[Federal Register Volume 89, Number 71 (Thursday, April 11, 2024)]
[Notices]
[Pages 25668-25672]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-07700]
-----------------------------------------------------------------------
DEPARTMENT OF THE INTERIOR
Bureau of Reclamation
[DOI-2023-0024; RR85672000, 23XR0680A2, RX.31480001.0040000]
Privacy Act of 1974; System of Records
AGENCY: Bureau of Reclamation, Interior.
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as
amended, the Department of the Interior (DOI) is issuing a public
notice of its intent to modify the Bureau of Reclamation (Reclamation)
Privacy Act system of records, INTERIOR/WBR-7, Concessions. DOI is
revising this notice to change the system bureau designation to be
consistent with Reclamation's title, propose new and modified routine
uses, and update all sections of the notice to accurately reflect
management of the system of records. This modified system will be
included in DOI's inventory of record systems.
DATES: This modified system will be effective upon publication. New or
modified routine uses will be effective May 13, 2024. Submit comments
on or before May 13, 2024.
ADDRESSES: You may send comments identified by docket number [DOI-2023-
0024] by any of the following methods:
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the instructions for sending comments.
Email: [email protected]. Include docket number
[DOI-2023-0024] in the subject line of the message.
U.S. mail or hand-delivery: Teri Barnett, Departmental
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW,
Room 7112, Washington, DC 20240.
[[Page 25669]]
Instructions: All submissions received must include the agency name
and docket number [DOI-2023-0024]. All comments received will be posted
without change to https://www.regulations.gov, including any personal
information provided.
Docket: For access to the docket to read background documents or
comments received, go to https://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Regina Magno, Associate Privacy
Officer, Bureau of Reclamation, P.O. Box 25007, Denver, CO 80225,
[email protected] or (303) 445-3326.
SUPPLEMENTARY INFORMATION:
I. Background
Reclamation maintains the INTERIOR/WBR-7, Concessions, system of
records. The purpose of this system is to manage concession operation
records at Reclamation facilities from the inception of requests for
proposals, during execution of a contract, and through the conclusion
of the contract terms. The records are used by Reclamation to identify
the person or business entities applying for concession opportunities,
determine their ability to manage a concession operation, and aid in
ensuring compliance with the terms of the concession agreement,
contract, lease, or rental agreement.
DOI is publishing this revised notice to change the system bureau
designation to reflect Reclamation's title; update the system manager
and system location sections; expand on categories of individuals
covered by the system, the categories of records and records source
categories sections; update authorities for maintenance of the system;
update the storage, safeguards, and records retention schedule; update
the notification, records access, and contesting procedures; reorganize
the sections and provide general updates in accordance with the Privacy
Act of 1974 and Office of Management and Budget (OMB) Circular A-108,
Federal Agency Responsibilities for Review, Reporting, and Publication
under the Privacy Act.
Additionally, Reclamation is changing the routine uses from a
numeric to alphabetic list and is proposing to modify existing routine
uses to provide clarity and transparency and reflect updates consistent
with standard DOI routine uses. Routine use A was modified to further
clarify disclosures to the Department of Justice or other Federal
agencies when necessary, in relation to litigation or judicial
proceedings. Routine use B has been modified to clarify disclosures to
a congressional office to respond to or resolve an individual's request
made to that office. Routine use D has been modified to allow
Reclamation to refer matters to the appropriate Federal, State, local,
or foreign agencies, or other public authority agencies responsible for
investigating or prosecuting violations of, or for enforcing, or
implementing, a statute, rule, regulation, order, or license. Routine
use J was slightly modified to allow Reclamation to share information
with appropriate Federal agencies or entities when reasonably necessary
to prevent, minimize, or remedy the risk of harm to individuals or the
Federal Government resulting from a breach in accordance with OMB
Memorandum M-17-12, Preparing for and Responding to a Breach of
Personally Identifiable Information.
Reclamation is proposing to add new routine uses C, E, F, G, H, I,
L, M, and N to facilitate sharing of information with agencies and
organizations to ensure the efficient management of all land,
facilities, and waterbodies under Reclamation's jurisdiction, promote
the integrity of the records in the system, or carry out a statutory
responsibility of Reclamation or the Federal Government. Proposed
routine use C facilitates sharing of information with the Executive
Office of the President to respond to an inquiry by the individual to
whom that record pertains. Proposed routine use E allows Reclamation to
share information with an official of another Federal agency to assist
in the performance of their official duties related to reconciling or
reconstructing an individual's record. Proposed routine use F
facilitates sharing of information related to hiring, issuance of a
security clearance, or a license, contract, grant or benefit. Proposed
routine use G allows Reclamation to share information with the National
Archives and Records Administration to conduct records management
inspections. Proposed routine use H allows Reclamation to share
information with external entities, such as State, territorial and
local governments and Tribal organizations needed in response to court
orders and/or for discovery purposes related to litigation. Proposed
routine use I allows Reclamation to share information with an expert,
consultant, grantee, shared service provider, or contractor (including
employees of the contractor) of DOI that performs services requiring
access to these records on DOI's behalf to carry out the purposes of
the system. Proposed routine use L allows Reclamation to share
information with OMB during the coordination and clearance process in
connection with legislative affairs. Proposed routine use M allows
Reclamation to share information with the Department of the Treasury to
recover debts owed to the United States. Routine use N allows
Reclamation to share information with the news media and the public,
with approval by the Public Affairs Officer and Senior Agency Official
for Privacy in consultation with counsel if there is a legitimate
public interest in the disclosure of the information.
Pursuant to the Privacy Act, 5 U.S.C. 552a(b)(12), DOI may disclose
information from this system to consumer reporting agencies as defined
in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal
Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)) to aid in the
collection of outstanding debts owed to the Federal Government.
II. Privacy Act
The Privacy Act of 1974, as amended, embodies fair information
practice principles in a statutory framework governing the means by
which Federal agencies collect, maintain, use, and disseminate
individuals' records. The Privacy Act applies to records about
individuals that are maintained in a ``system of records.'' A ``system
of records'' is a group of any records under the control of an agency
from which information is retrieved by the name of an individual or by
some identifying number, symbol, or other identifying particular
assigned to the individual. The Privacy Act defines an individual as a
United States citizen or lawful permanent resident. Individuals may
request access to their own records that are maintained in a system of
records in the possession or under the control of DOI by complying with
DOI Privacy Act regulations at 43 CFR part 2, subpart K, and following
the procedures outlined in the Records Access, Contesting Record, and
Notification Procedures sections of this notice.
The Privacy Act requires each agency to publish in the Federal
Register a description denoting the existence and character of each
system of records that the agency maintains and the routine uses of
each system. The INTERIOR/Reclamation-7, Concessions, system of records
notice is published in its entirety below. In accordance with 5 U.S.C.
552a(r), DOI has provided a report of this system of records to OMB and
to Congress.
III. Public Participation
You should be aware your entire comment including your personally
identifiable information, such as your
[[Page 25670]]
address, phone number, email address, or any other personal information
in your comment, may be made publicly available at any time. While you
may request to withhold your personally identifiable information from
public review, we cannot guarantee we will be able to do so.
SYSTEM NAME AND NUMBER:
INTERIOR/Reclamation-7, Concessions.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Reclamation records in this system are maintained at:
(1) Office of Dam Safety and Infrastructure, Asset Management
Division, P.O. Box 25007, MS 86-67200 (AMD), Denver, CO 80225;
(2) Columbia-Pacific Northwest Regional Office, 1150 North Curtis
Road, Suite 100, Boise, ID 83706;
(3) California-Great Basin Regional Office, Federal Office
Building, 2800 Cottage Way, Sacramento, CA 95825;
(4) Lower Colorado Basin Regional Office, 500 Fir Street, Boulder
City, NV 89005;
(5) Upper Colorado Basin Regional Office, 125 South State Street,
Room 8100, Salt Lake City, UT 84138;
(6) Missouri Basin and Arkansas-Rio Grande-Texas Gulf Regional
Office, 2021 4th Avenue North, Billings, MT 59101; and
(7) Area and Field offices located throughout the 17 western United
States. Reclamation's Area and Field offices can be found at
www.usbr.gov.
SYSTEM MANAGER(S):
Manager, Asset Management Division, Office of Dam Safety and
Infrastructure, Bureau of Reclamation, P.O. Box 25007, MS 8667200
(AMD), Denver, CO 80225.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Reclamation Act ch. 1093, 32 Stat. 388 (June 17, 1902), as amended,
codified at various sections of 43 U.S.C. Chapter 12; Federal Water
Project Recreation Act of 1965, Public Law 89-72, as amended;
Reclamation Development Act of 1974, Public Law 93-493, Title VI;
Reclamation Recreation Management Act of 1992, Public Law 102-575,
Title XXVIII; and Federal Lands Recreation Enhancement Act (REA) of
2004, Public Law 108-447, Division J, Title VIII.
PURPOSE(S) OF THE SYSTEM:
The purpose of this system is to manage concession operation
records from the inception of requests for proposals, during execution
of a contract, and through the conclusion of the contract terms. The
records are used by Reclamation to identify the person, persons, or
business entities applying for concession opportunities, determine
their ability to manage a concession operation, and aid in ensuring
compliance with the terms of the concession agreement, contract, lease,
or rental agreement.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered by this system include members of the public,
applicants for concession opportunities, and contracted
concessionaires. Records in this system pertaining to individuals
contain information concerning sole proprietorships but may also
reflect personal information. In addition, the system maintains records
concerning corporations and other business entities which are not
subject to the Privacy Act. However, records pertaining to individuals
acting on behalf of the corporations or other business entities may
reflect personal information that may be maintained in this system of
records.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system contains records related to the use of Reclamation
land, facilities, or waterbodies under a concession agreement,
concession contract, use authorization, rental or lease agreement with
individuals, corporations, or other legal business entities providing
services or concessions at Reclamation projects.
These records may contain information such as applicant's name,
personal email address, personal mailing address, work or personal
phone number, veteran status, financial information, Social Security
number, tax identification number, name of insurance carrier, financial
assets to verify whether the applicants have the financial viability to
manage the proposed concession operation, applicant's ability to meet
program requirements as outlined in Reclamation's authorities,
historical documentation related to health information from applicants
for use of special concession management priority authorities,
management entity name, concession operation name, and agreement or
contract number.
RECORD SOURCE CATEGORIES:
Records in this system are obtained from individual members of the
public, Federal and non-Federal entities including corporate and
commercial concessionaires whose records are maintained, and from other
internal DOI systems as set forth under Reclamation regulations and
policies.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DOI as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To the Department of Justice (DOJ), including Offices of the
U.S. Attorneys, or other Federal agency conducting litigation or in
proceedings before any court, adjudicative, or administrative body,
when it is relevant or necessary to the litigation and one of the
following is a party to the litigation or has an interest in such
litigation:
(1) DOI or any component of DOI;
(2) Any other Federal agency appearing before the Office of
Hearings and Appeals;
(3) Any DOI employee or former employee acting in his or her
official capacity;
(4) Any DOI employee or former employee acting in his or her
individual capacity when DOI or DOJ has agreed to represent that
employee or pay for private representation of the employee; or
(5) The United States Government or any agency thereof, when DOJ
determines that DOI is likely to be affected by the proceeding.
B. To a congressional office when requesting information on behalf
of, and at the request of, the individual who is the subject of the
record.
C. To the Executive Office of the President in response to an
inquiry from that office made at the request of the subject of a record
or a third party on that person's behalf, or for a purpose compatible
with the reason for which the records are collected or maintained.
D. To any criminal, civil, or regulatory law enforcement authority
(whether Federal, State, territorial, local, Tribal, or foreign) when a
record, either alone or in conjunction with other information,
indicates a violation or potential violation of law--criminal, civil,
or regulatory in nature, and the disclosure is compatible with the
purpose for which the records were compiled.
E. To an official of another Federal agency to provide information
needed in the performance of official duties related to reconciling or
reconstructing data files or to enable that agency to respond to an
inquiry by the individual to whom the record pertains.
[[Page 25671]]
F. To Federal, State, territorial, local, Tribal, or foreign
agencies that have requested information relevant or necessary to the
hiring, firing or retention of an employee or contractor, or the
issuance of a security clearance, license, contract, grant or other
benefit, when the disclosure is compatible with the purpose for which
the records were compiled.
G. To representatives of the National Archives and Records
Administration (NARA) to conduct records management inspections under
the authority of 44 U.S.C. 2904 and 2906.
H. To State, territorial and local governments and Tribal
organizations to provide information needed in response to court order
and/or discovery purposes related to litigation, when the disclosure is
compatible with the purpose for which the records were compiled.
I. To an expert, consultant, grantee, shared service provider, or
contractor (including employees of the contractor) of DOI that performs
services requiring access to these records on DOI's behalf to carry out
the purposes of the system.
J. To appropriate agencies, entities, and persons when:
(1) DOI suspects or has confirmed that there has been a breach of
the system of records;
(2) DOI has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, DOI (including
its information systems, programs, and operations), the Federal
Government, or national security; and
(3) the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with DOI's efforts to
respond to the suspected or confirmed breach or to prevent, minimize,
or remedy such harm.
K. To another Federal agency or Federal entity, when DOI determines
that information from this system of records is reasonably necessary to
assist the recipient agency or entity in:
(1) responding to a suspected or confirmed breach; or
(2) preventing, minimizing, or remedying the risk of harm to
individuals, the recipient agency or entity (including its information
systems, programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
L. To the Office of Management and Budget (OMB) during the
coordination and clearance process in connection with legislative
affairs as mandated by OMB Circular A-19.
M. To the Department of the Treasury to recover debts owed to the
United States.
N. To the news media and the public, with the approval of the
Public Affairs Officer in consultation with counsel and the Senior
Agency Official for Privacy, where there exists a legitimate public
interest in the disclosure of the information, except to the extent it
is determined that release of the specific information in the context
of a particular case would constitute an unwarranted invasion of
personal privacy.
O. To State or local government agencies for taxation purposes.
P. To non-Federal auditors under contract with DOI or Department of
Energy or water user and other organizations with which Reclamation has
written agreements permitting access to financial records to perform
financial audits.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Concession records are managed securely at Reclamation offices.
Paper records are contained in file folders stored in locked file
cabinets at secured Reclamation facilities. Electronic records are
contained in removable drives, computers, email, and electronic
databases.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by an individual's name, management entity
name, concession operation name, and contract number or agreement
number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records in this system are currently maintained in accordance with
the following approved NARA Reclamation Records Retention Schedule,
LND-8.00 Recreation Areas, Facilities, and Services--Permanent (N1-115-
94-6).
A new Department Records Schedule (DRS) has been submitted to NARA
and is pending approval. Once NARA approves the Mission DRS, the
records related to this system will be maintained in accordance with
DRS 2.2.3.19, Sustainably Manage Land Use, Recreation and Planning--
Management Plans and Reports PERM. This record schedule covers
recommendations for the development of recreational areas, recreational
contracts and leases, and concession contracts that includes real
property. These records are permanent and are cutoff when activity is
completed, closed no later than the end of the fiscal year in which
completed. The files are then transferred to the Federal Record Center
at 10 years or earlier if volume warrants. Legal ownership is
transferred to NARA 30 years after cutoff. Paper records are disposed
of by shredding or pulping, and records contained on electronic media
format are degaussed or erased in accordance with the applicable
records retention schedule, NARA guidelines, and Departmental policy.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The records contained in this system are safeguarded in accordance
with 43 CFR 2.226 and other applicable security rules and policies.
Records are accessible only by authorized DOI employees, and other
Federal government agencies and contractors who have contractual
agreements with Reclamation to conduct activities related to land and
realty. During normal hours of operation, paper records are secured in
locked file cabinets under the control of authorized personnel.
Computers and servers on which electronic records are stored are in
secured DOI and/or contractor facilities with physical, technical, and
administrative levels of security such as access codes, security codes,
and security guards, to prevent unauthorized access to the DOI network
and information assets. Access to DOI networks and data requires a
valid username and password and is limited to DOI personnel and/or
contractors who have a need to know of the information for the
performance of their official duties. Access to contractor's networks
and data requires restricted access limited to authorized personnel.
Computerized records systems follow the National Institute of
Standards and Technology privacy and security standards as developed to
comply with the Privacy Act of 1974, as amended, 5 U.S.C. 552a;
Paperwork Reduction Act of 1995, 44 U.S.C. 3501 et seq.; Federal
Information Security Modernization Act of 2014, 44 U.S.C. 3551, et
seq.; and the Federal Information Processing Standard 199: Standards
for Security Categorization of Federal Information and Information
Systems. Security controls include user identification, passwords,
database permissions, encryption, firewalls, audit logs, and network
system security monitoring, and software controls. System
administrators and authorized personnel are trained and required to
follow established internal security protocols and must complete all
security, privacy, and records management training and sign the DOI
Rules of Behavior.
[[Page 25672]]
RECORD ACCESS PROCEDURES:
An individual requesting access to their records should send a
written inquiry to the System Manager identified in this notice. DOI
forms and instructions for submitting a Privacy Act request may be
obtained from the DOI Privacy Act Requests website at https://www.doi.gov/privacy/privacy-act-requests. The request must include a
general description of the records sought and the requester's full
name, current address, and sufficient identifying information such as
date of birth or other information required for verification of the
requester's identity. The request must be signed and dated and be
either notarized or submitted under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted by mail must be clearly marked
``PRIVACY ACT REQUEST FOR ACCESS'' on both the envelope and letter. A
request for access must meet the requirements of 43 CFR 2.238.
CONTESTING RECORD PROCEDURES:
An individual requesting amendment of their records should send a
written request to the System Manager as identified in this notice. DOI
instructions for submitting a request for amendment of records are
available on the DOI Privacy Act Requests website at https://www.doi.gov/privacy/privacy-act-requests. The request must clearly
identify the records for which amendment is being sought, the reasons
for requesting the amendment, and the proposed amendment to the record.
The request must include the requester's full name, current address,
and sufficient identifying information such as date of birth or other
information required for verification of the requester's identity. The
request must be signed and dated and be either notarized or submitted
under penalty of perjury in accordance with 28 U.S.C. 1746. Requests
submitted by mail must be clearly marked ``PRIVACY ACT REQUEST FOR
AMENDMENT'' on both the envelope and letter. A request for amendment
must meet the requirements of 43 CFR 2.246.
NOTIFICATION PROCEDURES:
An individual requesting notification of the existence of records
about them should send a written inquiry to the System Manager as
identified in this notice. DOI instructions for submitting a request
for notification are available on the DOI Privacy Act Requests website
at https://www.doi.gov/privacy/privacy-act-requests. The request must
include a general description of the records and the requester's full
name, current address, and sufficient identifying information such as
date of birth or other information required for verification of the
requester's identity. The request must be signed and dated and be
either notarized or submitted under penalty of perjury in accordance
with 28 U.S.C. 1746. Requests submitted by mail must be clearly marked
``PRIVACY ACT INQUIRY'' on both the envelope and letter. A request for
notification must meet the requirements of 43 CFR 2.235.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
64 FR 69032 (December 9, 1999); modification published at 73 FR
20949 (April 17, 2008) and 86 FR 50156 (September 7, 2021).
Teri Barnett,
Departmental Privacy Officer, U.S. Department of the Interior.
[FR Doc. 2024-07700 Filed 4-10-24; 8:45 am]
BILLING CODE 4332-90-P