[Federal Register Volume 89, Number 139 (Friday, July 19, 2024)]
[Notices]
[Pages 58779-58802]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-15922]
-----------------------------------------------------------------------
NUCLEAR REGULATORY COMMISSION
[NRC-2023-0168]
Privacy Act of 1974; Systems of Records
AGENCY: Nuclear Regulatory Commission.
ACTION: Notice of modified systems of records; request for comment.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the Privacy Act of 1974 and Office of Management
and Budget (OMB) Circular No. A-108, to ensure the system of records
notices remain accurate, the U.S. Nuclear Regulatory Commission (NRC)
staff reviews each notice on a periodic basis. As a result of this
review, the NRC is republishing 16 of its system of records notices and
has made various revisions to ensure that the NRC's notices remain
clear, accurate, and up to date. Three of the system notices--NRC 37,
Information Security Files and Associated Records, NRC 44, Employee
Fitness Center Records, and NRC 46, Health Emergency Records--are
subject to a 30-day comment period based on the nature of their
revisions. The revisions to these systems are in effect upon this
publication with the exception of the NRC 37, NRC 44 and NRC 46
modifications, which will go into effect 30 days after this
publication. The remaining systems revisions are minor corrective and
administrative changes that do not meet the threshold criteria
established by OMB for either a new or altered system of records. The
minor modifications include updating authorities, system managers,
retention schedules, and various other minor updates, in accordance
with OMB Circular A-108.
DATES: Submit comments on revisions and changes by August 19, 2024.
Comments received after this date will be considered if it is practical
to do so, but the Commission is able to ensure consideration only for
comments received before this date.
ADDRESSES: You may submit comments by any of the following methods;
however, the NRC encourages electronic comment submission through the
Federal rulemaking website:
Federal rulemaking website: Go to https://www.regulations.gov and search for Docket ID NRC-2023-0168. Address
questions about Docket IDs in Regulations.gov to Stacy Schumann;
telephone: 301-415-0624; email: [email protected]. For technical
questions, contact the individual listed in the For Further Information
Contact section of this document.
Mail comments to: Office of Administration, Mail Stop:
TWFN-7-A60M, U.S. Nuclear Regulatory Commission, Washington, DC 20555-
0001, ATTN: Program Management, Announcements and Editing Staff.
For additional direction on obtaining information and submitting
comments, see ``Obtaining Information and Submitting Comments'' in the
SUPPLEMENTARY INFORMATION section of this document.
FOR FURTHER INFORMATION CONTACT: Sally Hardy, Office of the Chief
Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC
20555-0001, telephone: 301-415-5607; email: [email protected].
SUPPLEMENTARY INFORMATION:
I. Obtaining Information and Submitting Comments
A. Obtaining Information
Please refer to Docket ID NRC-2023-0168 when contacting the NRC
about the availability of information for this action. You may obtain
publicly available information related to this action by any of the
following methods:
Federal Rulemaking Website: Go to https://www.regulations.gov and search for Docket ID NRC-2023-0168.
NRC's Agencywide Documents Access and Management System
(ADAMS): You may obtain publicly available documents online in the
ADAMS Public Documents collection at https://www.nrc.gov/reading-rm/adams.html. To begin the search, select ``Begin Web-based ADAMS
Search.'' For problems with ADAMS, please contact the NRC's Public
Document Room (PDR) reference staff at 1-800-397-4209, at 301-415-4737,
or by email to [email protected].
NRC's PDR: The PDR, where you may examine and order copies
of publicly available documents, is open by appointment. To make an
appointment to visit the PDR, please send an email to
[email protected] or call 1-800-397-4209 or 301-415-4737, between 8
a.m. and 4 p.m. eastern time (ET), Monday through Friday, except
Federal holidays.
B. Submitting Comments
The NRC encourages electronic comment submission through the
Federal rulemaking website (https://www.regulations.gov). Please
include Docket ID NRC-2023-0168 in your comment submission.
The NRC cautions you not to include identifying or contact
information that you do not want to be publicly disclosed in your
comment submission. The NRC will post all comment submissions at
https://www.regulations.gov as well as enter the comment submissions
into ADAMS. The NRC does not routinely edit comment submissions to
remove identifying or contact information.
If you are requesting or aggregating comments from other persons
for submission to the NRC, then you should inform those persons not to
include identifying or contact information that they do not want to be
publicly disclosed in their comment submission. Your request should
state that the NRC does not routinely edit comment submissions to
remove such information before making the comment submissions available
to the public or entering the comment into ADAMS.
II. Background
Pursuant to the Privacy Act of 1974 and OMB Circular No. A-108,
``Federal Agency Responsibilities for Review, Reporting, and
Publication under the Privacy Act,'' notice is hereby given that the
NRC is republishing 16 of its system of records notices. In 12 of those
system of records notices, there are revisions that include minor and
administrative changes that do not meet the criteria for either a new
or altered system of records notice. One system is being republished
without any revisions as part of our review process for ease of use and
reference since the last publication in 2019.
The changes in the following three Privacy Act system of records
notices do meet the criteria for an altered system of records:
The NRC is revising NRC 37, Information Security Files and
Associated Records. Modifications include revision of the purpose,
categories of records in the system, record source categories and
storage of records.
The NRC is revising NRC 44, Employee Fitness Center Records.
Modifications include removing duplicate system locations.
The NRC is revising NRC 46, Health Emergency Records. Modifications
include revision of the authority for maintenance of the system,
categories of individuals covered, categories of records, record source
categories, routine uses and storage of records.
A report on these revisions has been sent to OMB, the Committee on
[[Page 58780]]
Homeland Security and Governmental Affairs of U.S. Senate, and the
Committee on Oversight and Accountability of the U.S. House of
Representatives, as required by the Privacy Act.
If changes are made based on the NRC's review of comments received,
the NRC will publish a subsequent notice.
The text of the report, in its entirety, is attached.
Dated: July 16, 2024.
For the Nuclear Regulatory Commission.
Jonathan Feibus,
Senior Agency Official for Privacy, Office of the Chief Information
Officer.
Attachment--Nuclear Regulatory Commission Privacy Act Systems of
Records NRC Systems of Records
25. Oral History Program--NRC.
26. Transit Subsidy Benefits Program Records--NRC.
27. Radiation Exposure Information and Reporting System (REIRS)
Records--NRC.
32. Office of the Chief Financial Officer Financial Transactions and
Debt Collection Management Records--NRC.
33. Special Inquiry Records--NRC.
35. Drug Testing Program Records--NRC.
36. Employee Locator Records--NRC.
37. Information Security Files and Associated Records--NRC.
38. Mailing Lists--NRC.
39. Personnel Security Files and Associated Records--NRC.
40. Facility Security Access Control Records--NRC.
41. Tort Claims and Personal Property Claims Records--NRC.
43. Employee Health Center Records--NRC.
44. Employee Fitness Center Records--NRC.
45. Electronic Credentials for Personal Identity Verification--NRC.
46. Health Emergency Records--NRC.
These systems of records are maintained by the NRC and contain
personal information about individuals that is retrieved by an
individual's name or identifier.
The notice for each system of records states the name and location
of the record system, the authority for and manner of its operation,
the categories of individuals that it covers, the types of records that
it contains, the sources of information in those records, and the
routine uses of each system of records. Each notice also includes the
business address of the NRC official who will inform interested persons
of the procedures whereby they may gain access to and request amendment
of records pertaining to them.
The Privacy Act provides certain safeguards for an individual
against an invasion of personal privacy by requiring Federal agencies
to protect records contained in an agency system of records from
unauthorized disclosure and to ensure that information is current and
accurate for its intended use and that adequate safeguards are provided
to prevent misuse of such information.
SYSTEM NAME AND NUMBER:
Oral History Program--NRC 25.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Office of the Secretary, NRC, One White Flint North, 11555
Rockville Pike, Rockville, Maryland.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 2161(b) and 44 U.S.C. 3301.
PURPOSE(S) OF THE SYSTEM:
Recorded interviews and transcribed scripts of interviews for
providing a history of the nuclear regulatory program.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who volunteer to be interviewed for the purpose of
providing information for a history of the nuclear regulatory program.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records consist of recorded interviews and as needed, transcribed
scripts of the interviews.
RECORD SOURCE CATEGORIES:
Information in this system of records is obtained from interviews
granted on a voluntary basis to the Historian.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under
subsection (b) of the Privacy Act, the NRC may disclose information
contained in this system of records without the consent of the subject
individual if the disclosure is compatible with the purpose for which
the record was collected under the following routine uses:
a. For incorporation in publications on the history of the nuclear
regulatory program;
b. To provide information to historians and other researchers;
c. A record from this system of records may be disclosed as a
routine use to appropriate agencies, entities, and persons when (1) NRC
suspects or has confirmed that there has been a breach of the system of
records, (2) NRC has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, NRC (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with NRC efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm; and
d. A record from this system of records may be disclosed as a
routine use to another Federal agency or Federal entity, when the NRC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Maintained on electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information is accessed by the name of the interviewee.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Narrative Histories will be retained under NRC's approved schedule
found in the NUREG 0910 version 4 at 2.22.7.a(1): Record copy
maintained by the NRC Historian. Permanent. Transfer to the National
Archives when 20 years old. (Paper records created before 4/1/2000.
ADAMS PDF files and TIFF files (2.22.7.a(4) re cutoff at the close of
the fiscal year. Transfer to the National Archives 5 years after
cutoff.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Maintained on an access restricted drive. Access to and use of
these records is limited to those authorized by the Historian or a
designee.
SYSTEM MANAGER(S):
NRC Historian, Office of the Secretary, U.S. Nuclear Regulatory
Commission, Washington, DC 20555-0001.
RECORD ACCESS PROCEDURES:
Same as ``Notification procedures.''
CONTESTING RECORD PROCEDURES:
Same as ``Notification procedures.''
[[Page 58781]]
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act or Privacy Act Officer, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001,
and comply with the procedures contained in NRC's Privacy Act
regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
SYSTEM NAME AND NUMBER:
Transit Subsidy Benefits Program Records--NRC 26.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Facility and Logistics Branch, Office of Administration, NRC, Two
White Flint North, 11545 Rockville Pike, Rockville, Maryland.
SYSTEM MANAGER(S):
Chief, Facility and Logistics Branch, Division of Facilities and
Security, Office of Administration, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 7905; 26 U.S.C. 132; 31 U.S.C. 3511; 41 CFR 102-74.210; 41
CFR subtitle F; 41 CFR 102-71.20; Executive Order (E.O.) 9397, as
amended by E.O. 13478; E.O. 13150.
PURPOSE(S) OF THE SYSTEM:
The information contained in this system is used to enroll
employees in the Transit Subsidy Program.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
NRC employees who apply for subsidized mass transit costs.
CATEGORIES OF RECORDS IN THE SYSTEM:
The records consist of an individual's application to participate
in the program which includes, but is not limited to, the applicant's
name, home address, office telephone number, and information regarding
the employee's commuting schedule and mass transit system(s) used.
RECORD SOURCE CATEGORIES:
NRC employees.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under
subsection (b) of the Privacy Act, the NRC may disclose information
contained in this system of records without the consent of the subject
individual if the disclosure is compatible with the purpose for which
the record was collected under the following routine uses:
a. To provide statistical reports to the city, county, State, and
Federal government agencies;
b. To provide the basis for program approval and issue monthly
subsides;
c. A record from this system of records which indicates a violation
of civil or criminal law, regulation or order may be referred as a
routine use to a Federal, State, local or foreign agency that has
authority to investigate, enforce, implement or prosecute such laws.
Further, a record from this system of records may be disclosed for
civil or criminal law or regulatory enforcement purposes to another
agency in response to a written request from that agency's head or an
official who has been delegated such authority;
d. A record from this system of records may be disclosed as a
routine use in the course of discovery; in presenting evidence to a
court, magistrate, administrative tribunal, or grand jury or pursuant
to a qualifying order from any of those; in alternative dispute
resolution proceedings, such as arbitration or mediation; or in the
course of settlement negotiations;
e. A record from this system of records may be disclosed as a
routine use to a Congressional office from the record of an individual
in response to an inquiry from the Congressional office made at the
request of that individual;
f. A record from this system of records may be disclosed as a
routine use to NRC-paid experts or consultants, and those under
contract with the NRC on a ``need-to-know'' basis for a purpose within
the scope of the pertinent NRC task. This access will be granted to an
NRC contractor or employee of such contractor by a system manager only
after satisfactory justification has been provided to the system
manager;
g. A record from this system of records may be disclosed as a
routine use to appropriate agencies, entities, and persons when (1) NRC
suspects or has confirmed that there has been a breach of the system of
records, (2) NRC has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, NRC (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with NRC efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm; and
h. A record from this system of records may be disclosed as a
routine use to another Federal agency or Federal entity, when the NRC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Accessed by name and smart trip card.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained under the National Archives and Records
Administration's General Records Schedule 2.4: Employee Compensation
and Benefit Records, Item 130, Transportation subsidy program
administrative records. Destroy when 3 years old, but longer retention
is authorized if required for business use. Records are also retained
under General Records Schedule 2.4, item 131, Transportation subsidy
program individual case files. Destroy 2 years after employee
participation concludes, but longer retention is authorized if required
for business use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Computer files are maintained on a hard drive, access to which is
password protected. Access to and use of these records is limited to
those persons whose official duties require access.
RECORD ACCESS PROCEDURES:
Same as ``Notification procedures.''
CONTESTING RECORD PROCEDURES:
Same as ``Notification procedures.''
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act or Privacy Act Officer, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington,
[[Page 58782]]
DC 20555-0001, and comply with the procedures contained in NRC's
Privacy Act regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
SYSTEM NAME AND NUMBER:
Radiation Exposure Information and Reporting System (REIRS)
Records--NRC 27.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Primary system--Oak Ridge Associated Universities (ORAU), Oak
Ridge, Tennessee (or current contractor facility).
Duplicate system--Duplicate systems exist, in part, regarding
employee exposure records, with the NRC's Radiation Safety Officers at
Regional office locations listed in Addendum 1, Part 2, in the Office
of Nuclear Reactor Regulations (NRR), the Office of Nuclear Material
Safety and Safeguards (NMSS). The Office of Administration (ADM), NRC,
One White Flint North, 11555 Rockville Pike, Rockville, Maryland,
maintains the employee dosimeter tracking system.
SYSTEM MANAGER(S):
REIRS Project Manager, Radiation Protection Branch, Division of
Systems Analysis, Office of Nuclear Regulatory Research, U.S. Nuclear
Regulatory Commission, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 7902; 29 U.S.C. 668; 42 U.S.C. 2051, 2073, 2093, 2095,
2111, 2133, 2134, and 2201(o); 10 CFR parts 20 and 34; Executive Order
(E.O.) 9397, as amended by E.O. 13478; E.O. 12196, as amended.
PURPOSE(S) OF THE SYSTEM:
REIRS serves as the central repository for all NRC radiation
exposure monitoring records that are recorded and reported pursuant to
part 20 of title 10 of the Code of Federal Regulations (10 CFR) and
Regulatory Guide 8.7. This central repository is used for the oversight
of radiation protection policies and practices at NRC-licensed
facilities.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals monitored for radiation exposure while employed by or
visiting or temporarily assigned to certain NRC-licensed facilities;
individuals who are exposed to radiation or radioactive materials in
incidents required to be reported under 10 CFR 20.2201-20.2204 and
20.2206 by all NRC licensees; individuals who may have been exposed to
radiation or radioactive materials offsite from a facility, plant
installation, or other place of use of licensed materials, or in
unrestricted areas, as a result of an incident involving byproduct,
source, or special nuclear material.
CATEGORIES OF RECORDS IN THE SYSTEM:
These records contain information relating to an individual's name,
sex, social security number, birth date, place and period date of
exposure; name and license number of individual's employer; name and
number of licensees reporting the information; radiation doses or
estimates of exposure received during this period, type of radiation,
part(s) or organ(s) exposed, and radionuclide(s) involved.
RECORD SOURCE CATEGORIES:
Information in this system of records comes from licensees; the
subject individual; the individual's employer; the person in charge of
the facility where the individual has been assigned; NRC Form 5,
``Occupational Exposure Record for a Monitoring Period,'' or
equivalent, contractor reports, and Radiation Safety Officers.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under
subsection (b) of the Privacy Act, the NRC may disclose information
contained in this system of records without the consent of the subject
individual if the disclosure is compatible with the purpose for which
the record was collected under the following routine uses:
a. To provide data to other Federal and State agencies involved in
monitoring and/or evaluating radiation exposure received by individuals
as enumerated in the paragraph ``Categories of individuals covered by
the system;''
b. To return data provided by licensee upon request;
c. A record from this system of records which indicates a violation
of civil or criminal law, regulation or order may be referred as a
routine use to a Federal, State, local or foreign agency that has
authority to investigate, enforce, implement or prosecute such laws.
Further, a record from this system of records may be disclosed for
civil or criminal law or regulatory enforcement purposes to another
agency in response to a written request from that agency's head or an
official who has been delegated such authority;
d. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency to obtain
information relevant to an NRC decision concerning hiring or retaining
an employee, letting a contract, or issuing a security clearance,
license, grant or other benefit;
e. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency requesting a
record that is relevant and necessary to its decision on a matter of
hiring or retaining an employee, issuing a security clearance,
reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
f. A record from this system of records may be disclosed as a
routine use in the course of discovery; in presenting evidence to a
court, magistrate, administrative tribunal, or grand jury or pursuant
to a qualifying order from any of those; in alternative dispute
resolution proceedings, such as arbitration or mediation; or in the
course of settlement negotiations;
g. A record from this system of records may be disclosed as a
routine use to a Congressional office from the record of an individual
in response to an inquiry from the Congressional office made at the
request of that individual;
h. A record from this system of records may be disclosed as a
routine use to NRC-paid experts or consultants, and those under
contract with the NRC on a ``need-to-know'' basis for a purpose within
the scope of the pertinent NRC task. This access will be granted to an
NRC contractor or employee of such contractor by a system manager only
after satisfactory justification has been provided to the system
manager;
i. A record from this system of records may be disclosed as a
routine use to appropriate agencies, entities, and persons when (1) NRC
suspects or has confirmed that there has been a breach of the system of
records, (2) NRC has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, NRC (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with NRC efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm; and
j. A record from this system of records may be disclosed as a
routine use to another Federal agency or Federal entity, when the NRC
determines that information from this system of records
[[Page 58783]]
is reasonably necessary to assist the recipient agency or entity in (1)
responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient
agency or entity (including its information systems, programs, and
operations), the Federal Government, or national security, resulting
from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on paper and electronic media. The
electronic records maintained in Oak Ridge, TN, are in a centralized
database management system that is password protected. Backup tapes of
the database are generated and maintained at a secure, off-site
location for disaster recovery purposes. During the processing and data
entry, paper records are temporarily stored in designated business
offices that are locked when not in use and are accessible only to
authorized personnel. Upon completion of data entry and processing, the
paper records are stored in an offsite security storage facility
accessible only to authorized personnel.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are accessed by individual name, social security number,
date of birth, and/or by licensee name or number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records managed using REIRS are scheduled under NRC's NUREG-0910,
Revision 4. Transfer a copy of REIRS data to the National Archives and
Records Administration every 5 years (2.19.16). Retain Personnel
monitoring reports and personnel overexposure reports entered into
REIRS, Paper records, are retained under 2.19.14.a(1). Destroy 2 years
after data are input into REIRS. ADAMS PDF files, TIFF files, ADAMS
document profiles, and ADAMS digital signature and concurrence data are
retained under 2.19.14.a(4) and are cut off at the end of the fiscal
year and destroyed 2 years after cutoff. Personnel monitoring reports
and personnel overexposure reports of which only selected data are
entered into REIRS, records are retained under 2.19.14.b(1). Cut off at
end of fiscal year. Transfer to National Archives and Records
Administration (NARA) when 20 years old.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Information maintained at ORAU is accessible by the Office of
Nuclear Regulatory Research (RES) and individuals that have been
authorized access by NRC, including all NRC Radiation Safety Officers
and ORAU employees that are directly involved in the REIRS project.
Reports received and reviewed by the NRC's RES, NRR, NMSS, and Regional
offices are in lockable file cabinets and bookcases in secured
buildings. A log is maintained of both telephone and written requests
for information.
The data maintained in the REIRS database are protected from
unauthorized access by several means. The database server resides in a
protected environment with physical security barriers under keycard
access control. Accounts authorizing access to the server and databases
are maintained by the ORAU REIRS system administrator. In addition,
ORAU maintains a computer security ``firewall'' that further restricts
access to the ORAU computer network. Authorization for access must be
approved by NRC, ORAU project management, and ORAU computer security.
Transmittal of data via the internet is protected by data encryption.
RECORD ACCESS PROCEDURES:
Same as ``Notification procedures.''
CONTESTING RECORD PROCEDURES:
Same as ``Notification procedures.''
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act or Privacy Act Officer, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001,
and comply with the procedures contained in NRC's Privacy Act
regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
SYSTEM NAME AND NUMBER:
Office of the Chief Financial Officer Financial Transactions and
Debt Collection Management Records--NRC 32.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Office of the Chief Financial Officer, NRC, Two White Flint North,
11545 Rockville Pike, Rockville, Maryland. NRC has an interagency
agreement with the U.S. Treasury, Administrative Resource Center (ARC),
Parkersburg, WV, as a Federal service provider for transactional
services in the NRC core financial system since March 2018.
Other systems of records contain information that may duplicate
some of the records in this system. These other systems include, but
are not limited to:
NRC-10, Freedom of Information Act (FOIA) and Privacy Act (PA)
Request Records--NRC;
NRC-18, Office of the Inspector General (OIG) Investigative
Records--NRC;
NRC-19, Official Personnel Training Records--NRC;
NRC-21, Payroll Accounting Records--NRC;
NRC-41, Tort Claims and Personal Property Claims Records--NRC; and
GSA/GOVT-4, Contracted Travel Services Program (E-Travel).
SYSTEM MANAGER:
Comptroller, Division of the Comptroller, Office of the Chief
Financial Officer, U.S. Nuclear Regulatory Commission, Washington, DC
20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 552a; 5 U.S.C. 5514; 15 U.S.C. 1681; 26 U.S.C. 6103; 31
U.S.C. chapter 37; 31 U.S.C. 6501-6508; 42 U.S.C. 2201; 42 U.S.C. 5841;
31 CFR 900-904; 10 CFR parts 15, 16, 170, 171; Executive Order (E.O.)
9397, as amended by E.O. 13478; and E.O. 12731.
PURPOSE(S) OF THE SYSTEM:
Financial Transactions and Debt Collection
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered are those to who the NRC owes/owed money, those
who receive/received a payment from NRC, and those who owe/owed money
to the United States. Individuals receiving payments include, but are
not limited to, current and former employees, contractors, consultants,
vendors, and others who travel or perform certain services for NRC.
Individuals owing money include, but are not limited to, those who have
received goods or services from NRC for which there is a charge or fee
(NRC licensees, applicants for NRC licenses, Freedom of Information Act
requesters, etc.) and those who have been overpaid and owe NRC a refund
(current and former employees, contractors, consultants, vendors,
etc.).
CATEGORIES OF RECORDS IN THE SYSTEM:
Information in the system includes, but is not limited to, names,
addresses,
[[Page 58784]]
telephone numbers, Social Security Numbers (SSN), employee
identification number (EIN), Taxpayer Identification Numbers (TIN),
Individual Taxpayer Identification Numbers (ITIN), Data Universal
Numbering System (DUNS) number, fee categories, application and license
numbers, contract numbers, vendor numbers, amounts owed, background and
supporting documentation, correspondence concerning claims and debts,
credit reports, and billing and payment histories. The overall agency
accounting system contains data and information integrating accounting
functions such as general ledger, funds control, travel, accounts
receivable, accounts payable, property, and appropriation of funds.
Although this system of records contains information on corporations
and other business entities, only those records that contain
information about individuals that is retrieved by the individual's
name or other personal identifier are subject to the Privacy Act.
RECORD SOURCE CATEGORIES:
Record source categories include, but are not limited to,
individuals covered by the system, their attorneys, or other
representatives; NRC; collection agencies or contractors; employing
agencies of debtors; and Federal, State, and local agencies.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In accordance with an interagency agreement, the NRC may disclose
records to Treasury ARC as a Federal service provider for transactional
services in the NRC core financial system. In addition to the other
types of disclosures permitted under subsection (b) of the Privacy Act,
the NRC may disclose information contained in this system of records
without the consent of the subject individual if the disclosure is
compatible with the purpose for which the record was collected under
the following routine uses or, where determined to be appropriate and
necessary, the NRC may authorize Treasury ARC to make the disclosure:
a. To debt collection contractors (31 U.S.C. 3718) or to other
Federal agencies such as the Department of the Treasury (Treasury) and
Department of Interior (DOI) for the purpose of collecting and
reporting on delinquent debts as authorized by the Debt Collection Act
of 1982 or the Debt Collection Improvement Act (DCIA) of 1996 and the
Digital Accountability and Transparency Act (DATA) of 2014;
b. To Treasury; the Defense Manpower Data Center, Department of
Defense; the United States Postal Service; government corporations; or
any other Federal, State, or local agency to conduct an authorized
computer matching program in compliance with the Privacy Act of 1974,
as amended, to identify and locate individuals, including Federal
employees, who are delinquent in their repayment of certain debts owed
to the U.S. Government, including those incurred under certain programs
or services administered by the NRC, in order to collect debts under
common law or under the provisions of the Debt Collection Act of 1982
or the Debt Collection Improvement Act of 1996 and DATA of 2014 which
include by voluntary repayment, administrative or salary offset, and
referral to debt collection contractors;
c. To the Department of Justice, United States Attorney Treasury
ARC, or other Federal agencies for further collection action on any
delinquent account when circumstances warrant;
d. To credit reporting agencies/credit bureaus for the purpose of
either adding to a credit history file or obtaining a credit history
file or comparable credit information for use in the administration of
debt collection. As authorized by the DCIA, NRC may report current (not
delinquent) as well as delinquent consumer and commercial debt to these
entities in order to aid in the collection of debts, typically by
providing an incentive to the person to repay the debt timely;
e. To any Federal agency where the debtor is employed or receiving
some form of remuneration for the purpose of enabling that agency to
collect a debt owed the Federal Government on NRC's behalf by
counseling the debtor for voluntary repayment or by initiating
administrative or salary offset procedures, or other authorized debt
collection methods under the provisions of the Debt Collection Act of
1982 or the DCIA of 1996. Under the DCIA, NRC may garnish non-Federal
wages of certain delinquent debtors so long as required due process
procedures are followed. In these instances, NRC's notice to the
employer will disclose only the information that may be necessary for
the employer to comply with the withholding order;
f. To the Internal Revenue Service (IRS) by computer matching to
obtain the mailing address of a taxpayer for the purpose of locating
such taxpayer to collect or to compromise a Federal claim by NRC
against the taxpayer under 26 U.S.C. 6103(m)(2) and under 31 U.S.C.
3711, 3717, and 3718 or common law. Re-disclosure of a mailing address
obtained from the IRS may be made only for debt collection purposes,
including to a debt collection agent to facilitate the collection or
compromise of a Federal claim under the Debt Collection Act of 1982 or
the DCIA of 1996, except that re-disclosure of a mailing address to a
reporting agency is for the limited purpose of obtaining a credit
report on the particular taxpayer. Any mailing address information
obtained from the IRS will not be used or shared for any other NRC
purpose or disclosed by NRC to another Federal, State, or local agency
which seeks to locate the same taxpayer for its own debt collection
purposes;
g. To refer legally enforceable debts to the IRS or to Treasury's
Debt Management Services to be offset against the debtor's tax refunds
under the Federal Tax Refund Offset Program;
h. To prepare W-2, 1099, or other forms or electronic submittals,
to forward to the IRS and applicable State and local governments for
tax reporting purposes. Under the provisions of the DCIA, NRC is
permitted to provide Treasury with Form 1099-C information on
discharged debts so that Treasury may file the form on NRC's behalf
with the IRS. W-2 and 1099 Forms contain information on items to be
considered as income to an individual, including certain travel related
payments to employees, payments made to persons not treated as
employees (e.g., fees to consultants and experts), and amounts written-
off as legally or administratively uncollectible, in whole or in part;
i. To banks enrolled in the Treasury Credit Card Network to collect
a payment or debt when the individual has given his or her credit card
number for this purpose;
j. To another Federal agency that has asked the NRC to effect an
administrative offset under common law or under 31 U.S.C. 3716 to help
collect a debt owed the United States. Disclosure under this routine
use is limited to name, address, SSN, EIN, TIN, ITIN, and other
information necessary to identify the individual; information about the
money payable to or held for the individual; and other information
concerning the administrative offset;
k. To Treasury or other Federal agencies with whom NRC has entered
into an agreement establishing the terms and conditions for debt
collection cross servicing operations on behalf of the NRC to satisfy,
in whole or in part, debts owed to the U.S. Government. Cross servicing
includes the possible use of all debt collection tools such as
administrative offset, tax refund offset, referral to debt collection
contractors, salary offset, administrative wage garnishment, and
referral to the
[[Page 58785]]
Department of Justice. The DCIA of 2014 requires agencies to transfer
to Treasury or Treasury-designated Debt Collection Centers for cross
servicing certain nontax debt over 120 days delinquent. Treasury has
the authority to act in the Federal Government's best interest to
service, collect, compromise, suspend, or terminate collection action
under existing laws under which the debts arise;
l. Information on past due, legally enforceable nontax debts more
than 120 days delinquent will be referred to Treasury for the purpose
of locating the debtor and/or effecting administrative offset against
monies payable by the Government to the debtor, or held by the
Government for the debtor under the DCIA's mandatory, Government-wide
Treasury Offset Program (TOP). Under TOP, Treasury maintains a database
of all qualified delinquent nontax debts and works with agencies to
match by computer their payments against the delinquent debtor database
in order to divert payments to pay the delinquent debt. Treasury has
the authority to waive the computer matching requirement for NRC and
other agencies upon written certification that administrative due
process notice requirements have been complied with;
m. For debt collection purposes, NRC may publish or otherwise
publicly disseminate information regarding the identity of delinquent
nontax debtors and the existence of the nontax debts under the
provisions of the DCIA of 1996;
n. To the Department of Labor (DOL) and the Department of Health
and Human Services (HHS) to conduct an authorized computer matching
program in compliance with the Privacy Act of 1974, as amended, to
match NRC's debtor records with records of DOL and HHS to obtain names,
name controls, names of employers, addresses, dates of birth, and TINs.
The DCIA requires all Federal agencies to obtain taxpayer
identification numbers from each individual or entity doing business
with the agency, including applicants and recipients of licenses,
grants, or benefit payments; contractors; and entities and individuals
owing fines, fees, or penalties to the agency. NRC will use TINs in
collecting and reporting any delinquent amounts resulting from the
activity and in making payments;
o. If NRC decides or is required to sell a delinquent nontax debt
under 31 U.S.C. 3711(I), information in this system of records may be
disclosed to purchasers, potential purchasers, and contractors engaged
to assist in the sale or to obtain information necessary for potential
purchasers to formulate bids and information necessary for purchasers
to pursue collection remedies;
p. If NRC has current and delinquent collateralized nontax debts
under 31 U.S.C. 3711(i)(4)(A), certain information in this system of
records on its portfolio of loans, notes and guarantees, and other
collateralized debts will be reported to Congress based on standards
developed by the Office of Management and Budget, in consultation with
Treasury;
q. To Treasury in order to request a payment to individuals owed
money by the NRC;
r. To the National Archives and Records Administration or to the
General Services Administration for records management inspections
conducted under 44 U.S.C. 2904 and 2906;
s. A record from this system of records which indicates a violation
of civil or criminal law, regulation or order may be referred as a
routine use to a Federal, State, local or foreign agency that has
authority to investigate, enforce, implement or prosecute such laws.
Further, a record from this system of records may be disclosed for
civil or criminal law or regulatory enforcement purposes to another
agency in response to a written request from that agency's head or an
official who has been delegated such authority;
t. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency to obtain
information relevant to an NRC decision concerning hiring or retaining
an employee, letting a contract, or issuing a security clearance,
license, grant or other benefit;
u. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency requesting a
record that is relevant and necessary to its decision on a matter of
hiring or retaining an employee, issuing a security clearance,
reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
v. A record from this system of records may be disclosed as a
routine use in the course of discovery; in presenting evidence to a
court, magistrate, administrative tribunal, or grand jury or pursuant
to a qualifying order from any of those; in alternative dispute
resolution proceedings, such as arbitration or mediation; or in the
course of settlement negotiations;
w. A record from this system of records may be disclosed as a
routine use to a Congressional office from the record of an individual
in response to an inquiry from the Congressional office made at the
request of that individual;
x. A record from this system of records may be disclosed as a
routine use to NRC-paid experts or consultants, and those under
contract with the NRC on a ``need-to-know'' basis for a purpose within
the scope of the pertinent NRC task. This access will be granted to an
NRC contractor or employee of such contractor by a system manager only
after satisfactory justification has been provided to the system
manager;
y. A record from this system of records may be disclosed as a
routine use to appropriate agencies, entities, and persons when (1) NRC
suspects or has confirmed that there has been a breach of the system of
records, (2) NRC has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, NRC (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with NRC efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm; and
z. A record from this system of records may be disclosed as a
routine use to another Federal agency or Federal entity, when the NRC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Information in this system is stored on paper, microfiche, and
electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Automated information can be retrieved by name, SSN, TIN, DUNS
number, license or application number, contract or purchase order
number, invoice number, voucher number, and/or vendor code. Paper
records are retrieved by invoice number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained under the National Archives and Records
Administration's General Records
[[Page 58786]]
Schedule 1.1: Financial Management and Reporting Records, Item 010,
Financial transaction records related to procuring goods and services,
paying bills, collecting debts, and accounting as the Official record
held in the office of record. Destroy 6 years after final payment or
cancellation, but longer retention is authorized if needed for business
use. Records related to Administrative claims by or against the United
States are retained under General Records Schedule 1.1: Financial
Management and Reporting Records, item 080. Destroy 7 years after final
action, but longer retention is authorized if required for business
use. Records used to calculate payroll, arrange paycheck deposit, and
change previously issued paychecks are scheduled under General Records
Schedule 2.4: Employee Compensation and Benefits Records, item 010.
Destroy 3 years after paying agency or payroll processor validates
data, but longer retention is authorized if required for business use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records in the primary system are maintained in a building where
access is controlled by a security guard force. Records are kept in
lockable file rooms or at user's workstations in an area where access
is controlled by keycard and is limited to NRC and contractor personnel
who need the records to perform their official duties. The records are
under visual control during duty hours. Access to automated data
requires use of proper password and user identification codes by NRC or
contractor personnel.
RECORDS ACCESS PROCEDURES:
Same as ``Notification procedures.''
CONTESTING RECORD PROCEDURES:
Same as ``Notification procedures.''
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act or Privacy Act Officer, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001,
and comply with the procedures contained in NRC's Privacy Act
regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
DISCLOSURES TO CONSUMER REPORTING AGENCIES:
Disclosures Pursuant to 5 U.S.C. 552a(b)(12): Disclosures of
information to a consumer reporting agency are not considered a routine
use of records. Disclosures may be made from this system to ``consumer
reporting agencies'' as defined in the Fair Credit Reporting Act (15
U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966, as
amended (31 U.S.C. 3701(a)(3)).
SYSTEM NAME AND NUMBER:
Special Inquiry Records--NRC 33.
SECURITY CLASSIFICATION:
Classified and Unclassified.
SYSTEM LOCATION:
Primary system--Special Inquiry Group, NRC, One White Flint North,
11555 Rockville Pike, Rockville, Maryland.
Duplicate system--Duplicate systems exist, in whole or in part, at
the locations listed in Addendum I, Parts 1 and 2.
SYSTEM MANAGER(S):
Records Manager--, Special Inquiry Group, U.S. Nuclear Regulatory
Commission, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 2051, 2052, 2201(c), (i) and (o).
PURPOSE(S) OF THE SYSTEM:
Investigation material for potential or actual concerns in
connection with investigations of accidents or incidents at nuclear
power plants or other nuclear facility, nuclear materials or an
allegation regarding public health and safety.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals possessing information regarding or having knowledge of
matters of potential or actual concern to the Commission in connection
with the investigation of an accident or incident at a nuclear power
plant or other nuclear facility, or an incident involving nuclear
materials or an allegation regarding the public health and safety
related to the NRC's mission responsibilities.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system consists of an alphabetical index file bearing
individual names. The index provides access to associated records which
are arranged by subject matter, title, or identifying number(s) and/or
letter(s). The system incorporates the records of all Commission
correspondence, memoranda, audit reports and data, interviews,
questionnaires, legal papers, exhibits, investigative reports and data,
and other material relating to or developed as a result of the inquiry,
study, or investigation of an accident or incident.
RECORD SOURCE CATEGORIES:
The information in this system of records is obtained from sources
including, but not limited to, NRC officials and employees; Federal,
State, local, and foreign agencies; NRC licensees; nuclear reactor
vendors and architectural engineering firms; other organizations or
persons knowledgeable about the incident or activity under
investigation; and relevant NRC records.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under
subsection (b) of the Privacy Act, the NRC may disclose information
contained in this system of records without the consent of the subject
individual if the disclosure is compatible with the purpose for which
the record was collected under the following routine uses:
a. To provide information relating to an item which has been
referred to the Commission or Special Inquiry Group for investigation
by an agency, group, organization, or individual and may be disclosed
as a routine use to notify the referring agency, group, organization,
or individual of the status of the matter or of any decision or
determination that has been made;
b. To disclose a record as a routine use to a foreign country under
an international treaty or convention entered into and ratified by the
United States;
c. To provide records relating to the integrity and efficiency of
the Commission's operations and management and may be disseminated
outside the Commission as part of the Commission's responsibility to
inform the Congress and the public about Commission operations;
d. A record from this system of records which indicates a violation
of civil or criminal law, regulation or order may be referred as a
routine use to a Federal, State, local or foreign agency that has
authority to investigate, enforce, implement or prosecute such laws.
Further, a record from this system of records may be disclosed for
civil or criminal law or regulatory enforcement purposes to another
agency in response to a written request from that agency's head or an
official who has been delegated such authority;
e. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency to obtain
information relevant to
[[Page 58787]]
an NRC decision concerning hiring or retaining an employee, letting a
contract, or issuing a security clearance, license, grant or other
benefit;
f. A record from this system of records may be disclosed as a
routine use in the course of discovery; in presenting evidence to a
court, magistrate, administrative tribunal, or grand jury or pursuant
to a qualifying order from any of those; in alternative dispute
resolution proceedings, such as arbitration or mediation; or in the
course of settlement negotiations;
g. A record from this system of records may be disclosed as a
routine use to a Congressional office from the record of an individual
in response to an inquiry from the Congressional office made at the
request of that individual;
h. A record from this system of records may be disclosed as a
routine use to NRC-paid experts or consultants, and those under
contract with the NRC on a ``need-to-know'' basis for a purpose within
the scope of the pertinent NRC task. This access will be granted to an
NRC contractor or employee of such contractor by a system manager only
after satisfactory justification has been provided to the system
manager;
i. A record from this system of records may be disclosed as a
routine use to appropriate agencies, entities, and persons when (1) NRC
suspects or has confirmed that there has been a breach of the system of
records, (2) NRC has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, NRC (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with NRC efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm; and
j. A record from this system of records may be disclosed as a
routine use to another Federal agency or Federal entity, when the NRC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on paper in file folders and electronic
media. Documents are maintained in secured vault facilities.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Accessed by name (author or recipient), corporate source, title of
document, subject matter, or other identifying document or control
number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Permanent Records retained as General Program Correspondence Files
(Subject Files) at the Office Director Level are scheduled under NUREG
0910 rev 4--2.18.5.a(1). Cut off at close of fiscal year. Transfer to
the National Archives and Records Administration when 20 years old.
Permanent Nuclear Power Plant Docket Files are scheduled under NUREG
0910 Rev 4--2.18.11.a(1). Cut off files upon license termination
following completion of decommissioning procedure. Closing date is the
termination date following completion of decommissioning procedure.
Transfer to the National Archives and Records Administration 20 years
after termination of license.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
These records are located in locking filing cabinets or safes in a
secured facility and are available only to authorized personnel whose
duties require access.
RECORD ACCESS PROCEDURES:
Same as ``Notification procedures.'' Information classified under
Executive Order 12958 will not be disclosed. Information received in
confidence will not be disclosed to the extent that disclosure would
reveal a confidential source.
CONTESTING RECORD PROCEDURES:
Same as ``Notification procedures.''
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act or Privacy Act Officer, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001,
and comply with the procedures contained in NRC's Privacy Act
regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(k)(1), (k)(2), and (k)(5), the Commission
has exempted portions of this system of records from 5 U.S.C.
552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f).
SYSTEM NAME AND NUMBER:
Drug Testing Program Records--NRC 35.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Primary system--Division of Facilities and Security, Office of
Administration, NRC, Two White Flint North, 11545 Rockville Pike,
Rockville, Maryland.
Duplicate system--Duplicate systems exist in part at the NRC
Regional office locations listed in Addendum I, Part 2 (for a temporary
period of time); and at the current contractor testing laboratories,
collection/evaluation facilities.
SYSTEM MANAGER(S):
Director, Division of Facilities and Security, Office of
Administration, U.S. Nuclear Regulatory Commission, Washington, DC
20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C 7301; 5 U.S.C. 7361-7363; 42 U.S.C. 2165; 42 U.S.C. 290dd;
Executive Order (E.O.) 12564; 9397, as amended by E.O. 13478.
PURPOSE(S) OF THE SYSTEM:
This record system will maintain information gathered by and in the
possession of NRC Drug Testing Program, used in verifying positive test
results for illegal use of controlled substance, as well as collecting
and maintaining evidence of possession, distribution, or trafficking of
controlled substances.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
NRC employees, applicants, consultants, licensees, and contractors.
CATEGORIES OF RECORDS IN THE SYSTEM:
These records contain information regarding the drug testing
program; requests for and results of initial, confirmatory and follow-
up testing, if appropriate; additional information supplied by NRC
employees, employment applicants, consultants, licensees, or
contractors in challenge to positive test results; and written
statements or medical evaluations of attending physicians and/or
information regarding prescription or nonprescription drugs.
RECORD SOURCE CATEGORIES:
NRC employees, employment applicants, consultants, licensees, and
contractors who have been identified for
[[Page 58788]]
drug testing who have been tested; physicians making statements
regarding medical evaluations and/or authorized prescriptions for
drugs; NRC contractors for processing including, but not limited to,
specimen collection, laboratories for analysis, and medical
evaluations; and NRC staff administering the drug testing program to
ensure the achievement of a drug-free workplace.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under
subsection (b) of the Privacy Act, the NRC may disclose information
contained in this system of records without the consent of the subject
individual if the disclosure is compatible with the purpose for which
the record was collected under the following routine uses:
a. To identify substance abusers within the agency;
b. To initiate counseling and/or rehabilitation programs;
c. To take personnel actions;
d. To take personnel security actions;
e. For statistical reporting purposes. Statistical reporting will
not include personally identifiable information;
f. A record from this system of records may be disclosed as a
routine use to NRC-paid experts or consultants, and those under
contract with the NRC on a ``need-to-know'' basis for a purpose within
the scope of the pertinent NRC task. This access will be granted to an
NRC contractor or employee of such contractor by a system manager only
after satisfactory justification has been provided to the system
manager;
g. A record from this system of records may be disclosed as a
routine use to appropriate agencies, entities, and persons when (1) NRC
suspects or has confirmed that there has been a breach of the system of
records, (2) NRC has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, NRC (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with NRC efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm; and
h. A record from this system of records may be disclosed as a
routine use to another Federal agency or Federal entity, when the NRC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on paper and electronic media. Specimens are
maintained in appropriate environments.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are indexed and accessed by name, social security number,
testing position number, specimen number, drug testing laboratory
accession number, or a combination thereof.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Employee drug test plans, procedures, and scheduling records are
retained under the National Archives and Records Administration's
General Records Schedule 2.7: Employee Health and Safety Records, item
100. Destroy when 3 years old or when superseded or obsolete. Employee
drug test acknowledgement of notice forms are retained under General
Records Schedule 2.7, item 110. Destroy when employee separates from
testing-designated position. Employee drug testing specimen records are
retained under General Records Schedule 2.7, item 120. Destroy 3 years
after date of last entry or when 3 years old, whichever is later.
Employee drug test results (Positive Results) are retained under
General Records Schedule 2.7, item 130. Destroy when employee leaves
agency or when 3 years old, whichever is later. Employee drug test
results (Negative results) are retained under General Records Schedule
2.7, item 131. Destroy when 3 years old.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records in use are protected to ensure that access is limited to
those persons whose official duties require such access. Unattended
records are maintained in NRC-controlled space in locked offices,
locked desk drawers, or locked file cabinets. Stand-alone and network
processing systems are password protected and removable media is stored
in locked offices, locked desk drawers, or locked file cabinets when
unattended. Network processing systems have roles and responsibilities
protection and system security plans. Records at laboratory,
collection, and evaluation facilities are stored with appropriate
security measures to control and limit access to those persons whose
official duties require such access.
RECORD ACCESS PROCEDURES:
Same as ``Notification procedures.''
CONTESTING RECORD PROCEDURES:
Same as ``Notification procedures.''
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act or Privacy Act Officer, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001,
and comply with the procedures contained in NRC's Privacy Act
regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(k)(5), the Commission has exempted
portions of this system of records from 5 U.S.C. 552a(c)(3), (d),
(e)(1), (e)(4)(G), (H), and (I), and (f).
SYSTEM NAME AND NUMBER:
Employee Locator Records--NRC 36.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Primary system--Part 1: For Headquarters personnel: Office of Chief
Human Capital Officer, NRC, Two White Flint North, 11545 Rockville
Pike, Rockville, Maryland. For Regional personnel: Regional Offices I-
IV at the locations listed in Addendum 1, Part 2.
Part 2: Operations Division, Office of the Chief Information
Officer, NRC, Two White Flint North, 11545 Rockville Pike, Rockville,
Maryland.
Part 3: Division of Administrative Services, Office of
Administration, NRC, One White Flint North, 11555 Rockville Pike,
Rockville, Maryland.
Duplicate system--Duplicate systems exist, in part, for Incident
Response Operations within the Office of Nuclear Security and Incident
Response, NRC, Two White Flint North, 11545 Rockville Pike, Rockville,
Maryland, and at the NRC's Regional Offices, at the locations listed in
Addendum I, Part 2.
Duplicate system--Duplicate systems may exist, in part, within the
organization where an individual actually works, at the locations
listed in Addendum I, Parts 1 and 2.
SYSTEM MANAGER(S):
Part 1: For Headquarters personnel: Associate Director for Human
Resources
[[Page 58789]]
Operations and Policy, Office of the Chief Human Capital Officer, U.S.
Nuclear Regulatory Commission (NRC), Washington, DC 20555-0001; and for
Regional personnel: Regional Personnel Officer at the Regional Offices
listed in Addendum I, Part 2; Part 2: IT Specialist, Network/
Infrastructure Services Branch, IT Services Development & Operations
Division, Office of the Chief Information Officer, NRC, Washington, DC
20555-0001; Part 3: Mail Services Team Leader, Administrative Services
Center, Division of Administrative Services, Office of Administration,
NRC, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
44 U.S.C. 3101, 3301; Executive Order (E.O.) 9397, as amended by
E.O. 13478; and E.O. 12656.
PURPOSE(S) OF THE SYSTEM:
The purpose of this system is for NRC employees and contractor's
accountability, to support NRC emergency response, and to contact
designated persons in the event of an emergency.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
NRC employees and contractors.
CATEGORIES OF RECORDS IN THE SYSTEM:
These records include, but are not limited to, an individual's
name, home address, office organization and location (building, room
number, mail stop), telephone number (home, business, and cell), person
to be notified in case of emergency (name, address, telephone number),
and other related records.
RECORD SOURCE CATEGORIES:
Individual on whom the record is maintained; Employee Express;
Enterprise Identity Hub (EIH), and other related records.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under
subsection (b) of the Privacy Act, the NRC may disclose information
contained in this system of records without the consent of the subject
individual if the disclosure is compatible with the purpose for which
the record was collected under the following routine uses:
a. To contact the subject individual's designated emergency contact
in the case of an emergency;
b. To contact the subject individual regarding matters of official
business;
c. To maintain the agency telephone directory (accessible from
www.nrc.gov);
d. For internal agency mail services;
e. A record from this system of records which indicates a violation
of civil or criminal law, regulation or order may be referred as a
routine use to a Federal, State, local or foreign agency that has
authority to investigate, enforce, implement or prosecute such laws.
Further, a record from this system of records may be disclosed for
civil or criminal law or regulatory enforcement purposes to another
agency in response to a written request from that agency's head or an
official who has been delegated such authority;
f. A record from this system of records may be disclosed as a
routine use to NRC-paid experts or consultants, and those under
contract with the NRC on a ``need-to-know'' basis for a purpose within
the scope of the pertinent NRC task. This access will be granted to an
NRC contractor or employee of such contractor by a system manager only
after satisfactory justification has been provided to the system
manager;
g. A record from this system of records may be disclosed as a
routine use to appropriate agencies, entities, and persons when (1) NRC
suspects or has confirmed that there has been a breach of the system of
records, (2) NRC has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, NRC (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with NRC efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm; and
h. A record from this system of records may be disclosed as a
routine use to another Federal agency or Federal entity, when the NRC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information is accessed by name.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Mail, printing, and telecommunication service control records are
retained under the National Archives and Records Administration's
General Records Schedule 5.5: Mail, Printing, and Telecommunications
Service Management Records, item 020. Destroy when 1 year old or when
superseded or obsolete, whichever is applicable, but longer retention
is authorized if required for business use. Custom/client records are
retained under General Records Schedule 6.5: Public Customer Service
Records, item 020. Destroy when superseded, obsolete, or when customer
requests the agency to remove the records.
Administrative records maintained in any agency office are retained
under General Records Schedule 5.1: Common Office Records, item 010.
Destroy when business use ceases.
Employee emergency contact information records are retained under
the National Archives General Records Schedule 5.3 item 020. Destroy
when superseded or obsolete, or upon separation or transfer of
employee. These records are used to account for and maintain
communication with personnel during emergencies, office dismissal, and
closure situations.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Electronic records are password protected. Access to and use of
these records is limited to those persons whose official duties require
such access.
RECORD ACCESS PROCEDURES:
Same as ``Notification procedures.''
CONTESTING RECORD PROCEDURES:
Same as ``Notification procedures.''
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act or Privacy Act Officer, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001,
and comply with the procedures contained in NRC's Privacy Act
regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
SYSTEM NAME AND NUMBER:
Information Security Files and Associated Records--NRC 37.
SECURITY CLASSIFICATION:
Unclassified.
[[Page 58790]]
SYSTEM LOCATION:
Division of Security Operations, Office of Nuclear Security and
Incident Response, NRC, One White Flint North, 11555 Rockville Pike,
Rockville, Maryland.
SYSTEM MANAGER(S):
Director, Division of Security Operations, Office of Nuclear
Security and Incident Response, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 2161-2169 and 2201(i); Executive Order 13526; 10 CFR part
95.
PURPOSE(S) OF THE SYSTEM:
Keep track of NRC employees, contractors, consultants, licensees,
and other cleared persons who have been granted classification
authority.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals include present and former NRC employees, contractors,
consultants, licensees, and other cleared persons.
CATEGORIES OF RECORDS IN THE SYSTEM:
These records include information regarding:
a. Personnel who are authorized access to specified levels,
categories and types of information, the approving authority, and
related documents; and
b. Names of individuals who classify and/or declassify documents
(e.g., for the protection of Classified National Security Information
and Restricted Data).
RECORD SOURCE CATEGORIES:
NRC employees, contractors, consultants, and licensees.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under
subsection (b) of the Privacy Act, the NRC may disclose information
contained in this system of records without the consent of the subject
individual if the disclosure is compatible with the purpose for which
the record was collected under the following routine uses:
a. To prepare statistical reports for the Information Security
Oversight Office;
b. A record from this system of records which indicates a violation
of civil or criminal law, regulation or order may be referred as a
routine use to a Federal, State, local or foreign agency that has
authority to investigate, enforce, implement or prosecute such laws.
Further, a record from this system of records may be disclosed for
civil or criminal law or regulatory enforcement purposes to another
agency in response to a written request from that agency's head or an
official who has been delegated such authority;
c. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency to obtain
information relevant to an NRC decision concerning hiring or retaining
an employee, letting a contract, or issuing a security clearance,
license, grant or other benefit;
d. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency requesting a
record that is relevant and necessary to its decision on a matter of
hiring or retaining an employee, issuing a security clearance,
reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
e. A record from this system of records may be disclosed as a
routine use in the course of discovery; in presenting evidence to a
court, magistrate, administrative tribunal, or grand jury or pursuant
to a qualifying order from any of those; in alternative dispute
resolution proceedings, such as arbitration or mediation; or in the
course of settlement negotiations;
f. A record from this system of records may be disclosed as a
routine use to a Congressional office from the record of an individual
in response to an inquiry from the Congressional office made at the
request of that individual;
g. A record from this system of records may be disclosed as a
routine use to NRC-paid experts or consultants, and those under
contract with the NRC on a ``need-to-know'' basis for a purpose within
the scope of the pertinent NRC task. This access will be granted to an
NRC contractor or employee of such contractor by a system manager only
after satisfactory justification has been provided to the system
manager;
h. A record from this system of records may be disclosed as a
routine use to appropriate agencies, entities, and persons when (1) NRC
suspects or has confirmed that there has been a breach of the system of
records, (2) NRC has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, NRC (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with NRC efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm; and
i. A record from this system of records may be disclosed as a
routine use to another Federal agency or Federal entity, when the NRC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Accessed by name and/or assigned number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained under the National Archives and Records
Administration's, General Records Schedule 4.2: Information Access and
Protection Records. FOIA, Privacy Act, and classified administrative
records are retained under General Records Schedule 4.2, item 001.
Destroy when 3 years old, but longer retention is authorized if needed
for business use. Information access and protection tracking and
control records are retained under General Records Schedule 4.2, item
030. Destroy 2 years after last form entry, reply, or submission; or
when associated documents are declassified or destroyed; or when
authorization expires; whichever is appropriate. Longer retention is
authorized if required for business use. Access control records are
retained under General Records Schedule 4.2, item 031. Destroy when
superseded or obsolete, but longer retention is authorized if required
for business use. Accounting for and control of access to classified
and controlled unclassified records and records requested under FOIA,
PA and MDR are retained under General Records Schedule 4.2, item 040.
Destroy or delete 5 years after date of last entry, final adjudication
by courts, or final action by agency (such as downgrading, transfer or
destruction of related classified documents, or release of information
from controlled unclassified status), as may apply, whichever is later;
but longer retention
[[Page 58791]]
is authorized if required for business use.
Classified information nondisclosure agreements which are
maintained separately from the individual's official personnel folder
are retained under the National Archives and Records Administration's
General Records Schedule 4.2 item 121. Destroy records when 50 years
old.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Information maintained in locked buildings, containers, or security
areas under guard and/or alarm protection, as appropriate. Records are
processed only on systems approved for processing classified
information or accessible through password protected systems for
unclassified information. The classified systems are stand-alone
systems located within secure facilities or with removable hard drives
that are either stored in locked security containers or in alarmed
vaults cleared for open storage of TOP SECRET information.
CONTESTING RECORD PROCEDURE:
Same as ``Notification procedures.''
RECORD ACCESS PROCEDURE:
Same as ``Notification procedures.'' Some information is classified
under Executive Order 13526 and will not be disclosed. Other
information has been received in confidence and will not be disclosed
to the extent that disclosure would reveal a confidential source.
NOTIFICATION PROCEDURE:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act or Privacy Act Officer, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001,
and comply with the procedures contained in NRC's Privacy Act
regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(k)(1) and (k)(5), the Commission has
exempted portions of this system of records from 5 U.S.C. 552a(c)(3),
(d), (e)(1), (e)(4), (G), (H), and (I), and (f).
SYSTEM NAME AND NUMBER:
Mailing Lists--NRC 38.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Primary system--Digital Communications & Administrative Services
Branch, Division of Facilities and Securities, Office of
Administration, NRC, 11545 Rockville Pike, Rockville, Maryland.
Duplicate system--Duplicate systems exist in whole or in part at
the locations listed in Addendum I, Parts 1 and 2.
SYSTEM MANAGER(S):
Digital Communications & Administrative Services Branch, Division
of Facilities and Securities, Office of Administration, U.S. Nuclear
Regulatory Commission, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
44 U.S.C. 3101, 3301.
PURPOSE(S) OF THE SYSTEM:
The system is maintained for the purpose of mailing informational
literature or responses to those who request it; maintaining lists of
individuals who attend meetings; and for other purposes for which
mailing or contact lists may be created.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals, including NRC staff, with an interest in receiving
information from the NRC.
CATEGORIES OF RECORDS IN THE SYSTEM:
Mailing lists include an individual's name and address; and title,
occupation, and institutional affiliation, when applicable.
RECORD SOURCE CATEGORIES:
NRC staff, NRC licensees, and individuals expressing an interest in
NRC activities and publications.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under
subsection (b) of the Privacy Act, the NRC may disclose information
contained in this system of records without the consent of the subject
individual if the disclosure is compatible with the purpose for which
the record was collected under the following routine uses:
a. A record from this system of records may be disclosed as a
routine use for distribution of documents to persons and organizations
listed on the mailing list;
b. A record from this system of records may be disclosed as a
routine use to NRC-paid experts or consultants, and those under
contract with the NRC on a ``need-to-know'' basis for a purpose within
the scope of the pertinent NRC task. This access will be granted to an
NRC contractor or employee of such contractor by a system manager only
after satisfactory justification has been provided to the system
manager;
c. A record from this system of records may be disclosed as a
routine use to appropriate agencies, entities, and persons when (1) NRC
suspects or has confirmed that there has been a breach of the system of
records, (2) NRC has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, NRC (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with NRC efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm; and
d. A record from this system of records may be disclosed as a
routine use to another Federal agency or Federal entity, when the NRC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records maintained on paper, and electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are accessed by company name, individual name, or file code
identification number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Customer/client records are retained under the National Archives
and Records Administration's General Records Schedule 6.5: Public
Customer Service Records, Item 020. Delete when superseded, obsolete,
or when customer requests the agency to remove the records.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to and use of these records is limited to those persons
whose official duties require such access.
RECORD ACCESS PROCEDURES:
Same as ``Notification procedures.''
CONTESTING RECORD PROCEDURES:
Same as ``Notification procedures.''
[[Page 58792]]
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act or Privacy Act Officer, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001,
and comply with the procedures contained in NRC's Privacy Act
regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
SYSTEM NAME AND NUMBER:
Personnel Security Files and Associated Records--NRC 39.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Division of Facilities and Security, Office of Administration, NRC,
Two White Flint North, Rockville, Maryland.
SYSTEM MANAGER(S):
Director, Division of Facilities and Security, Office of
Administration, U.S. Nuclear Regulatory Commission, Washington, DC
20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 2011 et seq.; 42 U.S.C. 2165, 2201(i), 2201a, and 2284;
42 U.S.C. 5801 et seq.; Executive Order (E.O.) 9397, as amended by E.O.
13478; E.O. 10450, as amended; E.O. 10865, as amended; E.O. 13467; E.O.
13526; E.O. 13587; 10 CFR parts 10, 11, 14, 25, 50, 73, 95; OMB
Circular No. A-130, Revised; 5 CFR parts 731, 732, and authorities
cited therein.
PURPOSE(S) OF THE SYSTEM:
This record system will maintain information gathered by and in the
possession of the NRC Division of Facilities and Security to maintain
the NRC's Personnel Security and Insider Threat programs.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Persons including NRC employees, employment applicants,
consultants, contractors, and licensees; other Government agency
personnel, other persons who have been considered for an access
authorization, special nuclear material access authorization,
unescorted access to NRC buildings or nuclear power plants, NRC
building access, access to Federal automated information systems or
data, or participants in the criminal history program; aliens who visit
NRC's facilities; and actual or suspected violators of laws
administered by NRC.
CATEGORIES OF RECORDS IN THE SYSTEM:
These records contain information about individuals, which
includes, but is not limited to, their name(s), address, date and place
of birth, social security number, identifying information, citizenship,
residence history, employment history, military history, financial
history, foreign travel, foreign contacts, education, spouse/cohabitant
and relatives, personal references, organizational membership, medical,
fingerprints, criminal record, and security clearance history. These
records also contain copies of personnel security investigative reports
from other Federal agencies, summaries of investigative reports,
results of Federal agency indices and database checks, records
necessary for participation in the criminal history program, reports of
personnel security interviews, clearance actions information (e.g.,
grants and terminations), access approval/disapproval actions related
to NRC building access or unescorted access to nuclear plants, or
access to Federal automated information systems or data, violations of
laws, reports of security infraction, insider threat program inquiry
records including analysis, results, referrals, and/or mitigation
actions, and other related personnel security processing documents.
RECORD SOURCE CATEGORIES:
NRC applicants, employees, contractors, consultants, licensees,
visitors and others, as well as information furnished by other
Government agencies or their contractors.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
Information in these records may be used by the Division of
Facilities and Security and on a need-to-know basis by appropriate NRC
officials, Hearing Examiners, Personnel Security Review Panel members,
Office of Personnel Management, Central Intelligence Agency, Office of
the Director of National intelligence, and other Federal agencies under
the following routine uses:
a. To determine clearance or access authorization eligibility;
b. To determine eligibility for access to NRC buildings or access
to Federal automated information systems or data;
c. To certify clearance or access authorization;
d. To maintain the NRC personnel security program, including the
Insider Threat Program;
e. To provide licensees information needed for unescorted access or
access to safeguards information determinations;
f. A record from this system of records which indicates a violation
of civil or criminal law, regulation or order may be referred as a
routine use to a Federal, State, local or foreign agency that has
authority to investigate, enforce, implement or prosecute such laws.
Further, a record from this system of records may be disclosed for
civil or criminal law or regulatory enforcement purposes to another
agency in response to a written request from that agency's head or an
official who has been delegated such authority;
g. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency to obtain
information relevant to an NRC decision concerning hiring or retaining
an employee, letting a contract, or issuing a security clearance,
license, grant or other benefit;
h. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency requesting a
record that is relevant and necessary to its decision on a matter of
hiring or retaining an employee, issuing a security clearance,
reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
i. A record from this system of records may be disclosed as a
routine use in the course of discovery; in presenting evidence to a
court, magistrate, administrative tribunal, or grand jury or pursuant
to a qualifying order from any of those; in alternative dispute
resolution proceedings, such as arbitration or mediation; or in the
course of settlement negotiations;
j. A record from this system of records may be disclosed as a
routine use to a Congressional office from the record of an individual
in response to an inquiry from the Congressional office made at the
request of that individual;
k. A record from this system of records may be disclosed as a
routine use to NRC-paid experts or consultants, and those under
contract with the NRC on a ``need-to-know'' basis for a purpose within
the scope of the pertinent NRC task. This access will be granted to an
NRC contractor or employee of such contractor by a system manager only
after satisfactory justification has been provided to the system
manager;
l. A record from this system of records may be disclosed as a
routine use to appropriate agencies, entities, and persons when (1) NRC
suspects or has confirmed that there has been a breach of the system of
records, (2) NRC has determined that as a result of the suspected or
confirmed breach there is
[[Page 58793]]
a risk of harm to individuals, NRC (including its information systems,
programs, and operations), the Federal Government, or national
security; and (3) the disclosure made to such agencies, entities, and
persons is reasonably necessary to assist in connection with NRC
efforts to respond to the suspected or confirmed breach or to prevent,
minimize, or remedy such harm; and
m. A record from this system of records may be disclosed as a
routine use to another Federal agency or Federal entity, when the NRC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records maintained on paper, tapes, and electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Indexed and accessed by name, social security number, docket
number, or a combination thereof.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Security administrative records are retained under the National
Archives and Records Administration's General Records Schedule 5.6:
Security Records, Item 010. Destroy when 3 years old, but longer
retention is authorized if required for business use. Visitor
processing records in areas requiring highest level security awareness
are retained under General Records Schedule 5.6, item 110. Destroy when
5 years old, but longer retention is authorized if required for
business use. Visitor processing records in all other facility security
areas are retained under General Records Schedule 5.6, item 111.
Destroy when 2 years old, but longer retention is authorized if
required for business use. Personnel security and access clearance
records of people issued clearances are retained under General Records
Schedule 5.6, item 181. Destroy 5 years after employee or contractor
relationship ends, but longer retention is authorized if required for
business use. Indexes to the personnel security case files are retained
according to General Records Schedule 5.6 item 190 and destroyed when
superseded or obsolete.
Insider threat inquiry records are retained according to General
Records Schedule 5.6 item 220 and destroyed 25 years after close of
inquiry, but longer retention is authorized if required for business
use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records in use are protected to ensure that access is limited to
those persons whose official duties require such access. Unattended
records are maintained in NRC-controlled space in locked offices,
locked desk drawers, or locked file cabinets. Mass storage of records
is protected when unattended by a combination lock and alarm system.
Unattended classified records are protected in appropriate security
containers in accordance with Management Directive 12.1.
NOTIFICATION PROCEDURE:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act or Privacy Act Officer, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001,
and comply with the procedures contained in NRC's Privacy Act
regulations, 10 CFR part 9.
RECORD ACCESS PROCEDURE:
Same as ``Notification procedures.'' Some information is classified
under Executive Order 12958 and will not be disclosed. Other
information has been received in confidence and will not be disclosed
to the extent the disclosure would reveal a confidential source.
CONTESTING RECORD PROCEDURE:
Same as ``Notification procedures.''
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(k)(1), (k)(2), and (k)(5), the Commission
has exempted portions of this system of records from 5 U.S.C.
552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f).
SYSTEM NAME AND NUMBER:
Facility Security Access Control Records--NRC 40.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Primary system--Division of Facilities and Security, Office of
Administration, NRC, Two White Flint North, 11545 Rockville Pike,
Rockville, Maryland.
Duplicate system--Duplicate systems exist in part at NRC Regional
Offices and the NRC Technical Training Center at the locations listed
in Addendum I, Part 2.
SYSTEM MANAGER(S):
Director, Division of Facilities and Security, Office of
Administration, U.S. Nuclear Regulatory Commission, Washington, DC
20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 2165-2169 and 2201; Executive Order (E.O.) 9397, as
amended by E.O. 13478; E.O. 13462, as amended by E.O. 13516.
PURPOSE(S) OF THE SYSTEM:
Tracking issued NRC personal identification badges issued for
access to NRC-controlled space and approved visitors to the NRC.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Current and former NRC employees, consultants, contractors, other
Government agency personnel, and approved visitors.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system includes information regarding: (1) NRC personal
identification badges issued for continued access to NRC-controlled
space; and (2) records regarding visitors to NRC. The records include,
but are not limited to, an individual's name, social security number,
electronic image, badge number, citizenship, employer, purpose of
visit, person visited, date and time of visit, and other information
contained on Government issued credentials.
RECORD SOURCE CATEGORIES:
Sources of information include NRC employees, contractors,
consultants, employees of other Government agencies, and visitors.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under
subsection (b) of the Privacy Act, the NRC may disclose information
contained in this system of records without the consent of the subject
individual if the disclosure is compatible with the purpose for which
the record was collected under the following routine uses:
a. To control access to NRC classified information and to NRC
spaces by human or electronic means;
b. Information (identification badge) may also be used for tracking
applications within the NRC for other than security access purposes;
c. The electronic image used for the NRC employee personal
identification
[[Page 58794]]
badge may be used for other than security purposes only with the
written consent of the subject individual;
d. A record from this system of records which indicates a violation
of civil or criminal law, regulation or order may be referred as a
routine use to a Federal, State, local or foreign agency that has
authority to investigate, enforce, implement or prosecute such laws.
Further, a record from this system of records may be disclosed for
civil or criminal law or regulatory enforcement purposes to another
agency in response to a written request from that agency's head or an
official who has been delegated such authority;
e. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency to obtain
information relevant to an NRC decision concerning hiring or retaining
an employee, letting a contract, or issuing a security clearance,
license, grant or other benefit;
f. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency requesting a
record that is relevant and necessary to its decision on a matter of
hiring or retaining an employee, issuing a security clearance,
reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
g. A record from this system of records may be disclosed as a
routine use in the course of discovery; in presenting evidence to a
court, magistrate, administrative tribunal, or grand jury or pursuant
to a qualifying order from any of those; in alternative dispute
resolution proceedings, such as arbitration or mediation; or in the
course of settlement negotiations;
h. A record from this system of records may be disclosed as a
routine use to a Congressional office from the record of an individual
in response to an inquiry from the Congressional office made at the
request of that individual;
i. A record from this system of records may be disclosed as a
routine use to NRC-paid experts or consultants, and those under
contract with the NRC on a ``need-to-know'' basis for a purpose within
the scope of the pertinent NRC task. This access will be granted to an
NRC contractor or employee of such contractor by a system manager only
after satisfactory justification has been provided to the system
manager;
j. A record from this system of records may be disclosed as a
routine use to appropriate agencies, entities, and persons when (1) NRC
suspects or has confirmed that there has been a breach of the system of
records, (2) NRC has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, NRC (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with NRC efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm; and
k. A record from this system of records may be disclosed as a
routine use to another Federal agency or Federal entity, when the NRC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on paper and electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information is indexed and accessed by individual's name, social
security number, identification badge number, employer's name, date of
visit, or sponsor's name.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
The National Archives and Records Administration's General Records
Schedule 5.6 includes Security Records. Visitor processing records in
areas requiring highest level security awareness, including areas
designated by the interagency Security Committee as Facility Security
Level V, are retained according to General Records Schedule 5.6, item
110. Destroy when 5 years old, but longer retention is authorized if
required for business use. Visitor processing records in facility
security areas not requiring highest level security awareness,
including areas designated by the interagency Security Committee as
Facility Security Levels I through IV, are retained under General
Records Schedule 5.6, item 111. Destroy when 2 years old, but longer
retention is authorized if required for business use. Indexes to
personnel security case files are retained under General Records
Schedule 5.6, item 190. Destroy when superseded or obsolete. Records of
routine security operations are retained under General Records Schedule
5.6, item 090. Destroy when 30 days old, but longer retention is
authorized if required for business use. Personal identification
credentials and cards, including application and activation records,
are retained according to General Records Schedule 5.6, item 120.
Destroy 6 years after the end of an employee or contractor's tenure,
but longer retention is authorized if required for business use.
Personal identification cards are retained according to General Records
Schedule 5.6 item 121 and destroyed after expiration, confiscation, or
return. Personnel suitability and eligibility investigative reports are
retained according to General Records Schedule 5.6, item 170. Destroy
in accordance with the investigating agency instruction. Reports and
records created by agencies conducting investigations under delegated
investigative authority are retained according to General Records
Schedule 5.6, item 171. Destroy in accordance with delegated authority
agreement or memorandum of understanding.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
All records are maintained in NRC-controlled space that is secured
after normal duty hours or a security area under guard presence in a
locked security container/vault. There is an approved security plan
which identifies the physical protective measures and access controls
(i.e., passwords and software design limiting access based on each
individual's role and responsibilities relative to the system) specific
to each system.
RECORD ACCESS PROCEDURES:
Same as ``Notification procedures.''
CONTESTING RECORD PROCEDURES:
Same as ``Notification procedures.''
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act or Privacy Act Officer, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001,
and comply with the procedures contained in NRC's Privacy Act
regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
SYSTEM NAME AND NUMBER:
Tort Claims and Personal Property Claims Records--NRC 41.
[[Page 58795]]
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Primary system--Office of the General Counsel, NRC, One White Flint
North, 11555 Rockville Pike, Rockville, Maryland.
Duplicate system--Duplicate systems exist, in whole or in part, in
the Office of the Chief Financial Officer, NRC, Two White Flint North,
11545 Rockville Pike, Rockville, Maryland, and at the locations listed
in Addendum I, Parts 1 and 2. Other NRC systems of records, including
but not limited to, NRC-18, ``Office of the Inspector General (OIG)
Investigative Records--NRC and Defense Nuclear Facilities Safety Board
(DNFSB), '' and NRC-32, ``Office of the Chief Financial Officer
Financial Transactions and Debt Collection Management Records--NRC,''
may contain some of the information in this system of records.
SYSTEM MANAGER:
Assistant General Counsel for Labor, Employment and Contract Law,
U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Federal Tort Claims Act, 28 U.S.C. 2671 et seq.; Military Personnel
and Civilian Employees' Claims Act, 31 U.S.C. 3721; 44 U.S.C. 3101.
PURPOSE(S) OF THE SYSTEM:
Claims with the NRC under the Federal Tort Claims Act or the
Military Personnel and Civilian Employees' Claims Act.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who have filed claims with NRC under the Federal Tort
Claims Act or the Military Personnel and Civilian Employees' Claims Act
and individuals who have matters pending before the NRC that may result
in a claim being filed.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system contains information relating to loss or damage to
property and/or personal injury or death in which the U.S. Government
may be liable. This information includes, but is not limited to, the
individual's name, home address and phone number, work address and
phone number, driver's license number, claim forms and supporting
documentation, police reports, witness statements, medical records,
insurance information, investigative reports, repair/replacement
receipts and estimates, litigation documents, court decisions, and
other information necessary for the evaluation and settlement of
claims.
RECORD SOURCE CATEGORIES:
Information is obtained from a number of sources, including but not
limited to, claimants, NRC employees involved in the incident,
witnesses or others having knowledge of the matter, police reports,
medical reports, investigative reports, insurance companies, and
attorneys.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under
subsection (b) of the Privacy Act, NRC may disclose information
contained in a record in this system of records without the consent of
the subject individual if the disclosure is compatible with the purpose
for which the record was collected under the following routine uses:
a. To third parties, including claimants' attorneys, insurance
companies, witnesses, potential witnesses, local police authorities
where an accident occurs, and others who may have knowledge of the
matter to the extent necessary to obtain information that will be used
to evaluate, settle, refer, pay, and/or adjudicate claims;
b. To the Department of Justice (DOJ) when the matter comes within
their jurisdiction, such as to coordinate litigation or when NRC's
authority is limited, and DOJ advice or approval is required before NRC
can award, adjust, compromise, or settle certain claims;
c. To the appropriate Federal agency or agencies when a claim has
been incorrectly filed with NRC or when more than one agency is
involved, and NRC makes agreements with the other agencies as to which
one will investigate the claim;
d. To the Department of the Treasury to request payment of an
award, compromise, or settlement of a claim;
e. Information contained in litigation records is public to the
extent that the documents have been filed in a court or public
administrative proceeding, unless the court or other adjudicative body
has ordered otherwise. This public information, including information
concerning the nature, status, and disposition of the proceeding, may
be disclosed to any person, unless it is determined that release of
specific information in the context of a particular case would
constitute an unwarranted invasion of personal privacy;
f. To the National Archives and Records Administration or to the
General Services Administration for records management inspections
conducted under 44 U.S.C. 2904 and 2906;
g. A record from this system of records which indicates a violation
of civil or criminal law, regulation or order may be referred as a
routine use to a Federal, State, local or foreign agency that has
authority to investigate, enforce, implement or prosecute such laws.
Further, a record from this system of records may be disclosed for
civil or criminal law or regulatory enforcement purposes to another
agency in response to a written request from that agency's head or an
official who has been delegated such authority;
h. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency to obtain
information relevant to an NRC decision concerning hiring or retaining
an employee, letting a contract, or issuing a security clearance,
license, grant or other benefit;
i. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency requesting a
record that is relevant and necessary to its decision on a matter of
hiring or retaining an employee, issuing a security clearance,
reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
j. A record from this system of records may be disclosed as a
routine use in the course of discovery; in presenting evidence to a
court, magistrate, administrative tribunal, or grand jury or pursuant
to a qualifying order from any of those; in alternative dispute
resolution proceedings, such as arbitration or mediation; or in the
course of settlement negotiations;
k. A record from this system of records may be disclosed as a
routine use to a Congressional office from the record of an individual
in response to an inquiry from the Congressional office made at the
request of that individual;
l. A record from this system of records may be disclosed as a
routine use to NRC-paid experts or consultants, and those under
contract with the NRC on a ``need-to-know'' basis for a purpose within
the scope of the pertinent NRC task. This access will be granted to an
NRC contractor or employee of such contractor by a system manager only
after satisfactory justification has been provided to the system
manager;
m. A record from this system of records may be disclosed as a
routine use to appropriate agencies, entities, and persons when (1) NRC
suspects or has confirmed that there has been a breach of the system of
records, (2) NRC
[[Page 58796]]
has determined that as a result of the suspected or confirmed breach
there is a risk of harm to individuals, NRC (including its information
systems, programs, and operations), the Federal Government, or national
security; and (3) the disclosure made to such agencies, entities, and
persons is reasonably necessary to assist in connection with NRC
efforts to respond to the suspected or confirmed breach or to prevent,
minimize, or remedy such harm; and
n. A record from this system of records may be disclosed as a
routine use to another Federal agency or Federal entity, when the NRC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Information in this system of records is stored on paper and
computer media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information is indexed and accessed by the claimant's name.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records will be retained under the National Archives and Records
Administration's General Records Schedules and the NRC NUREG 0910
Revision 4.
Financial transaction records related to procuring goods and
services, paying bills, collecting debts, and accounting, are retained
according to General Records Schedule 1.1: Financial Management and
Reporting Records, item 010 (``Official record held in the office of
record''). Financial transaction records are destroyed 6 years after
final payment or cancellation, but longer retention is authorized if
required for business use. Since the General Records Schedule (GRS)
allows for longer retention, NRC chooses to retain records for 7 years
as required for its business use, before destruction. Administrative
claims by or against the United States are retained according to
General Records Schedule 1.1, item 080. Administrative claims records
are destroyed 7 years after final action, but longer retention is
authorized if required for business use. Litigation Case Files, are
retained according to NRC's NUREG 0910, Revision 4, Part 2.12.7.a.
Closed files are retired 7 years after cases are closed and transferred
to the National Archives and Records Administration 20 years after
cases are closed. ADAMS PDF files and TIFF files are cutoff when case
is closed and transferred to the National Archives 20 years after case
is closed.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The paper records are stored in locked file cabinets and access is
restricted to those agency personnel whose official duties and
responsibilities require access. Automated records are protected by
password.
RECORD ACCESS PROCEDURES:
Same as ``Notification procedures.''
CONTESTING RECORD PROCEDURES:
Same as ``Notification procedures.''
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act or Privacy Act Officer, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001,
and comply with the procedures contained in NRC's Privacy Act
regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
Disclosure Pursuant to 5 U.S.C. 552a(b)(12): Disclosure of
information to a consumer reporting agency is not considered a routine
use of records. Disclosures may be made from this system of records to
``consumer reporting agencies'' as defined in the Fair Credit Reporting
Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966,
as amended (31 U.S.C. 3701(a)(3)).
SYSTEM NAME AND NUMBER:
Employee Health Center Records--NRC 43.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Primary system--Employee Health Center, NRC, One White Flint North,
11555 Rockville Pike, Rockville, Maryland.
Duplicate system--Duplicate systems exist, in part, at health care
facilities operating under a contract or agreement with NRC for health-
related services in the vicinity of each of NRC's Regional offices
listed in Addendum I, Part 2. NRC's Regional offices may also maintain
copies of occupational health records for their employees.
This system may contain some of the information maintained in other
systems of records, including NRC-11, ``Reasonable Accommodation
Records--NRC,'' NRC-44, ``Employee Fitness Center Records--NRC, and
DOL/GOVT-1 ``Office of Worker's Compensation Programs, Federal
Employee's Compensation Act File.''
SYSTEM MANGERS(S):
Technical Assistance Project Manager, Office of the Chief Human
Capital Officer, U.S. Nuclear Regulatory Commission, Washington, DC
20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 7901; Executive Order 9397, as amended by E.O. 13478.
PURPOSE(S) OF THE SYSTEM:
Maintaining health records for current and former NRC employees,
consultants, contractors, other Government personnel, and anyone who
may require emergency or first-aid treatment on NRC premises.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Current and former NRC employees, consultants, contractors, other
Government personnel, and anyone on NRC premises who requires emergency
or first-aid treatment.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system is comprised of records developed as a result of
voluntary employee use of health services provided by the Health
Center, and of emergency health services rendered by Health Center
staff to individuals for injuries and illnesses suffered while on NRC
premises. Specific information maintained on individuals may include,
but is not limited to, their name, date of birth, and social security
number; medical history and other biographical data; test reports and
medical diagnoses based on employee health maintenance physical
examinations or health screening programs (tests for single medical
conditions or diseases); history of complaint, diagnosis, and treatment
of injuries and illness rendered by the Health Center staff;
immunization records; records of administration by Health Center staff
of medications prescribed by personal physicians; medical consultation
records; statistical records; daily log of patients; and medical
documentation such as personal physician correspondence, test
[[Page 58797]]
results submitted to the Health Center staff by the employee; and
occupational health records. This system does not maintain records that
are a result of a condition of employment, records and reports
generated in relation to a Workers' Compensation claim, or records
resulting from participation in an agency-sponsored health and wellness
program. Such records are maintained in the government-wide system of
records notice ``OPM/GOVT-10 Employee Medical File System Records.''
RECORD SOURCE CATEGORIES:
Information in this system of records is obtained from a number of
sources including, but not limited to, the individual to whom it
pertains; laboratory reports and test results; NRC Health Center
physicians, nurses, and other medical technicians or personnel who have
examined, tested, or treated the individual; the individual's coworkers
or supervisors; other systems of records; the individual's personal
physician(s); NRC Fitness Center staff; other Federal agencies; and
other Federal employee health units.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under
subsection (b) of the Privacy Act, the NRC may disclose information
contained in this system of records without the consent of the subject
individual if the disclosure is compatible with the purpose for which
the record was collected under the following routine uses:
a. To refer information required by applicable law to be disclosed
to a Federal, State, or local public health service agency concerning
individuals who have contracted certain communicable diseases or
conditions in an effort to prevent further outbreak of the disease or
condition;
b. To disclose information to the appropriate Federal, State, or
local agency responsible for investigation of an accident, disease,
medical condition, or injury as required by pertinent legal authority;
c. To disclose information to the Office of Workers' Compensation
Programs in connection with a claim for benefits filed by an employee;
d. To Health Center staff and medical personnel under a contract or
agreement with NRC who need the information in order to schedule,
conduct, evaluate, or follow up on physical examinations, tests,
emergency treatments, or other medical and health care services;
e. To refer information to private physicians designated by the
individual when requested in writing;
f. To the National Archives and Records Administration or to the
General Services Administration for records management inspections
conducted under 44 U.S.C. 2904 and 2906;
g. A record from this system of records which indicates a violation
of civil or criminal law, regulation or order may be referred as a
routine use to a Federal, State, local or foreign agency that has
authority to investigate, enforce, implement or prosecute such laws.
Further, a record from this system of records may be disclosed for
civil or criminal law or regulatory enforcement purposes to another
agency in response to a written request from that agency's head or an
official who has been delegated such authority;
h. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency to obtain
information relevant to an NRC decision concerning hiring or retaining
an employee, letting a contract, or issuing a security clearance,
license, grant or other benefit;
i. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency requesting a
record that is relevant and necessary to its decision on a matter of
hiring or retaining an employee, issuing a security clearance,
reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
j. A record from this system of records may be disclosed as a
routine use in the course of discovery; in presenting evidence to a
court, magistrate, administrative tribunal, or grand jury or pursuant
to a qualifying order from any of those; in alternative dispute
resolution proceedings, such as arbitration or mediation; or in the
course of settlement negotiations;
k. A record from this system of records may be disclosed as a
routine use to a Congressional office from the record of an individual
in response to an inquiry from the Congressional office made at the
request of that individual;
l. A record from this system of records may be disclosed as a
routine use to NRC-paid experts or consultants, and those under
contract with the NRC on a ``need-to-know'' basis for a purpose within
the scope of the pertinent NRC task. This access will be granted to an
NRC contractor or employee of such contractor by a system manager only
after satisfactory justification has been provided to the system
manager;
m. A record from this system of records may be disclosed as a
routine use to appropriate agencies, entities, and persons when (1) NRC
suspects or has confirmed that there has been a breach of the system of
records, (2) NRC has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, NRC (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with NRC efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm; and
n. A record from this system of records may be disclosed as a
routine use to another Federal agency or Federal entity, when the NRC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in file folders, on electronic media, and on
file cards, logs, x-rays, and other medical reports and forms.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by the individual's name, date of birth, and
social security number, or any combination of those identifiers.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Clinic Scheduling Records are retained under the National Archives
and Records Administration's General Records Schedule 2.7: Employee
Health and Safety Records, item 010. Destroy when 3 years old, but
longer retention is authorized if required for business use. Short-term
occupational individual medical case files are retained under General
Records Schedule 2.7, item 061. Destroy 1 year after employee
separation or transfer. Individual employee health case files created
prior to establishment of the Employee Medical File system in 1986 are
retained under General Records Schedule 2.7, item 062. Destroy 60 years
after retirement to the NARA records storage facility. Non-
[[Page 58798]]
occupational individual medical case files are retained under General
Records Schedule 2.7, item 070. Destroy 10 years after the most recent
encounter, but longer retention is authorized if needed for business
use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records in the primary system are maintained in a building where
access is controlled by a security guard force and entry to each floor
is controlled by keycard. Records in the system are maintained in
lockable file cabinets with access limited to agency or contractor
personnel whose duties require access. The records are under visual
control during duty hours. Access to automated data requires use of
proper password and user identification codes by authorized personnel.
RECORD ACCESS PROCEDURES:
Same as ``Notification procedures.''
CONTESTING RECORD PROCEDURES:
Same as ``Notification procedures.''
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act or Privacy Act Officer, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001;
comply with the procedures contained in NRC's Privacy Act regulations,
10 CFR part 9; and provide their full name, any former name(s), date of
birth, and Social Security number.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
SYSTEM NAME AND NUMBER:
Employee Fitness Center Records--NRC 44.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Primary system--Fitness Center, NRC, Two White Flint North, 11545
Rockville Pike, Rockville, Maryland.
SYSTEM MANAGER(S):
Office of Chief Human Capital Officer Contracting Officer
Representative, Office of the Chief Human Capital Officer, U.S. Nuclear
Regulatory Commission, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 7901; Executive Order (E.O.) 9397, as amended by E.O.
13478.
PURPOSE(S) OF THE SYSTEM:
Maintaining membership for the NRC Fitness Center.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
NRC employees who apply for membership at the Fitness Center,
including current and former members.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system includes applications to participate in NRC's Fitness
Center, information on an individual's degree of physical fitness and
their fitness activities and goals; and various forms, memoranda, and
correspondence related to Fitness Facilities membership and financial/
payment matters. Specific information contained in the application for
membership includes the employee applicant's name, gender, age, badge
id, height, weight, and medical information, including a history of
certain medical conditions; the name of the individual's personal
physician and any prescription or over-the-counter drugs taken on a
regular basis; and the name and address of a person to be notified in
case of emergency.
RECORD SOURCE CATEGORIES:
Information in this system of records is principally obtained from
the subject individual. Other sources of information include, but are
not limited to, the NRC Fitness Center Director, staff physicians
retained by the NRC, and the individual's personal physicians.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under
subsection (b) of the Privacy Act, the NRC may disclose information
contained in this system of records without the consent of the subject
individual if the disclosure is compatible with the purpose for which
the record was collected under the following routine uses:
a. To the individual listed as an emergency contact, in the event
of an emergency;
b. To the National Archives and Records Administration or to the
General Services Administration for records management inspections
conducted under 44 U.S.C. 2904 or 2906;
c. A record from this system of records which indicates a violation
of civil or criminal law, regulation or order may be referred as a
routine use to a Federal, State, local or foreign agency that has
authority to investigate, enforce, implement or prosecute such laws.
Further, a record from this system of records may be disclosed for
civil or criminal law or regulatory enforcement purposes to another
agency in response to a written request from that agency's head or an
official who has been delegated such authority;
d. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency to obtain
information relevant to an NRC decision concerning hiring or retaining
an employee, letting a contract, or issuing a security clearance,
license, grant or other benefit;
e. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency requesting a
record that is relevant and necessary to its decision on a matter of
hiring or retaining an employee, issuing a security clearance,
reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
f. A record from this system of records may be disclosed as a
routine use in the course of discovery; in presenting evidence to a
court, magistrate, administrative tribunal, or grand jury or pursuant
to a qualifying order from any of those; in alternative dispute
resolution proceedings, such as arbitration or mediation; or in the
course of settlement negotiations;
g. A record from this system of records may be disclosed as a
routine use to a Congressional office from the record of an individual
in response to an inquiry from the Congressional office made at the
request of that individual;
h. A record from this system of records may be disclosed as a
routine use to NRC-paid experts or consultants, and those under
contract with the NRC on a ``need-to-know'' basis for a purpose within
the scope of the pertinent NRC task. This access will be granted to an
NRC contractor or employee of such contractor by a system manager only
after satisfactory justification has been provided to the system
manager;
i. A record from this system of records may be disclosed as a
routine use to appropriate agencies, entities, and persons when (1) NRC
suspects or has confirmed that there has been a breach of the system of
records, (2) NRC has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, NRC (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with NRC efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm; and
[[Page 58799]]
j. A record from this system of records may be disclosed as a
routine use to another Federal agency or Federal entity, when the NRC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on paper and electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information is indexed and accessed by an individual's name and/or
NRC Badge ID number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS
Fitness Center records are retained according to the National
Archives and Records Administration's General Records Schedule 2.7:
Employee Health and Safety Records, item 080, Non-occupational health
and wellness program records. Destroy 3 years after the project/
activity or transaction is completed or superseded, but longer
retention is authorized if needed for business use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records are maintained in a building where access is controlled by
a security guard force. Access to the Fitness Center is controlled by
keycard and bar code verification. Records in paper form are stored
alphabetically by individuals' names in lockable file cabinets
maintained in the NRC where access to the records is limited to agency
and Fitness Center personnel whose duties require access. The records
are under visual control during duty hours. Automated records are
protected by screen saver. Access to automated data requires use of
proper password and user identification codes. Only authorized
personnel have access to areas in which information is stored.
RECORD ACCESS PROCEDURES:
Same as ``Notification procedures.''
CONTESTING RECORD PROCEDURES:
Same as ``Notification procedures.''
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act or Privacy Act Officer, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001,
and comply with the procedures contained in NRC's Privacy Act
regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
DISCLOSURES TO CONSUMER REPORTING AGENCIES:
Disclosures Pursuant to 5 U.S.C. 552a(b)(12): Disclosures of
information to a consumer reporting agency are not considered a routine
use of records. Disclosures may be made from this system to ``consumer
reporting agencies'' as defined in the Fair Credit Reporting Act (15
U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966, as
amended (31 U.S.C. 3701(a)(3)).
SYSTEM NAME AND NUMBER:
Electronic Credentials for Personal Identity Verification--NRC 45.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Primary system--Office of the Chief Information Officer, NRC, White
Flint North Complex, 11555 Rockville Pike, Rockville, Maryland, and
current contractor facility.
Duplicate system--Duplicate systems may exist, in whole or in part,
at the locations listed in Addendum I, Part 2.
SYSTEM MANAGER(S):
Director, Solutions Development and Operations Division, Office of
the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301; 42 U.S.C. 2165 and 2201(i); 44 U.S.C. 3501, 3504;
Electronic Government Act of 2002, 44 U.S.C. chapter 36; Homeland
Security Presidential Directive 12 (HSPD-12), Policy for a Common
Identification Standard for Federal Employees and Contractors, August
27, 2004; Executive Order (E.O.) 9397, as amended by E.O. 13478.
PURPOSE(S) OF THE SYSTEM:
Track and control PIV cards issued to persons entering and exiting
the NRC facilities or using NRC systems; and verify that all person
entering federal facilities, using Federal information resources, are
authorized to do so.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered are persons who have applied for the issuance
of electronic credentials for signature, encryption, and/or
authentication purposes; have had their credentials renewed, replaced,
suspended, revoked, or denied; have used their credentials to
electronically make contact with, retrieve information from, or submit
information to an automated information system; or have corresponded
with NRC or its contractor concerning digital services.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains information needed to establish and verify the
identity of users, to maintain the system, and to establish
accountability and audit controls. System records may include: (a)
applications for the issuance, amendment, renewal, replacement, or
revocation of electronic credentials, including evidence provided by
applicants or proof of identity and authority, and sources used to
verify an applicant's identity and authority; (b) credentials issued;
(c) credentials denied, suspended, or revoked, including reasons for
denial, suspension, or revocation; (d) a list of currently valid
credentials; (e) a list of currently invalid credentials; (f) a record
of validation transactions attempted with electronic credentials; and
(g) a record of validation transactions completed with electronic
credentials.
RECORD SOURCE CATEGORIES:
The sources for information are the individuals who apply for
electronic credentials, the NRC and contractors using multiple sources
to verify identities, and internal system transactions designed to
gather and maintain data needed to manage and evaluate the electronic
credentials program.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the disclosures permitted under subsection (b) of
the Privacy Act, the NRC may disclose information contained in this
system of records without the consent of the subject individual if the
disclosure is compatible with the purpose for which the record was
collected under the following routine uses:
a. To agency electronic credential program contractors to compile
and maintain documentation on applicants for verifying applicants'
identity and authority to access information system applications; to
establish and maintain
[[Page 58800]]
documentation on information sources for verifying applicants'
identities; to ensure proper management, data accuracy, and evaluation
of the system;
b. To Federal authorities to determine the validity of subscriber
digital certificates and other identity attributes;
c. To the National Archives and Records Administration (NARA) for
records management purposes;
d. To a public data repository (only name, email address,
organization, and public key) to facilitate secure communications using
digital certificates;
e. A record from this system of records which indicates a violation
of civil or criminal law, regulation or order may be referred as a
routine use to a Federal, State, local or foreign agency that has
authority to investigate, enforce, implement or prosecute such laws.
Further, a record from this system of records may be disclosed for
civil or criminal law or regulatory enforcement purposes to another
agency in response to a written request from that agency's head or an
official who has been delegated such authority;
f. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency to obtain
information relevant to an NRC decision concerning hiring or retaining
an employee, letting a contract, or issuing a security clearance,
license, grant or other benefit;
g. A record from this system of records may be disclosed as a
routine use to a Federal, State, local, or foreign agency requesting a
record that is relevant and necessary to its decision on a matter of
hiring or retaining an employee, issuing a security clearance,
reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
h. A record from this system of records may be disclosed as a
routine use in the course of discovery; in presenting evidence to a
court, magistrate, administrative tribunal, or grand jury or pursuant
to a qualifying order from any of those; in alternative dispute
resolution proceedings, such as arbitration or mediation; or in the
course of settlement negotiations;
i. A record from this system of records may be disclosed as a
routine use to a Congressional office from the record of an individual
in response to an inquiry from the Congressional office made at the
request of that individual;
j. A record from this system of records may be disclosed as a
routine use to NRC-paid experts or consultants, and those under
contract with the NRC on a ``need-to-know'' basis for a purpose within
the scope of the pertinent NRC task. This access will be granted to an
NRC contractor or employee of such contractor by a system manager only
after satisfactory justification has been provided to the system
manager;
k. A record from this system of records may be disclosed as a
routine use to appropriate agencies, entities, and persons when (1) NRC
suspects or has confirmed that there has been a breach of the system of
records, (2) NRC has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, NRC (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with NRC efforts to respond to the suspected or confirmed
breach or to prevent, minimize, or remedy such harm; and
l. A record from this system of records may be disclosed as a
routine use to another Federal agency or Federal entity, when the NRC
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored electronically or on paper.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrievable by an individual's name, email address,
certificate status, certificate number or credential number,
certificate issuance date, or approval role.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained under the National Archives and Records
Administration's, General Records Schedule 5.6: Security Records.
Application and activation records for personal identification
credentials and cards are retained under General Records Schedule 5.6,
item 120. Destroy 6 years after the end of an employee or contractor's
tenure, but longer retention is authorized if required for business
use. Personnel identification cards are retained under General Records
Schedule 5.6, item 121. Destroy after expiration, confiscation, or
return. Local facility identification and card access records are
retained under General Records Schedule 5.6, item 130. Destroy upon
immediate collection once the temporary credential or card is returned
for potential reissuance due to nearing expiration or not to exceed 6
months from time of issuance or when individual no longer requires
access, whichever is sooner, but longer retention is authorized if
required for business use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Technical, administrative, and personnel security measures are
implemented to ensure confidentiality, integrity, and availability of
the system data stored, processed, and transmitted. Hard copy documents
are maintained in locking file cabinets. Electronic records are, at a
minimum, password protected. Access to and use of these records is
limited to those individuals whose official duties require access.
RECORD ACCESS PROCEDURES:
Same as ``Notification procedures.''
CONTESTING RECORD PROCEDURES:
Same as ``Notification procedures.''
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act or Privacy Act Officer, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001,
and comply with the procedures contained in NRC's Privacy Act
regulations, 10 CFR part 9.
EXEMPTIONS CLAIMS FOR THE SYSTEM:
None.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
Disclosure of system records to consumer reporting systems is not
permitted.
SYSTEM NAME AND NUMBER:
Health Emergency Records--NRC 46.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Headquarters, 11555 Rockville Pike, Rockville, Maryland. Records
may be maintained at all locations at which the NRC, or contractors on
behalf of the NRC, operate or at which NRC operations are supported.
SYSTEM MANAGER(S):
Chief Human Capital Officer, Office of the Chief Human Capital
Officer, U.S.
[[Page 58801]]
Nuclear Regulatory Commission, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Workforce safety Federal requirements, which include: the
Occupational Safety and Health Act of 1970; Executive Order 12196; and
5 U.S.C. 7902, ``Safety programs.'' Federal laws that authorize the NRC
to create and maintain Federal records of agency activities, which
include: 44 U.S.C. 3101; the Religious Freedom Restoration Act of 1933,
42 U.S.C. chapter 21B; Title VII of the Civil Rights Act of 1964, as
amended, 42 U.S.C. 2000e; and the Rehabilitation Act of 1973, as
amended, 29 U.S.C. 701 et seq. Authorities addressing the federal
government's preparation for, and response to, public health threats,
including the PREVENT Pandemics Act, 42 U.S.C. 300hh-3; and Executive
Order 13987, ``Organizing and Mobilizing the United States Government
to Provide a Unified and Effective Response to Combat COVID-19 and to
Provide United States Leadership on Global Health and Security.''
PURPOSE(S) OF THE SYSTEM:
Maintaining records necessary and relevant to NRC activities
responding to and mitigating high-consequence public health threats.
Records may include, but are not limited to, those applicable health
related records needed to understand the impact of an illness or
disease on the NRC workforce or to assist the NRC in protecting its
workforce from a declared public health emergency, pandemic, or other
high-consequence public health threat, including records submitted by
NRC personnel or by the lawful representative of such personnel.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
NRC's employees.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records maintained in this system may include:
A. Full name, NRC employee ID number; telephone number, worksite,
email address, supervisor's name, address and contact information.
C. Other information about the individual directly related to the
disease or illness (e.g., testing results/information, symptoms,
treatments, source of exposure, or other applicable health related
information).
D. Appointment scheduling information, including the date, time,
and location of a scheduled appointment.
E. Medical screening information, including the individual's name,
date of birth, age, category of employment, current medical status,
related medical history, and any relevant medical history.
RECORD SOURCE CATEGORIES:
Records may be obtained from NRC employees or their representative
who may provide relevant information on a suspected or confirmed
disease or illness, or the prevention of such disease or illness, which
is the subject of a high-consequence public health threat.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under
subsection (b) of the Privacy Act, the NRC may disclose information
contained in this system of records without the consent of the persons
or entities mentioned herein if the disclosure is compatible with the
purpose for which the record was collected under the following routine
uses:
A. To appropriate medical facilities, or Federal, State, local,
Tribal, territorial or foreign government agencies, to the extent
permitted by law, for the purpose of protecting the vital interests of
individual(s), including to assist the United States Government in
responding to or mitigating high-consequence public health threats.
B. To determine eligibility for access to NRC buildings, NRC
licensee facilities or sites, or other Federal facilities.
C. To provide licensees information needed for unescorted access or
access to the licensee's facility(s).
D. Where a record, either alone or in conjunction with other
information, indicates a violation or potential violation of law--
criminal, civil, or regulatory in nature--the relevant records may be
referred to the appropriate Federal, State, local, territorial, Tribal,
or foreign law enforcement authority or other appropriate entity
charged with the responsibility for investigating or prosecuting such
violation or charged with enforcing or implementing such law.
E. In an appropriate proceeding before a court, grand jury, or
administrative or adjudicative body, when the NRC determines that the
records are arguably relevant to its proceeding; or in an appropriate
proceeding before an administrative or adjudicative body when the
adjudicator determines the records to be relevant to the proceeding.
F. To contractors, grantees, experts, consultants, students, and
others performing or working on a contract, service, grant, cooperative
agreement, or other assignment for the Federal Government, when
necessary to accomplish an NRC function related to this system of
records.
G. A record on an employee from this system of records may be
disclosed as a routine use to a Federal, State, local, territorial,
Tribal, or foreign agency requesting a record that is relevant and
necessary to its decision on a matter of hiring or retaining an
employee, issuing a security clearance, reporting an investigation of
that individual, letting a contract, or issuing a license, grant, or
other benefit.
H. A record on an employee from this system of records may be
disclosed as a routine use to a Congressional office in response to an
inquiry from the Congressional office made at the request of that
individual.
I. To the National Archives and Records Administration for purposes
of records management inspections conducted under the authority of 44
U.S.C. 2904 and 2906.
J. To appropriate agencies, entities, and persons when (1) the NRC
suspects or has confirmed that there has been a breach of the system of
records. (2) the NRC has determined that as a result of the suspected
or confirmed breach there is a risk of harm to an individual(s), the
NRC (including its information systems, programs, and operations), the
Federal Government, or national security; and (3) the disclosure made
to such agencies, entities, and persons is reasonably necessary to
assist in connection with the NRC's efforts to respond to the suspected
or confirmed breach or to prevent, minimize, or remedy such harm.
K. To another Federal agency or Federal entity, when the NRC
determines that information from this system of records is necessary to
assist the recipient agency or entity in (1) responding to a suspected
or confirmed breach, or (2) preventing, minimizing, or remedying the
risk of harm to individuals, the recipient agency or entity (including
its information systems, programs, and operations), the Federal
Government, or national security, resulting from a suspected or
confirmed breach.
L. To any agency, organization, or individual for the purpose of
performing authorized audit or oversight operations of the NRC and
meeting related reporting requirements.
M. To such recipients and under such circumstances and procedures
as are mandated by Federal statute or treaty.
N. A record from this system of records may be disclosed as a
routine
[[Page 58802]]
use to NRC-paid experts or consultants, and those under contract with
the NRC on a ``need-to-know'' basis for purpose within the scope of the
pertinent NRC task. This access will be granted to an NRC contractor or
employee of such contractor by a system manager only after satisfactory
justification has been provided to the system manager.
O. To a Federal agency employee, expert, consultant, or contractor
in performing a Federal duty for purposes of authorizing, arranging,
and/or claiming reimbursement for official travel, including, but not
limited to, traveler profile information.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
All records in this system of records are maintained and in
compliance with applicable executive orders, statutes, and agency
implementing recommendations. Electronic records are stored in
databases. Paper records are maintained in a secure, access-controlled
room, with access limited to authorized personnel.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records will be retrieved by any of the categories of records,
including name, location, date of applicable health information, or
work status.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
To the extent applicable, to ensure compliance with Americans with
Disabilities Act, the Rehabilitation Act, and the Genetic Information
Nondiscrimination Act of 2008, medical information must be ``maintained
on separate forms and in separate medical files and be treated as a
confidential medical record.'' 42 U.S.C. 12112(d)(3)(B); 42 U.S.C. sec
2000ff-5(a); 29 CFR 1630.14(b)(1), (c)(1),(d)(4)(i); and 29 CFR
1635.9(a). This means that medical information and documents must be
stored separately from other personnel records. As such, the NRC must
keep medical records for at least 1 year from creation date. 29 CFR
1602.14. Further, records compiled under this system of records notice
will be maintained in accordance with the National Archives and Records
Administration General Records Schedule (GRS) 2.7, Employee Health and
Safety Records, Items 010, 070, or 080 to the extent applicable.
GRS 2.7 item 010 (DAA-GRS-2017-0010-0001)--Clinic scheduling
records. Temporary. Destroy when 3 years old, but longer retention is
authorized if needed for business use.
GRS 2.7 item 070 (DAA-GRS-2017-0010-0012)--Non-occupational
individual case files. Temporary. Destroy 10 years after the most
recent encounter, but longer retention is authorized if needed for
business use.
GRS 2.7 item 080 (DAA-GRS-2017-0010-0013)--Non-occupational health
and wellness program records. Temporary. Destroy 3 years after the
project/activity/or transaction is completed or superseded, but longer
retention is authorized if needed for business use.
GRS 2.7 item 063 (DAA-GRS-2021-0003-0001)--Vaccination attestations
and proof of vaccination records. Federal employees and contractors.
Temporary. Destroy when 3 years old.
GRS 2.7 item 064 (DAA-GRS-2021-0003-0002)--Vaccination attestations
and proof of vaccination records. Visitors. Temporary. Destroy when 30
days old.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The NRC safeguards records in this system according to applicable
rules and polices, including all applicable NRC automated systems
security and access policies. The NRC has imposed controls to minimize
the risk of compromising the information that is being stored. Users of
individual computers can only gain access to the data by valid user
identification and password. Paper records are maintained in a secure,
access-controlled room, with access limited to authorized personnel.
RECORDS ACCESS PROCEDURES:
Same as ``Notification procedures.''
CONTESTING RECORD PROCEDURES:
Same as ``Notification procedures.''
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records
contains information about them should write to the Freedom of
Information Act Officer or Privacy Act Officer, Office of the Chief
Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC
20555-0001, and comply with procedures contained in NRC's Privacy Act
regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
HISTORY:
None.
Addendum I--List of U.S. Nuclear Regulatory Commission Locations
Part 1--NRC Headquarters Offices
1. One White Flint North, 11555 Rockville Pike, Rockville,
Maryland.
2. Two White Flint North, 11545 Rockville Pike, Rockville,
Maryland.
3. Three White Flint North, 11601 Landsdown Street, North Bethesda,
MD
Part 2--NRC Regional Offices
1. NRC Region I, 475 Allendale Road, Suite 102, King of Prussia,
Pennsylvania.
2. NRC Region II, Marquis One Tower, 245 Peachtree Center Avenue
NE, Suite 1200, Atlanta, Georgia.
3. NRC Region III, 2443 Warrenville Road, Suite 210, Lisle,
Illinois.
4. NRC Region IV, 1600 East Lamar Boulevard, Arlington, Texas.
5. NRC Technical Training Center, Osborne Office Center, 5746
Marlin Road, Suite 200, Chattanooga, Tennessee.
[FR Doc. 2024-15922 Filed 7-18-24; 8:45 am]
BILLING CODE 7590-01-P