COMMERCE/NTIS-1, NTIS Business Systems Draft Notice

BILLING CODE: TBD

DEPARTMENT OF COMMERCE

[Docket No. TBD]

Privacy Act of 1974; Amended System of Records

AGENCY: National Technical Information Service, U.S. Department of Commerce.

ACTION: Notice of Amendment, Privacy Act System of Records; COMMERCE/NTIS-1, NTIS Business Systems.

SUMMARY: In accordance with the Privacy Act of 1974, as amended, Title 5 United States Code (U.S.C.) §552a(e)(4) and (11); and Office of Management and Budget (OMB) Circular A-130, Appendix I, “Federal Agency Responsibilities for Maintaining Records About Individuals,” the Department of Commerce (Department) is issuing notice of intent to amend the system of records under COMMERCE/NTIS-1, NTIS Business Systems, to update information concerning the location of the system of records, categories of records covered by the system, the authority for maintenance of the system, the policies and practices for retention, disposal, and safeguarding the system of records, the storage, the system manager and address, the notification procedures; and other minor administrative updates. Accordingly, the COMMERCE/NTIS-1, NTIS Business Systems notice is amended as below. We invite public comment on the system amendment announced in this publication.

DATES: To be considered, written comments must be submitted on or before [insert date 30 days from publication in the FEDERAL REGISTER].  Unless comments are received, the amended system of records will become effective as proposed on [insert date 40 days from publication in the FEDERAL REGISTER].  If comments are received, the Department will publish a subsequent notice in the FEDERAL REGISTER within 10 days after the comment period closes, stating that the current system of records will remain in effect until publication of a final action in the FEDERAL REGISTER.

ADDRESSES: Please address comments to: National Technical Information Service,

Freedom of Information Act and Privacy Act Officer, 5301 Shawnee Rd, Alexandria, VA 22312.

FOR FURTHER INFORMATION CONTACT: National Technical Information Service,

Freedom of Information Act and Privacy Act Officer, 5301 Shawnee Rd, Alexandria, VA 22312.

SUPPLEMENTARY INFORMATION:

This update makes seven program-related changes. The first of seven proposed changes revises the name of the system. The second of seven proposed changes revises the location of the system. The third proposed change updates the categories of records. The fourth change updates the authority for maintenance to reflect the addition of new systems. The fifth change updates the routine uses. The sixth change updates the system manager and address. The seventh change updates the policies and practices for the storage, retrievability, safeguards, and retention and disposal of the records in the system. Additionally, the amendment provides other minor administrative updates. The entire resulting system of records notice, as amended, appears below.

COMMERCE/NTIS–1

SYSTEM NAME:

NTIS Business Systems

SECURITY CLASSIFICATION:

None.

SYSTEM LOCATION:

National Technical Information Service

5301 Shawnee Rd

Alexandria, VA 22312

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

All individuals who order and/or purchase products and services from NTIS and all individuals who have requested that they be placed on the NTIS promotional mailing list to receive NTIS promotional literature.

CATEGORIES OF RECORDS IN THE SYSTEM:

Name; address; telephone number; email address; nine-digit taxpayer identification number; state incorporation/registration number; items ordered; items sent; amount of purchases, date order received; date order mailed; NTIS deposit account or customer code number; total charge to date; whether account collectible or not; categories of publications ordered by each purchaser; when subscription expired; amount of deposit; certification status; URL.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

15 U.S.C. 1151-57; 41 U.S.C. 104; 44 U.S.C. 3101; Pub. L. 113-67.

PURPOSES:

The NTIS business systems are the collection of systems and applications that are hosted on NTIS servers. These systems work together to allow NTIS to provide services to the general public; and as well as internal financial services for NTIS. Products and services sold through ntis.gov are processed by the NTIS business systems.

NTIS collects information from all individuals who order and/or purchase products and services from NTIS and all individuals who have requested (that they be placed on the NTIS promotional mailing list) NTIS promotional literature.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

Records maintained in the system are disclosed to NTIS sales agents; and to individuals, organizations, Federal agencies, and State and local governments contributing publications to NTIS for their market research and sales accounting purposes, through the mechanism of providing them the names and addresses of individuals (and others) who have purchased their publications. Disclosure of information from this system of records may also be made to commercial contractors (debt collection agencies) for the purpose of collecting delinquent debts as authorized by the Debt Collection Act (31 U.S.C. 3718).

A record in this system of records may be disclosed to student volunteers, individuals working under a personal services contract, and other workers who technically do not have the status of Federal employees, when they are performing work for the Department and/or its agencies, as authorized by law, as needed to perform their assigned Agency functions.

A record may be disclosed pursuant to the following general routine uses of the Department of Commerce's Prefatory Statement:

1. In the event that a system or records maintained by the Department to carry out its functions indicates a violation or potential violation of law or contract, whether civil, criminal or regulatory in nature, and whether arising by general statute or particular program statute or contract, or rule, regulation, or order issued pursuant thereto, or the necessity to protect an interest of the Department, the relevant records in the system of records may be referred, as a routine use, to the appropriate agency, whether Federal, state, local or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute or contract, or rule, regulation or order issued pursuant thereto, or protecting the interest of the Department.

2. A record from this system of records may be disclosed, as a routine use, to a Federal, state or local agency maintaining civil, criminal or other relevant enforcement information or other pertinent information, such as current licenses, if necessary to obtain information relevant to a Department decision concerning the assignment, hiring or retention of an individual, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant or other benefit.

3. A record from this system of records may be disclosed, as a routine use, to a Federal, state, local, or international agency, in response to its request, in connection with the assignment, hiring or retention of an individual, the issuance of a security clearance, the reporting of an investigation of an individual, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter.

4. A record from this system of records may be disclosed, as a routine use, in the course of presenting evidence to a court, magistrate or administrative tribunal, including disclosures to opposing counsel in the course of settlement negotiations.

5. A record in this system of records may be disclosed, as a routine use, to a Member of Congress submitting a request involving an individual when the individual has requested assistance from the Member with respect to the subject matter of the record.

6. A record in this system of records which contains medical information may be disclosed, as a routine use, to the medical advisor of any individual submitting a request for access to the record under the Act and 15 CFR Part 4b if, in the sole judgment of the Department, disclosure could have an adverse effect upon the individual, under the provision of 5 U.S.C. 552a(f)(3) and implementing regulations at 15 CFR 4b.26.

8. A record in this system of records may be disclosed, as a routine use, to the Office of Management and Budget in connection with the review of private relief legislation as set forth in OMB Circular No. A-19 at any stage of the legislative coordination and clearance process as set forth in that Circular.

9. A record in this system of records may be disclosed, as a routine use, to the Department of Justice in connection with determining whether disclosure thereof is required by the Freedom of Information Act (5 U.S.C. 552).

10. A record in this system of records may be disclosed, as a routine use, to a contractor of the Department having need for the information in the performance of the contract, but not operating a system of records within the meaning of 5 U.S.C. 552a(m).

12. A record in this system may be transferred, as a routine use, to the Office of Personnel Management: for personnel research purposes; as a data source for management information; for the production of summary descriptive statistics and analytical studies in support of the function for which the records are collected and maintained; or for related manpower studies.

13. A record from this system of records may be disclosed, as a routine use, to the Administrator, General Services Administration (GSA), or his designee, during an inspection of records conducted by GSA as part of that agency's responsibility to recommend improvements in records management practices and programs, under authority of 44 U.S.C. 2904 and 2906. Such disclosure shall be made in accordance with the GSA regulations governing inspection of records for this purpose, and any other relevant (i.e. GSA or Commerce) directive. Such disclosure shall not be used to make determinations about individuals.

14. A record in this system of records may be disclosed to appropriate agencies, entities and persons when: (1) it is suspected or determined that the security or confidentiality of information in the system of records has been compromised; (2) the Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or whether systems or programs (whether maintained by the Department or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department’s efforts to respond to the suspected or confirmed compromise and to prevent, minimize, or remedy such harm. 72 FR 45009

DISCLOSURE TO CONSUMER REPORTING AGENCIES:

Disclosures pursuant to 5 U.S.C. 552a(b)(12):

Disclosures may be made from this system to "consumer reporting agencies" as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)), and the Federal Claims Collection Act of 1968 (31 U.S.C. 3701(a)(3)).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:

Records will be stored in a secure computerized system and on magnetic media; output data will be electronic. Paper records in file folders, film files, and magnetic media will be stored in a secure area within a locked drawer or cabinet. Source data sets containing personal identifiers will be maintained in a secure restricted-access IT environment.

RETRIEVABILITY:

For FOIA requests:

a. Records maintained in electronic request tracking systems are retrieved by individual Department component responsibility; by the name and/or organization of the requester or appellant; the number assigned to the request or appeal; by the name of the individual assigned to process the request or appeal; by the received, due, and/or closed date of the request or appeal; by the track, type and/or status of the request; and/or the time in days to process the request.

b. Records maintained in electronic form in system folders are retrieved by the name of the requester or appellant and/or the number assigned to the request or appeal.

c. Records maintained in paper form are retrieved by the name of the requester or appellant; and/or the number assigned to the request or appeal.

For Privacy Act requests:

a. Records maintained in electronic request tracking systems or electronic form in system folders are retrieved by the name of the requester or appellant and/or the number assigned to the request or appeal.

b. Records maintained in paper form are retrieved by the name of the requester or appellant; and/or the number assigned to the request or appeal.

SAFEGUARDS:

Paper records and disks as stored in file cabinets on secured premises with access limited to personnel whose official duties require access. The electronic system operates at a FISMA Moderate security rating and is hosted in a Federal Government data center.

RETENTION AND DISPOSAL:

NTIS records retention schedules are currently in review.

SYSTEM MANAGER(S) AND ADDRESS:

System managers are the same as stated in the System Location section above.

NOTIFICATION PROCEDURE:

An individual requesting notification of existence of records on himself or herself should send a signed, written inquiry to the location listed below. The request letter should be clearly marked, “PRIVACY ACT REQUEST.” The written inquiry must be signed and notarized or submitted with certification of identity under penalty of perjury. Requesters should reasonably specify the record contents being sought.

National Technical Information Service

Freedom of Information Act and Privacy Act Officer

5301 Shawnee Rd

Alexandria, VA 22312

RECORD ACCESS PROCEDURES:

An individual requesting access to records on himself or herself should send a signed, written inquiry to the same address as stated in the Notification Procedure section above. The request letter should be clearly marked, “PRIVACY ACT REQUEST.” The written inquiry must be signed and notarized or submitted with certification of identity under penalty of perjury. Requesters should specify the record contents being sought.

CONTESTING RECORD PROCEDURES:

An individual requesting corrections or contesting information contained in his or her records must send a signed, written request inquiry to the same address as stated in the Notification Procedure section above. Requesters should reasonable identify the records, specify the information they are contesting and state the corrective action sought and the reasons for the correction with supporting justification showing how the record is incomplete, untimely, inaccurate, or irrelevant.

The Department rules for access, for contesting contents and appealing initial determinations by the individual concerned appear in 15 CFR part 4b. Use above address.

RECORD SOURCE CATEGORIES:

Subject individual of the record.

SYSTEM EXEMPTIONS FROM CERTAIN PROVISIONS OF THE ACT:

None.