[Federal Register Volume 85, Number 106 (Tuesday, June 2, 2020)]
[Notices]
[Pages 33701-33704]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-11770]
-----------------------------------------------------------------------
DEPARTMENT OF THE INTERIOR
Office of the Secretary
[DOI-2019-0013; 201D0102DM, DS6CS00000, DLSN00000.000000, DX6CS25]
Privacy Act of 1974; System of Records
AGENCY: Office of the Secretary, Interior.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as
amended, the Department of the Interior (DOI) is issuing a public
notice of its intent to create a DOI Privacy Act system of records
titled, ``INTERIOR/DOI-21, eRulemaking Program.'' This system of
records helps DOI manage an eRulemaking Program and the associated
rulemaking documents, public comments, and supporting materials
submitted on its rulemakings and Federal Register notices. This newly
established system will be included in DOI's inventory of record
systems.
DATES: This new system will take effect upon publication. New routine
uses will take effect July 2, 2020. Submit comments on or before July
2, 2020.
ADDRESSES: You may submit comments identified by docket number [DOI-
2019-0013] by any of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov.
Follow the instructions for sending comments.
Email: [email protected]. Include docket number
[DOI-2019-0013] in the subject line of the message.
U.S. mail or hand-delivery: Teri Barnett, Departmental
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW,
Room 7112, Washington, DC 20240.
Instructions: All submissions received must include the agency name
and docket number [DOI-2019-0013]. All comments received will be posted
without change to http://www.regulations.gov, including any personal
information provided.
Docket: For access to the docket to read background documents or
comments received, go to http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Teri Barnett, Departmental Privacy
Officer, U.S. Department of the Interior, 1849 C Street NW, Room 7112,
Washington, DC 20240, [email protected] or (202) 208-1605.
SUPPLEMENTARY INFORMATION:
I. Background
The DOI Office of the Executive Secretariat and Regulatory Affairs
manages regulatory policy for the Department and is establishing the
INTERIOR/DOI-21, eRulemaking Program, system of records to process,
analyze and manage documents, comments and supporting materials
submitted by members of the public in response to proposed rulemakings
and notices. The system is comprised of public comments and documents
received from the public that contain personally identifiable
information that may include names, mailing addresses, email addresses,
or other information received as part of the public comment and
regulatory review process.
Public comments are published on Regulations.gov, a public facing
website that provides public users ease of access to Federal regulatory
content and a way to submit comments on regulatory documents published
in the Federal Register. On Regulations.gov, the public can search,
view, download, and comment on publicly available regulatory materials
and post comments or provide supporting documents on rulemakings or
Federal Register notices. Public comments published on Regulations.gov
are maintained in the Federal Docket Management System (FDMS), a
government-wide system that provides a platform for agencies to manage
their rulemaking and content in Regulations.gov. FDMS allows Federal
agencies to search, view, download, and review the public comments or
supporting materials submitted on rulemakings and notices.
Regulations.gov and FDMS are managed by the General Services
Administration (GSA) as the managing partner and government shared
services provider to Federal partner agencies. Although GSA manages
Regulations.gov and FDMS and provides assistance to Federal partner
agencies, each Federal partner agency accesses and manages its own
rulemaking documents and comments in FDMS. Therefore, DOI is publishing
this INTERIOR/DOI-21, eRulemaking Program, system of records notice to
cover records collected, used and maintained by DOI in support of
Federal rulemakings through FDMS and Regulations.gov, as well as, DOI
bureau and office eRulemaking Programs that may include administrative
records and comments, information, and documents received from the
public as part of the public comment process through email
correspondence, postal mail, or other methods. Each DOI bureau and
office is responsible for managing its own docket and the comments or
supporting materials submitted on its own rulemakings.
II. Privacy Act
The Privacy Act of 1974, as amended, embodies fair information
practice principles in a statutory framework governing the means by
which Federal agencies collect, maintain, use, and disseminate
individuals' records. The Privacy Act applies to records about
individuals that are maintained in a ``system of records.'' A ``system
of records'' is a group of any records under the control of an agency
from which information is retrieved by the name of an individual or by
some identifying number, symbol, or other identifying particular
assigned to the individual. The Privacy Act defines an individual as a
United States citizen or lawful permanent resident. Individuals may
request access to their own records that are maintained in a system of
records in the possession or under the control of DOI by complying with
DOI Privacy Act regulations at 43 CFR part 2, subpart K, and following
the procedures outlined in the Records Access, Contesting Record, and
Notification Procedures sections of this notice.
The Privacy Act requires each agency to publish in the Federal
Register a description denoting the existence and character of each
system of records that the agency maintains and the routine uses of
each system. The INTERIOR/DOI-21, eRulemaking Program, system of
records notice is published in its entirety below. In accordance with 5
U.S.C. 552a(r), DOI has provided a report of this system of records to
the Office of Management and Budget and to Congress.
[[Page 33702]]
III. Public Participation
You should be aware that your entire comment including your
personal identifying information, such as your address, phone number,
email address, or any other personal identifying information in your
comment, may be made publicly available at any time. While you may
request to withhold your personal identifying information from public
review, we cannot guarantee we will be able to do so.
SYSTEM NAME AND NUMBER:
INTERIOR/DOI-21, eRulemaking Program.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Office of the Executive Secretariat, U.S. Department of the
Interior, 1849 C Street NW, Mail Stop 7314 MIB, Washington, DC 20240;
DOI bureaus and offices managing eRulemaking Program records; and
General Services Administration servers located in the National
Computer Center, Research Triangle Park, North Carolina.
SYSTEM MANAGER(S):
Director, Office of the Executive Secretariat and Regulatory
Affairs, U.S. Department of the Interior, 1849 C Street NW, Mail Stop
7314 MIB, Washington, DC 20240.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
E-Government Act of 2002, Public Law 107-347, 206(d); 44 U.S.C. Ch
36; 5 U.S.C. 301.
PURPOSE(S) OF THE SYSTEM:
The eRulemaking Program helps DOI manage a central, electronic
repository for all DOI rulemaking materials and dockets, which include
the rulemaking itself, Federal Register notices, supporting materials
such as scientific or economic analyses, and public comments. The
electronic repository also includes non-rulemaking dockets. DOI uses
Regulations.gov to accept public comments electronically and FDMS for
comment analysis. Each DOI bureau and office manages its own docket and
can only access the comments or supporting materials submitted on its
own rulemakings.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered by the system are any individuals--including
public citizens; representatives of Federal, state, Tribal, or local
governments; businesses; and industries--who provide personal
information while submitting a comment or supporting materials on a
Federal agency rulemaking.
CATEGORIES OF RECORDS IN THE SYSTEM:
Public comments and any supporting materials received in response
to DOI rulemakings and Federal Register notices. Records may include
names, mailing addresses, email addresses and other information about
members of the public submitting comments in response to DOI
rulemakings and notices. This system may also include administrative
records, comment analyses, correspondence and other records related to
the management of the eRulemaking Program that may contain personal
information.
RECORD SOURCE CATEGORIES:
Any individual who submits a comment or supporting materials on a
DOI rulemaking.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DOI as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To the Department of Justice (DOJ), including Offices of the
U.S. Attorneys, or other Federal agency conducting litigation or in
proceedings before any court, adjudicative, or administrative body,
when it is relevant or necessary to the litigation and one of the
following is a party to the litigation or has an interest in such
litigation:
(1) DOI or any component of DOI;
(2) Any other Federal agency appearing before the Office of
Hearings and Appeals;
(3) Any DOI employee or former employee acting in his or her
official capacity;
(4) Any DOI employee or former employee acting in his or her
individual capacity when DOI or DOJ has agreed to represent that
employee or pay for private representation of the employee; or
(5) The United States Government or any agency thereof, when DOJ
determines that DOI is likely to be affected by the proceeding.
B. To a congressional office when requesting information on behalf
of, and at the request of, the individual who is the subject of the
record.
C. To the Executive Office of the President in response to an
inquiry from that office made at the request of the subject of a record
or a third party on that person's behalf, or for a purpose compatible
with the reason for which the records are collected or maintained.
D. To any criminal, civil, or regulatory law enforcement authority
(whether Federal, state, territorial, local, Tribal or foreign) when a
record, either alone or in conjunction with other information,
indicates a violation or potential violation of law--criminal, civil,
or regulatory in nature, and the disclosure is compatible with the
purpose for which the records were compiled.
E. To an official of another Federal agency to provide information
needed in the performance of official duties related to reconciling or
reconstructing data files, or to enable that agency to respond to an
inquiry by the individual to whom the record pertains.
F. To Federal, state, territorial, local, Tribal, or foreign
agencies that have requested information relevant or necessary to the
hiring, firing or retention of an employee or contractor, or the
issuance of a security clearance, license, contract, grant or other
benefit, when the disclosure is compatible with the purpose for which
the records were compiled.
G. To representatives of the National Archives and Records
Administration (NARA) to conduct records management inspections under
the authority of 44 U.S.C. 2904 and 2906.
H. To state, territorial, Tribal and local governments to provide
information needed in response to court order and/or discovery purposes
related to litigation, when the disclosure is compatible with the
purpose for which the records were compiled.
I. To an expert, consultant, grantee, or contractor (including
employees of the contractor) of DOI that performs services requiring
access to these records on DOI's behalf to carry out the purposes of
the system.
J. To appropriate agencies, entities, and persons when:
(1) DOI suspects or has confirmed that there has been a breach of
the system of records;
(2) DOI has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, DOI (including
its information systems, programs, and operations), the Federal
Government, or national security; and
(3) the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with DOI's efforts to
respond to the suspected or confirmed breach or to prevent, minimize,
or remedy such harm.
K. To another Federal agency or Federal entity, when DOI determines
that information from this system of
[[Page 33703]]
records is reasonably necessary to assist the recipient agency or
entity in:
(1) responding to a suspected or confirmed breach; or
(2) preventing, minimizing, or remedying the risk of harm to
individuals, the recipient agency or entity (including its information
systems, programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
L. To the Office of Management and Budget (OMB) during the
coordination and clearance process in connection with legislative
affairs as mandated by OMB Circular A-19.
M. To the Department of the Treasury to recover debts owed to the
United States.
N. To the news media and the public, with the approval of the
Public Affairs Officer in consultation with counsel and the Senior
Agency Official for Privacy, where there exists a legitimate public
interest in the disclosure of the information, except to the extent it
is determined that release of the specific information in the context
of a particular case would constitute an unwarranted invasion of
personal privacy.
O. To the General Services Administration (GSA) or other Federal
agency operating under a shared service provider cross-servicing
agreement with DOI for purposes relating to the processing and
maintenance of records, to reconstitute the system in case of system
failure or helpdesk request, and to ensure the integrity of the system
and the effective management of the eRulemaking Program.
P. To OMB, the Government Accountability Office (GAO), or other
organization for the purpose of performing audit or oversight
operations as authorized by law in accordance with their
responsibilities for evaluating Federal programs, but only such
information as is necessary and relevant to such audit or oversight
function.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Paper records are contained in file folders stored in file cabinets
in secure DOI controlled facilities. Electronic records are contained
in removable drives, computers, email, electronic databases, backups
maintained by DOI, and on secure servers maintained by GSA that are
only accessed by authorized personnel.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records, comments and supporting materials submitted for DOI
rulemakings may be retrieved by various data elements and key word
searches, including: Name, docket type, docket sub-type, agency docket
ID, docket title, docket category, document type, CFR part, date
comment received, and Federal Register publication date.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Retention periods may vary depending on the program, notice or
purpose of the rulemaking or publication. Records of public comments
are retained and disposed of in accordance with applicable DOI records
schedules that have been approved by NARA based on the subject or
function and records series. The majority of public comments related to
Federal Register notices fall under the DOI Departmental Records
Schedule (DRS). Records related to Federal Register notices are covered
by DRS 1, Short-term Administration Records (DAA-0048-2013-0001-0001),
which have a temporary disposition and are destroyed 3 years after cut-
off. Records related to rulemaking are covered by DRS 3, Policy Records
(DAA-0048-2013-0008-0010), Final Regulations, which have a Permanent
disposition and are transferred to NARA 15 years after cut-off.
Records of public comments are disposed of in accordance with the
applicable DOI records retention schedules and policy based on the
program area and agency needs. When approved for destruction, paper
records are disposed of by shredding or pulping, and records contained
on electronic media are degaussed or erased in accordance with NARA
guidelines and 384 Departmental Manual 1.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The records contained in this system are safeguarded in accordance
with 43 CFR 2.226 and other applicable security and privacy rules and
policies. During normal hours of operation, paper records such as the
original or scanned copies of the supporting materials received in
response to DOI rulemakings and Federal Register notices are maintained
in file cabinets under the control of authorized personnel.
Computer servers on which electronic records are stored are located
in secured DOI-controlled facilities with physical, technical, and
administrative levels of security to prevent unauthorized access to the
DOI network and information assets. Access granted to authorized
personnel is password-protected, and each person granted access to the
system must be individually authorized to use the system. A Privacy Act
Warning Notice appears on the computer monitor screens when records
containing information on individuals are first displayed. Data
exchanged between the servers and the system is encrypted. Backup tapes
are encrypted and stored in a locked and controlled room in a secure,
off-site location.
Computerized records systems follow the National Institute of
Standards and Technology privacy and security standards as developed to
comply with the Privacy Act of 1974 as amended, 5 U.S.C. 552a; the
Paperwork Reduction Act of 1995, Public Law 104-13, as codified at 44
U.S.C. 3501 et seq.; the Federal Information Security Modernization Act
of 2014, Public Law 113-283, as codified at 44 U.S.C. 3551, et seq.;
and the Federal Information Processing Standard 199, ``Standards for
Security Categorization of Federal Information and Information
Systems.'' Security controls include user identification, passwords,
database permissions, encryption, firewalls, audit logs, network system
security monitoring, and software controls.
Access to records in the system is limited to authorized personnel
who have a need to access the records in the performance of their
official duties, and each user's access is restricted to only the
functions and data necessary to perform that person's job
responsibilities. System administrators and authorized users are
trained and required to follow established internal security protocols
and must complete all security, privacy, and records management
training and sign the DOI Rules of Behavior.
The GSA information technology system that hosts Regulations.gov
and FDMS is located in a facility protected by physical walls, security
guards, and requiring identification badges. Rooms housing the
information technology system infrastructure are locked, as are the
individual server racks. All security controls are reviewed on a
periodic basis by external assessors. The controls themselves include
measures for access control, security awareness training, audits,
configuration management, contingency planning, incident response, and
maintenance. Records in FDMS are maintained in a secure, password
protected electronic system that utilizes security hardware and
software to include multiple firewalls, active intrusion detection,
encryption, identification and authentication of users.
As a partner agency, DOI manages access to FDMS through designated
account managers in order to establish, manage, and terminate DOI user
[[Page 33704]]
accounts. DOI bureaus and offices have access to comments and
supporting materials submitted on their own rulemakings and are
responsible for managing those records in accordance with DOI policies
and regulations.
RECORD ACCESS PROCEDURES:
An individual requesting records on himself or herself should send
a signed, written inquiry to the applicable System Manager identified
above. The request must include the specific bureau or office that
maintains the record to facilitate the location of the applicable
records. The request envelope and letter should both be clearly marked
``PRIVACY ACT REQUEST FOR ACCESS.'' A request for access must meet the
requirements of 43 CFR 2.238.
CONTESTING RECORD PROCEDURES:
An individual requesting corrections or the removal of material
from his or her records should send a signed, written request to the
applicable System Manager as identified above. The request must include
the specific bureau or office that maintains the record to facilitate
the location of the applicable records. A request for corrections or
removal must meet the requirements of 43 CFR 2.246.
NOTIFICATION PROCEDURES:
An individual requesting notification of the existence of records
on himself or herself should send a signed, written inquiry to the
applicable System Manager as identified above. The request must include
the specific bureau or office that maintains the record to facilitate
the location of the applicable records. The request envelope and letter
should both be clearly marked ``PRIVACY ACT INQUIRY.'' A request for
notification must meet the requirements of 43 CFR 2.235.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
None.
Teri Barnett,
Departmental Privacy Officer, Department of the Interior.
[FR Doc. 2020-11770 Filed 6-1-20; 8:45 am]
BILLING CODE 4334-63-P