DOI-57, Privacy Act Files

81 FR 45527 (July 14, 2016); Modification published 86 FR 50156 (September 7, 2021)
============================================================================================================
 
DEPARTMENT OF THE INTERIOR
 
Office of the Secretary
 
[16XD4523WS DWSNN0000.XD0000 DS67010000 DP67012]
 
Privacy Act of 1974, as Amended; Notice To Amend an Existing System of Records
 
AGENCY:  Office of the Secretary, Interior.
 
ACTION:  Notice of amendment to an existing system of records.
------------------------------------------------------------------------------------------------------------------------------------------------------------
SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of the Interior is issuing a public notice of its intent to amend the Department of the Interior Privacy Act system of records, "Privacy Act Files--Interior, DOI-57", to add new routine uses, and update existing routine uses, system location, categories of individuals covered by the system, categories of records in the system,  authority for maintenance of the system, storage, safeguards, retention and disposal, system manager and address, notification procedures, records access and  contesting procedures, records source categories, and exemption sections. 
 
DATES: Comments must be received by August 15, 2016. This amended system will be effective August 15, 2016.
 
ADDRESSES: Any person interested in commenting on this amendment may do so by: Submitting comments in writing to Teri Barnett, Departmental Privacy Officer, U.S. Department of the Interior, 1849 C Street NW., Mail Stop 5545 MIB, Washington, DC 20240; hand-delivering comments to Teri Barnett, Departmental Privacy Officer, U.S. Department of the Interior, 1849 C Street NW., Mail Stop 5545 MIB, Washington, DC 20240; or emailing comments to Privacy@ios.doi.gov.
 
FOR FURTHER INFORMATION CONTACT:  Departmental Privacy Officer, U.S.  Department of the Interior, 1849 C Street NW., Mail Stop 5547 MIB, Washington, DC 20240; or by telephone at 202-208-1605.

SUPPLEMENTARY INFORMATION: 

I. Background
The Department of the Interior (DOI) maintains the "Privacy Act Files--Interior, DOI-57" system of records. This system enables DOI to efficiently manage Privacy Act Program activities; supports the processing and tracking of notification, record access and amendment requests, and administrative appeals under the Privacy Act; conduct and manage complaints; supports agency participation in litigation arising from such requests, complaints, and appeals; and carry out any other responsibilities under the provisions of the Privacy Act. DOI is publishing this amended notice to reflect updated information in the system location, categories of individuals covered by the system, categories of records in the system, authority for maintenance of the system, storage, safeguards, retention and disposal, system manager and address, notification procedures, records access and contesting procedures, records source categories, and exemption sections.

Additionally, DOI is modifying existing routine uses to reflect updates consistent with standard DOI routine uses, and adding new routine uses to permit sharing of information with: (1) The Office of Management and Budget (OMB) in relation to legislative affairs mandates by OMB Circular A-19; (2) the Department of the Treasury to recover debts owed to the United States; (3) the National Archives and Records Administration (NARA) to conduct records management inspections; (4) NARA, Office of Government Information Services (OGIS) to assist and facilitate the resolution of disputes, to the extent such a dispute involves a combined Freedom of Information Act and Privacy Act request for agency records; (5) Federal, state, territorial, local, tribal, or foreign agencies when there is an indication of a violation of law; (6) Federal, state, territorial, local, tribal, or foreign agencies when relevant for hiring and retention, or issuance of security clearance, license, contract, grant or benefit; (7) appropriate government agencies and organizations to provide information in response to court orders or for discovery purposes related to litigation; (8) an expert, consultant, or contractor that performs services on DOI's behalf to carry out the purposes of the system; (9) another Federal agency to assist that agency in responding to an inquiry by the individual to whom that record pertains; and (10) the news media and the public, with approval by the Public Affairs Officer and Senior Agency Official for Privacy in consultation with Counsel. 

The Privacy Act records in this system may also be maintained in other DOI systems of records, "Electronic FOIA Tracking System and FOIA Case Files--Interior, DOI-71" (67 FR 58817) for combined FOIA and Privacy Act requests, and "Freedom of Information Act Appeals Files-Interior, OS-69" (64 FR 16986) for appeals filed on Privacy Act requests or combined FOIA and Privacy Act requests. DOI last published a system notice in the Federal Register on March 24, 1999 (64 FR 14258) and published an amended notice on February 13, 2008 (73 FR 8342). The amendments to the system will be effective as proposed at the end of the comment period (the comment period will end 30 days after the publication of this notice in the Federal Register), unless comments are received which would require a contrary determination. DOI will publish a revised notice if changes are made based upon a review of the comments received.

II.    Privacy Act
The Privacy Act of 1974, as amended, embodies fair information practice principles in a statutory framework governing the means by which Federal agencies collect, maintain, use, and disseminate individuals' personal information. The Privacy Act applies to records about individuals that are maintained in a "system of records." A "system of records" is a group of any records under the control of an agency for which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. The Privacy Act defines an individual as a United States citizen or lawful permanent resident. As a matter of policy, DOI extends administrative Privacy Act protections to all individuals. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of DOI by complying with DOI Privacy Act regulations at 43 CFR part 2, subpart K.    

The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains, the routine uses of each system to make agency recordkeeping practices transparent, to notify individuals regarding the uses of their records, and to assist individuals to more easily find such records within the agency. The amended "Privacy Act Files--Interior, DOI-57" system of records notice is published in its entirety below. 

In accordance with 5 U.S.C. 552a(r), DOI has provided a report of this system of records to the Office of Management and Budget and to Congress.

III.    Public Disclosure
Before including your address, phone number, email address, or other personal identifying information in your comment, you should be aware that your entire comment, including your personal identifying information, may be made publicly available at any time. While you can ask us in your comment to withhold your personal identifying information from public review, we cannot guarantee that we will be able to do so.

Dated: July 8, 2016.
Teri Barnett,
Departmental Privacy Officer.

SYSTEM NAME:
Privacy Act Files, DOI-57.
 
SECURITY CLASSIFICATION:
Unclassified.
 
SYSTEM LOCATION:
This system is maintained by the Departmental Privacy Office, Office of the Chief Information Officer, U.S. Department of the Interior, 1849 C Street NW., Mail Stop 5545 MIB, Washington, DC 20240; other Department of the Interior Office of the Secretary program offices that maintain or process Privacy Act requests, complaints, or appeals; and Department of the Interior bureaus and offices responsible for managing Privacy Act programs and maintaining records about Privacy Act requests, complaints, or appeals. Visit the Department of the Interior Privacy Program Web site for a list of the Department's Privacy contacts: https://www.doi.gov/privacy/contacts.
 
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals or their representatives who have submitted Privacy Act requests for notification of the existence of, access to, and petitions for amendment of records; individuals or their representatives who have filed a Privacy Act complaint; individuals or their representatives who have filed Privacy Act appeals; individuals who are the subject of such requests, complaints, or appeals; officials who may be involved in any Privacy Act request, complaint, or appeal; and DOI personnel assigned to handle such requests, complaints, or appeals.
 
CATEGORIES OF RECORDS IN THE SYSTEM:
This system consists of records created or compiled in response to Privacy Act requests, complaints, and appeals; records relating to accounting of disclosures pursuant to the requirements of the Privacy Act; and records relating to general agency implementation of the Privacy Act. These records may include the original requests, complaints, or appeals; responses to such requests, complaints, or appeals; related memoranda, email, correspondence, notes, accounting of disclosure forms, reports, notices, and other related or supported documentation; and copies of requested records, contested records, and records under appeal. These records may contain the following information: Names, Social Security numbers, dates of birth, home and work addresses, email addresses, telephone numbers, fax numbers, other contact information, driver license numbers, tribal identification numbers, other tribal enrollment data, unique case identifiers, and any other information that is contained in the record that is requested, contested, or is part of the record under appeal.
 
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 552a, The Privacy Act of 1974, as amended.
 
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
The primary purpose of the Privacy Act Files system of records is to enable DOI to efficiently manage Privacy Act activities. This system supports the processing of notification, record access and amendment requests, complaints, and administrative appeals under the Privacy Act; supports agency participation in litigation arising from such requests, complaints, and appeals; and assists DOI in carrying out any other responsibilities under the provisions of the Privacy Act.    

In addition to those disclosures generally permitted under 5 U.S.C.552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DOI as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

  • (1) (a) To any of the following entities or individuals, when the circumstances set forth in paragraph (b) are met:
      • (i) The U.S. Department of Justice (DOJ);
      • (ii) A court or an adjudicative or other administrative body;
      • (iii) A party in litigation before a court or an adjudicative or other administrative body; or
      • (iv) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee;
    • (b) When: 
      • (i) One of the following is a party to the proceeding or has an interest in the proceeding:
        • (A) DOI or any component of DOI;
        • (B) Any other Federal agency appearing before the Office of Hearings and Appeals;
        • (C) Any DOI employee acting in his or her official capacity;
        • (D) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee;
        • (E) The United States, when DOJ determines that DOI is likely to be affected by the proceeding; and
      • (ii) DOI deems the disclosure to be:
        • (A) Relevant and necessary to the proceeding; and
        • (B) Compatible with the purpose for which the records were compiled.
  • (2) To a congressional office in response to a written inquiry that an individual covered by the system, or the heir of such individual if the covered individual is deceased, has made to the office.
  • (3) To any criminal, civil, or regulatory law enforcement authority (whether Federal, state, territorial, local, tribal or foreign) when a record, either alone or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil, or regulatory in nature, and the disclosure is compatible with the purpose for which the records were compiled.
  • (4) To an official of another Federal agency to provide information needed in the performance of official duties related to reconciling or reconstructing data files or to enable that agency to respond to an inquiry by the individual to whom the record pertains.
  • (5) To Federal, state, territorial, local, tribal, or foreign agencies that have requested information relevant or necessary to the hiring, firing or retention of an employee or contractor, or the issuance of a security clearance, license, contract, grant or other benefit, when the disclosure is compatible with the purpose for which the records were compiled.
  • (6) To representatives of the National Archives and Records Administration (NARA) to conduct records management inspections under the authority of 44 U.S.C. 2904 and 2906.
  • (7) To state, territorial and local governments and tribal organizations to provide information needed in response to court order and/or discovery purposes related to litigation, when the disclosure is compatible with the purpose for which the records were compiled.
  • (8) To an expert, consultant, or contractor (including employees of the contractor) of DOI that performs services requiring access to these records on DOI’s behalf to carry out the purposes of the system.
  • (9) To appropriate agencies, entities, and persons when:
    • (a) It is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; and
    • (b) DOI has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interest, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by DOI or another agency or entity) that rely upon the compromised information; and
    • (c) The disclosure is made to such agencies, entities and persons who are reasonably necessary to assist in connection with DOI’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
  • (10) To the Office of Management and Budget (OMB) during the coordination and clearance process in connection with legislative affairs as mandated by OMB Circular A-19.
  • (11) To the Department of the Treasury to recover debts owed to the United States.
  • (12) To the news media and the public, with the approval of the Public Affairs Officer in consultation with Counsel and the Senior Agency Official for Privacy, where there exists a legitimate public interest in the disclosure of the information, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.
  • (13) To a debt collection agency for the purpose of collecting outstanding debts owed to the Department for fees associated with processing Privacy Act requests.
  • (14) To other Federal, state, and local agencies having a subject matter interest in a request or an appeal or a decision thereon.
  • (15) To another Federal agency to assist that agency in responding to an inquiry by the individual to whom that record pertains.
  • (16) To the National Archives and Records Administration, Office of Government Information Services (OGIS), to the extent necessary to fulfill its responsibilities in 5 U.S.C. 552(b), to review administrative agency policies, procedures and compliance with the Freedom of Information Act (FOIA), and to facilitate OGIS’s offering of mediation services to resolve disputes between persons making FOIA requests and administrative agencies, and to the extent such a dispute involves a combined FOIA and Privacy Act request for agency records.
  • (17) To another Federal agency or Federal entity, when DOI determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in:
    • (a) Responding to a suspected or confirmed breach; or
    • (b) Preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
Pursuant to 5 U.S.C. 552a(b)(12), disclosures may be made to a consumer reporting agency as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1996 (31 U.S.C. 701(a)(3)).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING AND DISPOSING OF RECORDS IN THE SYSTEM:

STORAGE:
Paper records are contained in file folders stored within filing cabinets in secured rooms. Electronic records are contained in computers, compact discs, computer tapes, removable drives, email, diskettes, and electronic databases.
 
RETRIEVABILITY:
Information can be retrieved by specific data elements including: The name of the requester and case tracking number.
 
SAFEGUARDS:
The records contained in this system are safeguarded in accordance with 43 CFR 2.226 and other applicable security and privacy rules and policies. During normal hours of operation, paper records are maintained in locked filed cabinets under the control of authorized personnel. Computerized records systems follow the National Institute of Standards and Technology privacy and security standards as developed to comply with the Privacy Act of 1974 (5 U.S.C. 552a); Public Law 93-579), the Paperwork Reduction Act of 1995 (Pub. L. 104-13); the Federal Information Security Modernization Act of 2014 (Pub. L. 113-283, 44 U.S.C. 3554); and the Federal Information Processing Standards 199, Standards for Security Categorization of Federal Information and Information Systems. Computer servers on which electronic records are stored are located in secured DOI facilities with physical, technical and administrative levels of security to prevent unauthorized access to the DOI network and information assets. Security controls include encryption, firewalls, audit logs, and network system security monitoring.
 
Electronic data is protected through user identification, passwords, database permissions and software controls. Access to records in the system is limited to authorized personnel who have a need to access the records in the performance of their official duties, and each user's access is restricted to only the functions and data necessary to perform that person's job responsibilities. System administrators and authorized users are trained and required to follow established internal security protocols and must complete all security,  privacy, and records management training and sign the DOI Rules of Behavior.
 
RETENTION AND DISPOSAL:
Records in this system are maintained under Departmental Records Schedule (DRS) 1-Administrative Records, which has been approved by NARA (DAA-0048-2013-0001). DRS-1 is a Department-wide records schedule that covers Privacy Act request files, correspondence, reports, and program administration records related to implementation of the Privacy Act. The disposition for these records is temporary. Privacy Act request files, correspondence, and other short-term administration records are destroyed three years after cut-off, which is generally after the date of reply or the end of the fiscal year in which files are created. Long-term records that require additional retention, such as denials, amendment case files, and files regarding erroneous release of personal information not associated with specific individuals, are destroyed seven years after cut-off, which is generally when the record is closed.
 
Records not covered by DRS-1 are maintained under General Records Schedule (GRS) 4.2, Information Access and Protection Records. GRS 4.2 item 050, Privacy Act Accounting of Disclosure files, are disposed of in accordance with the subject individual records, or five years after the disclosure, whichever is later. GRS 4.2 item 060, erroneous release files associated with specific records, generally follow the original records disposition or are destroyed six years after the erroneous release, whichever is later. 
   
Paper records are disposed of by shredding or pulping, and records contained on electronic media are degaussed or erased in accordance with 384 Departmental Manual 1 and NARA guidelines.
 
SYSTEM MANAGER AND ADDRESS:
  • (1) Departmental Privacy Officer, Office of the Chief Information Officer, U.S. Department of the Interior, 1849 C Street NW., Mail Stop 5545 MIB, Washington, DC 20240.
  • (2) DOI Bureau and Office Privacy Officers. To obtain a current list of the Privacy Officers and their addresses, visit the DOI Privacy Program Web site at https://www.doi.gov/privacy/contacts.
  • (3) Privacy Act System Managers. (Consult DOI system of records notices for addresses of Privacy Act System Managers: https://www.doi.gov/privacy/sorn.)
NOTIFICATION PROCEDURES:
An individual requesting notification of the existence of records on himself or herself should send a signed, written inquiry to the applicable System Manager as identified above. The request envelope and letter should both be clearly marked "PRIVACY ACT INQUIRY." A request for notification must meet the requirements of 43 CFR 2.235.
 
RECORDS ACCESS PROCEDURES:
 An individual requesting records on himself or herself should send a signed, written inquiry to the applicable System Manager as identified above. The request should describe the records sought as specifically as possible. The request envelope and letter should both be clearly marked "PRIVACY ACT REQUEST FOR ACCESS." A request for access must meet the requirements of 43 CFR 2.238.
 
CONTESTING RECORDS PROCEDURES:
An individual requesting corrections or the removal of material from his or her records should send a signed, written request to the applicable System Manager as identified above. A request for corrections or removal must meet the requirements of 43 CFR 2.246.
 
RECORD SOURCE CATEGORIES:
Information collected in this system is submitted by individuals or their representatives filing Privacy Act requests, complaints, or appeals; system managers or other officials involved in these requests, complaints, or appeals; and DOI personnel processing these requests, complaints, or appeals. Records are also obtained from DOI systems of records from which Privacy Act requests are made. Information or records in this system may be obtained from combined FOIA and Privacy Act requests processed and maintained under the "Electronic FOIA Tracking System and FOIA Case Files--Interior, DOI-71" system of records; and from appeals records maintained under the "Freedom of Information Act Appeals Files--Interior, OS-69" system of records.
 
EXEMPTIONS CLAIMED FOR THE SYSTEM:
No exemptions are claimed for this system. However, to the extent that copies of exempt records from other systems of records are entered into this system, DOI claims the same exemptions for those records that are claimed for the original primary systems of records from which they originated.

Was this page helpful?

Please provide a comment