[Federal Register Volume 88, Number 221 (Friday, November 17, 2023)]
[Proposed Rules]
[Pages 80220-80222]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-24668]
-----------------------------------------------------------------------
ENVIRONMENTAL PROTECTION AGENCY
40 CFR Part 16
[EPA-HQ-OMS-2019-0371; FRL-10082-03-OMS]
Privacy Act Regulations for EPA-83
AGENCY: Environmental Protection Agency (EPA).
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: The Environmental Protection Agency (EPA or Agency) is
proposing to revise the Agency's Privacy Act regulations to exempt a
system of records, EPA-83, the Personnel Security System (PSS) 2.0,
from certain requirements of the Privacy Act because the system will
contain information relevant to insider threat inquiries and background
investigations. If such information is not kept confidential, it could
jeopardize EPA or a referring agency's ability to conduct background
investigations, insider threat inquiries, or any related inquiries. In
the ``Rules and Regulations'' section of this Federal Register, EPA is
simultaneously publishing the revision of the Agency's Privacy Act
Regulations to include EPA-83 as a direct final rule without a prior
proposed rule. If the Agency receives no adverse comment, it will not
take further action on this proposed rule.
DATES: Comments must be received on or before December 18, 2023.
ADDRESSES: Submit your comments, identified by Docket ID No. EPA-HQ-
OMS-2019-0371, at https://www.regulations.gov/. Follow the online
instructions for submitting comments. Once submitted, comments cannot
be edited or removed from Regulations.gov. The EPA may publish any
comment received to its public docket. Do not submit electronically any
information you consider to be Confidential Business Information (CBI)
or other information whose disclosure is restricted by statute.
Multimedia submissions (audio, video, etc.) must be accompanied by a
written comment. The written comment is considered the official comment
and should include discussion of all points you wish to make. The EPA
will generally not consider comments or comment contents located
outside of the primary submission (i.e., on the web, cloud, or other
file sharing system). For additional submission methods, the full EPA
public comment policy, information about CBI or multimedia submissions,
and general guidance on making effective comments, please visit https://www.epa.gov/dockets/commenting-epa-dockets.
FOR FURTHER INFORMATION CONTACT: John Goldsby, Personnel Security
Branch, Environmental Protection Agency, William Jefferson Clinton
North Building, Mail Code 3206A, 1200 Pennsylvania Avenue NW,
Washington, DC 20460; telephone number: (202) 564-1569; email address:
[email protected].
SUPPLEMENTARY INFORMATION:
I. Why is EPA issuing this proposed rule?
The EPA proposes to revise the Agency's Privacy Act regulations in
order to exempt a system of records, EPA-83, the Personnel Security
System (PSS) 2.0, from certain requirements of the Privacy Act. The EPA
has published a direct final rule exempting this system of records in
the ``Rules and Regulations'' section of this Federal Register because
it views this as a noncontroversial action and anticipates no adverse
comment. EPA explains its reasons for the direct final rule in the
preamble to that rule. If EPA receives no adverse comment, it will not
take further action on this proposed rule. If EPA receives adverse
comment, it will withdraw the direct final rule and the rule will not
take effect. EPA will address public comments in any subsequent final
rule based on this proposed rule. EPA does not intend to institute a
second comment period on this action. Any parties interested in
commenting must do so at this time. For further information, please see
the information provided in the ADDRESSES section of this document.
II. General Information
The EPA published a Privacy Act system of records notice for
information collected and maintained in the Personnel Security System
(PSS) 2.0 (85 FR 32380, May 29, 2020), and a Notice of a Modified
System of Records concurrently with this proposed rule. PSS 2.0
supports the Personnel Security Branch (PSB) with tracking the
documentation associated with background investigations for Federal and
non-Federal personnel working for EPA. PSS 2.0 contains investigatory
material compiled for the purpose of determining suitability,
eligibility, or qualifications for Federal civilian employment, Federal
contracts, or access to classified information. Additionally, the PSB
plans to update PSS 2.0 with a new module focused on providing the
agency with insider threat inquiry management and coordination
capabilities. The Insider Threat Program
[[Page 80221]]
module will contain information relevant to insider threat inquiries on
cleared individuals with access to EPA resources, including facilities,
information, equipment, networks, and systems. At a later date, and
once relevant authorities are updated, the insider threat module will
also contain information on uncleared individuals with access to EPA
resources. Information maintained in the Insider Threat Program module
may be directly collected by EPA's Office of Homeland Security (OHS) or
may be obtained by OHS from law enforcement agencies or systems.
Specifically, OHS will use the module to detect, deter, and mitigate
potential insider threats before they harm national security. OHS will
collect and maintain information in the module to identify potential
insider threats, which may form the predicate of law enforcement
investigations conducted by other law enforcement entities. Further, if
an inquiry uncovers insider threat indicators, OHS may share relevant
data from the module with authorized law enforcement organizations,
like EPA's Office of Inspector General or the Federal Bureau of
Investigation, for those organizations to conduct any necessary
investigations.
Pursuant to the Privacy Act, when information is maintained for the
purpose of civil actions, the relevant provision of the Privacy Act is
5 U.S.C. 552a(d)(5) which states ``nothing in this [Act] shall allow an
individual access to any information compiled in reasonable
anticipation of a civil action or proceeding.'' 5 U.S.C. 552a(d)(5).
In addition, section (k)(2) of the Privacy Act provides that the
head of an agency may promulgate regulations to exempt the system from
certain provisions of the Act if the system ``is investigatory material
compiled for law enforcement purposes, other than material within the
scope of subsection (j)(2)'' of 5 U.S.C. 552a. Accordingly, EPA
proposes to exempt all such records in the PSS 2.0 system (including
certain background investigation records and records maintained in the
Insider Threat module) from 5 U.S.C. 552a(c)(3); (d); and (e)(1);) for
the following reasons:
(1) From subsection 552a(c)(3), because making available to a named
individual an accounting of disclosures of records concerning him/her/
them would alert the subjects of an investigation or inquiry to the
existence of the investigation or inquiry. This could allow record
subjects to impede the inquiry, e.g., destroy evidence, intimidate
potential witnesses, or flee the area to avoid inquiries or
apprehension by law enforcement personnel. Further, such a disclosure
could reveal the identity of a confidential source and hamper the
Agency's inquiry.
(2) From subsection 552(d), which requires an agency to permit an
individual to gain access to records pertaining to him/her/them, to
request amendment to such records, to request a review of an agency
decision not to amend such records, and to contest the information
contained in such records. Granting requesters access to information
compiled for insider threat inquiries, PSS 2.0 background investigation
information compiled to investigate personnel/an applicant that is/
would be responsible for law enforcement and/or national security
matters, or other PSS 2.0 information related to such insider threat
inquiries or background investigations could inform the subject of an
investigation/inquiry of an actual or potential criminal violation, of
the existence of that investigation/inquiry, of the nature and scope of
the information or evidence obtained as to their activities, and of the
identity of confidential sources, witnesses, and law enforcement
personnel. Such a disclosure could enable the subject to avoid
detection or apprehension. Specifically, granting access to such
information could seriously impede or compromise an investigation or
inquiry; endanger the physical safety of confidential sources,
witnesses, law enforcement personnel and their families; lead to the
improper influencing of witnesses, the destruction of evidence, or the
fabrication of testimony; and could disclose sensitive or confidential
investigative techniques and procedures.
(3) From subsections 552a(e)(1), which requires an agency to
collect/maintain only information about an individual that is relevant
and necessary to accomplish a purpose of the Agency, because the
relevance of information obtained in the course of a background
investigation or insider threat inquiry is not always known when
collected. Material that may seem unrelated, or irrelevant when
collected may take on added meaning or significance as the inquiry
progresses. Also, it is appropriate to retain all information that may
aid in establishing patterns of illegal or insider threat activity.
Therefore, it would impede the inquiry process if it were necessary to
assure the relevance of all information obtained at the time of
collection.
Additionally, pursuant to 5 U.S.C. 552a(k)(5), an individual's
request for access to his or her or their record(s) may be exempt from
specific access provisions of the Privacy Act where the information is
investigatory material compiled solely for the purpose of determining
suitability, eligibility, or qualifications for Federal civilian
employment, military service, Federal contracts, or access to
classified information if disclosure of such material would reveal the
identity of a confidential source who furnished information to the
Government under an express promise that the source's identity would be
kept confidential. Under 5 U.S.C. 552a(k)(5), EPA is proposing to
exempt such materials stored in PSS 2.0 from 5 U.S.C. 552(a)(c)(3) and
(d) for the following reason(s):
(1) From subsection 552a(c)(3), because an accounting of
disclosures of records concerning the record subject may contain
information about the identity of a confidential source, and if the
Agency was required to disclose this information to the record subject,
such a disclosure would reveal the identity of the confidential source,
endangering the physical safety of the confidential source. Further,
such a disclosure could allow record subjects to impede a background
investigation or insider threat inquiry by contacting and intimidating
confidential sources and those that are potential witnesses.
(2) From subsection 552a(d), which requires an agency to permit an
individual to gain access to records pertaining to him/her/them, to
request amendment to such records, to request a review of an agency
decision not to amend such records, and to contest the information
contained in such records. Granting such access could cause the
identity of a confidential source to be revealed, endangering the
physical safety of the confidential source, and could impair the
ability of the EPA to compile, in the future, investigatory material
for the purpose of determining suitability, eligibility, or
qualifications for Federal civilian employment, Federal contracts, or
access to classified information.
III. Statutory and Executive Order Reviews
Additional information about these statutes and Executive orders
can be found at https://www.epa.gov/laws-regulations/laws-and-executive-orders.
A. Executive Order 12866: Regulatory Planning and Review, and Executive
Order 13563: Improving Regulation and Regulatory Review
This action is being submitted to the Office of Management and
Budget (OMB) for review.
[[Page 80222]]
B. Paperwork Reduction Act (PRA)
This action does not impose an information collection burden under
the PRA. This action contains no provisions constituting a collection
of information under the PRA.
C. Regulatory Flexibility Act (RFA)
I certify that this action will not have a significant economic
impact on a substantial number of small entities under the RFA. This
action will not impose any requirements on small entities.
D. Unfunded Mandates Reform Act (UMRA)
This action does not contain any unfunded mandate as described in
UMRA, 2 U.S.C. 1531-1538, and does not significantly or uniquely affect
small governments.
E. Executive Order 13132 (Federalism)
This action does not have federalism implications. It will not have
substantial direct effects on the states, on the relationship between
the National Government and the states, or on the distribution of power
and responsibilities among the various levels of government.
F. Executive Order 13175: Consultation and Coordination With Indian
Tribal Governments
This action does not have tribal implications as specified in
Executive Order 13175. Thus, Executive Order 13175 does not apply to
this action.
G. Executive Order 13045: Protection of Children From Environmental
Health Risks and Safety Risks
The EPA interprets Executive Order 13045 as applying only to those
regulatory actions that concern environmental health or safety risks
that the EPA has reason to believe may disproportionately affect
children, per the definition of ``covered regulatory action'' in
section 2-202 of the Executive order. This action is not subject to
Executive Order 13045 because it does not concern an environmental
health risk or safety risk.
H. Executive Order 13211: Actions Concerning Regulations That
Significantly Affect Energy Supply, Distribution, or Use
This action is not subject to Executive Order 13211, because it is
not a significant regulatory action under Executive Order 12866.
I. National Technology Transfer and Advancement Act
This rulemaking does not involve technical standards.
J. Executive Order 12898: Federal Actions To Address Environmental
Justice in Minority Populations and Low-Income Populations
The EPA believes that this action does not have disproportionately
high and adverse human health or environmental effects on minority
populations, low-income populations and/or indigenous peoples, as
specified in Executive Order 12898 (59 FR 7629, February 16, 1994).
List of Subjects in 40 CFR Part 16
Environmental protection, Administrative practice and procedure,
Confidential business information, Government employees, Privacy.
Kimberly Y. Patrick,
Principal Deputy Assistant Administrator, Office of Mission Support.
For the reasons stated in the preamble, title 40, chapter I, part
16 of the Code of Federal Regulations is proposed to be amended as
follows:
PART 16--IMPLEMENTATION OF PRIVACY ACT OF 1974
0
1. The authority citation for part 16 continues to read as follows:
Authority: 5 U.S.C. 301, 552a (as revised).
0
2. Amend Sec. 16.12 by:
0
a. Revising paragraphs (a)(1), (a)(4)(i), (a)(5) introductory text, and
(b)(1);
0
b. Adding paragraph (b)(4)(iii); and
0
c. Revising paragraph (b)(5) introductory text.
The revisions and addition read as follows:
Sec. 16.12 Specific exemptions.
(a) * * *
(1) Systems of records affected. (i) EPA-17 Online Criminal
Enforcement Activities Network (OCEAN).
(ii) EPA-21 External Compliance Case Tracking System (EXCATS).
(iii) EPA-30 Inspector General Enterprise Management System (IGEMS)
Hotline Module.
(iv) EPA-40 Inspector General Enterprise Management System (IGEMS)
Investigative Module.
(v) EPA-63 eDiscovery Enterprise Tool Suite.
(vi) EPA-79 NEIC Master Tracking System.
(vii) EPA-100 OIG Data Analytics Enterprise.
(viii) EPA-83 Personnel Security System (PSS) 2.0.
* * * * *
(4) * * *
(i) EPA systems of records 17, 30, 40, 63, 79, and 100 are exempted
from the following provisions of the PA, subject to the limitations set
forth in 5 U.S.C. 552a(k)(2): 5 U.S.C. 552a(c)(3); (d); and (e)(1). EPA
system of records 21 is exempt from the following provisions of the PA,
subject to limitations set forth in 5 U.S.C. 552a(k)(2): 5 U.S.C
552a(c)(3), (d), and (e)(1). EPA system of records 83 is exempt from
the following provisions of the PA, subject to the limitations set
forth in 5 U.S.C. 552a(k)(2): 5 U.S.C. 552a(c)(3); (d); and (e)(1).
* * * * *
(5) Reasons for exemption. EPA systems of records 17, 21, 30, 40,
63, 79, 83, and 100 are exempted from the provisions of the PA in
paragraph (a)(4) of this section for the following reasons:
* * * * *
(b) * * *
(1) Systems of records affected. (i) EPA 36 Research Grant,
Cooperative Agreement, and Fellowship Application Files.
(ii) EPA 40 Inspector General Enterprise Management System (IGEMS)
Investigative Module.
(iii) EPA 83 Personnel Security System (PSS) 2.0.
(iv) EPA 100 OIG Data Analytics Enterprise.
* * * * *
(4) * * *
(iii) EPA 83 is exempted from the following provisions of the PA,
subject to the limitations of 5 U.S.C. 552(a)(k)(5): 5 U.S.C.
552a(c)(3), and (d).
* * * * *
(5) Reasons for exemption. EPA 36, 40, 83, and 100 are exempted
from the above provisions of the PA for the following reasons:
* * * * *
[FR Doc. 2023-24668 Filed 11-16-23; 8:45 am]
BILLING CODE 6560-50-P