Office of Personnel Management
Privacy Act of 1974; System of Records
AGENCY: U.S. Office of Personnel Management, Merit Systems Accountability and Compliance, Office of the Combined Federal Campaign
ACTION: Notice of a New System of Records
SUMMARY: In accordance with the Privacy Act of 1974, the Office of Personnel Management proposes to establish a new OPM system of records titled “OPM/Central-20 National CFC System of Records.” This system of records contains information that OPM collects and maintains about individuals who make charitable contributions to eligible non-profit organizations through the Combined Federal Campaign (CFC). This newly established system of records will be included in the Office of Personnel Management’s inventory of record systems.
DATES: Please submit comments on or before [insert date 30 days after date of publications in the FEDERAL REGISTER]. This new system is effective upon publication in today’s Federal Register, with the exception of the routine uses, which are effective [insert date 35 days after date of publication in the FEDERAL REGISTER].
ADDRESSES: You may submit written comments by one of the following methods:
Mail: Keith Willingham, Director, Office of CFC, Office of Personnel Management, 1900 E Street, NW, Suite 6484, Washington, DC 20415.
E-mail: [email protected].
FOR FURTHER INFORMATION, CONTACT: For general questions, please contact: Keith Willingham, 202-606-2564, Director, Office of the Combined Federal Campaign, Office of Personnel Management. For privacy questions, please contact: Kellie Cosgrove Riley, 202-606-2308, Chief Privacy Officer, Office of Personnel Management.
SUPPLEMENTARY INFORMATION:
In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the Office of Personnel Management proposes to establish a new system of records titled “OPM-20 National CFC System.” This system of records is being established in order to facilitate the Combined Federal Campaign’s transition from a largely paper-based, decentralized collection of donations to a centralized, national electronic collection. The system of records contains information that OPM, through its Central Campaign Administrator (CCA) contractor(s), collects, maintains, and uses regarding individuals who make charitable contributions to eligible non-profit organizations through the Combined Federal Campaign (CFC).
The CFC is the largest workplace giving campaign in the world. Since its inception in 1961, Federal employees have pledged more than $8 billion to thousands of qualified local, national, and international charities. Through 2016, the CFC was administered in over 120 local areas across the country and overseas. Charities applied to participate, either as an independent charity or a member of a federation, by submitting an application to either OPM or to one of the local CFC offices. Similarly, Federal, Postal and military personnel donated through the CFC by submitting a completed paper or electronic pledge form to their payroll office and/or the local administrator in their local CFC office. The local administrators, known as Principal Combined Fund Organizations (PCFO), collected and maintained information about the donors, their contribution, and their designated charitable organizations to process and account for donor contributions. The PCFO collected cash, checks, or credit card contributions directly from the donors or from the donors’ payroll offices if the donors had chosen to make contributions via payroll deduction. The PCFO then made payments directly to the individual charities or federations chosen by the donors.
Based on recommendations from a Federal Advisory Committee known as the CFC 50 Commission established in 2011 to study the CFC and determine how to streamline and improve the program, OPM is now centralizing two core components of the CFC: a) the applications submitted by charities and federations that want to participate in the CFC; and b) the contributions from individuals who wish to support those charities. Accordingly, the CFC Online Application System (cfccharities.opm.gov) and the CFC Online Donation System (cfcgiving.opm.gov) will replace redundant the paper and electronic systems that were operated by the PCFOs. Individuals will submit their donation information either electronically through the CFC Online Donation System or by filling out a paper pledge form, which the CCA will then scan into the electronic system. In addition to centralizing the CFC functions, OPM is also expanding the donor pool by allowing civilian annuitants and military retirees to participate and by permitting Federal employees to pledge volunteer hours in addition to financial gifts.
The records collected from the individual donors and the participating charities will now be maintained in one central location as the OPM/Central-20 National CFC System. This newly established system of records will be included in OPM’s inventory of records systems. In accordance with 5 U.S.C. 552a(r), OPM has provided a report of this system of records to the Office of Management and Budget and to Congress.
SYSTEM NAME AND NUMBER: National CFC System, OPM-20
SECURITY CLASSIFICATION: Unclassified.
SYSTEM LOCATION: The Office of the Combined Federal Campaign, Office of Personnel Management, 1900 E Street, NW, Suite 6484, Washington, DC 20415, is responsible for this system of records. By contract, CFC’s Central Campaign Administrator(s), through its subcontractors, maintains records in a government-approved cloud server accessed through secure datacenters in the continental United States.
SYSTEM MANAGER(S): Director, Office of the Combined Federal Campaign, U.S. Office of Personnel Management, 1900 E. Street, NW, Suite 6484, Washington, DC 20415, Phone 202-606-2564 or [email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Executive Order (EO) 12353 (March 23, 1982), EO 12404 (February 10, 1983), and EO 13743 (October 13, 2016); 5 CFR Part 950; Pub. L. 100-202, and Pub. L. 102-393 (5 U.S.C. 1101 Note).
PURPOSE(S) OF THE SYSTEM: The purpose of the system is to permit OPM and its contractors serving as Central Campaign Administrators (CCA) for the CFC, to accurately receive, process, and account for charitable donations made by Federal employees, retirees, and others; make payments to charitable organizations; and address inquiries from donors and other stakeholders, including Federal agencies, charitable organizations, and Congress, as necessary. In addition, information in this system of records that is obtained from charitable organizations is used to approve or deny an applicant’s participation in the CFC and to adjudicate appeals by charities that are denied. This system of records also supports the production of summary, de-identified descriptive statistics and analytical studies pertaining to the CFC program.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Federal employees, civilian annuitants, military retirees, and contractors who voluntarily participate in the CFC program via a one-time or recurring gift; and
Individuals who serve as points of contact for charitable organizations that participate or apply to participate in the CFC.
CATEGORIES OF RECORDS IN THE SYSTEM:
For donors (employees, retirees and contractors) using the system, CFC collects:
Name;
Social Security Number or other employee identification number used by a Federal payroll or retirement system;
Work address;
Home address;
Phone number;
Government e-mail address;
Secondary e-mail address;
Employment information (to include, but not limited to, Federal agency or military branch, department/unit, office, military service, commands, etc.);
Charity or charities designated;
Amount of donation, in dollars or hours;
Credit card information, including credit card number and expiration date;
Bank account number and bank routing number;
Authorization to release name and other information to charities;
Usernames and passwords created to access the system
Anonymous Participant ID connected with each designation
Security questions and answers (for resetting passwords to access the online system);
Help Desk ticket information
Customer (donor) satisfaction surveys.
For charities applying to be in the campaign, the system collects:
Contact information (email, names of points of contact, business address);
Usernames and passwords created to access the system;
Tax identity number;
CFC code;
Bank account information
Public audit files such as audited financials, Internal Revenue Service (IRS) Form 990, IRS letters of determination, IRS “Doing Business As” letter;
Base commander authorization letters;
Charity and federation application data to meet qualifications of 5 CFR 950;
Security questions and answers (for resetting passwords);
Help desk ticket information; and
Anonymous charity satisfaction surveys
RECORD SOURCE CATEGORIES: Records are obtained from individuals who choose to participate in the CFC; charitable organizations that apply to participate in the CFC; and individuals who contact the CFC help desk.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside OPM as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
To the Department of Justice, including Offices of the U.S. Attorneys, or other federal agency conducting litigation or in proceedings before any court, adjudicative, or administrative body, when it is relevant or necessary to the litigation or proceeding and one of the following is a party to the litigation or has an interest in such litigation:
OPM, or any component thereof;
Any employee or former employee of OPM in his or her official capacity;
Any employee or former employee of OPM in his or her individual capacity where the Department of Justice or OPM has agreed to represent the employee; or
The United States, when OPM determines that litigation is likely to affect OPM or any of its components.
To the appropriate Federal, State, or local agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order, when a record, either on its face or in conjunction with other information, indicates or is relevant to a violation or potential violation of civil or criminal law or regulation.
To a member of Congress from the record of an individual in response to an inquiry made at the request of the individual to whom the record pertains.
To the National Archives and Records Administration (NARA) for records management inspections being conducted under the authority of 44 U.S.C. 2904 and 2906.
To appropriate agencies, entities, and persons when (1) OPM suspects or has confirmed that there has been a breach of the system of records,· (2) OPM has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, OPM (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with OPM’s efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
To another Federal agency or Federal entity, when OPM determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
To contractors, grantees, experts, consultants, or volunteers performing or working on a contract, service, grant, cooperative agreement, or other assignment for OPM when necessary to accomplish an agency function related to this system of records. Individuals provided information under this routine use are subject to the same Privacy Act requirements and limitations on disclosure as are applicable to OPM employees.
To an individual’s payroll office or retirement service to facilitate accurate payroll and annuity deductions requested by the individual.
To credit card companies, banks, and other financial institutions in order to process an individual’s one-time or recurring donation.
To independent public accounting firms to conduct audits of the CFC, but only such information as is necessary and relevant to the specific audit being conducted.
To charitable organizations and federations in order to provide them with monetary donations and time pledged and, where individual donors have so authorized, information about the individual donors.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS: The records in this system of records are encrypted and stored electronically in a government-approved cloud server pursuant to a contract between OPM and the CFC’s Central Campaign Administrators.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records may be retrieved by name or other personal identifier.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Pursuant to 5 CFR 950.604, CFC records must be retained for at least three completed campaign periods. OPM is currently developing a records schedule to submit to NARA for approval. Disposal of hard copy records such as pledge forms will be performed by shredding once the record is scanned into the system. Disposal of electronic files is by electronic erasure and other means consistent with security requirements.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: Records in the system are protected from unauthorized access and misuse through various administrative, technical and physical security measures. Technical security measures within OPM and the CCA (which OPM requires by the terms of each contract, agreement and/or subcontract) include restrictions on computer access to authorized individuals, required use of strong passwords that are frequently changed and regular review of security procedures and best practices to enhance security. Access to the cfccharities.opm.gov and cfcgiving.opm.gov databases is maintained behind an industry-standard firewall and information in the databases is encrypted. All security measures with respect to electronic records systems are consistent with the requirements of the Federal Information Security Management Act (Pub. L. 107-296), associated OMB policies, as well as applicable standards and guidance from the National Institute of Standards and Technology. As noted above, neither the system nor the system operators can retrieve the user’s account information without the user supplying a password, answering security questions, or a confirmation code.
RECORD ACCESS PROCEDURES:
Individuals may access their own records by logging into cfcgiving.opm.gov with their e-mail address, password, and a multi-factor authentication token (i.e., a one-time password or code sent to the user’s email account or phone). Those who need assistance with this may contact the CFC Customer Care Center at 608-237-4898 (local/international) or 800-797-0098 (toll free). Additionally, representatives of CFC-participating organizations and federal employee application reviewers who need assistance accessing their information on cfccharities.opm.gov can call 608-237-4935 (local/international) or (888)232-4935 (toll free).
Alternatively, individuals seeking notification of and access to their records in this system of records may submit a request in writing to the Office of Personnel Management, Office of the Combined Federal Campaign, 1900 E Street, NW, Washington, DC 20415. Individuals must furnish the following information for their records to be located:
Full name.
Date of birth.
Social Security Number.
Signature.
Available information regarding the type of information requested.
The reason why the individual believes this system contains information about him/her.
The address to which the information should be sent.
Individuals requesting access must also comply with OPM’s Privacy Act regulations regarding verification of identity and access to records (5 CFR 297).
CONTESTING RECORD PROCEDURES:
Individuals may modify or correct their own records by logging into cfcgiving.opm.gov with their e-mail address, password, and a multi-factor authentication token (i.e., a one-time password or code sent to the user’s email account or phone). Those who need assistance with this may contact the CFC Customer Care Center at 608-237-4898 (local/international) or 800-797-0098 (toll free). Additionally, representatives of CFC-participating organizations and federal employee application reviewers who need to update records on cfccharities.opm.gov can call 608-237-4935 (local/international) or (888)232-4935 (toll free).
Alternatively, individuals may request that records about them be amended by writing to the Office of Personnel Management, Office of the Combined Federal Campaign, 1900 E Street, NW, Washington, DC 20415 and furnish the following information for their records to be located:
Full name.
Date of birth.
Social Security Number.
Local CFC name or city, state and zip code of their duty station
Signature.
Precise identification of the information to be amended.
Individuals requesting amendment must also follow OPM’s Privacy Act regulations regarding verification of identity and amendment to records (5 CFR 297).
NOTIFICATION PROCEDURES:
See “Record Access Procedure.”
EXEMPTIONS PROMULGATED FOR THE SYSTEM: None.
HISTORY: None.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | DeCristofaro, Anthony |
| File Modified | 0000-00-00 |
| File Created | 2021-01-13 |