[Federal Register Volume 89, Number 184 (Monday, September 23, 2024)]
[Notices]
[Pages 77497-77500]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-21715]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

[Docket ID: DoD-2024-OS-0101]


Privacy Act of 1974; System of Records

AGENCY: Defense Human Resources Activity (DHRA), Department of Defense 
(DoD).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, the Office of the 
Secretary of Defense (OSD) is modifying a current system of records 
titled, Defense Civilian Human Resource Management System (DCHRMS), 
DHRA 23 DoD. The records within this system are used to provide human 
resource information and system support for the DoD civilian workforce 
worldwide that manages the HR processing and reporting, including 
position, compensation and benefits, and performance management, as 
well as create efficiencies in Human Capital Management. This system of 
records notice (SORN) is being updated to cover compensation records 
and administrative appeals relating to claims filed under the Helping 
American Victims Afflicted by Neurological Attacks Act (HAVANA). This 
SORN modification expands the Category of Individuals section to cover 
current and former DoD employees, and dependents of current or former 
employees who on or after January 1, 2016, experienced a qualifying 
brain injury. Additionally, the DoD is modifying the Routine Use 
section to allow additional sharing outside of DoD. Lastly, the DoD is 
also modifying various other sections within the SORN to improve 
clarity or update information that has changed.

DATES: This system of records is effective upon publication; however, 
comments on the Routine Uses will be accepted on or before October 23, 
2024. The Routine Uses are effective at the close of the comment 
period.

ADDRESSES: You may submit comments, identified by docket number and 
title, by either of the following methods:
    * Federal Rulemaking Portal: https://www.regulations.gov. Follow 
the instructions for submitting comments.
    * Mail: Department of Defense, Office of the Assistant to the 
Secretary of Defense for Privacy, Civil Liberties, and Transparency, 
Regulatory Directorate, 4800 Mark Center Drive, Attn: Mailbox 24, Suite 
05F16, Alexandria, VA 22350-1700.
    Instructions: All submissions received must include the agency name 
and docket number for this Federal Register document. The general 
policy for comments and other submissions from members of the public is 
to make these submissions available for public viewing on the internet 
at https://www.regulations.gov as they are received without change, 
including any personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT: Samuel Peterson, DHRA Component 
Privacy Officer, 400 Gigling Rd., Seaside, CA 93955, [email protected] or 831-220-7330.

SUPPLEMENTARY INFORMATION:

I. Background

    DoD is modifying the Defense Civilian Human Resource Management 
System, DHRA 23 DoD to support amendment of the Helping American 
Victims Afflicted by Neurological Attacks Act (HAVANA). In 2016, 
Department of State employees stationed in Havana, Cuba, began 
reporting a sudden onset of symptoms, including headaches, pain, 
nausea, disequilibrium, and hearing loss, in conjunction with sensory 
events. Federal agencies have called such incidents Anomalous Health 
Incidents (``AHIs''). Since 2016, Federal employees in numerous 
countries reported suspected AHIs.
    Beginning on December 20, 2019, the Department of State was 
authorized by statute to pay benefits to employees and their dependents 
for injuries suffered in the Republic of Cuba, the People's Republic of 
China, or other foreign countries designated by the Secretary of State 
incurred after January 1, 2016, in connection with certain hostile or 
other incidents designated by the Secretary of State (Pub. L. 116-94, 
Division J, Title IX, section 901) (codified in 22 U.S.C. 2680b). These 
benefits were limited to Department of State employees only (i.e., not 
other U.S. Government employees under Chief of Mission (COM) 
authority). On January 1, 2021, this law was amended, authorizing other 
Federal Government agencies (such as the DoD) to provide benefits to 
their own employees under COM authority who suffered similar injuries. 
(Pub. L. 116-283, div. A, title XI, section 1110).
    On October 8, 2021, the President signed the HAVANA Act of 2021 
(Pub. L. 117-46). The HAVANA Act amended section 901 to authorize 
Federal Government agencies to compensate affected employees, former 
employees, and their dependents for qualifying injuries to the brain. 
The HAVANA Act amendments did not require that the qualifying injury 
occur in the Republic of Cuba, the People's Republic of China, or 
another foreign country designated by the Secretary of State. Section 
9216 of the James M. Inhofe National Defense Authorization Act for 
Fiscal Year 2023 provided agencies with authority to designate 
incidents affecting employees or dependents who are not under the 
security responsibility of the Secretary of State.
    The records within DHRA 23 DoD are used to provide human resource 
information and system support for the DoD civilian workforce worldwide 
that manages the HR processing and reporting, including position, 
compensation and benefits, and performance management, as well as 
create efficiencies in Human Capital Management. The SORN is being 
updated to cover compensation records and administrative appeals 
relating to claims filed under the HAVANA Act. This SORN modification 
expands the Category of Individuals section to cover current and former 
DoD employees, and dependents of current or former employees who on or 
after January 1, 2016, experienced a qualifying brain injury.
    Subject to public comment, the DoD is adding standard routine use 
``I'' authorizing sharing in the context of Inspector General 
activities, routine use ``J'' to allow for disclosures mandated by 
Federal statute or treaty, and routine use ``N'' to allow for sharing 
with the Department of State for the purpose of evaluating whether an 
incident is an ``other incident'' for purposes of establishing a 
qualifying injury. The following sections of this SORN are also being 
modified: (1) to the System Location section to reflect the various 
locations in which records may reside; (2) to the Authority for 
Maintenance of the System section to update citations(s) and add 
additional authorities; (3) to the Purpose section to provide clarity 
on how information will be used; (4) to the Categories of Records 
section to clarify how the records relate to the Category of 
Individuals; (5) to the Records Source Categories section to update 
source information; (6) to the Record Access Procedures section to 
reflect the need for individuals to identify the appropriate DoD office 
or component to which their request should be directed;

[[Page 77498]]

and (7) to the Notification Procedures section to update the 
appropriate citation for notifications.
    DoD SORNs have been published in the Federal Register and are 
available from the address in FOR FURTHER INFORMATION CONTACT or at the 
Office of the Assistant to the Secretary for Defense for Privacy, Civil 
Liberties, and Transparency (OATSD(PCLT)) website at https://dpcld.defense.gov/privacy.

II. Privacy Act

    Under the Privacy Act, a ``system of records'' is a group of 
records under the control of an agency from which information is 
retrieved by the name of an individual or by some identifying number, 
symbol, or other identifying particular assigned to the individual. In 
the Privacy Act, an individual is defined as a U.S. citizen or lawful 
permanent resident.
    In accordance with 5 U.S.C. 552a(r) and Office of Management and 
Budget (OMB) Circular No. A-108, OATSD(PCLT) has provided a report of 
this system of records to the OMB and to Congress.

    Dated: September 18, 2024.
Aaron T. Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.

SYSTEM NAME AND NUMBER:
    Defense Civilian Human Resource Management System (DCHRMS), DHRA 23 
DoD.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Department of Defense (Department or DoD), located at 1000 Defense 
Pentagon, Washington, DC 20301-1000, and other Department 
installations, offices, or mission locations. Information may also be 
stored within a government-certified cloud, implemented and overseen by 
the Department's Chief Information Officer (CIO), 6000 Defense 
Pentagon, Washington, DC 20301-6000.

SYSTEM MANAGER(S):
    Director, Enterprise Solutions and Integration Defense Civilian 
Personnel Advisory Service, 4800 Mark Center Drive, Suite 06E22, 
Arlington, VA 22350-6000, [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. Chapter 11, Office of Personnel Management; 5 U.S.C. 
Chapter 13, Special Authority; 5 U.S.C. Chapter 29, Commissions, Oaths, 
Records, and Reports; 5 U.S.C. Chapter 31, Authority for Employment; 5 
U.S.C. Chapter 33, Examination, Selection, and Placement; 5 U.S.C. 
Chapter 41, Training; 5 U.S.C. Chapter 43, Performance Appraisal; 5 
U.S.C. Chapter 51, Classification; 5 U.S.C. Chapter 53, Pay Rates and 
Systems; 5 U.S.C. Chapter 55, Pay Administration; 5 U.S.C. Chapter 61, 
Hours of Work; 5 U.S.C. Chapter 63, Leave; 5 U.S.C. Chapter 72, 
Antidiscrimination; Right to Petition Congress; 5 U.S.C. 7201, 
Antidiscrimination Policy; Minority Recruitment Program; 5 U.S.C. 
Chapter 75, Adverse Actions; 5 U.S.C. Chapter 83, Retirement; 5 U.S.C. 
Chapter 84, Federal Employees' Retirement System, Antidiscrimination 
Policy; Minority Recruitment Program; 10 U.S.C. 136, Under Secretary of 
Defense for Personnel and Readiness; HAVANA Act of 2021, Public Law 
117-46, 135 Stat. 391 (2021) (codified at 22 U.S.C. 2680b(i)); 
Executive Order (E.O.) 9830, Amending the Civil Service Rules and 
Providing for Federal Personnel Administration, as amended; 29 CFR 
1614.601, EEO Group Statistics; and E.O. 9397 (SSN), as amended.

PURPOSE(S) OF THE SYSTEM:
    Data is used to maintain a system of records that provides human 
resource information and system support for the Department of Defense 
(DoD) civilian workforce worldwide that manages the human resources 
processing and reporting, including position, compensation and 
benefits, performance management, and in making determinations of 
qualifications, as well as create efficiencies in Human Capital 
Management. Data is also used for analysis in order to meet 
Congressional and Federal reporting requirements.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Civilian employee, prospective applicants, and job applicants 
selected for civilian appropriated/non-appropriated fund (NAF), local 
nationals, and National Guard civilian technician positions in the DoD; 
and past and present DoD Civilian employees and their dependents 
eligible to submit claims in accordance with the HAVANA Act.

CATEGORIES OF RECORDS IN THE SYSTEM:
    Personal information including: Name, date and place of birth, 
citizenship, gender, marital status, DoD identification number (DoD 
ID), Social Security Number (SSN), addresses, phone numbers, email 
addresses, employee number, emergency contact information, dependent 
and family member information, security clearance information, race and 
ethnic origin, disability code, and foreign language capability. 
Compensation records and administrative appeals relating to claims 
filed under the HAVANA Act. Position authorization and control 
information, position data and performance elements, personnel data and 
projected suspense information for personnel actions, pay, benefits, 
and entitlements data. Historical information on employees, including 
job experience, education, training, and training transaction data, 
performance plans, interim appraisals, final appraisals, closeouts and 
ratings, professional accounting or other certifications or licenses, 
awards information and merit promotion information, separation and 
retirement data, civilian deployment information, and adverse and 
disciplinary action data. In addition, the Corporate Management 
Information System data (which is comprised of each employee current 
and historical record, to include all person, assignment, position, and 
personnel actions/updates) will be maintained and refreshed for 
agencies' historical and congressional reporting purposes.

RECORD SOURCE CATEGORIES:
    The individual, resumes, applicant record, employee or supervisor 
generated training requests; human resources generated records; 
employee generated data recorded as self-certified; and other employee 
or supervisor generated records. Data is also received from various 
interfaces with systems including, the Corporate Management Information 
System, Joint Personnel Adjudication System, Fourth Estate Manpower 
Tracking System, Defense Civilian Payroll System, the Air Force 
Manpower Programming and Execution System, NAF Payroll, Thrift Savings 
Plan hardship, Interactive Voice Recognition System, USA Staffing, and 
employee completed training data provided by respective Component 
agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act of 1974, as amended, all or a portion of the 
records or information contained herein may specifically be disclosed 
outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as 
follows:
    A. To contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal Government when 
necessary to

[[Page 77499]]

accomplish an agency function related to this system of records.
    B. To the appropriate Federal, State, local, territorial, tribal, 
foreign, or international law enforcement authority or other 
appropriate entity where a record, either alone or in conjunction with 
other information, indicates a violation or potential violation of law, 
whether criminal, civil, or regulatory in nature.
    C. To any component of the Department of Justice for the purpose of 
representing the DoD, or its components, officers, employees, or 
members in pending or potential litigation to which the record is 
pertinent.
    D. In an appropriate proceeding before a court, grand jury, or 
administrative or adjudicative body or official, when the DoD or other 
Agency representing the DoD determines that the records are relevant 
and necessary to the proceeding; or in an appropriate proceeding before 
an administrative or adjudicative body when the adjudicator determines 
the records to be relevant to the proceeding.
    E. To the National Archives and Records Administration for the 
purpose of records management inspections conducted under the authority 
of 44 U.S.C. 2904 and 2906.
    F. To a Member of Congress or staff acting upon the Member's behalf 
when the Member or staff requests the information on behalf of, and at 
the request of, the individual who is the subject of the record.
    G. To appropriate agencies, entities, and persons when (1) the DoD 
suspects or confirms a breach of the system of records; (2) the DoD 
determines as a result of the suspected or confirmed breach there is a 
risk of harm to individuals, the DoD (including its information 
systems, programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with the DoD's 
efforts to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    H. To another Federal agency or Federal entity, when the DoD 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, m6inimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    I. To another Federal, State or local agency for the purpose of 
comparing to the agency's system of records or to non-Federal records, 
in coordination with an Office of Inspector General in conducting an 
audit, investigation, inspection, evaluation, or some other review as 
authorized by the Inspector General Act of 1978, as amended.
    J. To such recipients and under such circumstances and procedures 
as are mandated by Federal statute or treaty.
    K. To the Equal Employment Opportunity Commission for the purpose 
of providing Equal Employment Opportunity group statistics in 
accordance with 29 CFR 1614.601, EEO Group Statistics.
    L. To the Office of Personnel Management (OPM) for the purpose of 
addressing civilian pay and leave, benefits, retirement deduction, and 
any other information necessary for the OPM to carry out its legally 
authorized government-wide personnel management functions and studies.
    M. To educational institutions and commercial training providers 
for the purpose of selecting and registering applicants approved by a 
DoD component to attend a specified program, and, when applicable, to 
provide for payment.
    N. To the Department of State, as appropriate in evaluating whether 
an incident is an ``other incident'' for purposes of establishing a 
qualifying injury or should be so designated. Other incident is a new 
onset of physical manifestations that cannot otherwise be readily 
explained that is designated under 22 U.S.C. 2680b.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records may be stored electronically. The records may be stored on 
magnetic disc, tape, or digital media; in agency-owned cloud 
environments; or in vendor Cloud Service Offerings certified under the 
Federal Risk and Authorization Management Program (FedRAMP).

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by name, DoD ID, or SSN.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained for 25 years after the records are closed--
defined as after an individual separates from the Agency for Service 
members or after final payment is received for dependents; Corporate 
Management Information System records are cutoff and destroyed when no 
longer needed for business use.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are accessed and/or maintained in areas accessible only to 
authorized personnel who are properly screened, cleared, and trained. 
Common Access Cards (CACs) are employed to ensure access is limited to 
authorized personnel only. Role based access is used to ensure HR 
Personnel and system administrators have access to only the records 
they are entitled to see. Employees are able to access and view only 
their records and update certain personal information to them via two-
factor authentication or CAC. Additional technical controls include 
encryption of data at rest and in transit, firewall, virtual private 
network, intrusion detection system, DoD Public Key Infrastructure 
Certificates, and least privilege access. Security systems and/or 
security guards protect buildings where records are accessed or 
maintained. Additional physical access controls include, biometric 
access systems, multiple layers of locked access control doors and 
mantraps, closed-circuit television, and physical intrusion alarms.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to records about themselves contained in 
this system should address written inquiries to the Office of the 
Secretary of Defense/Joint Staff FOIA Requester Service Center, Office 
of Freedom of Information, 1155 Defense Pentagon, Washington, DC 20301-
1155. Signed written requests should contain name and number of this 
system of records notice along with full, current address, and email of 
the individual name, date of birth, DoD ID Number, and dates of 
employment (or approximate), and last employing agency. In addition, 
the requester must provide either a notarized statement or an unsworn 
declaration made in accordance with 28 U.S.C. 1746, in the following 
format:
    If executed outside the United States: ``I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).''
    If executed within the United States, its territories, possessions, 
or commonwealths: ``I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature)''.

CONTESTING RECORD PROCEDURES:
    The DoD rules for accessing records, contesting contents, and 
appealing

[[Page 77500]]

initial Component determinations are contained in 32 CFR part 310, or 
may be obtained from the system manager.

NOTIFICATION PROCEDURES:
    Individuals seeking to determine whether information about 
themselves is contained in this system of records should follow the 
instructions for Record Access Procedures above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    January 28, 2020, 85 FR 4949; November 15, 2010, 75 FR 69642.

[FR Doc. 2024-21715 Filed 9-20-24; 8:45 am]
BILLING CODE 6001-FR-P