AGENCY:

Peace Corps.

ACTION:

Notice of establishment of new system of records.

SUMMARY:

Pursuant to the provisions of the Privacy Act of 1974 (5 U.S.C. 552a), the Peace Corps is establishing a new system of records, PC-26, entitled “Peace Corps Computer Systems Activity and Access Records.”

DATES:

Please submit any comments on or before September 9, 2002. Unless the Peace Corps receives comments that would require another determination, this system becomes effective on September 9, 2002.

ADDRESSES:

Please submit any comments within 40 days of publication on or before [40 days from publication insert date] to Gayle Rucker, Office of Information Resources Management, Room 3217, 1111 20th Street, NW., Washington, DC 20526. Ms. Rucker may be reached by phone at 202-692-1310 or by email at grucker@peacecorps.gov. General information about the Peace Corps as an agency is provided at www.peacecorps.gov.

SUPPLEMENTARY INFORMATION:

Section 552a(e)(4) and (11) of Title 5 of the United States Code provides that the public be given a 30-day period in which to comment on the new system. The Office of Management and Budget (OMB), which has oversight responsibility under the Act, requires a 40-day period in which to review the proposed system. In accordance with 5 U.S.C. 552a(r), Peace Corps has provided a report on this system to OMB and the Congress.

PEACE CORPS (PC-26)

SYSTEM NAME:

Peace Corps Computer Systems Activity and Access Records.

SYSTEM LOCATION:

Peace Corps offices (and other sites utilized by the Peace Corps) throughout the world. Headquartered at Peace Corps, Office of Information Resource Management, 1111 20th Street, NW., Washington, DC 20526.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

All or any individuals who access Peace Corps network computers or mainframe/enterprise servers, including individuals who send and receive electronic communications, access Internet sites, or access system databases, files, or applications from Peace Corps computers or sending electronic communications to Peace Corps computers; and individuals attempting to access Peace Corps computers or systems without authorization.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records in this system of records may include: Records on the use of interoffice and Internet e-mail systems, including the e-mail address of the sender and receiver of the e-mail message, subject, date, and time; records on user access to Peace Corps networks, including user ID, date and time of log on and log off, and denials of access to unauthorized files or directories; records of Internet access from a Peace Corps computer, such as the Internet Protocol (IP) address of the computer being used to initiate the Internet connection, the site accessed, date, and time; records relating to mainframe/enterprise server access, such as user ID of the individual accessing the mainframe, date and time, and the process being run on the mainframe; records relating to verification or authorization of an individual's access to systems, files, or applications, such as user IDs, passwords, user names, title, and agency.

Logs of Internet access from a Peace Corps computer do not contain names or similar personal identifiers. However, for official government business purposes, a name may be associated with an IP address.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

The Computer Security Act of 1987, 49 U.S.C. 1441 note, requires Federal agencies to plan for the security and privacy of their computer Systems nad the Peace Corps Act, 22 U.S.C. 2501, et seq.

PURPOSE(S):

The underlying raw data in this system of records is used by the Peace Corps' systems and security personnel, or persons authorized to assist these personnel, to plan and manage system services and to otherwise perform their official duties. Authorized Peace Corps managers may use the records in this system to investigate improper access or other improper activity related to computer system access; to initiate disciiplinary or other such action; and/or where the record(s) may appear to indicate a violation or potential violation of the law, to refer such record(s) to the appropriate investigative arm of Peace Corps, or other law enforcement agency for investigation.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSE OF SUCH USE:

A. Disclosure for Law Enforcement Purposes. Information may be disclosed to the appropriate Federal, State, local, or foreign agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order, if the information indicates a violation or potential violation of civil or criminal law or regulation within the jurisdiction of the receiving entity.

B. Disclosure Incident to Requesting Information. Information may be disclosed to any source from which additional information is requested (to the extent necessary to identify the individual, inform the source of the purpose(s) of the request, or to identify the type of information requested); when necessary to obtain information relevant to a Peace Corps decision concening retention of an employee or other personnel action (other than hiring), retention of a security clearance, the letting of a contract, or the issuance or retention of a grant or other benefit.

C. Disclosure to Requesting Agency. Information may be disclosed to a Federal, State, local, or other public authority of the fact that this system of records contains information relevant to the requesting agency's retention of an employee, the retnetion of a security clearance, the letting of a contract, or the issuance or retention of a license, grant, or other benefit. The other agency or licensing organization may then make a request supported by the written consent of the individual for part or all of the record if it so chooses. No disclosure will be made unless the information has been determined to be sufficiently reliable to support a referral to another office within the agency or to another Federal agency for criminal, civil, administrative, personnel, or regulatory action.

D. Disclosure to Office of Management and Budget. Information may be disclosed to the Office of Management and Budget at any stage in the legislative coordiantion and clearance process in connection with private relief legislation as set forth in OMB Circular No. A-19.

E. Disclosure to Congressional Offices. Information may be disclosed to a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of the individual.

F. Disclosure to Department of Justice. Information may be disclosed for purposes of litigation, provided that in each case the disclosure is compatible with the purpose for which the records were collected. Disclosure for these Start Printed Page 49049purposes may be made to the Department of Justice, or in a proceeding before a court, adjudicative body, or other administrative body before which the Peace Corps is authorized to appear. This disclosure may be made when: 1. The Peace Corps, or any component thereof; 2. Any employee of the Peace Corps in his or her official capacity; 3. Any employee of the Peace Corps in his or her individual capacity where the Department of Justice or the Peace Corps has agreed to represent the employee; or 4. The United States (when the Peace Corps determines that litigation is likely to affect the Peace Corps or any of its components); is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice or the Peace Corps is deemed by the Peace Corps to be relevant and necessary to the litigation.

G. Disclosure to the National Archives. Information may be disclosed to the National Archives and Records Administration in records management inspections.

H. Disclosure to Contractors, Grantee, and Others. Information may be disclosed to contractors, grantees, consultants, or Volunteer performing, or working on a contract, service, grant, cooperative agreement, job, or other activity for the Peace Corps and who have a need to have access to the information in the performance of their duties or activities for the Peace Corps. When appropriate, recipients will be required to comply with the requirements of the Privacy Act of 1974 as provided in 5 U.S.C. 552a(m).

I. Disclosures for Administrative Claims, Complaints, and Appeals. Information may be disclosed to an authorized appeal grievance examiner, formal complaints examiner, equal employment opportunity investigator, arbitrator, or other person properly engaged in investigation or settlement of an administrative grievance, complaint, claim, or appeal filed by an employee, but only to the extent that the information is relevant and necessary to the proceeding. Agencies that may obtain information under this routine use include, but are not limited to, the Office of Personnel Management, Office of Special Counsel, Merit Systems Protection Board, Federal Labor Relations Authority, Equal Employment Opportunity Commission, and Office of Government Ethics.

J. Disclosure to the Office of Personnel Management. Information may be disclosed to the Office of Personnel Management pursuant to that agency's responsibility for evaluation and oversight of Federal personnel management.

K. Disclosure in Connection with Litigation. Information may be disclosed in connection with litigation or settlement discussions regarding claims by or against the Peace Corps, including public filing with a court, to the extent that disclosure of the information is relevant and necessary to the litigation or discussions and except where court orders are otherwise required under section (b)(11) of the Privacy Act of 1974, 5 U.S.C. 552a(b)(11).

In addition to the routine uses stated above in A, B, C, D, E, F, G, H, I, J, and K, the following shall apply to this system.

Disclosure to provide information to any person(s) and authorized to assist in an approved investigation of improper usage of Peace Corps systems.

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

Records are stored in electronic and/or paper form.

RETRIEVABILITY:

Records may be retrieved by user name, user ID, e-mail address, or other identifying search term employed, depending on the record category. The Peace Corps does not usually connect IP addresses with a person. However, in some instances, for official government business purposes, the Department may connect the IP address with an individual, and records may be retrieved by IP address.

SAFEGUARDS:

Access is limited to those who have an official need to know. Specifically, only systems and security personnel or persons authorized to assist these personnel have access to automated records and magnetic storage media. These records are kept in a locked room with controlled entry. The use of password protection identification features and other automated data processing system protection methods also restrict access. All records are located in buildings with restricted access.

RETENTION AND DISPOSAL:

Records of verification, authorization, computer system access, and other activities generated by the system shall be retained no longer than one year, unless required for management review. After one year, they are destroyed or deleted. (Records retention schedule pending approval by the Archivist of the United States.)

SYSTEM MANAGER(S) AND ADDRESS:

Office of Information Resource Management, Peace Corps, 1111 20th Street, NW., Washington, DC 20526.

NOTIFICATION PROCEDURES:

To the extent permitted under the Privacy Act of 1974, 5 U.S.C. 552a(k)(5), this system is exempted from the provisions of the Privacy Act of 1974 that permit access and correction. Individual notification of this system and declaration of acceptance of this policy appears in the form of a Privacy Screen that must be acknowledged by each individual before access is granted to use a Peace Corps computer. This prompt appears with every beginning access or initiation of systems on the computer.

Any individual who wants to know whether this system of records contains a record about him or her, who wants access to his or her record, or who wants to contest the contents of records, should make a written request to the System Manager. Requesters will be required to provide adequate identification such as a driver's license or employee identification card, or other identiying document. The written request should provide name, assigned computer location, and a description of information being sought, including the time frame during which the record(s) may have been generated. Provide verification of identity. Identify the information being contested, the reason for contesting it, and the correction requested. In general, this information is computer-generated and is not subject to contest.

CONTESTING RECORD PROCEDURES:

See Notification Procedures above.

RECORD ACCESS PROCEDURES:

See Notification Procedures above.

RECORD SOURCE CATEGORIES:

Most records are generated internally, i.e., computer activity logs; individuals covered by the system; and management officials.

SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:

None.