[Federal Register Volume 85, Number 250 (Wednesday, December 30, 2020)]
[Rules and Regulations]
[Pages 86511-86513]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-26612]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF TREASURY

31 CFR Part 1

RIN 1505-AC66


Privacy Act of 1974; Exemption

AGENCY: Departmental Offices, Department of the Treasury.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: In accordance with the requirements of the Privacy Act of 
1974, the Department of the Treasury, Departmental Offices (DO) gives 
notice of a final rule exemption for a new system of records entitled 
``Department of the Treasury, Departmental Offices .227--Committee on 
Foreign Investment in the United States (CFIUS) Case Management 
System,'' maintained by the Committee on Foreign Investment in the 
United States from certain provisions of the Privacy Act. The exemption 
is intended to comply with the legal prohibitions against the 
disclosure of certain kinds of information and to protect certain 
information maintained in this system of records.

DATES: Effective December 30, 2020.

FOR FURTHER INFORMATION CONTACT: Ryan Law, Deputy Assistant Secretary 
for Management, Office of Privacy, Transparency, and Records, 1750 
Pennsylvania Avenue NW, 8th Floor, Washington, DC 20220. Mr. Law may be 
reached via telephone at (202) 622- 5710 (not a toll free number).

SUPPLEMENTARY INFORMATION:

Background

    The Department of the Treasury (Treasury) published a notice of 
proposed rulemaking in the Federal Register, 85 FR 58308, September 18, 
2020, proposing to exempt portions of the system of records from one or 
more provisions of the Privacy Act. As background, in 2018, the Foreign 
Investment Risk Review Modernization Act of 2018 (FIRRMA), Subtitle A 
of Title XVII of Public Law 115-232, 132 Stat. 2173, was enacted. 
FIRRMA amends section 721 of the Defense Production Act of 1950, as 
amended (Section 721), which delineates the authorities and 
jurisdiction of the Committee on Foreign Investment in the United 
States (CFIUS). FIRRMA maintains CFIUS's jurisdiction over any 
transaction that could result in foreign control of any U.S. business, 
and broadens the authorities of the President and CFIUS under Section 
721 to review and take action to address any national security concerns 
arising from certain non-controlling investments and certain real 
estate transactions involving foreign persons.
    Executive Order 13456, 73 FR 4677 (January 23, 2008), directs the 
Secretary of the Treasury to issue regulations implementing Section 
721. On January 17, 2020, Treasury published two rules broadly 
implementing FIRRMA, and those rules took effect on February 13, 2020. 
85 FR 3112 and 85 FR 3158. Subsequent amendments were made to the 
regulations in 2020. 85 FR 8747, 85 FR 45311, and 85 FR 57124.
    In addition to the exemptions below, pursuant to section 721(c) of 
the Defense Production Act of 1950, as amended, 50 U.S.C. 4565(c) and 
subject to certain exceptions provided therein, any information or 
documentary material filed with the President or CFIUS under Section 
721 is exempt from disclosure under the Freedom of Information Act, as 
amended (FOIA), 5 U.S.C. 552, and no such information or documentary 
material may be made public.
    Treasury published separately the notice of the new system of 
records maintained by CFIUS. 85 FR 55534, as amended.
    Under 5 U.S.C. 552a(k)(1), the head of a Federal agency may 
promulgate rules to exempt a system of records from certain provisions 
of 5 U.S.C. 552a if the system of records is subject to the exemption 
contained in section 552(b)(1) of title 5. (FOIA exemption (b)(1) 
protects from disclosure information that is ``specifically authorized 
under criteria established by an Executive order to be kept secret in 
the interest of national defense or foreign policy'' and is ``in fact 
properly classified pursuant to such Executive order.'')
    Under 5 U.S.C. 552a(k)(2), the head of a Federal agency may 
promulgate rules to exempt a system of records from certain provisions 
of 5 U.S.C. 552a if the system of records contains investigatory 
materials compiled for law enforcement purposes that are not within the 
scope of subsection (j)(2) of the Privacy Act (which applies to 
agencies and

[[Page 86512]]

components thereof that perform as their principal function any 
activity pertaining to the enforcement of criminal laws).
    To the extent that this system of records contains classified 
information protected by 5 U.S.C.552a(k)(1) or investigatory materials 
compiled for law enforcement purposes protected by 5 U.S.C. 552a(k)(2), 
Treasury exempts the following system of records from various 
provisions of the Privacy Act: DO .227 CFIUS Case Management System.
    Under 5 U.S.C. 552a(k)(1) and (k)(2), Treasury exempts certain 
records in the above-referenced system of records from 5 U.S.C. 
552a(c)(3), (d)(1), (2), (3), and (4), (e)(1), (e)(4)(G), (H), and (I), 
and (f) of the Privacy Act. See 31 CFR 1.36.
    The following are the reasons why the classified records and 
investigatory materials contained in the above-referenced systems of 
records maintained by CFIUS may be exempted from various provisions of 
the Privacy Act pursuant to 5 U.S.C. 552a(k)(1) and (k)(2).
    (1) From 5 U.S.C. 552a(c)(3) (Accounting for Disclosures) because 
release of the accounting of disclosures of the records in this system 
could alert individuals that they have been identified as a national 
security threat or the subject of an analysis related to the national 
security interests of the United States, to the existence of the 
analysis, and reveal the interest on the part of Treasury or CFIUS as 
well as the recipient agency. Disclosure of the accounting would 
present a serious impediment to efforts to protect national security 
interests by giving individuals an opportunity to learn whether they 
have been identified as subjects of a national security-related 
analysis. As further described in the following paragraph, access to 
such knowledge would impair Treasury's ability to carry out its 
mission, since individuals could:
    (i) Take steps to avoid analysis;
    (ii) inform associates that a national security analysis is in 
progress;
    (iii) learn the nature of the national security analysis;
    (iv) learn the scope of the national security analysis;
    (v) begin, continue, or resume conduct that may pose a threat to 
national security upon inferring they may not be part of a national 
security analysis because their records were not disclosed; or
    (vi) destroy information relevant to the national security 
analysis.
    (2) From subsection 5 U.S.C. 552a(d)(1), (d)(2), (d)(3), and (d)(4) 
(Access to Records), because access to a portion of the records 
contained in this system of records could inform individuals whether 
they have been identified as a national security threat or the subject 
of an analysis related to the national security interests of the United 
States, to the existence of the analysis and reveal the interest on the 
part of Treasury, CFIUS or another agency. Access to the records would 
present a serious impediment to efforts to protect national security 
interests by permitting the individual who is the subject of a record 
to learn whether they have been identified as subjects of a national 
security-related analysis. Access to such knowledge would impair 
Treasury's ability to carry out its mission, since individuals could 
take steps to impede the analysis and avoid detection, including the 
steps described in paragraph (1)(i)-(vi) of this section. Amendment of 
the records would interfere with ongoing analysis and impose an 
impossible administrative burden given CFIUS's statutory deadlines. The 
information contained in the system may also include classified 
information, the release of which would pose a threat to the national 
security of the United States. In addition, permitting access and 
amendment to such information could disclose sensitive security 
information that could be detrimental to Treasury.
    (3) From subsection 5 U.S.C. 552a(e)(1) (Relevance and Necessity of 
Information), because in the course of its operations, CFIUS must be 
able to review information from a variety of sources. What information 
is relevant and necessary may not always be apparent until after the 
evaluation is completed. In the interests of national security, it is 
appropriate to include a broad range of information that may aid in 
identifying and assessing the nature and scope of foreign threats to 
the United States. Additionally, the accuracy of information obtained 
or introduced occasionally may be unclear, or the information may not 
be strictly relevant or necessary to a specific analysis. In the 
interests of national security, it is appropriate to retain all 
information that may aid in establishing patterns of suspicious foreign 
investment activity.
    (4) From subsection 5 U.S.C. 552a(e)(4)(G), (H), and (I) (Agency 
Requirements), and 5 U.S.C. 552a(f), because portions of this system 
are exempt from the access and amendment provisions of subsection (d). 
The reason for invoking the exemption is to protect material authorized 
to be kept secret in the interest of national security pursuant to 
Executive Orders 12968, 13526, successor or prior Executive Orders, and 
other legal authorities relevant to the intelligence responsibilities 
of Treasury.
    Any information from a system of records for which an exemption is 
claimed under 5 U.S.C. 552a(k)(1) or 5 U.S.C. 552a(k)(2) which is also 
included in another system of records retains the same exempt status 
such information has in the system of records for which such exemption 
is claimed.
    This final rule is not a ``significant regulatory action''' under 
Executive Order 12866.
    Pursuant to the requirements of the Regulatory Flexibility Act 
(RFA), 5 U.S.C. 601-612, it is hereby certified that this rule will not 
have significant economic impact on a substantial number of small 
entities. The term ``small entity'' is defined to have the same meaning 
as the terms ``small business,'' ``small organization'' and ``small 
governmental jurisdiction'' as defined in the RFA.
    The regulation, issued under sections (k)(1) and (k)(2) of the 
Privacy Act, exempts certain information maintained by Treasury in the 
above-referenced systems of records from certain Privacy Act rights of 
individuals who are United States citizens or aliens lawfully admitted 
for permanent residence. In as much as the Privacy Act rights are 
personal and apply only to U.S. citizens or an alien lawfully admitted 
for permanent residence, small entities, as defined in the RFA, are not 
provided rights under the Privacy Act and are outside the scope of this 
regulation.

Public Comments

    Treasury received one comment on the notice of proposed rulemaking, 
but it was outside the scope of the rulemaking. No comments were 
received on the system of records notice. Treasury will implement the 
rulemaking as proposed.

List of Subjects in 31 CFR Part 1

    Courts, Freedom of information, Government employees, Privacy.

    For the reasons stated in the preamble, part 1 of Title 31 of the 
Code of Federal Regulations is amended as follows:

PART 1--[AMENDED]

0
1. The authority citation for part 1 continues to read as follows:

    Authority:  5 U.S.C. 301 and 31 U.S.C. 321. Subpart A also 
issued under 5 U.S.C. 552, as amended. Subpart C also issued under 5 
U.S.C. 552a, as amended.


0
2. In Sec.  1.36, amend the tables in paragraphs (c)(1)(ii) and 
(g)(1)(ii) by adding in alphanumeric order an entry

[[Page 86513]]

for ``DO .227 CFIUS Case Management System'' to read as follows:


Sec.  1.36   Systems exempt in whole or in part from provisions of 5 
U.S.C. 552a and this part.

* * * * *
    (c) * * *
    (1) * * *
    (ii) * * *

------------------------------------------------------------------------
                         No.                              System name
------------------------------------------------------------------------
 
                                * * * * *
DO .227.............................................  CFIUS Case
                                                       Management
                                                       System.
 
                                * * * * *
------------------------------------------------------------------------

* * * * *
    (g) * * *
    (1) * * *
    (ii) * * *

------------------------------------------------------------------------
                         No.                              System name
------------------------------------------------------------------------
 
                                * * * * *
DO .227.............................................  CFIUS Case
                                                       Management
                                                       System.
 
                                * * * * *
------------------------------------------------------------------------

* * * * *

Ryan Law,
Deputy Assistant Secretary Privacy, Transparency, and Records, U.S. 
Department of the Treasury.
[FR Doc. 2020-26612 Filed 12-29-20; 8:45 am]
BILLING CODE P