[Federal Register Volume 71, Number 191 (Tuesday, October 3, 2006)]
[Notices]
[Pages 58377-58379]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E6-16287]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary of Defense

[DOD-2006-OS-0198]


Privacy Act of 1974; System of Records

AGENCY: National Reconnaissance Office.

ACTION: Notice to Alter a System of Records.

-----------------------------------------------------------------------

SUMMARY: The National Reconnaissance Office is proposing to alter a 
system of records notice in its existing inventory of record systems 
subject to the Privacy Act of 1974, (5 U.S.C. 552a), as amended.

DATES: This proposed action will be effective without further notice on 
November 2, 2006 unless comments are received which result in a 
contrary determination.

ADDRESSES: Send comments to the FOIA/Privacy Official, National 
Reconnaissance Office, Information Access and Release, 14675 Lee Road, 
Chantilly, VA 20151-1715.

FOR FURTHER INFORMATION CONTACT: Contact Ms. Linda Hathaway at (703) 
227-9128.

SUPPLEMENTARY INFORMATION: The National Reconnaissance Office systems 
of records notices subject to the Privacy Act of 1974, (5 U.S.C. 552a), 
as amended, have been published in the Federal Register and are 
available from the address above.
    The proposed system report, as required by 5 U.S.C. 552a(r) of the 
Privacy Act of 1974, as amended, was submitted on September 26, 2006, 
to the House Committee on Government Reform, the Senate Committee on 
Governmental Affairs, and the Office of Management and Budget (OMB) 
pursuant to paragraph 4c of Appendix I, `Federal Agency 
Responsibilities for Maintaining Records About Individuals', to OMB 
Circular No. A-130, dated November 30, 2000.

    Dated: September 27, 2006.
C.R. Choate,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
QNRO-21

System name:
    Personnel Security Files (March 7, 2005, 70 FR 10994)

Changes:
* * * * *

System Location:
    Delete ``Office of Security, Personnel Security Division'' and 
replace with ``Office of Security and Counterintelligence.''
* * * * *

Categories of Records in the system:
    At the end of the entry, add ``non-disclosure agreements, job 
knowledge, contract information, and secure classified information 
facility (SCIF) information.''

Authority for maintenance of the system:
    Delete entry and replace with ``5 U.S.C. 301 Departmental 
Regulations; National Security Act of 1947, as amended, 50 U.S.C. 401 
et seq.; and E.O. 9397.''

[[Page 58378]]

Purposes:
    In the first paragraph after the word ``granting,'' add ``and 
tracking.''
    Add a new third paragraph to read ``To assist in the determination 
of whether an award fee is justified for the performance of a contract 
in accordance with an established award fee plan.''

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    In the second paragraph, delete ``Director of Security'' and 
replace with ``Director of Security and Counterintelligence.''
* * * * *

Retrievability:
    Delete entry and replace with ``Name, social security number, 
agency identification number, date and place of birth, home telephone 
number, and home address.''

Safeguards:
    Delete entry and replace with ``Records are stored in a secure, 
gated facility that is guarded. Computer terminal access is password 
protected. Access to and use of these records are limited to personnel 
whose official duties require access on a need-to-know basis.''

Retention and disposal:
    Add a new second paragraph to read ``Access related files are 
destroyed 2 years after authorization expires. Non-disclosure agreement 
files are destroyed when they are 70 years old. Special access program 
administrative records are destroyed 5 years after the program is 
disestablished or disapproved, whichever is applicable.''

System manager(s) and address:
    Delete ``Chief, Personnel Security Division, Office of Security'' 
and replace with ``Director, Office of Security and 
Counterintelligence.''
    Delete second paragraph.
* * * * *

Contesting record procedures:
    Delete ``110-3A'' and replace with ``110-3b'' and delete ``110-5A'' 
and replace with ``110-3-1.''

System name:
    Personnel Security Files.

System location:
    Office of Security and Counterintelligence, National Reconnaissance 
Office, 14675 Lee Road, Chantilly, VA 20151-1715.

Categories of individuals covered by the system:
    National Reconnaissance Office (NRO) civilian, military and 
contractor personnel who have been nominated or investigated for 
security clearances and program accesses.

Categories of records in the system:
    Name, Social Security Number, agency identification number, 
employee's geographic work location, employer, work telephone number, 
date and place of birth, home address and home telephone number, 
dependents' names, individual's background investigation and polygraph 
data, interview and adjudication information, all other information 
such as that found on standard government forms SF 86 and 1879, appeal 
and referral data, program access status, classification number, the 
security file location, and administrative and investigatory comments, 
and security incident records, such as security file number, user id, 
date resolved, case id, case manager, government point of contact, 
incident report date, incident report type, date notified, reporter's 
name, affiliation, employer, officer, information systems security 
officer name and phone number, manager name and phone number, program 
security officer name and phone number, date of incident, location 
where incident occurred, incident type and description, names of 
personnel involved with incident along with their social security 
number, office, affiliation, employer, and phone number, incident 
category, classification of data, name of person who classified it, 
including identification number, title, position, organization, phone 
number, person who verified classification level of data, their title, 
position, organization, phone number and source used to verify 
classification, data owner name, their title, position, organization, 
phone number, date notified, date classification confirmed, number of 
individuals and organizations with unauthorized access to information 
and their clearance level, organization that caused the unauthorized 
disclosure, nature of unauthorized disclosure, where file originated, 
how data was introduced into computer system, file name, size, type and 
whether action warrants notification of the Director of Central 
Intelligence, non-disclosure agreements, job knowledge, contract 
information, and secure classified information facility (SCIF) 
information.

Authority for maintenance of the system:
    5 U.S.C. 301 Departmental Regulations; National Security Act of 
1947, as amended, 50 U.S.C. 401 et seq.; and E.O. 9397.

Purpose(s):
    The information is used for granting and tracking security program 
accesses to NRO personnel; to maintain, support, and track personnel 
security administrative processing; to provide data for day-to-day 
security functions; and to conduct security investigations.
    The system also provides a centrally managed security incident 
database for NRO security managers. The user will be the primary 
reporter of the information to enable an accurate overall view of 
incident response activities. This will also be a tool to ensure 
incidents are identified, documented, tracked, investigated, responded 
to, adjudicated, and corrected, in a standard and timely manner.
    To assist in the determination of whether an award fee is justified 
for the performance of a contract in accordance with an established 
award fee plan.
    Routine uses of records maintained in the system, including 
categories of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, these records or information contained 
therein may specifically be disclosed outside the NRO as a routine use 
pursuant to 5 U.S.C. 552a(b)(3) as follows:
    To contractors and other Federal agencies for purposes of 
protecting the security of NRO installations, activities, property, and 
employees; to facilitate and verify an individual's eligibility to 
access classified information; and to protect the interests of National 
Security. The NRO Director of Security and Counterintelligence or his/
her designee must approve disclosure in writing.
    To the Intelligence Community to review the records, in the form of 
statistics only, for the purpose of providing trend analysis, 
disseminating threat information, providing reports of IT threats, any 
issues affecting mission critical networks, informing them of 
unauthorized disclosures or any compromise of intelligence information 
in accordance with applicable law.
    The DoD `Blanket Routines Uses' published at the beginning of the 
NRO compilation of systems of records notices apply to this system.
    Policies and practices for storing, retrieving, accessing, 
retaining, and disposing of records in the system.

Storage:
    Paper files and automated information system, maintained in 
computers and computer output products.

[[Page 58379]]

Retrievability:
    Name, social security number, agency identification number, date 
and place of birth, home telephone number, and home address.

Safeguards:
    Records are stored in a secure, gated facility, that is guarded. 
Computer terminal access is password protected. Access to and use of 
these records are limited to personnel whose official duties require 
access on a need-to-know basis.

Retention and disposal:
    Security case records are temporary, retained for 15 years after 
inactivation; noteworthy files are retained for 25 years after 
inactivation. Security incident records are temporary, retained for 5 
years after inactivation. Audio and videotapes of polygraph 
examinations and interviews are temporary and are re-used or destroyed 
when superseded, obsolete, or no longer needed.
    Access related files are destroyed 2 years after authorization 
expires. Non-disclosure agreement files are destroyed when they are 70 
years old. Special access program administrative records are destroyed 
5 years after the program is disestablished or disapproved, whichever 
is applicable.

System manager(s) and address:
    Director, Office of Security and Counterintelligence, 14675 Lee 
Road, Chantilly, VA 20151-1715.

Notification procedure:
    Individuals seeking to determine whether this system of records 
contains information about themselves should address written inquiries 
to the National Reconnaissance Office, Information Access and Release 
Center, 14675 Lee Road, Chantilly, VA 20151-1715.
    Request should include full name and any aliases or nicknames, 
address, Social Security Number, current citizenship status, and date 
and place of birth, and other information identifiable from the record.
    In addition, the requester must provide a notarized statement or an 
unsworn declaration in accordance with 28 U.S.C. 1746, in the following 
format:
    If executed without the United States: I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).
    If executed within the United States, its territories, possessions, 
or commonwealths: I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).

Record access procedures:
    Individuals seeking to access information about themselves 
contained in this system should address written inquiries to the 
National Reconnaissance Office, Information Access and Release Center, 
14675 Lee Road, Chantilly, VA 20151-1715.
    Request should include full name and any aliases or nicknames, 
address, Social Security Number, current citizenship status, and date 
and place of birth, and other information identifiable from the record.
    In addition, the requester must provide a notarized statement or an 
unsworn declaration in accordance with 28 U.S.C. 1746, in the following 
format:
    If executed without the United States: I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).
    If executed within the United States, its territories, possessions, 
or commonwealths: I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).

Contesting record procedures:
    The NRO rules for accessing records, for contesting contents and 
appealing initial agency determinations are published in NRO Directive 
110-3b and NRO Instruction 110-3-1; 32 CFR part 326; or may be obtained 
from the Privacy Act Coordinator, National Reconnaissance Office, 14675 
Lee Road, Chantilly, VA 20151-1715.

Record source categories:
    Information is supplied by the individual, by persons other than 
the individual, and by documentation gathered in the background 
investigation, and other government agencies.

Exemptions claimed for the system:
    Investigatory material compiled for law enforcement purposes may be 
exempt pursuant to 5 U.S.C. 552a(k)(2). However, if an individual is 
denied any right, privilege, or benefit for which he would otherwise be 
entitled by Federal law or for which he would otherwise be eligible, as 
a result of the maintenance of such information, the individual will be 
provided access to such information except to the extent that 
disclosure would reveal the identity of a confidential source.
    Investigatory material compiled solely for the purpose of 
determining suitability, eligibility, or qualifications for Federal 
civilian employment, military service, Federal contracts, or access to 
classified information may be exempt pursuant to 5 U.S.C. 552a(k)(5), 
but only to the extent that such material would reveal the identity of 
a confidential source.
    An exemption rule for this exemption has been promulgated in 
accordance with requirements of 5 U.S.C. 553(b)(1), (2), and (3), (c) 
and (e) and published in 32 CFR part 326. For additional information 
contact the system manager.

[FR Doc. E6-16287 Filed 10-2-06; 8:45 am]
BILLING CODE 5001-06-P