[Federal Register Volume 67, Number 52 (Monday, March 18, 2002)]
[Notices]
[Pages 12010-12013]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 02-6486]


=======================================================================
-----------------------------------------------------------------------

ENVIRONMENTAL PROTECTION AGENCY

[FRL-7159-7]


Privacy Act of 1974; System of Records

AGENCY: Environmental Protection Agency.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended, the 
Environmental Protection Agency (EPA) publishes this notice of a new 
system of records entitled ``Central Data Exchange-Customer 
Registration Subsystem (CDX-CRS).'' The system will contain information 
on individuals who have registered and established accounts to access 
CDX, EPA's electronic compliance filing and environmental data exchange 
system. Individuals with CDX accounts may engage in electronic filing 
of environmental documents as permitted under the Government Paperwork

[[Page 12011]]

Elimination Act (GPEA), and as required under appropriate environmental 
statutes. The information maintained by the CDX-CRS includes the 
individual's name and related identifiers, work contact information, 
supervisor's name and contact information, and information about the 
EPA program under which the individual plans to report electronically. 
The information will be used to protect and manage access to the 
individual's account on CDX.

DATES: Comments must be received no later than April 17, 2002. This new 
system of records will commence April 26, 2002 unless the Agency 
receives comments which would result in a contrary determination.

ADDRESSES: Persons wishing to submit comments should direct them to: 
Environmental Protection Agency, Office of Environmental Information, 
Collection Services Division, MS 2823, 1200 Pennsylvania Avenue, 
Washington, DC 20460.

FOR FURTHER INFORMATION CONTACT: Valerie Brecher Kovacevic at brecher-
[email protected], or 202-260-9488. If you use a 
telecommunications device for the deaf (TDD), you may call the Federal 
Information Relay Service (FIRS) at 1-800-877-8339.

SUPPLEMENTARY INFORMATION:
EPA/CDX-CRS

System Name.
    EPA Central Data Exchange--Customer Registration Subsystem (CDX-
CRS)

Security Classification:
     None.

System Location:
    The system will be operated and maintained by EPA or organizations 
under contract with the EPA (henceforth referred to as ``EPA'') at 
their place of business. The system is currently maintained at 
Logistics Management Institute, 2000 Corporate Ridge Drive, McLean, VA 
22102-7805.

Categories of Individuals Covered by the System:
    This system contains records on all individuals that have either 
attempted to register or have registered to obtain an account to use 
CDX for electronically exchanging data with EPA. Registered users of 
EPA's CDX-CRS may include representatives of industry, government or 
laboratories exchanging information with EPA through CDX.

Categories of Records in the System:
    This system contains records including individual's name, self-
assigned user name and security question, work title, work address and 
related work contact information (e.g., phone and fax numbers, E-mail 
address), supervisor's name and related contact information, and 
information related to the EPA reporting program the individual is 
planning to electronically file or report under (e.g., EPA program ID # 
and EPA program role) and the method of reporting (web browser, file 
exchange). The individual registering for CDX will also generate a 
self-assigned password that will be stored on the CDX-CRS, but it will 
only be accessible to the registering individual. The system will also 
store other system-generated data such as the registration date and 
time, digital certificate identifier, and other identifiers for 
internal tracking. Upon assignment of the password and ID code, the 
user may subsequently access the CDX system by entering these data and 
CDX will use this information to authenticate the individual's access 
to CDX.

Authority for Maintenance of System:
    In accordance with the Government Paperwork Elimination Act (44 
U.S.C. 3504), EPA's electronic compliance filing and environmental data 
exchange system will enable the ``acquisition and use of information 
technology, including alternative information technologies that provide 
for electronic submission, maintenance, or disclosure of information as 
a substitute for paper and for the use and acceptance of electronic 
signatures.'' Section 3504(a)(1)(B)(vi) of Title 44, United States 
Code.

Purpose(s):
    Central Data Exchange is EPA's portal for electronically exchanging 
environmental data with our external customers. Individual external 
users with CDX accounts may engage in secure, electronic filing of 
environmental documents as permitted under the Government Paperwork 
Elimination Act (GPEA), and as required under appropriate environmental 
statutes. CDX-CRS was developed to protect the EPA and CDX system users 
from individuals seeking to gain unauthorized access to user accounts 
on CDX.
    The information contained in records maintained in the CDX-CRS 
system is used for the purposes of verifying the identity of the 
individual, informing users of the conditions and terms of using CDX, 
allowing individual users to establish an account on CDX, providing 
individual users access to their CDX account for electronically filing 
compliance data or exchanging other forms of environmental data, 
allowing individual users to customize, update or terminate their 
account with CDX, renewing or revoking an individual user's account on 
CDX, supporting the CDX help desk functions, investigating possible 
fraud and verifying compliance with program regulations, and initiating 
legal action against an individual involved in program fraud, abuse, or 
noncompliance.

Routine Uses of Records Maintained in the System, Including Categories 
of Users and the Purposes of Such Uses:
    CDX-CRS records will be used to facilitate registering CDX system 
users, issuing a username and password, and subsequently, verifying an 
individual's identity as he/she seeks to gain routine access to his/her 
account. In some cases the user verification process will require EPA 
to contact the employer, based on the registration information provided 
by the user. The system has secondary uses that include: using the 
established username to facilitate tracking service calls or e-mails 
from the user in the event that there is a change in registration 
status or a problem the user has with CDX, offering the user new CDX 
service options, and facilitating the retrieval of user actions (e.g., 
historical submissions and help tickets) and events while on the CDX 
system. The records may also be subsequently used for auditing or other 
internal purposes of the EPA, including but not limited to: instances 
where enforcement of the conditions of using CDX are necessary; 
investigation of possible fraud involving a registered user; litigation 
purposes related to information reported to the agency; contacting the 
individual in the event of a system modification; a change to CDX; or 
modification, revocation or termination of user's access privileges to 
CDX.
    EPA may disclose information contained in a record in this system 
of records under the routine uses listed in this notice without the 
consent of the individual if the disclosure is compatible with the 
purposes for which the record was collected. These disclosures may be 
made on a case-by-case basis or under a computer matching agreement if 
the Agency has complied with the computer matching requirements of the 
Act.
    The general routine uses for EPA's CDX are listed as follows:
    Disclosure for Law Enforcement Purposes, Disclosure Incident to 
Requesting Information, Disclosure to a Requesting Agency, Disclosure 
to Congressional Offices, Disclosure to Department of Justice, 
Disclosure to the National Archives, Disclosure to

[[Page 12012]]

Contractors, Grantees, and Others, Disclosure for Administrative 
Claims, Complaints, and Appeals, and Disclosure in Connection With 
Litigation.
    A detailed description of these routine uses can be found in the 
Federal Register, Privacy Act of 1974: System of Records, Creation of 
Eleven New Privacy Act System of Records Notice (at 66 FR 49947 (2001)) 
and also on the National Archives and Records Administration website, 
Privacy Act Issuances--1999 Compilation at:http://www.access.gpo.gov/
su_docs/aces/PrivacyAct.shtml?desc015.html.
    In addition, the following routine uses may also apply:

Program Disclosures:
    The Agency may disclose information from this system to Federal, 
State, or local agencies, private parties such as relatives, present 
and former employers and business and personal associates, and hearing 
officials for the following purposes:
    (a) To verify the identity of the individual;
    (b) To enforce the conditions or terms of Agency program 
regulations;
    (c) To investigate possible fraud and verify compliance with Agency 
program regulations;
    (d) To prepare for litigation or to litigate collection service and 
audit;
    (e) To initiate a limitation, suspension and termination (LS&T), 
debarment, or suspension action;
    (f) To investigate complaints, update files, and correct errors.

Litigation and Alternative Dispute Resolution (ADR) Disclosures:
    (a) In the event that one of the parties listed below is involved 
in litigation or ADR, or has an interest in litigation ADR, the Agency 
may disclose certain records to the parties described in paragraphs 
(b), (c), and (d) of this routine use under the conditions specified in 
those paragraphs:
    (i) The Environmental Protection Agency, or any component of the 
Agency; or
    (ii) Any Agency employee in his or her official capacity; or
    (iii) Any Agency employee in his or her individual capacity if the 
Department of Justice (DOJ) has agreed to provide or arrange for 
representation for the employee;
    (iv) Any Agency employee in his or her individual capacity where 
the agency has agreed to represent the employee; or
    (v) The United States where the Agency determines that the 
litigation is likely to affect the Agency or any of its components.
    (b) Disclosure to the DOJ. If the Agency determines that disclosure 
of certain records to the DOJ is relevant and necessary to litigation 
or ADR, the Agency may disclose those records as a routine use to the 
DOJ.
    (c) Administrative Disclosures. Agencies that may obtain 
information under this routine use include, but are not limited to, the 
Office of Personnel Management, Office of Special Counsel, Merit 
Systems Protection Board, Federal Labor Relations Authority, Equal 
Employment Opportunity Commission, and Office of Government Ethics.
    (d) Parties, counsels, representatives and witnesses. If the Agency 
determines that disclosure of certain records to a party, counsel, 
representative or witness in an administrative proceeding is relevant 
and necessary to the litigation, the Agency may disclose those records 
as a routine use to the party, counsel, representative or witness.
    Research Disclosure: The Agency may disclose records to a 
researcher if an appropriate official of the Agency determines that the 
individual or organization to which the disclosure would be made is 
qualified to carry out specific research related to functions or 
purposes of this system of records. The official may disclose records 
from this system of records to that researcher solely for the purpose 
of carrying out that research related to the functions or purposes of 
this system of records. The researcher shall be required to maintain 
Privacy Act safeguards with respect to the disclosed records.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, 
and Disposing of Records in the System:
Storage:
    The CDX is a new system for which the Agency is in the process of 
establishing a records schedule. The CDX will be taking e-transactions 
and preserving them in accordance with applicable EPA and other Federal 
policy and regulations. The CDX currently stores records on magnetic 
and/or digital formats. All record storage procedures are in accordance 
with current applicable regulations.

Retrievability:
    Records are retrievable by the CDX user name, program ID number, or 
all or part of the individual's name.

Safeguards:
    EPA has minimized the risk of unauthorized access to the system by 
establishing a secure environment for exchanging electronic 
information. Physical access to the data system housed within the 
facility is controlled by a computerized badge reading system, and the 
entire complex is patrolled by security during non-business hours. The 
computer system offers a high degree of resistance to tampering and 
circumvention. Multiple levels of security are maintained with the 
computer system control program. This system limits data access to EPA 
and contract staff on a need to know basis, and controls individuals 
ability to access and alter records with the system. All users of the 
system of records are given a unique user identification (ID) with 
personal identifiers. All interactions between the system and the 
authorized individual users are recorded.

Retention and Disposal:
    The EPA will retain and dispose of these records in accordance with 
National Archives and Records Administration General Records Schedule 
20, Item 1.c. This schedule provides disposal authorization for 
electronic files and hard copy printouts created to monitor system 
usage, including but not limited to log-in files, audit trail files, 
system usage files, and cost-back files used to access charges for 
system use. Records will be deleted or destroyed when the Agency 
determines they are no longer needed for administrative, legal, audit, 
or other program purposes.

System Managers and Address:
    USEPA, Office of Environmental Information, (MS2823), 1200 
Pennsylvania Ave. NW., Washington, DC 20460, Attn: Chief, Central 
Receiving Branch.

Notification Procedure:
    Requests to determine whether this system of records contains a 
record pertaining to the requesting individual should be sent to the 
USEPA, Office of Environmental Information, (MS2823), 1200 Pennsylvania 
Ave. NW., Washington, D.C. 20460, Attn: Chief, Central Receiving 
Branch. To send a fax request: 202-401-0182. To determine whether a 
record exists regarding you in the system of records, provide the 
system manager with your name and username. Requests must meet the 
requirements of the regulations at 40 CFR part 16.

Record Access Procedures:
    A request for record access shall follow the directions described 
under Notification Procedure and will be addressed to the system 
manager at the address listed above.

[[Page 12013]]

Contesting Records Procedures:
    If you wish to contest a record in the system of records, contact 
the system manager with the information described under Notification 
Procedure, identify the specific items you are contesting, and provide 
a written justification for each item.

Record Source Categories:
    Information is obtained from individuals who have had or seek to 
have their identity authenticated except that a password and a username 
are explicitly self-assigned by the user registering to gain access to 
CDX.

System Exempted from Certain Provisions of the Act:
    None.

Kim Nelson,
Assistant Administrator and Chief Information Officer, Office of 
Environmental Information, EPA.
[FR Doc. 02-6486 Filed 3-15-02; 8:45 am]
BILLING CODE 6560-50-P