Privacy Act of 1974, as Amended; Amendment of an Existing System of Records, 40605-40607 [E8-16103]

Agencies

• DEPARTMENT OF THE INTERIOR
• Bureau of Indian Affairs
• Indian Affairs Bureau

[Federal Register Volume 73, Number 136 (Tuesday, July 15, 2008)]
[Notices]
[Pages 40605-40607]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E8-16103]


-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

Bureau of Indian Affairs


Privacy Act of 1974, as Amended; Amendment of an Existing System 
of Records

AGENCY: Bureau of Indian Affairs (BIA), Interior.

ACTION: Proposed amendment of an existing system of records.

-----------------------------------------------------------------------

SUMMARY: The Department of the Interior (DOI), Bureau of Indian Affairs 
(BIA) is issuing public notice, pursuant to the Privacy Act of 1974 (5 
U.S.C. 552a), of its intent to amend its existing Privacy Act system of 
records notice entitled Interior, BIA-22, ``Indian Student Records,'' 
published at 55 FR 34085 (August 21, 1990).

DATE: Comments must be received by August 25, 2008.

ADDRESSES: Any persons interested in commenting on the amended system 
of records may do so by submitting comments in writing to the Privacy 
Act Officer, Bureau of Indian Affairs, 625 Herndon Parkway, Herndon, VA 
20170, or by e-mail to Joan.Tyler@bia.gov.

FOR FURTHER INFORMATION CONTACT: Kevin Skenandore, Acting Director, 
Bureau of Indian Education (BIE), 1849 C Street, NW., MIB MS 3609, 
Washington, DC 20245, or by e-mail to Kevin.Skenandore@bia.gov.

SUPPLEMENTARY INFORMATION: This notice is published pursuant to the 
Privacy Act of 1974 (5 U.S.C. 552a(e)(4)) and is in exercise of 
authority delegated by the Secretary of the Interior to the Assistant 
Secretary--Indian Affairs, in 209 DM 8.1. This notice amends the 
Privacy Act System of Records entitled Interior, BIA-22, ``Indian 
Student Records.'' The purpose of the amendment is to: (1) Change the 
name of the system from Interior, BIA-22, ``Indian Student Records'' to 
Interior, BIA-22, ``Native American Student Information System'' 
(NASIS) (2) update the addresses of the system locations, system 
managers, and the categories of individuals covered by the system 
statement; (3) update the information regarding disclosures outside the 
Department of the Interior; (4) update the information on student 
records; (5) update the routine uses, storage, retrievability and 
safeguards statements to incorporate the changes since the system 
notice was last published, and (6) expand the existing system of 
records to include information necessary to generate the reports the 
Bureau of Indian Education produces annually to meet the various 
requirements. A copy of the notice, with changes incorporated, is 
attached.

    Dated: July 9, 2008.
George T. Skibine,
Acting Deputy Assistant Secretary, Policy and Economic Development.

SYSTEM NAME:
    Native American Student Information System (NASIS), Interior, BIA-
22.

SYSTEM LOCATION:
    (1) Bureau of Indian Education (BIE) Central Office, 1849 C Street, 
NW., MS 3609, Washington, DC 20240.
    (2) Bureau of Indian Affairs (BIA) Albuquerque Data Center, 1011 
Indian School Road, NW, Albuquerque, NM 87104.
    (3) Infinite Campus, 2 Pine Tree Drive, Suite 302, Arden Hills, MN 
55112.
    (4) BIE-specific school locations. For a listing of specific 
locations, contact the Systems Manager.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
     All students who attend BIE-funded primary and secondary 
schools;
     All education staff who work at BIE-funded primary and 
secondary schools, including school administrators, principals, 
registrars, school clerks, teachers, teacher aides, counselors, school 
bus drivers (for certifications), janitorial staff, food service staff, 
school complex security staff, and dormitory staff; and
     Parents or guardians of, and emergency or authorized 
contacts for, students attending BIE-funded primary and secondary 
schools.

CATEGORIES OF RECORDS IN THE SYSTEM:
     School staff information including, but not limited to, 
staff ID number, qualifications for staff position, school district of 
employment and school district assignments, home address, home phone 
number, and e-mail address;
     Student information including name, birth date, address, 
phone number, e-mail address, student ID information, student photo, 
school, residential enrollment, free or reduced meal status, and 
household census information;
     Student tribal affiliation, tribal certificate type, and 
validation of tribal membership;
     Student contact information including contact information 
for parents or guardians or other parties to contact in an emergency, 
and relationships of students to emergency contacts;
     Records documenting student behavior including information 
on behavior problems and the resolution of the problems;
     Transcripts, test scores, grades, education level, classes 
available, class scheduling, special education data, gifted and 
talented data, instructional and residential attendance;
     School bus transportation data;
     Languages spoken by students, level of English 
proficiency, indigenous Indian languages spoken, and preferred 
language;
     Immunization records of students, health conditions of 
students and other information pertaining to student health, including 
treatments for health problems.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    This system of records is maintained under the authority of 25 
U.S.C. 1, 1a, 13; 25 U.S.C. 480; Public Law 95-561 and subsequent 
amendments; 25 CFR parts 31, 36, and 39; the Snyder Act (25 U.S.C. 13); 
Johnson O'Malley Act (codified as amended, 25 U.S.C. 452 (2000)); 
Elementary and Secondary Education Act (20 U.S.C. 6301); Tribally 
Controlled Schools Act (25 U.S.C. 2501 et seq.); Indian Self-
Determination and Education Assistance Act (25 U.S.C. 450); Indian 
Education Amendments of 1978 (25 U.S.C. 2001 et seq.); Individuals with 
Disabilities Education Act (IDEA) (20 U.S.C. 1400 et seq.); Improving 
America's Schools Act (Pub. L. 103-382); and the No Child Left Behind 
Act of 2002 (NCLBA) (Pub. L. 107-110).

[[Page 40606]]

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSE OF SUCH USES:
    The system is used to administer BIE-funded schools by providing 
high quality data to legitimate users. NASIS serves as the BIE's 
primary tracking and reporting system for students attending BIE-funded 
schools and for duty certifications of employees at such schools.
    Disclosure outside the Department of the Interior may be made:
    (1) To Congress in the form of Indian Student Equalization Program 
(ISEP) reports to justify ISEP funding for Indian schools.
    (2) To the Department of Education in the form of Consolidated 
School Reports to satisfy accountability requirements of NCLBA.
    (3) To the Department of Education in the form of Annual 
Performance Reports to satisfy accountability requirements of the IDEA.
    (4) To parents and guardians of students in the form of web-enabled 
access to grades, assignments, attendance, behavior, schedule, and 
school calendar for their student.
    (5) To parents and guardians of students in the form of periodic 
reports on their student(s).
    (6) To State education departments in the form of bio-grid data for 
assessment access for students within that State for the purpose of 
fulfilling accountability requirements under NCLBA.
    (7) To State education departments in the form of attendance and 
graduation rate data for students within that State for the purpose of 
fulfilling accountability requirements under NCLBA.
    (8) To an authorized recipient such as a parent, medical facility, 
service provider, or school to which the student is transferring, in 
the form of a data package containing information about the student to 
enable the recipient to provide services to the student, following the 
guidelines of the IDEA for special education students, or privacy 
policies for DOI and Family Education Rights and Privacy Act (FERPA) 
for all other students.
    (9) To the public in the form of school report cards as required by 
NCLBA.
    (10) To individual requestors in accordance with the requirements 
of FERPA and Freedom of Information Act (FOIA).
    (11) To schools receiving grants from or under contract to the BIE.
    (12)(a) To any of the following entities or individuals, when the 
circumstances set forth in paragraph (b) are met:
    (i) The Department of Justice (DOJ);
    (ii) A court, adjudicative or other administrative body;
    (iii) A party in litigation before a court or adjudicative or other 
administrative body; or
    (iv) Any DOI employee acting in his or her individual capacity if 
DOI or DOJ has agreed to represent that employee or pay for private 
representation of the employee;
    (b) When:
    (i) One of the following is a party to the proceeding or has an 
interest in the proceeding:
    (A) DOI or any component of DOI;
    (B) Any other Federal agency appearing before the Office of 
Hearings and Appeals;
    (C) Any DOI employee acting in his or her official capacity;
    (D) Any DOI employee acting in his or her individual capacity if 
DOI or DOJ has agreed to represent that employee or pay for private 
representation of the employee;
    (E) The United States, when DOJ determines that DOI is likely to be 
affected by the proceeding; and
    (ii) DOI deems the disclosure to be:
    (A) Relevant and necessary to the proceeding; and
    (B) Compatible with the purposes for which the records were 
compiled.
    (13) To a congressional office in response to a written inquiry 
that an individual covered by the system, or the heir of such 
individual if covered individual is deceased, has made to the office.
    (14) To any criminal, civil, or regulatory law enforcement 
authority (whether Federal, State, territorial, local, tribal, or 
foreign) when a record, either alone or in conjunction with other 
information, indicates a violation or potential violation of law--
criminal, civil, or regulatory in nature, and the disclosure is 
compatible with the purpose for which the records were compiled.
    (15) To an official of another Federal agency to provide 
information needed in the performance of official duties related to 
reconciling or reconstructing data files or to enable that agency to 
respond to an inquiry by the individual to whom the record pertains.
    (16) To Federal, State, territorial, local, tribal, or foreign 
agencies that have requested information relevant or necessary to the 
hiring, firing, or retention of an employee or contractor, or the 
issuance of a security clearance, license, contract, grant, or other 
benefit, when the disclosure is compatible with the purpose for which 
the records were compiled.
    (17) To representatives of the National Archives and Records 
Administration to conduct records management inspections under the 
authority of 44 U.S.C. 2904 and 2906.
    (18) To state and local governments and tribal organizations to 
provide information needed in response to court order and/or discovery 
purposes related to litigation, when the disclosure is compatible with 
the purpose for which the records were compiled.
    (19) To an expert, consultant, or contractor (including employees 
of the contractor) of DOI that performs services requiring access to 
these records on DOI's behalf to carry out the purposes of the system.
    (20) The appropriate agencies, entities, and persons when:
    (a) It is suspected or confirmed that the security or 
confidentiality of information in the system of records has been 
compromised; and
    (b) The Department has determined that as a result of the suspected 
or confirmed compromise there is a risk of harm to economic or property 
interest, identity theft or fraud, or harm to the security or integrity 
of this system or other systems or programs (whether maintained by the 
Department or another agency or entity) that rely upon the compromised 
information; and
    (c) The disclosure is made of such agencies, entities, and persons 
who are reasonably necessary to assist in connection with the 
Department's efforts to respond to the suspected or confirmed 
compromise and prevent, minimize, or remedy such harm.
    (21) To the Office of Management and Budget during the coordination 
and clearance process in connection with legislative affairs as 
mandated by OMB Circular A-19.
    (22) To the Department of the Treasury to recover debts owed to the 
United States.
    (23) To the news media when the disclosure is compatible with the 
purpose for which the records were compiled.

DISCLOSURES TO CONSUMER REPORTING AGENCIES:
    Pursuant to 5 U.S.C. 552a(b)(12), records can be disclosed to 
consumer reporting agencies as they are defined by the Fair Credit 
Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act 
of 1966 (31 U.S.C. 3701(a)(3)).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored in both paper and electronic form. Technical 
data from audit logs and database queries produced by IT support in 
Infinite Campus are stored in paper form at this location. Sensitive 
student records

[[Page 40607]]

including grades, attendance records, health, special programs, and 
behavior information are stored in paper form in locked file cabinets. 
Electronic records are stored on hard disks.

RETRIEVABILITY:
    Records including attendance, grades, discipline information, test 
and assessment histories, program enrollments, and health information 
are retrieved from the NASIS using a unique student identification code 
assigned by the system. Other records for school administrators, 
principals, teachers, teacher aides, counselors, school bus drivers, 
line officers, regional directors, system administrators, librarians, 
food service workers, dormitory managers, and parents/guardian records 
are retrievable using a unique identifier code assigned by the system 
for each individual.

SAFEGUARDS:
    NASIS is maintained with controls meeting safeguard requirements 
identified in Departmental Privacy Act Regulations (43 CFR 2.51) for 
manual and automated records. Access to records is limited to 
authorized personnel whose official duties require such access; agency 
officials have access only to records pertaining to their agencies.
    (1) Physical Security: Paper records are maintained in locked file 
cabinets and/or in secured rooms.
    (2) Technical Security: Electronic records are maintained in 
conformity with Office of Management and Budget and Departmental 
guidelines reflecting the implementation of the Federal Information 
Security Management Act. Electronic data are protected through user 
identification, passwords, database permissions, and software controls. 
These security measures establish different degrees of access for 
different types of users. An audit trail is maintained and reviewed 
periodically to identify unauthorized access. A Privacy Impact 
Assessment was completed for the NASIS and is updated at least annually 
to ensure that Privacy Act requirements and personally identifiable 
information safeguard requirements are met. Security procedures are 
verified through annual assessments of the applications. The NASIS 
Security Assessment was last performed 12/19/2006 in accordance with 
FIPS 200 and NIST 800-53.
    (3) Administrative Security: All DOI and contractor employees with 
access to NASIS are required to complete Privacy Act, Records 
Management Act, and Security Awareness Training.

RETENTION AND DISPOSAL:
    Records relating to individuals covered by this system are retained 
in accordance with the 16 Bureau of Indian Affairs Manual (BIAM), as 
approved by the National Archives and Records Administration (NARA), 
and are scheduled for permanent retention.

SYSTEM MANAGER(S) AND ADDRESS:
    NASIS COTR and Project Manager, Bureau of Indian Education, 1001 
Indian School Road, NW, Suite 219A, Albuquerque, NM 87103

NOTIFICATION PROCEDURES:
    Inquiries regarding the existence of records should be addressed to 
the System Manager. The request must be in writing, signed by the 
requester, and meet the requirements of 43 CFR 2.60.

RECORDS ACCESS PROCEDURES:
    A request for access may be addressed to the System Manager. The 
request must be in writing, signed by the requester, and meet the 
requirements of 43 CFR 2.63.

CONTESTING RECORD PROCEDURES:
    A petition for amendment should be addressed to the System Manager. 
The request must be in writing, signed by the requester, and meet the 
content requirements of 43 CFR 2.71.

RECORD SOURCE CATEGORIES:
    Information is received from students attending BIE-funded schools, 
parents/guardians of students, school administrators, principals, 
teachers, teacher aides, counselors, school bus drivers, librarians, 
food service workers, and dormitory managers on whom records are 
maintained.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.

[FR Doc. E8-16103 Filed 7-14-08; 8:45 am]
BILLING CODE 4312-RY-P