Privacy Act of 1974; System of Records
| Published date | 27 October 2020 |
| Citation | 85 FR 68070 |
| Record Number | 2020-23770 |
| Section | Notices |
| Court | Centers For Disease Control And Prevention,Health And Human Services Department |
Federal Register, Volume 85 Issue 208 (Tuesday, October 27, 2020)
[Federal Register Volume 85, Number 208 (Tuesday, October 27, 2020)]
[Notices]
[Pages 68070-68074]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-23770]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Centers for Disease Control and Prevention
[Docket No. CDC-2020-0089]
Privacy Act of 1974; System of Records
AGENCY: Centers for Disease Control and Prevention (CDC), Department of
Health and Human Services (HHS).
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the requirements of the Privacy Act of
1974, as amended, the Department of Health and Human Services (HHS) is
modifying a system of records maintained by the Centers for Disease
Control and Prevention (CDC), 09-20-0170, National Select Agent
Registry (NSAR)/Select Agent Transfer and Entity Registration
Information System (SATERIS), HHS/CDC/COTPER. SATERIS is a national
database registry containing the name of and location information about
individuals possessing, using, or transferring select agents and toxins
and characterization information about the agents and toxins, as
required by the Public Health Security and Bioterrorism Preparedness
and Response Act of 2002. HHS/CDC is changing the name of the system of
records to ``Electronic Federal Select Agent Program Portal (eFSAP
Portal)'' and making other updates, some of which result from an
information technology (IT) system upgrade.
DATES: The modified system of records is applicable October 27, 2020,
subject to a 30-day period in which to comment on the routine uses.
Written comments must be received on or before November 27, 2020.
ADDRESSES: You may submit comments, identified by Docket No. CDC-2020-
0089 by any of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
Mail: Beverly Walker, Chief Privacy Officer, CDC Privacy
Unit, CyberSecurity Program Office (CSPO), Centers for Disease Control
and Prevention, 4770 Buford Hwy, Mailstop S101, Atlanta, GA 30341.
Instructions: All submissions received must include the agency name
and Docket Number. All relevant comments received will be posted
without change to https://regulations.gov, including any personal
information provided. Therefore, do not include any information in your
comment or supporting materials that you consider confidential or
inappropriate for public disclosure. For access to the docket to read
background documents or comments received, go to https://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: General questions about the modified
system of records may be submitted to Beverly Walker, Chief Privacy
Officer, CDC Privacy Unit, CyberSecurity Program Office (CSPO), Centers
for Disease Control and Prevention, 4770 Buford Hwy, Mailstop S101,
Atlanta, GA 30341, (770) 488-8524.
SUPPLEMENTARY INFORMATION:
I. Background on the Federal Select Agent Program and eFSAP Portal IT
System
HHS/CDC and the U.S. Department of Agriculture, Animal and Plant
Health Inspection Service (USDA/APHIS) jointly manage the Federal
Select Agent Program (FSAP). FSAP oversees the possession, use, and
transfer of biological select agents and toxins (BSAT), as outlined in
the select agent regulations (42 CFR part 73, 9 CFR part 121, and 7 CFR
part 331). BSAT have the potential to pose a severe threat to public,
animal or plant health or to animal or plant products.
BSAT are divided into four categories based on whether an agent
causes disease in humans, animals, plants, or a combination of humans
and animals. HHS/CDC regulates the possession, use, and transfer of
BSAT that have the potential to pose a severe threat to public health
and safety. USDA/APHIS regulates the possession, use, and transfer of
BSAT that pose a severe threat to animal or plant health or products.
HHS/CDC and USDA/APHIS regulate overlapping BSAT that have the
potential to pose a severe threat to both public health and safety and
to animal health or products.
The information that FSAP collects in order to track possession,
use, and transfer of BSAT includes: Registration records about a
registered entity or individual, identifying BSAT at each of the
registrant's locations or facilities and the individuals approved for
access to BSAT at each location or facility; laboratory biosafety and
security information for BSAT; information about transfers of BSAT;
identification and final disposition of any BSAT contained in a
specimen presented for diagnosis, verification, or proficiency testing;
observations from the inspections of each registered individual or
entity; and reports of any theft, loss, or release of BSAT.
The IT system used by FSAP to track possession, use, and transfer
of BSAT has been upgraded to allow the regulated community to report
required information or make requests to FSAP electronically, via a
single web portal known as the eFSAP portal. The eFSAP portal is a
single web-based information management system shared by HHS/CDC and
USDA/APHIS.
As upgraded, the IT system will continue to utilize a secure
database environment and to contain the same information that was
included in SATERIS. Allowing electronic submissions from the regulated
community will enable the regulated community to interact with FSAP
more
[[Page 68071]]
efficiently, allow for better and faster reporting of potential losses,
reduce program burdens and reliance on labor-intensive and paper-based
processes, and enable HHS/CDC and USDA/APHIS to more rapidly provide
regulatory responses and guidance and respond to emergency events
involving BSAT that may impact public health and safety.
II. Modifications Made to System of Records 09-20-0170
HHS/CDC has made the following modifications to the system of
records:
Changed the name of the system of records to Electronic
Federal Select Agent Program Portal (eFSAP Portal).
Updated the System Location and System Manager
information.
Updated the Authority section to add ``Subtitle A, Title
II'' and ``42 U.S.C. 262a'' before and after ``Public Health Security
and Bioterrorism Preparedness and Response Act of 2002 (Pub. L. 107-
188),'' and to remove ``The Agricultural Bioterrorism Protection Act of
2002'' which authorizes maintenance of related USDA/APHIS records but
not the HHS/CDC records covered in this system of records.
Shortened and simplified the Purpose description.
Revised the Categories of Individuals section by adding
individual or sole proprietor applicants/registrants.
Reorganized and expanded the Categories of Records section
to list each category of record with a description or list of data
elements specific to that category.
Expanded the Record Source Categories section to include
all applicable sources.
Added five new routine uses.
[cir] New routine use 1 authorizes disclosures to USDA to provide
comprehensive and effective oversight of BSAT, compliance with select
agent regulations, and administration of FSAP.
[cir] New routine use 4 authorizes disclosures to agricultural
authorities for the purpose of dealing more effectively with outbreaks
of animal and plant diseases or other conditions of agricultural
significance.
[cir] New routine use 8 authorizes disclosures of records that
indicate a violation, or possible violation, of law to relevant law
enforcement authorities. This routine use is necessary to cover
instances in which the law enforcement agency is unaware of the
violation or potential violation, so is unable to initiate a request
for the records under subsection (b)(7) of the Privacy Act (5 U.S.C.
552a(b)(7)).
[cir] New routine use 9 authorizes disclosures to relevant
government agencies and jurisdictions for the purpose of investigating
potential fraud, waste, and abuse.
[cir] New routine use 10 authorizes disclosures to the National
Archives and Records Administration (NARA) for records management
inspections.
Revised four routine uses.
[cir] Routine use 2, which authorizes disclosures to FSAP
contractors, no longer mentions certain duties a contractor would
perform but describes them as ``the functions listed in the Purpose
section.''
[cir] Routine use 3 now authorizes disclosures to ``federal law
enforcement authorities'' (in addition to public health and cooperating
medical authorities, previously the only authorities identified) for
the purpose of dealing more effectively with ``emergency events
involving BSAT that may impact public health and safety'' (rather than
``outbreaks and conditions of public health significance'').
[cir] Routine use 5, which authorizes disclosures to assist federal
agencies in determining an individual's trustworthiness to access
biological select agents and toxins (BSAT), now uses the broader term
``BSAT'' instead of ``select agents'' and omits, as unnecessary, the
word ``recipient'' before ``federal agencies.''
[cir] Routine use 6 now permits disclosures not only to the
Department of Justice but also to ``a court or other adjudicative
body,'' for use not only in litigation but also in ``other
proceedings,'' when relevant and necessary to the proceedings.
Changed the description in the Storage section to state
that the oldest inactive records are in paper form and that all other
records are stored electronically, instead of describing particular
storage media (``file folders, computer tapes and disks, CD-ROMs'').
Updated the Retention section to identify the current
disposition schedule, DAA-0442-2019-001, instead of the previous
schedule cited, N1-442-06-01; and to move descriptions of secure
destruction methods to the Safeguards section.
Updated the Safeguards section to refer to current
governing statutes, policies and guidelines, including the description
of secure destruction methods, and to include additional safeguards
(e.g., encryption, firewalls, and intrusion detection systems, and
reviewing security controls on an ongoing basis).
Updated the Access, Amendment, and Notification Procedures
sections to allow a requester to provide a written certification to
verify the requester's identity, and to state that an accounting of
disclosures may also be requested.
Because some of these changes are significant, HHS provided advance
notice of the modified system of records to the Office of Management
and Budget and Congress as required by 5 U.S.C. 552a(r) and OMB
Circular A-108.
Dated: October 22, 2020.
Suzi Connor,
Chief Information Officer, Centers for Disease Control and Prevention.
SYSTEM NAME AND NUMBER:
Electronic Federal Select Agent Program Portal (eFSAP Portal), 09-
20-0170.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
The address of the HHS component responsible for this system of
records is: Division of Select Agents and Toxins (DSAT), Center for
Preparedness and Response, Centers for Disease Control and Prevention
(CDC), 1600 Clifton Rd. NE, Atlanta, GA 30329.
SYSTEM MANAGER(S):
The System Manager is: Director, Division of Select Agents and
Toxins (DSAT), Center for Preparedness and Response, CDC, 1600 Clifton
Rd. NE, Atlanta, GA 30329, (404) 718-2000, [email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Subtitle A, Title II, Public Health Security and Bioterrorism
Preparedness and Response Act of 2002, Public Law 107-188 (42 U.S.C.
262a).
PURPOSE(S) OF THE SYSTEM:
The purpose of this system of records is to cover records about
individuals, retrieved by personal identifier, that HHS/CDC uses in
managing the Federal Select Agent Program (FSAP) to track the
possession, use, and transfer of biological select agents and toxins
(BSAT), in order to ensure that BSAT are managed appropriately to
prevent potential threats to public health.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The records are about these categories of individuals:
Individuals who in an individual (i.e., sole
proprietorship) capacity have applied for or received a certificate of
registration from FSAP.
Individuals designated as an entity applicant's
Responsible Official and Alternate Responsible Official.
Other individuals identified in an application as
requesting or needing
[[Page 68072]]
access to BSAT under 42 CFR part 73, otherwise known as the HHS select
agent regulations. The FSAP approves, or disapproves, these individuals
to possess, use, and transfer BSAT based on the security risk
assessments performed by the Department of Justice (DOJ), Federal
Bureau of Investigation (FBI), Criminal Justice Information Services
Division (CJIS), Bioterrorism Risk Assessment Group (BRAG).
CATEGORIES OF RECORDS IN THE SYSTEM:
The system of records includes these categories of records, some of
which are forms approved by the Office of Management and Budget (OMB):
Request for Exclusion: This type of request is submitted
to the FSAP by an individual or entity applicant or registrant to seek
a determination by the HHS Secretary that an attenuated strain or
modified toxin does not pose a severe threat to public health and
safety (see 42 CFR 73.3(e) and 73.4(e)).
Report of Identification of Select Agent or Toxin (APHIS/
CDC Form 4). This form is used by a clinical or diagnostic laboratory
to notify the FSAP that BSAT has been identified as the result of
diagnosis, verification, or proficiency testing or has been disposed of
or transferred in accordance with regulatory requirements (see 42 CFR
5(a)-(b) and 6(a)-(b)).
Request for Exemption (APHIS/CDC Form 5). This form is
used by an individual or entity registrant or applicant seeking an
exemption on the basis that it is using an investigational product that
is, bears, or contains BSAT (see 42 CFR 5(d) and 6(d)).
Application for Registration (APHIS/CDC Form 1). This form
is used by an individual or entity to apply for a certificate of
registration from the FSAP. The applicant completes the form by
providing location or facility information; a list of BSAT in use,
possession, or for transfer by the applicant; characterization of each
BSAT the applicant will possess; the name, date of birth, and job title
of each individual who needs access to BSAT; and laboratory information
such as biosafety level, building and room location (see 42 CFR 7(d)).
FSAP assigns a DOJ identification number for each individual associated
with application so that individuals can submit information to BRAG for
security risk assessment. This form is also used by an applicant or
registrant to amend the registration if any changes occur in the
information submitted (see 42 CFR 7(h)(1)).
Security Risk Assessment. BRAG uses the information the
applicant provides in the Application for Registration about each
individual needing access to BSAT to perform a security risk assessment
of each individual and provides the assessments to the FSAP. FSAP uses
the information to approve individuals to access BSAT following a
security risk assessment (see 42 CFR 10(a)).
Documentation of Inspection: Prior to issuance of a
certificate of registration, the FSAP will inspect the applicant's
locations or facilities to ensure compliance with the select agent
regulations and will document the inspection, including the applicant's
responses to any written requests from the FSAP (see 42 CFR 18).
Request for Expedited Review: An individual or entity
applicant or registrant may apply to the HHS Secretary or APHIS
Administrator for an expedited review (i.e., an expedited security risk
assessment) by the Attorney General of an individual identified as
needing access to BSAT. The request is made by submitting a request in
writing to the HHS Secretary establishing the need for such action (see
42 CFR 10(e)).
Security Plan: An individual or entity required to
register with the FSAP must develop and implement a written security
plan, which must be sufficient to safeguard BSAT against unauthorized
access, theft, loss, or release (see 42 CFR 11(a)). As a condition of
registration, an individual or entity is required to provide a copy of
the plan to the FSAP.
Biosafety Plan: An individual or entity required to
register with the FSAP must develop and implement a written biosafety
plan that is commensurate with the risk of BSAT, given its intended
use. The biosafety plan must contain sufficient information and
documentation to describe the biosafety and containment procedures for
each BSAT the individual or entity will possess, including any animals
(including arthropods) or plants intentionally or accidentally exposed
to or infected with a select agent (see 42 CFR 12(a)). As a condition
of registration, an individual or entity is required to provide a copy
of the plan to the FSAP.
Request Regarding a Restricted Experiment: An individual
or entity may not conduct, or possess products resulting from certain
experiments unless approved by and conducted in accordance with the
conditions prescribed by the HHS Secretary; these requests to seek such
approval to conduct restricted experiments are maintained by FSAP (see
42 CFR 13(a)).
Incident Response Plan: An individual or entity required
to register under this part must develop and implement a written
incident response plan based upon a site-specific risk assessment. The
incident response plan must be coordinated with any entity-wide plans,
be kept in the workplace, and be available to employees for review (see
42 CFR 14(a)). As a condition of registration, an individual or entity
is required to provide a copy of the plan to the FSAP.
Training Record: A registered individual, or a registered
entity's Responsible Official, must ensure training is provided to each
individual with access to BSAT and each escorted individual (e.g.,
laboratory workers, visitors, etc.) and that a record of the training
is maintained. The record must include the name of each such
individual, the date of the training, a description of the training
provided, and the means used to verify that the individual understood
the training (see 42 CFR 15(d)), and a copy of the training record may
be requested by FSAP.
Request to Transfer Select Agent or Toxin (APHIS/CDC Form
2). This form is used by a registered individual or entity to request
pre-authorization from FSAP to receive or send a specific BSAT (see 42
CFR 16).
Other Records: An individual or entity required to
register with the FSAP must maintain complete records relating to the
activities covered by the select agent regulations, any of which may be
requested by FSAP (see 42 CFR 17(a)).
Report of Potential Theft, Loss, or Release of Select
Agent or Toxin form (APHIS/CDC Form 3). This form is completed by a
registered individual or entity to report any theft, loss, or release
of BSAT to FSAP (see 42 CFR 19(a)-(b)).
RECORD SOURCE CATEGORIES:
The records in the system of records are obtained from the
individuals and entities applying for or receiving a certificate of
registration from FSAP to possess, use, and transfer BSAT or permit
individuals to access BSAT; or from FSAP, or from BRAG.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to other disclosures authorized directly in the Privacy
Act at 5 U.S.C. 552a(b)(1) and (2) and (b)(4) through (11), HHS may
disclose records about a subject individual from this system of records
to parties outside HHS as described in these routine uses, without the
individual's prior written consent.
1. Records may be disclosed to USDA to provide comprehensive and
effective oversight of BSAT, compliance with select agent regulations,
and administration of FSAP.
[[Page 68073]]
2. Records may be disclosed to contractors engaged to assist FSAP
with performing the functions listed in the Purpose section above.
Contractors are required to maintain Privacy Act safeguards with
respect to such records.
3. Records may be disclosed to state health departments and other
public health, cooperating medical or federal law enforcement
authorities to deal more effectively with emergency events involving
BSAT that may impact public health and safety.
4. Records may be disclosed to state agriculture departments and
other agriculture cooperating authorities to deal more effectively with
outbreaks of animal and plant diseases or other conditions of
agriculture significance.
5. Personal information from this system of records may be
disclosed as a routine use, to assist in making a determination
concerning an individual's trustworthiness to access BSAT, to any
federal or state agency where the purpose in making the disclosure is
to prevent access to BSAT for use in domestic or international
terrorism or for any criminal purpose; or to any federal or state
agency to protect the public, animal, and plant health and public
safety with regard to the possession, use, or transfer of BSAT.
6. Information may be disclosed to the Department of Justice (DOJ)
or to a court or other adjudicative body in litigation or other
proceedings when:
a. HHS or any of its components thereof, or
b. any employee of HHS acting in the employee's official capacity,
or
c. any employee of HHS acting in the employee's individual capacity
where the DOJ or HHS has agreed to represent the employee, or
d. the United States Government, is a party to the proceeding or
has an interest in such proceeding and, by careful review, HHS
determines that the records are both relevant and necessary to the
proceeding.
7. Disclosure may be made to a congressional office from the record
of an individual in response to a verified inquiry from the
congressional office made at the written request of that individual.
8. Where a record, either alone or in conjunction with other
information, indicates a violation or potential violation of law,
whether civil, criminal, or regulatory in nature, and whether arising
by general statute or by regulation, rule, or order issued pursuant
thereto, the relevant records in the system of records may be referred,
as a routine use, to the agency concerned, whether federal, state,
Tribal, local, territorial, or foreign, charged with the responsibility
of investigating or prosecuting such violation or charged with
enforcing or implementing the statute, rule, regulation, or order
issued pursuant thereto.
9. For the purpose of combatting fraud, waste, and abuse, records
may be disclosed to a relevant federal agency or instrumentality of any
governmental jurisdiction within or under the control of the United
States for the purpose of investigating potential fraud, waste, or
abuse.
10. Records may be disclosed to representatives of the National
Archives and Records Administration (NARA) in records management
inspections conducted pursuant to 44 U.S.C. 2904 and 2906.
11. Records may be disclosed to appropriate agencies, entities, and
persons when (1) HHS suspects or has confirmed that there has been a
breach of the system of records, (2) HHS has determined that as a
result of the suspected or confirmed breach there is a risk of harm to
individuals, HHS (including its information systems, programs, and
operations), the federal government, or national security, and (3) the
disclosure made to such agencies, entities, and persons is reasonably
necessary to assist in connection with HHS's efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such
harm.
12. Records may be disclosed to another federal agency or federal
entity, when HHS determines that information from this system of
records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2)
preventing, minimizing, or remedying the risk of harm to individuals,
the recipient agency or entity (including its information systems,
programs, and operations), the federal government, or national
security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The oldest inactive records are in paper form; all other records
are stored electronically.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
The records are retrieved by the subject individual's name or DOJ
identification number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained for 10 years, or until such time as the
records are no longer needed for litigation or other records purposes
and are then disposed of in accordance with FSAP disposition schedule
DAA-0442-2019-0001. Records are transferred to a federal records center
for storage when no longer in active use. Final disposition of records
stored offsite at the federal records center is accomplished by a
controlled process requesting final disposition approval from the HHS
record owner prior to any destruction to ensure the records are not
needed for litigation or other records purposes.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Safeguards conform to the HHS Information Security and Privacy
Program, http://www.hhs.gov/ocio/securityprivacy/index.html, the HHS
Information Security and Privacy Policy (IS2P), and applicable federal
laws, rules and policies, including: The E-Government Act of 2002,
which includes the Federal Information Security Management Act of 2002
(FISMA), 44 U.S.C. 3541-3549, as amended by the Federal Information
Security Modernization Act of 2014, 44 U.S.C. 3551-3558; all pertinent
National Institutes of Standards and Technology (NIST) publications;
and OMB Circular A-130, Managing Information as a Strategic Resource.
ADMINISTRATIVE AND TECHNICAL SAFEGUARDS:
Security measures are implemented on government computers
to control unauthorized access to the system. Attempts to gain access
by unauthorized individuals are automatically recorded and reviewed by
FSAP on a regular basis. Individuals who have routine access to these
records are limited to staff (FTEs and contractors having security
clearances at T3 (Non-Critical Sensitive positions requiring Secret
clearance) or T4 (Non-Sensitive High Risk (Public Trust)) levels) who
have responsibility for conducting regulatory oversight.
Protection for computerized records includes programmed
verification of valid user identification code and password prior to
logging on to the system; mandatory password changes, limited number of
log-in attempts, virus protection, encryption, firewalls, and intrusion
detection systems, and user rights/file attribute restrictions.
Password protection imposes username and password log-in requirements
to prevent unauthorized access. Each username is assigned limited
access rights to files and directories at varying levels to control
file sharing. There are routine daily backup procedures, and backup
files are securely stored off-site.
[[Page 68074]]
Security controls are reviewed on an ongoing basis.
Knowledge of individual tape passwords is required to
access backups, and access to the system is limited to users obtaining
prior supervisory approval. To avoid inadvertent data disclosure, a
special additional procedure is performed to ensure that all Privacy
Act data are removed from computer hard drives. Additional safeguards
may also be built into the program by the system analyst as warranted
by the sensitivity of the data set.
FTEs and contractor employees who maintain records are
instructed in specific procedures to protect the security of records
and are to check with the system manager prior to making disclosure of
data. When individually identifiable data are used in a room,
admittance at either federal or contractor sites is restricted to
specifically authorized personnel.
Appropriate Privacy Act provisions and breach notification
provisions are included in applicable contracts, and the CDC Project
Director, contract officers, and project officers oversee compliance
with these requirements. Upon completion of the contract, all data will
be either returned to federal government or destroyed, as specified by
the contract that includes breach notifications.
Records that are eligible for destruction are disposed of
using destruction methods prescribed by NIST SP 800-88. Hard copy
records are placed in a locked container or designated secure storage
area while awaiting destruction. Records are destroyed in a manner that
precludes its reconstruction, such as secured cross shredding.
Utilizing the HHS Security Rule Guidance Material found at https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html,
electronic information will be deleted or overwritten using Department
of Defense National Institute of Standards and Technology/General
Services Administration (NIST/GSA) approved overwriting software that
wipes the entire physical disk and not just the virtual disk. In
addition, the physical destruction is obtained by using a National
Security Agency/Central Security Service (NSA/CSS) approved degaussing
device.
PHYSICAL SAFEGUARDS:
Paper records are maintained in locked cabinets in
restricted areas to which access is controlled by an electronic cardkey
system and is limited to staff who have responsibility for conducting
regulatory oversight.
Electronic data files are stored in a restricted access
location. The computer room is protected by an automatic sprinkler
system and numerous automatic sensors (e.g., water, heat, smoke, etc.)
which are monitored, and a proper mix of portable fire extinguishers is
located throughout the computer room. Computer workstations, lockable
personal computers, and automated records are located in secured areas.
RECORD ACCESS PROCEDURES:
An individual seeking access to records about that individual in
this system of records must submit a written access request to the
System Manager, identified in the ``System Manager'' section of this
SORN. The request must contain the requester's full name, address, and
signature, and DOJ identification number if known. To verify the
requester's identity, the signature must be notarized or the request
must include the requester's written certification that the requester
is the individual who the requester claims to be and that the requester
understands that the knowing and willful request for or acquisition of
a record pertaining to an individual under false pretenses is a
criminal offense subject to a fine of up to $5,000. An accounting of
disclosures that have been made of the records, if any, may also be
requested.
CONTESTING RECORD PROCEDURES:
An individual seeking to amend a record about that individual in
this system of records must submit an amendment request to the System
Manager identified in the ``System Manager'' section of this SORN,
containing the same information required for an access request. The
request must include verification of the requester's identity in the
same manner required for an access request; must reasonably identify
the record and specify the information contested, the corrective action
sought, and the reasons for requesting the correction; and should
include supporting information to show how the record is inaccurate,
incomplete, untimely, or irrelevant.
NOTIFICATION PROCEDURES:
An individual who wishes to know if this system of records contains
records about that individual should submit a notification request to
the System Manager identified in the ``System Manager'' section of this
SORN. The request must contain the same information required for an
access request and must include verification of the requester's
identity in the same manner required for an access request.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
72 FR 35993 (July 2, 2007); 76 FR 4483 (Jan. 25, 2011), 83 FR 6591
(Feb. 14, 2018).
[FR Doc. 2020-23770 Filed 10-26-20; 8:45 am]
BILLING CODE 4163-18-P
