[Federal Register Volume 86, Number 132 (Wednesday, July 14, 2021)]
[Notices]
[Pages 37181-37184]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-14985]


-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

National Park Service

[DOI-2021-0001; PPWOVPADU0/POPFR2021.XZ0000]


Privacy Act of 1974; System of Records

AGENCY: National Park Service, Interior.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Department of the Interior (DOI) is issuing a public 
notice of its intent to modify the National Park Service (NPS) Privacy 
Act system of records, INTERIOR/NPS-1, Special Use Permits. DOI is 
updating this system of records notice (SORN) to update the 
authorities, system location, and categories of records; propose new 
and modified routine uses; and add new sections and make general 
updates to remaining sections to accurately reflect management of the 
system of records in accordance with the Office of Management and 
Budget (OMB) policy. This modified system will be included in DOI's 
inventory of record systems.

DATES: This modified system will be effective upon publication. New or

[[Page 37182]]

modified routine uses will be effective August 13, 2021. Submit 
comments on or before August 13, 2021.

ADDRESSES: You may send comments identified by docket number [DOI-2021-
0001] by any of the following methods:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for sending comments.
     Email: [email protected]. Include docket number 
[DOI-2021-0001] in the subject line of the message.
     U.S. mail or hand-delivery: Teri Barnett, Departmental 
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, 
Room 7112, Washington, DC 20240.
    Instructions: All submissions received must include the agency name 
and docket number [DOI-2021-0001]. All comments received will be posted 
without change to http://www.regulations.gov, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Felix Uribe, Associate Privacy 
Officer, National Park Service, 12201 Sunrise Valley Drive, Reston, VA 
20192, [email protected] or (202) 354-6925.

SUPPLEMENTARY INFORMATION:

I. Background

    The NPS maintains the ``Special Use Permits--Interior, NPS-1'' 
system of records. The purpose of the system is to provide park 
superintendents with information to approve or deny requests for 
activities on NPS managed park lands that provide a benefit to an 
individual, group or organization, rather than the public at large. The 
system also assists park staff to ensure that the permitted activity 
does not interfere with the enjoyment of the park by visitors and that 
the natural and cultural resources of the park are protected. DOI is 
publishing this revised notice to update the system location, 
categories of records; add sections for security classification, 
purpose and history of the system of records, and make general updates 
to the remaining sections to accurately reflect management of the 
system of records in accordance with OMB Circular A-108, Federal Agency 
Responsibilities for Review, Reporting, and Publication under the 
Privacy Act. DOI is revising the authority to replace former provisions 
in accordance with the new Title 54 of the U.S. Code, which includes 
only laws applicable to NPS. DOI is proposing to modify existing 
routine uses to provide clarity and transparency, and to facilitate 
sharing of information with agencies and organizations to promote the 
integrity of the records in the system or carry out a statutory 
responsibility of the DOI or Federal Government. Additionally, DOI is 
proposing to add two new routine uses to facilitate sharing with the 
Executive Office of the President to resolve issues upon request of the 
subject of the record and with other Federal agencies or entities to 
respond to a breach of personally identifiable information (PII).
    Routine use A was slightly modified to further clarify disclosures 
to the Department of Justice (DOJ) or other Federal agencies when 
necessary in relation to litigation or judicial hearings. Routine use B 
was modified to clarify disclosures to a congressional office to 
respond to or resolve an individual's request made to that office. 
Proposed routine use C facilitates sharing of information with the 
Executive Office of the President to resolve issues concerning 
individuals' records. Routine use I was modified to include grantees to 
facilitate sharing of information when authorized and necessary to 
perform services on DOI's behalf. Modified routine use J and proposed 
routine use K allow DOI and NPS to share information with appropriate 
Federal agencies or entities when reasonably necessary to respond to a 
breach of PII and to prevent, minimize, or remedy the risk of harm to 
individuals or the Federal Government, or assist an agency in locating 
individuals affected by a breach in accordance with OMB Memorandum M-
17-12, Preparing for and Responding to a Breach of Personally 
Identifiable Information. Routine use N was modified to clarify 
circumstances where information may be shared with the news media and 
the public.

II. Privacy Act

    The Privacy Act of 1974, as amended, embodies fair information 
practice principles in a statutory framework governing the means by 
which Federal agencies collect, maintain, use, and disseminate 
individuals' records. The Privacy Act applies to records about 
individuals that are maintained in a ``system of records.'' A ``system 
of records'' is a group of any records under the control of an agency 
from which information is retrieved by the name of an individual or by 
some identifying number, symbol, or other identifying particular 
assigned to the individual. The Privacy Act defines an individual as a 
United States citizen or lawful permanent resident. Individuals may 
request access to their own records that are maintained in a system of 
records in the possession or under the control of DOI by complying with 
DOI Privacy Act regulations at 43 CFR part 2, subpart K, and following 
the procedures outlined in the Records Access, Contesting Record, and 
Notification Procedures sections of this notice.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the existence and character of each 
system of records that the agency maintains and the routine uses of 
each system. The INTERIOR/NPS-1, Special Use Permits, system of records 
notice is published in its entirety below. In accordance with 5 U.S.C. 
552a(r), DOI has provided a report of this system of records to the 
Office of Management and Budget and to Congress.

III. Public Participation

    You should be aware your entire comment including your personally 
identifiable information, such as your address, phone number, email 
address, or any other personal information in your comment, may be made 
publicly available at any time. While you may request to withhold your 
personally identifiable information from public review, we cannot 
guarantee we will be able to do so.

SYSTEM NAME AND NUMBER:
    INTERIOR/NPS-1, Special Use Permits.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    This system is managed by the Special Park Uses Program, 1849 C 
Street NW, Mail Stop 2460, Washington, DC 20240. Records are located at 
the parks responsible for issuing special use permits. A current 
listing of park offices and contact information may be obtained by 
visiting the NPS website at http://www.nps.gov or by contacting the 
System Manager.

SYSTEM MANAGER(S):
    Special Park Uses Program Manager, 1849 C Street NW, Mail Stop 
2460, Washington, DC 20240.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Title 54, United States Code, National Park Service and Related 
Programs.

PURPOSE(S) OF THE SYSTEM:
    The purpose of the system is to provide park superintendents with 
information to approve or deny requests for activities on NPS managed 
park lands that provide a benefit to an individual, group or 
organization, rather

[[Page 37183]]

than the public at large. The system also helps park staff ensure that 
the permitted activity does not interfere with the enjoyment of the 
park by visitors and that the natural and cultural resources of the 
park are protected.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by the system include NPS employees and 
contractors responsible for processing applications for special use 
permits, applicants of special use permits, and holders of special use 
permits. This system contains records concerning corporations and other 
business entities, which are not subject to the Privacy Act. However, 
records pertaining to individuals acting on behalf of corporations and 
other business entities may reflect personal information that may be 
maintained in this system of records.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system contains: (1) Applications for special use permits; (2) 
decisions, correspondence or records generated in support of the 
program; and (3) supporting documentation for permitted activities 
containing site plans, diagrams, story boards or scripts, crowd control 
and emergency medical plans and proposed site plan(s). These records 
may include name, organization, Social Security number, Tax 
Identification Number (TIN), date of birth, address, telephone number, 
fax number, email address, person's position title; information of 
proposed activity including park alpha code, permit number, date, 
location, number of participants and vehicles, type of use, equipment, 
support personnel for the activity, company, project name and type, 
fees, liability insurance information; payment information including 
amounts paid, credit card number, credit card expiration date, check 
number, money order number, bank or financial institution, account 
number, payment reference number and tracking ID number; information on 
special activities including number of minors, livestock, aircraft 
type, special effects, special effect technician's license and permit 
number, stunts, unusual or hazardous activities; information on 
driver's license including number, state, and expiration date; vehicle 
information including year, make, color, weight, plate number, and 
insurance information.

RECORD SOURCE CATEGORIES:
    Records in the system are obtained from applicants of special use 
permits and holders of special use permits.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DOI as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including Offices of the 
U.S. Attorneys, or other Federal agency conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is relevant or necessary to the litigation and one of the 
following is a party to the litigation or has an interest in such 
litigation:
    (1) DOI or any component of DOI;
    (2) Any other Federal agency appearing before the Office of 
Hearings and Appeals;
    (3) Any DOI employee or former employee acting in his or her 
official capacity;
    (4) Any DOI employee or former employee acting in his or her 
individual capacity when DOI or DOJ has agreed to represent that 
employee or pay for private representation of the employee; or
    (5) The United States Government or any agency thereof, when DOJ 
determines that DOI is likely to be affected by the proceeding.
    B. To a congressional office when requesting information on behalf 
of, and at the request of, the individual who is the subject of the 
record.
    C. To the Executive Office of the President in response to an 
inquiry from that office made at the request of the subject of a record 
or a third party on that person's behalf, or for a purpose compatible 
with the reason for which the records are collected or maintained.
    D. To any criminal, civil, or regulatory law enforcement authority 
(whether Federal, state, territorial, local, tribal or foreign) when a 
record, either alone or in conjunction with other information, 
indicates a violation or potential violation of law--criminal, civil, 
or regulatory in nature, and the disclosure is compatible with the 
purpose for which the records were compiled.
    E. To an official of another Federal agency to provide information 
needed in the performance of official duties related to reconciling or 
reconstructing data files or to enable that agency to respond to an 
inquiry by the individual to whom the record pertains.
    F. To Federal, state, territorial, local, tribal, or foreign 
agencies that have requested information relevant or necessary to the 
hiring, firing or retention of an employee or contractor, or the 
issuance of a security clearance, license, contract, grant or other 
benefit, when the disclosure is compatible with the purpose for which 
the records were compiled.
    G. To representatives of the National Archives and Records 
Administration (NARA) to conduct records management inspections under 
the authority of 44 U.S.C. 2904 and 2906.
    H. To state, territorial and local governments and tribal 
organizations to provide information needed in response to court order 
and/or discovery purposes related to litigation, when the disclosure is 
compatible with the purpose for which the records were compiled.
    I. To an expert, consultant, grantee, or contractor (including 
employees of the contractor) of DOI that performs services requiring 
access to these records on DOI's behalf to carry out the purposes of 
the system.
    J. To appropriate agencies, entities, and persons when:
    (1) DOI suspects or has confirmed that there has been a breach of 
the system of records;
    (2) DOI has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DOI (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and
    (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DOI's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    K. To another Federal agency or Federal entity, when DOI determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in:
    (1) responding to a suspected or confirmed breach; or
    (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    L. To the Office of Management and Budget (OMB) during the 
coordination and clearance process in connection with legislative 
affairs as mandated by OMB Circular A-19.
    M. To the Department of the Treasury to recover debts owed to the 
United States.
    N. To the news media and the public, with the approval of the 
Public Affairs Officer in consultation with counsel and

[[Page 37184]]

the Senior Agency Official for Privacy, where there exists a legitimate 
public interest in the disclosure of the information, except to the 
extent it is determined that release of the specific information in the 
context of a particular case would constitute an unwarranted invasion 
of personal privacy.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    Disclosure pursuant to 5 U.S.C. 552a(b)(12). Disclosures may be 
made from this system to consumer reporting agencies as defined in the 
Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims 
Act of 1966 (31 U.S.C. 3701(a)(3)).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Paper records are contained in file folders stored within filing 
cabinets. Electronic records are maintained in computers, computer 
databases, email, and electronic media such as removable hard drives, 
magnetic disks, compact discs, and computer tapes.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records in the system are retrieved by permittee's name, permit 
number or date of activity.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system are retained in accordance with the NPS 
Service Records Schedule Resource Management and Lands (Category 1). 
This schedule has been approved by NARA (Job No. N1-79-08-1). The 
disposition is temporary. Retention of records with short-term 
operational value and not considered essential for the ongoing 
management of land and cultural and natural resources are destroyed 15 
years after closure. Paper records are disposed of by shredding or 
pulping, and records contained on electronic media are degaussed or 
erased in accordance with 384 Departmental Manual 1.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The records contained in this system are safeguarded in accordance 
with 43 CFR 2.226 and other applicable security rules and policies. 
Paper records are maintained in file cabinets located in secured DOI 
facilities under the control of authorized personnel.
    Access to DOI networks and records in this system requires DOI 
credentials or a valid username, password and is limited to DOI 
personnel who have a need to know the information for the performance 
of their official duties. Computers and storage media are encrypted in 
accordance with DOI security policy. Computers containing files are 
password protected to restrict unauthorized access. The computer 
servers in which electronic records are stored are located in secured 
DOI facilities.
    Computerized records systems follow the National Institute of 
Standards and Technology privacy and security standards as developed to 
comply with the Privacy Act of 1974, as amended, 5 U.S.C. 552a; 
Paperwork Reduction Act of 1995, 44 U.S.C. 3501 et seq.; Federal 
Information Security Modernization Act of 2014, 44 U.S.C. 3551 et seq.; 
and the Federal Information Processing Standards 199: Standards for 
Security Categorization of Federal Information and Information Systems. 
Security controls include user identification, passwords, database 
permissions, encryption, firewalls, audit logs, and network system 
security monitoring, and software controls.
    Access to records in the system is limited to authorized personnel 
who have a need to access the records in the performance of their 
official duties, and each user's access is restricted to only the 
functions and data necessary to perform that person's job 
responsibilities. System administrators and authorized users are 
trained and required to follow established internal security protocols 
and must complete all security, privacy, and records management 
training and sign the DOI Rules of Behavior.

RECORD ACCESS PROCEDURES:
    An individual requesting records on himself or herself should send 
a signed, written inquiry to the applicable System Manager identified 
above. The request must include the specific bureau or office that 
maintains the record to facilitate location of the applicable records. 
The request envelope and letter should both be clearly marked ``PRIVACY 
ACT REQUEST FOR ACCESS.'' A request for access must meet the 
requirements of 43 CFR 2.238.

CONTESTING RECORD PROCEDURES:
    An individual requesting corrections or the removal of material 
from his or her records should send a signed, written request to the 
applicable System Manager as identified above. The request must include 
the specific bureau or office that maintains the record to facilitate 
location of the applicable records. A request for corrections or 
removal must meet the requirements of 43 CFR 2.246.

NOTIFICATION PROCEDURES:
    An individual requesting notification of the existence of records 
on himself or herself should send a signed, written inquiry to the 
applicable System Manager as identified above. The request must include 
the specific bureau or office that maintains the record to facilitate 
location of the applicable records. The request envelope and letter 
should both be clearly marked ``PRIVACY ACT INQUIRY.'' A request for 
notification must meet the requirements of 43 CFR 2.235.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    79 FR 9272 (February 18, 2014).

Teri Barnett,
Departmental Privacy Officer, Department of the Interior.
[FR Doc. 2021-14985 Filed 7-13-21; 8:45 am]
BILLING CODE 4312-52-P