[Federal Register Volume 89, Number 71 (Thursday, April 11, 2024)]
[Notices]
[Pages 25668-25672]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-07700]


-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

Bureau of Reclamation

[DOI-2023-0024; RR85672000, 23XR0680A2, RX.31480001.0040000]


Privacy Act of 1974; System of Records

AGENCY: Bureau of Reclamation, Interior.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Department of the Interior (DOI) is issuing a public 
notice of its intent to modify the Bureau of Reclamation (Reclamation) 
Privacy Act system of records, INTERIOR/WBR-7, Concessions. DOI is 
revising this notice to change the system bureau designation to be 
consistent with Reclamation's title, propose new and modified routine 
uses, and update all sections of the notice to accurately reflect 
management of the system of records. This modified system will be 
included in DOI's inventory of record systems.

DATES: This modified system will be effective upon publication. New or 
modified routine uses will be effective May 13, 2024. Submit comments 
on or before May 13, 2024.

ADDRESSES: You may send comments identified by docket number [DOI-2023-
0024] by any of the following methods:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for sending comments.
     Email: [email protected]. Include docket number 
[DOI-2023-0024] in the subject line of the message.
     U.S. mail or hand-delivery: Teri Barnett, Departmental 
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, 
Room 7112, Washington, DC 20240.

[[Page 25669]]

    Instructions: All submissions received must include the agency name 
and docket number [DOI-2023-0024]. All comments received will be posted 
without change to https://www.regulations.gov, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Regina Magno, Associate Privacy 
Officer, Bureau of Reclamation, P.O. Box 25007, Denver, CO 80225, 
[email protected] or (303) 445-3326.

SUPPLEMENTARY INFORMATION:

I. Background

    Reclamation maintains the INTERIOR/WBR-7, Concessions, system of 
records. The purpose of this system is to manage concession operation 
records at Reclamation facilities from the inception of requests for 
proposals, during execution of a contract, and through the conclusion 
of the contract terms. The records are used by Reclamation to identify 
the person or business entities applying for concession opportunities, 
determine their ability to manage a concession operation, and aid in 
ensuring compliance with the terms of the concession agreement, 
contract, lease, or rental agreement.
    DOI is publishing this revised notice to change the system bureau 
designation to reflect Reclamation's title; update the system manager 
and system location sections; expand on categories of individuals 
covered by the system, the categories of records and records source 
categories sections; update authorities for maintenance of the system; 
update the storage, safeguards, and records retention schedule; update 
the notification, records access, and contesting procedures; reorganize 
the sections and provide general updates in accordance with the Privacy 
Act of 1974 and Office of Management and Budget (OMB) Circular A-108, 
Federal Agency Responsibilities for Review, Reporting, and Publication 
under the Privacy Act.
    Additionally, Reclamation is changing the routine uses from a 
numeric to alphabetic list and is proposing to modify existing routine 
uses to provide clarity and transparency and reflect updates consistent 
with standard DOI routine uses. Routine use A was modified to further 
clarify disclosures to the Department of Justice or other Federal 
agencies when necessary, in relation to litigation or judicial 
proceedings. Routine use B has been modified to clarify disclosures to 
a congressional office to respond to or resolve an individual's request 
made to that office. Routine use D has been modified to allow 
Reclamation to refer matters to the appropriate Federal, State, local, 
or foreign agencies, or other public authority agencies responsible for 
investigating or prosecuting violations of, or for enforcing, or 
implementing, a statute, rule, regulation, order, or license. Routine 
use J was slightly modified to allow Reclamation to share information 
with appropriate Federal agencies or entities when reasonably necessary 
to prevent, minimize, or remedy the risk of harm to individuals or the 
Federal Government resulting from a breach in accordance with OMB 
Memorandum M-17-12, Preparing for and Responding to a Breach of 
Personally Identifiable Information.
    Reclamation is proposing to add new routine uses C, E, F, G, H, I, 
L, M, and N to facilitate sharing of information with agencies and 
organizations to ensure the efficient management of all land, 
facilities, and waterbodies under Reclamation's jurisdiction, promote 
the integrity of the records in the system, or carry out a statutory 
responsibility of Reclamation or the Federal Government. Proposed 
routine use C facilitates sharing of information with the Executive 
Office of the President to respond to an inquiry by the individual to 
whom that record pertains. Proposed routine use E allows Reclamation to 
share information with an official of another Federal agency to assist 
in the performance of their official duties related to reconciling or 
reconstructing an individual's record. Proposed routine use F 
facilitates sharing of information related to hiring, issuance of a 
security clearance, or a license, contract, grant or benefit. Proposed 
routine use G allows Reclamation to share information with the National 
Archives and Records Administration to conduct records management 
inspections. Proposed routine use H allows Reclamation to share 
information with external entities, such as State, territorial and 
local governments and Tribal organizations needed in response to court 
orders and/or for discovery purposes related to litigation. Proposed 
routine use I allows Reclamation to share information with an expert, 
consultant, grantee, shared service provider, or contractor (including 
employees of the contractor) of DOI that performs services requiring 
access to these records on DOI's behalf to carry out the purposes of 
the system. Proposed routine use L allows Reclamation to share 
information with OMB during the coordination and clearance process in 
connection with legislative affairs. Proposed routine use M allows 
Reclamation to share information with the Department of the Treasury to 
recover debts owed to the United States. Routine use N allows 
Reclamation to share information with the news media and the public, 
with approval by the Public Affairs Officer and Senior Agency Official 
for Privacy in consultation with counsel if there is a legitimate 
public interest in the disclosure of the information.
    Pursuant to the Privacy Act, 5 U.S.C. 552a(b)(12), DOI may disclose 
information from this system to consumer reporting agencies as defined 
in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal 
Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)) to aid in the 
collection of outstanding debts owed to the Federal Government.

II. Privacy Act

    The Privacy Act of 1974, as amended, embodies fair information 
practice principles in a statutory framework governing the means by 
which Federal agencies collect, maintain, use, and disseminate 
individuals' records. The Privacy Act applies to records about 
individuals that are maintained in a ``system of records.'' A ``system 
of records'' is a group of any records under the control of an agency 
from which information is retrieved by the name of an individual or by 
some identifying number, symbol, or other identifying particular 
assigned to the individual. The Privacy Act defines an individual as a 
United States citizen or lawful permanent resident. Individuals may 
request access to their own records that are maintained in a system of 
records in the possession or under the control of DOI by complying with 
DOI Privacy Act regulations at 43 CFR part 2, subpart K, and following 
the procedures outlined in the Records Access, Contesting Record, and 
Notification Procedures sections of this notice.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the existence and character of each 
system of records that the agency maintains and the routine uses of 
each system. The INTERIOR/Reclamation-7, Concessions, system of records 
notice is published in its entirety below. In accordance with 5 U.S.C. 
552a(r), DOI has provided a report of this system of records to OMB and 
to Congress.

III. Public Participation

    You should be aware your entire comment including your personally 
identifiable information, such as your

[[Page 25670]]

address, phone number, email address, or any other personal information 
in your comment, may be made publicly available at any time. While you 
may request to withhold your personally identifiable information from 
public review, we cannot guarantee we will be able to do so.

SYSTEM NAME AND NUMBER:
    INTERIOR/Reclamation-7, Concessions.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Reclamation records in this system are maintained at:
    (1) Office of Dam Safety and Infrastructure, Asset Management 
Division, P.O. Box 25007, MS 86-67200 (AMD), Denver, CO 80225;
    (2) Columbia-Pacific Northwest Regional Office, 1150 North Curtis 
Road, Suite 100, Boise, ID 83706;
    (3) California-Great Basin Regional Office, Federal Office 
Building, 2800 Cottage Way, Sacramento, CA 95825;
    (4) Lower Colorado Basin Regional Office, 500 Fir Street, Boulder 
City, NV 89005;
    (5) Upper Colorado Basin Regional Office, 125 South State Street, 
Room 8100, Salt Lake City, UT 84138;
    (6) Missouri Basin and Arkansas-Rio Grande-Texas Gulf Regional 
Office, 2021 4th Avenue North, Billings, MT 59101; and
    (7) Area and Field offices located throughout the 17 western United 
States. Reclamation's Area and Field offices can be found at 
www.usbr.gov.

SYSTEM MANAGER(S):
    Manager, Asset Management Division, Office of Dam Safety and 
Infrastructure, Bureau of Reclamation, P.O. Box 25007, MS 8667200 
(AMD), Denver, CO 80225.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Reclamation Act ch. 1093, 32 Stat. 388 (June 17, 1902), as amended, 
codified at various sections of 43 U.S.C. Chapter 12; Federal Water 
Project Recreation Act of 1965, Public Law 89-72, as amended; 
Reclamation Development Act of 1974, Public Law 93-493, Title VI; 
Reclamation Recreation Management Act of 1992, Public Law 102-575, 
Title XXVIII; and Federal Lands Recreation Enhancement Act (REA) of 
2004, Public Law 108-447, Division J, Title VIII.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to manage concession operation 
records from the inception of requests for proposals, during execution 
of a contract, and through the conclusion of the contract terms. The 
records are used by Reclamation to identify the person, persons, or 
business entities applying for concession opportunities, determine 
their ability to manage a concession operation, and aid in ensuring 
compliance with the terms of the concession agreement, contract, lease, 
or rental agreement.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by this system include members of the public, 
applicants for concession opportunities, and contracted 
concessionaires. Records in this system pertaining to individuals 
contain information concerning sole proprietorships but may also 
reflect personal information. In addition, the system maintains records 
concerning corporations and other business entities which are not 
subject to the Privacy Act. However, records pertaining to individuals 
acting on behalf of the corporations or other business entities may 
reflect personal information that may be maintained in this system of 
records.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system contains records related to the use of Reclamation 
land, facilities, or waterbodies under a concession agreement, 
concession contract, use authorization, rental or lease agreement with 
individuals, corporations, or other legal business entities providing 
services or concessions at Reclamation projects.
    These records may contain information such as applicant's name, 
personal email address, personal mailing address, work or personal 
phone number, veteran status, financial information, Social Security 
number, tax identification number, name of insurance carrier, financial 
assets to verify whether the applicants have the financial viability to 
manage the proposed concession operation, applicant's ability to meet 
program requirements as outlined in Reclamation's authorities, 
historical documentation related to health information from applicants 
for use of special concession management priority authorities, 
management entity name, concession operation name, and agreement or 
contract number.

RECORD SOURCE CATEGORIES:
    Records in this system are obtained from individual members of the 
public, Federal and non-Federal entities including corporate and 
commercial concessionaires whose records are maintained, and from other 
internal DOI systems as set forth under Reclamation regulations and 
policies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DOI as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including Offices of the 
U.S. Attorneys, or other Federal agency conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is relevant or necessary to the litigation and one of the 
following is a party to the litigation or has an interest in such 
litigation:
    (1) DOI or any component of DOI;
    (2) Any other Federal agency appearing before the Office of 
Hearings and Appeals;
    (3) Any DOI employee or former employee acting in his or her 
official capacity;
    (4) Any DOI employee or former employee acting in his or her 
individual capacity when DOI or DOJ has agreed to represent that 
employee or pay for private representation of the employee; or
    (5) The United States Government or any agency thereof, when DOJ 
determines that DOI is likely to be affected by the proceeding.
    B. To a congressional office when requesting information on behalf 
of, and at the request of, the individual who is the subject of the 
record.
    C. To the Executive Office of the President in response to an 
inquiry from that office made at the request of the subject of a record 
or a third party on that person's behalf, or for a purpose compatible 
with the reason for which the records are collected or maintained.
    D. To any criminal, civil, or regulatory law enforcement authority 
(whether Federal, State, territorial, local, Tribal, or foreign) when a 
record, either alone or in conjunction with other information, 
indicates a violation or potential violation of law--criminal, civil, 
or regulatory in nature, and the disclosure is compatible with the 
purpose for which the records were compiled.
    E. To an official of another Federal agency to provide information 
needed in the performance of official duties related to reconciling or 
reconstructing data files or to enable that agency to respond to an 
inquiry by the individual to whom the record pertains.

[[Page 25671]]

    F. To Federal, State, territorial, local, Tribal, or foreign 
agencies that have requested information relevant or necessary to the 
hiring, firing or retention of an employee or contractor, or the 
issuance of a security clearance, license, contract, grant or other 
benefit, when the disclosure is compatible with the purpose for which 
the records were compiled.
    G. To representatives of the National Archives and Records 
Administration (NARA) to conduct records management inspections under 
the authority of 44 U.S.C. 2904 and 2906.
    H. To State, territorial and local governments and Tribal 
organizations to provide information needed in response to court order 
and/or discovery purposes related to litigation, when the disclosure is 
compatible with the purpose for which the records were compiled.
    I. To an expert, consultant, grantee, shared service provider, or 
contractor (including employees of the contractor) of DOI that performs 
services requiring access to these records on DOI's behalf to carry out 
the purposes of the system.
    J. To appropriate agencies, entities, and persons when:
    (1) DOI suspects or has confirmed that there has been a breach of 
the system of records;
    (2) DOI has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DOI (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and
    (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DOI's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    K. To another Federal agency or Federal entity, when DOI determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in:
    (1) responding to a suspected or confirmed breach; or
    (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    L. To the Office of Management and Budget (OMB) during the 
coordination and clearance process in connection with legislative 
affairs as mandated by OMB Circular A-19.
    M. To the Department of the Treasury to recover debts owed to the 
United States.
    N. To the news media and the public, with the approval of the 
Public Affairs Officer in consultation with counsel and the Senior 
Agency Official for Privacy, where there exists a legitimate public 
interest in the disclosure of the information, except to the extent it 
is determined that release of the specific information in the context 
of a particular case would constitute an unwarranted invasion of 
personal privacy.
    O. To State or local government agencies for taxation purposes.
    P. To non-Federal auditors under contract with DOI or Department of 
Energy or water user and other organizations with which Reclamation has 
written agreements permitting access to financial records to perform 
financial audits.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Concession records are managed securely at Reclamation offices. 
Paper records are contained in file folders stored in locked file 
cabinets at secured Reclamation facilities. Electronic records are 
contained in removable drives, computers, email, and electronic 
databases.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by an individual's name, management entity 
name, concession operation name, and contract number or agreement 
number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system are currently maintained in accordance with 
the following approved NARA Reclamation Records Retention Schedule, 
LND-8.00 Recreation Areas, Facilities, and Services--Permanent (N1-115-
94-6).
    A new Department Records Schedule (DRS) has been submitted to NARA 
and is pending approval. Once NARA approves the Mission DRS, the 
records related to this system will be maintained in accordance with 
DRS 2.2.3.19, Sustainably Manage Land Use, Recreation and Planning--
Management Plans and Reports PERM. This record schedule covers 
recommendations for the development of recreational areas, recreational 
contracts and leases, and concession contracts that includes real 
property. These records are permanent and are cutoff when activity is 
completed, closed no later than the end of the fiscal year in which 
completed. The files are then transferred to the Federal Record Center 
at 10 years or earlier if volume warrants. Legal ownership is 
transferred to NARA 30 years after cutoff. Paper records are disposed 
of by shredding or pulping, and records contained on electronic media 
format are degaussed or erased in accordance with the applicable 
records retention schedule, NARA guidelines, and Departmental policy.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The records contained in this system are safeguarded in accordance 
with 43 CFR 2.226 and other applicable security rules and policies. 
Records are accessible only by authorized DOI employees, and other 
Federal government agencies and contractors who have contractual 
agreements with Reclamation to conduct activities related to land and 
realty. During normal hours of operation, paper records are secured in 
locked file cabinets under the control of authorized personnel. 
Computers and servers on which electronic records are stored are in 
secured DOI and/or contractor facilities with physical, technical, and 
administrative levels of security such as access codes, security codes, 
and security guards, to prevent unauthorized access to the DOI network 
and information assets. Access to DOI networks and data requires a 
valid username and password and is limited to DOI personnel and/or 
contractors who have a need to know of the information for the 
performance of their official duties. Access to contractor's networks 
and data requires restricted access limited to authorized personnel.
    Computerized records systems follow the National Institute of 
Standards and Technology privacy and security standards as developed to 
comply with the Privacy Act of 1974, as amended, 5 U.S.C. 552a; 
Paperwork Reduction Act of 1995, 44 U.S.C. 3501 et seq.; Federal 
Information Security Modernization Act of 2014, 44 U.S.C. 3551, et 
seq.; and the Federal Information Processing Standard 199: Standards 
for Security Categorization of Federal Information and Information 
Systems. Security controls include user identification, passwords, 
database permissions, encryption, firewalls, audit logs, and network 
system security monitoring, and software controls. System 
administrators and authorized personnel are trained and required to 
follow established internal security protocols and must complete all 
security, privacy, and records management training and sign the DOI 
Rules of Behavior.

[[Page 25672]]

RECORD ACCESS PROCEDURES:
    An individual requesting access to their records should send a 
written inquiry to the System Manager identified in this notice. DOI 
forms and instructions for submitting a Privacy Act request may be 
obtained from the DOI Privacy Act Requests website at https://www.doi.gov/privacy/privacy-act-requests. The request must include a 
general description of the records sought and the requester's full 
name, current address, and sufficient identifying information such as 
date of birth or other information required for verification of the 
requester's identity. The request must be signed and dated and be 
either notarized or submitted under penalty of perjury in accordance 
with 28 U.S.C. 1746. Requests submitted by mail must be clearly marked 
``PRIVACY ACT REQUEST FOR ACCESS'' on both the envelope and letter. A 
request for access must meet the requirements of 43 CFR 2.238.

CONTESTING RECORD PROCEDURES:
    An individual requesting amendment of their records should send a 
written request to the System Manager as identified in this notice. DOI 
instructions for submitting a request for amendment of records are 
available on the DOI Privacy Act Requests website at https://www.doi.gov/privacy/privacy-act-requests. The request must clearly 
identify the records for which amendment is being sought, the reasons 
for requesting the amendment, and the proposed amendment to the record. 
The request must include the requester's full name, current address, 
and sufficient identifying information such as date of birth or other 
information required for verification of the requester's identity. The 
request must be signed and dated and be either notarized or submitted 
under penalty of perjury in accordance with 28 U.S.C. 1746. Requests 
submitted by mail must be clearly marked ``PRIVACY ACT REQUEST FOR 
AMENDMENT'' on both the envelope and letter. A request for amendment 
must meet the requirements of 43 CFR 2.246.

NOTIFICATION PROCEDURES:
    An individual requesting notification of the existence of records 
about them should send a written inquiry to the System Manager as 
identified in this notice. DOI instructions for submitting a request 
for notification are available on the DOI Privacy Act Requests website 
at https://www.doi.gov/privacy/privacy-act-requests. The request must 
include a general description of the records and the requester's full 
name, current address, and sufficient identifying information such as 
date of birth or other information required for verification of the 
requester's identity. The request must be signed and dated and be 
either notarized or submitted under penalty of perjury in accordance 
with 28 U.S.C. 1746. Requests submitted by mail must be clearly marked 
``PRIVACY ACT INQUIRY'' on both the envelope and letter. A request for 
notification must meet the requirements of 43 CFR 2.235.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    64 FR 69032 (December 9, 1999); modification published at 73 FR 
20949 (April 17, 2008) and 86 FR 50156 (September 7, 2021).

Teri Barnett,
Departmental Privacy Officer, U.S. Department of the Interior.
[FR Doc. 2024-07700 Filed 4-10-24; 8:45 am]
BILLING CODE 4332-90-P