Voglio sapere a riguardo di…

jspears on DSK121TN23PROD with NOTICES1

69642

Federal Register / Vol. 86, No. 233 / Wednesday, December 8, 2021 / Notices
of the suspected or confirmed breach there is a risk of harm to individuals, EPA including its information systems, programs, and operations, the Federal Government, or national security; and 3 the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with EPAs efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
M. Disclosure to Assist Another Agency in its Efforts to Respond to a Breach of Personally Identifiable Information: To another Federal agency or Federal entity, when EPA determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in 1
responding to a suspected or confirmed breach or 2 preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity including its information systems, programs, and operations, the Federal Government, or national security, resulting from a suspected or confirmed breach.
Additional routine uses that apply to this system are:
1. Disclosure for Mandatory Reporting Requirements: Information may be disclosed to appropriate federal, state, local, tribal, or foreign governmental agencies or multilateral governmental organizations, to the extent permitted by law, and in consultation with legal counsel, to satisfy mandatory reporting requirements when applicable.
2. Disclosure to a Public Health Authority: Information may be disclosed to: Federal agencies such as the Department of Health and Human Services HHS, State and local health departments, and other public health or cooperating medical authorities in connection with program activities and related collaborative efforts to deal more effectively with exposures to communicable diseases or to combat public health threats, and to satisfy mandatory reporting requirements when applicable.
3. Disclosure to Governmental Organization: Information may be disclosed to: Appropriate federal, state, local, tribal, or foreign governmental agencies or multilateral governmental organizations, to the extent permitted by law, and in consultation with legal counsel, for the purpose of protecting the vital interests of a data subject or other persons, including to assist such agencies or organizations in preventing exposure to or transmission of a communicable or quarantinable disease or to combat other significant public health threats.

VerDate Sep<11>2014

16:53 Dec 07, 2021

Jkt 256001

4. Disclosure to Assisting Agency:
Information may be disclosed to: A
Federal agency or entity authorized to procure assistive technologies and services in response to a request for reasonable accommodation; another Federal agency pursuant to a written agreement with EPA to provide services such as medical evaluations, when necessary, in support of reasonable accommodation decisions.
5. Disclosure for Emergencies:
Information may be disclosed to first aid and safety personnel if the individuals medical condition requires emergency treatment.
6. Disclosure to Oversight Body:
Information may be disclosed to another Federal agency or oversight body charged with evaluating EPAs compliance with the laws, regulations, and policies governing reasonable accommodation requests.
7. Disclosure to Hosting Entity:
Information may be disclosed to an entity that is hosting an individual receiving an accommodation in order to provide continuation of that accommodation in the hosting location.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:

Electronic records are maintained in a secure password protected environment on electronic storage devices, including internal servers and local hardware devices government furnished equipment laptops. The electronic storage devices and any paper records are located at EPA Headquarters, EPA
Regional Offices, and/or the local office of the Requestor. Paper records are maintained in file folders stored within locking filing cabinets or locked rooms in secured facilities with controlled access.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:

These records are retrieved by the Requestors name, and/or a case number that is assigned to the request in RAMS, and/or by office or region.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:

Records stored in this system are subject to EPA records schedule number EPA 0068, Reasonable Accommodation Request Records. A
records schedule provides mandatory instructions on how long to keep records retention and when they can be disposed. Reasonable accommodation records are retained until three years after an employee separates from EPA or three years after an applicant made the request if they are not hired.

PO 00000

Frm 00032

Fmt 4703

Sfmt 4703

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:

Security controls used to protect personal sensitive data in RAMS are commensurate with those required for an information system rated MODERATE for confidentiality, integrity, and availability, as prescribed in National Institute of Standards and Technology NIST Special Publication, 80053, Security and Privacy Controls for Information Systems and Organizations, Revision 5.
1. Administrative Safeguards: EPA
staff must complete annual agency training for Information Security and Privacy. EPA instructs staff to lock and secure their computers and offices, if applicable, when unattended. All staff authorized to use RAMS are required to take training on the proper handling of personally identifiable information before using RAMS as well as annual Agency Information Security and Privacy Awareness training.
2. Technical Safeguards: EPA staff authorized to access electronic records are assigned permission levels.
Permission level assignments allow authorized users to access only those system functions and records specific to their Agency work need. EPA also has technical security measures including restrictions on computer access to authorized individuals and required use of a personal identity verification PIV
card and password. Medical documentation is password protected.
3. Physical Safeguards: Only authorized EPA staff have access to paper files, which are stored within locking filing cabinets or locked rooms in secured facilities with controlled access. Electronic storage devices are maintained in secured facilities with controlled access.
RECORD ACCESS PROCEDURES:

All requests for access to personal records should cite the Privacy Act of 1974 and reference the type of request being made i.e., access. Requests must include: 1 The name and signature of the individual making the request; 2
the name of the Privacy Act system of records to which the request relates; 3
a statement whether a personal inspection of the records or a copy of them by mail is desired; and 4 proof of identity. A full description of EPAs Privacy Act procedures for requesting access to records is available at 40 CFR
part 16.
CONTESTING RECORD PROCEDURES:

Requests for correction or amendment must include: 1 The name and signature of the individual making the request; 2 the name of the Privacy Act
E:FRFM08DEN1.SGM

08DEN1