[Federal Register Volume 81, Number 166 (Friday, August 26, 2016)]
[Proposed Rules]
[Pages 58890-58894]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-19749]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

National Indian Gaming Commission

25 CFR Part 515

RIN 3141-AA65


Privacy Act Procedures

AGENCY: National Indian Gaming Commission, Department of the Interior.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The purpose of this document is to propose amendments to the 
procedures followed by the National Indian Gaming Commission 
(Commission) when processing a request under the Privacy Act of 1974. 
The proposed amendments make the following changes to the current 
regulations. These changes will serve to update certain Commission 
information, streamline how the Commission processes its Privacy Act 
requests, and aligns those processes with its procedures for processing 
Freedom of Information Act requests.

DATES: Written comments on this proposed rule must be received on or 
before October 11, 2016.

ADDRESSES: Comments may be mailed to Attn: National Indian Gaming 
Commission, FOIA/PA Officer, C/O Department of the Interior, 1849 C 
Street NW., Mail Stop #1621, Washington, DC 20240 or faxed to (202) 
632-7066 (this is not a toll free number). Comments may be inspected 
between 9:00 a.m. and noon and between 2:00 p.m. and 5:00 p.m., Monday 
through Friday, at 90 K Street NE., Washington, DC 20002. Comments may 
also be submitted electronically at www.regulations.gov or emailed to 
[email protected].

FOR FURTHER INFORMATION CONTACT: Andrew Mendoza at (202) 632-7003 or by 
fax (202) 632-7066 (these numbers are not toll free).

SUPPLEMENTARY INFORMATION: 

I. Comments Invited

    Interested parties are invited to participate in this proposed 
rulemaking by submitting such written data, views, or arguments as they 
may desire. Comments that provide the factual basis supporting the 
views and suggestions presented are particularly helpful in developing 
reasoned regulatory decisions on the proposal.

II. Background

    The Indian Gaming Regulatory Act (IGRA), enacted on October 17, 
1988, established the National Indian Gaming Commission. Congress 
enacted the Privacy Act in 1974 (Pub. L. 93-579, 5

[[Page 58891]]

U.S.C. 552a). The Commission originally adopted Privacy Act procedures 
on January 22, 1993. Since that time, the Commission has changed the 
location of its headquarters office, established a new system of 
records, and streamlined the way it processes Privacy Act requests. 
These proposed amendments serve to incorporate those changes into the 
Commission's regulations and to better align the Commission's 
processing of its Privacy Act with its Freedom of Information Act 
requests.
    Regulatory Flexibility Act: The Commission certifies that the 
proposed rule will not have a significant economic impact on a 
substantial number of small entities under the Regulatory Flexibility 
Act (5 U.S.C. 601 et seq.). The factual basis for this certification is 
as follows: This rule is procedural in nature and will not impose 
substantive requirements that would be considered impacts within the 
scope of the Act.

Unfunded Mandates Reform Act

    The Commission is an independent regulatory agency, and, as such, 
is exempt from the Unfunded Mandates Reform Act, 2 U.S.C. 1501 et seq.

Takings

    In accordance with Executive Order 12630, the Commission has 
determined that this proposed rule does not have significant takings 
implications. A takings implication assessment is not required.

Civil Justice Reform

    In accordance with Executive Order 12988, the Commission has 
determined that the rule does not unduly burden the judicial system and 
meets the requirements of sections 3(a) and 3(b)(2) of the Executive 
Order.

Small Business Regulatory Enforcement Fairness Act

    The proposed rule is not a major rule under 5 U.S.C. 804(2), the 
Small Business Regulatory Enforcement Fairness Act. The proposed rule 
will not result in an annual effect on the economy of more than $100 
million per year; a major increase in costs or prices for consumers, 
individual industries, Federal, State, or local government agencies, or 
geographic regions; or significant adverse effects on competition, 
employment, investment, productivity, innovation, or on the ability of 
U.S. based enterprises.

Paperwork Reduction Act

    The proposed rule does not contain any information collection 
requirements for which the Office of Management and Budget approval 
under the Paperwork Reduction Act (44 U.S.C. 3501-3520) would be 
required.

National Environmental Policy Act

    The Commission has determined that the proposed rule does not 
constitute a major Federal Action significantly affecting the quality 
of the human environment and that no detailed statement is required 
pursuant to the National Environmental Policy Act of 1969.

List of Subjects in 25 CFR Part 515

    Administrative practice and procedure, Privacy, Reporting and 
recordkeeping.

    For the reasons set forth in the preamble, the Commission proposes 
to revise part 25 CFR part 515 to read as follows:

PART 515--PRIVACY ACT PROCEDURES

Sec.
515.1 Purpose and scope.
515.2 Definitions.
515.3 Request for access to records.
515.4 Responsibility for responding to requests.
515.5 Responses to requests for access to records.
515.6 Request for amendment or correction of records.
515.7 Appeals of initial agency adverse determination.
515.8 Requests for an accounting of record disclosure.
515.9 Notice of court-ordered and emergency disclosures.
515.10 Fees.
515.11 Penalties.
515.12 [Reserved]
515.13 Specific exemptions.

    Authority:  5 U.S.C. 552a


Sec.  515.1  Purpose and scope.

    This part contains the regulations the National Indian Gaming 
Commission (Commission) follows in implementing the Privacy Act of 
1974. These regulations should be read together with the Privacy Act, 
which provides additional information about records maintained on 
individuals. The regulations in this part apply to all records 
contained within systems of records maintained by the Commission that 
are retrieved by an individual's name or personal identifier. They 
describe the procedures by which individuals may request access to 
records about themselves, request amendment or correction of those 
records, and request an accounting of disclosures of those records by 
the Commission. The Commission shall also process all Privacy Act 
requests for access to records under the Freedom of Information Act 
(FOIA), 5 U.S.C. 552, and the Commission's FOIA regulations contained 
in 25 CFR part 517, which gives requesters maximum disclosure.


Sec.  515.2  Definitions.

    For the purposes of this subpart:
    (a) Individual means a citizen of the United States or an alien 
lawfully admitted for permanent residence.
    (b) Maintain means store, collect, use, or disseminate.
    (c) Record means any item, collection, or grouping of information 
about an individual that is maintained by the Commission, including 
education, financial transactions, medical history, and criminal or 
employment history, and that contains the individual's name, or 
identifying number, symbol, or other identifier assigned to the 
individual, such as social security number, finger or voice print, or 
photograph.
    (d) System of records means a group of any records under the 
control of the Commission from which information is retrieved by the 
name of the individual or by some identifying number, symbol, or other 
identifier assigned to the individual.
    (e) Routine use means use of a record for a purpose that is 
compatible with the purpose for which it was collected.
    (f) Working day means a Federal workday that does not include 
Saturdays, Sundays, or Federal holidays.


Sec.  515.3  Request for access to records.

    (a) How made and addressed. Any individual may make a request to 
the Commission for access to records about him or herself. Such 
requests shall conform to the requirements of this section. The request 
may be made in person at 90 K Street NE., Suite 200, Washington, DC 
20002 during the hours of 9 a.m. to 12 noon and 2 p.m. to 5 p.m. Monday 
through Friday, in writing at NIGC Attn: Privacy Act Office, C/O 
Department of the Interior, 1849 C Street NW., Mail Stop #1621, 
Washington, DC 20240, or via electronic mail addressed to 
[email protected].
    (b) Description of records sought. Each request for access to 
records must describe the records sought in enough detail to enable 
Commission personnel to locate the system of records containing them 
with a reasonable amount of effort. Whenever possible, the request 
should describe the records sought, the time periods in which the 
records were compiled, any tribal gaming facility with which they were 
associated, and the name or identifying number of each system of 
records in which the records are kept.

[[Page 58892]]

    (c) Agreement to pay fees. Requests shall also include a statement 
indicating the maximum amount of fees the requester is willing to pay 
to obtain the requested information. The requester must send 
acknowledgment to the Privacy Act Officer indicating his/her 
willingness to pay the fees. Absent such an acknowledgment within the 
specified time frame, the request will be considered incomplete, no 
further work shall be done, and the request will be administratively 
closed.
    (d) Verification of identity. When making a request for access to 
records the individual seeking access must provide verification of 
identity. The requester must provide a full name, current address, and 
date and place of birth. The request must be signed and must either be 
notarized or submitted under 28 U.S.C. 1746, which is a law that 
permits statements to be made under penalty of perjury as a substitute 
for notarization. In order to assist in the identification and location 
of requested records, a request may also, at the requester's option, 
include a social security number.
    (e) Verification of guardianship. When making a request as a parent 
or guardian of a minor or as the guardian of someone determined by a 
court to be incompetent, for access to records about that individual, 
the request must establish:
    (1) The identity of the individual who is the subject of the record 
by stating the name, current address, date and place of birth, and, at 
the requester's option, the social security number of the individual;
    (2) The requester's own identity, as required in paragraph (d) of 
this section;
    (3) That the requester is the parent or guardian of the individual 
and proof of such relationship by providing a birth certificate showing 
parentage or a court order establishing guardianship; and
    (4) That the requester is acting on behalf of that individual in 
making the request.
    (f) Verification in the case of third party information requests. 
Any individual who desires to have a record covered by this part 
disclosed to or mailed to another person may designate such person and 
authorize such person to act as his or her agent for that specific 
purpose. The authorization shall be in writing, signed by the 
individual whose record is requested, and notarized or witnessed as 
provided in paragraph (d) of this section.
    (g) In-person disclosures. An individual to whom a record is to be 
disclosed in person, pursuant to this section, may have a person of his 
or her own choosing accompany him or her when the record is disclosed. 
If a requester is accompanied by another individual, the requester 
shall be required to authorize in writing any discussion of the records 
in the presence of the other person.


Sec.  515.4  Responsibility for responding to requests.

    (a) In general. In determining which records are responsive to a 
request, the Commission ordinarily will include only records in its 
possession as of the date it begins its search for records. If any 
other date is used, the Privacy Act Office shall inform the requester 
of that date.
    (b) Authority to grant or deny requests. The Privacy Act Office 
shall make initial determinations either to grant or deny in whole or 
in part access to records.
    (c) Consultations and referrals. When the Commission receives a 
request for a record in its possession, the Privacy Act Office shall 
determine whether another agency of the Federal Government is better 
able to determine whether the record is exempt from disclosure under 
the Privacy Act. If the Privacy Act Office determines that it is best 
able to process the record in response to the request, then it shall do 
so. If the Privacy Act Office determines that it is not best able to 
process the record, then it shall either:
    (1) Respond to the request regarding that record, after consulting 
with the agency best able to determine whether to disclose it and with 
any other agency that has a substantial interest in it; or
    (2) Refer the responsibility for responding to the request 
regarding that record to the agency best able to determine whether to 
disclose it, or to another agency that originated the record. 
Ordinarily, the agency that originated a record will be presumed to be 
best able to determine whether to disclose it.
    (d) Notice of referral. Whenever the Privacy Act Office refers all 
or any part of the responsibility for responding to a request to 
another agency, it ordinarily shall notify the requester of the 
referral and inform the requester of the name of each agency to which 
the request has been referred and of the part of the request that has 
been referred.


Sec.  515.5  Responses to requests for access to records.

    (a) Acknowledgement of requests. Upon receipt of a request, the 
Privacy Act Office ordinarily shall, within 20 working days, send an 
acknowledgement letter which shall confirm the requester's agreement to 
pay fees under Sec.  515.9 and provide an assigned request number.
    (b) Grants of requests for access. Once the Privacy Act Office 
makes a determination to grant a request for access in whole or in 
part, it shall notify the requester in writing. The notice shall inform 
the requester of any fee charged under Sec.  515.9 and the Privacy Act 
Office shall disclose records to the requester promptly on payment of 
any applicable fee. If a request is made in person, the Privacy Act 
Office will disclose the records to the requester directly, in a manner 
not unreasonably disruptive of its operations, on payment of any 
applicable fee and with a written record made of the grant of the 
request. If a requester is accompanied by another individual, the 
requester shall be required to authorize in writing any discussion of 
the records in the presence of the other person.
    (c) Adverse determinations of requests for access. If the Privacy 
Act Office makes any adverse determination denying a request for access 
in any respect, it shall notify the requester of that determination in 
writing. The notification letter shall be signed by the official making 
the determination and include:
    (1) The name and title of the person responsible for the denial;
    (2) A brief statement of the reason(s) for the denial, including 
any Privacy Act exemption(s) applied to the denial;
    (3) A statement that the denial may be appealed under Sec.  515.7 
and a description of the requirements of Sec.  515.7.


Sec.  515.6  Request for amendment or correction of records.

    (a) How made and addressed. An individual may make a request for an 
amendment or correction to a Commission record about that individual by 
writing directly to the Privacy Act Office, following the procedures in 
Sec.  515.3. The request should identify each particular record in 
question, state the amendment or correction that is sought, and state 
why the record is not accurate, relevant, timely, or complete. The 
request may include any documentation that would be helpful to 
substantiate the reasons for the amendment sought.
    (b) Privacy Act Office response. The Privacy Act Office shall, not 
later than 10 working days after receipt of a request for an amendment 
or correction of a record, acknowledge receipt of the request and 
provide notification of whether the request is granted or denied. If 
the request is granted in whole or in part, the Privacy Act Office 
shall describe the amendment or

[[Page 58893]]

correction made and shall advise the requester of the right to obtain a 
copy of the amended or corrected record. If the request is denied in 
whole or in part, the Privacy Act Office shall send a letter signed by 
the denying official stating:
    (1) The reason(s) for the denial; and
    (2) The procedure for appeal of the denial under paragraph (c) of 
this section.
    (c) Appeals. A requester may appeal a denial of a request for 
amendment or correction in the same manner as a denial of a request for 
access as described in Sec.  515.7. If the appeal is denied, the 
requester shall be advised of the right to file a Statement of 
Disagreement as described in paragraph (d) of this section and of the 
right under the Privacy Act for judicial review of the decision.
    (d) Statements of Disagreement. If the appeal under this section is 
denied in whole or in part, the requester has the right to file a 
Statement of Disagreement that states the reason(s) for disagreeing 
with the Privacy Act Office's denial of the request for amendment or 
correction. Statements of Disagreement must be concise, must clearly 
identify each part of any record that is disputed, and should be no 
longer than one typed page for each fact disputed. The Statement of 
Disagreement shall be placed in the system of records in which the 
disputed record is maintained and the record shall be marked to 
indicate a Statement of Disagreement has been filed.
    (e) Notification of amendment, correction, or disagreement. Within 
30 working days of the amendment or correction of the record, the 
Privacy Act Office shall notify all persons, organizations, or agencies 
to which it previously disclosed the record, if an accounting of that 
disclosure was made, that the record has been amended or corrected. If 
a Statement of Disagreement was filed, the Commission shall append a 
copy of it to the disputed record whenever the record is disclosed and 
may also append a concise statement of its reason(s) for denying the 
request to amend the record.
    (f) Records not subject to amendment. Section 515.13 lists the 
records that are exempt from amendment or correction.


Sec.  515.7  Appeals of initial adverse agency determination.

    (a) Adverse determination. An initial adverse agency determination 
of a request may consist of: A determination to withhold any requested 
record in whole or in part; a determination that a requested record 
does not exist or cannot be located; a determination that the requested 
record is not a record subject to the Privacy Act; a determination that 
a record will not be amended; a determination to deny a request for an 
accounting; a determination on any disputed fee matter; and any 
associated denial of a request for expedited treatment under the 
Commission's FOIA regulations.
    (b) Appeals. If the Privacy Act Office issues an adverse 
determination in response to a request, the requester may file a 
written notice of appeal. The notice shall be accompanied by the 
original request, the initial adverse determination that is being 
appealed, and a statement describing why the adverse determination was 
in error. The appeal shall be addressed to the Privacy Act Appeals 
Officer at the locations listed in Sec.  515.3 no later than 30 working 
days after the date of the letter denying the request. Both the appeal 
letter and envelope should be marked ``Privacy Act Appeal.'' Any 
Privacy Act appeals submitted via electronic mail should state 
``Privacy Act Appeal'' in the subject line.
    (c) Responses to appeals. The decision on appeal will be made in 
writing within 30 working days of receipt of the notice of appeal by 
the Privacy Act Appeals Officer. For good cause shown, however, the 
Privacy Act Appeals Officer may extend the 30 working day period. If 
such an extension is taken, the requester shall be promptly notified of 
such extension and the anticipated date of decision. A decision 
affirming an adverse determination in whole or in part will include a 
brief statement of the reason(s) for the determination, including any 
Privacy Act exemption(s) applied. If the adverse determination is 
reversed or modified in whole or in part, the requester will be 
notified in a written decision and the request will be reprocessed in 
accordance with that appeal decision. The response to the appeal shall 
also advise of the right to institute a civil action in a Federal 
district court for judicial review of the decision.
    (d) When appeal is required. In order to institute a civil action 
in a Federal district court for judicial review of an adverse 
determination, a requester must first appeal it under this section.


Sec.  515.8  Requests for an accounting of record disclosure.

    (a) How made and addressed. Subject to the exceptions listed in 
paragraph (b) of this section, an individual may make a request for an 
accounting of the disclosures of any record about that individual that 
the Commission has made to another person, organization, or agency. The 
accounting contains the date, nature and purpose of each disclosure, as 
well as the name and address of the person, organization, or agency to 
which the disclosure was made. The request for an accounting should 
identify each particular record in question and should be made in 
writing to the Commission's Privacy Act Office, following the 
procedures in Sec.  515.3.
    (b) Where accountings are not required. The Commission is not 
required to provide an accounting where they relate to:
    (1) Disclosures for which accountings are not required to be kept, 
such as those that are made to employees of the Commission who have a 
need for the record in the performance of their duties and disclosures 
that are made under section 552 of title 5;
    (2) Disclosures made to law enforcement agencies for authorized law 
enforcement activities in response to written requests from those law 
enforcement agencies specifying the law enforcement activities for 
which the disclosures are sought; or
    (3) Disclosures made from law enforcement systems of records that 
have been exempted from accounting requirements.
    (c) Appeals. A requester may appeal a denial of a request for an 
accounting in the same manner as a denial of a request for access as 
described in Sec.  515.7 and the same procedures will be followed.
    (d) Preservation of accountings. All accountings made under this 
section will be retained for at least five years or the life of the 
record, whichever is longer, after the disclosure for which the 
accounting is made.


Sec.  515.9  Notice of court-ordered and emergency disclosures.

    (a) Court-ordered disclosures. When a record pertaining to an 
individual is required to be disclosed by a court order, the Privacy 
Act Office shall make reasonable efforts to provide notice of this to 
the individual. Notice shall be given within a reasonable time after 
the Privacy Act Office's receipt of the order--except that in a case in 
which the order is not a matter of public record, the notice shall be 
given only after the order becomes public. This notice shall be mailed 
to the individual's last known address and shall contain a copy of the 
order and a description of the information disclosed. Notice shall not 
be given if disclosure is made from a criminal law enforcement system 
of records that has been exempted from the notice requirement.

[[Page 58894]]

    (b) Emergency disclosures. Upon disclosing a record pertaining to 
an individual made under compelling circumstances affecting health or 
safety, the Privacy Act Office shall, within a reasonable time, notify 
that individual of the disclosure. This notice shall be mailed to the 
individual's last known address and shall state the nature of the 
information disclosed; the person, organization, or agency to which it 
was disclosed; the date of disclosure; and the compelling circumstances 
justifying disclosure.


Sec.  515.10  Fees.

    The Commission shall charge fees for duplication of records under 
the Privacy Act in the same way in which it charges duplication fees 
under Sec.  517.9. No search or review fee may be charged for any 
record. Additionally, when the Privacy Act Office makes a copy of a 
record as a necessary part of reviewing the record or granting access 
to the record, the Commission shall not charge for the cost of making 
that copy. Otherwise, the Commission may charge a fee sufficient to 
cover the cost of duplicating a copy.


Sec.  515.11  Penalties.

    Any person who makes a false statement in connection with any 
request for access to a record, or an amendment thereto, under this 
part, is subject to the penalties prescribed in 18 U.S.C. 494 and 495.


Sec.  515.12  [Reserved]


Sec.  515.13  Specific exemptions.

    (a) The following systems of records are exempt from 5 U.S.C. 
552a(c)(3), (d), (e)(1) and (f):
    (1) Indian Gaming Individuals Records System.
    (2) Management Contract Individuals Record System.
    (b) The exemptions under paragraph (a) of this section apply only 
to the extent that information in these systems is subject to exemption 
under 5 U.S.C. 552a(k)(2). When compliance would not appear to 
interfere with or adversely affect the overall responsibilities of the 
Commission, with respect to licensing of key employees and primary 
management officials for employment in an Indian gaming operation, the 
applicable exemption may be waived by the Commission.
    (c) Exemptions from the particular sections are justified for the 
following reasons:
    (1) From 5 U.S.C. 552a(c)(3), because making available the 
accounting of disclosures to an individual who is the subject of a 
record could reveal investigative interest. This would permit the 
individual to take measures to destroy evidence, intimidate potential 
witnesses, or flee the area to avoid the investigation.
    (2) From 5 U.S.C. 552a(d), (e)(1), and (f) concerning individual 
access to records, when such access could compromise classified 
information related to national security, interfere with a pending 
investigation or internal inquiry, constitute an unwarranted invasion 
of privacy, reveal a sensitive investigative technique, or pose a 
potential threat to the Commission or its employees or to law 
enforcement personnel. Additionally, access could reveal the identity 
of a source who provided information under an express promise of 
confidentiality.
    (3) From 5 U.S.C. 552a(d)(2), because to require the Commission to 
amend information thought to be incorrect, irrelevant, or untimely, 
because of the nature of the information collected and the length of 
time it is maintained, would create an impossible administrative and 
investigative burden by continually forcing the Commission to resolve 
questions of accuracy, relevance, timeliness, and completeness.
    (4) From 5 U.S.C. 552a(e)(1) because:
    (i) It is not always possible to determine relevance or necessity 
of specific information in the early stages of an investigation.
    (ii) Relevance and necessity are matters of judgment and timing in 
that what appears relevant and necessary when collected may be deemed 
unnecessary later. Only after information is assessed can its relevance 
and necessity be established.
    (iii) In any investigation the Commission may receive information 
concerning violations of law under the jurisdiction of another agency. 
In the interest of effective law enforcement and under 25 U.S.C. 
2716(b), the information could be relevant to an investigation by the 
Commission.
    (iv) In the interviewing of individuals or obtaining evidence in 
other ways during an investigation, the Commission could obtain 
information that may or may not appear relevant at any given time; 
however, the information could be relevant to another investigation by 
the Commission.

Jonodev O. Chaudhuri,
Chairman.
Kathryn Isom-Clause,
Vice Chair.
E. Sequoyah Simermeyer,
Associate Commissioner.
[FR Doc. 2016-19749 Filed 8-25-16; 8:45 am]
 BILLING CODE 7565-01-P