[Federal Register Volume 87, Number 97 (Thursday, May 19, 2022)]
[Rules and Regulations]
[Pages 30416-30418]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-10656]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

32 CFR Part 310

[Docket ID: DoD-2020-OS-0084]
RIN 0790-AK99


Privacy Act of 1974; Implementation

AGENCY: Office of the Secretary of Defense (OSD), Department of Defense 
(DoD).

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The DoD is issuing a final rule to amend its regulations to 
exempt portions of the DoD-0003, ``Mobilization Deployment Management 
Information System (MDMIS),'' system of records from certain provisions 
of the Privacy Act of 1974.

DATES: This rule is effective on June 21, 2022.

FOR FURTHER INFORMATION CONTACT: Ms. Rahwa Keleta, Privacy and Civil 
Liberties Division, Directorate for Privacy, Civil Liberties and 
Freedom of Information, Office of the Assistant to the Secretary of 
Defense for Privacy, Civil Liberties, and Transparency, Department of 
Defense, 4800 Mark Center Drive, Mailbox #24, Suite 08D09, Alexandria, 
VA 22350-1700; [email protected]; (703) 571-0070.

SUPPLEMENTARY INFORMATION:

Discussion of Comments and Changes

    In the notice of proposed rulemaking (NPRM), the proposed rule was 
to be published at 32 CFR 310.13(e)(3). DoD is now publishing this rule 
at 32 CFR 310.13(e)(9). The proposed rule published in the Federal 
Register on December 16, 2020 (85 FR 81438-81439). Comments were 
accepted for 60 days until February 16, 2021. One comment was received. 
Please see the summarized comment and the Department's response as 
follows:
    DoD received one substantive comment on the NPRM. The commenter 
voiced concern regarding the classification process within the DoD. 
Although this comment does not directly pertain to the Privacy Act and 
the exemption claimed for this SORN, to promote public understanding in 
this area, a description of the DoD classification process is provided 
in this preamble.
    Executive Order 13526 prescribes the framework for the Federal 
government (to include DoD) to classify national security information. 
Only DoD personnel who are delegated original classification authority 
in writing are authorized to review the DoD's information and make the 
initial decision that an item of information could reasonably be 
expected to cause identifiable or describable damage to the national 
security if it were disclosed to the public. Several oversight and 
compliance safeguarding mechanisms exist to ensure the process to 
classify information is appropriate.
    These existing safeguarding mechanisms include the following: 
Personnel authorized to make original classification determinations are 
required to receive training in proper classification, including the 
avoidance of over-classification, and declassification at least once a 
calendar year. Additionally, information may only be classified if it 
pertains to specific categories or subjects, including military plans, 
weapons systems, or operations and intelligence activities. 
Furthermore, agency heads must (on a periodic basis) complete a 
comprehensive review of the agency's classification guidance, to 
include reviewing information that is classified within the agency; 
provide the results of such review to appropriate officials outside the 
agency at the National Archives and Records Administration (NARA); and 
release an unclassified version of the review to the public. Authorized 
holders of classified information are also encouraged and expected to 
``challenge'' classification determinations if they believe the 
classification status is improper, and any individual or entity can 
request any Federal agency to review classified information for 
declassification, regardless of its age or origin, in accordance with 
the Mandatory Declassification Review (MDR) process. Additional 
information about the MDR process can be found on the NARA's MDR 
program page at https://www.archives.gov/isoo/training/mdr. In the 
interest of protecting information critical to the Nation's defense, it 
is appropriate for the DoD to properly classify and exempt such 
information from public release under the Privacy Act so as to protect 
U.S. national security.
    Having considered the public comment, the DoD will implement the 
rulemaking without any changes resulting from the comment. However, DoD 
will make one corrective edit to 32 CFR 310.13(e)(9)(iii)(A). In the 
prior NPRM, records in that paragraph were referenced as ``common 
enterprise records,'' a term that does not appear in the DoD-0003 
system of records notice nor necessarily apply to records in the MDMIS. 
The final rule removes this description and simply references ``records 
in this system.''

[[Page 30417]]

Background

    In finalizing this rule, DoD exempts portions of the updated and 
reissued DoD-0003 MDMIS system of records from certain provisions of 
the Privacy Act. DoD uses this system of records to automate financial 
and business transactions, perform cost-management analysis, produce 
oversight and audit reports, and provide critical data linking to 
improve performance of mission objectives. This system of records 
supports DoD in creating predictive analytic models based upon specific 
data streams to equip decision makers with critical data necessary for 
execution of fiscal and operational requirements. Some of the records 
that are part of the DoD-0003 MDMIS system of records may contain 
classified national security information and disclosure of those 
records to an individual may cause damage to national security. The 
Privacy Act, pursuant to 5 U.S.C. 552a(k)(1), authorizes agencies to 
claim an exemption for systems of records that contain information 
properly classified pursuant to executive order. For this reason, DoD 
has exempted portions of the DoD-0003 MDMIS system of records from the 
access and amendment requirements of the Privacy Act, pursuant to 5 
U.S.C. 552a(k)(1), to prevent disclosure of any information properly 
classified pursuant to executive order, including Executive Order 
13526, as implemented by DoD Instruction 5200.01 and DoD Manual 
5200.01, Volumes 1 and 3. This rule will deny an individual access 
under the Privacy Act to only those portions of records for which the 
claimed exemption applies. In addition, records in the DoD-0003 MDMIS 
system of records are only exempt from the Privacy Act to the extent 
the purposes underlying the exemption pertain to the record.

Regulatory Analysis

Executive Order 12866, ``Regulatory Planning and Review'' and Executive 
Order 13563, ``Improving Regulation and Regulatory Review''

    Executive Orders 12866 and 13563 direct agencies to assess all 
costs and benefits of available regulatory alternatives and, if 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health and safety effects, distribute impacts, and equity). Executive 
Order 13563 emphasizes the importance of quantifying both costs and 
benefits, of reducing costs, of harmonizing rules, and of promoting 
flexibility. It has been determined that this rule is not a significant 
regulatory action.

Congressional Review Act

    This rule is not a ``major rule'' as defined by 5 U.S.C. 804(2).

Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. Chapter 6)

    The Assistant to the Secretary of Defense for Privacy, Civil 
Liberties, and Transparency certified that this Privacy Act rule does 
not have significant economic impact on a substantial number of small 
entities because they are concerned only with the administration of 
Privacy Act systems of records within the DoD.

Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)

    It has been determined that this rule does not impose additional 
information collection requirements on the public under the Paperwork 
Reduction Act of 1995 (44 U.S.C. 3501 et seq.).

Section 202, Public Law 104-4, ``Unfunded Mandates Reform Act''

    It has been determined that this rule does not involve a Federal 
mandate that may result in the expenditure by State, local and tribal 
governments, in the aggregate, or by the private sector, of $100 
million or more and that it will not significantly or uniquely affect 
small governments.

Executive Order 13132, ``Federalism''

    It has been determined that this rule does not have federalism 
implications. This rule does not have substantial direct effects on the 
States, on the relationship between the National Government and the 
States, or on the distribution of power and responsibilities among the 
various levels of government.

Executive Order 13175, ``Consultation and Coordination With Indian 
Tribal Governments''

    Executive Order 13175 establishes certain requirements that an 
agency must meet when it promulgates a proposed rule (and subsequent 
final rule) that imposes substantial direct compliance costs on one or 
more Indian tribes, preempts tribal law, or effects the distribution of 
power and responsibilities between the federal government and Indian 
tribes. This rule will not have a substantial effect on Indian tribal 
governments.

List of Subjects in 32 CFR Part 310

    Privacy.

    Accordingly, 32 CFR part 310 is amended as follows:

PART 310--[AMENDED]

0
1. The authority citation for 32 CFR part 310 continues to read as 
follows:

    Authority:  5 U.S.C. 552a.


0
2. Section 310.13 is amended by adding reserved paragraphs (e)(7) and 
(8) and adding paragraph (e)(9) to read as follows:


Sec.  310.13  Exemptions for DoD-wide systems.

* * * * *
    (e) * * *
    (7)-(8) [Reserved]
    (9) System identifier and name. DoD-0003, ``Mobilization Deployment 
Management Information System (MDMIS).''
    (i) Exemptions. This system of records is exempt from subsections 5 
U.S.C. 552a(c)(3), (d)(1), (d)(2), (d)(3), and (d)(4) of the Privacy 
Act.
    (ii) Authority. 5 U.S.C. 552a(k)(1).
    (iii) Exemption from the particular subsections. Exemption from the 
particular subsections is justified for the following reasons:
    (A) Subsection (c)(3) (accounting of disclosures). Because records 
in this system may contain information properly classified pursuant to 
executive order, the disclosure accountings of such records may also 
contain information properly classified pursuant to executive order, 
the disclosure of which may cause damage to national security.
    (B) Subsections (d)(1), (2), (3), and (4) (record subject's right 
to access and amend records). Access to and amendment of records by the 
record subject could disclose information properly classified pursuant 
to executive order. Disclosure of classified records to an individual 
may cause damage to national security.
    (iv) Exempt records from other systems. In addition, in the course 
of carrying out the overall purpose for this system, exempt records 
from other system of records may in turn become part of the records 
maintained in this system. To the extent that copies of exempt records 
from those other systems of records are maintained in this system, the 
DoD claims the same exemptions for the records from those other systems 
that are entered into this system, as claimed for the prior system(s) 
of which they are a part, provided the reason for the exemption remains 
valid and necessary.


[[Page 30418]]


    Dated: May 11, 2022.
Aaron T. Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 2022-10656 Filed 5-18-22; 8:45 am]
BILLING CODE 5001-06-P