DOI-91, Oracle Federal Financials (OFF)

80 FR 66551 (October 29, 2015); Modification published 86 FR 50156 (September 7, 2021)
============================================================================================================
 
DEPARTMENT OF THE INTERIOR
 
Office of the Secretary
 
[XXXD4523WD DWDFSE000.RV0000 DS68664000]
 
Privacy Act of 1974, as Amended; Notice To Amend an Existing System of Records
 
AGENCY:  Office of the Secretary, Interior.
 
ACTION:  Notice of an amendment to an existing system of records.
-------------------------------------------------------------------------------------------------------------------------------------------------------------
SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of the Interior is issuing a public notice of its intent to amend the system of records titled "Oracle Federal Financials (OFF), DOI-91." The system provides the Interior Business Center customer agencies with a web-based financial accounting  application for financial management purposes such as for budgeting, purchasing, procurement, reimbursement, and reporting and collection functions. This amendment will update the system name, system location, categories of records, authority, routine uses, system manager and address, safeguards, retention and disposal, notification procedures, record access procedures, contesting record procedures, and provide additional information about the system.
 
DATES: Comments must be received by November 30, 2015. The amendments to the system will be effective November 30, 2015.
 
ADDRESSES: Any person interested in commenting on this amendment may do so by submitting written comments to Teri Barnett, Departmental Privacy Officer, U.S. Department of the Interior, 1849 C Street NW., Mail Stop 5547 MIB, Washington, DC 20240; hand-delivering comments to Teri Barnett, Departmental Privacy Officer, U.S. Department of the Interior, 1849 C Street NW., Mail Stop 5547 MIB, Washington, DC 20240; or emailing comments to Privacy@ios.doi.gov.
 
FOR FURTHER INFORMATION CONTACT: Chief, Application Management Section, Finance and Procurement Systems Division, Interior Business Center, U.S. Department of the Interior, 7401 West Mansfield Avenue, Mail Stop D-2782, Denver, CO 80235-2230; or by telephone at (303) 969-5023.
 
SUPPLEMENTARY INFORMATION: 
 
I. Background
The Department of the Interior (DOI) Interior Business Center (IBC) maintains the "Oracle Federal Financials (OFF), DOI-91" system of records. The IBC is a service provider that performs services for other Federal government agencies, both inside and outside the DOI. The IBC's service offerings include providing and maintaining various types of business management systems for its clients, including human resources and financial management applications. The Oracle Federal Financial (OFF) system includes the OFF and OFF-VE applications, which are components of the Oracle eBusiness Suite. The OFF system provides IBC clients with a web-based application that contains customizable financial management modules that combine to provide a comprehensive financial software package to support budgeting, purchasing, Federal procurement, accounts payable, fixed assets, general ledger, inventory, accounts receivable, reimbursement, reporting, and collection functions.
 
The IBC hosts the OFF system and is responsible for system administration functions. Each client agency retains control over its data in the system and has one or more designated managers who are responsible for maintaining client agency data in the OFF system. While DOI records generated and maintained in OFF are covered under this system of records notice, each client agency that maintains records within the system has published system notices that cover these financial management activities. Therefore, individuals seeking access to or amendment of their records under the control of a client agency should follow the access procedures outlined in the applicable client agency system of records notice or send a written inquiry to that agency Chief Privacy Officer.
 
Additionally, the records maintained within the OFF system may also be covered by existing government-wide system of records notices, including GSA/GOVT-3, Travel Charge Card Program; GSA/GOVT-4, Contracted Travel Services Program; and GSA/GOVT-6, GSA SmartPay Purchase Charge Card Program, and may be subject to handling and disclosure requirements under published routine uses pursuant to the government wide notices as applicable. Client agencies are responsible for ensuring the handling, use, and sharing of their records in OFF is in compliance with the Privacy Act of 1974, including the provisions regarding notice, access, collection, use, retention, and disclosure of records from this system. The Oracle Federal Financials (OFF), DOI-91 system of records notice was last published in the Federal Register on September 10, 2013, 78 FR 55284.
 
The amendments to the system will be effective as proposed at the end of the comment period (the comment period will end 30 days after publication of this notice in the Federal Register), unless comments are received which would require a contrary determination. DOI will publish a revised notice if changes are made based upon a review of the comments received.
 
II. Privacy Act
The Privacy Act of 1974, as amended, embodies fair information practice principles in a statutory framework governing the means by which Federal agencies collect, maintain, use, and disseminate individuals' personal information. The Privacy Act applies to information that is maintained in a "system of records." A "system of records" is a group of any records under the control of an agency for which information about an individual is retrieved by the name or by some identifying number, symbol, or other identifying particular assigned to the individual. The Privacy Act defines an individual as a United States citizen or lawful permanent resident. As a matter of policy, DOI extends Privacy Act protections to all individuals.  Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of DOI by complying with DOI Privacy Act Regulations located at 43 CFR part 2, subpart K.
 
The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains and the routine uses of the information in each system in order to make agency record keeping practices transparent, notify individuals regarding the uses of their records, and assist individuals to more easily find these records within the agency. Below is the description of the "Oracle Federal Financials (OFF), DOI-91" system of records.
 
In accordance with 5 U.S.C. 552a(r), DOI has provided a report concerning this system of records to the Office of Management and Budget and to Congress. 
 
III. Public Disclosure
Before including your address, phone number, email address, or other personal identifying information in your comment, you should be aware that your entire comment, including your personal identifying information, may be made publicly available at any time. While you can ask us in your comment to withhold your personal identifying information from public review, we cannot guarantee that we will be able to do so.
 
Dated: October 23, 2015.
Teri Barnett,
Departmental Privacy Officer.
 
SYSTEM NAME:
Oracle Federal Financials (OFF), DOI-91.
 
SECURITY CLASSIFICATION:
Unclassified.
 
SYSTEM LOCATION:
The system is located and managed at
  • (1) U.S. Department of the Interior, Interior Business Center, Finance and Procurement Systems Division, 12201 Sunrise Valley Drive, MS–206, Reston, VA 20192; and
  • (2) U.S. Department of the Interior, Interior Business Center, Finance and Procurement Systems Division, 7401 West Mansfield Avenue, MS D-2782, Denver, CO 80235–2230.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered by the system include employees of various Federal agencies that are Interior Business Center (IBC) clients using OFF, as well as employees or agents for third party vendors, contractors and suppliers who provide OFF clients with related financial services. This system also contains information about individuals, either employees or non-employees, who owe debts to the Federal agencies that use the system. Records relating to corporations and other business entities contained in this system are not subject to the Privacy Act, only records relating to individuals containing personal information are subject to the Privacy Act.
 
CATEGORIES OF RECORDS IN THE SYSTEM:
  • (1) Accounts receivable for OFF clients, including individuals who may be employees or non-employees and employees who owe money to OFF clients and are the subject of collections actions. Information in the system may include first and last names, home addresses, phone numbers, email addresses, employee identification numbers, and Social Security numbers.
  • (2) Accounts payable information about non-employee individuals and sole proprietors, including individuals who provide services to OFF clients. Information may include names, home or business addresses, phone or fax numbers, email addresses, Tax identification numbers, Social Security numbers, banking account numbers for electronic fund transfer payments, invoices and claims for reimbursement. 
  • (3) Employees of OFF clients who submit claims for reimbursable expenses. Information may include names, employee identification numbers, Social Security numbers, work addresses, phone numbers, email addresses, receipts and claims for reimbursement.
  • (4) Employees of OFF clients who hold government bank or debit cards for purchases or travel. Information may include names, employee identification numbers, Social Security Numbers, home or work addresses, phone numbers, email addresses, card numbers and purchase histories.
The system contains additional business and financial records for OFF clients that do not include personal information. Records in this system are subject to the Privacy Act only if they are about an individual within the meaning of the Privacy Act, and not if they are about a business, organization, or other non-individual.
 
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
31 U.S.C. 3512, Executive Agency Accounting and Other Financial Management Reports and Plans; 5 U.S.C. 4111, Acceptance of Contributions, Awards, and Other Payments; 5 U.S.C. 5514, Installment deduction for indebtedness to the United States; 5 U.S.C. 5701, et seq. Travel and Subsistence Expenses, Mileage Allowances; 31 U.S.C. 3512, Executive agency accounting and other financial management reports and plans; 31 U.S.C. 3711, Collection and Compromise; and the Office of Management and Budget Circular A-127, Policies and Standards for Financial Management Systems.
 
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
The primary purpose of the system is to support financial management for Federal agencies by providing a standardized, automated capability for performing administrative control of funds, general accounting, billing and collecting, payments, management reporting, and regulatory reporting. In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, disclosures outside DOI may be made as a routine use under 5 U.S.C. 552a(b)(3) as follows:
  • (1) (a) To any of the following entities or individuals, when the circumstances set forth in paragraph (b) are met:
      • (i) The U.S. Department of Justice (DOJ);
      • (ii) A court or an adjudicative or other administrative body;
      • (iii) A party in litigation before a court or an adjudicative or other administrative body; or
      • (iv) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee;
    • (b) When: 
      • (i) One of the following is a party to the proceeding or has an interest in the proceeding:
        • (A) DOI or any component of DOI;
        • (B) Any other Federal agency appearing before the Office of Hearings and Appeals;
        • (C) Any DOI employee acting in his or her official capacity;
        • (D) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee;
        • (E) The United States, when DOJ determines that DOI is likely to be affected by the proceeding; and
      • (ii) DOI deems the disclosure to be:
        • (A) Relevant and necessary to the proceeding; and
        • (B) Compatible with the purpose for which the records were compiled.
  • (2) To a congressional office in response to a written inquiry that an individual covered by the system, or the heir or such individual if the covered individual is deceased, has made to the office.
  • (3) To the Executive Office of the President in response to an inquiry from that office made at the request of the subject of a record or a third party on that person's behalf, or for a purpose compatible for which the records are collected or maintained.
  • (4) To any criminal, civil, or regulatory law enforcement authority (whether federal, state, territorial, local, tribal, or foreign) when a record, either alone or in conjunction with other information, indicates a violation or potential violation of law--criminal, civil, or regulatory in nature, and the disclosure is compatible with the purpose for which the records were compiled.
    (5) To an official of another federal agency to provide information needed in the performance of official duties related to reconciling or reconstructing data files or to enable that agency to respond to an inquiry by the individual to whom the record pertains.
    (6) To Federal, state, territorial, local, tribal, or foreign agencies that have requested information relevant or necessary to the hiring, firing or retention of an employee or contractor, or the issuance of a security clearance, license, contract, grant, or other benefit, when the disclosure is compatible with the purpose for which the records were compiled.
    (7) To representatives of the National Archives and Records Administration to conduct records management inspections under the authority of 44 U.S.C. 2904 and 2906.
    (8) To state and local governments and tribal organizations to provide information needed in response to court orders and/or discovery purposes related to litigation, when the disclosure is compatible with the purpose for which the records were compiled.
    (9) To an expert, consultant, or contractor (including employees of the contractor) of DOI that performs services requiring access to these records on DOI's behalf to carry out the purposes of the system.
  • (10) To appropriate agencies, entities, and persons when:
    • (a) It is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; and
    • (b) The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interest, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the  Department or another agency or entity) that rely upon the compromised information; and
    • (c) The disclosure is made of such agencies, entities, and persons who are reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
  • (11) To the Office of Management and Budget during the coordination and clearance process in connection with legislative affairs as mandated by OMB Circular A-19.
  • (12) To the Department of Treasury to recover debts owed to the United States.
  • (13) To a commercial credit card contractor(s) for the accounting and payment of employee obligation for travel, purchasing and fleet management credit card usage.
    (14) To OFF clients, for the purpose of processing, using and maintaining their agency's data in the OFF system.
    (15) To the Department of Justice or other federal agency for further collection action on any delinquent debt when circumstances warrant.
    (16) To the General Accounting Office, Department of Justice, or a United States Attorney, for actions regarding debt and attempts to collect monies owed.
    (17) To the news media and the public, with the approval of the Public Affairs Officer in consultation with counsel and the Senior Agency Official for Privacy, where there exists a legitimate public interest in the disclosure of the information, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.
  • (18) To another Federal agency or Federal entity, when DOI determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in:
    • (a) Responding to a suspected or confirmed breach; or
    • (b) Preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
Pursuant to 5 U.S.C. 552a(b)(12), disclosures may be made to a consumer reporting agency as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1996 (31 U.S.C. 3701(a)(3)).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING AND DISPOSING OF RECORDS IN THE SYSTEM:
 
STORAGE:
Electronic records are maintained on servers located at IBC's data centers in Denver, CO and Reston, VA. Records are accessed only by authorized personnel who have a need to access the records in the performance of their official duties. Paper records are contained in file folders stored in file cabinets in accordance with 383 Departmental Manual 8.
 
RETRIEVABILITY:
The personal identifiers that can be used to retrieve information on individuals are name, Social Security number, employee identification numbers, bank account number, government travel/small purchase bank card number, employee number and supplier number.
 
SAFEGUARDS:
The records contained in this system are safeguarded in accordance with 43 CFR 2.226 and all other applicable security rules and policies. Manual or paper records are maintained in locked file cabinets located in secure facilities under the control of authorized personnel. Security controls to prevent unauthorized access include network access security limits, physical and logical access controls for the data center hosting the system, operating system controls, application passwords, and application data group security levels. Access to servers containing system records is limited to authorized personnel with a need to know the information to perform their official duties and requires a valid username and password.  
 
Unique user identification and authentication, such as passwords, least privileges and audit logs are utilized to ensure appropriate permissions and access levels. Access to the system is also limited by network access or security controls such as firewalls, and system data is encrypted. Facilities that host the system are guarded and monitored by security personnel, cameras, ID checks, and other physical security measures. Server rooms are locked and accessible only by authorized personnel. DOI personnel authorized to access the system must complete mandatory Security, Privacy, and Records Management training and sign the DOI Rules of Behavior. A privacy impact assessment was conducted to ensure appropriate controls and safeguards are in place to protect the information within the system.
 
RETENTION AND DISPOSAL:
Each Federal agency client maintains records in the system in accordance with records retention schedules approved by the National Archives and Records Administration (NARA), and agency clients are responsible for the retention and disposal of their own records. Financial management records are retained in accordance with General Records Schedule (GRS) 1.1, and records are destroyed six years after final payment or cancellation. While the IBC provides system administration and management support to agency clients, any records disposal is in accordance with client agency approved data disposal procedures.
 
DOI records are maintained under Departmental Records Schedules and GRS that cover administrative and financial management records, and retention periods may vary according to the subject matter and needs of the agency. Approved disposition methods include shredding or pulping for paper records, and degaussing or erasing electronic records in accordance with NARA Guidelines and 384 Departmental Manual 1.
 
SYSTEM MANAGER AND ADDRESS:
Chief, Application Management Section, Finance & Procurement Systems Division, U.S. Department of the Interior, Interior Business Center, 7401 West Mansfield Avenue, MS D-2782, Denver, CO 80235-2230.
 
NOTIFICATION PROCEDURES:
An individual requesting notification of the existence of DOI records on himself or herself should send a signed, written inquiry to the System Manager identified above. The request envelope and letter should be clearly marked "PRIVACY ACT INQUIRY." A request for notification must meet the requirements of 43 CFR 2.235.
 
Individuals seeking notification of records under the control of a client agency serviced by IBC under a cross-servicing agreement for financial management services should follow the notification procedures outlined in the applicable client agency system of records notice or send a written inquiry to that agency Chief Privacy Officer.
 
RECORDS ACCESS PROCEDURES:
An individual requesting access to DOI records on himself or herself should send a signed, written inquiry to the System Manager identified above. The request envelope and letter should be clearly marked "PRIVACY ACT REQUEST FOR ACCESS". The request letter should describe the records sought as specifically as possible. A request for access must meet the requirements of 43 CFR 2.238. Individuals seeking access to their records under the control of a client agency serviced by IBC under a cross-servicing agreement for financial management services should follow the access procedures outlined in the applicable client agency system of records notice or send a written inquiry to that agency Chief Privacy Officer.
 
CONTESTING RECORDS PROCEDURES:
An individual requesting corrections or contesting information contained in DOI records must send a signed, written request to the System Manager identified above. A request for corrections or removal must meet the requirements of 43 CFR 2.246.
 
Individuals seeking to contest their records under the control of a client agency serviced by IBC under a cross-servicing agreement for financial management services should follow the procedures outlined in the applicable client agency system of records notice or send a written inquiry to that agency Chief Privacy Officer.
 
RECORD SOURCE CATEGORIES:
Information in the system is obtained from IBC's Federal agency clients, as well as third party vendors, contractors and suppliers who provide related financial services to the clients using the system.
 
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.

Was this page helpful?

Please provide a comment