AGENCY:

Food and Nutrition Service (FNS), USDA.

ACTION:

Notice of a new system of record.

SUMMARY:

Pursuant to the provisions of the Privacy Act of 1974, and Office of Management and Budget (OMB) Circular No. A–108, notice is given that the Food and Nutrition Service (FNS) of the U.S. Department of Agriculture (USDA) is proposing to add a new system of records, entitled USDA/FNS–13, Mercury (“Mercury”), which is a Consumer Off the Shelf (COTS) workflow system designed to automate the correspondence tracking and management process within FNS. It will be used by the Supplemental Nutrition Assistance Program (SNAP), Child Nutrition Program (CNP), the Supplemental Nutrition and Safety Program (SNAS), and Regional Operations and Compliance (ROC).

DATES:

This notice is effective upon publication, subject to a 30-day notice and comment period in which to comment on the routine uses described below. Comments, if any, must be submitted by October 18, 2023.

ADDRESSES:

You may submit comments by one of the following methods:

• Federal eRulemaking Portal: http://www.regulations.gov provides the ability to type short comments directly into the comment field on this web page or attach a file for lengthier comments. Follow the online instructions at that site for submitting comments.

• By Mail:

○ SNAP: Laura Griffin, Senior Policy Advisor, SNAP, USDA/Food and Nutrition Service, Braddock Metro Center II, 1320 Braddock Place, Alexandria, VA 22314.

○ SNAS: Clarissa Brown, SNAS Special Assistant, SNAS, USDA/Food and Nutrition Service, Braddock Metro Center II, 1320 Braddock Place, Alexandria, VA 22314.

○ CNP: Shawn Martin, CNP Special Assistant—USDA/Child Nutrition, Food and Nutrition Service, 1320 Braddock Place, Alexandria, VA 22314.

○ ROC: Andrew Furbee, Director, ROC, USDA/Food and Nutrition Service, Braddock Metro Center II, 1320 Braddock Place, Alexandria, VA 22314.

• By Email:

○ SNAP: Laura.Griffin@usda.gov.

○ SNAS: Clarissa.Brown@usda.gov.

○ CNP: Shawn.Martin@usda.gov.

○ ROC: Andrew.Furbee@usda.gov.

• Instructions: All comment submissions received must include the agency name and docket number for this rulemaking. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.

• Docket: For access to the docket to read background documents or comments received go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

For general questions please contact the FNS Privacy Officer via telephone at (703) 305–1627, Danaeka Wilkes at (703) 305–2874 or via email at Privacy-FNS@usda.gov.

SUPPLEMENTARY INFORMATION:

Background

The Food and Nutrition Service (FNS) receives hundreds of pieces of correspondence each year from Congress, program partners, and the general public regarding the interpretation of legislation for the delivery of FNS nutrition programs or for general information about access to the nutrition programs. Each piece of correspondence is responded to with information about one or more of the 15 nutrition assistance programs administered by the agency, and each one is tracked to ensure it is answered accurately and timely and that all necessary reviews are complete before it is signed and sent to the correspondent.

Mercury is a customized Salesforce solution to automate the intake, review, response writing, review, and approval of these correspondences for program offices within the FNS. The program offices currently supported are the Supplemental Nutrition Assistance Program (SNAP); Child Nutrition Programs (CN); the Supplemental Nutrition and Safety Program (SNAS), and Retailer Operations & Compliance (ROC).

Mercury provides a replacement for a legacy Mercury Correspondence Management application that was built upon SharePoint 2007 and Web Components. The legacy SharePoint platform was decommissioned by FNS shortly after new Mercury went live on April 12, 2021.

Privacy Act

The Privacy Act of 1974 (the Privacy Act), 5 U.S.C. 552a, embodies fair information principles in a statutory framework governing the means by which the United States Government collects, maintains, uses, and disseminates personally identifiable information. The Privacy Act applies to information that is maintained in a system of records. A system of records is a group of any records under the control of an agency for which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. In the Privacy Act, an individual is defined to encompass United States citizens and legal permanent residents.

The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains, the routine uses that are contained in each system in order to make agency record keeping practices transparent, to notify individuals regarding the uses to which personally identifiable information is put, and to assist individuals to more easily find such files within the agency.

In accordance with 5 U.S.C. 552a(r), USDA has provided a report of this new system to the Office of Management and Budget and to Congress.

SYSTEM NAME AND NUMBER:

USDA/FNS–13, Mercury

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Mercury is maintained in Gov Cloud, a cloud infrastructure environment that is used only by Federal employees and FNS contractors. There are no users external to FNS. The Digital Service Center (DSC) and FNS Office of Information Technology (OIT) manage and administer the Salesforce application and organization. Mercury does not support any external-facing or publicly accessible website or interface. The data is processed and stored solely within the continental United States. The agency, US Department of Agriculture Food and Nutrition Service (FNS), address is 1320 Braddock Place, Alexandria, VA 22314 and the address of the third-party service provider is Salesforce, The Landmark at One Market, San Francisco, CA 94105.

SYSTEM MANAGER(S):

FNS OIT Project Manager: Kathleen McKillen (OIT)— kathleen.mckillen@usda.gov. Mailing Address: USDA/Food Nutrition Service, 1320 Braddock Place, Alexandria, VA 22314.

Business/Program Contacts:

Laura Griffin (SNAP)— Laura.Griffin@usda.gov —SNAP Business Representative.

Clarissa Brown (SNAS)— Clarissa.Brown@usda.gov —SNAS Business Representative. Start Printed Page 63931

Kiley Larson (SNAS)— Kiley.Larson@usda.gov —SNAS Business Representative.

Shawn Martin (CNP)— Shawn.Martin@usda.gov —CNP Business Representative.

Andrew Furbee (ROC)— Andrew.Furbee@usda.gov —ROC Business Representative.

Mailing Address for all Business/Program Contacts: USDA/Food Nutrition Service, Braddock Metro Center II, 1320 Braddock Place, Alexandria, VA 22314.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

7 CFR 2.97 (1) and § 210.3 (a) and USDA Departmental Regulation 3060–01.

PURPOSE(S) OF THE SYSTEM:

Mercury provides FNS the ability to track the writing, editing, and approval of correspondence documents through an established set of business processes. Primarily these documents are responses to inbound correspondence from the public or Congress, but the documents can also be internally focused documents such as memos or reports. The combination of the inbound correspondence, FNS's response, and approval history is referred to in Mercury as a work package. The business processes of a work package differ based on various characteristics such as the document type, the originator of a correspondence, or other factors. Mercury supports a variety of writing and review processes that enables an FNS user to quickly identify the status and approval history of a work package. This ensures timely and accurate responses.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Categories of individuals covered by this system include any entity that has submitted correspondence to FNS, including the general public, external partners such as state agencies that operate nutrition assistance programs, advocacy organizations or members of congress.

CATEGORIES OF RECORDS IN THE SYSTEM:

The following are the Categories of Records for Mercury: correspondence (letters or emails) sent from individuals (recipients), partner organizations, congressional letters, congressional report requests, FNS internal sources, and other correspondence requiring USDA response. Personally identifiable information (PII) stored in the system is identified as first name, last name, and work email of internal USDA employees (Users), and external USDA partners and contractors (Contacts). Also, first name, last name, physical address, and email of individuals (recipients), partner organizations, and the general public who correspond with FNS via letters and emails.

RECORD SOURCE CATEGORIES:

The source of information stored in Mercury includes correspondence (letters or emails) sent from individuals (general public), external partners such as state agencies that operate nutrition assistance programs, advocacy organizations, or members of congress. FNS initiated documents such as memos, guidance, or similar materials are also a category source.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed to authorized entities, as is determined to be relevant and necessary, outside USDA as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

(1) To the Department of Justice when: (a) USDA or any component thereof; or (b) any employee of USDA in his or her official capacity, or any employee of the agency in his or her individual capacity where the Department of Justice has agreed to represent the employee; or (c) the United States Government, is a party to litigation or has an interest in such litigation, and USDA determines that the records are both relevant and necessary to the litigation and the use of such records by the Department of Justice is deemed by USDA to be for a purpose that is compatible with the purpose for which USDA collected the records.

(2) In an appropriate proceeding before a court, grand jury, or administrative or adjudicative body or official, when the USDA or other Agency representing the USDA determines that the records are both relevant and necessary to the proceeding; or in an appropriate proceeding before an administrative or adjudicative body when the adjudicator determines the records to be relevant to the proceeding.

(3) To a congressional office in response to an inquiry from that congressional office made at the written request of the individual about whom the record pertains.

(4) To the National Archives and Records Administration or other Federal government agencies pursuant to records management activities being conducted under 44 U.S.C. 2904 and 2906.

(5) To an agency, organization, or individual for the purpose of performing audit or oversight operations as authorized by law, but only such information as is necessary and relevant to such audit or oversight function.

(6) To other Federal agencies or non-Federal entities under approved computer matching efforts, limited to only those data elements considered relevant to determine eligibility under particular benefit programs administered by those agencies or entities or by USDA or any component thereof, to improve program integrity, and to collect debts and other monies owed under those programs.

(7) To another Federal agency or Federal entity, when information from this system of records is reasonably necessary to assist the recipient agency or entity in: (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

(8) To appropriate agencies, entities, and persons when: (1) USDA suspects or has confirmed that there has been a breach of the system of records; (2) USDA has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, USDA (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with USDA's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

(9) To contractors and their agents, grantees, experts, consultants, and other performing or working on a contract, service, grant, cooperative agreement, or other assignment for the USDA, when necessary to accomplish an agency function related to this system of records.

(10) When a record on its face, or in conjunction with other records, indicates a violation or potential violation of law, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or order issued pursuant thereto, USDA may disclose the record to the appropriate agency, whether Federal, foreign, State, local, or tribal, or other Start Printed Page 63932 public authority responsible for enforcing, investigating, or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto, if the information disclosed is relevant to any enforcement, regulatory, investigative or prosecutive responsibility of the receiving entity.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

The Mercury application is hosted in GovCloud, a cloud infrastructure environment. These records are electronic.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

The user's permission level will dictate what records they can retrieve. All users of Mercury are FNS employees or contractors working on FNS computers. Each user of Mercury will be assigned specific permissions in the platform based on the role they take in the business process as a Process Manager, Writer, or Reviewer.

The Process Managers, who orchestrate most of the business process, have the ability to create, edit, and move work packages through all stages of the process. This allows Process Managers to ensure the response is delivered in a timely manner and gives them the ability to overcome any roadblocks as needed. Process Managers have the ability to mark work packages as Delivered or Canceled as needed to indicate completion. Persons designated by the Associate Administrators have the same permissions as Process Managers, allowing them to act not only as a reviewer of a draft, but allows them to step into the Process Manager role to fill in if needed.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Mercury will retain and dispose of records in accordance with the following NARA-approved records schedule file code(s) and disposition authorities:

(1) FNS–22 Controlled Correspondence Files Correspondence, memoranda, reports, and other records related to congressional inquiries and other correspondence sent to the secretary of Agriculture which is controlled by Secretary's records. Includes memoranda and correspondence about various FNS programs signed by the Administrator, Assistance Secretaries, or the Secretary of Agriculture. Disposition Authority: NC1–462–79–2. Disposition: Washington Office: Permanent. Transfer to FRC when 5 years old, Offer to NARA when 10 years old. Other Offices: Temporary. Destroy when 1 year old.

(2) FRS 5.1–20 Non-recordkeeping copies of electronic records- Non-recordkeeping copies of electronic records agencies maintain in email systems, computer hard drives or networks, web servers, or other locations after agencies copy the records to a recordkeeping system or otherwise preserve the recordkeeping version.

Disposition Authority: DAA–GRS2016–00160002. Disposition: Temporary. Destroy immediately after copying to a recordkeeping system or otherwise preserving.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

USDA safeguards records in this system according to applicable rules and policies, including all applicable USDA automated systems security and access policies. USDA has imposed strict controls to minimize the risk of compromising the information that is being stored. Access to the computer system containing the records in this system is limited to those individuals who have a need to know the information for the performance of their official duties and who have appropriate clearances or permissions.

Mercury utilizes a robust collection of technical safeguards to ensure the integrity of the platform. Mercury is hosted in secure server environment that uses a firewall to prevent interference or access from outside intruders. When accessing Mercury, Secure Socket Layer (SSL) technology protects the user's information by using both server authentication and data encryption. Users will only access Mercury by USDA eAuthentication through Personal Identity Verification (PIV) Card and Personal Identification Number (PIN) entry. Mercury administrators will have a suite of security tools that can be used to increase the security of the system. From a physical security standpoint, the servers that host Mercury are fed ramped certified and managed by the USDA's Digital Services Center (DSC). The DSC is responsible for ensuring strict physical access control procedures are in place to prevent unauthorized access. Salesforce is contractually obligated to provide data backups and disaster recovery, and the DSC provides oversight of the contractor.

RECORD ACCESS PROCEDURES:

Individuals seeking notification of and access to any record contained in this system of records, or seeking to contest its content, may submit a request in writing to the component's FOIA Officer, whose contact information can be found at http://www.da.usda.gov/​foia_​agency_​pocs.htm. If an individual believes more than one component maintains Privacy Act records concerning him or her, the individual may submit the request to the Chief FOIA Officer, Department of Agriculture, 1400 Independence Avenue SW, Washington, DC 20250.

When seeking records about yourself from this system of records or any other Departmental system of records, your request must conform with the Privacy Act regulations set forth in 7 CFR 1.112. You must submit a written request in accordance with the instructions set forth in the system of records. The request should include the name of the individual making the request, the name of the system of records, any other information specified in the system notice, and when the request is one for access, a statement of whether the requester desires to make a personal inspection of the records or by supplied with copies by mail or email.

You must also include with your request sufficient data for FNS to verify your identity. If the sensitivity of the records warrants it, FNS may require that you submit a signed, notarized statement indicating that you are the individual to whom the records pertain and stipulating that you understand that knowingly or willfully seeking or obtaining access to records about another individual under false pretenses is a misdemeanor punishable by fine up to $5,000. No identification shall be required, however, if the records are required by 5 U.S.C. 552 to be released. If FNS determines to grant the requested access, fees may be charged in accordance with 7 CFR part 1, subpart G, 1.120 before making the necessary copies. In place of a notarization, your signature may be submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization.

CONTESTING RECORD PROCEDURES:

Individuals desiring to contest or amend information maintained in the system should direct their requests to the System Manager listed above. The request should identify each particular record in question, state the amendment or correction desired, and state why the individual believes that the record is not accurate, relevant, timely, or complete. The individual may submit any documentation that would be helpful. If the individual believes that the same record is in more than one system of records, the request should state that and be addressed to each component that maintains a system of records Start Printed Page 63933 containing the record. This request must follow the procedures set forth in 7 CFR part 1, subpart G, 1.116 (Request for correction or amendment to record).

NOTIFICATION PROCEDURES:

Individuals seeking notification of and access to any record contained in this system of records or seeking to contest its content, may submit a request in writing to the component's FOIA Officer, Kevin Lynch, whose contact information is: Kevin Lynch, FOIA Officer, USDA/Food and Nutrition Service, Braddock Metro Center II, 1320 Braddock Place, Alexandria, VA 22314, email: FOIA-FNS@usda.gov, phone: 703–305–2155. If an individual believes more than one component maintains Privacy Act records concerning him or her the individual may submit the request to the Chief FOIA Officer, Department of Agriculture, 1400 Independence Avenue SW, Washington, DC 20250.

When seeking records about yourself from this system of records or any other Departmental system of records your request must conform with the Privacy Act regulations set forth in 6CFR part 5. You must first verify your identity, meaning that you must provide your full name, current address, and date and place of birth. You must sign your request, and your signature must either be notarized or submitted under 28 U.S.C. 1746, a law that permits statements to be made under penalty of perjury as a substitute for notarization. In addition you should provide the following: (1) An explanation of why you believe the Department would have information on you; (2) identify which component(s) of the Department you believe may have the information about you; (3) specify when you believe the records would have been created; (4) provide any other information that will help the FOIA staff determine which USDA component agency may have responsive records; (5) if your request is seeking records pertaining to another living individual, you must include a statement from that individual certifying his or her agreement for you to access his or her records.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.