GENERAL SERVICES ADMINISTRATION
[Notice-IEB-2024-06; Docket No. 2024-0002; Sequence No. 28]
Privacy Act of 1974; System of Records
AGENCY: General Services Administration.
ACTION: Notice of a modified system of records.
SUMMARY: GSA proposes to modify a system of records subject to the Privacy Act
of 1974, as amended. This system of records was established to collect and maintain
records concerning GSA Office of Inspector General (OIG) investigations, including
allegations of misconduct, violations of criminal, civil, and administrative laws and
regulations pertaining to GSA programs, operations, employees, contractors, and other
individuals or entities associated with GSA. This system of records is intended to support
and protect the integrity of GSA OIG’s investigations and operations; ensure compliance
with applicable laws, regulations, and policies; and ensure the integrity of GSA
employees’ conduct and the conduct of contractors and other entities which have business
with GSA. The previously published notice is being revised to update the categories of
records in the system to include video and audio recordings, add two new routine uses,
and to update additional information in the system of records notice.
DATES: Submit comments on or before [INSERT DATE 30 DAYS AFTER DATE OF
PUBLICATION IN THE FEDERAL REGISTER].
ADDRESSES: Comments may be submitted to the Federal eRulemaking Portal,
http://www.regulations.gov. Submit comments by searching for GSA/ADM -24, Office
of Inspector General Investigation Case Files
FOR FURTHER INFORMATION CONTACT: Call or email Richard Speidel, Chief
Privacy Officer at 202-969-5830 and gsa.privacyact@gsa.gov.

SUPPLEMENTARY INFORMATION: GSA proposes to modify a system of records
subject to the Privacy Act of 1974, 5 U.S.C. 552a. GSA intends to add two new routine
uses that are consistent with the purpose of this system of records.
The Inspector General Empowerment Act of 2016 (IGEA), 5 U.S.C. 406(j), exempts
certain computerized data comparisons performed by or in coordination with Inspectors
General from the Computer Matching and Privacy Protection Act of 1988, Public Law
100-503. GSA proposes adding a new routine use (routine use “u”) to clarify that the
GSA Office of Inspector General (OIG) has authority to compare OIG records contained
in the system with the records of other federal agencies and non-federal records.
Additionally, GSA proposes adding a second routine use (routine use “q”) and revising
routine use “p” to reflect the current Office of Management and Budget (OMB) breach
response guidance in M-17-12, Preparing for and Responding to a Breach of Personally
Identifiable Information.
GSA also proposes to update the categories of records in the system to include video and
audio recordings, which will facilitate the GSA OIG’s compliance with Executive Order
(E.O) 14074, Advancing Effective, Accountable Policing and Criminal Justice Practices
To Enhance Public Trust and Public Safety, issued May, 25, 2022. Video and audio
recordings of individuals may be captured by GSA OIG criminal investigators during
investigations and operations, e.g. body worn cameras, surveillance equipment
etc. The recordings will be used for gathering and preserving evidence.
GSA proposes updating the system location to include the GSA OIG field offices and
secure sites and secure servers maintained by third-party secure providers. This
modification is being made in conjunction with the implementation of a solution to
support GSA OIG’s compliance with E.O. 14074, as well as to support other solutions or
processes that may require the support of third-party service providers.

Additionally, GSA is making changes to the system of records notice (SORN) to update
the information in the SORN. In addition to making minor technical and administrative
corrections and changes to format, GSA proposes: (1) a new description of the purpose of
the SORN to better summarize the purpose of this system of records; (2) updating the (a)
categories of individuals covered by the system, (b) categories of records in the system,
and (c) adding a new section titled records source categories; (3) updating the location of
electronic records, record storage and safeguarding procedures to reflect new technology
and procedures used to protect government records; and (4) changing the notification,
access, and amendment procedures to align with the corresponding GSA Code of Federal
Regulations. The proposed revisions are compatible with the purpose of this system of
record.
Richard Speidel,
Chief Privacy Officer,
Office of the Deputy Chief Information Officer,
General Services Administration.
[Billing Code: 6820-AB]

SYSTEM NAME: Investigation Case Files
SYSTEM NUMBER: GSA/ADM-24
SECURITY CLASSIFICATION: Some of the material contained in the system has
been classified in the interests of national security.
SYSTEM LOCATION: This system is located at the GSA Office of Inspector General,
1800 F Street, NW, Washington, DC 20405. The database for the system is known as the
E-Investigative Documentation Electronic Administrative System (E-IDEAS). In
addition, records are maintained in GSA OIG field offices. GSA OIG field office
locations can be obtained by contacting the GSA OIG at the address above. Original and
duplicate systems may exist, in whole or in part, at secure sites and on secure servers
maintained by third-party service providers for the GSA OIG. These systems are
FedRAMP Moderate compliant and have all applicable Federal Information Security
Modernization Act (FISMA), Federal Information Processing Standards (FIPS), security
controls as applicable.
SYSTEM MANAGER(S): Director, Information Technology of the Office of Inspector
General (JPM), 1800 F Street, NW, Washington, DC 20405.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM: General authority to
maintain the system is contained in the Inspector General Act of 1978, as amended, 5
U.S.C. 401-424.
PURPOSE(S) OF THE SYSTEM: The purpose of this system is to collect and
maintain records concerning GSA OIG investigations, including allegations of
misconduct, violations of criminal, civil, and administrative laws and regulations
pertaining to GSA programs, operations, employees, contractors, and other individuals or
entities associated with GSA. This system of records is intended to support and protect
the integrity of GSA OIG’s investigations and operations; ensure compliance with
applicable laws, regulations, and policies; and ensure the integrity of GSA employees’

conduct and the conduct of contractors and other entities which have business with GSA.
The system also tracks issuance of GSA OIG equipment and GSA OIG personnel
training.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Individuals
covered by the system are present and former GSA and GSA OIG employees, applicants
for employment with GSA OIG, as well as individuals associated with commissions,
committees and small agencies serviced by GSA. The system also includes historical
researchers, employees of government contractors, any person who was the source of a
complaint or an allegation of misconduct, a witness who has information or evidence on
any side of an investigation, and any possible or actual suspect in a criminal,
administrative (including suspension and/or debarment actions), or civil action, as well as
individuals referenced in potential or actual cases and matters being investigated by the
Office of Investigations.
CATEGORIES OF RECORDS IN THE SYSTEM: Investigative files contain
personal information, including name, date, and place of birth, contact information, social
security number, experience, work history, photographs, video, audio recordings, and
other investigative material that is used in GSA OIG investigations and operations. The
system also contains GSA OIG inventory records of gear and equipment purchased by
the OIG for use by OIG personnel in the performance of their official duties.
Additionally, the system stores GSA OIG employees' training records, which document
employees' training requirements.
RECORD SOURCE CATEGORIES: Records are collected from other systems,
individuals or their representatives, present and former GSA and OIG employees,
informants, law enforcement agencies, other government agencies, state agencies, credit
bureaus, data services, government contractors, private companies, employers,

references, co-workers, neighbors, educational institutions, public sources, and
intelligence sources.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
In addition to other disclosures generally permitted under subsection (b) of the Privacy
Act of 1974, 5 U.S.C. 552a(b), the GSA OIG may disclose records for the following
routine uses:
a. A record of any case in which there is an indication of a violation or potential violation
of law, whether civil, criminal, or regulatory in nature, may be disseminated to the
appropriate federal, state, local, or foreign agency charged with the responsibility for
investigating or prosecuting such a violation or charged with enforcing or implementing
the law.
b. A record may be disclosed to a federal, state, local, or foreign agency or to an
individual or organization in the course of investigating a potential or actual violation of
any law, whether civil, criminal, or regulatory in nature, or during the course of a trial or
hearing or the preparation for a trial or hearing for such a violation, if there is reason to
believe that such agency, individual, or organization possesses information relating to the
investigation, and disclosing the information is reasonably necessary to elicit such
information or to obtain the cooperation of a witness or an informant.
c. A record relating to a case or matter may be disclosed in an appropriate federal, state,
local, or foreign court or grand jury proceeding in accordance with established
constitutional, substantive, or procedural law or practice, even when the agency is not a
party to the litigation.
d. A record relating to a case or matter may be disclosed to an actual or potential party or
to his or her attorney for the purpose of negotiation or discussion on matters such as
settlement of the case or matter, plea-bargaining, or informal discovery proceedings.

e. A record relating to a case or matter that has been referred by an agency for
investigation, prosecution, or enforcement or that involves a case or matter within the
jurisdiction of any agency may be disclosed to the agency to notify it of the status of the
case or matter or of any decision or determination that has been made, or to make such
other inquiries and reports as are necessary during the processing of the case or matter.
f. A record relating to a case or matter may be disclosed to a foreign country pursuant to
an international treaty or convention entered into and ratified by the United States, or to
an Executive agreement.
g. A record may be disclosed to a federal, state, local, foreign, or international law
enforcement agency to assist in crime prevention and detection or to provide leads for
investigation.
h. A record may be disclosed to a federal, state, local, foreign, tribal, or other public
authority in response to its request in connection with the assignment, hiring or retention
of an individual and/or employee, or disciplinary or other administrative action
concerning an employee, the issuance or revocation of a security clearance, the reporting
of an investigation of an individual and/or employee, or the award of a contract, grant, or
other benefit by the requesting agency, to the extent that the information relates to the
requesting agency’s decision on the matter.
i. A record may be disclosed to the news media and public in order to provide
information on events in an investigation or administrative or judicial proceeding when
the Inspector General determines there exists a legitimate public interest, unless the
Inspector General determines that release of the specific information in the context of a
particular case would constitute an unwarranted invasion of personal privacy.
j. A record may be disclosed to an appeal, grievance, hearing, or complaint examiner; an
equal opportunity investigator, arbitrator, or mediator; and/or an exclusive representative

or other person authorized to investigate or settle a grievance, complaint, or appeal filed
by an individual who is the subject of the record.
k. A record may be disclosed as a routine use to a Member of Congress or to a
congressional staff member in response to an inquiry of the congressional office made at
the request of the person who is the subject of the record.
l. Information may be disclosed at any stage of the legislative coordination and clearance
process to the Office of Management and Budget (OMB) for reviewing of private relief
legislation as set forth in OMB Circular No. A–19.
m. A record may be disclosed: (a) to an expert, a consultant, or contractor of GSA or
GSA OIG engaged in a duty related to an agency function to the extent necessary to
perform the function; and (b) to a physician to conduct a fitness-for-duty examination of
a GSA or GSA OIG officer or employee.
n. A record may be disclosed to an official charged with the responsibility to conduct
qualitative assessment reviews of internal safeguards and management procedures
employed in investigative operations. This disclosure category includes members of the
Council of the Inspectors General on Integrity and Efficiency (CIGIE) and officials and
administrative staff within their investigative chain of command, as well as authorized
officials of the Department of Justice and the Federal Bureau of Investigation.
o. A record relating to a case may be disclosed to the GSA Office of Acquisition Policy
for a decision or determination regarding suspension and debarment measures taken by
the government to disqualify contractors from participation in government contracting or
subcontracting.
p. To appropriate agencies, entities, and persons when (1) GSA and/or GSA OIG suspects
or has confirmed that there has been a breach of the system of records, (2) GSA and/or
GSA OIG has determined that as a result of the suspected or confirmed breach there is a
risk of harm to individuals, GSA and/or GSA OIG (including its information systems,

programs, and operations), the federal government, or national security; and (3) the
disclosure made to such agencies, entities, and persons is reasonably necessary to assist
in connection with GSA’s and/or GSA OIG’s efforts to respond to the suspected or
confirmed breach or to prevent, minimize, or remedy such harm.
q. To another federal agency or federal entity, when GSA and/or GSA OIG determines
that information from this system of records is reasonably necessary to assist the recipient
agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
(including its information systems, programs, and operations), the federal government, or
national security, resulting from a suspected or confirmed breach.
r. In any legal proceeding, where pertinent, to which GSA or GSA OIG is a party before a
court or administrative body.
s. To the Office of Personnel Management (OPM), the Office of Management and
Budget (OMB), and the Government Accountability Office (GAO) in accordance with
their responsibilities for evaluating federal programs.
t. To the National Archives and Records Administration (NARA) for records
management purposes.
u. A record may be disclosed to compare such record with records in other federal
agencies’ systems of records or to non-federal records.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Electronic records
and backups are stored on secure servers and accessed only by authorized personnel, in
accordance with GSA OIG IT Security Policy. Paper files are stored in locked rooms or
filing cabinets with access limited to authorized personnel.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: System records
are retrievable by searching for information in the case file, including but not limited to,
name of an individual, case name, case number, or social security number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF
RECORDS: System records are retained and disposed of according to GSA’s records
maintenance and disposition schedules and the requirements of the National Archives and
Records Administration.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: Records in
the system are protected from unauthorized access and misuse through a combination of
administrative, technical, and physical security measures. Administrative measures
include but are not limited to policies that limit system access to individuals within an
agency with a legitimate business need, and regular review of security procedures and
best practices to enhance security. Technical measures include but are not limited to
system design that allows authorized system users access only to data for which they are
responsible per FISMA requirements; required use of strong passwords that are
frequently changed; and use of encryption for certain data transfers using current FIPS
compliant protocols. Physical security measures include but are not limited to the use of
data centers which meet government requirements for storage of sensitive data. Paper
files are stored in locked rooms or filing cabinets and can only be accessed by authorized
users.
RECORD ACCESS PROCEDURES: This system of record is exempt from certain
notification, access, and amendment procedures of the Privacy Act, as described below.
However, GSA OIG will consider individual requests to determine whether or not
information may be released. If an individual wishes to access any record pertaining to
him or her in the system, that individual should consult the GSA’s Privacy Act
implementation rules available at 41 CFR part 105-64.2.
CONTESTING RECORD PROCEDURES: If an individual wishes to contest the
content of any record pertaining to him or her in the system, that individual should
consult the GSA’s Privacy Act implementation rules available at 41 CFR part 105-64.4.

NOTIFICATION PROCEDURES: Individuals seeking notification of any records
about themselves contained in this system of records should contact the system manager
at the address above. Follow the procedures on accessing records in 41 CFR part 105-64,
subpart 105-64.2 to request such notification.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
a. In accordance with 5 U.S.C. 552a(j), this system of records is exempt from all
provisions of the Privacy Act of 1974 with the exception of subsections (b); (c)(1) and
(2); (e)(4)(A) through (F); (e)(6), (7), (9), (10), and (11); and (i) of the Act, to the extent
that information in the system pertains to the enforcement of criminal laws, including
police efforts to prevent, control, or reduce crime or to apprehend criminals; to the
activities of prosecutors, courts, and correctional, probation, pardon, or parole authorities;
and to (a) information compiled for the purpose of identifying individual criminal
offenders and alleged offenders and consisting only of identifying data and notations of
arrests, the nature and disposition of criminal charges, sentencing, confinement, release,
and parole and probation status; (b) information compiled for the purpose of a criminal
investigation, including reports of informants and investigators, that is associated with an
identifiable individual; or (c) reports of enforcement of the criminal laws, from arrest or
indictment through release from supervision. This system is exempted to maintain the
efficacy and integrity of the Office of Inspector General’s law enforcement function.
In accordance with 5 U.S.C. 552a(k), this system of records is exempt from subsections
(c)(3); (d); (e)(1); (e)(4)(G), (H), and (I); and (f) of the Privacy Act of 1974 to the extent
that the system consists of investigatory material compiled for law enforcement purposes,
other than material within the scope of 5 U.S.C. 552a(j). However, if an individual is
denied any right, privilege, or benefit to which the individual would otherwise be eligible
as a result of the maintenance of such material, such material shall be provided to such
individual, except to the extent that the disclosure of such material would reveal the

identity of a source who furnished information to the government under an express
promise that the identity of the source would be held in confidence, or, prior to the
effective date of the Act, under an implied promise that the identity of the source would
be held in confidence; and
b. To the extent the system consists of investigatory material compiled solely for the
purpose of determining suitability, eligibility, or qualifications for federal civilian
employment, military service, federal contracts, or access to classified information, but
only to the extent that the disclosure of such material would reveal the identity of a
source who furnished information to the government under an express promise that the
identity of the source would be held in confidence, or, prior to the effective date of the
Act, under an implied promise that the identity of the source would be held in confidence.
This system has been exempted to maintain the efficacy and integrity of lawful
investigations conducted pursuant to the Office of Inspector General’s law enforcement
responsibilities and responsibilities in the areas of federal employment, government
contracts, and access to security classified information.
HISTORY: This notice revises the previously published notice (74 FR 6038, February 4,
2009).
[FR Doc. 2024-13262 Filed: 6/17/2024 8:45 am; Publication Date: 6/18/2024]