[Federal Register Volume 85, Number 150 (Tuesday, August 4, 2020)]
[Notices]
[Pages 47195-47197]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-16855]
[[Page 47195]]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF EDUCATION
[Docket ID ED-2020-OCIO-0058]
Privacy Act of 1974; System of Records
AGENCY: Office of the Chief Information Officer, Department of
Education.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, as amended
(Privacy Act), the Department of Education (Department) publishes this
notice of a new system of records entitled ``Department of Education
Cybersecurity Excellence Award'' (18-04-05). Pursuant to Executive
Order 13870 of May 2, 2019, as published in the Federal Register on May
9, 2019 (Executive Order 13870), the Department has developed and
implemented, consistent with applicable law, an annual Department of
Education Cybersecurity Excellence Award to recognize Department
employees and contractors for outstanding performance and achievements
in the areas of cybersecurity and cyber-operations. The Department will
solicit applications and nominations for one individual or team of
individuals to be annually awarded the Department of Education
Cybersecurity Excellence Award.
DATES: Submit your comments on this new system of records notice on or
before September 3, 2020.
This new system of records will become applicable upon publication
in the Federal Register on August 4, 2020, unless the new system of
records notice needs to be changed as a result of public comment. All
proposed routine uses in the paragraph entitled ``ROUTINE USES OF
RECORDS MAINTAINED IN THE SYSTEM INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES'' will become applicable on September 3, 2020,
unless the new system of records notice needs to be changed as a result
of public comment. The Department will publish any significant changes
to the system of records or routine uses that result from public
comment.
ADDRESSES: Submit your comments through the Federal eRulemaking Portal
or via postal mail, commercial delivery, or hand delivery. We will not
accept comments submitted by fax or by email or those submitted after
the comment period. To ensure that we do not receive duplicate copies,
please submit your comments only once. In addition, please include the
Docket ID at the top of your comments.
Federal eRulemaking Portal: Go to www.regulations.gov to
submit your comments electronically. Information on using
Regulations.gov, including instructions for accessing agency documents,
submitting comments, and viewing the docket, is available on the site
under the ``Help'' tab.
Postal Mail, Commercial Delivery, or Hand Delivery: If you
mail or deliver your comments about this new system of records, address
them to: Peter Hoang, Information Assurance Services, Office of the
Chief Information Officer, U.S. Department of Education, 550 12th
Street SW, Washington, DC 20202.
Privacy Note: The Department's policy is to make all comments
received from members of the public available for public viewing in
their entirety on the Federal eRulemaking Portal at
www.regulations.gov. Therefore, commenters should be careful to include
in their comments only information that they wish to make publicly
available.
Assistance to Individuals with Disabilities in Reviewing the
Rulemaking Record: On request, we will provide an appropriate
accommodation or auxiliary aid to an individual with a disability who
needs assistance to review the comments or other documents in the
public rulemaking record for this notice. If you want to schedule an
appointment for this type of accommodation or auxiliary aid, please
contact the person listed under FOR FURTHER INFORMATION CONTACT.
FOR FURTHER INFORMATION CONTACT: Peter Hoang, Information Assurance
Services, Office of the Chief Information Officer, U.S. Department of
Education, 550 12th Street SW, Washington, DC 20202. Email:
[email protected]. Phone: (202)245-6923.
If you use a telecommunications device for the deaf (TDD) or a text
telephone (TTY), you may call the Federal Relay Service at 1-800-877-
8339.
SUPPLEMENTARY INFORMATION: The information maintained in this system
will be used to (1) review and evaluate applications and nominations of
individual candidates and teams including, but not limited to,
assessing individual candidate and team eligibility in order to select
one individual candidate or team of indivuals to whom the Department
will present, on an annual basis, the Department of Education
Cybersecurity Excellence Award, and two individual candidates or teams
of individuals to whom the Department will present, on an annual basis,
honorable mentions; (2) develop and implement the Department of
Education Cybersecurity Excellence Award program's annual recognition
component; and, (3) carry out the responsibilities set forth in section
2(d) of Executive Order 13870.
Accessible Format: Individuals with disabilities can obtain this
document in an accessible format (e.g., braille, large print,
audiotape, or compact disc) on request to the person listed under FOR
FURTHER INFORMATION CONTACT.
Electronic Access to This Document: The official version of this
document is the document published in the Federal Register. You may
access the official edition of the Federal Register and the Code of
Federal Regulations at www.govinfo.gov. At this site you can view this
document, as well as all other documents of this Department published
in the Federal Register, in text or Portable Document Format (PDF). To
use PDF, you must have Adobe Acrobat Reader, which is available free at
the site.
You may also access documents of the Department published in the
Federal Register by using the article search feature at
www.federalregister.gov. Specifically, through the advanced search
feature at this site, you can limit your search to documents published
by the Department.
Jason Gray,
Chief Information Officer, Office of the Chief Information Officer.
For the reasons discussed in the preamble, the Chief Information
Office, U.S. Department of Education (Department), publishes a notice
of a new system of records to read as follows:
SYSTEM NAME AND NUMBER:
Department of Education Cybersecurity Excellence Award (18-04-05).
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Information Assurance Services, Office of the Chief Information
Officer, U.S. Department of Education, 550 12th Street SW, Washington,
DC 20202.
SYSTEM MANAGER(S):
Chief Information Security Officer, Information Assurance Services,
Office of the Chief Information Office, U.S. Department of Education,
550 12th Street SW, Washington, DC 20202.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Executive Order 13870 of May 2, 2019, entitled, ``America's
Cybersecurity Workforce,'' as published in the Federal Register at 84
FR 20523 (May 9, 2019) (Executive Order 13870).
[[Page 47196]]
PURPOSE(S) OF THE SYSTEM:
The records maintained in this system will be used to (1) review
and evaluate applications and nominations of individual candidates and
teams including, but not limited to, assessing individual candidate and
team eligibility in order to select one individual candidate or team of
individuals to whom the Department will present, on an annual basis,
the Department of Education Cybersecurity Excellence Award, and two
individual candidates or teams of individuals to whom the Department
will present, on an annual basis, honorable mentions; (2) develop and
implement the Department of Education Cybersecurity Excellence Award
program's annual recognition component; and, (3) carry out the
responsibilities set forth in section 2(d) of Executive Order 13870.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
This system contains records on employees and contractors of the
Department who apply for or are nominated for the Department of
Education Cybersecurity Excellence Award.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system consists of records about each applicant or nominee,
including those who are part of a team that applies or is nominated,
for the Department of Education Cybersecurity Excellence Award
including, but not limited to, their: (1) Name; (2) organization and/or
branch name; (3) job title; (4) narrative statement of accomplishments
in cybersecurity innovations, team (stakeholder) collaboration, tool
implementation, process development, cybersecurity training, and
cybersecurity market research and product solutions; and, (5) work
address, work email address, and work contact number.
RECORD SOURCE CATEGORIES:
Information in this system is obtained from Department employees
and contractors who apply or are nominated, individually or as part of
a group (team), by their Department peers or Department leadership for
the Department of Education Cybersecurity Excellence Award. Information
also may be obtained from other persons or entities from which data is
obtained under the routine uses set forth below.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
The Department may disclose information contained in a record in
this system of records under the routine uses listed in this system of
records without the consent of the individual if the disclosure is
compatible with the purpose(s) for which the record was collected. The
Department may make these disclosures on a case-by-case basis or, if
the Department has complied with the computer matching requirements of
the Privacy Act of 1974, as amended (Privacy Act), under a computer
matching agreement.
(1) Programmatic Purposes. The Department may disclose information
from this system of records as part of the Department's review and
evaluation of candidate applications and nominations, and in order to
promote the selection and recognition of recipients of the Department
of Education Cybersecurity Excellence Award and honorable mentions,
along with the visibility of the award program itself, to the following
entities for the purposes specified:
(a) Disclosures to the General Public Announcing each Awardee and
Honorable Mention Recipient. The Department may disclose to the general
public, via the Department's website, the name and accomplishments of
each awardee and honorable mention recipient.
(b) Disclosures to Individuals and Entities Assisting the
Department in Arranging Awardee and Honorable Mention Recipient
Accommodations, Transportation, and Other Services. The Department may
provide information from this system of records to individuals and
entities, such as vendors, in preparation for and in connection with
the awards ceremony held, annually, by the Department in Washington,
DC, and related educational and celebratory activities.
(c) Disclosures to the White House and Federal Agencies for
Briefings, Speechwriting, or to Obtain Security Clearances. The
Department may disclose awardee and honorable mention recipient
information from this system of records to the White House and Federal
agencies for any speechwriting and briefings for officials addressing
the awardees, honorable mention recipients, or guests at recognition
events, or to permit awardees and honorable mention recipients to
obtain security clearances to attend such events or to gain entry into
buildings with limited access, as appropriate.
(2) Enforcement Disclosure. In the event that information in this
system of records indicates, either on its face or in connection with
other information, a violation or potential violation of any applicable
statute, regulation, or order of a competent authority, the Department
may disclose the relevant records to the appropriate agency, whether
foreign, Federal, State, Tribal, or local, charged with the
responsibility of investigating or prosecuting that violation or
charged with enforcing or implementing the statute, Executive Order,
rule, regulation, or order issued pursuant thereto.
(3) Litigation and Alternative Dispute Resolution (ADR) Disclosure.
(a) Introduction. In the event that one of the parties listed in
sub-paragraphs (i) through (v) is involved in judicial or
administrative litigation or ADR, or has an interest in judicial or
administrative litigation or ADR, the Department may disclose certain
records to the parties described in paragraphs (b), (c), and (d) of
this routine use under the conditions specified in those paragraphs:
(i) The Department, or any component of the Department;
(ii) Any Department employee in his or her official capacity;
(iii) Any Department employee in his or her individual capacity if
the Department of Justice (DOJ) has agreed or has been requested to
provide or arrange for representation for the employee;
(iv) Any Department employee in his or her individual capacity if
the agency has agreed to represent the employee; or
(v) The United States if the Department determines that the
litigation is likely to affect the Department or any of its components.
(b) Disclosure to the DOJ. If the Department determines that
disclosure of certain records to the DOJ is relevant and necessary to
litigation or ADR, the Department may disclose those records as a
routine use to the DOJ.
(c) Adjudicative Disclosures. If the Department determines that it
is relevant and necessary to the litigation or ADR to disclose certain
records to an adjudicative body, whether judicial or administrative,
before which the Department is authorized to appear or to a person or
an entity designated by the Department or otherwise empowered to
resolve or mediate disputes, the Department may disclose those records
as a routine use to the adjudicative body, person, or entity.
(d) Disclosure to Parties, Counsel, Representatives, and Witnesses.
If the Department determines that disclosure of certain records to a
party, counsel, representative, or witness is relevant and necessary to
the litigation or ADR, the Department may disclose those records as a
routine use to the party, counsel, representative, or witness.
(4) Freedom of Information Act (FOIA) and Privacy Act Advice
Disclosure. The Department may
[[Page 47197]]
disclose records from this system of records to the DOJ or the Office
of Management and Budget (OMB) if the Department concludes that
disclosure is desirable or necessary in determining whether particular
records are required to be disclosed under the FOIA or the Privacy Act.
(5) Disclosure to the DOJ. The Department may disclose records from
this system of records to the DOJ to the extent necessary for obtaining
DOJ advice on any matter relevant to an audit, inspection, or other
inquiry related to the Department of Education Cybersecurity Excellence
Award.
(6) Contract Disclosure. If the Department contracts with an entity
for the purposes of performing any function that requires disclosure of
records in this system to employees of the contractor, the Department
may disclose the records to those employees. As part of such a
contract, the Department shall require the contractor to agree to
establish and maintain safeguards to protect the security and
confidentiality of the disclosed records.
(7) Research Disclosure. The Department may disclose records to a
researcher if an appropriate official of the Department determines that
the individual or organization to which the disclosure would be made is
qualified to carry out specific research related to functions or
purposes of this system of records. The official may disclose records
from this system of records to that researcher solely for the purpose
of carrying out that research related to the functions or purposes of
this system of records. The researcher shall be required to agree to
establish and maintain safeguards to protect the security and
confidentiality of the disclosed records.
(8) Congressional Member Disclosure. The Department may disclose
information from the record of an individual to a member of Congress
and to his or her staff in response to an inquiry from the member (or
from the member's staff) made at the written request of that
individual. The member's right to access the information is no greater
than the right of the individual who made the written request to such
member.
(9) Disclosure in the Course of Responding to a Breach of Data. The
Department may disclose records from this system of records to
appropriate agencies, entities, and persons when: (a) The Department
suspects or has confirmed that there has been a breach of the system of
records; (b) the Department has determined that as a result of the
suspected or confirmed breach, there is a risk of harm to individuals,
the Department (including its information systems, programs, and
operations), the Federal Government, or national security; and (c) the
disclosure made to such agencies, entities, and persons is reasonably
necessary to assist the Department's efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such
harm.
(10) Disclosure in Assisting Another Agency in Responding to a
Breach of Data. The Department may disclose records from this system to
another Federal agency or Federal entity, when the Department
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (a) responding to
a suspected or confirmed breach or (b) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
The records are maintained on an access-controlled electronic
system.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
The records are retrieved by the applicant's or nominee's name and
year of application or nomination, as applicable.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
The Department shall submit a retention and disposition schedule
that covers the records contained in this system to the National
Archives and Records Administration (NARA) for review. The records will
not be destroyed until such time as NARA approves said schedule.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
All physical access to the Department site where this system of
records is maintained and the sites of the Department's staff and
contractors with access to the system is controlled and monitored by
security personnel who check each individual entering the building for
his or her employee or visitor badge.
The computer systems employed by the Department and its contractors
offer a high degree of security against tampering and circumvention.
These security systems limit data access to Department and contract
personnel on a ``need to know'' basis and control individual users'
ability to access and alter records within the system.
RECORD ACCESS PROCEDURES:
If you wish to gain access to a record regarding you in the system
of records, contact the system manager at the address listed above. You
must provide necessary particulars, such as your name and any other
identifying information requested by the Department while processing
the request to distinguish between individuals with the same name. Your
request must meet the requirements of 34 CFR 5b.5, including proof of
identity.
CONTESTING RECORD PROCEDURES:
If you wish to contest the content of a record regarding you in the
system of records, contact the system manager. You must provide
necessary particulars, such as your name and any other identifying
information requested by the Department while processing the request to
distinguish between individuals with the same name. Your request must
meet the requirements of 34 CFR 5b.7.
NOTIFICATION PROCEDURES:
If you wish to determine whether a record exists regarding you in
the system of records, contact the system manager at the address listed
above. You must provide necessary particulars, such as your name and
any other identifying information requested by the Department while
processing the request to distinguish between individuals with the same
name. Your request must meet the requirements of 34 CFR 5b.5, including
proof of identity.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
[FR Doc. 2020-16855 Filed 8-3-20; 8:45 am]
BILLING CODE 4000-01-P