Privacy Act of 1974; System of Records

Issuing agencies

Abstract

The Payroll Data Analytics Project was created to analyze payroll disbursement data. For the HUD employees in the collection, the HUD Office of the Chief Financial Officer (OCFO) collects the first five letters of the first name and the last 4 digits of Social Security Numbers (SSN) from the Department of Treasury, Administrative Resource Center (ARC). This is collected as part of the payroll data used to identify questionable payroll transactions that may require further review by HUD management. If needed, OCFO will request HUD employees' Standard Form 50 (SF-50) from HUD's Office of the Chief Human Capital Officer (OCHCO) for potential outliers that require justification. HUD OCHCO sends the SF-50 to HUD OCFO via encrypted email. The SF-50 includes Personally Identifiable Information (PII) such as full name, date of birth, SSN, pay grade, salary, veterans' preference, and all other data included in the SF-50 template.

Full Text

<html>
<head>
<title>Federal Register, Volume 86 Issue 220 (Thursday, November 18, 2021)</title>
</head>
<body><pre>
[Federal Register Volume 86, Number 220 (Thursday, November 18, 2021)]
[Notices]
[Pages 64519-64521]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2021-25109]


-----------------------------------------------------------------------

DEPARTMENT OF HOUSING AND URBAN DEVELOPMENT

[Docket No. FR-7046-N-01]


Privacy Act of 1974; System of Records

AGENCY: Office of the Chief Financial Officer (OCFO), HUD.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The Payroll Data Analytics Project was created to analyze 
payroll disbursement data. For the HUD employees in the collection, the 
HUD Office of the Chief Financial Officer (OCFO) collects the first 
five letters of the first name and the last 4 digits of Social Security 
Numbers (SSN) from the Department of Treasury, Administrative Resource 
Center (ARC). This is collected as part of the payroll data used to 
identify questionable payroll transactions that may require further 
review by HUD management. If needed, OCFO will request HUD employees' 
Standard Form 50 (SF-50) from HUD's Office of the Chief Human Capital 
Officer (OCHCO) for potential outliers that require justification. HUD 
OCHCO sends the SF-50 to HUD OCFO via encrypted email. The SF-50 
includes Personally Identifiable Information (PII) such as full name, 
date of birth, SSN, pay grade, salary, veterans' preference, and all 
other data included in the SF-50 template.

DATES: This notice action shall be applicable immediately, which will 
become effective December 20, 2021.
    Comments will be accepted on or before: December 20, 2021.

ADDRESSES: You may submit comments, identified by docket number [FR-
7046-N-01] by one of the following methods:
    Federal e-Rulemaking Portal: <a href="http://www.regulations.gov">http://www.regulations.gov</a>. Follow the 
instructions provided on that site to submit comments electronically;
    Fax: 202-619-8365;
    Email: <a href="/cdn-cgi/l/email-protection#2656544f5047455f664e534208414950"><span class="__cf_email__" data-cfemail="5e2e2c37283f3d271e362b3a70393128">[email&#160;protected]</span></a>;
    Mail: Attention: Privacy Office; Chief Privacy Officer, Mr. LaDonne 
White, The Executive Secretariat; 451 Seventh Street SW, Room 10139, 
Washington, DC 20410-0001.
    Instructions: All submissions received must include the agency name 
and docket number for this rulemaking. All comments received will be 
posted without change to <a href="http://www.regulations.gov">http://www.regulations.gov</a>. including any 
personal information provided.
    Docket: For access to the docket to read background documents or 
comments received go to <a href="http://www.regulations.gov">http://www.regulations.gov</a>.

FOR FURTHER INFORMATION CONTACT: LaDonne White, Chief Privacy Officer, 
The Privacy Office, 451 Seventh Street SW, Room 10139, Washington, DC 
20410-1000; telephone number 202-708-3054 (this is not a toll-free 
number).

SUPPLEMENTARY INFORMATION: HUD OCFO is creating a system of records for 
the Payroll Data Analytics Project to collect HUD employees' PII from 
the Treasury ARC and HUD OCHCO. The PII that Treasury has is initially 
collected for payroll purposes. HUD OCFO will collect from Treasury 
only the first five digits of the first name and the last four digits 
of the Social Security Number (SSN) for all individuals within HUD's 
payroll. HUD OCFO will use R Script to review and identify any 
questionable payroll transactions and/or outliers (e.g., mismatch of 
Employee Name and SSN, fraudulent transactions). An R Script is a set 
of instructions that tells the computer what to do. If any are 
identified, HUD OCFO will request SF-50s from OCHCO for the specified 
employee(s) for justification and further review.

SYSTEM NAME AND NUMBER:
    Payroll Data Analytics Project.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records collected by HUD OCFO are maintained at the Department of 
Housing and Urban Development Local Area Network (LAN), which resides 
at the National Center for Critical Information Processing and Storage 
(NCCIPS), Stennis Space Center, MS and at the Mid-Atlantic Data Center, 
Clarksville, VA.

SYSTEM MANAGER(S):
    Director, OCFO Financial Policy and Procedures Division, 451 7th 
St. SW, Washington, DC 20410-0001.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 6101-6133; 5 U.S.C. 6301-6387; 44 U.S.C. 3101; 5 U.S.C. 
5501-5597; 5 CFR part 630; 31 U.S.C. 3512(b); 31 U.S.C. 3351 et seq.--
Payment Integrity Information Act (PIIA) of 2019; Executive Order 
13478; OMB Circular No. A 123, Appendix A, Management of Reporting and 
Data Integrity Risk.

PURPOSE(S) OF THE SYSTEM:
    Identification and Validation--Payroll data is collected for 
reviewing and identifying questionable payroll transactions and/or 
outliers (e.g., mismatch of Employee Name and SSN) that may require 
further review by HUD Management to comply with OMB Circular No. A 123, 
Appendix A, ``Management of Reporting and Data Integrity Risk.''

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    All HUD employees from the previous fiscal year.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The following data is collected from Treasury ARC: First five 
characters of HUD employee's first name; last four digits of HUD 
employee's SSN. If further review needs to be done on an individual's 
payroll accounting, the SF-50 is collected from HUD OCHCO, which 
includes: Full name, date of birth, SSN, pay grade, salary, veterans 
preference, and all other data included in the SF-50 template.

RECORD SOURCE CATEGORIES:
    These records contain information obtained from the Department of 
Treasury, Administrative Resource Center (ARC), which serves as the HR 
shared service provider for HUD. Note: HUD OCFO is not the initial 
collector of the information from individuals.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition, the Privacy Act allows HUD to disclose records from 
its systems of records, from the following headings (1)-(14), to 
appropriate agencies, entities, and persons, when the records being 
disclosed are compatible with the purpose for which the system was 
developed. The routine use statements specified in this notice shall 
not be used to construe, limit, or waive any other routine use 
condition or exemption specified in the text of an individual system of 
records, and may

[[Page 64520]]

overlap in some cases. The routine use statements and their conditions 
for disclosure are categorized below.
    (1) Department of Treasury for Payroll Adjustments/Corrections 
Disclosure Routine Use:
    To the Department of Treasury's Administrative Resource Center 
(ARC), for the purpose of adjusting any payroll transactional error 
findings.
    (2) General Service Administration Information Disclosure Routine 
Use:
    To the National Archives and Records Administration (NARA) and the 
General Services Administration (GSA) for records having sufficient 
historical or other value to warrant its continued preservation by the 
United States Government, or for inspection under authority of Title 
44, Chapter 29, of the United States Code.
    (3) Congressional Inquiries Disclosure Routine Use:
    To a congressional office from the record of an individual, in 
response to an inquiry from the congressional office made at the 
request of that individual.
    (4) Health and Safety Prevention Disclosure Routine Use:
    To appropriate Federal, State, and local governments, or persons, 
pursuant to a showing of compelling circumstances affecting the health 
or safety or vital interest of an individual or data subject, including 
assisting such agencies or organizations in preventing the exposure to 
or transmission of a communicable or quarantinable disease, or to 
combat other significant public health threats, if upon such disclosure 
appropriate notice was transmitted to the last known address of such 
individual to identify the health threat or risk.
    (5) Consumer Reporting Agency Disclosure Routine Use:
    To a consumer reporting agency, when trying to collect a claim owed 
on behalf of the Government, in accordance with 31 U.S.C. 3711(e).
    (6) Computer Matching Program Disclosure Routine Use:
    To Federal, State, and local agencies, their employees, and agents 
for the purpose of conducting computer matching programs as regulated 
by the Privacy Act of 1974, as amended (5 U.S.C. 552a).
    (7) Prevention of Fraud, Waste, and Abuse Disclosure Routine Use:
    To Federal agencies, non-Federal entities, their employees, and 
agents (including contractors, their agents or employees; employees or 
contractors of the agents or designated agents); or contractors, their 
employees or agents with whom HUD has a contract, service agreement, 
grant, cooperative agreement, or computer matching agreement for the 
purpose of: (1) Detection, prevention, and recovery of improper 
payments; (2) detection and prevention of fraud, waste, and abuse in 
major Federal programs administered by a Federal agency or non-Federal 
entity; (3) detection of fraud, waste, and abuse by individuals in 
their operations and programs, but only to the extent that the 
information shared is necessary and relevant to verify pre-award and 
prepayment requirements prior to the release of Federal funds, prevent 
and recover improper payments for services rendered under programs of 
HUD or of those Federal agencies and non-Federal entities to which HUD 
provides information under this routine use.
    (8) Research and Statistical Analysis Disclosure Routine Uses:
    (a) To contractors, grantees, experts, consultants, Federal 
agencies, and non-Federal entities, including, but not limited to, 
State and local governments and other research institutions or their 
parties, and entities and their agents with whom HUD has a contract, 
service agreement, grant, or cooperative agreement, when necessary to 
accomplish an agency function, related to a system of records, for the 
purposes of statistical analysis and research in support of program 
operations, management, performance monitoring, evaluation, risk 
management, and policy development, or to otherwise support the 
Department's mission. Records under this routine use may not be used in 
whole or in part to make decisions that affect the rights, benefits, or 
privileges of specific individuals. The results of the matched 
information may not be disclosed in identifiable form.
    (b) To a recipient who has provided the agency with advance, 
adequate written assurance that the record provided from the system of 
records will be used solely for statistical research or reporting 
purposes. Records under this condition will be disclosed or transferred 
in a form that does not identify an individual.
    (9) Information Sharing Environment Disclosure Routine Uses:
    To contractors, grantees, experts, consultants and their agents, or 
others performing or working under a contract, service, grant, or 
cooperative agreement with HUD, when necessary to accomplish an agency 
function related to a system of records. Disclosure requirements are 
limited to only those data elements considered relevant to 
accomplishing an agency function. Individuals provided information 
under these routine use conditions are subject to Privacy Act 
requirements and disclosure limitations imposed on the Department.
    (10) Data Testing for Technology Implementation Disclosure Routine 
Use:
    To contractors, experts and consultants with whom HUD has a 
contract, service agreement, or other assignment of the Department, 
when necessary to utilize relevant data for the purpose of testing new 
technology and systems designed to enhance program operations and 
performance.
    (11) Data Breach Remediation Purposes Routine Use:
    (a) To appropriate agencies, entities, and persons when (1) HUD 
suspects or has confirmed that there has been a breach of the system of 
records; (2) HUD has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, HUD (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with [the agency's] efforts to respond to the suspected or 
confirmed breach or to prevent, minimize, or remedy such harm.
    (b) To another Federal agency or Federal entity, when HUD 
determines that information from this systems of record is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal government, or national security resulting from a suspected 
or confirmed breach.
    (12) Disclosures for Law Enforcement Investigations Routine Uses:
    (a) To appropriate Federal, State, local, tribal, or governmental 
agencies or multilateral governmental organizations responsible for 
investigating or prosecuting the violations of, or for enforcing or 
implementing, a statute, rule, regulation, order, or license, where HUD 
determines that the information would assist in the enforcement of 
civil or criminal laws.
    (b) To third parties during the course of a law enforcement 
investigation, to the extent necessary to obtain information pertinent 
to the investigation, provided the disclosure of such information is 
appropriate to the proper performance of the official duties of the 
officer making the disclosure.
    (13) Court or Law Enforcement Proceedings Disclosure Routine Uses:
    (a) To a court, magistrate, administrative tribunal, or arbitrator 
in the course of presenting evidence, including disclosures to opposing

[[Page 64521]]

counsel or witnesses in the course of civil discovery, litigation, 
mediation, or settlement negotiations; or in connection with criminal 
law proceedings; or in response to a subpoena or to a prosecution 
request when such records to be released are specifically approved by a 
court provided order.
    (b) To appropriate Federal, State, local, tribal, or governmental 
agencies or multilateral governmental organizations responsible for 
investigating or prosecuting the violations of, or for enforcing or 
implementing, a statute, rule, regulation, order, or license, where HUD 
determines that the information would assist in the enforcement of 
civil or criminal laws.
    (c) To third parties while a law enforcement investigation to the 
extent necessary to obtain information pertinent to the investigation, 
provided disclosure is appropriate to the proper performance of the 
official duties of the officer making the disclosure.
    (d) To another agency or to an instrumentality of any governmental 
jurisdiction within or under the control of the United States for a 
civil or criminal law enforcement activity if the activity is 
authorized by law, and if the head of the agency or instrumentality has 
made a written request to the agency that maintains the record, 
specifying the particular portion desired and the law enforcement 
activity for which the record is sought.
    (14) Department of Justice for Litigation Disclosure Routine Use:
    To the Department of Justice (DOJ) when seeking legal advice for a 
HUD initiative or in response to DOJ's request for the information, 
after either HUD or DOJ determine that such information is relevant to 
DOJ's representatives of the United States or any other components in 
legal proceedings before a court or adjudicative body, provided that, 
in each case, the agency also determines prior to disclosure that 
disclosure of the records to DOJ is a use of the information contained 
in the records that is compatible with the purpose for which HUD 
collected the records. HUD on its own may disclose records in this 
system of records in legal proceedings before a court or administrative 
body after determining that the disclosure of the records to the court 
or administrative body is a use of the information contained in the 
records that is compatible with the purpose for which HUD collected the 
records.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    General Records
    Records will be stored on a shared drive (J:/Drive) in a restricted 
folder with restricted access to specific staff. The shared drive is a 
part of the HUD Local Area Network (LAN).

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Designated OCFO Financial Management staff members will pull 
records from the restricted shared drive folder (J:/Drive).

POLICIES AND PRACTICIES FOR RENTENTION AND DISPOSAL OF RECORDS
    Destroy 6 years after final payment or cancellation, but longer 
retention is authorized if required for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Users must log into their workstation with their PIV (ID) badge and 
a PIN number to log into the computer and access the HUD network. The 
data is stored on the HUD LAN resides at the Stennis and Clarksville 
Data Centers. Both data centers are managed by the OCIO Infrastructure 
and Operations Office (IOO) and are secured by security guards with ID 
badges and cameras. Files are stored on a shared drive folder J:/Drive 
in a restricted folder with restricted access to specific staff and the 
files are encrypted at rest. All OCFO staff must complete annual IT 
Security Awareness/Privacy Awareness Training, and electronically sign 
the Enterprise Rules of Behavior.

RECORD ACCESS PROCEDURES:
    Individuals seeking to determine whether this System of Records 
contains information on themselves should address written inquiries to 
the Department of Housing Urban and Development 451 7th Street SW, 
Washington, DC. For verification purposes, individuals should provide 
full name, current address, and telephone number. In addition, the 
requester must provide either a notarized statement or an unsworn 
declaration made in accordance with 28 U.S.C. 1746, in the following 
format:
    If executed outside the United States: ``I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).''
    If executed within the United States, its territories, possessions, 
or commonwealths: ``I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).''

CONTESTING RECORD PROCEDURES:
    The HUD rule for accessing, contesting, and appealing agency 
determinations by the individual concerned are published in 24 CFR part 
16 or may be obtained from the system manager.

NOTIFICATION PROCEDURES:
    Individuals seeking to determine whether information about 
themselves is contained in this system should address written inquiries 
to the Department of Housing Urban Development Chief Financial Officer, 
451 7th Street SW, Washington, DC 20410-0001. For verification 
purposes, individuals should provide full name, office or organization 
where currently assigned, if applicable, and current address and 
telephone number. In addition, the requester must provide either a 
notarized statement or an unsworn declaration made in accordance with 
28 U.S.C. 1746, in the following format:
    If executed outside the United States: ``I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).''
    If executed within the United States, its territories, possessions, 
or commonwealths: ``I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).''

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    N/A.

HISTORY:
    N/A.

LaDonne L. White,
Departmental Privacy Officer.
[FR Doc. 2021-25109 Filed 11-17-21; 8:45 am]
BILLING CODE 4210-67-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>