Amendment to System of Records Notice
[Federal Register: December 8, 2003 (Volume 68, Number 235)]
[Notices]
[Page 68384-68387]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr08de03-70]
-----------------------------------------------------------------------
ENVIRONMENTAL PROTECTION AGENCY
[OEI-2003-0036; FRL-7595-8]
Amendment to System of Records Notice
AGENCY: Environmental Protection Agency.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, as amended, the
Environmental Protection Agency (EPA) publishes this amendment to EPA's
notice of a system of records entitled ``Central Data Exchange-Customer
Registration Subsystem (CDX-CRS)'', published on March 18, 2002 (67 FR
12010-12013). The original System of Records Notice has been amended
to: update the ``Location'' section to reflect the recent relocation of
the CDX-CRS to a new facility; clarify the ``Categories of Records in
the System'' section to describe information collected to support
electronic signature functionality on some EPA forms; provide the
public with a new System of Record number that will be associated with
this system for the remainder of its operational life; provide a new
EPA point of contact; and clarify the ``purpose'' section to ensure the
public recognizes that the use of the CDX-CRS is optional and only
necessary for those individuals who want to file information
electronically with EPA. As described in the original notice, this
system will contain information on individuals who have registered and
established accounts to access CDX, EPA's electronic compliance filing
and environmental data exchange system. Individuals with CDX accounts
may engage in electronic filing of environmental documents as permitted
under the Government Paperwork Elimination Act (GPEA), and as required
under appropriate environmental statutes. Information maintained by the
CDX-CRS includes the individual's name and related identifiers, work
contact information, supervisor's name and contact information, and
information about the EPA program under which the individual plans to
report electronically. The information will be used to protect and
manage access to the individual's account on CDX.
DATES: This system of records will continue operations.
ADDRESSES: Questions regarding this notice should be referred to the
Environmental Protection Agency, Office of Environmental Information,
Collection Services Division, MS-2823T, 1200 Pennsylvania Avenue,
Washington, DC 20460.
FOR FURTHER INFORMATION CONTACT: Matthew Leopard at
Leopard.Matthew@epa.gov, or 202-566-1698. If you use a
telecommunications device for the deaf (TDD), you may call the Federal
Information Relay Service (FIRS) at 1-800-877-8339.
SUPPLEMENTARY INFORMATION:
I. General Information
EPA has established an official public docket for this action under
Docket ID No. OEI-2003-0036. The official public docket is the
collection of materials that is available for public viewing at the OEI
Docket in the EPA Docket Center (EPA/DC), EPA West, Room B102, 1301
Constitution Ave. NW., Washington, DC. The EPA Docket Center Public
Reading Room is open from 8:30 a.m. to 4:30 p.m., Monday through
Friday,
[[Page 68385]]
excluding legal holidays. The telephone number for the Reading Room is
(202) 566-1744, and the telephone number for the OEI Docket is (202)
566-1752.
An electronic version of the public docket is available through
EPA's electronic public docket and comment system, EPA Dockets. You may
use EPA Dockets at http://www.regulations.gov/ to view public comments,
access the index listing of the contents of the official public docket,
and to access those documents in the public docket that are available
electronically. Although not all docket materials may be available
electronically, you may still access any of the publicly available
docket materials through the docket facility identified above.
Dated: November 25, 2003.
Kimberly T. Nelson,
Assistant Administrator and Chief Information Officer.
EPA-52
System Name:
EPA Central Data Exchange--Customer Registration Subsystem (CDX-CRS)
System Location:
The system will be operated and maintained by EPA or organizations
under contract with the EPA (henceforth referred to as ``EPA'') at
their place of business. The operational CDX CRS, which performs the
routine functions of registering CDX users, is maintained at U.S. EPA
National Computer Center, 109 T.W. Alexander Drive, Research Triangle
Park, NC 27711. A testing facility which includes a test version of the
CDX-CRS which is used to validate any changes to the CDX-CRS system
before they become operational, is maintained at Computer Sciences
Corporation, 8400 Corporate Drive, New Carrollton, MD 20785.
Categories of Individuals Covered by the System:
This system contains records on all individuals that have either
attempted to register or have registered to obtain an account to use
CDX for electronically exchanging data with EPA. Registered users of
EPA's CDX-CRS may include representatives of industry, government or
laboratories exchanging information with EPA through CDX.
Categories of Records in the System:
This system contains records including individual's name, self-
assigned user name and security question, work title, work address and
related work contact information (e.g., phone and fax numbers, E-mail
address), supervisor's name and related contact information, and
information related to the EPA reporting program the individual is
planning to electronically file or report under (e.g., EPA program ID
# and EPA program role), and the method of reporting (web
browser, file exchange). In cases where individuals are asked to
electronically ``sign'' certain EPA forms, CDX may request additional
information items from an individual such as date of birth, mother's
maiden name, high school graduation date, and similar personal
identifiers. The individual registering for CDX will generate a self-
assigned password that will be stored on the CDX-CRS, but it will only
be accessible to the registering individual. The system will also store
other system-generated data such as the registration date and time,
digital certificate identifier, and other identifiers for internal
tracking. Upon assignment of the password and ID code, the user may
subsequently access the CDX system by entering these data and CDX will
use this information to authenticate the individual's access to CDX.
Authority for Maintenance of System:
In accordance with the Government Paperwork Elimination Act (44
U.S.C. 3504), EPA's electronic compliance filing and environmental data
exchange system will enable the ``acquisition and use of information
technology, including alternative information technologies that provide
for electronic submission, maintenance, or disclosure of information as
a substitute for paper and for the use and acceptance of electronic
signatures.'' Section 3504(a)(1)(B)(vi) of Title 44, United States
Code.
Purpose(s):
Central Data Exchange is EPA's portal for electronically exchanging
environmental data with our external customers. Individual external
users with CDX accounts may choose to engage in secure, electronic
filing of environmental documents as permitted under the Government
Paperwork Elimination Act (GPEA), and as required under appropriate
environmental statutes. CDX-CRS was developed to protect the EPA and
CDX system users from individuals seeking to gain unauthorized access
to user accounts on CDX. While compliance reporting to EPA may be a
mandatory requirement, the use of CDX to file information
electronically to EPA is optional. At any time during the CDX
registration process the individual may opt out of registering with CDX
to file information electronically, and may revert back to existing
paper or diskette filings with EPA.
The information contained in records maintained in the CDX-CRS
system is used for the purposes of verifying the identity of the
individual, informing users of the conditions and terms of using CDX,
allowing individual users to establish an account on CDX, providing
individual users access to their CDX account for electronically filing
compliance data or exchanging other forms of environmental data,
allowing individual users to customize, update or terminate their
account with CDX, renewing or revoking an individual user's account on
CDX, supporting the CDX help desk functions, investigating possible
fraud and verifying compliance with program regulations, and initiating
legal action against an individual involved in program fraud, abuse, or
noncompliance. The information is also used to provide authenticated,
protected access to the CDX system, thereby protecting CDX and CDX
users from potential harm caused by individuals with malicious
intentions gaining unauthorized access to the system.
Routine Uses of Records Maintained in the System, Including Categories
of Users and the Purposes of Such Uses:
CDX-CRS records will be used to facilitate registering CDX system
users, issuing a username and password, and subsequently, verifying an
individual's identity as he/she seeks to gain routine access to his/her
account. In some cases, the user verification process will require EPA
to contact the employer, based on the registration information provided
by the user. The system has secondary uses that include: using the
established username to facilitate tracking service calls or e-mails
from the user in the event that there is a change in registration
status or a problem the user has with CDX; offering the user new CDX
service options, and facilitating the retrieval of user actions (e.g.,
historical submissions and help tickets); and events while on the CDX
system. The records may also be subsequently used for auditing or other
internal purposes of the EPA, including but not limited to: instances
where enforcement of the conditions of using CDX are necessary;
investigation of possible fraud involving a registered user; litigation
purposes related to information reported to the agency; contacting the
individual in the event of a system modification; a change to CDX; or
modification, revocation or termination of user's access privileges to
CDX.
EPA may disclose information contained in a record in this system
of records under the routine uses listed in
[[Page 68386]]
this notice without the consent of the individual if the disclosure is
compatible with the purposes for which the record was collected. These
disclosures may be made on a case-by-case basis or under a computer
matching agreement if the Agency has complied with the computer
matching requirements of the Act.
The general routine uses for EPA's CDX are listed as follows:
A,B,C,E,F,G,H,I, and K apply. A detailed description of these routine
uses can be found in the Federal Register Notice (at 66 FR 49947
(2001)) and also on the National Archives and Records Administration
website, Privacy Act Issuances--1999 Compilation at:
http://www.access.gpo.gov/su_docs/aces/PrivacyAct.shtml
In addition, the following routine uses may also apply:
Program Disclosures: The Agency may disclose information from this
system to Federal, State, or local agencies, private parties such as
relatives, present and former employers and business and personal
associates, and hearing officials for the following purposes:
(a) To verify the identity of the individual;
(b) To enforce the conditions or terms of Agency program
regulations;
(c) To investigate possible fraud and verify compliance with Agency
program regulations;
(d) To prepare for litigation or to litigate collection service and
audit;
(e) To initiate a limitation, suspension and termination (LS&T),
debarment, or suspension action;
(f) To investigate complaints, update files, and correct errors.
Litigation and Alternative Dispute Resolution (ADR) Disclosures:
(a) In the event that one of the parties listed below is involved
in litigation or ADR, or has an interest in litigation ADR, the Agency
may disclose certain records to the parties described in paragraphs
(b), (c), and (d) of this routine use under the conditions specified in
those paragraphs:
(i) The Environmental Protection Agency, or any component of the
Agency; or
(ii) Any Agency employee in his or her official capacity; or
(iii) Any Agency employee in his or her individual capacity if the
Department of Justice (DOJ) has agreed to provide or arrange for
representation for the employee;
(iv) Any Agency employee in his or her individual capacity where
the agency has agreed to represent the employee; or
(v) The United States where the Agency determines that the
litigation is likely to affect the Agency or any of its components.
(b) Disclosure to the DOJ. If the Agency determines that disclosure
of certain records to the DOJ is relevant and necessary to litigation
or ADR, the Agency may disclose those records as a routine use to the
DOJ.
(c) Administrative Disclosures. Agencies that may obtain
information under this routine use include, but are not limited to, the
Office of Personnel Management, Office of Special Counsel, Merit
Systems Protection Board, Federal Labor Relations Authority, Equal
Employment Opportunity Commission, and Office of Government Ethics.
(d) Parties, counsels, representatives and witnesses. If the Agency
determines that disclosure of certain records to a party, counsel,
representative or witness in an administrative proceeding is relevant
and necessary to the litigation, the Agency may disclose those records
as a routine use to the party, counsel, representative or witness.
Research Disclosure: The Agency may disclose records to a
researcher if an appropriate official of the Agency determines that the
individual or organization to which the disclosure would be made is
qualified to carry out specific research related to functions or
purposes of this system of records. The official may disclose records
from this system of records to that researcher solely for the purpose
of carrying out that research related to the functions or purposes of
this system of records. The researcher shall be required to maintain
Privacy Act safeguards with respect to the disclosed records.
Policies and Practices for Storing, Retrieving, Accessing, Retaining,
and Disposing of Records in the System:
Storage:
The CDX is a system for which the Agency is in the process of
establishing a records schedule. The CDX will be taking e-transactions
and preserving them in accordance with applicable EPA and other Federal
policy and regulations. The CDX currently stores records on magnetic
and/or digital formats. All record storage procedures are in accordance
with current applicable regulations.
Retrievability:
Records are retrievable by the CDX user name, program ID number, or
all or part of the individual's name.
Safeguards:
EPA has minimized the risk of unauthorized access to the system by
establishing a secure environment for exchanging electronic
information. Physical access to the data system housed within the
facility is controlled by a computerized badge reading system, and the
entire complex is patrolled by security during non-business hours. The
computer system offers a high degree of resistance to tampering and
circumvention. Multiple levels of security are maintained with the
computer system control program. This system limits data access to EPA
and contract staff on a need to know basis, and controls individuals
ability to access and alter records with the system. All users of the
system of records are given a unique user identification (ID) with
personal identifiers. All interactions between the system and the
authorized individual users are recorded.
Retention and Disposal:
The EPA will retain and dispose of these records in accordance with
National Archives and Records Administration General Records Schedule
20, Item 1.c. This schedule provides disposal authorization for
electronic files and hard copy printouts created to monitor system
usage, including but not limited to log-in files, audit trail files,
system usage files, and cost-back files used to access charges for
system use. Records will be deleted or destroyed when the Agency
determines they are no longer needed for administrative, legal, audit,
or other program purposes.
System Managers and Address:
USEPA, Office of Environmental Information, (MS2823), 1200
Pennsylvania Ave. NW., Washington, DC 20460, Attn: Chief, Central
Receiving Branch.
Notification Procedure:
Requests to determine whether this system of records contains a
record pertaining to the requesting individual should be sent to the
USEPA, Office of Environmental Information, (MS2823T), 1200
Pennsylvania Ave. NW., Washington, D.C. 20460, Attn: Chief, Central
Receiving Branch. To send a fax request: 202-566-1684. To determine
whether a record exists regarding you in the system of records, provide
the system manager with your name and username. Requests must meet the
requirements of the regulations at 40 CFR part 16.
Record Access Procedures:
A request for record access shall follow the directions described
under Notification Procedure and will be addressed to the system
manager at the address listed above.
[[Page 68387]]
Contesting Records Procedures:
If you wish to contest a record in the system of records, contact
the system manager with the information described under Notification
Procedure, identify the specific items you are contesting, and provide
a written justification for each item.
Record Source Categories:
Information is obtained from individuals who have had or seek to
have their identity authenticated except that a password and a username
are explicitly self-assigned by the user registering to gain access to
CDX.
System Exempted from Certain Provisions of the Act:
None.
[FR Doc. 03-30371 Filed 12-5-03; 8:45 am]
BILLING CODE 6560-50-P