Privacy Act of 1974, as Amended; Establishment of a New System of Records, 40607-40609 [E8-16104]

Download as PDF Federal Register / Vol. 73, No. 136 / Tuesday, July 15, 2008 / Notices including grades, attendance records, health, special programs, and behavior information are stored in paper form in locked file cabinets. Electronic records are stored on hard disks. RETRIEVABILITY: Records including attendance, grades, discipline information, test and assessment histories, program enrollments, and health information are retrieved from the NASIS using a unique student identification code assigned by the system. Other records for school administrators, principals, teachers, teacher aides, counselors, school bus drivers, line officers, regional directors, system administrators, librarians, food service workers, dormitory managers, and parents/ guardian records are retrievable using a unique identifier code assigned by the system for each individual. mstockstill on PROD1PC66 with NOTICES SAFEGUARDS: NASIS is maintained with controls meeting safeguard requirements identified in Departmental Privacy Act Regulations (43 CFR 2.51) for manual and automated records. Access to records is limited to authorized personnel whose official duties require such access; agency officials have access only to records pertaining to their agencies. (1) Physical Security: Paper records are maintained in locked file cabinets and/or in secured rooms. (2) Technical Security: Electronic records are maintained in conformity with Office of Management and Budget and Departmental guidelines reflecting the implementation of the Federal Information Security Management Act. Electronic data are protected through user identification, passwords, database permissions, and software controls. These security measures establish different degrees of access for different types of users. An audit trail is maintained and reviewed periodically to identify unauthorized access. A Privacy Impact Assessment was completed for the NASIS and is updated at least annually to ensure that Privacy Act requirements and personally identifiable information safeguard requirements are met. Security procedures are verified through annual assessments of the applications. The NASIS Security Assessment was last performed 12/19/2006 in accordance with FIPS 200 and NIST 800–53. (3) Administrative Security: All DOI and contractor employees with access to NASIS are required to complete Privacy Act, Records Management Act, and Security Awareness Training. VerDate Aug<31>2005 15:01 Jul 14, 2008 Jkt 214001 RETENTION AND DISPOSAL: Records relating to individuals covered by this system are retained in accordance with the 16 Bureau of Indian Affairs Manual (BIAM), as approved by the National Archives and Records Administration (NARA), and are scheduled for permanent retention. SYSTEM MANAGER(S) AND ADDRESS: NASIS COTR and Project Manager, Bureau of Indian Education, 1001 Indian School Road, NW, Suite 219A, Albuquerque, NM 87103 NOTIFICATION PROCEDURES: Inquiries regarding the existence of records should be addressed to the System Manager. The request must be in writing, signed by the requester, and meet the requirements of 43 CFR 2.60. RECORDS ACCESS PROCEDURES: A request for access may be addressed to the System Manager. The request must be in writing, signed by the requester, and meet the requirements of 43 CFR 2.63. CONTESTING RECORD PROCEDURES: A petition for amendment should be addressed to the System Manager. The request must be in writing, signed by the requester, and meet the content requirements of 43 CFR 2.71. RECORD SOURCE CATEGORIES: Information is received from students attending BIE-funded schools, parents/ guardians of students, school administrators, principals, teachers, teacher aides, counselors, school bus drivers, librarians, food service workers, and dormitory managers on whom records are maintained. EXEMPTIONS CLAIMED FOR THE SYSTEM: None. [FR Doc. E8–16103 Filed 7–14–08; 8:45 am] BILLING CODE 4312–RY–P 40607 subject to the Privacy Act of 1974 (5 U.S.C. 552). This action is necessary to meet the requirements of the Privacy Act to publish in the Federal Register notice of the existence and character of records systems maintained by the agency (5 U.S.C. 552a(e)(4)). The new Privacy Act system of records is entitled Interior, BIA–30, ‘‘Identity Information System’’ (IIS). DATES: Comments must be received by August 25, 2008. ADDRESSES: Any persons interested in commenting on this new system of records may do so by submitting comments in writing to the Privacy Act Officer, 625 Herndon Parkway, Herndon VA 20170, or by e-mail to Joan.Tyler@bia.gov. FOR FURTHER INFORMATION CONTACT: Nicole Jaber, Director, Division of Independent Validation and Verification, Office of the Chief Information Officer, 625 Herndon Parkway, Herndon, VA 20170, or by email at Nicole.Jaber@bia.gov. SUPPLEMENTARY INFORMATION: This notice is published pursuant to the Privacy Act of 1974 (5 U.S.C. 552a(e)(4)) and is in exercise of authority delegated by the Secretary of the Interior to the Assistant Secretary—Indian Affairs in 209 DM 8.1. This notice establishes the Privacy Act system of records entitled Interior, BIA–30, ‘‘Identity Information System’’ (IIS). The purpose of this system is to provide an automated tool to track the security screening of BIA and Assistant Secretary—Indian Affairs (AS–IA) employees and contractors. It enables or allows BIA and AS–IA to record completion of official required IT security training and track requests for access to BIA IT information systems. Dated: July 9, 2008. George T. Skibine, Acting Deputy Assistant Secretary, Policy and Economic Development. SYSTEM NAME: DEPARTMENT OF THE INTERIOR Identity Information System (IIS)— Interior, BIA–30. Bureau of Indian Affairs SYSTEM LOCATION: Privacy Act of 1974, as Amended; Establishment of a New System of Records Bureau of Indian Affairs, Interior. ACTION: Notice of addition of a new system of records. AGENCY: SUMMARY: The Department of the Interior, Bureau of Indian Affairs (BIA) is issuing public notice of its intent to add a new Privacy Act system of records to its inventory of records systems PO 00000 Frm 00129 Fmt 4703 Sfmt 4703 Herndon Data Center (HDC), 625 Herndon Parkway, Herndon, VA 20170. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Those members from the following organizations who require access to BIA IT systems: (1) Employees and contractors of AS– IA, BIA and the Bureau of Indian Education (BIE) (2) Office of the Special Trustee for American Indians (OST) (3) Office of Hearings and Appeals (OHA) E:\FR\FM\15JYN1.SGM 15JYN1 40608 Federal Register / Vol. 73, No. 136 / Tuesday, July 15, 2008 / Notices (4) Office of Historical Trust Accounting (OHTA) (5) Bureau of Land Management (BLM) (6) Tribal users covered under a 638 Compact/Contract CATEGORIES OF RECORDS IN THE SYSTEM: (1) Individual data including the name, title, birth date, Social Security Number, phone number, office name, and office location; (2) Agency affiliation and status as employee or contractor (3) Status of required training; (4) System role based accesses granted to each user; (5) Building access badge information; (6) Acceptance date of BIA Rules of Behavior; (7) Record showing that background status has been confirmed by personnel security; (8) IT systems for which access has been requested and the status of those requests; (9) Supervisor or government approver records showing those users whose access or removal request needs to be approved by the supervisor or government approver; (10) Business owner records showing those users whose access or removal request needs to be approved by the business owner; (11) System administrator records showing the names of those users whose access needs to be set up or revoked; (12) Contract Officer Technical Representative (COTR) records showing the names and other data of contract IT users employed on a contract under the administrative support of that COTR. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: This system of records is maintained under the authority of 25 U.S.C. 1, 1a, 13; 25 U.S.C. 480. mstockstill on PROD1PC66 with NOTICES ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: The system is used to record and manage contact, training, and security screening information about BIA and AS–IA employees and contractors; and to manage access by BIA and AS–IA employees and contractors to BIA information systems. Disclosure(s) outside the Department of the Interior may be made: (1) (a) To any of the following entities or individuals, when the circumstances set forth in paragraph (b) are met: (i) The Department of Justice (DOJ); (ii) A court, adjudicative or other administrative body; (iii) A party in litigation before a court or adjudicative or other administrative body; or VerDate Aug<31>2005 15:01 Jul 14, 2008 Jkt 214001 (iv) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee; (b) When: (i) One of the following is a party to the proceeding or has an interest in the proceeding: (A) DOI or any component of DOI; (B) Any other Federal agency appearing before the Office of Hearings and Appeals; (C) Any DOI employee acting in his or her official capacity; (D) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee; (E) The United States, when DOJ determines that DOI is likely to be affected by the proceeding; and (ii) DOI deems the disclosure to be: (A) Relevant and necessary to the proceeding; and (B) Compatible with the purposes for which the records were compiled. (2) To a congressional office in response to a written inquiry that an individual covered by the system, or the heir of such individual if covered individual is deceased, has made to the office. (3) To any criminal, civil, or regulatory law enforcement authority (whether Federal, State, territorial, local, tribal, or foreign) when a record, either alone or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil, or regulatory in nature, and the disclosure is compatible with the purpose for which the records were compiled. (4) To an official of another Federal agency to provide information needed in the performance of official duties related to reconciling or reconstructing data files or to enable that agency to respond to an inquiry by the individual to whom the record pertains. (5) To Federal, State, territorial, local, tribal, or foreign agencies that have requested information relevant or necessary to the hiring, firing, or retention of an employee or contractor, or the issuance of a security clearance, license, contract, grant, or other benefit, when the disclosure is compatible with the purpose for which the records were compiled. (6) To representatives of the National Archives and Records Administration to conduct records management inspections under the authority of 44 U.S.C. 2904 and 2906. (7) To State and local governments and tribal organizations to provide PO 00000 Frm 00130 Fmt 4703 Sfmt 4703 information needed in response to court order and/or discovery purposes related to litigation, when the disclosure is compatible with the purpose for which the records were compiled. (8) To an expert, consultant, or contractor (including employees of the contractor) of DOI that performs services requiring access to these records on DOI’s behalf to carry out the purposes of the system. (9) The appropriate agencies, entities, and persons when: (a) It is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; and (b) The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interest, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the compromised information; and (c) The disclosure is made of such agencies, entities, and persons who are reasonably necessary to assist in connection with the Department’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. (10) To the Office of Management and Budget during the coordination and clearance process in connection with legislative affairs as mandated by OMB Circular A–19. (11) To the Department of the Treasury to recover debts owed to the United States. (12) To the news media when the disclosure is compatible with the purpose for which the records were compiled. DISCLOSURES TO CONSUMER REPORTING AGENCIES: Pursuant to 5 U.S.C. 552a(b)(12), records can be disclosed to consumer reporting agencies as they are defined by the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)). POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE: Records are stored on network storage devices, (e.g., hard disks, magnetic tapes) and on paper. RETRIEVABILITY: IIS users view their own data by signing onto IIS with their user name and password. Additional access to data E:\FR\FM\15JYN1.SGM 15JYN1 Federal Register / Vol. 73, No. 136 / Tuesday, July 15, 2008 / Notices is role based. For example, supervisors and COTRs can see the data of those for whom they are responsible, and IIS system administrators can see the data for all users in the system. SAFEGUARDS: IIS is maintained with controls meeting safeguard requirements identified in Departmental Privacy Act Regulations (43 CFR 2.51) for manual and automated records. Access to records is limited to authorized personnel whose official duties require such access; agency officials have access only to records pertaining to their agencies. (1) Physical Security: Paper or electronic format records are maintained in locked file cabinets and/or in secured rooms. (2) Technical Security: Electronic records are maintained in conformity with Office of Management and Budget and Departmental guidelines reflecting the implementation of the Federal Information Security Management Act. Electronic data are protected through user identification, passwords, database permissions, and software controls. These security measures establish different degrees of access for different types of users. An audit trail is maintained and reviewed periodically to identify unauthorized access. A Privacy Impact Assessment was completed for the IIS and is updated at least annually to ensure that Privacy Act requirements and personally identifiable information safeguard requirements are met. (3) Administrative Security: All DOI and contractor employees with access to IIS are required to complete Privacy Act, Records Management Act, and Security Awareness Training. RETENTION AND DISPOSAL: Records relating to individuals covered by this system are retained in accordance with the 16 Bureau of Indian Affairs Manual (BIAM), as approved by the National Archives and Records Administration, and scheduled for permanent retention. SYSTEM MANAGER AND ADDRESS: mstockstill on PROD1PC66 with NOTICES Director, Office of Information Operations (OIO), Office of the Chief Information Officer, 625 Herndon Parkway, Herndon, VA 20170. NOTIFICATION PROCEDURES: Inquiries regarding the existence of records should be addressed to the System Manager. The request must be in writing, signed by the requester, and meet the requirements of 43 CFR 2.60. VerDate Aug<31>2005 15:01 Jul 14, 2008 Jkt 214001 RECORDS ACCESS PROCEDURES: A request for access may be addressed to the System Manager. The request must be in writing, signed by the requester, and meet the requirements of 43 CFR 2.63. CONTESTING RECORD PROCEDURES: A petition for amendment should be addressed to the System Manager. The request must be in writing, signed by the requester, and meet the content requirements of 43 CFR 2.71. RECORD SOURCE CATEGORIES: Individuals on whom the records are maintained providing information on themselves, managers issuing approvals for system access requests, IT technicians reporting status of IT system access requests, and personnel security officers reporting verification of background investigations. EXEMPTIONS CLAIMED FOR THE SYSTEM: None. [FR Doc. E8–16104 Filed 7–14–08; 8:45 am] 40609 NW., Washington, DC 20240, or by email at Vicki.Forrest@bia.gov. SUPPLEMENTARY INFORMATION: This notice is published pursuant to the Privacy Act of 1974 (5 U.S.C. 552a(e)(4)) and is in exercise of authority delegated by the Secretary of the Interior to the Principal Deputy Assistant Secretary— Indian Affairs in 209 DM 8.1. This notice establishes the Privacy Act system of records entitled Interior, BIA– 29: ‘‘Fee to Trust Tracking System’’ (FTTS). FTTS was developed for the BIA to track applications for conversions of land from fee ownership into trust status for Tribes and individual Indians. FTTS is replacing an existing legacy system, Fee to Trust (FTT), that does not collect sufficient information to properly track applications. Dated: July 9, 2008. George T. Skibine, Acting Deputy Assistant Secretary for Policy and Economic Development—Indian Affairs. SYSTEM NAME: BILLING CODE 4312–RY–P Fee to Trust Tracking System (FTTS), Interior, BIA–29. DEPARTMENT OF THE INTERIOR SYSTEM LOCATION: Bureau of Indian Affairs Privacy Act of 1974, as Amended; Addition of a New System of Records AGENCY: Bureau of Indian Affairs, Interior. Notice of addition of a new system of records. ACTION: SUMMARY: The Department of the Interior (DOI), Bureau of Indian Affairs (BIA) is issuing public notice of its intent to add a new Privacy Act system of records to its inventory of records systems subject to the Privacy Act of 1974 (5 U.S.C. 552a). This action is necessary to meet the requirements of the Privacy Act to publish in the Federal Register notice of the existence and character of records systems maintained by the agency (5 U.S.C. 552a(e)(4)). The new Privacy Act system of records is entitled Interior, BIA–29: ‘‘Fee to Trust Tracking System’’ (FTTS). DATE: Comments must be received by August 25, 2008. ADDRESSES: Any persons interested in commenting on this proposed amendment may do so by submitting comments in writing to the Privacy Act Officer, Bureau of Indian Affairs, 625 Herndon Parkway, Herndon, VA 20170, or by e-mail to Joan.Tyler@bia.gov. FOR FURTHER INFORMATION CONTACT: Vicki Forrest, Deputy Bureau Director, Office of Trust Services, 1849 C Street, PO 00000 Frm 00131 Fmt 4703 Sfmt 4703 Office of Information Operations, Bureau of Indian Affairs, 625 Herndon Parkway, Herndon, VA 20170. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: (1) Individuals applying to the Department of the Interior (DOI) for conversion of land from fee ownership into trust status. (2) Individuals, Tribes, organizations or other stakeholders or their representatives with an interest in applications for converting land from fee ownership into trust status. (3) DOI employees or contractors who process the applications for conversion of land from fee ownership into trust status if their contact information is required. CATEGORIES OF RECORDS IN THE SYSTEM: (1) Statistical information necessary to improve and streamline the process, as well as, budget preparatory information to support the entire transfer of fee simple land into trust lands for tribes and individual Indians. (2) Information required by the trust fee lands transfer case packet application, including but not limited to, a legal description of the trust fee land packet, and the name, phone number and address of the party (or parties) filing the application. (3) Legal representation information pertaining to the trust fee lands transfer packet application, including but not E:\FR\FM\15JYN1.SGM 15JYN1

Agencies

[Federal Register Volume 73, Number 136 (Tuesday, July 15, 2008)]
[Notices]
[Pages 40607-40609]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E8-16104]


-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

Bureau of Indian Affairs


Privacy Act of 1974, as Amended; Establishment of a New System of 
Records

AGENCY: Bureau of Indian Affairs, Interior.

ACTION: Notice of addition of a new system of records.

-----------------------------------------------------------------------

SUMMARY: The Department of the Interior, Bureau of Indian Affairs (BIA) 
is issuing public notice of its intent to add a new Privacy Act system 
of records to its inventory of records systems subject to the Privacy 
Act of 1974 (5 U.S.C. 552). This action is necessary to meet the 
requirements of the Privacy Act to publish in the Federal Register 
notice of the existence and character of records systems maintained by 
the agency (5 U.S.C. 552a(e)(4)). The new Privacy Act system of records 
is entitled Interior, BIA-30, ``Identity Information System'' (IIS).

DATES: Comments must be received by August 25, 2008.

ADDRESSES: Any persons interested in commenting on this new system of 
records may do so by submitting comments in writing to the Privacy Act 
Officer, 625 Herndon Parkway, Herndon VA 20170, or by e-mail to 
Joan.Tyler@bia.gov.

FOR FURTHER INFORMATION CONTACT: Nicole Jaber, Director, Division of 
Independent Validation and Verification, Office of the Chief 
Information Officer, 625 Herndon Parkway, Herndon, VA 20170, or by e-
mail at Nicole.Jaber@bia.gov.

SUPPLEMENTARY INFORMATION: This notice is published pursuant to the 
Privacy Act of 1974 (5 U.S.C. 552a(e)(4)) and is in exercise of 
authority delegated by the Secretary of the Interior to the Assistant 
Secretary--Indian Affairs in 209 DM 8.1. This notice establishes the 
Privacy Act system of records entitled Interior, BIA-30, ``Identity 
Information System'' (IIS). The purpose of this system is to provide an 
automated tool to track the security screening of BIA and Assistant 
Secretary--Indian Affairs (AS-IA) employees and contractors. It enables 
or allows BIA and AS-IA to record completion of official required IT 
security training and track requests for access to BIA IT information 
systems.

    Dated: July 9, 2008.
George T. Skibine,
Acting Deputy Assistant Secretary, Policy and Economic Development.

SYSTEM NAME:
    Identity Information System (IIS)--Interior, BIA-30.

SYSTEM LOCATION:
    Herndon Data Center (HDC), 625 Herndon Parkway, Herndon, VA 20170.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Those members from the following organizations who require access 
to BIA IT systems:
    (1) Employees and contractors of AS-IA, BIA and the Bureau of 
Indian Education (BIE)
    (2) Office of the Special Trustee for American Indians (OST)
    (3) Office of Hearings and Appeals (OHA)

[[Page 40608]]

    (4) Office of Historical Trust Accounting (OHTA)
    (5) Bureau of Land Management (BLM)
    (6) Tribal users covered under a 638 Compact/Contract

CATEGORIES OF RECORDS IN THE SYSTEM:
    (1) Individual data including the name, title, birth date, Social 
Security Number, phone number, office name, and office location;
    (2) Agency affiliation and status as employee or contractor
    (3) Status of required training;
    (4) System role based accesses granted to each user;
    (5) Building access badge information;
    (6) Acceptance date of BIA Rules of Behavior;
    (7) Record showing that background status has been confirmed by 
personnel security;
    (8) IT systems for which access has been requested and the status 
of those requests;
    (9) Supervisor or government approver records showing those users 
whose access or removal request needs to be approved by the supervisor 
or government approver;
    (10) Business owner records showing those users whose access or 
removal request needs to be approved by the business owner;
    (11) System administrator records showing the names of those users 
whose access needs to be set up or revoked;
    (12) Contract Officer Technical Representative (COTR) records 
showing the names and other data of contract IT users employed on a 
contract under the administrative support of that COTR.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    This system of records is maintained under the authority of 25 
U.S.C. 1, 1a, 13; 25 U.S.C. 480.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    The system is used to record and manage contact, training, and 
security screening information about BIA and AS-IA employees and 
contractors; and to manage access by BIA and AS-IA employees and 
contractors to BIA information systems.
    Disclosure(s) outside the Department of the Interior may be made:
    (1) (a) To any of the following entities or individuals, when the 
circumstances set forth in paragraph (b) are met:
    (i) The Department of Justice (DOJ);
    (ii) A court, adjudicative or other administrative body;
    (iii) A party in litigation before a court or adjudicative or other 
administrative body; or
    (iv) Any DOI employee acting in his or her individual capacity if 
DOI or DOJ has agreed to represent that employee or pay for private 
representation of the employee;
    (b) When:
    (i) One of the following is a party to the proceeding or has an 
interest in the proceeding:
    (A) DOI or any component of DOI;
    (B) Any other Federal agency appearing before the Office of 
Hearings and Appeals;
    (C) Any DOI employee acting in his or her official capacity;
    (D) Any DOI employee acting in his or her individual capacity if 
DOI or DOJ has agreed to represent that employee or pay for private 
representation of the employee;
    (E) The United States, when DOJ determines that DOI is likely to be 
affected by the proceeding; and
    (ii) DOI deems the disclosure to be:
    (A) Relevant and necessary to the proceeding; and
    (B) Compatible with the purposes for which the records were 
compiled.
    (2) To a congressional office in response to a written inquiry that 
an individual covered by the system, or the heir of such individual if 
covered individual is deceased, has made to the office.
    (3) To any criminal, civil, or regulatory law enforcement authority 
(whether Federal, State, territorial, local, tribal, or foreign) when a 
record, either alone or in conjunction with other information, 
indicates a violation or potential violation of law--criminal, civil, 
or regulatory in nature, and the disclosure is compatible with the 
purpose for which the records were compiled.
    (4) To an official of another Federal agency to provide information 
needed in the performance of official duties related to reconciling or 
reconstructing data files or to enable that agency to respond to an 
inquiry by the individual to whom the record pertains.
    (5) To Federal, State, territorial, local, tribal, or foreign 
agencies that have requested information relevant or necessary to the 
hiring, firing, or retention of an employee or contractor, or the 
issuance of a security clearance, license, contract, grant, or other 
benefit, when the disclosure is compatible with the purpose for which 
the records were compiled.
    (6) To representatives of the National Archives and Records 
Administration to conduct records management inspections under the 
authority of 44 U.S.C. 2904 and 2906.
    (7) To State and local governments and tribal organizations to 
provide information needed in response to court order and/or discovery 
purposes related to litigation, when the disclosure is compatible with 
the purpose for which the records were compiled.
    (8) To an expert, consultant, or contractor (including employees of 
the contractor) of DOI that performs services requiring access to these 
records on DOI's behalf to carry out the purposes of the system.
    (9) The appropriate agencies, entities, and persons when:
    (a) It is suspected or confirmed that the security or 
confidentiality of information in the system of records has been 
compromised; and
    (b) The Department has determined that as a result of the suspected 
or confirmed compromise there is a risk of harm to economic or property 
interest, identity theft or fraud, or harm to the security or integrity 
of this system or other systems or programs (whether maintained by the 
Department or another agency or entity) that rely upon the compromised 
information; and
    (c) The disclosure is made of such agencies, entities, and persons 
who are reasonably necessary to assist in connection with the 
Department's efforts to respond to the suspected or confirmed 
compromise and prevent, minimize, or remedy such harm.
    (10) To the Office of Management and Budget during the coordination 
and clearance process in connection with legislative affairs as 
mandated by OMB Circular A-19.
    (11) To the Department of the Treasury to recover debts owed to the 
United States.
    (12) To the news media when the disclosure is compatible with the 
purpose for which the records were compiled.

DISCLOSURES TO CONSUMER REPORTING AGENCIES:
    Pursuant to 5 U.S.C. 552a(b)(12), records can be disclosed to 
consumer reporting agencies as they are defined by the Fair Credit 
Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act 
of 1966 (31 U.S.C. 3701(a)(3)).

POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING, 
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
    Records are stored on network storage devices, (e.g., hard disks, 
magnetic tapes) and on paper.

RETRIEVABILITY:
    IIS users view their own data by signing onto IIS with their user 
name and password. Additional access to data

[[Page 40609]]

is role based. For example, supervisors and COTRs can see the data of 
those for whom they are responsible, and IIS system administrators can 
see the data for all users in the system.

SAFEGUARDS:
    IIS is maintained with controls meeting safeguard requirements 
identified in Departmental Privacy Act Regulations (43 CFR 2.51) for 
manual and automated records. Access to records is limited to 
authorized personnel whose official duties require such access; agency 
officials have access only to records pertaining to their agencies.
    (1) Physical Security: Paper or electronic format records are 
maintained in locked file cabinets and/or in secured rooms.
    (2) Technical Security: Electronic records are maintained in 
conformity with Office of Management and Budget and Departmental 
guidelines reflecting the implementation of the Federal Information 
Security Management Act. Electronic data are protected through user 
identification, passwords, database permissions, and software controls. 
These security measures establish different degrees of access for 
different types of users. An audit trail is maintained and reviewed 
periodically to identify unauthorized access. A Privacy Impact 
Assessment was completed for the IIS and is updated at least annually 
to ensure that Privacy Act requirements and personally identifiable 
information safeguard requirements are met.
    (3) Administrative Security: All DOI and contractor employees with 
access to IIS are required to complete Privacy Act, Records Management 
Act, and Security Awareness Training.

RETENTION AND DISPOSAL:
    Records relating to individuals covered by this system are retained 
in accordance with the 16 Bureau of Indian Affairs Manual (BIAM), as 
approved by the National Archives and Records Administration, and 
scheduled for permanent retention.

SYSTEM MANAGER AND ADDRESS:
    Director, Office of Information Operations (OIO), Office of the 
Chief Information Officer, 625 Herndon Parkway, Herndon, VA 20170.

NOTIFICATION PROCEDURES:
    Inquiries regarding the existence of records should be addressed to 
the System Manager. The request must be in writing, signed by the 
requester, and meet the requirements of 43 CFR 2.60.

RECORDS ACCESS PROCEDURES:
    A request for access may be addressed to the System Manager. The 
request must be in writing, signed by the requester, and meet the 
requirements of 43 CFR 2.63.

CONTESTING RECORD PROCEDURES:
    A petition for amendment should be addressed to the System Manager. 
The request must be in writing, signed by the requester, and meet the 
content requirements of 43 CFR 2.71.

RECORD SOURCE CATEGORIES:
    Individuals on whom the records are maintained providing 
information on themselves, managers issuing approvals for system access 
requests, IT technicians reporting status of IT system access requests, 
and personnel security officers reporting verification of background 
investigations.

EXEMPTIONS CLAIMED FOR THE SYSTEM:
    None.

[FR Doc. E8-16104 Filed 7-14-08; 8:45 am]
BILLING CODE 4312-RY-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.