systems Protection Board, 1615 M Street NW, Washington, DC 20419. Individuals requesting amendment must follow MSPB's Privacy Act regulations regarding verification of identity and amendment to records (5 CFR part 1205).

NOTIFICATION PROCEDURES:

See Record Access Procedures above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None. Start Printed Page 60243

HISTORY:

None.