[Federal Register Volume 83, Number 230 (Thursday, November 29, 2018)]
[Notices]
[Pages 61395-61398]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-25970]
=======================================================================
-----------------------------------------------------------------------
OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE
Privacy Act of 1974; System of Records
AGENCY: Office of the Director of National Intelligence (ODNI).
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: ODNI provides notice that it is establishing one new Privacy
Act system of records at the National Counterintelligence and Security
Center (NCSC). This new system of records is titled the NCSC Continuous
Evaluation System, also identified as ODNI/NCSC-003. This notice is
necessary to inform the public of the existence and character of
records that the agency maintains.
Continuous Evaluation (CE) is a personnel security investigative
process used to review the continued eligibility of individuals who
have been determined eligible for access to classified information or
to hold a sensitive position. Individuals subject to CE include current
Executive Branch employees, detailees, contractors, and other sponsored
individuals who are cleared for access to classified information or to
hold a sensitive position. The Departments and Agencies (D/As) that
sponsor these individuals for access to classified information or to
hold a sensitive position ``enroll'' the individuals (enrollees) for CE
by electronically entering their identifying information into a
technical system that carries out the CE capability.
All D/As are required to submit their qualifying populations to CE.
D/As may choose to develop a technical CE system of their own, or
subscribe to CE services provided by another agency. The ODNI/NCSC will
provide CE services to subscribing agencies. The NCSC CE System
leverages electronic checks of government and commercial databases and,
based on automated business rules, transmits alerts and reports to the
enrolling D/A. Datasets queried in the CE process are those that
contain security-relevant information, e.g., government-owned
financial, law enforcement, terrorism, foreign travel, and current
clearance status information. Credit data and commercially-obtained
aggregated data also is utilized. On receipt of the electronic prompt,
the personnel security function at the enrolling agency verifies that
the alert or report received pertains to the enrollee (the subject of
the electronic queries). Where the agency verifies that the alert or
report pertains to the enrollee, appropriate personnel security
officials review the nature of the alert or report to determine the
need for further investigation, as dictated by Federal Investigative
Standards requirements. Information obtained through the follow-on
investigation is considered in adjudicating the enrollee's continued
eligibility for access to classified information or to hold a sensitive
position.
The NCSC CE System retains the enrollment information (personal
identifiers as provided by the enrolling D/A) in order to facilitate
ongoing CE checks. The system does not retain the records returned from
the electronic database queries beyond the time needed to ensure proper
electronic delivery to the enrolling agency. Data necessary to
implement CE business rules, to perform program assessments, and to
satisfy auditing requirements will be retained.
D/As conducting CE will adhere to the principles articulated in the
Security Executive Agent Directive (SEAD) relating to CE (i.e., SEAD
6). A SEAD provides high level guidance and instruction for the conduct
of a personnel security process. SEAD 6 establishes policy and
requirements specifically related to CE.
DATES: This System of Records will go into effect on December 31, 2018,
unless comments are received that result in a contrary determination.
ADDRESSES: You may submit comments by any of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov.
Email: [email protected].
Mail: Director, Information Management Division, Strategy &
Engagement, ODNI, Washington, DC 20511.
FOR FURTHER INFORMATION CONTACT: Director, Information Management
Division, Strategy & Engagement, Office of the Director of National
Intelligence, at the addresses provided above.
SUPPLEMENTARY INFORMATION: The NCSC CE System implements the
requirements of Executive Orders 12968, as amended (Access to
Classified Information) and 13467, as amended, (Reforming Processes
Related to Suitability for Government Employment, Fitness for
Contractor Employees, and Eligibility for Access to Classified National
Security Information).
To protect classified and sensitive personnel or law enforcement
information covered by this new system of records, the Director of
National Intelligence (DNI) is proposing to exempt this system from
certain requirements of the Privacy Act where necessary, as permitted
by law. Accordingly, as required by the Privacy Act, a proposed rule is
being published concurrently with this notice seeking public comment
regarding exemptions claimed for this system. By previously established
rule, the DNI may exercise derivative exemption authority by preserving
the exempt status of records received from providing agencies when the
reason for the exemption remains valid. See 32 CFR part 1701.20 (a)(2)
(73 FR 16531, 16537).
SYSTEM NAME AND NUMBER:
Continuous Evaluation Records (ODNI/NCSC-003).
SECURITY CLASSIFICATION:
The classification of records in this system ranges from
UNCLASSIFIED to TOP SECRET.
SYSTEM LOCATION:
National Counterintelligence and Security Center, Office of the
Director of National Intelligence, Washington, DC 20511.
SYSTEM MANAGER(S):
Assistant Director, Special Security Directorate, ODNI/NCSC,
Washington, DC 20511.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The Intelligence Reform and Terrorism Prevention Act of 2004,
Public Law 108-458, 118 Stat. 3638 (Dec. 17, 2004); the National
Security Act of 1947, as amended, 50 U.S.C. 3023 et seq.; the
Counterintelligence Enhancement Act of 2002, as amended, 50 U.S.C.
3382; Executive Order 12333, 46 FR 59941 (1981), as amended by
Executive Order 13284, 68 FR 4075 (2003), Executive Order 13355, 69 FR
53593 (2004), and Executive Order 13470, 73 FR 45325 (2008); Executive
Order 13488, 74 FR 4111 (2009), as amended by Executive Order 13764, 82
[[Page 61396]]
FR 8115 (2017); Executive Order 13549, 75 FR 51609 (2010); Executive
Order 12968, 60 FR 40245 (1995), as amended by Executive Order 13467,
73 FR 38103 (2008), and Executive Order 13764, 82 FR 8115 (2017);
Executive Order 13467, as amended by Executive Order 13764 82 FR 8115
(2017).
PURPOSE(S) OF THE SYSTEM:
Records in this system of records are collected for the purpose of
electronically comparing enrollee identifying data against specified
U.S. Government (financial, law enforcement, terrorism, foreign travel,
and clearance status) databases and credit and commercial databases.
The comparison serves to identify security-relevant conduct, practices,
activities, or incidents that personnel security professionals can use,
consistent with the Federal Investigative Standards, to determine an
enrollee's continued eligibility for access to classified information
or to hold a sensitive position.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Executive Branch employees, detailees, contractors, and other
sponsored individuals who have been determined to be eligible for
access to classified information or eligible to hold a sensitive
position.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system maintains (i) biographic enrollment data including
name, date and place of birth, fingerprints, social security number,
gender, current address, other first or last names, prior address(es),
personal email address(es) and phone numbers, passport information,
employment type (contractor/government) or other status, and; (ii) data
returned from or about the automated record checks conducted against
current clearance status information and against financial, law
enforcement, credit, terrorism, foreign travel, and commercial
databases.
RECORD SOURCE CATEGORIES:
Record source categories include government-owned financial, law
enforcement, terrorism, foreign travel databases, and current clearance
status information, as well as credit and commercial entities, and
providers of aggregated public source data.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
The following routine uses, which have programmatic, law
enforcement, or oversight purposes, apply to this system of records:
(i) Except as noted on Standard Forms 85 and 86 and supplemental
forms thereto (questionnaires for employment in, respectively, ``non-
sensitive'' and ``national security'' positions within the Federal
Government), a record that on its face or in conjunction with other
information indicates or relates to a violation or potential violation
of law, whether civil, criminal, administrative, or regulatory in
nature, and whether arising by general statute, particular program
statute, regulation, rule, or order issued pursuant thereto, may be
disclosed as a routine use to an appropriate federal, state,
territorial, tribal, local law enforcement authority, foreign
government, or international law enforcement authority, or to an
appropriate regulatory body charged with investigating, enforcing, or
prosecuting such violations;
(ii) A record from a system of records maintained by the ODNI may
be disclosed as a routine use to representatives of another IC entity
addressing intelligence equities in the context of a legislative
proceding or hearing when ODNI interests are implicated, and the record
is relevant and necessary to the matter.
(iii) A record from a system of records maintained by the ODNI may
be disclosed as a routine use in a proceeding before a court or
adjudicative body when any of the following is a party to litigation or
has an interest in such litigation, and the ODNI, Office of General
Counsel, determines that use of such records is relevant and necessary
to the litigation: The ODNI; any staff of the ODNI in his or her
official capacity; any staff of the ODNI in his or her individual
capacity where the Department of Justice has agreed to represent the
staff or has agreed to provide counsel at government expense; or the
United States or another federal agency, where the ODNI, Office of
General Counsel, determines that litigation is likely to affect the
ODNI;
(iv) A record from this system of records may be disclosed to the
Department of Justice when (a) the ODNI, or any component thereof; or
(b) any employee of the ODNI in his or her official capacity; or (c)
any employee of the ODNI in his or her individual capacity where the
Department of Justice has agreed to represent the employee; or (d) the
United States, where the ODNI determines that litigation is likely to
affect the agency, or any of its components, is a party to litigation
or has an interest in such litigation, and the use of such records by
the Department of Justice is deemed by the agency to be relevant and
necessary to the litigation provided, however, that in each case, the
agency determines that disclosure of the records to the Department of
Justice is a use of the information contained in the records that is
compatible with the purpose for which the records were collected.
(v) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to representatives of the Department of
Justice and other U.S. Government entities, to the extent necessary to
obtain advice on any matter within the official responsibilities of
such representatives, and the responsibilities of the ODNI;
(vi) A record from a system of records maintained by the ODNI may
be disclosed as a routine use to a federal, state, or local agency or
other appropriate entities or individuals from which/whom information
may be sought relevant to: A decision concerning the hiring or
retention of an employee or other personnel action; the issuing or
retention of a security clearance or special access, contract, grant,
credential, or other benefit; or the conduct of an authorized
investigation or inquiry, to the extent necessary to identify the
individual, inform the source of the nature and purpose of the inquiry,
and identify the type of information requested;
(vii) A record from a system of records maintained by the ODNI may
be disclosed as a routine use to any federal, state, local, tribal, or
other public authority, or to a legitimate agency of a foreign
government or international authority to the extent the record is
relevant and necessary to the other entity's decision regarding the
hiring or retention of an employee or other personnel action; the
issuing or retention of a security clearance or special access,
contract, grant, license, or other benefit; or the conduct of an
authorized inquiry or investigation;
(viii) A record from a system of records maintained by the ODNI may
be disclosed as a routine use to any agency, for authorized audit
operations, and for meeting related reporting requirements, including
disclosure to the National Archives and Records Administration for
records management inspections and such other purposes conducted under
the authority of 44 U.S.C. 2904 and 2906, or successor provisions;
(ix) A record from a system of records maintained by the ODNI may
be disclosed as a routine use to contractors, grantees, experts,
consultants, or others when access to the record is necessary to
perform the function or service for which they have been engaged by the
ODNI;
[[Page 61397]]
(x) A record from a system of records maintained by the ODNI may be
disclosed as a routine use to any federal agency that has provided
employee enrollment data to the ODNI for purposes of conducting
continuous evaluation when records obtained by ODNI are relevant to the
enrolling agency's adjudication of the employee's continued eligibility
for access to classified information or to hold a sensitive position.
(xi) A record from a system of records maintained by the ODNI may
be disclosed as a routine use to appropriate agencies, entities, and
persons when (1) ODNI suspects or has confirmed that there has been a
breach of the system of records; (2) ODNI has determined that as a
result of the suspected or confirmed breach there is a risk of harm to
individuals, ODNI (including its information systems, programs, and
operations), the Federal Government, or national security; and (3) the
disclosure made to such agencies, entities, and persons is reasonably
necessary to assist in connection with the Department's efforts to
respond to the suspected or confirmed breach or to prevent, minimize,
or remedy such harm.
(xii) A record from a system of records maintained by the ODNI may
be disclosed as a routine use to another federal agency or federal
entity, when the ODNI determines that information from this system of
records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2)
preventing, minimizing, or remedying the risk of harm to individuals,
the recipient agency or entity (including its information systems,
programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
(xiii) A record from a system of records maintained by the ODNI may
be disclosed as a routine use to a federal, state, local, tribal,
territorial, foreign, or multinational agency or entity or to any other
appropriate entity or individual for any of the following purposes: To
provide notification of a serious terrorist threat for the purpose of
guarding against or responding to such threat; to assist in
coordination of terrorist threat awareness, assessment, analysis, or
response; or to assist the recipient in performing authorized
responsibilities relating to terrorism or counterterrorism;
(xiv) A record from a system of records maintained by the ODNI may
be disclosed as a routine use for the purpose of conducting or
supporting authorized counterintelligence activities as defined by
section 3003(3) of the National Security Act of 1947, as amended, to
elements of the Intelligence Community, as defined by section 3003(4)
of the National Security Act of 1947, as amended; to the head of any
federal agency or department; and to selected counterintelligence
officers within the Federal Government; and
(xv) A record from a system of records maintained by the ODNI may
be disclosed as a routine use to a federal, state, local, tribal,
territorial, foreign, or multinational government agency or entity, or
to other authorized entities or individuals, but only if such
disclosure is undertaken in furtherance of responsibilities conferred
by, and in a manner consistent with, the National Security Act of 1947,
as amended; the Counterintelligence Enhancement Act of 2002, as
amended; Executive Order 12333 or any successor order together with its
implementing procedures approved by the Attorney General; and other
provisions of law, Executive Order or directive relating to national
intelligence, or otherwise applicable to the ODNI. This routine use is
not intended to supplant the other routine uses published by the ODNI.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Electronic records are stored in secure file-servers located in
government-managed facilities or in government-leased private cloud-
based systems.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
The records in this system are retrieved by name, social security
number, or other unique identifier. Information may be retrieved from
this system of records by automated capabilities utilized in the normal
course of business. All searches of this system of records are
performed by authorized Executive Branch security personnel.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Pursuant to 44 U.S.C. 3303a(d) and 36 CFR Chapter 12, Subchapter
B--Records Management, CE records are covered by the National Archives
and Records Administration (NARA) General Records Schedule (GRS) 5.6,
Security records, Items 170 through 181, and will be retained and
disposed of according to those provisions. Biographic data and data
about protecting and accessing information will be retained consistent
with the Privacy Act of 1974, 5 U.S.C. 552a, and GRS 4.2, Information
Access and Protection Records. Records about security data and
information systems are listed in GRS 3.2, Information Systems Security
Records.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Information in this system is safeguarded in accordance with
recommended and/or prescribed administrative, physical, and technical
safeguards. Records are maintained in secure government-owned or leased
facilities with access limited to authorized personnel. Physical
security protections include guards and locked facilities requiring
badges and passwords for access. Records are accessed only by current
government-authorized personnel whose official duties require access to
the records. Electronic authorization and authentication of users is
required at all points before any system information can be accessed.
Communications are encrypted where required and other safeguards are in
place to monitor and audit access, and to detect intrusions. System
backup is maintained separately.
RECORD ACCESS PROCEDURES:
As specified below, records in this system have been exempted from
certain notification, access, and amendment procedures. A request for
access shall be made in writing with the envelope and letter clearly
marked ``Privacy Act Request.'' Requesters shall provide their full
name and complete address. The requester must sign the request and have
it verified by a notary public. Alternately, the request may be
submitted under 28 U.S.C. 1746, certifying the requester's identity and
understanding that obtaining a record under false pretenses constitutes
a criminal offense. Requests for access to information must be
addressed to the Director, Information Management Division, Strategy &
Engagement, Office of the Director of National Intelligence,
Washington, DC 20511. Regulations governing access to one's records or
for appealing an initial determination concerning access to records are
contained in the ODNI regulation implementing the Privacy Act, 32 CFR
part 1701 (73 FR 16531).
CONTESTING RECORD PROCEDURES:
As specified below, records in this system are exempt from certain
notification, access, and amendment procedures. Individuals seeking to
correct or amend non-exempt records should address their requests to
the ODNI at the address and according to the requirements set forth
above under the heading ``Record Access Procedures.'' Regulations
governing access to and amendment of one's records or for appealing an
initial determination concerning access or
[[Page 61398]]
amendment of records are contained in the ODNI regulation implementing
the Privacy Act, 32 CFR part 1701 (73 FR 16531).
NOTIFICATION PROCEDURES:
As specified below, records in this system are exempt from certain
notification, access, and amendment procedures. Individuals seeking to
learn whether this system contains non-exempt information about them
should address inquiries to the ODNI at the address and according to
the requirements set forth above under the heading ``Record Access
Procedures.''
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
The Privacy Act authorizes ODNI to exempt records contained in this
system of records from the requirements of subsections (c)(3); (d)(1),
(d)(2), (d)(3), (d)(4); (e)(1); (e)(4)(G), (H), (I); and (f) of the
Privacy Act pursuant to 5 U.S.C. 552a(k)(1), (k)(2) and (k)(5). In
addition, pursuant to published rule, ODNI may derivatively exempt
records from other agencies in this system from the requirements of the
subsections listed above, as well as subsections (c)(4); (e)(2),
(e)(3), (e)(5), (e)(8), (e)(12); and (g) of the Privacy Act consistent
with any exemptions claimed under 5 U.S.C. 552a(j) or (k) by the
originator of the record, provided the reason for the exemption remains
valid and necessary.
HISTORY:
The ODNI/NCSC CE Records is a new system of records. No previously
published ODNI system of records notice covers any aspect of continuous
evaluation.
In accordance with 5 U.S.C. 552(r), the ODNI has provided a report
of this new system of records to the Office of Management and Budget
and to Congress.
Patricia Gaviria,
Director, Information Management Division, Strategy & Engagement,
Office of the Director of National Intelligence.
[FR Doc. 2018-25970 Filed 11-28-18; 8:45 am]
BILLING CODE 3910-79-P-P