Jump to main content.

eRulemaking

I. Data in the System

  1. Generally describe what information will be collected in the system.

    The eRulemaking Initiative's Federal Docket Management System (FDMS) is an online public docket and comment system being implemented to expand public access to and the ability to comment on Federal agencies' rulemakings. The FDMS facilitates the submission of public comments to Federal agencies' rulemaking dockets by allowing the public to comment online. While the FDMS is a centralized system, each Federal agency is the sole owner of its data and the agency manages its internal user's access and roles within the system as well as the posting of data on the system as part of its rulemakings.

  2. What are the sources and types of the information in the system?

    Information entered into the FDMS is collected from two sources:

    • External to the Federal Rulemaking Community: Any person or any entity -- including private citizens; federal, state or local governments; businesses; industries; or their representatives -- may submit comments electronically into the FDMS via the Internet at www.Regulations.gov (they may also submit comments via mail, fax, or email which are then scanned and processed into electronic format for inclusion in the system); and
    • Internal to the Federal Rulemaking Community: Agency users with appropriate access rights will import the original proposed rulemaking and new rulemaking materials into the FDMS and key in metadata index information to the system to support public searches via the Internet. Agency users with appropriate access rights will also manage data submitted by external users (i.e. commenters), including rulemaking materials and supporting documentation.

  3. How will the data be used by the Agency?

    Each rulemaking entity's regulation writers across the Federal government will consider public comments when they modify a proposed or final rule, as well as comments solicited for opinions on a program initiative, scientific study, respective agency guidance document or proposed standard.

  4. Why is the information being collected? (Purpose)

    Often, the collection of comments is statutorily obligated for rulemakings. For non-rulemakings, Federal agencies collect comments to help improve materials under development.

II. Access to the Data

  1. Who will have access to the data in the system? (inside and outside parties)

    Those having access to the system include the users internal to the Federal government and the external members of the general public. Public access: Anyone can gain access to the public side of the system, which posts information on the Internet. Public access is via the Internet and requires no login to search, view and comment on posted materials open for comment. Internal access: The non-public side of the system is accessible only to authorized eRulemaking docket staff and Federal government (multi-agency) rule writers and managers. Each agency is responsible for the comments and other materials submitted to that particular agency. The non-public login is a separate login that is not accessible via the publicly viewable pages.

    Contractors will be developing, implementing and possibly comprising some of the docket center operations staff personnel.

  2. What controls are in place to prevent the misuse of data by those having access?

    There are numerous controls being planned to ensure data integrity and to prevent the misuse of data. They include authorized login and password, policies, procedures, work-flow processes that will include quality assurance and management oversight over the entire work-flow process.

    Controls to prevent contractor misuse of data will be in place as stated in the contractor statement of work that will contain the FAR clause.

    The FDMS has been designed to restrict access to the data on a need to know basis. This can be restricted to the agency, to a docket (set of documents associated with a rule) or to a specific document within a docket based on the individuals roles and responsibilities within the agency. A restricted set of administrators are granted rights to grant users specific privileges.

  3. Do other systems share data or have access to data in this system? If yes, explain.

    No.

  4. Who will be responsible for protecting the privacy rights of the individuals affected by the interface? (i.e., System Administrators, System Developers, System Managers)

    Agency Administrators will be responsible for protecting the privacy rights of the individuals. However, personal information is provided at the discretion of the commenter. Commenters are notified in advance (via a notice on the Comment Submission page) that comments received are generally posted as received onto the FDMS. The system informs users through this disclaimer notice that any contact information they provide will be published with their comments. Providing contact information for individuals is not mandatory for EPA. However, users submitting comments to other agencies may be encouraged or required to submit their contact information in the body of their comment in case there are questions or due to statutory requirements.

  5. Will other agencies, state, or local governments share data or have access to data in this system? (Includes any entity external to EPA.)

    Yes. Approximately 173 federal agencies will access the FDMS to modify a proposed or final rule, as well as receive public comments solicited for opinions on a program initiative, scientific study, respective Agency guidance document or proposed standard. Other agencies (outside the federal regulatory community) and state or local governments will only have access to the publicly accessible information in the system from the Internet site (www.Regulations.gov). Personal information will not be shared with external parties.

  6. Do individuals have the opportunity to decline to provide information or to consent to particular uses of the information? If yes, how is notice given to the individual? (Privacy policies must clearly explain where the collection or sharing of certain information may be optional and provide users a mechanism to assert any preference to withhold information or prohibit secondary use.)

    Yes, individuals do not need to submit any information they do not want to provide. Comments submitted are provided on a completely voluntary basis and it is up to the commenter as to what information is provided. The system informs users through a disclaimer notice that any contact information they provide is voluntary and will be published with their comments. Again, providing contact information for individuals commenting on EPA actions will not be required.

  7. How will the information be secured?

    While publicly-accessible information will be available on the Internet, the system resides on a server behind the eRulemaking firewall. There are numerous internal controls in place to ensure data integrity and to prevent unauthorized access (e.g. two firewalls, intrusion detection software, seven (7) levels of access, LAN security, etc.) There are controls planned for Confidential Business Information (CBI). Some agencies have made the determination to withhold CBI and copyrighted information from public view and maintain the original comment with this information separately. Agencies have the ability to make this information available only to Federal agencies' regulation writers and others within the Federal government who need it as a part of their duties.

III. Attributes of the Data

  1. Is the use of the data both relevant and necessary to the purpose for which the system is being designed?

    Yes. The information in the FDMS is both relevant and necessary for the system's purpose because it is the government-wide repository for rule-making related documents as well as an archive of public comments about specific rules as they are being drafted.

  2. If data are being consolidated, what controls are in place to protect the data from unauthorized access or use?

    There are numerous controls being planned to ensure data integrity and to prevent unauthorized access (e.g. two firewalls, intrusion detection software, seven (7) levels of access, LAN security, etc.) There are controls planned for Confidential Business Information (CBI) and copyrighted information. Currently, CBI and copyrighted information will not be placed into the Federal Docket Management System; they will be maintained separately.

  3. If processes are being consolidated, are the proper controls remaining in place to protect the data and prevent unauthorized access? Explain.

    This question is not applicable to the FDMS as comments will not be consolidated.

  4. How will data be retrieved? Can it be retrieved by personal identifier? If yes, explain.

    Information is retrieved by a structured search. Personal identifiers can be retrieved only if a search is conducted in the body of a comment.

  5. What achievements of goals for machine readability have been incorporated into this system? Where is the policy stated? (Machine readable technology enables visitors to easily identify privacy policies and make an informed choice about whether to conduct business with that site.)

    All materials and comments in the FDMS will be rendered into PDF format. Policy will be stated on the public-accessible website.

IV. Maintenance of Administrative Controls

  1. What are the retention periods of data in this system? (For EPA, you may check with the record liaison officer (RLO) for your AA-ship, Tammy Boulware (Headquarters Records Officer) or Judy Hutt, Agency Privacy Act Officer, to determine if there is a retention schedule for the subject data.)

    All documents and comments contained in Federal agencies' rulemaking dockets are considered permanent records relevant to the regulatory authority of that Federal agency. They will be retained within the respective Federal agency for fixed periods following implementation of final rules. Thereafter, all docket files will be transferred to the National Archives and Records Administration (NARA) in accordance with NARA-approved records maintenance and disposition schedules.

  2. What are the procedures for eliminating the data at the end of the retention period? Where are the procedures documented?

    Docket files reaching the end of their active life cycle (e.g. following promulgation of final rules) are transferred to NARA. At that time, NARA and the Federal agency determine the medium and format in which records will be transferred. EPA provides indexes or other records used for the maintenance, search, and retrieval of files that have been transferred to NARA, to ensure the preservation of the complete official record and to permit retrieval of files at any time after NARA acquires them. Electronic records contained in the FDMS will be transferred to NARA in electronic format, in accordance with the standards for permanent electronic records contained in 36 CFR 1228.270, or revised standards applicable at the time of such disposition. If transfer via an electronic medium is not feasible, records will be converted to microfilm prior to transfer, with agreement from NARA.

  3. While the data are retained in the system, what are the requirements for determining if the data are still sufficiently accurate, relevant, timely, and complete to ensure fairness in making determinations?

    While the FDMS' Documentum and Oracle platforms ensure data integrity (both for externally-submitted comments and internally generated documents and metadata), the system does not assess the accuracy or completeness of publicly-submitted comments. The content of comments is subjective. Federal agencies' regulation writers are responsible for interpreting the relevance, accuracy, and completeness of externally submitted comments and data for the nature and intent of related rulemakings under consideration.

  4. Will FDMS provide the capability to identify, locate, and monitor individuals? If yes, explain.

    No. The system will not have the capability to identify, locate, or monitor individuals.

  5. Is there any persistent tracking technology available?

    Information entered into the system will be given a unique document number.

  6. Under which System of Records notice (SOR) does the system operate? Provide the name of system and number if applicable. (A SOR is any collection of records under the control of the Agency in which the data is retrieved by a personal identifier. A personal identifier is a name, Social Security Number, or other identifying symbol assigned to an individual, i.e. any identifier unique to an individual. The Privacy Act Officer will ensure that a SOR is developed for the system if necessary.)

    If a Federal agency chooses to collect and use personal identifying information in a manner which invokes the Privacy Act requirement of a System of Records Notice, then it is the responsibility of that Federal agency to do so.

  7. If the system is being modified, will the SOR require amendment or revision? Explain.

    Not at this time.

Local Navigation

Jump to main content.