[Federal Register Volume 81, Number 135 (Thursday, July 14, 2016)]
[Notices]
[Pages 45527-45530]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-16627]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

Office of the Secretary

[16XD4523WS DWSNN0000.XD0000 DS67010000 DP67012]


Privacy Act of 1974, as Amended; Notice To Amend an Existing 
System of Records

AGENCY: Office of the Secretary, Interior.

ACTION: Notice of amendment to an existing system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Department of the Interior is issuing a public notice of 
its intent to amend the Department of the Interior Privacy Act system 
of records, ``Privacy Act Files--Interior, DOI-57'', to add new routine 
uses, and update existing routine uses, system location, categories of 
individuals covered by the system, categories of records in the system, 
authority for maintenance of the system, storage, safeguards, retention 
and disposal, system manager and address, notification procedures, 
records access and contesting procedures, records source categories, 
and exemption sections.

DATES: Comments must be received by August 15, 2016. This amended 
system will be effective August 15, 2016.

ADDRESSES: Any person interested in commenting on this amendment may do 
so by: Submitting comments in writing to Teri Barnett, Departmental 
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW., 
Mail Stop 5545 MIB, Washington, DC 20240; hand-delivering comments to 
Teri Barnett, Departmental Privacy Officer, U.S. Department of the 
Interior, 1849 C Street NW., Mail Stop 5545 MIB, Washington, DC 20240; 
or emailing comments to [email protected].

FOR FURTHER INFORMATION CONTACT: Departmental Privacy Officer, U.S. 
Department of the Interior, 1849 C Street NW., Mail Stop 5547 MIB, 
Washington, DC 20240; or by telephone at 202-208-1605.

SUPPLEMENTARY INFORMATION:

I. Background

    The Department of the Interior (DOI) maintains the ``Privacy Act 
Files--Interior, DOI-57'' system of records. This system enables DOI to 
efficiently manage Privacy Act Program activities; supports the 
processing and tracking of notification, record access and amendment 
requests, and administrative appeals under the Privacy Act; conduct and 
manage complaints; supports agency participation in litigation arising 
from such requests, complaints, and appeals; and carry out any other 
responsibilities under the provisions of the Privacy Act. DOI is 
publishing this amended notice to reflect updated information in the 
system location, categories of individuals covered by the system, 
categories of records in the system, authority for maintenance of the 
system, storage, safeguards, retention and

[[Page 45528]]

disposal, system manager and address, notification procedures, records 
access and contesting procedures, records source categories, and 
exemption sections.
    Additionally, DOI is modifying existing routine uses to reflect 
updates consistent with standard DOI routine uses, and adding new 
routine uses to permit sharing of information with: (1) The Office of 
Management and Budget (OMB) in relation to legislative affairs mandates 
by OMB Circular A-19; (2) the Department of the Treasury to recover 
debts owed to the United States; (3) the National Archives and Records 
Administration (NARA) to conduct records management inspections; (4) 
NARA, Office of Government Information Services (OGIS) to assist and 
facilitate the resolution of disputes, to the extent such a dispute 
involves a combined Freedom of Information Act and Privacy Act request 
for agency records; (5) Federal, state, territorial, local, tribal, or 
foreign agencies when there is an indication of a violation of law; (6) 
Federal, state, territorial, local, tribal, or foreign agencies when 
relevant for hiring and retention, or issuance of security clearance, 
license, contract, grant or benefit; (7) appropriate government 
agencies and organizations to provide information in response to court 
orders or for discovery purposes related to litigation; (8) an expert, 
consultant, or contractor that performs services on DOI's behalf to 
carry out the purposes of the system; (9) another Federal agency to 
assist that agency in responding to an inquiry by the individual to 
whom that record pertains; and (10) the news media and the public, with 
approval by the Public Affairs Officer and Senior Agency Official for 
Privacy in consultation with Counsel.
    The Privacy Act records in this system may also be maintained in 
other DOI systems of records, ``Electronic FOIA Tracking System and 
FOIA Case Files--Interior, DOI-71'' (67 FR 58817) for combined FOIA and 
Privacy Act requests, and ``Freedom of Information Act Appeals Files--
Interior, OS-69'' (64 FR 16986) for appeals filed on Privacy Act 
requests or combined FOIA and Privacy Act requests. DOI last published 
a system notice in the Federal Register on March 24, 1999 (64 FR 14258) 
and published an amended notice on February 13, 2008 (73 FR 8342).
    The amendments to the system will be effective as proposed at the 
end of the comment period (the comment period will end 30 days after 
the publication of this notice in the Federal Register), unless 
comments are received which would require a contrary determination. DOI 
will publish a revised notice if changes are made based upon a review 
of the comments received.

II. Privacy Act

    The Privacy Act of 1974, as amended, embodies fair information 
practice principles in a statutory framework governing the means by 
which Federal agencies collect, maintain, use, and disseminate 
individuals' personal information. The Privacy Act applies to records 
about individuals that are maintained in a ``system of records.'' A 
``system of records'' is a group of any records under the control of an 
agency for which information is retrieved by the name of an individual 
or by some identifying number, symbol, or other identifying particular 
assigned to the individual. The Privacy Act defines an individual as a 
United States citizen or lawful permanent resident. As a matter of 
policy, DOI extends administrative Privacy Act protections to all 
individuals. Individuals may request access to their own records that 
are maintained in a system of records in the possession or under the 
control of DOI by complying with DOI Privacy Act regulations at 43 CFR 
part 2, subpart K.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the type and character of each system 
of records that the agency maintains, the routine uses of each system 
to make agency recordkeeping practices transparent, to notify 
individuals regarding the uses of their records, and to assist 
individuals to more easily find such records within the agency. The 
amended ``Privacy Act Files--Interior, DOI-57'' system of records 
notice is published in its entirety below.
    In accordance with 5 U.S.C. 552a(r), DOI has provided a report of 
this system of records to the Office of Management and Budget and to 
Congress.

III. Public Disclosure

    Before including your address, phone number, email address, or 
other personal identifying information in your comment, you should be 
aware that your entire comment, including your personal identifying 
information, may be made publicly available at any time. While you can 
ask us in your comment to withhold your personal identifying 
information from public review, we cannot guarantee that we will be 
able to do so.

    Dated: July 8, 2016.
Teri Barnett,
Departmental Privacy Officer.
SYSTEM NAME:
    Privacy Act Files, DOI-57.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    This system is maintained by the Departmental Privacy Office, 
Office of the Chief Information Officer, U.S. Department of the 
Interior, 1849 C Street NW., Mail Stop 5545 MIB, Washington, DC 20240; 
other Department of the Interior Office of the Secretary program 
offices that maintain or process Privacy Act requests, complaints, or 
appeals; and Department of the Interior bureaus and offices responsible 
for managing Privacy Act programs and maintaining records about Privacy 
Act requests, complaints, or appeals. Visit the Department of the 
Interior Privacy Program Web site for a list of the Department's 
Privacy contacts: https://www.doi.gov/privacy/contacts.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals or their representatives who have submitted Privacy Act 
requests for notification of the existence of, access to, and petitions 
for amendment of records; individuals or their representatives who have 
filed a Privacy Act complaint; individuals or their representatives who 
have filed Privacy Act appeals; individuals who are the subject of such 
requests, complaints, or appeals; officials who may be involved in any 
Privacy Act request, complaint, or appeal; and DOI personnel assigned 
to handle such requests, complaints, or appeals.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system consists of records created or compiled in response to 
Privacy Act requests, complaints, and appeals; records relating to 
accounting of disclosures pursuant to the requirements of the Privacy 
Act; and records relating to general agency implementation of the 
Privacy Act. These records may include the original requests, 
complaints, or appeals; responses to such requests, complaints, or 
appeals; related memoranda, email, correspondence, notes, accounting of 
disclosure forms, reports, notices, and other related or supported 
documentation; and copies of requested records, contested records, and 
records under appeal. These records may contain the following 
information: Names, Social Security numbers, dates

[[Page 45529]]

of birth, home and work addresses, email addresses, telephone numbers, 
fax numbers, other contact information, driver license numbers, tribal 
identification numbers, other tribal enrollment data, unique case 
identifiers, and any other information that is contained in the record 
that is requested, contested, or is part of the record under appeal.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 552a, The Privacy Act of 1974, as amended.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    The primary purpose of the Privacy Act Files system of records is 
to enable DOI to efficiently manage Privacy Act activities. This system 
supports the processing of notification, record access and amendment 
requests, complaints, and administrative appeals under the Privacy Act; 
supports agency participation in litigation arising from such requests, 
complaints, and appeals; and assists DOI in carrying out any other 
responsibilities under the provisions of the Privacy Act.
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DOI as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    (1) (a) To any of the following entities or individuals, when the 
circumstances set forth in paragraph (b) are met:
    (i) The U.S. Department of Justice (DOJ);
    (ii) A court or an adjudicative or other administrative body;
    (iii) A party in litigation before a court or an adjudicative or 
other administrative body; or
    (iv) Any DOI employee acting in his or her individual capacity if 
DOI or DOJ has agreed to represent that employee or pay for private 
representation of the employee;
    (b) When:
    (i) One of the following is a party to the proceeding or has an 
interest in the proceeding:
    (A) DOI or any component of DOI;
    (B) Any other Federal agency appearing before the Office of 
Hearings and Appeals;
    (C) Any DOI employee acting in his or her official capacity;
    (D) Any DOI employee acting in his or her individual capacity if 
DOI or DOJ has agreed to represent that employee or pay for private 
representation of the employee;
    (E) The United States, when DOJ determines that DOI is likely to be 
affected by the proceeding; and
    (ii) DOI deems the disclosure to be:
    (A) Relevant and necessary to the proceeding; and
    (B) Compatible with the purpose for which the records were 
compiled.
    (2) To a congressional office in response to a written inquiry that 
an individual covered by the system, or the heir of such individual if 
the covered individual is deceased, has made to the office.
    (3) To any criminal, civil, or regulatory law enforcement authority 
(whether Federal, state, territorial, local, tribal or foreign) when a 
record, either alone or in conjunction with other information, 
indicates a violation or potential violation of law--criminal, civil, 
or regulatory in nature, and the disclosure is compatible with the 
purpose for which the records were compiled.
    (4) To an official of another Federal agency to provide information 
needed in the performance of official duties related to reconciling or 
reconstructing data files or to enable that agency to respond to an 
inquiry by the individual to whom the record pertains.
    (5) To Federal, state, territorial, local, tribal, or foreign 
agencies that have requested information relevant or necessary to the 
hiring, firing or retention of an employee or contractor, or the 
issuance of a security clearance, license, contract, grant or other 
benefit, when the disclosure is compatible with the purpose for which 
the records were compiled.
    (6) To representatives of the National Archives and Records 
Administration (NARA) to conduct records management inspections under 
the authority of 44 U.S.C. 2904 and 2906.
    (7) To state, territorial and local governments and tribal 
organizations to provide information needed in response to court order 
and/or discovery purposes related to litigation, when the disclosure is 
compatible with the purpose for which the records were compiled.
    (8) To an expert, consultant, or contractor (including employees of 
the contractor) of DOI that performs services requiring access to these 
records on DOI's behalf to carry out the purposes of the system.
    (9) To appropriate agencies, entities, and persons when:
    (a) It is suspected or confirmed that the security or 
confidentiality of information in the system of records has been 
compromised; and
    (b) DOI has determined that as a result of the suspected or 
confirmed compromise there is a risk of harm to economic or property 
interest, identity theft or fraud, or harm to the security or integrity 
of this system or other systems or programs (whether maintained by DOI 
or another agency or entity) that rely upon the compromised 
information; and
    (c) The disclosure is made to such agencies, entities and persons 
who are reasonably necessary to assist in connection with DOI's efforts 
to respond to the suspected or confirmed compromise and prevent, 
minimize, or remedy such harm.
    (10) To the Office of Management and Budget (OMB) during the 
coordination and clearance process in connection with legislative 
affairs as mandated by OMB Circular A-19.
    (11) To the Department of the Treasury to recover debts owed to the 
United States.
    (12) To the news media and the public, with the approval of the 
Public Affairs Officer in consultation with Counsel and the Senior 
Agency Official for Privacy, where there exists a legitimate public 
interest in the disclosure of the information, except to the extent it 
is determined that release of the specific information in the context 
of a particular case would constitute an unwarranted invasion of 
personal privacy.
    (13) To a debt collection agency for the purpose of collecting 
outstanding debts owed to the Department for fees associated with 
processing Privacy Act requests.
    (14) To other Federal, state, and local agencies having a subject 
matter interest in a request or an appeal or a decision thereon.
    (15) To another Federal agency to assist that agency in responding 
to an inquiry by the individual to whom that record pertains.
    (16) To the National Archives and Records Administration, Office of 
Government Information Services (OGIS), to the extent necessary to 
fulfill its responsibilities in 5 U.S.C. 552(b), to review 
administrative agency policies, procedures and compliance with the 
Freedom of Information Act (FOIA), and to facilitate OGIS's offering of 
mediation services to resolve disputes between persons making FOIA 
requests and administrative agencies, and to the extent such a dispute 
involves a combined FOIA and Privacy Act request for agency records.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    Pursuant to 5 U.S.C. 552a(b)(12), disclosures may be made to a 
consumer reporting agency as defined in the Fair

[[Page 45530]]

Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims 
Collection Act of 1996 (31 U.S.C. 3701(a)(3)).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING 
AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE:
    Paper records are contained in file folders stored within filing 
cabinets in secured rooms. Electronic records are contained in 
computers, compact discs, computer tapes, removable drives, email, 
diskettes, and electronic databases.

RETRIEVABILITY:
    Information can be retrieved by specific data elements including: 
The name of the requester and case tracking number.
SAFEGUARDS:
    The records contained in this system are safeguarded in accordance 
with 43 CFR 2.226 and other applicable security and privacy rules and 
policies. During normal hours of operation, paper records are 
maintained in locked filed cabinets under the control of authorized 
personnel. Computerized records systems follow the National Institute 
of Standards and Technology privacy and security standards as developed 
to comply with the Privacy Act of 1974 (5 U.S.C. 552a); Public Law 93-
579), the Paperwork Reduction Act of 1995 (Pub. L. 104-13); the Federal 
Information Security Modernization Act of 2014 (Pub. L. 113-283, 44 
U.S.C. 3554); and the Federal Information Processing Standards 199, 
Standards for Security Categorization of Federal Information and 
Information Systems. Computer servers on which electronic records are 
stored are located in secured DOI facilities with physical, technical 
and administrative levels of security to prevent unauthorized access to 
the DOI network and information assets. Security controls include 
encryption, firewalls, audit logs, and network system security 
monitoring.
    Electronic data is protected through user identification, 
passwords, database permissions and software controls. Access to 
records in the system is limited to authorized personnel who have a 
need to access the records in the performance of their official duties, 
and each user's access is restricted to only the functions and data 
necessary to perform that person's job responsibilities. System 
administrators and authorized users are trained and required to follow 
established internal security protocols and must complete all security, 
privacy, and records management training and sign the DOI Rules of 
Behavior.

RETENTION AND DISPOSAL:
    Records in this system are maintained under Departmental Records 
Schedule (DRS) 1--Administrative Records, which has been approved by 
NARA (DAA-0048-2013-0001). DRS-1 is a Department-wide records schedule 
that covers Privacy Act request files, correspondence, reports, and 
program administration records related to implementation of the Privacy 
Act. The disposition for these records is temporary. Privacy Act 
request files, correspondence, and other short-term administration 
records are destroyed three years after cut-off, which is generally 
after the date of reply or the end of the fiscal year in which files 
are created. Long-term records that require additional retention, such 
as denials, amendment case files, and files regarding erroneous release 
of personal information not associated with specific individuals, are 
destroyed seven years after cut-off, which is generally when the record 
is closed.
    Records not covered by DRS-1 are maintained under General Records 
Schedule (GRS) 4.2, Information Access and Protection Records. GRS 4.2 
item 050, Privacy Act Accounting of Disclosure files, are disposed of 
in accordance with the subject individual records, or five years after 
the disclosure, whichever is later. GRS 4.2 item 060, erroneous release 
files associated with specific records, generally follow the original 
records disposition or are destroyed six years after the erroneous 
release, whichever is later.
    Paper records are disposed of by shredding or pulping, and records 
contained on electronic media are degaussed or erased in accordance 
with 384 Departmental Manual 1 and NARA guidelines.

SYSTEM MANAGER AND ADDRESS:
    (1) Departmental Privacy Officer, Office of the Chief Information 
Officer, U.S. Department of the Interior, 1849 C Street NW., Mail Stop 
5545 MIB, Washington, DC 20240.
    (2) DOI Bureau and Office Privacy Officers. To obtain a current 
list of the Privacy Officers and their addresses, visit the DOI Privacy 
Program Web site at https://www.doi.gov/privacy/contacts.
    (3) Privacy Act System Managers. (Consult DOI system of records 
notices for addresses of Privacy Act System Managers: https://www.doi.gov/privacy/sorn.)

NOTIFICATION PROCEDURES:
    An individual requesting notification of the existence of records 
on himself or herself should send a signed, written inquiry to the 
applicable System Manager as identified above. The request envelope and 
letter should both be clearly marked ``PRIVACY ACT INQUIRY.'' A request 
for notification must meet the requirements of 43 CFR 2.235.

RECORDS ACCESS PROCEDURES:
    An individual requesting records on himself or herself should send 
a signed, written inquiry to the applicable System Manager as 
identified above. The request should describe the records sought as 
specifically as possible. The request envelope and letter should both 
be clearly marked ``PRIVACY ACT REQUEST FOR ACCESS.'' A request for 
access must meet the requirements of 43 CFR 2.238.

CONTESTING RECORDS PROCEDURES:
    An individual requesting corrections or the removal of material 
from his or her records should send a signed, written request to the 
applicable System Manager as identified above. A request for 
corrections or removal must meet the requirements of 43 CFR 2.246.

RECORD SOURCE CATEGORIES:
    Information collected in this system is submitted by individuals or 
their representatives filing Privacy Act requests, complaints, or 
appeals; system managers or other officials involved in these requests, 
complaints, or appeals; and DOI personnel processing these requests, 
complaints, or appeals. Records are also obtained from DOI systems of 
records from which Privacy Act requests are made. Information or 
records in this system may be obtained from combined FOIA and Privacy 
Act requests processed and maintained under the ``Electronic FOIA 
Tracking System and FOIA Case Files--Interior, DOI-71'' system of 
records; and from appeals records maintained under the ``Freedom of 
Information Act Appeals Files--Interior, OS-69'' system of records.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    No exemptions are claimed for this system. However, to the extent 
that copies of exempt records from other systems of records are entered 
into this system, DOI claims the same exemptions for those records that 
are claimed for the original primary systems of records from which they 
originated.

[FR Doc. 2016-16627 Filed 7-13-16; 8:45 am]
 BILLING CODE 4334-63-P