DCAA Privacy Act Program, 12558-12561 [2015-05374]
Download as PDF
<![CDATA[
12558
Federal Register / Vol. 80, No. 46 / Tuesday, March 10, 2015 / Rules and Regulations
was so.46 The court further noted that
foreign swaps regulations passed since
the promulgation of the rules at issue in
the litigation ‘‘may now raise issues of
duplicative regulatory burdens’’ but that
‘‘the CFTC may well conclude that its
policy of substituted compliance largely
negates these costs.’’ 47
4. Finally, the court noted that
‘‘[p]laintiffs raise no complaints
regarding the CFTC’s evaluation of the
general, often unquantifiable, benefits
and costs of the domestic application of
the Title VII Rules.’’ 48 As a result, the
court held, ‘‘[o]n remand, the CFTC
would only need to make explicit which
of those benefits and costs similarly
apply to the Rules’ extraterritorial
applications.’’ 49
III. Supplement to Preambles of
Remanded Rulemakings Regarding the
Scope of the Commission’s
Consideration of Costs and Benefits
The Commission hereby clarifies that
it considered costs and benefits based
on the understanding that the swaps
market functions internationally, with
many transactions involving U.S. firms
taking place across international
boundaries; with leading industry
members typically conducting
operations both within and outside the
United States; and with industry
members commonly following
substantially similar business practices
wherever located. The Commission
considered all evidence in the record,
and in the absence of evidence
indicating differences in costs and
benefits between foreign and domestic
swaps activities, the Commission did
not find occasion to characterize
explicitly the identified costs and
benefits as foreign or domestic. Thus,
where the Commission did not
specifically refer to matters of location,
its discussion of costs and benefits
referred to the effects of its rules on all
business activity subject to its
regulations, whether by virtue of the
activity’s physical location in the
United States or by virtue of the
activity’s connection with or effect on
U.S. commerce under section 2(i).50 In
the language of the district court, the
Commission ‘‘functionally considered
the extraterritorial costs and
benefits,’’ 51 and this was because the
mstockstill on DSK4VPTVN1PROD with RULES
46 Id.
47 Op.
48 Op.
at *41.
at *41.
49 Id.
50 The statement in the text reflects the
Commission’s approach in its consideration of costs
and benefits for all of its Dodd-Frank rules, unless
otherwise specified for a particular issue or issues
in a particular rulemaking.
51 Op. at *40.
VerDate Sep<11>2014
16:34 Mar 09, 2015
Jkt 235001
evidence in the record did not suggest
that differences existed, with certain
limited exceptions that the Commission
addressed.52 For example, as the district
court found, at the time of the
promulgation of the rules at issue,
foreign swaps regulations generally
were still being developed so any costs
associated with potentially duplicative
or inconsistent regulations remained
hypothetical.53 Thus, as the court noted,
the plaintiffs in SIFMA v. CFTC did not
‘‘identify any specific data that the
CFTC failed to take into account.’’ 54
IV. Request for Comments
As noted above, the district court
stated that, on remand, the Commission
‘‘would only need to make explicit’’
which of the costs and benefits
identified in the rule preambles
‘‘similarly apply to the Rules’
extraterritorial applications.’’ 55 In order
to assist the Commission in determining
whether any further consideration or
explanation—beyond that contained in
the original rule preambles and this
release—is needed to respond to this
mandate, the Commission requests
comments on the following questions:
1. Are there any benefits or costs that
the Commission identified in any of the
rule preambles that do not apply, or
apply to a different extent, to the
relevant rule’s extraterritorial
applications?
2. Are there any costs or benefits that
are unique to one or more of the rules’
extraterritorial applications? If so,
please specify how.
3. Put another way, are the types of
costs and benefits that arise from the
extraterritorial application of any of the
rules different from those that arise from
the domestic application? If so, how and
to what extent?
4. If significant differences exist in the
costs and benefits of the extraterritorial
and domestic application of one or more
of the rules, what are the implications
of those differences for the substantive
requirements of the rule or rules?
Comments should specify, in the
header of the comment, the particular
rule or rules that they address. The
52 See, e.g., Portfolio Reconciliation Rule, 77 FR
at 55945–46, 55948–49 & nn.79, 84, 98, 108
(considering ISDA data regarding U.S. and foreign
firms, and factoring in European proposals); Risk
Management Rule, 77 FR at 20177 n.104 (relying on
UK FSA study); Swaps Entity Registration Rule, 77
FR at 2624–25 (stating in response to comments that
Commission ‘‘does not believe that foreign-based
Swaps Entities will bear higher costs associated
with the registration process’’ and giving
explanation); SDR Reporting Rule, 77 FR at 2192
(considering costs and benefits of swap identifiers,
including in cross-border activities).
53 Op. at *39.
54 Op. at *39.
55 Op. at *41.
PO 00000
Frm 00004
Fmt 4700
Sfmt 4700
Commission requests that comments
focus on information and analysis
specifically relevant to the inquiry
specified by the district court’s remand
order. Consistent with the district
court’s holding that the Commission is
not required to address the issue of what
the geographical scope of its rules
should be in the challenged
rulemakings,56 the purpose of this
request for comments is to further
consider the cross-border costs and
benefits of the substance of the rules,
not to initiate a process to address the
rules’ cross-border scope, which, as the
district court held, is prescribed by
section 2(i).57 The Commission further
requests that commenters supply the
Commission with relevant data to
support their comments.
Issued in Washington, DC, on March 4,
2015, by the Commission.
Christopher J. Kirkpatrick,
Secretary of the Commission.
Note: The following appendix will not
appear in the Code of Federal Regulations.
Appendix to Initial Response to District
Court Remand Order in Securities
Industry and Financial Markets
Association, et al. v. United States
Commodity Futures Trading
Commission—Commission Voting
Summary
On this matter, Chairman Massad and
Commissioners Wetjen, Bowen, and
Giancarlo voted in the affirmative. No
Commissioner voted in the negative.
[FR Doc. 2015–05413 Filed 3–9–15; 8:45 am]
BILLING CODE 6351–01–P
DEPARTMENT OF DEFENSE
Office of the Secretary
32 CFR Part 317
[DOD–2008–OS–0068]
RIN 0790–AJ23
DCAA Privacy Act Program
Department of Defense.
Final rule.
AGENCY:
ACTION:
The Defense Contract Audit
Agency (DCAA) is amending the DCAA
Privacy Act Program Regulation.
Specifically, DCAA is adding an
exemption section to include an
exemption for RDCAA 900.1, DCAA
Internal Review Case Files. This rule
SUMMARY:
56 Op.
at *36–*37.
as it has done in the past, the
Commission will continue to consider the proper
interpretation and application of section 2(i) in
particular circumstances.
57 However,
E:\FR\FM\10MRR1.SGM
10MRR1
Federal Register / Vol. 80, No. 46 / Tuesday, March 10, 2015 / Rules and Regulations
provides policies and procedures for the
DCAA’s implementation of the Privacy
Act of 1974, as amended.
DATES: This rule is effective on April 9,
2015.
FOR FURTHER INFORMATION CONTACT: Mr.
Keith Mastromichalis, FOIA/PA
Management Analyst, DCAA HQ, 703–
767–1022.
SUPPLEMENTARY INFORMATION: The
revisions to this rule are part of DoD’s
retrospective plan under EO 13563
completed in August 2011. DoD’s full
plan can be accessed at https://
www.regulations.gov/#!docket
Browser;rpp=25;po=0;dct
=N%252BFR%252BPR%252BO;D
=DOD-2011-OS-0036.
Executive Summary
communities; (2) Create a serious
inconsistency or otherwise interfere
with an action taken or planned by
another Agency; (3) Materially alter the
budgetary impact of entitlements,
grants, user fees, or loan programs, or
the rights and obligations of recipients
thereof; or (4) Raise novel legal or policy
issues arising out of legal mandates, the
President’s priorities, or the principles
set forth in these Executive Orders.
Public Law 96–354, ‘‘Regulatory
Flexibility Act’’ (5 U.S.C Chapter 6)
It has been certified that this rule does
not have significant economic impact on
a substantial number of small entities
because it is concerned only with the
administration of Privacy Act within the
Department of Defense.
I. Purpose of This Regulatory Action
a. This rule provides policies and
procedures for DCAA’s implementation
of the Privacy Act of 1974, as amended.
b. Authority: Privacy Act of 1974,
Pub. L. 93–579, Stat. 1896 (5 U.S.C.
552a).
Public Law 95–511, ‘‘Paperwork
Reduction Act’’ (44 U.S.C. Chapter 35)
II. Summary of the Major Provisions of
This Regulatory Action
DCAA is adding an exemption section
to include an exemption for RDCAA
900.1, DCAA Internal Review Case
Files.
Section 202, Public Law 104–4,
‘‘Unfunded Mandates Reform Act’’
III. Costs and Benefits of This
Regulatory Action
This regulatory action imposes no
monetary costs to the Agency or public.
The benefit to the public is the accurate
reflection of the Agency’s Privacy
Program to ensure that policies and
procedures are known to the public.
Public Comments
On Thursday, February 6, 2014 (79 FR
7114–7117), the Department of Defense
published a proposed rule requesting
public comment. No comments were
received on the proposed rule, and no
changes have been made in the final
rule.
mstockstill on DSK4VPTVN1PROD with RULES
Executive Order 12866, ‘‘Regulatory
Planning and Review’’ and Executive
Order 13563, ‘‘Improving Regulation
and Regulatory Review’’
It has been determined that this rule
is not a significant regulatory action
under these Executive Orders. This rule
does not (1) Have an annual effect on
the economy of $100 million or more or
adversely affect in a material way the
economy; a sector of the economy;
productivity; competition; jobs; the
environment; public health or safety; or
State, local, or tribal governments or
16:34 Mar 09, 2015
It has been determined that this rule
does not involve a Federal mandate that
may result in the expenditure by State,
local and tribal governments, in the
aggregate, or by the private sector, of
$100 million or more and that such
rulemaking will not significantly or
uniquely affect small governments.
Executive Order 13132, ‘‘Federalism’’
It has been determined that this rule
does not have federalism implications.
This rule does not have substantial
direct effects on the States, on the
relationship between the National
Government and the States, or on the
distribution of power and
responsibilities among the various
levels of government.
List of Subjects in 32 CFR Part 317
Privacy.
Regulatory Procedures
VerDate Sep<11>2014
It has been determined that this rule
imposes no information collection
requirements on the public under the
Paperwork Reduction Act of 1995.
Jkt 235001
Accordingly 32 CFR part 317 is
revised to read as follows:
PART 317—DCAA PRIVACY ACT
PROGRAM
Sec.
317.1
317.2
317.3
317.4
317.5
317.6
Purpose.
Applicability and scope.
Policy.
Responsibilities.
Procedures.
Procedures for exemptions.
Authority: Pub. L. 93–579, 88 Stat. 1896
(5 U.S.C. 552a).
PO 00000
Frm 00005
Fmt 4700
Sfmt 4700
§ 317.1
12559
Purpose.
This part provides policies and
procedures for the Defense Contract
Audit Agency’s (DCAA) implementation
of the Privacy Act of 1974 (5 U.S.C.
552a) and 32 CFR part 310, and is
intended to promote uniformity within
DCAA.
§ 317.2
Applicability and scope.
(a) This part applies to all DCAA
organizational elements and takes
precedence over all regional regulatory
issuances that supplement the DCAA
Privacy Program.
(b) This part shall be made applicable
by contract or other legally binding
action to contractors whenever a DCAA
contract provides for the operation of a
system of records or portion of a system
of records to accomplish an Agency
function.
§ 317.3
Policy.
(a) It is DCAA policy that personnel
will comply with the DCAA Privacy
Program; the Privacy Act of 1974; and
the DoD Privacy Program (32 CFR part
310). Strict adherence is necessary to
ensure uniformity in the
implementation of the DCAA Privacy
Program and create conditions that will
foster public trust. It is also Agency
policy to safeguard personal information
contained in any system of records
maintained by DCAA organizational
elements and to make that information
available to the individual to whom it
pertains to the maximum extent
practicable.
(b) DCAA policy specifically requires
that DCAA organizational elements:
(1) Collect, maintain, use, and
disseminate personal information only
when it is relevant and necessary to
achieve a purpose required by statute or
Executive Order.
(2) Collect personal information
directly from the individuals to whom
it pertains to the greatest extent
practical.
(3) Inform individuals who are asked
to supply personal information for
inclusion in any system of records:
(i) The authority for the solicitation.
(ii) Whether furnishing the
information is mandatory or voluntary.
(iii) The intended uses of the
information.
(iv) The routine disclosures of the
information that may be made outside of
DoD.
(v) The effect on the individual of not
providing all or any part of the
requested information.
(4) Ensure that records used in
making determinations about
individuals and those containing
personal information are accurate,
E:\FR\FM\10MRR1.SGM
10MRR1
mstockstill on DSK4VPTVN1PROD with RULES
12560
Federal Register / Vol. 80, No. 46 / Tuesday, March 10, 2015 / Rules and Regulations
relevant, timely, and complete for the
purposes for which they are being
maintained before making them
available to any recipients outside of
DoD, other than a Federal agency,
unless the disclosure is made under
DCAA Regulation 5410.8, DCAA
Freedom of Information Act Program.
(5) Keep no record that describes how
individuals exercise their rights
guaranteed by the First Amendment to
the U.S. Constitution, unless expressly
authorized by statute or by the
individual to whom the records pertain
or is pertinent to and within the scope
of an authorized law enforcement
activity.
(6) Notify individuals whenever
records pertaining to them are made
available under compulsory legal
processes, if such process is a matter of
public record.
(7) Establish safeguards to ensure the
security of personal information and to
protect this information from threats or
hazards that might result in substantial
harm, embarrassment, inconvenience, or
unfairness to the individual.
(8) Establish rules of conduct for
DCAA personnel involved in the design,
development, operation, or maintenance
of any system of records and train them
in these rules of conduct.
(9) Assist individuals in determining
what records pertaining to them are
being collected, maintained, used, or
disseminated.
(10) Permit individual access to the
information pertaining to them
maintained in any system of records,
and to correct or amend that
information, unless an exemption for
the system has been properly
established for an important public
purpose.
(11) Provide, on request, an
accounting of all disclosures of the
information pertaining to them except
when disclosures are made:
(i) To DoD personnel in the course of
their official duties.
(ii) Under DCAA Regulation 5410.8,
DCAA Freedom of Information Act
Program.
(iii) To another agency or to an
instrumentality of any governmental
jurisdiction within or under control of
the United States conducting law
enforcement activities authorized by
law.
(12) Advise individuals on their rights
to appeal any refusal to grant access to
or amend any record pertaining to them,
and file a statement of disagreement
with the record in the event amendment
is refused.
VerDate Sep<11>2014
16:34 Mar 09, 2015
Jkt 235001
§ 317.4
Responsibilities.
(a) The Assistant Director, Resources
has overall responsibility for the DCAA
Privacy Act Program and will serve as
the sole appellate authority for appeals
to decisions of respective initial denial
authorities.
(b) The Chief, Administrative
Management Division under the
direction of the Assistant Director,
Resources, shall:
(1) Establish, issue, and update
policies for the DCAA Privacy Act
Program; monitor compliance with this
part; and provide policy guidance for
the DCAA Privacy Act Program.
(2) Resolve conflicts that may arise
regarding implementation of DCAA
Privacy Act policy.
(3) Designate an Agency Privacy Act
Advisor, as a single point of contact, to
coordinate on matters concerning
Privacy Act policy.
(4) Make the initial determination to
deny an individual’s written Privacy
Act request for access to or amendment
of documents filed in Privacy Act
systems of records. This authority
cannot be delegated.
(c) The DCAA Privacy Act Advisor
under the supervision of the Chief,
Administrative Management Division
shall:
(1) Manage the DCAA Privacy Act
Program in accordance with this part
and applicable DCAA policies, as well
as DoD and Federal regulations.
(2) Provide guidelines for managing,
administering, and implementing the
DCAA Privacy Act Program.
(3) Implement and administer the
Privacy Act program at the
Headquarters.
(4) Ensure that the collection,
maintenance, use, or dissemination of
records of identifiable personal
information is in a manner that assures
that such action is for a necessary and
lawful purpose; that the information is
timely and accurate for its intended use;
and that adequate safeguards are
provided to prevent misuse of such
information.
(5) Prepare promptly any required
new, amended, or altered system notices
for systems of records subject to the
Privacy Act and submit them to the
Defense Privacy Office for subsequent
publication in the Federal Register.
(6) Conduct training on the Privacy
Act program for Agency personnel.
(d) Heads of Principal Staff Elements
are responsible for:
(1) Reviewing all regulations or other
policy and guidance issuances for
which they are the proponent to ensure
consistency with the provisions of this
part.
PO 00000
Frm 00006
Fmt 4700
Sfmt 4700
(2) Ensuring that the provisions of this
part are followed in processing requests
for records.
(3) Forwarding to the DCAA Privacy
Act Advisor, any Privacy Act requests
received directly from a member of the
public, so that the request may be
administratively controlled and
processed.
(4) Ensuring the prompt review of all
Privacy Act requests, and when
required, coordinating those requests
with other organizational elements.
(5) Providing recommendations to the
DCAA Privacy Act Advisor regarding
the releasability of DCAA records to
members of the public, along with the
responsive documents.
(6) Providing the appropriate
documents, along with a written
justification for any denial, in whole or
in part, of a request for records to the
DCAA Privacy Act Advisor. Those
portions to be excised should be
bracketed in red pencil, and the specific
exemption or exemptions cites which
provide the basis for denying the
requested records.
(e) The General Counsel is responsible
for:
(1) Ensuring uniformity is maintained
in the legal position, and the
interpretation of the Privacy Act; 32
CFR part 310; and this part.
(2) Consulting with DoD General
Counsel on final denials that are
inconsistent with decisions of other
DoD components, involve issues not
previously resolved, or raise new or
significant legal issues of potential
significance to other Government
agencies.
(3) Providing advice and assistance to
the Assistant Director, Resources;
Regional Directors; and the Regional
Privacy Act Officer, through the DCAA
Privacy Act Advisor, as required, in the
discharge of their responsibilities.
(4) Coordinating Privacy Act litigation
with the Department of Justice.
(5) Coordinating on Headquarters
denials of initial requests.
(f) Each Regional Director is
responsible for the overall management
of the Privacy Act program within their
respective regions. Under his/her
direction, the Regional Resources
Manager is responsible for the
management and staff supervision of the
program and for designating a Regional
Privacy Act Officer. Regional Directors
will, as designee of the Director, make
the initial determination to deny an
individual’s written Privacy Act request
for access to or amendment of
documents filed in Privacy Act systems
of records. This authority cannot be
delegated.
(g) Regional Privacy Act Officers will:
E:\FR\FM\10MRR1.SGM
10MRR1
mstockstill on DSK4VPTVN1PROD with RULES
Federal Register / Vol. 80, No. 46 / Tuesday, March 10, 2015 / Rules and Regulations
(1) Implement and administer the
Privacy Act program throughout the
region.
(2) Ensure that the collection,
maintenance, use, or dissemination of
records of identifiable personal
information is in compliance with this
part to assure that such action is for a
necessary and lawful purpose; that the
information is timely and accurate for
its intended use; and that adequate
safeguards are provided to prevent
misuse of such information.
(3) Prepare input for the annual
Privacy Act Report when requested by
the DCAA Information and Privacy
Advisor.
(4) Conduct training on the Privacy
Act program for regional and FAO
personnel.
(5) Provide recommendations to the
Regional Director through the Regional
Resources Manager regarding the
releasability of DCAA records to
members of the public.
(h) Managers, Field Audit Offices
(FAOs) will:
(1) Ensure that the provisions of this
part are followed in processing requests
for records.
(2) Forward to the Regional Privacy
Act Officer, any Privacy Act requests
received directly from a member of the
public, so that the request may be
administratively controlled and
processed.
(3) Ensure the prompt review of all
Privacy Act requests, and when
required, coordinating those requests
with other organizational elements.
(4) Provide recommendation to the
Regional Privacy Act Officer regarding
the releasability of DCAA records to
members of the public, along with the
responsive documents.
(5) Provide the appropriate
documents, along with a written
justification for any denial, in whole or
in part, of a request for records to the
Regional Privacy Act Officer. Those
portions to be excised should be
bracketed in red pencil, and the specific
exemption or exemptions cited which
provide the basis for denying the
requested records.
(i) DCAA Employees will:
(1) Not disclose any personal
information contained in any system of
records, except as authorized by this
part.
(2) Not maintain any official files
which are retrieved by name or other
personal identifier without first
ensuring that a notice for the system has
been published in the Federal Register.
(3) Report any disclosures of personal
information from a system of records or
the maintenance of any system of
records that are not authorized by this
VerDate Sep<11>2014
16:34 Mar 09, 2015
Jkt 235001
part to the appropriate Privacy Act
officials for their action.
§ 317.5
Procedures.
Procedures for processing material in
accordance with the Privacy Act of 1974
are outlined in DoD 5400.11–R, DoD
Privacy Program (32 CFR part 310).
§ 317.6
Procedures for exemptions.
(a) General information. There are two
types of exemptions, general and
specific. The general exemption
authorizes the exemption of a system of
records from all but a few requirements
of the Privacy Act. The specific
exemption authorizes exemption of a
system of records or portion thereof,
from only a few specific requirements.
If a new system of records originates for
which an exemption is proposed, or an
additional or new exemption for an
existing system of records is proposed,
the exemption shall be submitted with
the system of records notice. No
exemption of a system of records shall
be considered automatic for all records
in the system. The systems manager
shall review each requested record and
apply the exemptions only when this
will serve significant and legitimate
Government purposes.
(b) Specific exemptions. (1) System
identifier and name: RDCAA 900.1,
DCAA Internal Review Case Files
(i) Exemption: Any portions of this
system of records which fall under the
provisions of 5 U.S.C. 552a(k)(2) and
(k)(5) may be exempt from the following
subsections of 5 U.S.C. 552a: (c)(3), (d),
(e)(1), (e)(4)(G), (H), and (f).
(ii) Authority: 5 U.S.C. 552a(k)(2) and
(k)(5)
(iii) Reason: (A) From subsection
(c)(3) because disclosures from this
system could interfere with the just,
thorough and timely resolution of the
complaint or inquiry, and possibly
enable individuals to conceal their
wrongdoing or mislead the course of the
investigation by concealing, destroying
or fabricating evidence or documents.
(B) From subsection (d) because
disclosures from this system could
interfere with the just, thorough and
timely resolution of the complaint or
inquiry, and possibly enable individuals
to conceal their wrongdoing or mislead
the course of the investigation by
concealing, destroying or fabricating
evidence or documents. Disclosures
could also subject sources and witnesses
to harassment or intimidation which
jeopardize the safety and well-being of
themselves and their families.
(C) From subsection (e)(1) because the
nature of the investigation functions
creates unique problems in prescribing
specific parameters in a particular case
PO 00000
Frm 00007
Fmt 4700
Sfmt 4700
12561
as to what information is relevant or
necessary. Due to close liaison and
working relationships with other
Federal, state, local, foreign country law
enforcement agencies, and other
governmental agencies, information may
be received which may relate to a case
under the investigative jurisdiction of
another government agency. It is
necessary to maintain this information
in order to provide leads for appropriate
law enforcement purposes and to
establish patterns of activity which may
relate to the jurisdiction of other
cooperating agencies.
(D) From subsection (e)(4)(G) through
(H) because this system of records is
exempt from the access provisions of
subsection (d).
(E) From subsection (f) because the
agency’s rules are inapplicable to those
portions of the system that are exempt
and would place the burden on the
agency of either confirming or denying
the existence of a record pertaining to a
requesting individual might in itself
provide an answer to that individual
relating to an on-going investigation.
The conduct of a successful
investigation leading to the indictment
of a criminal offender precludes the
applicability of established agency rules
relating to verification of record,
disclosure of the record to that
individual, and record amendment
procedures for this record system.
(2) [Reserved]
Dated: March 4, 2015.
Aaron Siegel,
Alternate OSD Federal Register Liaison
Officer, Department of Defense.
[FR Doc. 2015–05374 Filed 3–9–15; 8:45 am]
BILLING CODE 5001–06–P
ENVIRONMENTAL PROTECTION
AGENCY
40 CFR Part 52
[EPA–R01–OAR–2014–0275; A–1–FRL–
9924–17–Region 1]
Approval and Promulgation of Air
Quality Implementation Plans; Rhode
Island; Transportation Conformity
Environmental Protection
Agency.
ACTION: Direct final rule.
AGENCY:
The Environmental Protection
Agency (EPA) is approving a State
Implementation Plan (SIP) revision
submitted by the State of Rhode Island
on February 21, 2014. This revision
includes a regulation adopted by Rhode
Island that establishes procedures to
follow for transportation conformity
SUMMARY:
E:\FR\FM\10MRR1.SGM
10MRR1
]]>Agencies
[Federal Register Volume 80, Number 46 (Tuesday, March 10, 2015)]
[Rules and Regulations]
[Pages 12558-12561]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2015-05374]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
Office of the Secretary
32 CFR Part 317
[DOD-2008-OS-0068]
RIN 0790-AJ23
DCAA Privacy Act Program
AGENCY: Department of Defense.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Defense Contract Audit Agency (DCAA) is amending the DCAA
Privacy Act Program Regulation. Specifically, DCAA is adding an
exemption section to include an exemption for RDCAA 900.1, DCAA
Internal Review Case Files. This rule
[[Page 12559]]
provides policies and procedures for the DCAA's implementation of the
Privacy Act of 1974, as amended.
DATES: This rule is effective on April 9, 2015.
FOR FURTHER INFORMATION CONTACT: Mr. Keith Mastromichalis, FOIA/PA
Management Analyst, DCAA HQ, 703-767-1022.
SUPPLEMENTARY INFORMATION: The revisions to this rule are part of DoD's
retrospective plan under EO 13563 completed in August 2011. DoD's full
plan can be accessed at https://www.regulations.gov/#!docketBrowser;rpp=25;po=0;dct=N%252BFR%252BPR%252BO;D=DOD-2011-OS-
0036.
Executive Summary
I. Purpose of This Regulatory Action
a. This rule provides policies and procedures for DCAA's
implementation of the Privacy Act of 1974, as amended.
b. Authority: Privacy Act of 1974, Pub. L. 93-579, Stat. 1896 (5
U.S.C. 552a).
II. Summary of the Major Provisions of This Regulatory Action
DCAA is adding an exemption section to include an exemption for
RDCAA 900.1, DCAA Internal Review Case Files.
III. Costs and Benefits of This Regulatory Action
This regulatory action imposes no monetary costs to the Agency or
public. The benefit to the public is the accurate reflection of the
Agency's Privacy Program to ensure that policies and procedures are
known to the public.
Public Comments
On Thursday, February 6, 2014 (79 FR 7114-7117), the Department of
Defense published a proposed rule requesting public comment. No
comments were received on the proposed rule, and no changes have been
made in the final rule.
Regulatory Procedures
Executive Order 12866, ``Regulatory Planning and Review'' and Executive
Order 13563, ``Improving Regulation and Regulatory Review''
It has been determined that this rule is not a significant
regulatory action under these Executive Orders. This rule does not (1)
Have an annual effect on the economy of $100 million or more or
adversely affect in a material way the economy; a sector of the
economy; productivity; competition; jobs; the environment; public
health or safety; or State, local, or tribal governments or
communities; (2) Create a serious inconsistency or otherwise interfere
with an action taken or planned by another Agency; (3) Materially alter
the budgetary impact of entitlements, grants, user fees, or loan
programs, or the rights and obligations of recipients thereof; or (4)
Raise novel legal or policy issues arising out of legal mandates, the
President's priorities, or the principles set forth in these Executive
Orders.
Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C Chapter 6)
It has been certified that this rule does not have significant
economic impact on a substantial number of small entities because it is
concerned only with the administration of Privacy Act within the
Department of Defense.
Public Law 95-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)
It has been determined that this rule imposes no information
collection requirements on the public under the Paperwork Reduction Act
of 1995.
Section 202, Public Law 104-4, ``Unfunded Mandates Reform Act''
It has been determined that this rule does not involve a Federal
mandate that may result in the expenditure by State, local and tribal
governments, in the aggregate, or by the private sector, of $100
million or more and that such rulemaking will not significantly or
uniquely affect small governments.
Executive Order 13132, ``Federalism''
It has been determined that this rule does not have federalism
implications. This rule does not have substantial direct effects on the
States, on the relationship between the National Government and the
States, or on the distribution of power and responsibilities among the
various levels of government.
List of Subjects in 32 CFR Part 317
Privacy.
Accordingly 32 CFR part 317 is revised to read as follows:
PART 317--DCAA PRIVACY ACT PROGRAM
Sec.
317.1 Purpose.
317.2 Applicability and scope.
317.3 Policy.
317.4 Responsibilities.
317.5 Procedures.
317.6 Procedures for exemptions.
Authority: Pub. L. 93-579, 88 Stat. 1896 (5 U.S.C. 552a).
Sec. 317.1 Purpose.
This part provides policies and procedures for the Defense Contract
Audit Agency's (DCAA) implementation of the Privacy Act of 1974 (5
U.S.C. 552a) and 32 CFR part 310, and is intended to promote uniformity
within DCAA.
Sec. 317.2 Applicability and scope.
(a) This part applies to all DCAA organizational elements and takes
precedence over all regional regulatory issuances that supplement the
DCAA Privacy Program.
(b) This part shall be made applicable by contract or other legally
binding action to contractors whenever a DCAA contract provides for the
operation of a system of records or portion of a system of records to
accomplish an Agency function.
Sec. 317.3 Policy.
(a) It is DCAA policy that personnel will comply with the DCAA
Privacy Program; the Privacy Act of 1974; and the DoD Privacy Program
(32 CFR part 310). Strict adherence is necessary to ensure uniformity
in the implementation of the DCAA Privacy Program and create conditions
that will foster public trust. It is also Agency policy to safeguard
personal information contained in any system of records maintained by
DCAA organizational elements and to make that information available to
the individual to whom it pertains to the maximum extent practicable.
(b) DCAA policy specifically requires that DCAA organizational
elements:
(1) Collect, maintain, use, and disseminate personal information
only when it is relevant and necessary to achieve a purpose required by
statute or Executive Order.
(2) Collect personal information directly from the individuals to
whom it pertains to the greatest extent practical.
(3) Inform individuals who are asked to supply personal information
for inclusion in any system of records:
(i) The authority for the solicitation.
(ii) Whether furnishing the information is mandatory or voluntary.
(iii) The intended uses of the information.
(iv) The routine disclosures of the information that may be made
outside of DoD.
(v) The effect on the individual of not providing all or any part
of the requested information.
(4) Ensure that records used in making determinations about
individuals and those containing personal information are accurate,
[[Page 12560]]
relevant, timely, and complete for the purposes for which they are
being maintained before making them available to any recipients outside
of DoD, other than a Federal agency, unless the disclosure is made
under DCAA Regulation 5410.8, DCAA Freedom of Information Act Program.
(5) Keep no record that describes how individuals exercise their
rights guaranteed by the First Amendment to the U.S. Constitution,
unless expressly authorized by statute or by the individual to whom the
records pertain or is pertinent to and within the scope of an
authorized law enforcement activity.
(6) Notify individuals whenever records pertaining to them are made
available under compulsory legal processes, if such process is a matter
of public record.
(7) Establish safeguards to ensure the security of personal
information and to protect this information from threats or hazards
that might result in substantial harm, embarrassment, inconvenience, or
unfairness to the individual.
(8) Establish rules of conduct for DCAA personnel involved in the
design, development, operation, or maintenance of any system of records
and train them in these rules of conduct.
(9) Assist individuals in determining what records pertaining to
them are being collected, maintained, used, or disseminated.
(10) Permit individual access to the information pertaining to them
maintained in any system of records, and to correct or amend that
information, unless an exemption for the system has been properly
established for an important public purpose.
(11) Provide, on request, an accounting of all disclosures of the
information pertaining to them except when disclosures are made:
(i) To DoD personnel in the course of their official duties.
(ii) Under DCAA Regulation 5410.8, DCAA Freedom of Information Act
Program.
(iii) To another agency or to an instrumentality of any
governmental jurisdiction within or under control of the United States
conducting law enforcement activities authorized by law.
(12) Advise individuals on their rights to appeal any refusal to
grant access to or amend any record pertaining to them, and file a
statement of disagreement with the record in the event amendment is
refused.
Sec. 317.4 Responsibilities.
(a) The Assistant Director, Resources has overall responsibility
for the DCAA Privacy Act Program and will serve as the sole appellate
authority for appeals to decisions of respective initial denial
authorities.
(b) The Chief, Administrative Management Division under the
direction of the Assistant Director, Resources, shall:
(1) Establish, issue, and update policies for the DCAA Privacy Act
Program; monitor compliance with this part; and provide policy guidance
for the DCAA Privacy Act Program.
(2) Resolve conflicts that may arise regarding implementation of
DCAA Privacy Act policy.
(3) Designate an Agency Privacy Act Advisor, as a single point of
contact, to coordinate on matters concerning Privacy Act policy.
(4) Make the initial determination to deny an individual's written
Privacy Act request for access to or amendment of documents filed in
Privacy Act systems of records. This authority cannot be delegated.
(c) The DCAA Privacy Act Advisor under the supervision of the
Chief, Administrative Management Division shall:
(1) Manage the DCAA Privacy Act Program in accordance with this
part and applicable DCAA policies, as well as DoD and Federal
regulations.
(2) Provide guidelines for managing, administering, and
implementing the DCAA Privacy Act Program.
(3) Implement and administer the Privacy Act program at the
Headquarters.
(4) Ensure that the collection, maintenance, use, or dissemination
of records of identifiable personal information is in a manner that
assures that such action is for a necessary and lawful purpose; that
the information is timely and accurate for its intended use; and that
adequate safeguards are provided to prevent misuse of such information.
(5) Prepare promptly any required new, amended, or altered system
notices for systems of records subject to the Privacy Act and submit
them to the Defense Privacy Office for subsequent publication in the
Federal Register.
(6) Conduct training on the Privacy Act program for Agency
personnel.
(d) Heads of Principal Staff Elements are responsible for:
(1) Reviewing all regulations or other policy and guidance
issuances for which they are the proponent to ensure consistency with
the provisions of this part.
(2) Ensuring that the provisions of this part are followed in
processing requests for records.
(3) Forwarding to the DCAA Privacy Act Advisor, any Privacy Act
requests received directly from a member of the public, so that the
request may be administratively controlled and processed.
(4) Ensuring the prompt review of all Privacy Act requests, and
when required, coordinating those requests with other organizational
elements.
(5) Providing recommendations to the DCAA Privacy Act Advisor
regarding the releasability of DCAA records to members of the public,
along with the responsive documents.
(6) Providing the appropriate documents, along with a written
justification for any denial, in whole or in part, of a request for
records to the DCAA Privacy Act Advisor. Those portions to be excised
should be bracketed in red pencil, and the specific exemption or
exemptions cites which provide the basis for denying the requested
records.
(e) The General Counsel is responsible for:
(1) Ensuring uniformity is maintained in the legal position, and
the interpretation of the Privacy Act; 32 CFR part 310; and this part.
(2) Consulting with DoD General Counsel on final denials that are
inconsistent with decisions of other DoD components, involve issues not
previously resolved, or raise new or significant legal issues of
potential significance to other Government agencies.
(3) Providing advice and assistance to the Assistant Director,
Resources; Regional Directors; and the Regional Privacy Act Officer,
through the DCAA Privacy Act Advisor, as required, in the discharge of
their responsibilities.
(4) Coordinating Privacy Act litigation with the Department of
Justice.
(5) Coordinating on Headquarters denials of initial requests.
(f) Each Regional Director is responsible for the overall
management of the Privacy Act program within their respective regions.
Under his/her direction, the Regional Resources Manager is responsible
for the management and staff supervision of the program and for
designating a Regional Privacy Act Officer. Regional Directors will, as
designee of the Director, make the initial determination to deny an
individual's written Privacy Act request for access to or amendment of
documents filed in Privacy Act systems of records. This authority
cannot be delegated.
(g) Regional Privacy Act Officers will:
[[Page 12561]]
(1) Implement and administer the Privacy Act program throughout the
region.
(2) Ensure that the collection, maintenance, use, or dissemination
of records of identifiable personal information is in compliance with
this part to assure that such action is for a necessary and lawful
purpose; that the information is timely and accurate for its intended
use; and that adequate safeguards are provided to prevent misuse of
such information.
(3) Prepare input for the annual Privacy Act Report when requested
by the DCAA Information and Privacy Advisor.
(4) Conduct training on the Privacy Act program for regional and
FAO personnel.
(5) Provide recommendations to the Regional Director through the
Regional Resources Manager regarding the releasability of DCAA records
to members of the public.
(h) Managers, Field Audit Offices (FAOs) will:
(1) Ensure that the provisions of this part are followed in
processing requests for records.
(2) Forward to the Regional Privacy Act Officer, any Privacy Act
requests received directly from a member of the public, so that the
request may be administratively controlled and processed.
(3) Ensure the prompt review of all Privacy Act requests, and when
required, coordinating those requests with other organizational
elements.
(4) Provide recommendation to the Regional Privacy Act Officer
regarding the releasability of DCAA records to members of the public,
along with the responsive documents.
(5) Provide the appropriate documents, along with a written
justification for any denial, in whole or in part, of a request for
records to the Regional Privacy Act Officer. Those portions to be
excised should be bracketed in red pencil, and the specific exemption
or exemptions cited which provide the basis for denying the requested
records.
(i) DCAA Employees will:
(1) Not disclose any personal information contained in any system
of records, except as authorized by this part.
(2) Not maintain any official files which are retrieved by name or
other personal identifier without first ensuring that a notice for the
system has been published in the Federal Register.
(3) Report any disclosures of personal information from a system of
records or the maintenance of any system of records that are not
authorized by this part to the appropriate Privacy Act officials for
their action.
Sec. 317.5 Procedures.
Procedures for processing material in accordance with the Privacy
Act of 1974 are outlined in DoD 5400.11-R, DoD Privacy Program (32 CFR
part 310).
Sec. 317.6 Procedures for exemptions.
(a) General information. There are two types of exemptions, general
and specific. The general exemption authorizes the exemption of a
system of records from all but a few requirements of the Privacy Act.
The specific exemption authorizes exemption of a system of records or
portion thereof, from only a few specific requirements. If a new system
of records originates for which an exemption is proposed, or an
additional or new exemption for an existing system of records is
proposed, the exemption shall be submitted with the system of records
notice. No exemption of a system of records shall be considered
automatic for all records in the system. The systems manager shall
review each requested record and apply the exemptions only when this
will serve significant and legitimate Government purposes.
(b) Specific exemptions. (1) System identifier and name: RDCAA
900.1, DCAA Internal Review Case Files
(i) Exemption: Any portions of this system of records which fall
under the provisions of 5 U.S.C. 552a(k)(2) and (k)(5) may be exempt
from the following subsections of 5 U.S.C. 552a: (c)(3), (d), (e)(1),
(e)(4)(G), (H), and (f).
(ii) Authority: 5 U.S.C. 552a(k)(2) and (k)(5)
(iii) Reason: (A) From subsection (c)(3) because disclosures from
this system could interfere with the just, thorough and timely
resolution of the complaint or inquiry, and possibly enable individuals
to conceal their wrongdoing or mislead the course of the investigation
by concealing, destroying or fabricating evidence or documents.
(B) From subsection (d) because disclosures from this system could
interfere with the just, thorough and timely resolution of the
complaint or inquiry, and possibly enable individuals to conceal their
wrongdoing or mislead the course of the investigation by concealing,
destroying or fabricating evidence or documents. Disclosures could also
subject sources and witnesses to harassment or intimidation which
jeopardize the safety and well-being of themselves and their families.
(C) From subsection (e)(1) because the nature of the investigation
functions creates unique problems in prescribing specific parameters in
a particular case as to what information is relevant or necessary. Due
to close liaison and working relationships with other Federal, state,
local, foreign country law enforcement agencies, and other governmental
agencies, information may be received which may relate to a case under
the investigative jurisdiction of another government agency. It is
necessary to maintain this information in order to provide leads for
appropriate law enforcement purposes and to establish patterns of
activity which may relate to the jurisdiction of other cooperating
agencies.
(D) From subsection (e)(4)(G) through (H) because this system of
records is exempt from the access provisions of subsection (d).
(E) From subsection (f) because the agency's rules are inapplicable
to those portions of the system that are exempt and would place the
burden on the agency of either confirming or denying the existence of a
record pertaining to a requesting individual might in itself provide an
answer to that individual relating to an on-going investigation. The
conduct of a successful investigation leading to the indictment of a
criminal offender precludes the applicability of established agency
rules relating to verification of record, disclosure of the record to
that individual, and record amendment procedures for this record
system.
(2) [Reserved]
Dated: March 4, 2015.
Aaron Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 2015-05374 Filed 3-9-15; 8:45 am]
BILLING CODE 5001-06-P
