[Federal Register Volume 76, Number 89 (Monday, May 9, 2011)]
[Notices]
[Pages 26712-26714]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-11159]



[[Page 26712]]

-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

[Docket ID DOD-2011-OS-0049]


Privacy Act of 1974; System of Records

AGENCY: Office of the Secretary, DoD.

ACTION: Notice to alter a system of records.

-----------------------------------------------------------------------

SUMMARY: The Office of the Secretary of Defense proposes to alter a 
system of records in its inventory of record systems subject to the 
Privacy Act of 1974 (5 U.S.C. 552a), as amended.

DATES: This proposed action would be effective without further notice 
on June 8, 2011 unless comments are received which result in a contrary 
determination.

ADDRESSES: You may submit comments, identified by docket number and/
Regulatory Information Number (RIN) and title, by any of the following 
methods:
    * Federal Rulemaking Portal: http://www.regulations.gov. Follow the 
instructions for submitting comments.
    * Mail: Federal Docket Management System Office, 1160 Defense 
Pentagon, OSD Mailroom 3C843, Washington, DC 20301-1160.
    Instructions: All submissions received must include the agency name 
and docket number or Regulatory Information Number (RIN) for this 
Federal Register document. The general policy for comments and other 
submissions from members of the public is to make these submissions 
available for public viewing on the Internet at http://www.regulations.gov as they are received without change, including any 
personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT: Ms. Cindy Allard at (703) 588-6830, or 
Chief, OSD/JS Privacy Office, Freedom of Information Directorate, 
Washington Headquarters Services, 1155 Defense Pentagon, Washington, DC 
20301-1155.

SUPPLEMENTARY INFORMATION: The Office of the Secretary of Defense 
notices for systems of records subject to the Privacy Act of 1974 (5 
U.S.C. 552a), as amended, have been published in the Federal Register 
and are available from the FOR FURTHER INFORMATION CONTACT address 
above.
    The proposed system report, as required by 5 U.S.C. 552a(r) of the 
Privacy Act of 1974, as amended, was submitted on May 2, 2011, to the 
House Committee on Oversight and Government Reform, the Senate 
Committee on Governmental Affairs, and the Office of Management and 
Budget (OMB) pursuant to paragraph 4c of Appendix I to OMB Circular No. 
A-130, ``Federal Agency Responsibilities for Maintaining Records About 
Individuals,'' dated February 8, 1996 (February 20, 1996, 61 FR 6427).

    Dated: May 3, 2011.
Morgan F. Park,
Alternate OSD Federal Register Liaison Officer, Department of Defense.

DEPARTMENT OF DEFENSE

Office of the Secretary of Defense
Narrative Statement on an Altered System of Records Under the Privacy 
Act of 1974
    1. System identifier and name: DPFPA 01, entitled ``Pentagon 
Facilities Access Control Systems.''
    2. Responsible official: Ms. Paula Jones-Griffin, Chief, Pentagon 
Access Control Division, Security Services Directorate, Pentagon Force 
Protection Agency, Room 1F1084, 9000 Defense Pentagon, Washington, DC 
20301-9000, telephone (703) 693-2865.
    3. Nature of changes proposed for the system: The Office of the 
Secretary of Defense proposes to change the system name, update the 
categories of individuals covered, categories of records, authorities, 
purpose, retrievability, safeguards, retention, system manager, 
notification, access, and record source sections.
    4. Authority for the maintenance of the system: 10 U.S.C. 113, 
Secretary of Defense; 10 U.S.C. 2674, Operation and Control of Pentagon 
Reservation and Defense facilities in National Capital Region; DoD 
Directive 1000.25, DoD Personnel Identity Protection (PIP) Program; DoD 
Directive 5105.68, Pentagon Force Protection Agency (PFPA); DoD 
5200.08-R, Physical Security Program; DoD Directive 8521.01E, 
Department of Defense Biometrics; Directive Type Memorandum 09-012, 
Interim Policy Guidance for DoD Physical Access Control; and E.O. 9397 
(SSN), as amended.
    5. Probable or potential effects on the privacy of individuals: 
None.
    6. Is the system, in whole or in part, being maintained by a 
contractor? Yes.
    7. Steps taken to minimize risk of unauthorized access: Records are 
maintained in secure, limited access, or monitored areas. Access to 
data is restricted through the use of Common Access Cards (CAC) along 
with passwords specific to the system. Data is encrypted, while being 
stored and transmitted. Physical entry to the Pentagon Access Control 
Division Office, server rooms and security equipment closets where 
information is stored or processed is restricted through the use of 
locks, guards, passwords, or other administrative procedures. Access to 
personal information is limited to those individuals who require the 
records to perform their official assigned duties.
    8. Routine use compatibility: In addition to those disclosures 
generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, 
these records may specifically be disclosed outside the DoD as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    The DoD `Blanket Routine Uses' set forth at the beginning of the 
Office of the Secretary of Defense (OSD) compilation of systems of 
records notices apply to this system.
    9. OMB information collection requirements: 0704-0328, expires 07/
31/2011.
    10. Supporting documentation: None.
    11. Name of the IT System: Pentagon Facilities Access Control 
Systems.
DPFPA 01

System name:
    Department of Defense (DoD) Pentagon Building Pass Files (September 
11, 2008, 73 FR 52840).
    Changes:
* * * * *

System name:
    Delete entry and replace with ``Pentagon Facilities Access Control 
System.''
* * * * *

Categories of individuals covered by the system:
    Delete entry and replace with ``Any Department of Defense military, 
civilian employee, or contractor sponsored by the Department of 
Defense, or other persons who have reason to enter Pentagon Facilities 
for official Department of Defense business.''

Categories of records in the system:
    Delete entry and replace with ``File contains, name, Social 
Security Number (SSN), DoD ID number, date of birth, place of birth, 
height, weight, race, gender, biometric images and templates (e.g., 
fingerprint and iris), citizenship, name of DoD sponsoring office, 
access investigation completion date, access level, previous facility 
pass issuances, and authenticating official.''

Authority for maintenance of the system:
    Delete entry and replace with ``10 U.S.C. 113, Secretary of 
Defense; 10 U.S.C. 2674, Operation and Control of Pentagon Reservation 
and Defense

[[Page 26713]]

facilities in National Capital Region; DoD Directive 1000.25, DoD 
Personnel Identity Protection (PIP) Program; DoD Directive 5105.68, 
Pentagon Force Protection Agency; DoD 5200.08-R, Physical Security 
Program; DoD Directive 8521.01E, Department of Defense Biometrics; 
Directive Type Memorandum 09-012, Interim Policy Guidance for DoD 
Physical Access Control; and E.O. 9397 (SSN), as amended.''

Purpose:
    Delete entry and replace with ``To maintain a listing of personnel 
who are authorized to access Pentagon Facilities and verify identity of 
approved individuals to access such facilities and offices.''
* * * * *

Retrievability:
    Delete entry and replace with ``By individual's name, SSN, or DoD 
ID number.''

Safeguards:
    Delete entry and replace with ``Records are maintained in secure, 
limited access, or monitored areas. Access to data is restricted 
through the use of Common Access Cards (CAC) along with passwords 
specific to the system. Data is encrypted, while being stored and 
transmitted. Physical entry to the Pentagon Access Control Division 
Office, server rooms and security equipment closets where information 
is stored or processed is restricted through the use of locks, guards, 
passwords, or other administrative procedures. Access to personal 
information is limited to those individuals who require the records to 
perform their official assigned duties.''

Retention and disposal:
    Delete entry and replace with ``Applications and credentials are 
destroyed three (3) months after expiration or return to PFPA. 
Verification records are maintained for 3-5 years and then destroyed.''

System manager(s) and address:
    Delete entry and replace with ``Chief, Pentagon Access Control 
Division, Security Services Directorate, Pentagon Force Protection 
Agency, Room 1F1084, 9000 Defense Pentagon, Washington, DC 20301-
9000.''

Notification procedure:
    Delete entry and replace with ``Individuals seeking to determine if 
their information is contained in this system should address written 
inquiries to Pentagon Force Protection Agency, Security Services 
Directorate, Pentagon Access Control Division, 9000 Defense Pentagon, 
Washington, DC 20301-9000.
    Written requests should contain the full name, SSN, DoD ID number, 
and current address and telephone number of the individual.''

Record access procedures:
    Delete entry and replace with ``Individuals seeking access to their 
information contained in this system should address written inquiries 
to the Office of the Secretary of Defense/Joint Staff Freedom of 
Information Act Requester Service Center, Office of the Freedom of 
Information, 1155 Defense Pentagon, Washington, DC 20301-1155.
    Written requests should contain the full name, SSN, DoD ID number, 
current address and telephone number of the individual, the name and 
number of this system of records notice, and be signed.''
* * * * *

Record source categories:
    Delete entry and replace with ``The individual, security managers, 
and the Joint Personnel Adjudication System.''
* * * * *
DPFPA 01

System name:
    Pentagon Facilities Access Control Systems.

System location:
    Pentagon Force Protection Agency (PFPA), Security Services 
Directorate, Pentagon Access Control Division, 9000 Defense Pentagon, 
Washington, DC 20301-9000.

Categories of individuals covered by the system:
    Any Department of Defense military, civilian employee, or 
contractor sponsored by the Department of Defense, or other persons who 
have reason to enter Pentagon Facilities for official Department of 
Defense business.

Categories of records in the system:
    File contains, name, Social Security Number (SSN), DoD ID number, 
date of birth, place of birth, height, weight, race, gender, biometric 
images and templates (e.g., fingerprint and iris), citizenship, name of 
DoD sponsoring office, access investigation completion date, access 
level, previous facility pass issuances, and authenticating official.

Authority for maintenance of the system:
    10 U.S.C. 113, Secretary of Defense; 10 U.S.C. 2674, Operation and 
Control of Pentagon Reservation and Defense facilities in National 
Capital Region; DoD Directive 1000.25, DoD Personnel Identity 
Protection (PIP) Program; DoD Directive 5105.68, Pentagon Force 
Protection Agency; DoD 5200.08-R, Physical Security Program; DoD 
Directive 8521.01E, Department of Defense Biometrics; Directive Type 
Memorandum 09-012, Interim Policy Guidance for DoD Physical Access 
Control; and E.O. 9397 (SSN), as amended.

Purpose:
    To maintain a listing of personnel who are authorized to access 
Pentagon Facilities and verify identity of approved individuals to 
access such facilities and offices.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act of 1974, these records may specifically be 
disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 
552a(b)(3) as follows:
    The DoD ``Blanket Routine Uses'' set forth at the beginning of the 
Office of the Secretary of Defense (OSD) compilation of systems of 
records notices apply to this system.

Policies and practices for storing, retrieving, accessing, retaining, 
and disposing of records in the system:
Storage:
    Paper records in file folders and electronic storage media.

Retrievability:
    By individual's name, SSN, or DoD ID number.

Safeguards:
    Records are maintained in secure, limited access, or monitored 
areas. Access to data is restricted through the use of Common Access 
Cards (CAC) along with passwords specific to the system. Data is 
encrypted, while being stored and transmitted. Physical entry to the 
Pentagon Access Control Division Office, server rooms and security 
equipment closets where information is stored or processed is 
restricted through the use of locks, guards, passwords, or other 
administrative procedures. Access to personal information is limited to 
those individuals who require the records to perform their official 
assigned duties.

Retention and disposal:
    Applications and credentials are destroyed three (3) months after 
expiration or return to PFPA. Verification records are maintained for 
3-5 years and then destroyed.

[[Page 26714]]

System manager(s) and address:
    Chief, Pentagon Access Control Division, Security Services 
Directorate, Pentagon Force Protection Agency, Room 1F1084, 9000 
Defense Pentagon, Washington, DC 20301-9000.

Notification procedure:
    Individuals seeking to determine if their information is contained 
in this system should address written inquiries to Pentagon Force 
Protection Agency, Security Services Directorate, Pentagon Access 
Control Division, 9000 Defense Pentagon, Washington, DC 20301-9000.
    Written requests should contain the full name, SSN, DoD ID number, 
and current address and telephone number of the individual.

Record access procedures:
    Individuals seeking access to their information contained in this 
system should address written inquiries to the Office of the Secretary 
of Defense/Joint Staff Freedom of Information Act Requester Service 
Center, Office of the Freedom of Information, 1155 Defense Pentagon, 
Washington, DC 20301-1155.
    Written requests should contain the full name, SSN, DoD ID number, 
current address and telephone number of the individual, the name and 
number of this system of records notice, and be signed.

Contesting record procedures:
    The OSD rules for accessing records, for contesting contents and 
appealing initial agency determinations are published in OSD 
Administrative Instruction 81; 32 CFR Part 311; or may be obtained from 
the system manager.

Record source categories:
    The individual, security managers, and the Joint Personnel 
Adjudication System.

Exemptions claimed for the system:
    None.

[FR Doc. 2011-11159 Filed 5-6-11; 8:45 am]
BILLING CODE 5001-06-P