[Federal Register Volume 86, Number 243 (Wednesday, December 22, 2021)]
[Rules and Regulations]
[Pages 72523-72525]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-27706]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
Office of the Secretary
32 CFR Part 310
[Docket ID: DoD-2020-OS-0095]
RIN 0790-AK96
Privacy Act of 1974; Implementation
AGENCY: Office of the Secretary of Defense (OSD), Department of Defense
(DoD).
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The DoD is issuing a final rule to amend its regulations to
exempt portions of the DoD-0004, ``Defense Repository for Common
Enterprise Data (DRCED),'' system of records from certain provisions of
the Privacy Act of 1974.
DATES: This rule is effective on January 21, 2022.
FOR FURTHER INFORMATION CONTACT: Ms. Lyn Kirby, [email protected],
(703) 571-0070.
SUPPLEMENTARY INFORMATION:
Discussion of Comments and Changes
The proposed rule published in the Federal Register (86 FR 498-499)
on January 6, 2021. Comments were accepted for 60 days until March 8,
2021. A total of four comments were received. Please see the summarized
comments and the Department's response as follows:
Commentators generally agreed that exempting national security and
classified data is appropriate under this exemption rule and that
exempting national security and classified information is in the best
interests of the Department and the Nation. Notwithstanding that, a
majority of the comments voiced a desire for more transparency about
the classification process itself within the DoD. Although these
comments do not directly pertain to the Privacy Act and the exemption
claimed for this system of records notice (SORN), to promote public
understanding in this area a description of the classification process
at DoD is provided below.
Executive Order 13526 prescribes the framework for the Federal
Government (to include DoD) to classify national security information.
Only DoD personnel who hold positions of trust and are delegated
original classification authority in writing are authorized to review
the Department's information and determine whether damage would result
to national security if that information were disclosed to the public.
Several oversight and compliance mechanisms exist to ensure the
classification of information process is appropriate.
These safeguards include the following: Personnel authorized to
make classification determinations are required to receive training in
proper classification, including the avoidance of over-classification,
and declassification at least once a calendar year; information may
only be classified if it pertains to specific categories or subjects,
including military plans, weapons systems, or operations and
intelligence activities; and agency heads must (on a periodic basis)
complete a comprehensive review of the agency's classification
guidance, to include reviewing information that is classified within
the agency, provide the results of such review to appropriate officials
outside the agency at the National Archives, and release an
unclassified version of the review to the public. Authorized holders of
classified information are also encouraged and expected to
``challenge'' classification determinations if they believe the
classification status is improper, and any individual or entity can
request any Federal agency to review classified information for
declassification, regardless of its age or origin, in accordance with
the Mandatory Declassification Review (MDR) process. Additional
information about the MDR process can be found on the National Archives
and Records Administration's MDR program page at https://www.archives.gov/isoo/training/mdr. In the interests of protecting
information critical to the Nation's defense, it is appropriate for the
DoD to properly classify and exempt such information from public
release under the Privacy Act so as to protect U.S. national security.
Having considered the public comments, the Department will implement
the rulemaking as proposed.
Additionally, DoD received one supportive, but non-substantive,
comment on the system of records notice (SORN) that published in the
Federal Register on January 6, 2021 (86 FR 526-529). The public comment
period for the SORN ended on February 5, 2021.
[[Page 72524]]
Background
In finalizing this rule, DoD exempts portions of the updated and
reissued DoD-0004 DRCED system of records from certain provisions of
the Privacy Act. DoD uses this system of records to automate financial
and business transactions, perform cost-management analysis, produce
oversight and audit reports, and provide critical data linking to
improve performance of mission objectives. This system of records
supports DoD in creating predictive analytic models based upon specific
data streams to equip decision makers with critical data necessary for
execution of fiscal and operational requirements. Some of the records
that are part of the DoD-0004 DRCED system of records may contain
classified national security information and disclosure of those
records to an individual may cause damage to national security. The
Privacy Act, pursuant to 5 U.S.C. 552a(k)(1), authorizes agencies to
claim an exemption for systems of records that contain information
properly classified pursuant to executive order. For this reason, DoD
has exempted portions of the DoD-0004 DRCED system of records from the
access and amendment requirements of the Privacy Act, pursuant to 5
U.S.C. 552a(k)(1), to prevent disclosure of any information properly
classified pursuant to executive order, including Executive Order
13526, as implemented by DoD Instruction 5200.01, ``DoD Information
Security Program and Protection of Sensitive Compartmented Information
(SCI)'' (available at https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/520001p.PDF?ver=cF1II-jcFGP6jfNrnTr8lQ%3d%3d); DoD
Manual (DoDM) 5200.01, Volume 1, ``DoD Information Security Program:
Overview, Classification, and Declassification'' (available at https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/520001m_vol1.pdf?ver=2020-08-04-092500-203); and DoDM 5200.01, Volume
3, ``DoD Information Security Program: Protection of Classified
Information'' (available at https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/520001m_vol3.pdf?ver=MJfVD-nRd2HTyLSzDse9VQ%3d%3d).
This rule will deny an individual access under the Privacy Act to
only those portions of records for which the claimed exemption applies.
In addition, records in the DoD-0004 DRCED system of records are only
exempt from the Privacy Act to the extent the purposes underlying the
exemption pertain to the record.
Regulatory Analysis
Executive Order 12866, ``Regulatory Planning and Review'' and Executive
Order 13563, ``Improving Regulation and Regulatory Review''
Executive Orders 12866 and 13563 direct agencies to assess all
costs and benefits of available regulatory alternatives and, if
regulation is necessary, to select regulatory approaches that maximize
net benefits (including potential economic, environmental, public
health and safety effects, distribute impacts, and equity). Executive
Order 13563 emphasizes the importance of quantifying both costs and
benefits, of reducing costs, of harmonizing rules, and of promoting
flexibility. It has been determined that this rule is not a significant
regulatory action.
Congressional Review Act
This rule is not a ``major rule'' as defined by 5 U.S.C. 804(2).
Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. Chapter 6)
The Assistant to the Secretary of Defense for Privacy, Civil
Liberties, and Transparency has certified that this Privacy Act rule
does not have significant economic impact on a substantial number of
small entities because they are concerned only with the administration
of Privacy Act systems of records within the DoD.
Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)
It has been determined that this rule does not impose additional
information collection requirements on the public under the Paperwork
Reduction Act of 1995 (44 U.S.C. 3501 et seq.).
Section 202, Public Law 104-4, ``Unfunded Mandates Reform Act''
It has been determined that this rule does not involve a Federal
mandate that may result in the expenditure by State, local and tribal
governments, in the aggregate, or by the private sector, of $100
million or more and that it will not significantly or uniquely affect
small governments.
Executive Order 13132, ``Federalism''
It has been determined that this rule does not have federalism
implications. This rule does not have substantial direct effects on the
States, on the relationship between the National Government and the
States, or on the distribution of power and responsibilities among the
various levels of government.
Executive Order 13175, ``Consultation and Coordination With Indian
Tribal Governments''
Executive Order 13175 establishes certain requirements that an
agency must meet when it promulgates a proposed rule (and subsequent
final rule) that imposes substantial direct compliance costs on one or
more Indian tribes, preempts tribal law, or effects the distribution of
power and responsibilities between the federal government and Indian
tribes. This rule will not have a substantial effect on Indian tribal
governments.
List of Subjects in 32 CFR Part 310
Privacy.
Accordingly, 32 CFR part 310 is amended as follows:
PART 310--[AMENDED]
0
1. The authority citation for 32 CFR part 310 continues to read as
follows:
Authority: 5 U.S.C. 552a.
0
2. Section 310.13 is amended by adding paragraph (e)(3) to read as
follows:
Sec. 310.13 Exemptions for DoD-wide systems.
* * * * *
(e) * * *
(3) System identifier and name. DoD-0004, ``Defense Repository for
Common Enterprise Data (DRCED).''
(i) Exemptions. This system of records is exempt from subsections 5
U.S.C. 552a(c)(3), (d)(1), (d)(2), (d)(3), and (d)(4) of the Privacy
Act.
(ii) Authority. 5 U.S.C. 552a(k)(1).
(iii) Exemption from the particular subsections. Exemption from the
particular subsections is justified for the following reasons:
(A) Subsection (c)(3) (accounting of disclosures). Because common
enterprise records may contain information properly classified pursuant
to executive order, the disclosure accountings of such records may also
contain information properly classified pursuant to executive order,
the disclosure of which may cause damage to national security.
(B) Subsections (d)(1), (2), (3), and (4) (record subject's right
to access and amend records). Access to and amendment of records by the
record subject could disclose information properly classified pursuant
to executive order. Disclosure of classified records to an individual
may cause damage to national security.
[[Page 72525]]
(iv) Exempt records from other systems. In addition, in the course
of carrying out the overall purpose for this system, exempt records
from other system of records may in turn become part of the records
maintained in this system. To the extent that copies of exempt records
from those other systems of records are maintained in this system, the
DoD claims the same exemptions for the records from those other systems
that are entered into this system, as claimed for the prior system(s)
of which they are a part, provided the reason for the exemption remains
valid and necessary.
* * * * *
Dated: December 16, 2021.
Aaron T. Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 2021-27706 Filed 12-21-21; 8:45 am]
BILLING CODE 5001-06-P