[Federal Register Volume 88, Number 78 (Monday, April 24, 2023)]
[Notices]
[Pages 24831-24835]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-08599]


-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

National Park Service

[DOI-2022-0014; PPWONRADD7/PPMRSNR1Y.NM0000]


Privacy Act of 1974; System of Records

AGENCY: National Park Service, Interior.

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Department of the Interior (DOI) is issuing a public 
notice of its intent to create the National Park Service (NPS) system 
of records, INTERIOR/NPS-26, Integrated Resource Management

[[Page 24832]]

Applications. This system consists of applications that manage and 
deliver resource information to parks, partners, and the public. This 
newly established system will be included in DOI's inventory of record 
systems.

DATES: This new system will be effective upon publication. New routine 
uses will be effective May 24, 2023. Submit comments on or before May 
24, 2023.

ADDRESSES: You may send comments identified by docket number [DOI-2022-
0014] by any of the following methods:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for sending comments.
     Email: [email protected]. Include docket number 
[DOI-2022-0014] in the subject line of the message.
     U.S. mail or hand-delivery: Teri Barnett, Departmental 
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, 
Room 7112, Washington, DC 20240.
    Instructions: All submissions received must include the agency name 
and docket number [DOI-2022-0014]. All comments received will be posted 
without change to https://www.regulations.gov, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Felix Uribe, Associate Privacy 
Officer, National Park Service, 12201 Sunrise Valley Drive, Reston, VA 
20192, [email protected] or (202) 354-6925.

SUPPLEMENTARY INFORMATION: 

I. Background

    NPS is establishing the INTERIOR/NPS-26, Integrated Resource 
Management Applications, system of records. The Integrated Resource 
Management Applications (IRMA) is a web-based ``one-stop'' solution 
that provides park resource-related tools, data and information, 
including reports and other documents, data sets, species lists, and 
visitor use statistics, to help NPS Resource Managers make informed 
resource management decisions and to share natural resource data and 
research with members of the public. IRMA allows NPS to streamline and 
simplify how park resource data are entered, managed, discovered, and 
shared, and enables individuals to participate in natural resource 
conservation and research activities of parks and protected areas 
managed by the NPS.
    IRMA subsystems allow users to find and download documents and 
datasets about natural and cultural resources in the parks; report and 
view invasive plant management data with the NPS system designed to 
standardize the collection of infestation and treatment data; enter and 
find Visual Resource Inventory records of scenic values and importance 
to NPS visitor experience and interpretive goals; get species lists 
with the occurrence and status of species in more than 300 NPS national 
parks; find species' common and scientific names, synonyms, and their 
associated taxonomic classification; retrieve comprehensive graphs, 
reports, and statistics on historic, current, or forecast park visitor 
use; search for names, codes, and affiliations of NPS units (parks, 
monuments, historic sites, regions, offices, etc.); and obtain 
interactive data driven reports for many NPS programs. Personally 
identifiable information (PII) may be collected from users conducting 
research or requesting information on park resources and preservation 
activities, authors of finalized documents, datasets and scientific 
products that are used to support natural resources research and 
reporting and to ensure proper citation of the authors, and from 
individuals reporting natural resources action(s) taken, such as an 
invasive species treatment or sampling collection. The information is 
used to support research and analysis of information to assess accuracy 
or determine need for further study and to facilitate communication 
between NPS and research partners and members of the public. To the 
extent permitted by law, information may be shared with Federal, state, 
local, and tribal agencies, and organizations as authorized and 
compatible with the purpose of this system, or when proper and 
necessary, consistent with the routine uses set forth in this system of 
records notice.
    This notice does not cover the Research Permit and Reporting System 
(RPRS) that is also hosted within IRMA. RPRS provides information to 
parks, partners, and the public on applications for scientific studies 
and field work conducted in parks associated with the NPS Scientific 
Research and Collecting Permit, which is covered under the INTERIOR/
NPS-25, Research Permit and Reporting System (RPRS), system of records 
notice (87 FR 33203, June 1, 2022).

II. Privacy Act

    The Privacy Act of 1974, as amended, embodies fair information 
practice principles in a statutory framework governing the means by 
which Federal agencies collect, maintain, use, and disseminate 
individuals' records. The Privacy Act applies to records about 
individuals that are maintained in a ``system of records.'' A ``system 
of records'' is a group of any records under the control of an agency 
from which information is retrieved by the name of an individual or by 
some identifying number, symbol, or other identifying particular 
assigned to the individual. The Privacy Act defines an individual as a 
United States citizen or lawful permanent resident. Individuals may 
request access to their own records that are maintained in a system of 
records in the possession or under the control of DOI by complying with 
DOI Privacy Act regulations at 43 CFR part 2, subpart K, and following 
the procedures outlined in the Records Access, Contesting Record, and 
Notification Procedures sections of this notice.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the existence and character of each 
system of records that the agency maintains and the routine uses of 
each system. The INTERIOR/NPS-26, Integrated Resource Management 
Applications, system of records notice is published in its entirety 
below. In accordance with 5 U.S.C. 552a(r), DOI has provided a report 
of this system of records to the Office of Management and Budget and to 
Congress.

III. Public Participation

    You should be aware your entire comment including your PII, such as 
your address, phone number, email address, or any other personal 
information in your comment, may be made publicly available at any 
time. While you may request to withhold your PII from public review, we 
cannot guarantee we will be able to do so.

SYSTEM NAME AND NUMBER:
    INTERIOR/NPS-26, Integrated Resource Management Applications.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    National Information Service Center, National Park Service, 12795 
West Alameda Parkway, Lakewood, CO 80228.

SYSTEM MANAGER(S):
    Data and Systems Officer, Natural Resource Stewardship and Science 
Directorate, Immediate Office of the Associate Director, National Park 
Service, 1201 Oakridge Drive, Suite 200, Fort Collins, CO 80525.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    54 U.S.C. 100101, Promotion and regulation; 54 U.S.C. 100701, 
Protection,

[[Page 24833]]

Interpretation, and Research in System; 54 U.S.C. 100704, Inventory and 
Monitoring Program; 54 U.S.C. 100705, Availability of System Units for 
Scientific Study; 54 U.S.C. 100707, Confidentiality of Information; 54 
U.S.C. 100751, Regulations; 36 CFR 1.6, Permits; 36 CFR 2.1, 
Preservation of Natural, Cultural and Archeological Resources; and 36 
CFR 2.5, Research Specimens.

 PURPOSE(S) OF THE SYSTEM:
    The primary purpose of the system is to streamline and simplify how 
park resource data are entered, managed, discovered, and shared. This 
data is representative of resource conditions and status of parks and 
protected areas managed by NPS. Project management and data workflows 
are also facilitated through the IRMA subsystems to ensure data and 
associated materials are available for resource management decisions.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by the system include DOI employees, 
contractors, and volunteers; other Federal, state, or local government 
agency employees; partners of NPS that are involved in projects; 
universities, tribal communities and members of the public providing 
resource information or involved in projects related to conservation 
planning and NPS resource management. This system contains records 
concerning corporations and other business entities, which are not 
subject to the Privacy Act. However, records pertaining to individuals 
acting on behalf of corporations and other business entities may 
reflect personal information.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system contains records describing or summarizing resource 
conditions in parks and protected areas managed by the NPS. Workflows 
established for decision-making or compliance with Federal rules and 
their associated documentation requirements are also moderated through 
IRMA applications. This data may include name, personal cell phone 
number and email address, mailing and home address, business email 
address, group or organizational affiliation, employment information, 
location information may be included with the first name and last name 
as incidental information regarding the geographic location of a 
specific action taken, such as the location of a study, invasive 
species treatment or sampling collection; and username, password, and 
answers to security questions for the creation and management of user 
accounts and to allow registered users to interact with NPS.

RECORD SOURCE CATEGORIES:
    Records in IRMA are obtained from DOI employees, contractors and 
volunteers, other Federal, state, tribal, local government agency 
employees, contractors and volunteers, partners of NPS that are 
involved in projects, members of the public, and other individuals 
involved with projects related to conservation planning NPS resource 
management.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DOI as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including Offices of the 
U.S. Attorneys, or other Federal agency conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is relevant or necessary to the litigation and one of the 
following is a party to the litigation or has an interest in such 
litigation:
    (1) DOI or any component of DOI;
    (2) Any other Federal agency appearing before the Office of 
Hearings and
    Appeals;
    (3) Any DOI employee or former employee acting in his or her 
official capacity;
    (4) Any DOI employee or former employee acting in his or her 
individual capacity when DOI or DOJ has agreed to represent that 
employee or pay for private representation of the employee; or
    (5) The United States Government or any agency thereof, when DOJ 
determines that DOI is likely to be affected by the proceeding.
    B. To a congressional office when requesting information on behalf 
of, and at the request of, the individual who is the subject of the 
record.
    C. To the Executive Office of the President in response to an 
inquiry from that office made at the request of the subject of a record 
or a third party on that person's behalf, or for a purpose compatible 
with the reason for which the records are collected or maintained.
    D. To any criminal, civil, or regulatory law enforcement authority 
(whether Federal, state, territorial, local, tribal or foreign) when a 
record, either alone or in conjunction with other information, 
indicates a violation or potential violation of law--criminal, civil, 
or regulatory in nature, and the disclosure is compatible with the 
purpose for which the records were compiled.
    E. To an official of another Federal agency to provide information 
needed in the performance of official duties related to reconciling or 
reconstructing data files or to enable that agency to respond to an 
inquiry by the individual to whom the record pertains.
    F. To Federal, state, territorial, local, tribal, or foreign 
agencies that have requested information relevant or necessary to the 
hiring, firing or retention of an employee or contractor, or the 
issuance of a security clearance, license, contract, grant or other 
benefit, when the disclosure is compatible with the purpose for which 
the records were compiled.
    G. To representatives of the National Archives and Records 
Administration (NARA) to conduct records management inspections under 
the authority of 44 U.S.C. 2904 and 2906.
    H. To state, territorial and local governments and tribal 
organizations to provide information needed in response to court order 
and/or discovery purposes related to litigation, when the disclosure is 
compatible with the purpose for which the records were compiled.
    I. To an expert, consultant, grantee, shared service provider, or 
contractor (including employees of the contractor) of DOI that performs 
services requiring access to these records on DOI's behalf to carry out 
the purposes of the system.
    J. To appropriate agencies, entities, and persons when:
    (1) DOI suspects or has confirmed that there has been a breach of 
the system of records;
    (2) DOI has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DOI (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and
    (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DOI's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    K. To another Federal agency or Federal entity, when DOI determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in:
    (1) responding to a suspected or confirmed breach; or

[[Page 24834]]

    (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    L. To the Office of Management and Budget (OMB) during the 
coordination and clearance process in connection with legislative 
affairs as mandated by OMB Circular A-19.
    M. To the Department of the Treasury to recover debts owed to the 
United States.
    N. To the news media and the public, with the approval of the 
Public Affairs Officer in consultation with counsel and the Senior 
Agency Official for Privacy, where there exists a legitimate public 
interest in the disclosure of the information, except to the extent it 
is determined that release of the specific information in the context 
of a particular case would constitute an unwarranted invasion of 
personal privacy.
    O. To authorized members of Federal, State, Local and Tribal 
agencies to share information on natural, cultural, and socioeconomic 
data such as species observations, research reports, environmental 
impact statements, mineral lands inventories and environmental and 
cultural compliance data for the purpose of supporting resource 
management decisions.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records are contained in computers, magnetic disks, 
computer tapes, removable drives, email, and electronic databases. 
Paper records are contained in file folders stored in file cabinets. 
Access is restricted through physical controls and system security 
practices.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records in this system can be retrieved by either querying within 
the application or generating a report. The information may be 
retrieved by various fields including name, personal email address, 
business contact information, and group or organizational affiliation.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained in accordance with the NPS Records Schedule, 
Resource Management and Lands (Item 1), which has been approved by NARA 
(Job No. N1-79-08-1). The disposition of Cultural and Natural Resource 
Management Program and Planning records, including applications for 
permits, permits and investigator annual reports, is permanent. 
Periodic transfer of special media and electronic records along with 
any finding aids or descriptive information (including linkage to the 
original file) and related documentation by calendar year are 
transmitted to NARA when 3 years old. Final transfer of all permanent 
records to NARA occurs 15 years after closure. Digital records will be 
transferred according to standards applicable at the time.
    The disposition of records with short-term operational value and 
not considered essential for ongoing management of land, cultural and 
natural resources is temporary, including account management records. 
These operational records are destroyed/deleted 15 years after closure. 
The disposition for routine housekeeping and supporting documentation 
is temporary and records are destroyed/deleted 3 years after closure. 
Detailed disposition procedures and processes are defined and published 
to internal system administration staff within the IRMA technical 
reference manuals.
    Workflows are in place to manage the disposition of permanent 
records in conformance with requisite retention schedules. Periodic 
transfer is accomplished through delivery of permanent special media 
and electronic records along with any finding aids or descriptive 
information (including linkage to the original file) and related 
documentation by calendar year to the NARA when 3 years old.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The records contained in this system are safeguarded in accordance 
with 43 CFR 2.226 and other applicable security and privacy rules and 
policies. Computer servers on which electronic records are stored are 
in secured DOI controlled facilities with physical, technical, and 
administrative levels of security to prevent unauthorized access to the 
DOI network and information assets. Access to the NPS data on the 
internal IRMA website address is limited to authorized NPS users. 
Access granted to authorized personnel is password-protected, and each 
person granted access to the system must be individually authorized to 
use the system. A Privacy Act Warning Notice appears on computer 
monitor screens when records containing information on individuals are 
first displayed. Data exchanged between the servers and the system is 
encrypted. Backup tapes are encrypted and stored in a locked and 
controlled room in a secure, off-site location.
    Computerized records systems follow the National Institute of 
Standards and Technology privacy and security standards as developed to 
comply with the Privacy Act of 1974, as amended, 5 U.S.C. 552a; 
Paperwork Reduction Act of 1995, 44 U.S.C. 3501 et seq.: Federal 
Information Security Modernization Act of 2014, 44 U.S.C. 3551 et seq.: 
and the Federal Information Processing Standards 199: Standards for 
Security Categorization of Federal Information and Information Systems. 
Database tables are kept on separate file servers away from general 
file storage and other local area network usage. The data itself is 
stored in a password-protected, client-server database. Electronic 
transmissions of records are encrypted, and password protected. 
Security measures establish access levels for different types of users. 
Security controls include user identification, passwords, database 
permissions, encryption, firewalls, audit logs, and network system 
security monitoring, and software controls.
    Access to records in the system is limited to authorized personnel 
who have a need to access the records in the performance of their 
official duties, and each user's access is restricted to only the 
functions and data necessary to perform that person's job 
responsibilities. System administrators and authorized users are 
trained and required to follow established internal security protocols 
and must complete all security, privacy, and records management 
training and sign the DOI Rules of Behavior. A Privacy Impact 
Assessment was conducted to ensure that Privacy Act requirements are 
met and appropriate privacy controls were implemented to safeguard the 
personally identifiable information contained in the system.

RECORD ACCESS PROCEDURES:
    An individual requesting access to their records should send a 
written inquiry to the applicable System Manager identified above. DOI 
forms and instructions for submitting a Privacy Act request may be 
obtained from the DOI Privacy Act Requests website at https://www.doi.gov/privacy/privacy-act-requests. The request must include a 
general description of the records sought and the requester's full 
name, current address, and sufficient identifying information such as 
date of birth or other information required for verification of the 
requestor's identity. The request must be signed and dated and be 
either notarized or submitted under penalty of perjury in accordance

[[Page 24835]]

with 28 U.S.C. 1746. Requests submitted by mail must be clearly marked 
``PRIVACY ACT REQUEST FOR ACCESS'' on both the envelope and letter. A 
request for access must meet the requirements of 43 CFR 2.238.

CONTESTING RECORD PROCEDURES:
    An individual requesting amendment of their records should send a 
written request to the applicable System Manager as identified above. 
DOI instructions for submitting a request for amendment of records are 
available on the DOI Privacy Act Requests website at https://www.doi.gov/privacy/privacy-act-requests. The request must clearly 
identify the records for which amendment is being sought, the reasons 
for requesting the amendment, and the proposed amendment to the record. 
The request must include the requester's full name, current address, 
and sufficient identifying information such as date of birth or other 
information required for verification of the requestor's identity. The 
request must be signed and dated and be either notarized or submitted 
under penalty of perjury in accordance with 28 U.S.C. 1746. Requests 
submitted by mail must be clearly marked ``PRIVACY ACT REQUEST FOR 
AMENDMENT'' on both the envelope and letter. A request for amendment 
must meet the requirements of 43 CFR 2.246.

NOTIFICATION PROCEDURES:
    An individual requesting notification of the existence of records 
about them should send a written inquiry to the applicable System 
Manager as identified above. DOI instructions for submitting a request 
for notification are available on the DOI Privacy Act Requests website 
at https://www.doi.gov/privacy/privacy-act-requests. The request must 
include a general description of the records and the requester's full 
name, current address, and sufficient identifying information such as 
date of birth or other information required for verification of the 
requestor's identity. The request must be signed and dated and be 
either notarized or submitted under penalty of perjury in accordance 
with 28 U.S.C. 1746. Requests submitted by mail must be clearly marked 
``PRIVACY ACT INQUIRY'' on both the envelope and letter. A request for 
notification must meet the requirements of 43 CFR 2.235.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

Teri Barnett,
Departmental Privacy Officer, Department of the Interior.
[FR Doc. 2023-08599 Filed 4-21-23; 8:45 am]
BILLING CODE 4312-52-P