[Federal Register Volume 85, Number 106 (Tuesday, June 2, 2020)]
[Notices]
[Pages 33701-33704]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-11770]


-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

Office of the Secretary

[DOI-2019-0013; 201D0102DM, DS6CS00000, DLSN00000.000000, DX6CS25]


Privacy Act of 1974; System of Records

AGENCY: Office of the Secretary, Interior.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Department of the Interior (DOI) is issuing a public 
notice of its intent to create a DOI Privacy Act system of records 
titled, ``INTERIOR/DOI-21, eRulemaking Program.'' This system of 
records helps DOI manage an eRulemaking Program and the associated 
rulemaking documents, public comments, and supporting materials 
submitted on its rulemakings and Federal Register notices. This newly 
established system will be included in DOI's inventory of record 
systems.

DATES: This new system will take effect upon publication. New routine 
uses will take effect July 2, 2020. Submit comments on or before July 
2, 2020.

ADDRESSES: You may submit comments identified by docket number [DOI-
2019-0013] by any of the following methods:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for sending comments.
     Email: [email protected]. Include docket number 
[DOI-2019-0013] in the subject line of the message.
     U.S. mail or hand-delivery: Teri Barnett, Departmental 
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, 
Room 7112, Washington, DC 20240.
    Instructions: All submissions received must include the agency name 
and docket number [DOI-2019-0013]. All comments received will be posted 
without change to http://www.regulations.gov, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Teri Barnett, Departmental Privacy 
Officer, U.S. Department of the Interior, 1849 C Street NW, Room 7112, 
Washington, DC 20240, [email protected] or (202) 208-1605.

SUPPLEMENTARY INFORMATION: 

I. Background

    The DOI Office of the Executive Secretariat and Regulatory Affairs 
manages regulatory policy for the Department and is establishing the 
INTERIOR/DOI-21, eRulemaking Program, system of records to process, 
analyze and manage documents, comments and supporting materials 
submitted by members of the public in response to proposed rulemakings 
and notices. The system is comprised of public comments and documents 
received from the public that contain personally identifiable 
information that may include names, mailing addresses, email addresses, 
or other information received as part of the public comment and 
regulatory review process.
    Public comments are published on Regulations.gov, a public facing 
website that provides public users ease of access to Federal regulatory 
content and a way to submit comments on regulatory documents published 
in the Federal Register. On Regulations.gov, the public can search, 
view, download, and comment on publicly available regulatory materials 
and post comments or provide supporting documents on rulemakings or 
Federal Register notices. Public comments published on Regulations.gov 
are maintained in the Federal Docket Management System (FDMS), a 
government-wide system that provides a platform for agencies to manage 
their rulemaking and content in Regulations.gov. FDMS allows Federal 
agencies to search, view, download, and review the public comments or 
supporting materials submitted on rulemakings and notices.
    Regulations.gov and FDMS are managed by the General Services 
Administration (GSA) as the managing partner and government shared 
services provider to Federal partner agencies. Although GSA manages 
Regulations.gov and FDMS and provides assistance to Federal partner 
agencies, each Federal partner agency accesses and manages its own 
rulemaking documents and comments in FDMS. Therefore, DOI is publishing 
this INTERIOR/DOI-21, eRulemaking Program, system of records notice to 
cover records collected, used and maintained by DOI in support of 
Federal rulemakings through FDMS and Regulations.gov, as well as, DOI 
bureau and office eRulemaking Programs that may include administrative 
records and comments, information, and documents received from the 
public as part of the public comment process through email 
correspondence, postal mail, or other methods. Each DOI bureau and 
office is responsible for managing its own docket and the comments or 
supporting materials submitted on its own rulemakings.

II. Privacy Act

    The Privacy Act of 1974, as amended, embodies fair information 
practice principles in a statutory framework governing the means by 
which Federal agencies collect, maintain, use, and disseminate 
individuals' records. The Privacy Act applies to records about 
individuals that are maintained in a ``system of records.'' A ``system 
of records'' is a group of any records under the control of an agency 
from which information is retrieved by the name of an individual or by 
some identifying number, symbol, or other identifying particular 
assigned to the individual. The Privacy Act defines an individual as a 
United States citizen or lawful permanent resident. Individuals may 
request access to their own records that are maintained in a system of 
records in the possession or under the control of DOI by complying with 
DOI Privacy Act regulations at 43 CFR part 2, subpart K, and following 
the procedures outlined in the Records Access, Contesting Record, and 
Notification Procedures sections of this notice.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the existence and character of each 
system of records that the agency maintains and the routine uses of 
each system. The INTERIOR/DOI-21, eRulemaking Program, system of 
records notice is published in its entirety below. In accordance with 5 
U.S.C. 552a(r), DOI has provided a report of this system of records to 
the Office of Management and Budget and to Congress.

[[Page 33702]]

III. Public Participation

    You should be aware that your entire comment including your 
personal identifying information, such as your address, phone number, 
email address, or any other personal identifying information in your 
comment, may be made publicly available at any time. While you may 
request to withhold your personal identifying information from public 
review, we cannot guarantee we will be able to do so.

SYSTEM NAME AND NUMBER:
    INTERIOR/DOI-21, eRulemaking Program.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Office of the Executive Secretariat, U.S. Department of the 
Interior, 1849 C Street NW, Mail Stop 7314 MIB, Washington, DC 20240; 
DOI bureaus and offices managing eRulemaking Program records; and 
General Services Administration servers located in the National 
Computer Center, Research Triangle Park, North Carolina.

SYSTEM MANAGER(S):
    Director, Office of the Executive Secretariat and Regulatory 
Affairs, U.S. Department of the Interior, 1849 C Street NW, Mail Stop 
7314 MIB, Washington, DC 20240.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    E-Government Act of 2002, Public Law 107-347, 206(d); 44 U.S.C. Ch 
36; 5 U.S.C. 301.

PURPOSE(S) OF THE SYSTEM:
    The eRulemaking Program helps DOI manage a central, electronic 
repository for all DOI rulemaking materials and dockets, which include 
the rulemaking itself, Federal Register notices, supporting materials 
such as scientific or economic analyses, and public comments. The 
electronic repository also includes non-rulemaking dockets. DOI uses 
Regulations.gov to accept public comments electronically and FDMS for 
comment analysis. Each DOI bureau and office manages its own docket and 
can only access the comments or supporting materials submitted on its 
own rulemakings.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by the system are any individuals--including 
public citizens; representatives of Federal, state, Tribal, or local 
governments; businesses; and industries--who provide personal 
information while submitting a comment or supporting materials on a 
Federal agency rulemaking.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Public comments and any supporting materials received in response 
to DOI rulemakings and Federal Register notices. Records may include 
names, mailing addresses, email addresses and other information about 
members of the public submitting comments in response to DOI 
rulemakings and notices. This system may also include administrative 
records, comment analyses, correspondence and other records related to 
the management of the eRulemaking Program that may contain personal 
information.

RECORD SOURCE CATEGORIES:
    Any individual who submits a comment or supporting materials on a 
DOI rulemaking.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DOI as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including Offices of the 
U.S. Attorneys, or other Federal agency conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is relevant or necessary to the litigation and one of the 
following is a party to the litigation or has an interest in such 
litigation:
    (1) DOI or any component of DOI;
    (2) Any other Federal agency appearing before the Office of 
Hearings and Appeals;
    (3) Any DOI employee or former employee acting in his or her 
official capacity;
    (4) Any DOI employee or former employee acting in his or her 
individual capacity when DOI or DOJ has agreed to represent that 
employee or pay for private representation of the employee; or
    (5) The United States Government or any agency thereof, when DOJ 
determines that DOI is likely to be affected by the proceeding.
    B. To a congressional office when requesting information on behalf 
of, and at the request of, the individual who is the subject of the 
record.
    C. To the Executive Office of the President in response to an 
inquiry from that office made at the request of the subject of a record 
or a third party on that person's behalf, or for a purpose compatible 
with the reason for which the records are collected or maintained.
    D. To any criminal, civil, or regulatory law enforcement authority 
(whether Federal, state, territorial, local, Tribal or foreign) when a 
record, either alone or in conjunction with other information, 
indicates a violation or potential violation of law--criminal, civil, 
or regulatory in nature, and the disclosure is compatible with the 
purpose for which the records were compiled.
    E. To an official of another Federal agency to provide information 
needed in the performance of official duties related to reconciling or 
reconstructing data files, or to enable that agency to respond to an 
inquiry by the individual to whom the record pertains.
    F. To Federal, state, territorial, local, Tribal, or foreign 
agencies that have requested information relevant or necessary to the 
hiring, firing or retention of an employee or contractor, or the 
issuance of a security clearance, license, contract, grant or other 
benefit, when the disclosure is compatible with the purpose for which 
the records were compiled.
    G. To representatives of the National Archives and Records 
Administration (NARA) to conduct records management inspections under 
the authority of 44 U.S.C. 2904 and 2906.
    H. To state, territorial, Tribal and local governments to provide 
information needed in response to court order and/or discovery purposes 
related to litigation, when the disclosure is compatible with the 
purpose for which the records were compiled.
    I. To an expert, consultant, grantee, or contractor (including 
employees of the contractor) of DOI that performs services requiring 
access to these records on DOI's behalf to carry out the purposes of 
the system.
    J. To appropriate agencies, entities, and persons when:
    (1) DOI suspects or has confirmed that there has been a breach of 
the system of records;
    (2) DOI has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DOI (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and
    (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DOI's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    K. To another Federal agency or Federal entity, when DOI determines 
that information from this system of

[[Page 33703]]

records is reasonably necessary to assist the recipient agency or 
entity in:
    (1) responding to a suspected or confirmed breach; or
    (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    L. To the Office of Management and Budget (OMB) during the 
coordination and clearance process in connection with legislative 
affairs as mandated by OMB Circular A-19.
    M. To the Department of the Treasury to recover debts owed to the 
United States.
    N. To the news media and the public, with the approval of the 
Public Affairs Officer in consultation with counsel and the Senior 
Agency Official for Privacy, where there exists a legitimate public 
interest in the disclosure of the information, except to the extent it 
is determined that release of the specific information in the context 
of a particular case would constitute an unwarranted invasion of 
personal privacy.
    O. To the General Services Administration (GSA) or other Federal 
agency operating under a shared service provider cross-servicing 
agreement with DOI for purposes relating to the processing and 
maintenance of records, to reconstitute the system in case of system 
failure or helpdesk request, and to ensure the integrity of the system 
and the effective management of the eRulemaking Program.
    P. To OMB, the Government Accountability Office (GAO), or other 
organization for the purpose of performing audit or oversight 
operations as authorized by law in accordance with their 
responsibilities for evaluating Federal programs, but only such 
information as is necessary and relevant to such audit or oversight 
function.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Paper records are contained in file folders stored in file cabinets 
in secure DOI controlled facilities. Electronic records are contained 
in removable drives, computers, email, electronic databases, backups 
maintained by DOI, and on secure servers maintained by GSA that are 
only accessed by authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records, comments and supporting materials submitted for DOI 
rulemakings may be retrieved by various data elements and key word 
searches, including: Name, docket type, docket sub-type, agency docket 
ID, docket title, docket category, document type, CFR part, date 
comment received, and Federal Register publication date.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Retention periods may vary depending on the program, notice or 
purpose of the rulemaking or publication. Records of public comments 
are retained and disposed of in accordance with applicable DOI records 
schedules that have been approved by NARA based on the subject or 
function and records series. The majority of public comments related to 
Federal Register notices fall under the DOI Departmental Records 
Schedule (DRS). Records related to Federal Register notices are covered 
by DRS 1, Short-term Administration Records (DAA-0048-2013-0001-0001), 
which have a temporary disposition and are destroyed 3 years after cut-
off. Records related to rulemaking are covered by DRS 3, Policy Records 
(DAA-0048-2013-0008-0010), Final Regulations, which have a Permanent 
disposition and are transferred to NARA 15 years after cut-off.
    Records of public comments are disposed of in accordance with the 
applicable DOI records retention schedules and policy based on the 
program area and agency needs. When approved for destruction, paper 
records are disposed of by shredding or pulping, and records contained 
on electronic media are degaussed or erased in accordance with NARA 
guidelines and 384 Departmental Manual 1.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The records contained in this system are safeguarded in accordance 
with 43 CFR 2.226 and other applicable security and privacy rules and 
policies. During normal hours of operation, paper records such as the 
original or scanned copies of the supporting materials received in 
response to DOI rulemakings and Federal Register notices are maintained 
in file cabinets under the control of authorized personnel.
    Computer servers on which electronic records are stored are located 
in secured DOI-controlled facilities with physical, technical, and 
administrative levels of security to prevent unauthorized access to the 
DOI network and information assets. Access granted to authorized 
personnel is password-protected, and each person granted access to the 
system must be individually authorized to use the system. A Privacy Act 
Warning Notice appears on the computer monitor screens when records 
containing information on individuals are first displayed. Data 
exchanged between the servers and the system is encrypted. Backup tapes 
are encrypted and stored in a locked and controlled room in a secure, 
off-site location.
    Computerized records systems follow the National Institute of 
Standards and Technology privacy and security standards as developed to 
comply with the Privacy Act of 1974 as amended, 5 U.S.C. 552a; the 
Paperwork Reduction Act of 1995, Public Law 104-13, as codified at 44 
U.S.C. 3501 et seq.; the Federal Information Security Modernization Act 
of 2014, Public Law 113-283, as codified at 44 U.S.C. 3551, et seq.; 
and the Federal Information Processing Standard 199, ``Standards for 
Security Categorization of Federal Information and Information 
Systems.'' Security controls include user identification, passwords, 
database permissions, encryption, firewalls, audit logs, network system 
security monitoring, and software controls.
    Access to records in the system is limited to authorized personnel 
who have a need to access the records in the performance of their 
official duties, and each user's access is restricted to only the 
functions and data necessary to perform that person's job 
responsibilities. System administrators and authorized users are 
trained and required to follow established internal security protocols 
and must complete all security, privacy, and records management 
training and sign the DOI Rules of Behavior.
    The GSA information technology system that hosts Regulations.gov 
and FDMS is located in a facility protected by physical walls, security 
guards, and requiring identification badges. Rooms housing the 
information technology system infrastructure are locked, as are the 
individual server racks. All security controls are reviewed on a 
periodic basis by external assessors. The controls themselves include 
measures for access control, security awareness training, audits, 
configuration management, contingency planning, incident response, and 
maintenance. Records in FDMS are maintained in a secure, password 
protected electronic system that utilizes security hardware and 
software to include multiple firewalls, active intrusion detection, 
encryption, identification and authentication of users.
    As a partner agency, DOI manages access to FDMS through designated 
account managers in order to establish, manage, and terminate DOI user

[[Page 33704]]

accounts. DOI bureaus and offices have access to comments and 
supporting materials submitted on their own rulemakings and are 
responsible for managing those records in accordance with DOI policies 
and regulations.

RECORD ACCESS PROCEDURES:
    An individual requesting records on himself or herself should send 
a signed, written inquiry to the applicable System Manager identified 
above. The request must include the specific bureau or office that 
maintains the record to facilitate the location of the applicable 
records. The request envelope and letter should both be clearly marked 
``PRIVACY ACT REQUEST FOR ACCESS.'' A request for access must meet the 
requirements of 43 CFR 2.238.

CONTESTING RECORD PROCEDURES:
    An individual requesting corrections or the removal of material 
from his or her records should send a signed, written request to the 
applicable System Manager as identified above. The request must include 
the specific bureau or office that maintains the record to facilitate 
the location of the applicable records. A request for corrections or 
removal must meet the requirements of 43 CFR 2.246.

NOTIFICATION PROCEDURES:
    An individual requesting notification of the existence of records 
on himself or herself should send a signed, written inquiry to the 
applicable System Manager as identified above. The request must include 
the specific bureau or office that maintains the record to facilitate 
the location of the applicable records. The request envelope and letter 
should both be clearly marked ``PRIVACY ACT INQUIRY.'' A request for 
notification must meet the requirements of 43 CFR 2.235.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Teri Barnett,
Departmental Privacy Officer, Department of the Interior.
[FR Doc. 2020-11770 Filed 6-1-20; 8:45 am]
 BILLING CODE 4334-63-P