[Federal Register Volume 87, Number 105 (Wednesday, June 1, 2022)]
[Notices]
[Pages 33203-33206]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-11394]


-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

National Park Service

[DOI-2022-0005; PPWONRADD7/PPMRSNR1Y.NM0000]


Privacy Act of 1974; System of Records

AGENCY: National Park Service, Interior.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Department of the Interior (DOI) is issuing a public 
notice of its intent to create the National Park Service (NPS) Privacy 
Act system of records, INTERIOR/NPS-25, Research Permit and Reporting 
System (RPRS). This system is a service-wide, internet-based system 
which supports the application, permitting, and reporting processes 
associated with the NPS Scientific Research and Collecting Permit. The 
newly established system will be included in DOI's inventory of record 
systems.

DATES: This new system will be effective upon publication. New routine 
uses will be effective July 1, 2022. Submit comments on or before July 
1, 2022.

ADDRESSES: You may send comments identified by docket number [DOI-2022-
0005] by any of the following methods:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for sending comments.
     Email: [email protected]. Include docket number 
[DOI-2022-0005] in the subject line of the message.
     U.S. mail or hand-delivery: Teri Barnett, Departmental 
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, 
Room 7112, Washington, DC 20240.
    Instructions: All submissions received must include the agency name 
and docket number [DOI-2022-0005]. All comments received will be posted 
without change to http://www.regulations.gov, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Felix Uribe, Associate Privacy 
Officer, National Park Service, 12201 Sunrise Valley Drive, Reston, VA 
20192, [email protected] or 202-354-6925.

SUPPLEMENTARY INFORMATION:

I. Background

    The NPS Office of Natural Resource Information Systems is 
establishing the INTERIOR/NPS-25, Research Permit and Reporting System 
(RPRS), system of records. The purpose of the system is to provide a 
service-wide, internet-based system that supports the application, 
permitting, and reporting processes associated with the NPS Scientific 
Research and Collecting Permit. RPRS is a single data system that is 
served through a central internet website and is hosted within the NPS 
Integrated Resource Management Application, which provides resource 
information to parks, partners, and the public. The website enables (1) 
members of the public to review synopses of the objectives and findings 
of scientific studies conducted in parks and the types of scientific 
activities park managers are most interested in attracting; (2) 
potential investigators to apply and review applications requirements 
and field work restrictions before applying for permission to conduct a 
study within a specific unit or units of the NPS; and (3) investigators 
to provide the required annual Investigator's Annual Report. 
Information in this system may be shared with individuals who conduct 
scientific research and collecting activities within the National Park 
System units and members of the public that are interested in learning 
about scientific research within the park units. To the extent 
permitted by law, information may be shared with Federal, state, local, 
and tribal agencies, and organizations as authorized and compatible 
with the purpose of this system, or when proper and necessary, 
consistent with the routine uses set forth in this system of records 
notice.

II. Privacy Act

    The Privacy Act of 1974, as amended, embodies fair information 
practice principles in a statutory framework governing the means by 
which Federal agencies collect, maintain, use, and disseminate 
individuals' records. The Privacy Act applies to records about 
individuals that are maintained in a ``system of records.'' A ``system 
of records'' is a group of any records under the control of an agency 
from which information is retrieved by the name of an individual or by 
some identifying number, symbol, or other identifying

[[Page 33204]]

particular assigned to the individual. The Privacy Act defines an 
individual as a United States citizen or lawful permanent resident. 
Individuals may request access to their own records that are maintained 
in a system of records in the possession or under the control of DOI by 
complying with DOI Privacy Act regulations at 43 CFR part 2, subpart K, 
and following the procedures outlined in the Records Access, Contesting 
Record, and Notification Procedures sections of this notice.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the existence and character of each 
system of records that the agency maintains, and the routine uses of 
each system. The INTERIOR/NPS-25, Research Permit and Reporting System 
(RPRS), system of records notice is published in its entirety below. In 
accordance with 5 U.S.C. 552a(r), DOI has provided a report of this 
system of records to the Office of Management and Budget and to 
Congress.

III. Public Participation

    You should be aware your entire comment including your personally 
identifiable information, such as your address, phone number, email 
address, or any other personal information in your comment, may be made 
publicly available at any time. While you may request to withhold your 
personally identifiable information from public review, we cannot 
guarantee we will be able to do so.
SYSTEM NAME AND NUMBER:
    INTERIOR/NPS-25, Research Permit and Reporting System (RPRS).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Natural Resource Stewardship and Science, Office of Natural 
Resource Information Systems, National Park Service, 1201 Oakridge 
Drive, Fort Collins, CO 80525.

SYSTEM MANAGER(S):
    System Manager, Natural Resource Stewardship and Science, Office of 
Natural Resources Information Systems, National Park Service, 1849 C 
Street NW, Room 2649, Washington, DC 20240.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    54 U.S.C. 100101, National Park Service Organic Act; 54 U.S.C., 
Rules and Regulations of National Parks, Reservations, and Monuments; 
Section 100705--54 U.S.C. 100701-100707, National Parks Omnibus 
Management Act.

PURPOSE(S) OF THE SYSTEM:
    The purpose of the RPRS system is to support the application, 
permitting, and reporting processes associated with the NPS Scientific 
Research and Collecting Permit. The system enables members of the 
public to review synopses of the objectives and findings of permitted 
scientific studies conducted previously in parks, and search and review 
the types of scientific activities park managers are most interested in 
attracting; potential investigators to apply for permission to conduct 
natural or social science studies within a specific unit of the NPS 
System and to review permit application requirements and field work 
restrictions before applying for permission to conduct a study; and 
investigators granted permission to conduct studies within parks to 
more easily provide the Investigator's Annual Report.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by the system include:
    (1) Persons who have submitted information in conjunction with 
applying for a
    permit to conduct scientific research and collecting permits within 
units of the National Park System.
    (2) Principal Investigators. The applicant who is a recipient of an 
NPS Scientific Research and Collecting Permit is considered the 
Principal Investigator for the permitted study.
    (3) Persons identified as Co-investigators by the applicant within 
the RPRS application, by the permittee in the RPRS Investigator's 
Annual Report, or in the NPS Scientific Research and Collecting Permit 
by the park which issues the permit.
    (4) NPS staff and contractors conducting scientific research within 
units of the National Park System.
    (5) NPS staff, including Park Research Coordinators who administer 
park accounts within the RPRS; Superintendents and Curators of parks 
with RPRS accounts; and park staff responsible for recommending the 
approval of permit requests.

 CATEGORIES OF RECORDS IN THE SYSTEM:
    The categories of the records in the system include:
    (1) Park Profile Records. The purpose of these records is to 
provide information to facilitate interactions between persons applying 
for or holding an NPS Scientific Research and Collecting Permit and 
park staff. Park research contact information consists of names of NPS 
staff or contractors who administer scientific research within park 
units, and the titles and names of the associated Park Superintendent, 
Park Personnel Recommending Permit Approvals, Park Personnel Approving 
Permits, Park Curator name and email address, and Park Research 
Coordinator contact information including name, business address, 
business fax number, business phone number, and business email address.
    (2) Investigator Profile Records. Information in the records 
include Investigator name, business phone, alternate phone, business 
fax, business address, business email address, professional 
affiliation, and username, password and other information to create an 
investigator account and authenticate users' access to their records 
within RPRS.
    (3) Application Records. This information is provided by the 
applicant and is required for a park to review and process the 
application for a Scientific Research and Collecting Permit. 
Information includes proposed collections, proposed disposition of 
collections, including name and business contact information of non-NPS 
repositories when an applicant proposes to have collections loaned to a 
non-NPS repository; name, business phone and business email of co-
investigators; and other information about the proposed activity for 
the park to review the application. Additionally, Investigator Profile 
contact information is entered into the applicant's first application 
and automatically ported from the profile contact information into the 
on-line application form when the same applicant subsequently submits 
new applications. This data consists of business phone number, 
alternate business or personal phone number, business fax number, 
business address, and business email address.
    (4) Scientific Research and Collecting Permit Records. These 
records contain profile and contact information on investigators and 
co-investigators that include name, business phone, business email 
address, and business institution; Investigator's Annual Report Records 
that include investigators' and co-investigators' name, business email 
address, business phone, and business address; and information, such as 
educational background, qualifications or other information provided by 
investigators during the application process or in correspondence with 
park staff.
    (5) Field Visit Records. These records contain name of persons 
conducting a field visit on the permitted scientific research 
activities within the park, business phone number, vehicle description 
including license plate

[[Page 33205]]

number if a vehicle is used to access the park, location of field 
visit, length of field visit, and temporary place of residence during a 
field visit to the park.

RECORD SOURCE CATEGORIES:
    Information in the RPRS comes primarily from members of the public 
applying for a Scientific Research and Collecting Permit, permittees 
submitting required Investigator's Annual Reports, investigator profile 
records, and park profile records created by the park staff.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DOI as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including Offices of the 
U.S. Attorneys, or other Federal agency conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is relevant or necessary to the litigation and one of the 
following is a party to the litigation or has an interest in such 
litigation:
    (1) DOI or any component of DOI;
    (2) Any other Federal agency appearing before the Office of 
Hearings and Appeals;
    (3) Any DOI employee or former employee acting in his or her 
official capacity;
    (4) Any DOI employee or former employee acting in his or her 
individual capacity when DOI or DOJ has agreed to represent that 
employee or pay for private representation of the employee; or
    (5) The United States Government or any agency thereof, when DOJ 
determines that DOI is likely to be affected by the proceeding.
    B. To a congressional office when requesting information on behalf 
of, and at the request of, the individual who is the subject of the 
record.
    C. To the Executive Office of the President in response to an 
inquiry from that office made at the request of the subject of a record 
or a third party on that person's behalf, or for a purpose compatible 
with the reason for which the records are collected or maintained.
    D. To any criminal, civil, or regulatory law enforcement authority 
(whether Federal, state, territorial, local, tribal or foreign) when a 
record, either alone or in conjunction with other information, 
indicates a violation or potential violation of law--criminal, civil, 
or regulatory in nature, and the disclosure is compatible with the 
purpose for which the records were compiled.
    E. To an official of another Federal agency to provide information 
needed in the performance of official duties related to reconciling or 
reconstructing data files or to enable that agency to respond to an 
inquiry by the individual to whom the record pertains.
    F. To Federal, state, territorial, local, tribal, or foreign 
agencies that have requested information relevant or necessary to the 
hiring, firing or retention of an employee or contractor, or the 
issuance of a security clearance, license, contract, grant or other 
benefit, when the disclosure is compatible with the purpose for which 
the records were compiled.
    G. To representatives of the National Archives and Records 
Administration (NARA) to conduct records management inspections under 
the authority of 44 U.S.C. 2904 and 2906.
    H. To state, territorial and local governments and tribal 
organizations to provide information needed in response to court order 
and/or discovery purposes related to litigation, when the disclosure is 
compatible with the purpose for which the records were compiled.
    I. To an expert, consultant, grantee, or contractor (including 
employees of the contractor) of DOI that performs services requiring 
access to these records on DOI's behalf to carry out the purposes of 
the system.
    J. To appropriate agencies, entities, and persons when:
    (1) DOI suspects or has confirmed that there has been a breach of 
the system of records;
    (2) DOI has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DOI (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and
    (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DOI's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    K. To another Federal agency or Federal entity, when DOI determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in:
    (1) Responding to a suspected or confirmed breach; or
    (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    L. To the Office of Management and Budget (OMB) during the 
coordination and clearance process in connection with legislative 
affairs as mandated by OMB Circular A-19.
    M. To the Department of the Treasury to recover debts owed to the 
United States.
    N. To the news media and the public, with the approval of the 
Public Affairs Officer in consultation with counsel and the Senior 
Agency Official for Privacy, where there exists a legitimate public 
interest in the disclosure of the information, except to the extent it 
is determined that release of the specific information in the context 
of a particular case would constitute an unwarranted invasion of 
personal privacy.
    O. To members of the public to provide park contact information to 
facilitate communication with persons interested in conducting 
scientific research activities and to provide access to published 
Investigator's Annual Reports for the purpose of learning about 
scientific research in NPS units.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    RPRS records reside on servers located in secure server rooms and 
are accessed only by authorized personnel pursuant to Departmental 
privacy policies and procedures. A quarterly copy of the RPRS data 
backup is stored in a permanent repository. Paper copies of RPRS 
records may be contained in the NPS Washington, regional, field and 
park offices and stored in file cabinets. NPS park offices may access, 
retrieve, and store a copy of the RPRS data within the individual park.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information from the RPRS is retrievable by names of Investigators 
who are Applicant/Permit holders, co-investigators; business contact 
information of the individual (i.e., email address, phone number); 
application number or title; permit number, study title, subject or 
type of study, study number; and Investigator's Annual Report permit 
number or study title and investigator's name.
    NPS staff and contractors who are on the NPS network may query RPRS 
application, permit and Investigator's Annual Report data, and park 
profile data. The public access is limited to park profile data and 
Investigator's Annual Report data. In addition, members of the public 
who have

[[Page 33206]]

entered a park profile into the system may review their own profile 
data.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system are retained in accordance with the NPS 
Records Schedule for Resource Management and Lands (Item 1), which has 
been approved by NARA (Job No. N1-79-08-1) for records documenting the 
acquisition, planning, management, and protection of lands and natural 
and cultural resources under the stewardship of NPS. The disposition of 
the RPRS data set has a permanent retention.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Access to records in the RPRS system is limited to authorized 
personnel who have a need to access the records in the performance of 
their official duties, and each user's access is restricted to only the 
functions and data necessary to perform that person's job 
responsibilities. System administrators and authorized users are 
trained and required to follow established internal security protocols 
and must complete all security, privacy, and records management 
training and sign the DOI Rules of Behavior.
    The records contained in this system are safeguarded in accordance 
with 43 CFR 2.226 and other applicable security and privacy rules and 
policies. During normal hours of operation, paper records are 
maintained in locked file cabinets under the control of authorized 
personnel. Computer servers on which RPRS electronic records are stored 
are in a secured DOI controlled facility with physical, technical, and 
administrative levels of security to prevent unauthorized access to the 
DOI network and information assets. The electronic data are protected 
through techniques of user identification, passwords, database 
permissions and software controls. These security measures include 
establishing different access levels for different types of users. 
Backup tapes are encrypted and stored in a locked and controlled room 
in a secure, off-site location.
    Computerized records systems follow the National Institute of 
Standards and Technology privacy and security standards as developed to 
comply with the Privacy Act of 1974, as amended, 5 U.S.C. 552a; 
Paperwork Reduction Act of 1995, 44 U.S.C. 3501 et seq.; Federal 
Information Security Modernization Act of 2014, 44 U.S.C. 3551 et seq.; 
and the Federal Information Processing Standards 199: Standards for 
Security Categorization of Federal Information and Information Systems. 
Security controls include user identification, passwords, database 
permissions, encryption, firewalls, audit logs, and network system 
security monitoring, and software controls.
    Investigator's Annual Report submissions are checked in and 
reviewed to prevent disclosure of content that may impact park 
resources and operations. Access to NPS specific permissions in the 
RPRS are limited to authorized NPS users. NPS security features 
restricted access to that data which is identified as not suitable for 
public access to NPS employees and authorized NPS contractors.
    NPS staff are provided permission to view all RPRS data except for 
unpublished Investigator's Annual Reports. Park account data is limited 
to that data which relates to a single unit of the National Park System 
(i.e., park profile information, applications submitted to the unit, 
permits issued by the unit, Investigator's Annual Reports related to 
permits issued by the unit, unit specific administrative data). Access 
to park accounts is limited to persons designated by the Park 
Superintendent. Administrative accounts provide permissions to 
administrate park account data as appropriate for the administrator's 
role of providing permissions to authorized individuals, and access to 
query or process the service-wide data. RPRS provides a help desk to 
disseminate information on security and privacy policies applicable to 
RPRS. NPS staffs are required to take an annual training session on 
privacy and records management and an annual training session on 
security. A Privacy Impact Assessment was conducted to ensure that 
Privacy Act requirements are met and appropriate privacy controls were 
implemented to safeguard the personally identifiable information 
contained in the system.

RECORD ACCESS PROCEDURES:
    An individual requesting records on himself or herself should send 
a signed, written inquiry to the applicable System Manager identified 
above. The request must include the specific bureau or office that 
maintains the record to facilitate location of the applicable records. 
The request envelope and letter should both be clearly marked ``PRIVACY 
ACT REQUEST FOR ACCESS.'' A request for access must meet the 
requirements of 43 CFR 2.238.

CONTESTING RECORD PROCEDURES:
    An individual requesting corrections or the removal of material 
from his or her records should send a signed, written request to the 
applicable System Manager as identified above. The request must include 
the specific bureau or office that maintains the record to facilitate 
location of the applicable records. A request for corrections or 
removal must meet the requirements of 43 CFR 2.246.

NOTIFICATION PROCEDURES:
    An individual requesting notification of the existence of records 
on himself or herself should send a signed, written inquiry to the 
applicable System Manager as identified above. The request must include 
the specific bureau or office that maintains the record to facilitate 
location of the applicable records. The request envelope and letter 
should both be clearly marked ``PRIVACY ACT INQUIRY.'' A request for 
notification must meet the requirements of 43 CFR 2.235.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Teri Barnett,
Departmental Privacy Officer, Department of the Interior.
[FR Doc. 2022-11394 Filed 5-31-22; 8:45 am]
BILLING CODE 4312-52-P