[Federal Register Volume 83, Number 198 (Friday, October 12, 2018)]
[Notices]
[Pages 51675-51677]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-22230]
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
Office of the Secretary
[Docket ID DOD-2018-OS-0073]
Privacy Act of 1974; System of Records
AGENCY: Defense Human Resources Activity, DoD.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: The Office of the Secretary of Defense proposes to add a
system of records titled, ``DoD Sexual Assault Prevention and Response
Office Victim Assistance Data Systems, DHRA 18 DoD.'' This system is
used to track victim-related inquiries received by the Sexual Assault
Prevention and Response Office (SAPRO) via email, SAPRO.mil, the DoD
Safe Helpline, phone, or mail. Once received, inquiries are referred to
the appropriate agency point of contact and/or to the DoD Office of the
Inspector General for any complaints concerning the Military Criminal
Investigative Organization to address the matter(s) raised and
appropriately facilitate a resolution. In addition, the system will
track and facilitate unrestricted and anonymous notifications of sexual
abuse and harassment in Military Correctional Facilities, in accordance
with the Prison Rape Elimination Act (PREA).
DATES: Comments will be accepted on or before November 13, 2018. This
proposed action will be effective the date following the end of the
comment period unless comments are received which result in a contrary
determination.
ADDRESSES: You may submit comments, identified by docket number and
title, by any of the following methods:
Federal Rulemaking Portal: http://www.regulations.gov. Follow the
instructions for submitting comments.
Mail: Department of Defense, Office of the Chief Management
Officer, Directorate of Oversight and Compliance, 4800 Mark Center
Drive, Mailbox #24, Suite 08D09, Alexandria, VA 22350-1700.
Instructions: All submissions received must include the agency name
and docket number for this Federal Register document. The general
policy for comments and other submissions from members of the public is
to make these submissions available for public viewing on the internet
at http://www.regulations.gov as they are received without change,
including any personal identifiers or contact information.
FOR FURTHER INFORMATION CONTACT: Mrs. Luz D. Ortiz, Chief, Records,
Privacy and Declassification Division (RPDD), 1155 Defense Pentagon,
Washington, DC 20311-1155, or by phone at (571) 372-0478.
SUPPLEMENTARY INFORMATION: The Sexual Assault Prevention and Response
Office (SAPRO) is responsible for oversight of the Department's sexual
assault policy per DoD Directive 6495.01, ``Sexual Assault Prevention
and Response (SAPR) Program,'' and helps ensure compliance with 28 CFR
115, Prison Rape Elimination Act National Standards. The SAPRO works
hand-in-hand with the Military Services and the civilian community to
develop, educate, and implement innovative sexual assault prevention
and response programs to provide additional information to DoD
personnel to increase awareness and promote reporting of sexual
assaults. The DoD SAPRO Victim Assistance Data Systems provides the
SAPRO with the necessary means to process and track victim-related
inquires and PREA notifications received by the SAPRO.
The Office of the Secretary of Defense notices for systems of
records subject to the Privacy Act of 1974, as amended, have been
published in the Federal Register and are available from the address in
FOR FURTHER INFORMATION CONTACT or at the Defense Privacy, Civil
Liberties, and Transparency Division website at http://dpcld.defense.gov/privacy.
The proposed systems reports, as required by of the Privacy Act, as
amended, were submitted on August 21, 2018, to the House Committee on
Oversight and Government Reform, the Senate Committee on Homeland
Security and Governmental Affairs, and the Office of Management and
Budget
[[Page 51676]]
(OMB) pursuant to Section 6 to OMB Circular No. A-108, ``Federal Agency
Responsibilities for Review, Reporting, and Publication under the
Privacy Act,'' revised December 23, 2016 (December 23, 2016, 81 FR
94424).
Dated: October 9, 2018.
Aaron T. Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
SYSTEM NAME AND NUMBER
DoD Sexual Assault Prevention and Response Office Victim Assistance
Data Systems, DHRA 18 DoD.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
DoD Sexual Assault Prevention and Response Office (SAPRO), 4800
Mark Center Drive, Alexandria, VA 22350-1500. Amazon Web Services
(AWS), 12900 Worldgate Drive, Suite 800, Herndon, VA 20170-6040.
SYSTEM MANAGER(S):
Senior Victim Assistance Advisor, DoD SAPRO, 4800 Mark Center
Drive, Alexandria, VA 22350-1500; telephone 571-372-2657; email [email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
10 U.S.C. 136, Under Secretary of Defense for Personnel and
Readiness; 28 CFR 115, Prison Rape Elimination Act National Standards;
DoD Directive 6495.01, Sexual Assault Prevention and Response (SAPR)
Program; DoD Instruction 6495.02, Sexual Assault Prevention and
Response (SAPR) Program Procedures.
PURPOSE(S) OF THE SYSTEM:
To track victim-related inquiries and follow-up support service
requests by the SAPRO via email, SAPR.mil, the DoD Safe Helpline (SHL),
phone, or mail; to respond to requests for SHL marketing and
promotional materials; to allow individuals to provide feedback on the
services of a sexual assault response coordinator (SARC), victim
advocate, or other military staff or employee on their installation/
base; to maintain a searchable referrals database that houses contact
information for SARCs, medical, legal, chaplain, military police
resources, and civilian sexual assault service providers; to provide
user access to the Safe Helpline Report Database; to track and
facilitate unrestricted and anonymous notifications of sexual abuse and
harassment in Military Correctional Facilities, in accordance with the
Prison Rape Elimination Act (PREA).
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who request materials or provide feedback on military
sexual assault services; SARCs, medical, legal, chaplain, military
police, and civilian sexual assault responders; Reportable database
users; and individuals who contact the DoD SHL or SAPRO for assistance,
follow-up support services, or who provide information about sexual
abuse and harassment occurring at Military Correctional Facilities
under the Prison Rape Elimination Act.
CATEGORIES OF RECORDS IN THE SYSTEM:
For inquiries, feedback, or support requests the following
information may be collected: Requestor/inquirer's full name or
pseudonym, personal/work telephone number and email address, home
address, user type/position (e.g. victim/survivor, family friend,
Service member, military spouse, DoD civilian employee, etc.), Service
affiliation, rank, base/installation, state, and age; how the inquiry
was received (written, email, telephone), type of inquiry (e.g., Army,
Navy, Air Force, legal, command, law enforcement, inspector general,
medical, DoD Safe Helpline, report of sexual assault, training, etc.),
and category of inquiry (e.g., general complaint, criticism of SAPR
Personnel or program, general information request, raising a policy
issue, report of misconduct, request for Service referral, report of
retaliation, praise of SAPR personnel or program); victim's name,
Service affiliation, status/position, installation, and inquiry number;
installation where the interaction took place, date of incident, the
name and/or office and title of the military personnel about which the
feedback is being submitted, year assault was reported, if command and/
or a Military Criminal Investigation Office was involved, and case
synopsis; documents that inquirer submits to SAPRO; permission for
SAPRO to follow up on the inquiry; agency to which the inquiry was
referred, agency action officer name, documents sent to or received
from relevant agency in support of the inquiry, suspense date, and case
synopsis sent to the agency; dates that final status was sent to
requester and date the inquiry was closed; comments and dates tracking
communication between SAPRO, agencies, and inquirer.
PREA notifications may include: Type of notification (e.g.,
anonymous report via SAPRO, Unrestricted report via SARC, Unrestricted
report via SAPRO, etc.); date and time of notification; location and
date/time of the incident; victim's full name (for unrestricted
reports); caller's full name (for unrestricted reports); caller's
contact information (as applicable); caller's relationship to the
victim (self or third party); permission from inmate for SAPRO to
forward the notification for investigation; SARC location and phone
number (unrestricted reports only) and details provided by the caller
about the nature of the incident (not including PII for all anonymous
reports).
When requesting materials about the Program, the following
information may be collected: First and last name, shipping address,
personal or work email, installation/base, rank (if applicable),
status/position (e.g., Sexual Assault Response Coordinator (SARC),
victim advocate, third party organization, etc.), affiliation (e.g.,
Service, family member, veteran, etc.), and an open comment field for
questions and suggestions.
For the DoD and civilian responders the following information may
be collected: Name and work-related contact information (installation/
base, address, email, phone number).
RECORD SOURCE CATEGORIES:
The individual.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act of 1974, as amended, the records contained
herein may specifically be disclosed outside the DoD as a routine use
pursuant to 5 U.S.C. 552a(b)(3) as follows:
a. To the Department of Veterans Affairs to facilitate the
resolution of questions regarding benefits and care in support of a
diagnosis with the Veterans Health Affairs related to Military Sexual
Trauma and with the Veterans Benefits Affairs in obtaining benefits.
b. To contractors, grantees, experts, consultants, students, and
others performing or working on a contract, service, grant, cooperative
agreement, or other assignment for the federal government when
necessary to accomplish an agency function related to this system of
records.
c. To the appropriate Federal, State, local, territorial, tribal,
foreign, or international law enforcement authority or other
appropriate entity where a record, either alone or in conjunction with
other information, indicates a violation or potential violation of law,
whether criminal, civil, or regulatory in nature.
d. To any component of the Department of Justice for the purpose of
representing the DoD, or its components, officers, employees, or
[[Page 51677]]
members in pending or potential litigation to which the record is
pertinent.
e. In an appropriate proceeding before a court, grand jury, or
administrative or adjudicative body or official, when the DoD or other
Agency representing the DoD determines that the records are relevant
and necessary to the proceeding; or in an appropriate proceeding before
an administrative or adjudicative body when the adjudicator determines
the records to be relevant to the proceeding.
f. To the National Archives and Records Administration for the
purpose of records management inspections conducted under the authority
of 44 U.S.C. 2904 and 2906.
g. To a Member of Congress or staff acting upon the Member's behalf
when the Member or staff requests the information on behalf of, and at
the request of, the individual who is the subject of the record.
h. To appropriate agencies, entities, and persons when (1) the DoD
suspects or has confirmed there was a breach of the system of records;
(2) the DoD determined as a result of the suspected or confirmed breach
there is a risk of harm to individuals, the DoD (including its
information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies,
entities, and persons is reasonably necessary to assist in connection
with the DoD's efforts to respond to the suspected or confirmed breach
or to prevent, minimize, or remedy such harm.
i. To another Federal agency or Federal entity, when the DoD
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
System records are stored on electronic storage media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Name; date of inquiry; and/or Military Correctional Facility, as
appropriate.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Victim Related-Inquiry Tracking Files (DD Form 2985 and 2985-1):
Records are destroyed 25 years after the end of the calendar year in
which the case was resolved.
DD Form 2985-2, Materials Request: Records are destroyed three (3)
months after the end of the fiscal year in which the request for
material was completed or cancelled.
Responder Database: Obsolete and revised are destroyed one (1) year
after the end of the fiscal year.
Reportal Administrative Database: After three (3) continuous years
of inactivity, records are closed at the end of that fiscal year; and
destroyed after an additional 25 years.
Follow-up Support System: Records are destroyed 25 years after the
end of the fiscal year of the close-out of the communication.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Victim-related inquiry records are maintained in a controlled
facility employing physical safeguards including the use of combination
locks and identification badges. Access to electronic data files in the
system is role-based, restricted to personnel with a need to know, and
requires a Common Access Card (CAC) and password. Electronic data is
also protected via encryption. The database cannot be accessed from the
outside as it does not reside on a server and all records are
accessible only to authorized persons with a need to know who are
properly screened, cleared and trained.
SHL servers are maintained within the Amazon Web Services (AWS)
GovCloud network infrastructure. The protections on the network include
firewalls, passwords, and web-common security architecture. AWS
restricts physical access to the data centers where the SHL servers
reside. Physical access logs are reviewed and analyzed on a daily basis
by AWS personnel. All PII is stored in a password-protected environment
with internal access only. All individuals with access to the data
undergo a background investigation and sign a nondisclosure agreement.
RECORD ACCESS PROCEDURES:
Individuals seeking access to records about themselves contained in
this system should address written inquiries to the Office of the
Secretary of Defense/Joint Staff, Freedom of Information Act Requester
Service Center, 1155 Defense Pentagon, Washington, DC 20301-1155.
Signed, written requests should contain the name of the individual, the
name and number of this system of records notice, date of incident and/
or Military Correctional Facility, if applicable.
In addition, the requester must provide either a notarized
statement or an unsworn declaration made in accordance with 28 U.S.C.
1746, in the following format:
If executed outside the United States: ``I declare (or certify,
verify, or state) under penalty of perjury under the laws of the United
States of America that the foregoing is true and correct. Executed on
(date). (Signature).''
If executed within the United States, its territories, possessions,
or commonwealths: ``I declare (or certify, verify, or state) under
penalty of perjury that the foregoing is true and correct. Executed on
(date). (Signature).''
CONTESTING RECORD PROCEDURES:
The OSD rules for accessing records, for contesting contents and
appealing initial agency determinations are published in OSD
Administrative Instruction 81; 32 CFR part 311; or may be obtained from
the system manager.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether information about
themselves is contained in this system of records should address
written inquiries to Senior Victim Assistance Advisor, DoD SAPRO,
Victim Assistance, 4800 Mark Center Drive, Alexandria, VA 22350-1500.
Signed, written requests should contain the name of the requester,
the name of the original inquirer, the name of the victim, date of
incident and/or Military Correctional Facility, if applicable.
In addition, the requester must provide either a notarized
statement or an unsworn declaration made in accordance with 28 U.S.C.
1746, in the following format:
If executed outside the United States: ``I declare (or certify,
verify, or state) under penalty of perjury under the laws of the United
States of America that the foregoing is true and correct. Executed on
(date). (Signature).''
If executed within the United States, its territories, possessions,
or commonwealths: ``I declare (or certify, verify, or state) under
penalty of perjury that the foregoing is true and correct. Executed on
(date). (Signature).''
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
N/A.
[FR Doc. 2018-22230 Filed 10-11-18; 8:45 am]
BILLING CODE 5001-06-P