[Federal Register Volume 81, Number 71 (Wednesday, April 13, 2016)]
[Notices]
[Pages 21837-21839]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-08513]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

[Docket No. 160223139-6139-01]


Privacy Act of 1974; Amended System of Records

AGENCY: National Institute of Standards and Technology, U.S. Department 
of Commerce.

ACTION: Notice of Proposed Amendment to Privacy Act System of Records 
and Deletion of a System of Records: COMMERCE/NIST-1, NIST Associates.

-----------------------------------------------------------------------

SUMMARY: This notice announces the Department of Commerce's 
(Department's) proposal to amend and combine the systems of records 
entitled ``COMMERCE NBS-1'' and ``COMMERCE NBS-3'' into the system of 
records entitled ``NIST-1, NIST Associates.'' The National Institute of 
Standards and Technology (NIST) is amending these systems of records to 
combine and update these two prior SORNs, and to facilitate the 
processing, tracking, management, planning, control, support of, and 
reporting about NIST Associates (NA) during their tenure at NIST. The 
system of records entitled ``COMMERCE/NBS-3, Research Associates,'' 
will be abolished upon final publication of the Federal Register notice 
for the newly amended and renamed system of records entitled 
``COMMERCE/NIST-1, NIST Associates.'' The system of records entitled 
``COMMERCE/NBS-1, Guest Workers'' is being amended to create the system 
of records entitled ``NIST-1, Research Associates.'' We invite public 
comment on the system amendment announced in this publication.

DATES: To be considered, written comments must be submitted on or 
before May 13, 2016. Unless comments are received, the amended system 
of records will become effective as proposed on May 23, 2016. If 
comments are received, the Department will publish a subsequent notice 
in the Federal Register within 10 days after the comment period closes, 
stating that the current system of records will remain in effect until 
publication of a final action in the Federal Register.

ADDRESSES: Comments may be mailed to: Director, Management and 
Organization Office, NIST, 100 Bureau Drive-Stop 1710, Gaithersburg, MD 
20899.

FOR FURTHER INFORMATION CONTACT: Director, Management and Organization 
Office, National Institute of Standards and Technology, 100 Bureau 
Drive-Stop 1710, Gaithersburg, MD 20899.

SUPPLEMENTARY INFORMATION: NAs can be either a domestic or foreign 
associate. A domestic associate is any non-NIST employee who is a U.S. 
citizen, comes to a NIST campus and/or uses NIST information technology 
resources, and is either working in a lab (for any period of time) or 
will be on campus for more than ten working days. A foreign associate 
is any technically qualified person who is not a U.S. citizen and is 
sponsored by an organization other than NIST, or is self-employed, or 
is working at NIST under the auspices of a NIST funding agreement 
(contract, grant, cooperative agreement, or simplified acquisition), 
and collaborates with NIST on research projects and/or technical 
activities of mutual interest. A foreign associate may be an employee 
of a foreign government agency, federal, state, or local government 
agency, for-profit company, non-profit organization (including a 
college or university), or be a postgraduate researcher or graduate 
student, or be self-employed.
COMMERCE/NIST-1

System name:
    COMMERCE/NIST-1, NIST Associates

Security classification:
    None.

[[Page 21838]]

System location:
    Locations where the primary records are maintained:
     Domestic Guest Researcher (DGR) Records-NIST Technology 
Partnerships Office (TPO), 100 Bureau Drive, Gaithersburg, MD 20899.
     Foreign Guest Researcher (FGR) Records-NIST International 
and Academic Affairs Office (IAAO), 100 Bureau Drive, Gaithersburg, MD 
20899.
     NIST Research Experience for Teachers (RET) Records-NIST 
International and Academic Affairs Office (IAAO), 100 Bureau Drive, 
Gaithersburg, MD 20899.
     Facility User (FU) Records-NIST Center for Neutron 
research, 100 Bureau Drive, Gaithersburg, MD 20899.
     Research Associates (RA) Records as listed on Cooperative 
Research and Development Agreements (CRADA)-NIST Technology 
Partnerships Office, 100 Bureau Drive, Gaithersburg, MD 20899.
     Sole Proprietorship Contractors (SPC)-NIST Office of 
Acquisition Agreements Management, 100 Bureau Drive, Gaithersburg, MD 
20899.

Categories of individuals covered by the system:
    Individuals not employed by NIST but having access to NIST 
facilities under various cooperative, collaborative, and contractual 
agreements. These include but in the future may not be limited to 
Foreign and Domestic Guest Researchers, Research Associates, Facility 
Users, Contractor Employee Personnel, Sole Proprietorship Contractors, 
Employees of Other Government Agencies, Student Program Participants, 
and other Collaborators.

Categories of Records in the system:
    Agreements between NIST and NAs. Typical data also includes but is 
not limited to name, address, date of birth, social security number, 
personal contact information, email address, telephone numbers, other 
names, education, visa and passport information, work location, 
financial and pay data, project descriptions, etc.

Authority for maintenance of the system:
    27 Stat. 395 and 31 Stat. 1039, and all existing, applicable NIST 
and Department policies, regulations and directives concerning the 
tracking, security processing, and support of NAs during their tenure 
at NIST.

Purposes:
    The purpose is to facilitate the processing, tracking, management, 
planning, control, support of and reporting about NAs during their 
tenure at NIST.

Routine uses of records maintained in the system, including categories 
of users and the purposes of such uses:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed to authorized 
entities, as is determined to be relevant and necessary, outside the 
Department as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    1. In the event that a system of records maintained by the 
Department to carry out its functions indicates a violation or 
potential violation of law or contract, whether civil, criminal or 
regulatory in nature, and whether arising by general statute or 
particular program statute or contract, or rule, regulation, or order 
issued pursuant thereto, or the necessity to protect an interest of the 
Department, the relevant records in the system of records may be 
referred, as a routine use, to the appropriate agency, whether federal, 
state, local or foreign, charged with the responsibility of 
investigating or prosecuting such violation or charged with enforcing 
or implementing the statute or contract, or rule, regulation or order 
issued pursuant thereto, or protecting the interest of the Department.
    2. A record from this system of records may be disclosed, as a 
routine use, to a federal, state or local agency maintaining civil, 
criminal or other relevant enforcement information or other pertinent 
information, such as current licenses, if necessary to obtain 
information relevant to a Department decision concerning the 
assignment, hiring or retention of an individual, the issuance of a 
security clearance, the letting of a contract, or the issuance of a 
license, grant or other benefit.
    3. A record from this system of records may be disclosed, as a 
routine use, to a federal, state, local, or international agency, in 
response to its request, in connection with the assignment, hiring or 
retention of an individual, the issuance of a security clearance, the 
reporting of an investigation of an individual, the letting of a 
contract, or the issuance of a license, grant, or other benefit by the 
requesting agency, to the extent that the information is relevant and 
necessary to the requesting agency's decision on the matter.
    4. A record from this system of records may be disclosed, as a 
routine use, in the course of presenting evidence to a court, 
magistrate or administrative tribunal, including disclosures to 
opposing counsel in the course of settlement negotiations.
    5. A record in this system of records may be disclosed, as a 
routine use, to a Member of Congress submitting a request involving an 
individual when the individual has requested assistance from the Member 
with respect to the subject matter of the record.
    6. A record in this system of records which contains medical 
information may be disclosed, as a routine use, to the medical advisor 
of any individual submitting a request for access to the record under 
the Act and 15 CFR part 4b if, in the sole judgment of the Department, 
disclosure could have an adverse effect upon the individual, under the 
provision of 5 U.S.C. 552a(f)(3) and implementing regulations at 15 CFR 
part 4b.
    7. A record in this system of records may be disclosed, as a 
routine use, to the Office of Management and Budget in connection with 
the review of private relief legislation as set forth in OMB Circular 
No. A-19 at any stage of the legislative coordination and clearance 
process as set forth in that Circular.
    8. A record in this system of records may be disclosed, as a 
routine use, to the Department of Justice in connection with 
determining whether disclosure thereof is required by the Freedom of 
Information Act (5 U.S.C. 552).
    9. A record in this system of records may be disclosed, as a 
routine use, to a contractor of the Department having need for the 
information in the performance of the contract, but not operating a 
system of records within the meaning of 5 U.S.C. 552a(m).
    10. A record in this system may be transferred, as a routine use, 
to the Office of Personnel Management: for personnel research purposes; 
as a data source for management information; for the production of 
summary descriptive statistics and analytical studies in support of the 
function for which the records are collected and maintained; or for 
related manpower studies.
    11. A record from this system of records may be disclosed, as a 
routine use, to the Administrator, General Services Administration 
(GSA), or his designee, during an inspection of records conducted by 
GSA as part of that agency's responsibility to recommend improvements 
in records management practices and programs, under authority of 44 
U.S.C. 2904 and Sec.  2906. Such disclosure shall be made in accordance 
with the GSA regulations governing inspection of records for this 
purpose, and any other relevant (i.e. GSA or Department) directive. 
Such

[[Page 21839]]

disclosure shall not be used to make determinations about individuals.
    12. A record in this system of records may be disclosed to 
appropriate agencies, entities and persons when: (1) It is suspected or 
determined that the security or confidentiality of information in the 
system of records has been compromised; (2) the Department has 
determined that as a result of the suspected or confirmed compromise 
there is a risk of harm to economic or property interests, identity 
theft or fraud, or harm to the security or integrity of this system or 
whether systems or programs (whether maintained by the Department or 
another agency or entity) that rely upon the compromised information; 
and (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with the Department's 
efforts to respond to the suspected or confirmed compromise and to 
prevent, minimize, or remedy such harm.

Disclosure to consumer reporting agencies:
    Disclosure to consumer reporting agencies pursuant to 5 U.S.C. 
552a(b)(12) may be made from this system to ``consumer reporting 
agencies'' as defined in the Fair Credit Reporting Act (15 U.S.C. 
1681a(f)) and the Federal Claims Collection Act of 1966 (31 U.S.C. 
3701(a)(3)).

Policies and practices for storing, retrieving, retaining, and 
disposing of records in the system:
Storage:
    NA information is stored and maintained in electronic form in 
system folders and/or databases, within a controlled environment with 
access restricted to authorized personnel (see Safeguards below for 
full list of those with access to system).

Retrievability:
    Records are retrieved by name and/or social security number.

Safeguards:
    Privacy Act data, i.e., data defined by and protected under the 
Privacy Act of 1974 (5 U.S.C. 552a), is maintained in the NIST 
Associate Information System (NAIS) as distinct and separate from non-
Privacy Act data in that it cannot be accessed or retrieved except by 
authorized personnel with a mission-related need-to- know. Access to 
NAIS Privacy Act data by NIST staff must be authorized by the NAIS 
System-of-Records Manager on a mission-related, need-to-know basis. 
Levels of access to NAIS Privacy Act data as well as access itself are 
controlled by the NAIS privacy/security/system access architecture that 
is implemented through ``report writer'' software.
    Levels of access to NAIS Privacy Act data are granted to 
individuals based on NA processing roles and responsibilities that 
define specific mission-related needs-to-know. Included in these roles 
and responsibilities are the following:
    a. Initiators--those creating and inputting new data records.
    b. Approving Officials--those signing off on NA agreements.
    c. Reviewing Officials--those reviewing NA agreements but not 
signing off.
    d. Records Updaters--those directed to update or correct 
information in NA records.
    Physical security and IT security of the NAIS IT assets is assured 
by all relevant NIST policies and procedures that are applicable to the 
e-Approval infrastructure of which NAIS is an IT application.

Retention and disposal:
    Current NIST and Department policies and regulations concerning the 
retention and disposition of Privacy Act data apply.

System manager(s) and addresse(s):
     For DGRs and RAs, the System Manager will be appointed by 
the Director, NIST Technology Partnerships Office (TPO) from TPO staff. 
DGR agreements (NIST-1296) are maintained by the Office of Human 
Resource Management Onboarding Office, 100 Bureau Drive, Gaithersburg, 
MD 20899.
     For FGRs and all other foreign NAs, the System Manager 
will be appointed by the Director, NIST International and Academic 
Affairs Office (IAAO) from IAAO staff, 100 Bureau Drive, Gaithersburg, 
MD 20899.
     For all Contractor Employees and SPCs, the Associate 
Director for Management Resources (ADMR) is the System Manager; the 
ADMR may delegate this duty to a staff member, 100 Bureau Drive, 
Gaithersburg, MD 20899.
     For FU Records, the System Manager is the Director for the 
NIST Center for Neutron Research, 100 Bureau Drive, Gaithersburg, MD 
20899.
     For Employees of Other Government Agencies, the System 
Manager is the Director, Office of Human Resources Management, 100 
Bureau Drive, Gaithersburg, MD 20899.
     For Student Program Participants, depending upon the 
program, the System Manager is the Director, Office of Human Resources 
Management, 100 Bureau Drive, Gaithersburg, MD 20899.
     For RETs Records, the System Manager is NIST International 
and Academic Affairs Office (IAAO), 100 Bureau Drive, Gaithersburg, MD 
20899

Notification procedure:
    Information may be obtained from the Director, Management and 
Organization Office, NIST, 100 Bureau Drive-Stop 1710, Gaithersburg, MD 
20899.

Record access procedure:
    Requests from individuals should be addressed to the same address 
provided in the Notification Procedure above.

Contesting record procedures:
    The Department's rules for access, for contesting content, and for 
appealing initial determinations by the individuals concerned appear in 
15 CFR part 4b. Use same address provided in the Notification Procedure 
above.

Record source categories:
    Information that may be entered into the NAIS will come from the 
subject individuals and those authorized by these individuals to 
furnish information.

Exemptions claimed for the system:
    None.

    Dated: April 6, 2016.
Michael J. Toland,
Department of Commerce, Freedom of Information and Privacy Act Officer.
[FR Doc. 2016-08513 Filed 4-12-16; 8:45 am]
 BILLING CODE 3510-13-P