[Federal Register Volume 89, Number 227 (Monday, November 25, 2024)]
[Notices]
[Pages 92891-92892]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-26134]
=======================================================================
-----------------------------------------------------------------------
CENTRAL INTELLIGENCE AGENCY
Privacy Act of 1974; System of Records
AGENCY: Central Intelligence Agency.
ACTION: Notice of a new system of records.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the Privacy Act of 1974, as amended, and Office of
Management and Budget (OMB) Circular No. A-108, notice is hereby given
that the Central Intelligence Agency (``CIA'') is submitting to the
Federal Register one new System of Records Notice (SORN), CIA-44
Business Analytics Records. This new SORN covers CIA's collection,
curation, exploration, and objective analysis of CIA business data used
to inform business decisions related to the CIA workforce, facilities,
and processes.
DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is
applicable upon publication and incorporates the CIA's 19 Routine Uses
published November 28, 2022 at 87 FR 73198.
ADDRESSES: Comments may be submitted by the following methods: By mail
to Mark Mouser, Privacy and Civil Liberties Officer, Central
Intelligence Agency, Washington, DC 20505; or by email to
[email protected]. Please include ``NOTICE NEW CIA SORN'' in the
subject line of the message.
FOR FURTHER INFORMATION CONTACT: Mark Mouser, Privacy and Civil
Liberties Officer, Central Intelligence Agency, Washington, DC 20505,
(571) 280-2700.
SUPPLEMENTARY INFORMATION: CIA relies on reliable, repeatable, and
comparable data to, among other purposes, inform decisions and track
progress in achieving CIA priorities. This data, which the CIA refers
to as ``business data,'' is captured by, or created from the use and
operations of, CIA facilities, IT systems, and applications in the
normal course of CIA activities and processes. The CIA's collection,
curation, exploration, and objective analysis of business data has
proven significantly beneficial to the CIA. For example, business data
has allowed CIA leadership to recommend adjustments to CIA resource
allocations, develop applications to assist the CIA workforce in
completing their administrative responsibilities, and generate
statistical information to inform CIA leadership decision-making on its
business needs.
The CIA proposes a new System of Record Notice, CIA-44 Business
Analytics Records, to further enable its business data analytic
activities and identify opportunities for efficiencies in Agency
services, tools, reports, properties, and facilities.
Nothing in the new SORN indicates any change in the Agency's
authorities or practices regarding the collection and maintenance of
information about citizens and lawful permanent residents of the United
States, nor does the new SORN change any individual's rights to access
or to amend their records in accordance with the Privacy Act.
In accordance with 5 U.S.C. 552a(r), the Agency has provided a
report to OMB and Congress on the new system of records.
Dated: November 4, 2024.
Mark Mouser,
Privacy and Civil Liberties Officer, Central Intelligence Agency.
PRIVACY ACT SYSTEM OF RECORDS NOTICE CIA-44
SYSTEM NAME AND NUMBER:
Business Analytics Records (CIA-44)
SECURITY CLASSIFICATION:
The classification of records in this system can range from
UNCLASSIFIED to TOP SECRET.
SYSTEM LOCATION:
Central Intelligence Agency, Washington, DC 20505.
SYSTEM MANAGER(S):
Chief Strategy Officer (CSO), Central Intelligence Agency,
Washington, DC 20505, and the heads of component-level offices charged
with business analytic functional responsibilities.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The National Security Act of 1947, as amended, 50 U.S.C. 3036 et
seq.; the Central Intelligence Agency Act of 1949, as amended, 50
U.S.C. 3501 et seq.; Executive Order 12333, as amended, 73 FR 45325.
PURPOSE(S) OF THE SYSTEM:
Records in this system are used by authorized personnel to ensure
process integrity; enable the CIA and the Director of the CIA to carry
out their lawful and authorized responsibilities; and collect, create,
centralize and disseminate CIA business data to: evaluate the
utilization of, and identify opportunities for efficiencies in, CIA
services, tools, reports, properties, and facilities; evaluate
adjustments to CIA resource allocations, processes, and business lines;
develop applications and information systems to assist CIA personnel in
conducting official CIA business; and perform other analyses of CIA
business processes and systems as identified by authorized CIA
officials.
Records in this system are also used by authorized personnel to
collect, create, centralize and disseminate CIA business data to
monitor, report on, and make recommendations relating to: CIA's
utilization of contracts and contractors to promote the efficient use
of CIA resources; CIA vacancies, hiring, compensation, awards,
promotions, training, employee development, employee benefits, internal
transfers, resignations, and retirements; spending by CIA components
and programs; work hours and activities of CIA personnel to determine
alignment of CIA activity with CIA priorities; workforce health,
wellbeing status, and perceptions to allow for a more comprehensive
understanding of the workforce and allow for the ability for CIA
stakeholders to take action to improve the workplace, environment, and
organizational processes; location and workplace presence of CIA-
affiliated persons, to support commuting, alternative work, and
facility location studies; official travel performed by CIA-affiliated
persons; and former staff employees who retain an alumni relationship
with the CIA.
CIA employees and contractors may use established business analytic
methods to query, analyze, and summarize CIA business data. These
methods include using programming language(s) (e.g., structured query
language (SQL)), data visualization, statistical analysis, natural
language processing, network analysis, and artificial intelligence/
machine learning techniques.
[[Page 92892]]
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Current and former CIA employees, employees of other IC agencies
detailed to the CIA, applicants or prospective applicants for
employment with the CIA, individuals under contract with the CIA,
individuals visiting CIA-managed facilities, individuals physically
present in, or using, CIA-controlled facilities, United States
Government personnel reading or consuming CIA-produced products, and
individuals using CIA-managed information technology systems.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system contains CIA ``business data,'' which is data captured
by, created by, or derived from the use and operations of CIA
facilities, IT systems, and applications, that is used by authorized
CIA officers for the purposes outlined in the ``PURPOSE(S) OF THE
SYSTEM'' paragraph, above. CIA business data includes, but is not
limited to:
A. Human resource, biographic, and personnel security information
on the individuals listed in the ``CATEGORIES OF INDIVIDUALS COVERED BY
THE SYSTEM'' paragraph, above, such as: names of individuals;
organizational affiliation; physical work location of personnel;
internal contact information; personal home address and contact
information; voluntarily-provided biographical information; demographic
data; employment data; applicant and prospective applicant information,
such as CIA position vacancies, applications, and internal and external
hiring data; employee performance and promotion, retention, and
resignation attributes; personnel security dispositions and clearances;
personnel official travel records; voluntarily-provided information on
workforce health, wellbeing status, and perceptions, utilization of
employee health and wellness services, and responses to workforce
surveys.
B. Financial and appropriations information, such as: CIA budget
allocations and fiscal transactions; contracts and contractor personnel
data; and procurement, inventory, movement, and disposition of goods
and services; and
C. CIA-managed products, facilities, IT system, and application
information, such as: internal communications metadata; activity
records on CIA-managed information technology systems; metadata
relating to CIA-produced or -consumed analyses, reporting, and content;
and capacity, configuration, maintenance, and utilization data of CIA-
managed and CIA-affiliated facilities.
RECORD SOURCE CATEGORIES:
Information may be provided by individuals covered by this system;
derived from other CIA IT systems and Privacy Act systems of records;
and other U.S. Government departments and agencies.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the disclosures generally permitted under 5 U.S.C.
552a(b), this information is set forth in the ``Statement of General
Routine Uses for the Central Intelligence Agency,'' set out at 87 FR
73198, November 28, 2022, which is incorporated herein by reference.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Paper and other hard-copy records are stored in secured areas
within the CIA or in CIA-controlled facilities. Electronic records are
stored in secure file-servers located within CIA-controlled facilities
or in CIA-contracted facilities subject to CIA supervision.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records in this system may be retrieved by name, chart number,
social security number, CIA employee number, or other unique personal
identifier by automated or hand search based on extant indices and
automated capabilities utilized in the normal course of business. Under
applicable law and regulations, all searches of this system of records
will be performed in CIA offices by CIA personnel.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
All records are maintained and disposed of in accordance with
applicable Records Control Schedules issued or approved by the National
Archives and Records Administration.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records are maintained in secure, restricted areas and are accessed
only by personnel who have a need for the records in the performance of
their official duties and have been authorized for such access.
Electronic authorization and authentication access controls are
required to prevent against unauthorized access, use, and disclosure.
RECORD ACCESS PROCEDURES:
Requests from individuals should be addressed as indicated in the
notification procedures section below. Regulations for access to
individual records or for appealing an initial determination by CIA
concerning the access to records are published in the Federal Register
(32 CFR 1901.11-.45).
CONTESTING RECORD PROCEDURES:
Requests from individuals to correct or amend records should be
addressed as indicated in the notification procedures section below.
CIA's regulations regarding requests for amendments to, or disputing
the contents of, individual records or for appealing an initial
determination by CIA concerning these matters are published in the
Federal Register (32 CFR 1901.21-32, 32 CFR 1901.42).
NOTIFICATION PROCEDURES:
Individuals seeking to learn if this system of records contains
information about them should direct their inquiries to: Information
and Privacy Coordinator, Central Intelligence Agency, Washington, DC
20505. Identification requirements are specified in the CIA rules
published in the Federal Register (32 CFR 1901.12-.14). Individuals
must comply with these rules in order for their request to be
processed.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
Certain records contained within this system of records may be
exempted from certain provisions of the Privacy Act, 5 U.S.C. 552a,
pursuant to 5 U.S.C. 552a(d)(5), (j)(1), and (k).
HISTORY:
None.
[FR Doc. 2024-26134 Filed 11-22-24; 8:45 am]
BILLING CODE 6310-02-P