AGENCY:

Office of the Chief Information Officer, HUD.

ACTION:

Notification of an amendment to an existing System of Records, Employee Identification Files, HUD/Dept-71.

SUMMARY:

HUD is completely revising HUD/Dept-71 to implement Homeland Security Presidential Direction 12 (HSPD-12) policy for a common identification standard for Federal employees and contractors. All of the sections including the system name are revised to reflect the current information requirements for individuals and contractors who require ongoing access to HUD's facilities and information technology systems.

DATES:

Effective Date: This proposal shall become effective without further notice October 19, 2006 unless comments are received during or before this period which would result in a contrary determination.

Comments Due Date: October 19, 2006.

ADDRESSES:

Interested persons are invited to submit comments regarding this notice to the Rules Docket Clerk, Office of General Counsel, Department of Housing and Urban Development, 451 Seventh Street, SW., Room 10276, Washington, DC 20410-0500. Communications should refer to the above docket number and title. Facsimile (FAX) comments are not acceptable. A copy of each communication submitted will be available for public inspection and copying between 8 a.m. and 5 p.m. weekdays at the above address.

FOR FURTHER INFORMATION CONTACT:

Jeanette Smith, Departmental Privacy Act Officer, telephone number (202) 708-2374. [This is not a toll-free number.] A telecommunications device for hearing and speech-impaired persons (TTY) is available at (800) 877-8339 (Federal Information Relay Services). [This is a toll-free number.]

SUPPLEMENTARY INFORMATION:

The primary purposes of the system of records are:

(a) To ensure the safety and security of HUD facilities, systems, or information, and our occupants and users;

(b) To verify that all persons entering Federal facilities or using Federal information resources are authorized to do so;

(c) To track and control Personal Identity Verification (PIV) cards issued to persons entering and exiting the facilities, or using information systems.

Pursuant to the Privacy Act of 1974 (5 U.S.C. 552a), as amended, notice is given that HUD proposes to amend an existing Privacy System of Records, Employee Identification Files HUD/Dept-71.

Title 5 U.S.C. 552a(e)(4) and (11) provide that the public be afforded a 30-day period in which to comment on the new record system. The new system report was submitted to the Office of Management and Budget (OMB), the Senate Committee on Governmental Affairs, and the House Committee on Government Reform pursuant to paragraph 4c of Appendix 1 to OMB Circular No. A-130, “Federal Responsibilities for Maintaining Records About Individuals,” July 25, 1994 (59 FR 37914).

Accordingly, this notice amends HUD/Dept-71 system of records for the Office of Administration and accompanying routine uses to be submitted and accessed in the management of the Identity Management System by the Office of Administration.

Authority: 5 U.S.C. 552a; 88 Stat. 1896; 42 U.S.C. 3535(d).

DEPT/DEPT-71

System Name:

Identity Management System (IDMS).

System Location:

Data covered by this system are maintained at the following locations: U.S. Department of Housing and Urban Development (HUD), Office of Security and Emergency Planning (OSEP), 451 Seventh Street, SW., Washington, DC 20410. Some data covered by this system is at HUD Regional and Field Office locations, both Federal buildings and Federally-leased space, where staffed guard stations have been established in facilities that have installed the Personal Identity Verification (PIV) system, as well as the physical security office(s) or computer security offices of those locations.

Security Classification:

Most identity records are not classified. However, in some cases, records of a few individuals, or portions of some records, may potentially be classified in the interest of national security.

Categories Of Individuals Covered By The System:

Individuals (employees or contractors) who require regular, ongoing access to agency facilities, information technology systems, or information classified in the interest of national security, including applicants for employment or contracts, Federal employees, contractors, students, interns, volunteers, affiliates, and individuals formerly in any of these positions. The system also includes individuals authorized to perform or use services provided in HUD facilities (e.g., Credit Union, Fitness Center, etc.). The system does not apply to occasional visitors or short-term guests to whom HUD will issue temporary identification and credentials.

Categories Of Records In The System:

Records maintained on individuals issued credentials by HUD include the following data fields: Full name, Social Security number; date of birth; signature; image (photograph); fingerprints; hair color; eye color; height; weight; organization/office of assignment; company name (for contractors); telephone number; copy of background investigation form (Standard Form 85 or 85P or 86); PIV card issue and expiration dates; personal identification number (PIN) for the PIV Card; results of background investigation; PIV request form; PIV registrar approval signature; PIV card serial number; emergency responder designation; copies of documents used to verify identification or information derived from those documents (such as document title, document issuing authority, document number, document expiration date, document other information); level of national security clearance and expiration date; computer system user name; user access and permission rights, authentication certificates; and digital signature information.

Records maintained on PIV card holders entering HUD facilities or using HUD systems may include: Full name; PIV Card serial number; date, time, and location of entry; company name (for contractors); card expiration date; digital signature information; and computer networks/applications/data accessed.

Authority For Maintenance Of The System:

5 U.S.C. 301; Federal Information Security Act (Pub. L. 104-106, sec. 5113); Electronic Government Act (Pub. L. 104-347, sec. 203); the Paperwork Reduction Act of 1995 (44 U.S.C. 3501); Government Paperwork Elimination Act (Pub. L. 105-277, 44 U.S.C. 3504); Homeland Security Presidential Directive 12 (HSPD-12), Policy for a Common Identification Standard for Federal Employees and Contractors, August 27, 2004; and Federal Property and Administrative Act of 1949, as amended.

Purpose:

The primary purposes of the system of records are: (a) To ensure the safety and security of HUD facilities, systems, or information, and our occupants and users; (b) to verify that all persons entering Federal facilities or using Federal information resources are authorized to do so; (c) to track and control PIV cards issued to persons entering and exiting the facilities, or using information systems. Start Printed Page 54833

Routine Uses Of Records Maintained In The System Including Categories Of Users And The Purposes Of Such Uses:

Information about covered individuals may be disclosed without consent as permitted by the Privacy Act of 1974, 5 U.S.C. 552a(b), and:

(1) To the Department of Justice when:

(a) The agency or any component thereof; or

(b) Any employee of the agency in his or her official capacity;

(c) Any employee of the agency in his or her individual capacity where agency or the Department of Justice has agreed to represent the employee; or

(d) The United States Government, is a party to litigation or has an interest in such litigation, and by careful review, the agency determines that the records are both relevant and necessary to the litigation and the use of such records by DOJ is therefore deemed by the agency to be for a purpose compatible with the purpose for which the agency collected the records.

(2) To a court or adjudicative body in a proceeding when:

(a) The agency or any component thereof;

(b) Any employee of the agency in his or her official capacity;

(c) Any employee of the agency in his or her individual capacity where agency or the Department of Justice has agreed to represent the employee; or

(d) The United States Government, is a party to litigation or has an interest in such litigation, and by careful review, the agency determines that the records are both relevant and necessary to the litigation and the use of such records is therefore deemed by the agency to be for a purpose that is compatible with the purpose for which the agency collected the records.

(3) Except as noted on Forms SF 85, 85-P, and 86, when a record on its face, or in conjunction with other records, indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule, or order issued pursuant thereto, disclosure may be made to the appropriate public authority, whether Federal, foreign, State, local, or tribal, or otherwise, responsible for enforcing, investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation, or order issued pursuant thereto, if the information disclosed is relevant to any enforcement, regulatory, investigative or prosecutorial responsibility of the receiving entity.

(4) To a Member of Congress or to a Congressional staff member in response to an inquiry of the Congressional office made at the written request of the constituent about whom the record is maintained.

(5) To the National Archives and Records Administration or to the General Services Administration for records management inspections conducted under 44 U.S.C. 2904 and 2906.

(6) To HUD contractors, grantees, or volunteers who have been engaged to assist the agency in the performance of a contract service, grant, cooperative agreement, or other activity related to this system of records and who need to have access to the records in order to perform their activity. Recipients shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a.

(7) To a Federal, State, local, foreign, or tribal or other public authority the fact that this system of records contains information relevant to the retention of an employee, the retention of a security clearance, the letting of a contract, or the issuance or retention of a license, grant, or other benefit. The other agency or licensing organization may then make a request supported by the written consent of the individual for the entire record if it so chooses. No disclosure will be made unless the information has been determined to be sufficiently reliable to support a referral to another office within the agency or to another Federal agency for criminal, civil, administrative personnel or regulatory action.

(8) To the Office of Management and Budget when necessary to the review of private relief legislation pursuant to OMB Circular No. A-19.

(9) To a Federal, State, or local agency, or other appropriate entities or individuals, or through established liaison channels to selected foreign governments, in order to enable an intelligence agency to carry out its responsibilities under the National Security Act of 1947 as amended, the CIA Act of 1949 as amended, Executive Order 12333 or any successor order, applicable national security directives, or classified implementing procedures approved by the Attorney General and promulgated pursuant to such statutes, orders or directives.

(10) To notify another Federal agency when, or verify whether, a PIV card is no longer valid.

(11) To the news media or the general public, factual information the disclosure of which would be in the public interest and which would not constitute an unwarranted invasion of personal privacy, consistent with Freedom of Information Act standards.

Policies And Practices For Storing, Retrieving, Accessing, Retaining, And Disposing Of Records In The System:

Storage:

Records are stored in electronic media and in paper files. Paper files are kept in file folders or card files. Automated records are maintained in HUD's Security Control Access Tracking System (SCATS), and the DSX card access control system for HUD Headquarters.

Retrievability:

Records are retrievable by last name, Social Security number, other ID number, PIV card serial number, image (photograph), or fingerprint.

Safeguards:

Paper records are kept in locked cabinets in secure facilities. Access to them is restricted to individuals whose role requires use of the records. The computer servers in which records are stored are located in facilities that are secured by alarm systems and off-master key access. The computer servers themselves are password-protected. Access to individuals working at guard stations is password-protected; each person granted access to the system at guard stations must be individually authorized to use the system. A Privacy Act Warning Notice appears on the monitor screen when records containing information on individuals are first displayed. Data exchanged between the servers and the client PCs at the guard stations and badging office will be encrypted when HUD upgrades to a PIV-II compliant system in 2007. Backup tapes are stored in a locked and controlled room in a secure, off-site location.

An audit trail is maintained and reviewed periodically to identify unauthorized access. Persons given roles in the PIV process must complete training specific to their roles to ensure they are knowledgeable about how to protect individually identifiable information.

Retention And Disposal:

Records relating to persons' access covered by this system are retained in accordance with HUD Handbook 2228.2, General Records Schedule 18, Item 17, approved by the National Archives and Records Administration (NARA). Unless retained for specific, ongoing security investigations, records of access are maintained for five years and then destroyed. For other facilities, records are maintained for two years and then destroyed. Start Printed Page 54834

All other records relating to individuals are retained and disposed of in accordance with General Records Schedule 18, item 22a, approved by NARA. Records are destroyed upon notification of death or not later than five years after separation or transfer of employee, whichever is applicable.

In accordance with HSPD-12, PIV Cards are deactivated within 18 hours of cardholder separation, loss of card, or expiration. The information on PIV Cards is maintained in accordance with General Records Schedule 11, Item 4. PIV Cards are destroyed by cross-cut shredding no later than 90 days after deactivation.

System Manager(S) And Address:

Director, Physical Security Division, Office of Security and Emergency Planning, 451 Seventh Street, SW., Washington, DC 20410. Phone: (202) 708-2914.

Notification Procedures:

An individual can determine if this system contains a record pertaining to him/her by sending a request in writing, signed, to Director, Physical Security Division, Office of Security and Emergency Planning, 451 Seventh Street, SW., Washington, DC 20410. Phone: (202) 708-2914.

When requesting notification of or access to records covered by this Notice, an individual should provide his/her full name, date of birth, agency name, and work location. An individual requesting notification of records in person must provide identity documents sufficient to satisfy the custodian of the records that the requester is entitled to access, such as a government-issued photo ID. Individuals requesting notification via mail or telephone must furnish, at minimum, full name, date of birth, Social Security number, and home address in order to establish identity.

Records Access Procedures:

Same as notification procedures. Requesters should also reasonably specify the record contents being sought. Rules regarding access to Privacy Act records appear in 24 CFR part 16. If additional information or assistance is required, contact HUD's Privacy Act Officer in the Office of the Chief Information Officer, 451 Seventh Street, SW., Washington, DC 20410. Phone: (202) 708-2374.

Contesting Record Procedures:

Same as notification procedures. Requesters should also reasonably identify the record, specify the information they are contesting, state the corrective action sought and the reasons for the correction along with supporting justification showing why the record is not accurate, timely, relevant, or complete. Rules regarding amendment of Privacy Act records appear in 24 CFR part 16. If additional information or assistance is required, contact HUD's Privacy Appeals Officer in the Office of the General Counsel, 451 Seventh Street, SW., Washington, DC 20410.

Record Source Categories:

Employee, contractor, or applicant; sponsoring agency; former sponsoring agency; other Federal agencies; contract employer; former employer.

Exemptions Claimed For The System:

None.