Privacy Act of 1974; Implementation, 25751-25753 [2017-10788]
Download as PDF
<![CDATA[
Federal Register / Vol. 82, No. 106 / Monday, June 5, 2017 / Proposed Rules
DEPARTMENT OF JUSTICE
28 CFR Part 16
[CPCLO Order No. 002–2017]
Privacy Act of 1974; Implementation
United States Department of
Justice.
ACTION: Notice of proposed rulemaking.
AGENCY:
Elsewhere in this Federal
Register, the United States Department
of Justice (Department or DOJ) has
published a new Privacy Act System of
Records Notice, JUSTICE/DOJ–018,
‘‘DOJ Insider Threat Program Records.’’
Further, the Department issued a
rescindment notice for the Federal
Bureau of Investigation (FBI) System of
Records Notice titled, ‘‘FBI Insider
Threat Program Records,’’ JUSTICE/
FBI–023. In this document, the DOJ
withdraws the notice of proposed
rulemaking for the ‘‘FBI Insider Threat
Program Records’’ issued in CPCLO
Order No. 008–2016, published on
September 19, 2016, and proposes to
exempt JUSTICE/DOJ–018 from certain
provisions of the Privacy Act, in order
to avoid interference with efforts to
detect, deter, and/or mitigate insider
threats. Public comment is invited.
DATES: As of June 5, 2017, the notice of
proposed rulemaking published at 81
FR 64092 (Sept. 19, 2016), is
withdrawn. Comments on this notice of
proposed rulemaking must be received
by July 5, 2017.
ADDRESSES: Address all comments to
the Privacy Analyst, Privacy and Civil
Liberties Office, National Place
Building, 1331 Pennsylvania Ave. NW.,
Suite 1000, Washington, DC 20530–
0001, facsimile 202–307–0693, or email
at privacy@usdoj.gov. To ensure proper
handling, please reference the CPCLO
Order No. of this notice of proposed
rulemaking in your correspondence.
You may review an electronic version of
the proposed rule at https://
www.regulations.gov, and you may also
comment by using that Web site’s
comment form for this regulation. When
submitting comments electronically,
you must include the CPCLO Order No.
in the subject box.
Please note that the Department is
requesting that electronic comments be
submitted before midnight Eastern
Daylight Time on the day the comment
period closes because https://
www.regulations.gov terminates the
public’s ability to submit comments at
that time. Commenters in time zones
other than Eastern Time may want to
consider this so that their electronic
comments are received. All comments
nlaroche on DSK30NT082PROD with PROPOSALS
SUMMARY:
VerDate Sep<11>2014
13:57 Jun 02, 2017
Jkt 241001
sent via regular or express mail will be
considered timely if postmarked on or
before the day the comment period
closes.
Posting of Public Comments: Please
note that all comments received are
considered part of the public record and
made available for public inspection
online at https://www.regulations.gov
and in the Department’s public docket.
Such information includes personal
identifying information (such as your
name, address, etc.) voluntarily
submitted by the commenter.
If you want to submit personal
identifying information (such as your
name, address, etc.) as part of your
comment, but do not want it to be
posted online or made available in the
public docket, you must include the
phrase ‘‘PERSONALLY IDENTIFYING
INFORMATION’’ in the first paragraph
of your comment. You must also place
all personal identifying information you
do not want posted online or made
available in the public docket in the first
paragraph of your comment and identify
what information you want redacted.
If you want to submit confidential
business information as part of your
comment, but do not want it to be
posted online or made available in the
public docket, you must include the
phrase ‘‘CONFIDENTIAL BUSINESS
INFORMATION’’ in the first paragraph
of your comment. You must also
prominently identify confidential
business information to be redacted
within the comment. If a comment has
so much confidential business
information that it cannot be effectively
redacted, all or part of that comment
may not be posted online or made
available in the public docket.
Personally identifying information
and confidential business information
identified and located as set forth above
will be redacted and the comment, in
redacted form, will be posted online and
placed in the Department’s public
docket file. Please note that the Freedom
of Information Act applies to all
comments received. If you wish to
inspect the agency’s public docket file
in person by appointment, please see
the FOR FURTHER INFORMATION CONTACT
section, below.
FOR FURTHER INFORMATION CONTACT:
Laurence Reed, DOJ Insider Threat
Program Manager, United States
Department of Justice, Insider Threat
Prevention and Detection Program, 145
N Street NE., Washington, DC 20002,
202–357–0165, itp@usdoj.gov.
SUPPLEMENTARY INFORMATION:
DOJ Insider Threat Program
The November 21, 2012, Presidential
Memorandum—National Insider Threat
PO 00000
Frm 00010
Fmt 4702
Sfmt 4702
25751
Policy and Minimum Standards for
Executive Branch Insider Threat
Programs states that an insider threat is
the threat that any person with
authorized access to any United States
Government resources, to include
personnel, facilities, information,
equipment, networks or systems, will
use her/his authorized access, wittingly
or unwittingly, to do harm to the
security of the United States. This threat
can include damage to the United States
through espionage, terrorism,
unauthorized disclosure of national
security information, or through the loss
or degradation of departmental
resources or capabilities.
In the Notice section of this Federal
Register, the DOJ has established a new
Privacy Act system of records titled
‘‘DOJ Insider Threat Program Records,’’
JUSTICE/DOJ–018. The system serves as
a repository for DOJ information and for
information lawfully received from
other federal agencies or obtained from
private companies and permits the
comparison of data sets in order to
provide a more complete picture of
potential insider threats.
In this rulemaking, the DOJ proposes
to exempt this Privacy Act system of
records from certain provisions of the
Privacy Act in order to avoid
interference with the responsibilities of
the DOJ to detect, deter, and/or mitigate
insider threats as established by federal
law and policy. For an overview of the
Privacy Act, see: https://
www.justice.gov/opcl/privacy-act-1974.
Integration of the FBI Insider Threat
Program Records (ITPR) System of
Records
On September 19, 2016, the Federal
Bureau of Investigation (FBI), a
component of the DOJ, published a new
Privacy Act System of Records Notice
titled, ‘‘FBI Insider Threat Program
Records (ITPR),’’ JUSTICE/FBI–023, at
81 FR 64198. The FBI also issued a
notice of proposed rulemaking, CPCLO
No. 008–2016, at 81 FR 64092,
proposing to exempt JUSTICE/FBI–023
from certain provisions of the Privacy
Act. To consolidate Privacy Act notices
under one DOJ-wide system of records,
the Department is rescinding JUSTICE/
FBI–023. In addition, the Department
hereby withdraws the proposed rule,
CPCLO No. 008–2016, published
September 19, 2016, at 81 FR 64092,
and will not publish a final rule to
exempt JUSTICE/FBI–023 from certain
provisions of the Privacy Act. Instead,
the Department has published a new
Privacy Act System of Records Notice
titled, ‘‘DOJ Insider Threat Program
Records,’’ JUSTICE/DOJ–018, and
proposes to exempt this DOJ-wide
E:\FR\FM\05JNP1.SGM
05JNP1
25752
Federal Register / Vol. 82, No. 106 / Monday, June 5, 2017 / Proposed Rules
system of records from certain
provisions of the Privacy Act, as
described below.
Regulatory Flexibility Act
This proposed rule relates to
individuals rather than small business
entities. Pursuant to the requirements of
the Regulatory Flexibility Act of 1980, 5
U.S.C. 601–612, therefore, the proposed
rule will not have a significant
economic impact on a substantial
number of small entities.
Small Entity Inquiries
The Small Business Regulatory
Enforcement Fairness Act (SBREFA) of
1996, 5 U.S.C. 801 et seq., requires the
DOJ to comply with small entity
requests for information and advice
about compliance with statutes and
regulations within DOJ jurisdiction. Any
small entity that has a question
regarding this document may contact
the person listed in the FOR FURTHER
INFORMATION CONTACT section, above.
Persons can obtain further information
regarding SBREFA on the Small
Business Administration’s Web page at
https://www.sba.gov/advo/archive/sum_
sbrefa.html.
nlaroche on DSK30NT082PROD with PROPOSALS
Paperwork Reduction Act
The Paperwork Reduction Act of
1995, 44 U.S.C. 3507(d), requires that
DOJ consider the impact of paperwork
and other information collection
burdens imposed on the public. There
are no current or new information
collection requirements associated with
this proposed rule. The records that are
contributed to this system may be
provided by individuals covered by this
system, the DOJ and United States
Government components, other
domestic and foreign government
entities, or purchased from private
entities. Sharing of this information
electronically will not increase the
paperwork burden on the public.
Unfunded Mandates Reform Act of
1995
Title II of the Unfunded Mandates
Reform Act of 1995 (UMRA), Public
Law 103–3, 109 Stat. 48, requires
Federal agencies to assess the effects of
certain regulatory actions on State,
local, and tribal governments, and the
private sector. UMRA requires a written
statement of economic and regulatory
alternatives for proposed and final rules
that contain Federal mandates. A
‘‘Federal mandate’’ is a new or
additional enforceable duty, imposed on
any State, local, or tribal government, or
the private sector. If any Federal
mandate causes those entities to spend,
in aggregate, $100 million or more in
VerDate Sep<11>2014
13:57 Jun 02, 2017
Jkt 241001
any one year, the UMRA analysis is
required. This proposed rule would not
impose Federal mandates on any State,
local, or tribal government or the private
sector.
List of Subjects in 28 CFR Part 16
Administrative practices and
procedures, Courts, Freedom of
Information Act, Privacy Act.
Pursuant to the authority vested in the
Attorney General by 5 U.S.C. 552a and
delegated to me by Attorney General
Order 2940–2008, 28 CFR part 16 is
proposed to be amended as follows:
PART 16—[AMENDED]
1. The authority citation for part 16
continues to read as follows:
■
Authority: 5 U.S.C. 301, 552, 552a, 553; 28
U.S.C. 509, 510, 534; 31 U.S.C. 3717.
Subpart E—Exemption of Records
Systems Under the Privacy Act
2. Add § 16.137 to subpart E to read
as follows:
■
§ 16.137 Exemption of the Department of
Justice Insider Threat Program Records,
JUSTICE/DOJ–018.
(a) The Department of Justice Insider
Threat Program Records (JUSTICE/DOJ–
018) system of records is exempted from
subsections 5 U.S.C. 552a(c)(3) and (4);
(d)(1), (2), (3) and (4); (e)(1), (2) and (3);
(e)(4)(G), (H) and (I); (e)(5) and (8); (f)
and (g) of the Privacy Act. These
exemptions apply only to the extent that
information in this system is subject to
exemption pursuant to 5 U.S.C. 552a(j)
or (k). Where DOJ determines
compliance would not appear to
interfere with or adversely affect the
purpose of this system to detect, deter,
and/or mitigate insider threats, the
applicable exemption may be waived by
the DOJ in its sole discretion.
(b) Exemptions from the particular
subsections are justified for the
following reasons:
(1) From subsection (c)(3), the
requirement that an accounting be made
available to the named subject of a
record, because this system is exempt
from the access provisions of subsection
(d). Also, because making available to a
record subject the accounting of
disclosures of records concerning him/
her would specifically reveal any
insider threat-related interest in the
individual by the DOJ or agencies that
are recipients of the disclosures.
Revealing this information could
compromise ongoing, authorized law
enforcement and intelligence efforts,
particularly efforts to identify and/or
mitigate insider threats. Revealing this
information could also permit the
PO 00000
Frm 00011
Fmt 4702
Sfmt 4702
record subject to obtain valuable insight
concerning the information obtained
during any investigation and to take
measures to impede the investigation,
e.g., destroy evidence or flee the area to
avoid the investigation.
(2) From subsection (c)(4) notification
requirements because this system is
exempt from the access and amendment
provisions of subsection (d) as well as
the accounting of disclosures provision
of subsection (c)(3). The DOJ takes
seriously its obligation to maintain
accurate records despite its assertion of
this exemption, and to the extent it, in
its sole discretion, agrees to permit
amendment or correction of DOJ
records, it will share that information in
appropriate cases.
(3) From subsection (d)(1), (2), (3) and
(4), (e)(4)(G) and (H), (e)(8), (f) and (g)
because these provisions concern
individual access to and amendment of
law enforcement, intelligence and
counterintelligence, and
counterterrorism records and
compliance could alert the subject of an
authorized law enforcement or
intelligence activity about that
particular activity and the interest of the
DOJ and/or other law enforcement or
intelligence agencies. Providing access
could compromise information
classified to protect national security;
disclose information that would
constitute an unwarranted invasion of
another’s personal privacy; reveal a
sensitive investigative or intelligence
technique; provide information that
would allow a subject to avoid detection
or apprehension; or constitute a
potential danger to the health or safety
of law enforcement personnel,
confidential sources, or witnesses.
(4) From subsection (e)(1) because it
is not always possible to know in
advance what information is relevant
and necessary for law enforcement and
intelligence purposes. The relevance
and utility of certain information that
may have a nexus to insider threats may
not always be fully evident until and
unless it is vetted and matched with
other information necessarily and
lawfully maintained by the DOJ.
(5) From subsection (e)(2) and (3)
because application of these provisions
could present a serious impediment to
efforts to detect, deter and/or mitigate
insider threats. Application of these
provisions would put the subject of an
investigation on notice of the
investigation and allow the subject an
opportunity to engage in conduct
intended to impede the investigative
activity or avoid apprehension.
(6) From subsection (e)(4)(I), to the
extent that this subsection is interpreted
to require more detail regarding the
E:\FR\FM\05JNP1.SGM
05JNP1
Federal Register / Vol. 82, No. 106 / Monday, June 5, 2017 / Proposed Rules
record sources in this system than has
been published in the Federal Register.
Should the subsection be so interpreted,
exemption from this provision is
necessary to protect the sources of law
enforcement and intelligence
information and to protect the privacy
and safety of witnesses and informants
and others who provide information to
the DOJ. Further, greater specificity of
sources of properly classified records
could compromise national security.
(7) From subsection (e)(5) because in
the collection of information for
authorized law enforcement and
intelligence purposes, including efforts
to detect, deter, and/or mitigate insider
threats, due to the nature of
investigations and intelligence
collection, the DOJ often collects
information that may not be
immediately shown to be accurate,
relevant, timely, and complete, although
the DOJ takes reasonable steps to collect
only the information necessary to
support its mission and investigations.
Additionally, the information may aid
in establishing patterns of activity and
providing criminal or intelligence leads.
It could impede investigative progress if
it were necessary to assure relevance,
accuracy, timeliness and completeness
of all information obtained throughout
the course and within the scope of an
investigation. Further, some of the
records in this system may come from
other domestic or foreign government
entities, or private entities, and it would
not be administratively feasible for the
DOJ to vouch for the compliance of
these agencies with this provision.
Dated: May 19, 2017.
Peter A. Winn,
Acting Chief Privacy and Civil Liberties
Officer, United States Department of Justice.
[FR Doc. 2017–10788 Filed 6–2–17; 8:45 am]
BILLING CODE 4410–NW–P
ENVIRONMENTAL PROTECTION
AGENCY
40 CFR Part 62
nlaroche on DSK30NT082PROD with PROPOSALS
[EPA–R08–OAR–2017–0171; FRL–9963–20–
Region 8]
Approval and Promulgation of State
Plans for Designated Facilities and
Pollutants: Colorado, Montana, North
Dakota, South Dakota, Utah, and
Wyoming; Negative Declarations
Environmental Protection
Agency.
ACTION: Proposed rule.
AGENCY:
The Environmental Protection
Agency (EPA) proposes to approve
SUMMARY:
VerDate Sep<11>2014
13:57 Jun 02, 2017
Jkt 241001
negative declarations submitted by the
states of Colorado, Montana, North
Dakota, South Dakota, and Wyoming,
which certify that no small municipal
waste combustor (MWC) units subject to
sections 111(d) and 129 of the Clean Air
Act (CAA) exist in those states. Second,
EPA proposes to approve renewed
negative declarations submitted by the
states of Colorado, Montana, North
Dakota, South Dakota, Utah, and
Wyoming, which certify that no large
MWC units subject to CAA sections
111(d) and 129 exist in those states.
Third, EPA proposes to approve
renewed negative declarations
submitted by the states of Montana,
South Dakota, Utah, and Wyoming,
which certify that no commercial and
industrial solid waste incineration
(CISWI) units subject to CAA sections
111(d) and 129 exist in those states.
Fourth, EPA proposes to approve
negative declarations submitted by the
states of Montana, North Dakota, South
Dakota, Utah, and Wyoming, which
certify that no other solid waste
incineration (OSWI) units subject to
CAA sections 111(d) and 129 exist in
those states.
DATES: Written comments must be
received on or before July 5, 2017.
ADDRESSES: Submit your comments,
identified by Docket ID No. EPA–R08–
OAR–2017–0171 at https://
www.regulations.gov. Follow the online
instructions for submitting comments.
Once submitted, comments cannot be
edited or removed from Regulations.gov.
The EPA may publish any comment
received to its public docket. Do not
submit electronically any information
you consider to be Confidential
Business Information (CBI) or other
information whose disclosure is
restricted by statute. Multimedia
submissions (audio, video, etc.) must be
accompanied by a written comment.
The written comment is considered the
official comment and should include
discussion of all points you wish to
make. The EPA will generally not
consider comments or comment
contents located outside of the primary
submission (i.e., on the web, cloud, or
other file sharing system). For
additional submission methods, the full
EPA public comment policy,
information about CBI or multimedia
submissions, and general guidance on
making effective comments, please visit
https://www2.epa.gov/dockets/
commenting-epa-dockets.
FOR FURTHER INFORMATION CONTACT:
Gregory Lohrke, Air Program, 1595
Wynkoop Street, Denver, Colorado
80202–1129, (303) 312–6396,
lohrke.gregory@epa.gov.
PO 00000
Frm 00012
Fmt 4702
Sfmt 4702
25753
In the
‘‘Rules and Regulations’’ section of this
Federal Register, the EPA is publishing
a direct final rule without prior proposal
to amend 40 CFR part 62 to reflect the
States’ submittals of the negative
declarations. The EPA views this as a
noncontroversial action and anticipates
no adverse comments. A detailed
rationale for the action is set forth in the
preamble to the direct final rule. If the
EPA receives no adverse comments,
EPA contemplates no further action. If
the EPA receives adverse comments,
EPA will withdraw the direct final rule
and will address all public comments in
a subsequent final rule based on this
proposed rule. The EPA will not
institute a second comment period on
this action. Any parties interested in
commenting must do so at this time.
Please note that if the EPA receives
adverse comment on an amendment,
paragraph, or section of this rule, and if
that provision may be severed from the
remainder of the rule, EPA may adopt
as final those provisions of the rule that
are not the subject of an adverse
comment. For additional information,
see the direct final rule of the same title
which is located in the ‘‘Rules and
Regulations’’ section of this Federal
Register.
SUPPLEMENTARY INFORMATION:
List of Subjects in 40 CFR Part 62
Environmental protection,
Administrative practice and procedure,
Air pollution control, Commercial
industrial solid waste incineration,
Intergovernmental relations, Municipal
solid waste combustion, Other solid
waste incineration, Reporting and
recordkeeping requirements.
Authority: 42 U.S.C. 7401 et seq.
Dated: May 12, 2017.
Suzanne J. Bohan,
Acting Regional Administrator, Region 8.
[FR Doc. 2017–11575 Filed 6–2–17; 8:45 am]
BILLING CODE 6560–50–P
DEPARTMENT OF TRANSPORTATION
Federal Motor Carrier Safety
Administration
49 CFR Part 387
[Docket No. FMCSA–2014–0211]
RIN 2126–AB74
Financial Responsibility for Motor
Carriers, Freight Forwarders, and
Brokers
Federal Motor Carrier Safety
Administration (FMCSA), DOT.
AGENCY:
E:\FR\FM\05JNP1.SGM
05JNP1
]]>Agencies
[Federal Register Volume 82, Number 106 (Monday, June 5, 2017)]
[Proposed Rules]
[Pages 25751-25753]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-10788]
[[Page 25751]]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF JUSTICE
28 CFR Part 16
[CPCLO Order No. 002-2017]
Privacy Act of 1974; Implementation
AGENCY: United States Department of Justice.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: Elsewhere in this Federal Register, the United States
Department of Justice (Department or DOJ) has published a new Privacy
Act System of Records Notice, JUSTICE/DOJ-018, ``DOJ Insider Threat
Program Records.'' Further, the Department issued a rescindment notice
for the Federal Bureau of Investigation (FBI) System of Records Notice
titled, ``FBI Insider Threat Program Records,'' JUSTICE/FBI-023. In
this document, the DOJ withdraws the notice of proposed rulemaking for
the ``FBI Insider Threat Program Records'' issued in CPCLO Order No.
008-2016, published on September 19, 2016, and proposes to exempt
JUSTICE/DOJ-018 from certain provisions of the Privacy Act, in order to
avoid interference with efforts to detect, deter, and/or mitigate
insider threats. Public comment is invited.
DATES: As of June 5, 2017, the notice of proposed rulemaking published
at 81 FR 64092 (Sept. 19, 2016), is withdrawn. Comments on this notice
of proposed rulemaking must be received by July 5, 2017.
ADDRESSES: Address all comments to the Privacy Analyst, Privacy and
Civil Liberties Office, National Place Building, 1331 Pennsylvania Ave.
NW., Suite 1000, Washington, DC 20530-0001, facsimile 202-307-0693, or
email at privacy@usdoj.gov. To ensure proper handling, please reference
the CPCLO Order No. of this notice of proposed rulemaking in your
correspondence. You may review an electronic version of the proposed
rule at https://www.regulations.gov, and you may also comment by using
that Web site's comment form for this regulation. When submitting
comments electronically, you must include the CPCLO Order No. in the
subject box.
Please note that the Department is requesting that electronic
comments be submitted before midnight Eastern Daylight Time on the day
the comment period closes because https://www.regulations.gov terminates
the public's ability to submit comments at that time. Commenters in
time zones other than Eastern Time may want to consider this so that
their electronic comments are received. All comments sent via regular
or express mail will be considered timely if postmarked on or before
the day the comment period closes.
Posting of Public Comments: Please note that all comments received
are considered part of the public record and made available for public
inspection online at https://www.regulations.gov and in the Department's
public docket. Such information includes personal identifying
information (such as your name, address, etc.) voluntarily submitted by
the commenter.
If you want to submit personal identifying information (such as
your name, address, etc.) as part of your comment, but do not want it
to be posted online or made available in the public docket, you must
include the phrase ``PERSONALLY IDENTIFYING INFORMATION'' in the first
paragraph of your comment. You must also place all personal identifying
information you do not want posted online or made available in the
public docket in the first paragraph of your comment and identify what
information you want redacted.
If you want to submit confidential business information as part of
your comment, but do not want it to be posted online or made available
in the public docket, you must include the phrase ``CONFIDENTIAL
BUSINESS INFORMATION'' in the first paragraph of your comment. You must
also prominently identify confidential business information to be
redacted within the comment. If a comment has so much confidential
business information that it cannot be effectively redacted, all or
part of that comment may not be posted online or made available in the
public docket.
Personally identifying information and confidential business
information identified and located as set forth above will be redacted
and the comment, in redacted form, will be posted online and placed in
the Department's public docket file. Please note that the Freedom of
Information Act applies to all comments received. If you wish to
inspect the agency's public docket file in person by appointment,
please see the FOR FURTHER INFORMATION CONTACT section, below.
FOR FURTHER INFORMATION CONTACT: Laurence Reed, DOJ Insider Threat
Program Manager, United States Department of Justice, Insider Threat
Prevention and Detection Program, 145 N Street NE., Washington, DC
20002, 202-357-0165, itp@usdoj.gov.
SUPPLEMENTARY INFORMATION:
DOJ Insider Threat Program
The November 21, 2012, Presidential Memorandum--National Insider
Threat Policy and Minimum Standards for Executive Branch Insider Threat
Programs states that an insider threat is the threat that any person
with authorized access to any United States Government resources, to
include personnel, facilities, information, equipment, networks or
systems, will use her/his authorized access, wittingly or unwittingly,
to do harm to the security of the United States. This threat can
include damage to the United States through espionage, terrorism,
unauthorized disclosure of national security information, or through
the loss or degradation of departmental resources or capabilities.
In the Notice section of this Federal Register, the DOJ has
established a new Privacy Act system of records titled ``DOJ Insider
Threat Program Records,'' JUSTICE/DOJ-018. The system serves as a
repository for DOJ information and for information lawfully received
from other federal agencies or obtained from private companies and
permits the comparison of data sets in order to provide a more complete
picture of potential insider threats.
In this rulemaking, the DOJ proposes to exempt this Privacy Act
system of records from certain provisions of the Privacy Act in order
to avoid interference with the responsibilities of the DOJ to detect,
deter, and/or mitigate insider threats as established by federal law
and policy. For an overview of the Privacy Act, see: https://www.justice.gov/opcl/privacy-act-1974.
Integration of the FBI Insider Threat Program Records (ITPR) System of
Records
On September 19, 2016, the Federal Bureau of Investigation (FBI), a
component of the DOJ, published a new Privacy Act System of Records
Notice titled, ``FBI Insider Threat Program Records (ITPR),'' JUSTICE/
FBI-023, at 81 FR 64198. The FBI also issued a notice of proposed
rulemaking, CPCLO No. 008-2016, at 81 FR 64092, proposing to exempt
JUSTICE/FBI-023 from certain provisions of the Privacy Act. To
consolidate Privacy Act notices under one DOJ-wide system of records,
the Department is rescinding JUSTICE/FBI-023. In addition, the
Department hereby withdraws the proposed rule, CPCLO No. 008-2016,
published September 19, 2016, at 81 FR 64092, and will not publish a
final rule to exempt JUSTICE/FBI-023 from certain provisions of the
Privacy Act. Instead, the Department has published a new Privacy Act
System of Records Notice titled, ``DOJ Insider Threat Program
Records,'' JUSTICE/DOJ-018, and proposes to exempt this DOJ-wide
[[Page 25752]]
system of records from certain provisions of the Privacy Act, as
described below.
Regulatory Flexibility Act
This proposed rule relates to individuals rather than small
business entities. Pursuant to the requirements of the Regulatory
Flexibility Act of 1980, 5 U.S.C. 601-612, therefore, the proposed rule
will not have a significant economic impact on a substantial number of
small entities.
Small Entity Inquiries
The Small Business Regulatory Enforcement Fairness Act (SBREFA) of
1996, 5 U.S.C. 801 et seq., requires the DOJ to comply with small
entity requests for information and advice about compliance with
statutes and regulations within DOJ jurisdiction. Any small entity that
has a question regarding this document may contact the person listed in
the FOR FURTHER INFORMATION CONTACT section, above. Persons can obtain
further information regarding SBREFA on the Small Business
Administration's Web page at https://www.sba.gov/advo/archive/sum_sbrefa.html.
Paperwork Reduction Act
The Paperwork Reduction Act of 1995, 44 U.S.C. 3507(d), requires
that DOJ consider the impact of paperwork and other information
collection burdens imposed on the public. There are no current or new
information collection requirements associated with this proposed rule.
The records that are contributed to this system may be provided by
individuals covered by this system, the DOJ and United States
Government components, other domestic and foreign government entities,
or purchased from private entities. Sharing of this information
electronically will not increase the paperwork burden on the public.
Unfunded Mandates Reform Act of 1995
Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), Public
Law 103-3, 109 Stat. 48, requires Federal agencies to assess the
effects of certain regulatory actions on State, local, and tribal
governments, and the private sector. UMRA requires a written statement
of economic and regulatory alternatives for proposed and final rules
that contain Federal mandates. A ``Federal mandate'' is a new or
additional enforceable duty, imposed on any State, local, or tribal
government, or the private sector. If any Federal mandate causes those
entities to spend, in aggregate, $100 million or more in any one year,
the UMRA analysis is required. This proposed rule would not impose
Federal mandates on any State, local, or tribal government or the
private sector.
List of Subjects in 28 CFR Part 16
Administrative practices and procedures, Courts, Freedom of
Information Act, Privacy Act.
Pursuant to the authority vested in the Attorney General by 5
U.S.C. 552a and delegated to me by Attorney General Order 2940-2008, 28
CFR part 16 is proposed to be amended as follows:
PART 16--[AMENDED]
0
1. The authority citation for part 16 continues to read as follows:
Authority: 5 U.S.C. 301, 552, 552a, 553; 28 U.S.C. 509, 510,
534; 31 U.S.C. 3717.
Subpart E--Exemption of Records Systems Under the Privacy Act
0
2. Add Sec. 16.137 to subpart E to read as follows:
Sec. 16.137 Exemption of the Department of Justice Insider Threat
Program Records, JUSTICE/DOJ-018.
(a) The Department of Justice Insider Threat Program Records
(JUSTICE/DOJ-018) system of records is exempted from subsections 5
U.S.C. 552a(c)(3) and (4); (d)(1), (2), (3) and (4); (e)(1), (2) and
(3); (e)(4)(G), (H) and (I); (e)(5) and (8); (f) and (g) of the Privacy
Act. These exemptions apply only to the extent that information in this
system is subject to exemption pursuant to 5 U.S.C. 552a(j) or (k).
Where DOJ determines compliance would not appear to interfere with or
adversely affect the purpose of this system to detect, deter, and/or
mitigate insider threats, the applicable exemption may be waived by the
DOJ in its sole discretion.
(b) Exemptions from the particular subsections are justified for
the following reasons:
(1) From subsection (c)(3), the requirement that an accounting be
made available to the named subject of a record, because this system is
exempt from the access provisions of subsection (d). Also, because
making available to a record subject the accounting of disclosures of
records concerning him/her would specifically reveal any insider
threat-related interest in the individual by the DOJ or agencies that
are recipients of the disclosures. Revealing this information could
compromise ongoing, authorized law enforcement and intelligence
efforts, particularly efforts to identify and/or mitigate insider
threats. Revealing this information could also permit the record
subject to obtain valuable insight concerning the information obtained
during any investigation and to take measures to impede the
investigation, e.g., destroy evidence or flee the area to avoid the
investigation.
(2) From subsection (c)(4) notification requirements because this
system is exempt from the access and amendment provisions of subsection
(d) as well as the accounting of disclosures provision of subsection
(c)(3). The DOJ takes seriously its obligation to maintain accurate
records despite its assertion of this exemption, and to the extent it,
in its sole discretion, agrees to permit amendment or correction of DOJ
records, it will share that information in appropriate cases.
(3) From subsection (d)(1), (2), (3) and (4), (e)(4)(G) and (H),
(e)(8), (f) and (g) because these provisions concern individual access
to and amendment of law enforcement, intelligence and
counterintelligence, and counterterrorism records and compliance could
alert the subject of an authorized law enforcement or intelligence
activity about that particular activity and the interest of the DOJ
and/or other law enforcement or intelligence agencies. Providing access
could compromise information classified to protect national security;
disclose information that would constitute an unwarranted invasion of
another's personal privacy; reveal a sensitive investigative or
intelligence technique; provide information that would allow a subject
to avoid detection or apprehension; or constitute a potential danger to
the health or safety of law enforcement personnel, confidential
sources, or witnesses.
(4) From subsection (e)(1) because it is not always possible to
know in advance what information is relevant and necessary for law
enforcement and intelligence purposes. The relevance and utility of
certain information that may have a nexus to insider threats may not
always be fully evident until and unless it is vetted and matched with
other information necessarily and lawfully maintained by the DOJ.
(5) From subsection (e)(2) and (3) because application of these
provisions could present a serious impediment to efforts to detect,
deter and/or mitigate insider threats. Application of these provisions
would put the subject of an investigation on notice of the
investigation and allow the subject an opportunity to engage in conduct
intended to impede the investigative activity or avoid apprehension.
(6) From subsection (e)(4)(I), to the extent that this subsection
is interpreted to require more detail regarding the
[[Page 25753]]
record sources in this system than has been published in the Federal
Register. Should the subsection be so interpreted, exemption from this
provision is necessary to protect the sources of law enforcement and
intelligence information and to protect the privacy and safety of
witnesses and informants and others who provide information to the DOJ.
Further, greater specificity of sources of properly classified records
could compromise national security.
(7) From subsection (e)(5) because in the collection of information
for authorized law enforcement and intelligence purposes, including
efforts to detect, deter, and/or mitigate insider threats, due to the
nature of investigations and intelligence collection, the DOJ often
collects information that may not be immediately shown to be accurate,
relevant, timely, and complete, although the DOJ takes reasonable steps
to collect only the information necessary to support its mission and
investigations. Additionally, the information may aid in establishing
patterns of activity and providing criminal or intelligence leads. It
could impede investigative progress if it were necessary to assure
relevance, accuracy, timeliness and completeness of all information
obtained throughout the course and within the scope of an
investigation. Further, some of the records in this system may come
from other domestic or foreign government entities, or private
entities, and it would not be administratively feasible for the DOJ to
vouch for the compliance of these agencies with this provision.
Dated: May 19, 2017.
Peter A. Winn,
Acting Chief Privacy and Civil Liberties Officer, United States
Department of Justice.
[FR Doc. 2017-10788 Filed 6-2-17; 8:45 am]
BILLING CODE 4410-NW-P
