[Federal Register Volume 85, Number 80 (Friday, April 24, 2020)] [Notices] [Pages 23024-23028] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2020-08723] ----------------------------------------------------------------------- FEDERAL COMMUNICATIONS COMMISSION [FRS 16684] Privacy Act of 1974; System of Records AGENCY: Federal Communications Commission. ACTION: Notice of a modified System of Records. ----------------------------------------------------------------------- SUMMARY: The Federal Communications Commission (FCC or Commission or Agency) has modified and renamed an existing system of records, FCC/ PSHSB-1, FCC Emergency and Continuity Alerts and Contacts System (ECACS) (formerly: FCC/PSHSB-1, FCC Emergency and Continuity Contacts System (ECCS)), subject to the Privacy Act of 1974, as amended. This action is necessary to meet the requirements of the Privacy Act to publish in the Federal Register notice of the existence and character of records maintained by the Agency. The FCC's Public Safety and Homeland Security Bureau (PSHSB) uses the information in ECACS to prepare for and coordinate crisis response activities wherever they occur in the United States and its territories. PSHSB is modifying FCC/ PSHSB-1 to include information it will use to evaluate the effectiveness of Wireless Emergency Alerts (WEA), including participating Commercial Mobile Service Providers' (``providers'') implementation of enhanced geo-targeting for WEA. DATES: This action will become effective on April 24, 2020. Written comments on the system's routine uses are due by May 26, 2020. The routine uses in this action will become effective on May 26, 2020 unless written comments are received that require a contrary determination. ADDRESSES: Send comments to Leslie F. Smith, Privacy Manager, Information Technology (IT), Room 1-C216, Federal Communications Commission, 445 12th Street SW, Washington, DC 20554, or via email at [email protected]. FOR FURTHER INFORMATION CONTACT: Leslie F. Smith, (202) 418-0217, or [email protected] (and to obtain a copy of the Narrative Statement and the Supplementary Document, which includes details of the modifications to this system of records). SUPPLEMENTARY INFORMATION: This notice serves to update and modify FCC/ PSHSB-1 to include the Commission's collection of personally identifiable information (PII) through surveys used to evaluate the effectiveness of WEA, including Participating Commercial Mobile Service (CMS) providers' implementation of enhanced geo-targeting in support of public safety. As outlined In the Matter of Wireless Emergency Alerts Amendments to Part 11 of the Commission's Rules Regarding the Emergency Alert System, PS Docket Nos. 15-91 and 15-94, Second Report and Order and Second Order on [[Page 23025]] Reconsideration, 33 FCC Rcd 1320, 1324-25, para. 6 (2018) (``Second Report and Order''), the Commission's enhanced geo-targeting rules, effective December 13, 2019, require that the Participating CMS providers match a target area specified by an alert originator (i.e., deliver an alert message to 100% of the geographic area that the alert originator targets with no more than a 0.1 mile overshoot). PSHSB intends to test the effectiveness of this and related functionality to inform PSHSB's coordination and mitigation work when regions and communities face potentially imminent threats of the loss of life or property. Additionally, the SORN is being modified to make various necessary changes and updates, including the use of more advanced electronic information technologies, i.e., cloud technology, and format changes required by OMB Circular A-108 since its previous publication. The substantive changes and modifications to the previously published version of the FCC/PSHSB-1 system of records include: 1. Changing the name of the system of records to FCC/PSHSB-1, FCC Emergency and Continuity Alerts and Contacts System (ECACS) to show that the system now includes information PSHSB will use to evaluate the effectiveness of Wireless Emergency Alerts (WEA), including participating Commercial Mobile Service (CMS) providers' implementation of enhanced geo-targeting for WEA. 2. Updating the Security Classification to be consistent with FCC policies and Executive Order 13556. 3. Updating/revising the language in the Categories of Individuals to include individuals representing institutions, organizations, and other groups engaged in crisis management and emergency preparedness functions, activities, and actions as part of the system's emergency management contacts information; FCC employees and contractors who are members of the Bureau/Office Emergency Response Group (ERG), Devolution Emergency Response Group (DERG) and FCC and bureau and office (B/O) lines of succession; and individuals who volunteer to participate in PSHSB surveys, including surveys to evaluate the effectiveness of WEA and providers' implementation of enhanced geo-targeting for WEA. 4. Updating/revising the Categories of Records to include the information collected by PSHSB surveys pertaining to the respondents, the locations from which individuals respond to the survey, and other information that PSHSB will collect including, but not limited to type of device, operating system, and wireless service provider. 5. Updating/revising the Purposes to include coordination of activities such as emergencies and crisis management actions, responses, and related functions; enabling the FCC to manage and maintain the contact and response system for FCC employees and contractors for purposes that include, but are not limited to coordinating Continuity of Operations Plan (COOP) actions and related functions; and conducting voluntary surveys evaluating the effectiveness of WEA, including implementation of enhanced geo- targeting by providers and other related emergency notification systems, functions, and activities. 6. Updating/revising the Records Source Categories to include survey respondents' inputs transmitted through their wireless devices or through other means of communication. 7. Deleting two routine uses ((1) Emergency Response and (9) First Responders) that are covered by 5 U.S.C. 552a(b)(8) and therefore unnecessary. 8. Updating and/or revising language in eight routine uses: (1) Adjudication and Litigation; (2) Law Enforcement and Investigation; (3) Congressional Inquiries; (4) Government-Wide Program Management and Oversight; (5) Employment, Clearances, Licensing, Contract, Grant or other Benefits Decisions by the FCC; (6) Labor Relations; (7) Breach Notification, updated/revised as required by OMB Memorandum M-17-12; and (10) Contracted Third Parties (previously Routine Use (10)). 9. Adding three new routine uses: (8) Assistance to Federal Agencies and Entities, to allow the FCC to provide assistance to other Federal agencies in their data breach situations, as required by OMB Memorandum M-17-12; (9) Contract Services, Grants, or Cooperative Agreements, to allow contractors performing or working on a contract for the Federal Government access to information in this system; (11) Test Partners, to allow PSHSB's test partners, which may include state or local government entities, private sector organizations, or volunteers to help plan, conduct, and analyze the test results used to evaluate WEA's effectiveness and the provider's implementation of enhanced WEA's geo-targeting. 10. Adding two new sections: Reporting to a Consumer Reporting Agency, to address valid and overdue debts owed by individuals to the FCC under the Debt Collection Act, as recommended by OMB; and a History section referencing the previous publication of this SORN in the Federal Register, as required by OMB Circular A-108. 11. Updating the Policies and Practices for Retention and Disposal of Records in this system to state that the records in this system are covered by the National Archives and Records Administration's (NARA) General Records Schedule (GRS) 5.3, Continuity and Emergency Planning Records (January 2017 GRS revision). The system of records is also updated to reflect various administrative changes related to the system managers and system addresses; policy and practices for storage and retrieval of the information; administrative, technical, and physical safeguards; and updated notification, records access, and procedures to contest records. SYSTEM NAME AND NUMBER: FCC/PSHSB-1, FCC Emergency and Continuity Alerts and Contacts System (ECACS). SECURITY CLASSIFICATION: The Security Operations Center (SOC) has not assigned a security classification to ECACS; however, information in this system may be designated as: Controlled Unclassified Information, Non-Public, For Internal Use Only, or For Official Use Only. SYSTEM LOCATION: Public Safety and Homeland Security Bureau (PSHSB), Federal Communications Commission, 445 12th Street SW, Washington, DC 20554. SYSTEM MANAGER(S): Public Safety and Homeland Security Bureau (PSHSB), 445 12th Street SW, Washington, DC 20554. AUTHORITY FOR MAINTENANCE OF THE SYSTEM Executive Order 12472, Assignment of National Security and Emergency Preparedness Telecommunications Functions, April 3, 1984, as amended February 28, 2003 and June 26, 2006; Presidential Decision Directive 67, Enduring Constitutional Government and Continuity of Government Operations, October 21, 1998; Homeland Security Act of 2002, 6 U.S.C. 101 et seq., November 25, 2002; National Security Presidential Directive 51/Homeland Security Presidential Directive 20, National Continuity Policy, May 9, 2007; National Communications System Directive 3-10, Minimum Requirements for Continuity Communications Capabilities, July 25, 2007; National Continuity Policy Implementation Plan, Homeland Security Council, August 2007; Federal Continuity Directive 1, Federal [[Page 23026]] Executive Branch National Continuity Program and Requirements, February 2008; Federal Continuity Directive 2, Federal Executive Branch Mission Essential Function and Primary Mission Essential Function Identification and Submission Process, February 2008. PURPOSE(S) OF THE SYSTEM The FCC uses the records in this system for purposes that include, but are not limited to: 1. Enabling the FCC to respond to and coordinate activities that including emergencies and crisis management actions, responses, and related functions; 2. Enabling the FCC to manage and maintain the contact and response system for FCC employees and contractors for coordinating Continuity of Operations Plan (COOP) actions and related functions; 3. Enabling the FCC to use an automated telephone and email system to contact its Emergency Contacts and COOP Contacts; 4. Conducting voluntary surveys evaluating the effectiveness of WEA, including implementation of enhanced geo-targeting by providers, and other related emergency notification systems, functions, and activities. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM The categories of individuals in this system include, but are not limited to: 1. FCC employees, Federal Government contacts, State, Tribal, Territorial, Local Government and private sector contacts along with individuals representing institutions, organizations, and other groups engaged in crisis management and emergency preparedness functions, activities, and actions as part of this system's emergency management contacts information. 2. FCC employees and contractors who are members of the Bureau and Office (B/O) Emergency Response Group (ERG), Devolution Emergency Response Group (DERG), and FCC and B/O lines of succession. 3. Individuals who volunteer to participate in PSHSB surveys, including surveys to evaluate the effectiveness of WEA and providers' implementations of enhanced geo-targeting for WEA. CATEGORIES OF RECORDS IN THE SYSTEM The records in this system include, but are not limited to: 1. Emergency contacts include individual and/or business name(s), position title, business telephone number(s), business cell phone number(s), business satellite phone number(s), business pager number(s), business facsimile number(s), business address(es), business email address(es), home telephone number(s), personal cell phone number(s), personal pager number (s), personal facsimile number(s), and personal email address(es). 2. COOP contacts include FCC employee's and contractor's name(s), position title, security clearance information, line of succession information, work and personal telephone number(s), work and personal facsimile number(s), work and personal cell phone number(s), satellite telephone number(s), FCC Government Emergency Telecommunications System (GETS) and Wireless Priority System (WPS) information, satellite telephone number(s), Government passport numbers, work and personal pager number(s), and work and personal email address(es). 3. PSHSB survey information includes the individual respondents' identification numbers, email addresses, street addresses (street, city, state, and zip code) at the location that the individual responds to the survey, and other information that PSHSB will collect including but not limited to type of device, operating system, and wireless service provider. RECORD SOURCE CATEGORIES 1. The sources for the emergency contacts information include, but are not limited to FCC employees, Federal Government, State, Tribal, Territorial, and Local Government contacts, and private sector contactors along with individuals representing institutions and organizations with crisis management and emergency preparedness functions. 2. The sources for the COOP contact participants' information are FCC employees and contractors. 3. The sources for the survey information that PSHSB will use include the survey respondents' inputs transmitted through their wireless devices, or through other means of communication. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES In addition to those disclosures generally permitted under section 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed to authorized entities, as is determined to be relevant and necessary, outside the FCC, as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows. 1. Adjudication and Litigation--To disclose information to the Department of Justice (DOJ), or to a court or adjudicative body before which the FCC is authorized to appear, when: (a) the FCC or any component thereof; or (b) any employee of the FCC in his or her official capacity; or (c) any employee of the FCC in his or her individual capacity where the DOJ or the FCC have agreed to represent the employee; or (d) the United States is a party to litigation or have an interest in such litigation, and the use of such records by the DOJ or the FCC is deemed by the FCC to be relevant and necessary to the litigation. 2. Law enforcement and Investigation--To disclose pertinent information to the appropriate Federal, State, and/or local agency responsible for investigating, prosecuting, enforcing, or implementing a statute, rule, regulation, or order, where the FCC becomes aware of an indication of a violation or potential violation of civil or criminal law or regulation. 3. Congressional Inquiries--To provide information to a Congressional office from the record of an individual in response to an inquiry from that Congressional office made at the written request of that individual. 4. Government-Wide Program Management and Oversight--To disclose information to the National Archives and Records Administration (NARA) for use in its records management inspections; to the Government Accountability Office (GAO) for oversight purposes; to the Department of Justice (DOJ) to obtain that department's advice regarding disclosure obligations under the Freedom of Information Act (FOIA); or to the Office of Management and Budget (OMB) to obtain that office's advice regarding obligations under the Privacy Act. 5. Employment, Clearances, Licensing, Contract, Grant or other Benefits Decisions by the FCC--To disclose to a Federal, State, local or foreign, tribal, or other public agency or authority maintaining civil, criminal, or other relevant enforcement records, or other pertinent records, or to another public authority or professional organization, if necessary to obtain information relevant to an investigation concerning the hiring or retention of an employee or other personnel action, the issuance or retention of a security clearance, classifying of jobs, letting of a contract, or the issuance or retention of a license, grant, or other benefit by the Commission, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter. [[Page 23027]] 6. Labor Relations--To officials of labor organizations recognized under 5 U.S.C. 71 upon receipt of a formal request and in accord with the conditions of 5 U.S.C. 7114 when relevant and necessary to their duties of exclusive representation concerning personnel policies, practices, and matters affecting working conditions. 7. Breach Notification--To appropriate agencies, entities, and persons when (a) the Commission suspects or has confirmed that there has been a breach of the system of records; (b) the Commission has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, the Commission (including its information systems, programs, and operations), the Federal Government, or national security; and (c) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with Commission efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. 8. Assistance to Federal Agencies and Entities--To another Federal agency or Federal entity, when the Commission determines that information from this system is reasonably necessary to assist the recipient agency or entity in: (a) Responding to a suspected or confirmed breach or (b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, program, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. 9. Contract Services, Grants, or Cooperative Agreements--To disclose information to FCC contractors, grantees, or volunteers who have been engaged to assist the FCC in the performance of a contract service, grant, cooperative agreement, or other activity related to this system of records and who need to have access to the records in order to perform their activity. Recipients shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. 552a. 10. Contracted Third Parties--To external contracted parties throughout the United States for required maintenance, data input, and/ or extraction requirements, testing, and activation of an automated telephone and email system. 11. Test Partners--To PSHSB's test partner entities who help plan, conduct, and analyze the results of tests used to evaluate the effectiveness of WEA, including providers' implementations of enhanced geo-targeting for WEA. REPORTING TO A CONSUMER REPORTING AGENCY: In addition to the routine uses listed above, the Commission may share information from this system of records with a consumer reporting agency regarding an individual who has not paid a valid and overdue debt owed to the Commission, following the procedures set out in the Debt Collection Act, 31 U.S.C. 3711(e). POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Information in ECACS consists of electronic data, files, and records, which are housed in the FCC's computer network databases, and paper documents, files, and records, which are stored in file cabinets in the PSHSB office suite. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Information in the Emergency Contacts and the COOP Contacts databases is retrieved by searching any field in the respective database(s). POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: The FCC maintains and disposes of these records in accordance with the requirements of the General Records Schedules (GRS) issued by the National Archives and Records Administration (NARA) as follows: GRS 5.3, Disposition Authorities: Item 010: DAA-GRS-2016-0004-0001: Continuity planning and related emergency planning files; and Item 020: DAA-GRS-2016-0004-0002: Employee emergency contact information. GRS 4.1, Disposition Authority: Item 030: DAA-GRS-2013-0002-0008: Vital or essential records program records. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: 1. The electronic records, data, and files are stored within FCC accreditation boundaries and maintained in a database housed in the FCC computer network databases. The data in the FCC's computer network is protected by the FCC and third-party privacy safeguards, a comprehensive and dynamic set of IT safety and security protocols and features that are designed to meet all Federal IT privacy standards, including those required by the National Institute of Standards and Technology (NIST), the Office of Management and Budget (OMB), and the Federal Information Security Modernization Act of 2014 (FISMA). 2. There are a limited number of paper documents, files, and records, which are stored in file cabinets in the PSHSB office suite. These cabinets are locked when not in use and/or at the end of the business day. All access points for the PSHSB office suites are monitored. 3. Furthermore, as part of the FCC's privacy safeguards, only authorized PSHSB supervisors, employees, PSHSB's Test Partners, and contractors, including IT contractors who manage the FCC's computer network, may have access to the electronic data and the paper document files. Other FCC employees may be granted access on a need-to-know basis. The FCC's Test Partners will not have direct access to the FCC's computer network or information systems; however, PSHSB will provide the Test Partners data necessary to evaluate the effectiveness of WEA, including providers' implementation of enhanced geo-targeting. The Test Partners will be required to implement privacy safeguards against the disclosure of electronic data and paper document files provided by the FCC, unless disclosure is otherwise required by applicable federal or other laws. RECORD ACCESS PROCEDURES: Individuals wishing to request access to and/or amendment of records about them should follow the Notification Procedure below. CONTESTING RECORD PROCEDURES: Individuals wishing to request an amendment of records about them should follow the Notification Procedure below. NOTIFICATION PROCEDURES: Individuals wishing to determine whether this system of records contains information about them may do so by writing to Leslie F. Smith, Privacy Manager, Information Technology, Federal Communications Commission, 445 12th Street SW, Washington, DC 20554, or by emailing [email protected] and following the procedures set forth in the FCC's Privacy Act regulations regarding verification of identity and access to records, 47 CFR Part 0, Subpart E. EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. HISTORY: The FCC last gave full notice of this system of records, FCC/PSHSB- 1, formerly titled FCC Emergency and Continuity Contacts System (ECCS), by publication in the Federal Register on September 19, 2011 (76 FR 57989). [[Page 23028]] Federal Communications Commission. Marlene Dortch, Secretary. [FR Doc. 2020-08723 Filed 4-23-20; 8:45 am] BILLING CODE 6712-01-P