[Federal Register Volume 88, Number 221 (Friday, November 17, 2023)]
[Proposed Rules]
[Pages 80220-80222]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-24668]


-----------------------------------------------------------------------

ENVIRONMENTAL PROTECTION AGENCY

40 CFR Part 16

[EPA-HQ-OMS-2019-0371; FRL-10082-03-OMS]


Privacy Act Regulations for EPA-83

AGENCY: Environmental Protection Agency (EPA).

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Environmental Protection Agency (EPA or Agency) is 
proposing to revise the Agency's Privacy Act regulations to exempt a 
system of records, EPA-83, the Personnel Security System (PSS) 2.0, 
from certain requirements of the Privacy Act because the system will 
contain information relevant to insider threat inquiries and background 
investigations. If such information is not kept confidential, it could 
jeopardize EPA or a referring agency's ability to conduct background 
investigations, insider threat inquiries, or any related inquiries. In 
the ``Rules and Regulations'' section of this Federal Register, EPA is 
simultaneously publishing the revision of the Agency's Privacy Act 
Regulations to include EPA-83 as a direct final rule without a prior 
proposed rule. If the Agency receives no adverse comment, it will not 
take further action on this proposed rule.

DATES: Comments must be received on or before December 18, 2023.

ADDRESSES: Submit your comments, identified by Docket ID No. EPA-HQ-
OMS-2019-0371, at https://www.regulations.gov/. Follow the online 
instructions for submitting comments. Once submitted, comments cannot 
be edited or removed from Regulations.gov. The EPA may publish any 
comment received to its public docket. Do not submit electronically any 
information you consider to be Confidential Business Information (CBI) 
or other information whose disclosure is restricted by statute. 
Multimedia submissions (audio, video, etc.) must be accompanied by a 
written comment. The written comment is considered the official comment 
and should include discussion of all points you wish to make. The EPA 
will generally not consider comments or comment contents located 
outside of the primary submission (i.e., on the web, cloud, or other 
file sharing system). For additional submission methods, the full EPA 
public comment policy, information about CBI or multimedia submissions, 
and general guidance on making effective comments, please visit https://www.epa.gov/dockets/commenting-epa-dockets.

FOR FURTHER INFORMATION CONTACT: John Goldsby, Personnel Security 
Branch, Environmental Protection Agency, William Jefferson Clinton 
North Building, Mail Code 3206A, 1200 Pennsylvania Avenue NW, 
Washington, DC 20460; telephone number: (202) 564-1569; email address: 
[email protected].

SUPPLEMENTARY INFORMATION:

I. Why is EPA issuing this proposed rule?

    The EPA proposes to revise the Agency's Privacy Act regulations in 
order to exempt a system of records, EPA-83, the Personnel Security 
System (PSS) 2.0, from certain requirements of the Privacy Act. The EPA 
has published a direct final rule exempting this system of records in 
the ``Rules and Regulations'' section of this Federal Register because 
it views this as a noncontroversial action and anticipates no adverse 
comment. EPA explains its reasons for the direct final rule in the 
preamble to that rule. If EPA receives no adverse comment, it will not 
take further action on this proposed rule. If EPA receives adverse 
comment, it will withdraw the direct final rule and the rule will not 
take effect. EPA will address public comments in any subsequent final 
rule based on this proposed rule. EPA does not intend to institute a 
second comment period on this action. Any parties interested in 
commenting must do so at this time. For further information, please see 
the information provided in the ADDRESSES section of this document.

II. General Information

    The EPA published a Privacy Act system of records notice for 
information collected and maintained in the Personnel Security System 
(PSS) 2.0 (85 FR 32380, May 29, 2020), and a Notice of a Modified 
System of Records concurrently with this proposed rule. PSS 2.0 
supports the Personnel Security Branch (PSB) with tracking the 
documentation associated with background investigations for Federal and 
non-Federal personnel working for EPA. PSS 2.0 contains investigatory 
material compiled for the purpose of determining suitability, 
eligibility, or qualifications for Federal civilian employment, Federal 
contracts, or access to classified information. Additionally, the PSB 
plans to update PSS 2.0 with a new module focused on providing the 
agency with insider threat inquiry management and coordination 
capabilities. The Insider Threat Program

[[Page 80221]]

module will contain information relevant to insider threat inquiries on 
cleared individuals with access to EPA resources, including facilities, 
information, equipment, networks, and systems. At a later date, and 
once relevant authorities are updated, the insider threat module will 
also contain information on uncleared individuals with access to EPA 
resources. Information maintained in the Insider Threat Program module 
may be directly collected by EPA's Office of Homeland Security (OHS) or 
may be obtained by OHS from law enforcement agencies or systems. 
Specifically, OHS will use the module to detect, deter, and mitigate 
potential insider threats before they harm national security. OHS will 
collect and maintain information in the module to identify potential 
insider threats, which may form the predicate of law enforcement 
investigations conducted by other law enforcement entities. Further, if 
an inquiry uncovers insider threat indicators, OHS may share relevant 
data from the module with authorized law enforcement organizations, 
like EPA's Office of Inspector General or the Federal Bureau of 
Investigation, for those organizations to conduct any necessary 
investigations.
    Pursuant to the Privacy Act, when information is maintained for the 
purpose of civil actions, the relevant provision of the Privacy Act is 
5 U.S.C. 552a(d)(5) which states ``nothing in this [Act] shall allow an 
individual access to any information compiled in reasonable 
anticipation of a civil action or proceeding.'' 5 U.S.C. 552a(d)(5).
    In addition, section (k)(2) of the Privacy Act provides that the 
head of an agency may promulgate regulations to exempt the system from 
certain provisions of the Act if the system ``is investigatory material 
compiled for law enforcement purposes, other than material within the 
scope of subsection (j)(2)'' of 5 U.S.C. 552a. Accordingly, EPA 
proposes to exempt all such records in the PSS 2.0 system (including 
certain background investigation records and records maintained in the 
Insider Threat module) from 5 U.S.C. 552a(c)(3); (d); and (e)(1);) for 
the following reasons:
    (1) From subsection 552a(c)(3), because making available to a named 
individual an accounting of disclosures of records concerning him/her/
them would alert the subjects of an investigation or inquiry to the 
existence of the investigation or inquiry. This could allow record 
subjects to impede the inquiry, e.g., destroy evidence, intimidate 
potential witnesses, or flee the area to avoid inquiries or 
apprehension by law enforcement personnel. Further, such a disclosure 
could reveal the identity of a confidential source and hamper the 
Agency's inquiry.
    (2) From subsection 552(d), which requires an agency to permit an 
individual to gain access to records pertaining to him/her/them, to 
request amendment to such records, to request a review of an agency 
decision not to amend such records, and to contest the information 
contained in such records. Granting requesters access to information 
compiled for insider threat inquiries, PSS 2.0 background investigation 
information compiled to investigate personnel/an applicant that is/
would be responsible for law enforcement and/or national security 
matters, or other PSS 2.0 information related to such insider threat 
inquiries or background investigations could inform the subject of an 
investigation/inquiry of an actual or potential criminal violation, of 
the existence of that investigation/inquiry, of the nature and scope of 
the information or evidence obtained as to their activities, and of the 
identity of confidential sources, witnesses, and law enforcement 
personnel. Such a disclosure could enable the subject to avoid 
detection or apprehension. Specifically, granting access to such 
information could seriously impede or compromise an investigation or 
inquiry; endanger the physical safety of confidential sources, 
witnesses, law enforcement personnel and their families; lead to the 
improper influencing of witnesses, the destruction of evidence, or the 
fabrication of testimony; and could disclose sensitive or confidential 
investigative techniques and procedures.
    (3) From subsections 552a(e)(1), which requires an agency to 
collect/maintain only information about an individual that is relevant 
and necessary to accomplish a purpose of the Agency, because the 
relevance of information obtained in the course of a background 
investigation or insider threat inquiry is not always known when 
collected. Material that may seem unrelated, or irrelevant when 
collected may take on added meaning or significance as the inquiry 
progresses. Also, it is appropriate to retain all information that may 
aid in establishing patterns of illegal or insider threat activity. 
Therefore, it would impede the inquiry process if it were necessary to 
assure the relevance of all information obtained at the time of 
collection.
    Additionally, pursuant to 5 U.S.C. 552a(k)(5), an individual's 
request for access to his or her or their record(s) may be exempt from 
specific access provisions of the Privacy Act where the information is 
investigatory material compiled solely for the purpose of determining 
suitability, eligibility, or qualifications for Federal civilian 
employment, military service, Federal contracts, or access to 
classified information if disclosure of such material would reveal the 
identity of a confidential source who furnished information to the 
Government under an express promise that the source's identity would be 
kept confidential. Under 5 U.S.C. 552a(k)(5), EPA is proposing to 
exempt such materials stored in PSS 2.0 from 5 U.S.C. 552(a)(c)(3) and 
(d) for the following reason(s):
    (1) From subsection 552a(c)(3), because an accounting of 
disclosures of records concerning the record subject may contain 
information about the identity of a confidential source, and if the 
Agency was required to disclose this information to the record subject, 
such a disclosure would reveal the identity of the confidential source, 
endangering the physical safety of the confidential source. Further, 
such a disclosure could allow record subjects to impede a background 
investigation or insider threat inquiry by contacting and intimidating 
confidential sources and those that are potential witnesses.
    (2) From subsection 552a(d), which requires an agency to permit an 
individual to gain access to records pertaining to him/her/them, to 
request amendment to such records, to request a review of an agency 
decision not to amend such records, and to contest the information 
contained in such records. Granting such access could cause the 
identity of a confidential source to be revealed, endangering the 
physical safety of the confidential source, and could impair the 
ability of the EPA to compile, in the future, investigatory material 
for the purpose of determining suitability, eligibility, or 
qualifications for Federal civilian employment, Federal contracts, or 
access to classified information.

III. Statutory and Executive Order Reviews

    Additional information about these statutes and Executive orders 
can be found at https://www.epa.gov/laws-regulations/laws-and-executive-orders.

A. Executive Order 12866: Regulatory Planning and Review, and Executive 
Order 13563: Improving Regulation and Regulatory Review

    This action is being submitted to the Office of Management and 
Budget (OMB) for review.

[[Page 80222]]

B. Paperwork Reduction Act (PRA)

    This action does not impose an information collection burden under 
the PRA. This action contains no provisions constituting a collection 
of information under the PRA.

C. Regulatory Flexibility Act (RFA)

    I certify that this action will not have a significant economic 
impact on a substantial number of small entities under the RFA. This 
action will not impose any requirements on small entities.

D. Unfunded Mandates Reform Act (UMRA)

    This action does not contain any unfunded mandate as described in 
UMRA, 2 U.S.C. 1531-1538, and does not significantly or uniquely affect 
small governments.

E. Executive Order 13132 (Federalism)

    This action does not have federalism implications. It will not have 
substantial direct effects on the states, on the relationship between 
the National Government and the states, or on the distribution of power 
and responsibilities among the various levels of government.

F. Executive Order 13175: Consultation and Coordination With Indian 
Tribal Governments

    This action does not have tribal implications as specified in 
Executive Order 13175. Thus, Executive Order 13175 does not apply to 
this action.

G. Executive Order 13045: Protection of Children From Environmental 
Health Risks and Safety Risks

    The EPA interprets Executive Order 13045 as applying only to those 
regulatory actions that concern environmental health or safety risks 
that the EPA has reason to believe may disproportionately affect 
children, per the definition of ``covered regulatory action'' in 
section 2-202 of the Executive order. This action is not subject to 
Executive Order 13045 because it does not concern an environmental 
health risk or safety risk.

H. Executive Order 13211: Actions Concerning Regulations That 
Significantly Affect Energy Supply, Distribution, or Use

    This action is not subject to Executive Order 13211, because it is 
not a significant regulatory action under Executive Order 12866.

I. National Technology Transfer and Advancement Act

    This rulemaking does not involve technical standards.

J. Executive Order 12898: Federal Actions To Address Environmental 
Justice in Minority Populations and Low-Income Populations

    The EPA believes that this action does not have disproportionately 
high and adverse human health or environmental effects on minority 
populations, low-income populations and/or indigenous peoples, as 
specified in Executive Order 12898 (59 FR 7629, February 16, 1994).

List of Subjects in 40 CFR Part 16

    Environmental protection, Administrative practice and procedure, 
Confidential business information, Government employees, Privacy.

Kimberly Y. Patrick,
Principal Deputy Assistant Administrator, Office of Mission Support.

    For the reasons stated in the preamble, title 40, chapter I, part 
16 of the Code of Federal Regulations is proposed to be amended as 
follows:

PART 16--IMPLEMENTATION OF PRIVACY ACT OF 1974

0
1. The authority citation for part 16 continues to read as follows:

    Authority: 5 U.S.C. 301, 552a (as revised).

0
2. Amend Sec.  16.12 by:
0
a. Revising paragraphs (a)(1), (a)(4)(i), (a)(5) introductory text, and 
(b)(1);
0
b. Adding paragraph (b)(4)(iii); and
0
c. Revising paragraph (b)(5) introductory text.
    The revisions and addition read as follows:


 Sec.  16.12  Specific exemptions.

    (a) * * *
    (1) Systems of records affected. (i) EPA-17 Online Criminal 
Enforcement Activities Network (OCEAN).
    (ii) EPA-21 External Compliance Case Tracking System (EXCATS).
    (iii) EPA-30 Inspector General Enterprise Management System (IGEMS) 
Hotline Module.
    (iv) EPA-40 Inspector General Enterprise Management System (IGEMS) 
Investigative Module.
    (v) EPA-63 eDiscovery Enterprise Tool Suite.
    (vi) EPA-79 NEIC Master Tracking System.
    (vii) EPA-100 OIG Data Analytics Enterprise.
    (viii) EPA-83 Personnel Security System (PSS) 2.0.
* * * * *
    (4) * * *
    (i) EPA systems of records 17, 30, 40, 63, 79, and 100 are exempted 
from the following provisions of the PA, subject to the limitations set 
forth in 5 U.S.C. 552a(k)(2): 5 U.S.C. 552a(c)(3); (d); and (e)(1). EPA 
system of records 21 is exempt from the following provisions of the PA, 
subject to limitations set forth in 5 U.S.C. 552a(k)(2): 5 U.S.C 
552a(c)(3), (d), and (e)(1). EPA system of records 83 is exempt from 
the following provisions of the PA, subject to the limitations set 
forth in 5 U.S.C. 552a(k)(2): 5 U.S.C. 552a(c)(3); (d); and (e)(1).
* * * * *
    (5) Reasons for exemption. EPA systems of records 17, 21, 30, 40, 
63, 79, 83, and 100 are exempted from the provisions of the PA in 
paragraph (a)(4) of this section for the following reasons:
* * * * *
    (b) * * *
    (1) Systems of records affected. (i) EPA 36 Research Grant, 
Cooperative Agreement, and Fellowship Application Files.
    (ii) EPA 40 Inspector General Enterprise Management System (IGEMS) 
Investigative Module.
    (iii) EPA 83 Personnel Security System (PSS) 2.0.
    (iv) EPA 100 OIG Data Analytics Enterprise.
* * * * *
    (4) * * *
    (iii) EPA 83 is exempted from the following provisions of the PA, 
subject to the limitations of 5 U.S.C. 552(a)(k)(5): 5 U.S.C. 
552a(c)(3), and (d).
* * * * *
    (5) Reasons for exemption. EPA 36, 40, 83, and 100 are exempted 
from the above provisions of the PA for the following reasons:
* * * * *

[FR Doc. 2023-24668 Filed 11-16-23; 8:45 am]
BILLING CODE 6560-50-P