Privacy Act of 1974; System of Records, 25812-25816 [2017-11445]

Download as PDF 25812 Federal Register / Vol. 82, No. 106 / Monday, June 5, 2017 / Notices Criminal Justice Information Services Division will be submitting the following information collection request to the Office of Management and Budget (OMB) for review and approval in accordance with the Paperwork Reduction Act of 1995. DATES: Comments are encouraged and will be accepted for 60 days until August 4, 2017. FOR FURTHER INFORMATION CONTACT: If you have additional comments especially on the estimated public burden or associated response time, suggestions, or need a copy of the proposed information collection instrument with instructions or additional information, please contact Gerry Lynn Brovey, Supervisory Information Liaison Specialist, FBI, CJIS, Resources Management Section, Administrative Unit, Module C–2, 1000 Custer Hollow Road, Clarksburg, West Virginia, 26306 (facsimile: 304–625– 5093). Written comments and/or suggestions can also be directed to the Office of Management and Budget, Office of Information and Regulatory Affairs, Attention Department of Justice Desk Officer, Washington, DC 20530 or sent to OIRA_submissions@ omb.eop.gov. Written comments and suggestions from the public and affected agencies concerning the proposed collection of information are encouraged. Your comments should address one or more of the following four points: —Evaluate whether the proposed collection of information is necessary for the proper performance of the functions of the Bureau of Justice Statistics, including whether the information will have practical utility; —Evaluate the accuracy of the agency’s estimate of the burden of the proposed collection of information, including the validity of the methodology and assumptions used; —Evaluate whether and if so how the quality, utility, and clarity of the information to be collected can be enhanced; and —Minimize the burden of the collection of information on those who are to respond, including through the use of appropriate automated, electronic, mechanical, or other technological collection techniques or other forms of information technology, e.g., permitting electronic submission of responses. Overview of this information collection: 1. Type of Information Collection: Extension of a currently approved collection. asabaliauskas on DSKBBXCHB2PROD with NOTICES SUPPLEMENTARY INFORMATION: VerDate Sep<11>2014 17:31 Jun 02, 2017 Jkt 241001 2. The Title of the Form/Collection: Friction Ridge Cards: Arrest and Institution; Applicant; Personal Identification; FBI Standard Palm Print; Supplemental Finger and Palm Print. 3. The agency form number, if any, and the applicable component of the Department sponsoring the collection: Agency form number: Forms FD–249 (Arrest and Institution), FD–258 (Applicant), and FD–353 (Personal Identification); FD–884 (FBI Standard Palm Print); FD–884a (Supplemental Finger and Palm Print) encompassed under OMB 1110–0046; CJIS Division, FBI, DOJ. 4. Affected public who will be asked or required to respond, as well as a brief abstract: Primary: City, county, state, federal and tribal law enforcement agencies; civil entities requesting security clearance and background checks. This collection is needed to collect information on individuals requesting background checks, security clearance, or those individuals who have been arrested for or accused of criminal activities. Acceptable data is stored as part of the Next Generation Identification System (NGI) of the FBI. 5. An estimate of the total number of respondents and the amount of time estimated for an average respondent to respond: It is estimated that 78,479 respondents will complete each form within approximately 10 minutes. 6. An estimate of the total public burden (in hours) associated with the collection: There are an estimated 14.6 million total annual burden hours associated with this collection. If additional information is required contact: Melody D. Braswell, Department Clearance Officer, United States Department of Justice, Justice Management Division, Policy and Planning Staff, Two Constitution Square, 145 N Street NE., 3E.405B, Washington, DC 20530. Dated: May 31, 2017. Melody D. Braswell, Department Clearance Officer for PRA, U.S. Department of Justice. [FR Doc. 2017–11518 Filed 6–2–17; 8:45 am] BILLING CODE 4410–02–P DEPARTMENT OF JUSTICE [CPCLO Order No. 001–2017] Privacy Act of 1974; System of Records United States Department of Justice. ACTION: Notice of a New System of Records. AGENCY: PO 00000 Frm 00058 Fmt 4703 Sfmt 4703 Pursuant to the Privacy Act of 1974 and Office of Management and Budget (OMB) Circular No. A–108, notice is hereby given that the Department of Justice (Department or DOJ) proposes to add a new DOJ system of records titled, ‘‘DOJ Insider Threat Program Records (ITPR),’’ JUSTICE/ DOJ–018. In the Federal Register of May 31, 2017, the Department is rescinding its notice of an FBI system of records notice titled ‘‘FBI Insider Threat Program Records,’’ JUSTICE/FBI–023, published on September 19, 2016. This new DOJ-wide system of records will cover the records previously claimed under JUSTICE/FBI–023. This new system of records establishes certain Department-wide capabilities to detect, deter, and mitigate insider threats. Insiders are defined to include any person with authorized access to any United States Government resource to include personnel, facilities, information, equipment, networks, or systems. DOJ personnel assigned to the DOJ Insider Threat Prevention and Detection Program (ITPDP) will use the system to facilitate management of insider threat inquiries and activities associated with inquiries and referrals, identify potential threats to DOJ resources and information assets, track referrals of potential insider threats to internal and external partners, and provide statistical reports and meet other insider threat reporting requirements. Elsewhere in this Federal Register, DOJ is concurrently issuing a Notice of Proposed Rulemaking to exempt JUSTICE/DOJ–018 from certain provisions of the Privacy Act, and withdrawing the notice of proposed rulemaking regarding for JUSTICE/FBI– 023, issued in CPCLO Order No. 008– 2016. DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is effective upon publication, subject to a 30-day period in which to comment on the routine uses, described below. Please submit any comments by July 5, 2017. ADDRESSES: The public, OMB, and Congress are invited to submit any comments to the U.S. Department of Justice, ATTN: Privacy Analyst, Office of Privacy and Civil Liberties, National Place Building, 1331 Pennsylvania Avenue NW., Suite 1000, Washington, DC 20530–0001, by facsimile at 202– 307–0693, or email at privacy.compliance@usdoj.gov. To ensure proper handling, please reference the above CPCLO Order No. in your correspondence. FOR FURTHER INFORMATION CONTACT: Laurence Reed, DOJ Insider Threat SUMMARY: E:\FR\FM\05JNN1.SGM 05JNN1 Federal Register / Vol. 82, No. 106 / Monday, June 5, 2017 / Notices Program Manager, United States Department of Justice, Insider Threat Prevention and Detection Program, 145 N Street NE., Washington, DC 20002, 202–357–0165, itp@usdoj.gov. The DOJ has created a system of records, known as the DOJ Insider Threat Program Records (ITPR), to manage insider threat matters within the DOJ. Executive Order (E.O.) 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information, issued October 7, 2011, requires Federal agencies to establish an insider threat detection and prevention program to ensure the security of Classified networks and the responsible sharing and safeguarding of Classified information, consistent with appropriate protections for privacy and civil liberties. This system of records has been established to enable the DOJ to implement the requirements of E.O. 13587, to meet operating capability requirements as defined by the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (Nov. 21, 2012), and to fulfill responsibilities under DOJ Order 0901, Insider Threat (Feb. 12, 2014). For an overview of the Privacy Act, see: https://www.justice.gov/opcl/privacyact-1974. The Presidential Memorandum— National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (Nov. 21, 2012)—states that an insider threat is the threat that any person with authorized access to any United States Government resource, to include personnel, facilities, information, equipment, networks or systems, will use her/his authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat can include damage to the United States through espionage, terrorism, unauthorized disclosure of national security information, or through the loss or degradation of departmental resources or capabilities. The DOJ ITPR may include information lawfully obtained by the DOJ from any United States Government component, from other domestic or foreign government entities, or from private entities, which is necessary to identify, analyze, or resolve insider threat matters. In accordance with the Privacy Act requirements of 5 U.S.C. 552a(r), the Department of Justice has provided a report to OMB and to Congress on this new system of records. asabaliauskas on DSKBBXCHB2PROD with NOTICES SUPPLEMENTARY INFORMATION: VerDate Sep<11>2014 17:31 Jun 02, 2017 Jkt 241001 Dated: May 19, 2017. Peter A. Winn, Acting Chief Privacy and Civil Liberties Officer, United States Department of Justice. JUSTICE/DOJ–001 SYSTEM NAME AND NUMBER: DOJ Insider Threat Program Records (ITPR), JUSTICE/DOJ–001. SYSTEM CLASSIFICATION: This system includes both Classified and Unclassified information. SYSTEM LOCATION: Records may be maintained at all locations at which the Department of Justice (DOJ) operates or at which DOJ operations are supported, including: Robert F. Kennedy Main Justice Department Building, 950 Pennsylvania Avenue NW., Washington, DC 20530– 0001; Federal Bureau of Investigation J. Edgar Hoover Building, 935 Pennsylvania Avenue NW., Washington, DC 20535–0001; Bureau of Alcohol, Tobacco, Firearms and Explosives, 99 New York Avenue NE., Washington, DC 20226; and other DOJ components, field offices, information technology centers, and other locations as listed on the DOJ and DOJ components’ Internet Web sites, including https://www.justice.gov. Some or all system information may also be duplicated at other locations where the DOJ has granted direct access for support of DOJ missions, for purposes of system backup, emergency preparedness, and/or continuity of operations. SYSTEM MANAGER AND ADDRESS: DOJ Insider Threat Program Manager, United States Department of Justice, Insider Threat Prevention and Detection Program, 145 N Street NE., Washington, DC 20002, 202–357–0165, itp@ usdoj.gov. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: E.O. 12968, Access to Classified Information, issued August 2, 1995, 60 FR 40245 (Aug. 7, 1995), as amended by E.O. 13467, Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information, issued June 30, 2008, 73 FR 38103 (July 2, 2008); E.O. 13526, Classified National Security Information, issued December 29, 2009, 75 FR 707 (Jan. 5, 2010); E.O. 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information, issued October 7, 2011, 76 FR 63811 (Oct. 13, 2011); and Presidential Memorandum, PO 00000 Frm 00059 Fmt 4703 Sfmt 4703 25813 National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (Nov. 21, 2012). DOJ Order 901, Insider Threat (Feb. 12, 2014), also directs the head of each Department Component to implement DOJ policy and minimum standards issued pursuant to this policy and in coordination with the DOJ ITPDP and ‘‘[p]romulgate additional Component guidance, if needed, to reflect unique mission requirements consistent with meeting the minimum standards and guidance issued pursuant to this policy.’’ PURPOSE(S) OF THE SYSTEM: This system of records is used by DOJ employees and contractors to monitor, detect, deter, and/or mitigate DOJ insider threats. The DOJ has established the DOJ ITPDP and this system of records in order to implement the requirements of E.O. 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information (Oct. 7, 2011), and the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (Nov. 21, 2012). These authorities require agencies with access to Classified information to establish certain capabilities for detecting, deterring, and/or mitigating insider threats, including: Accessing, gathering, integrating, assessing, and sharing information and data derived from offices across the organization for centralized analysis, reporting, and response; monitoring user activity on classified computer networks controlled by the Federal Government; evaluating personnel security information; and establishing procedures for insider threat response actions, such as inquiries to clarify or resolve insider threat matters. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: The categories of individuals covered by this system are DOJ insiders, defined as any person with authorized access to any DOJ resource to include personnel, facilities, information, equipment, networks or systems. Such persons include but are not limited to present and former DOJ employees, members of joint task forces under the purview of the DOJ, contractors, detailees, assignees, interns, visitors, and guests. E:\FR\FM\05JNN1.SGM 05JNN1 25814 Federal Register / Vol. 82, No. 106 / Monday, June 5, 2017 / Notices asabaliauskas on DSKBBXCHB2PROD with NOTICES CATEGORIES OF RECORDS IN THE SYSTEM: An insider threat is defined as the threat that any person with authorized access to any DOJ resource, to include personnel, facilities, information, equipment, networks or systems, will use his/her authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat can include damage to the United States through espionage, terrorism, unauthorized disclosure of national security information, or through the loss or degradation of DOJ resources or capabilities. See Presidential Memorandum, National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (Nov. 21, 2012). The Minimum Standards state that Agency heads shall direct Counterintelligence, Security, Information Assurance, Human Resources, and other relevant organizational components to securely provide insider threat program personnel regular, timely, and, if possible, electronic access to the information necessary to identify, analyze, and resolve insider threat matters. Such access and information includes, but is not limited to, the following: A. All relevant counterintelligence and security databases and files, including personnel security files, polygraph examination reports, facility access records, security violation files, travel records, foreign contact reports, and financial disclosure filings; B. All relevant Unclassified and Classified network information generated by Information Assurance elements, including, but not limited to, personnel usernames and aliases, levels of network access, audit data, unauthorized use of removable media, print logs, and other data needed for clarification or resolution of an insider threat concern; and C. All relevant Human Resources databases and files including, but not limited to, personnel files, payroll and voucher files, outside work and activities requests, disciplinary files, and personal contact records, as may be necessary for resolving or clarifying insider threat matters. Records in the ITPR system consist of information necessary to identify, analyze, or resolve insider threat matters, including the information listed above or information derived from such information. RECORD SOURCE CATEGORIES: Information may be provided by individuals covered by this system, the DOJ or other United States Government components, other domestic and foreign VerDate Sep<11>2014 17:31 Jun 02, 2017 Jkt 241001 government entities, or obtained from private entities. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b), all or a portion of the records or information contained in this system of records may be disclosed as a routine use pursuant to 5 U.S.C. 552a(b)(3) under the circumstances or for the purposes described below, to the extent such disclosures are compatible with the purposes for which the information was collected: A. To a governmental entity lawfully engaged in collecting law enforcement, law enforcement intelligence, or national security intelligence information for such purposes when determined to be relevant by the DOJ. B. To any person, organization, or governmental entity in order to notify them of a potential terrorist threat for the purpose of guarding against or responding to such threat. C. To any entity or individual where there is reason to believe the recipient is or could become the target of a particular criminal activity, conspiracy, or other threat, to the extent the information is relevant to the protection of life, health, or property. Information may similarly be disclosed to other recipients to the extent the information is relevant to the protection of life, health, or property. D. To any person or entity if necessary to elicit information or cooperation from the recipient for use by the DOJ in the performance of an authorized law enforcement, national security, or intelligence function. E. Violations of Law, Regulation, Rule, Order, or Contract. If any system record, alone, or in conjunction with other information, indicates a violation or potential violation of law (whether civil or criminal), regulation, rule, order, or contract, the pertinent record may be disclosed to the appropriate entity (whether federal, state, local, joint, tribal, foreign, or international) that is charged with the responsibility of investigating, prosecuting, implementing and/or enforcing such law, regulation, rule, order, or contract. F. Complainants and Victims. To complainants and/or victims to the extent necessary to provide such persons with information and explanations concerning the progress and/or results of the investigations or cases arising from the matters of which they complained and/or of which they were victims. PO 00000 Frm 00060 Fmt 4703 Sfmt 4703 G. Courts or Adjudicative Bodies. To a court, grand jury, or administrative or adjudicative body, in matters in which (a) the DOJ or any DOJ employee in his or her official capacity, (b) any DOJ employee in his or her individual capacity where the Department of Justice has agreed to represent the employee, or (c) the United States, is or could be a party to the litigation, is likely to be affected by the litigation, or has an official interest in the litigation, and disclosure of system records has been determined by the DOJ to be arguably relevant, or by the adjudicator to be relevant, to the litigation. Similar disclosures may be made in the situations stated above related to assistance provided to the Federal Government by non-DOJ employees (see Routine Use J). H. Parties. To an actual or potential party to litigation or his or her attorney or authorized representative for the purpose of negotiating or discussing such matters as settlement of the case or matter, plea bargaining, or informal discovery proceedings, in matters in which the DOJ has an official interest and in which the DOJ determines records in the system to be arguably relevant. I. Appropriate Disclosures to the Public. To the news media or members of the general public in furtherance of a legitimate law enforcement or public safety function as determined by the DOJ (e.g., to assist in locating fugitives; to provide notifications of arrests; to provide alerts, assessments, or similar information on potential threats to life, health, or property; or to keep the public appropriately informed of other law enforcement or DOJ matters or other matters of legitimate public interest) where disclosure could not reasonably be expected to constitute an unwarranted invasion of personal privacy. (The availability of information in pending criminal or civil cases will be governed by the provisions of 28 CFR 50.2.) J. Non-DOJ Employees. To contractors, grantees, experts, consultants, students, or others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal Government, when necessary to accomplish an agency function related to this system of records. K. To designated officers and employees of state, local (including the District of Columbia), territorial, or tribal law enforcement or detention agencies in connection with the hiring or continued employment of an employee or contractor, where the employee or contractor would occupy or E:\FR\FM\05JNN1.SGM 05JNN1 asabaliauskas on DSKBBXCHB2PROD with NOTICES Federal Register / Vol. 82, No. 106 / Monday, June 5, 2017 / Notices occupies a position of public trust as a law enforcement officer or detention officer having direct contact with the public or with prisoners or detainees, to the extent that the information is relevant to the recipient agency’s decision. L. To appropriate officials and employees of a Federal agency or entity that requires information relevant to a decision concerning the hiring, appointment, or retention of an employee; the assignment, detail, or deployment of an employee; the issuance, renewal, suspension, or revocation of a security clearance; the execution of a security or suitability investigation; the letting of a contract; or the issuance of a grant or benefit. M. The White House. To the White House (the President, Vice President, their staffs, and other entities of the Executive Office of the President (EOP)), and, during Presidential transitions, the President-Elect and Vice-President-Elect and their designees for appointment, employment, security, and access purposes compatible with the purposes for which the records were collected by the DOJ, e.g., disclosure of information to assist the White House in making a determination whether an individual should be: (1) Granted, denied, or permitted to continue in employment on the White House Staff; (2) given a Presidential appointment or Presidential recognition; (3) provided access, or continued access, to classified or sensitive information; or (4) permitted access, or continued access, to personnel or facilities of the White House/EOP complex. System records may be disclosed also to the White House and, during Presidential transitions, to the President-Elect and Vice-President-Elect and their designees, for Executive Branch coordination of activities that relate to or have an effect upon the carrying out of the constitutional, statutory, or other official or ceremonial duties of the President, President-Elect, VicePresident or Vice-President-Elect. System records or information may also be disclosed during a Presidential campaign to a major-party Presidential candidate, including the candidate’s designees, to the extent the disclosure is reasonably related to a clearance request submitted by the candidate for the candidate’s transition team members pursuant to Section 7601 of the Intelligence Reform and Terrorism Prevention Act of 2004, as amended. N. Former Employees. To a former employee of the Department for purposes of: Responding to an official inquiry by a federal, state, local, tribal, or territorial government entity or VerDate Sep<11>2014 17:31 Jun 02, 2017 Jkt 241001 professional licensing authority, in accordance with applicable DOJ regulations; or facilitating communications with a former employee that may be necessary for personnel-related or other official purposes where the DOJ requires information and/or consultation assistance from the former employee regarding a matter within that person’s former area of responsibility. (Such disclosures will be effected under procedures established in 28 CFR 16.300–301 and DOJ Order 2710.8C, including any future revisions.) O. To federal, state, local, tribal, territorial, foreign, or international licensing agencies or associations when the DOJ determines the information is relevant to the suitability or eligibility of an individual for a license or permit. P. Members of Congress. To a Member of Congress or a person on his or her staff acting on the Member’s behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record. Q. National Archives and Records Administration (NARA) Records Management. To the National Archives and Records Administration (NARA) for purposes of records management inspections and such other purposes conducted under the authority of 44 U.S.C. 2904 and 2906. R. To appropriate agencies, entities, and persons when (1) DOJ suspects or has confirmed that there has been a breach of the system of records; (2) DOJ has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, DOJ (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DOJ’s efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. S. To another Federal agency or Federal entity, when DOJ determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. T. To such agencies, entities, or persons as is necessary to ensure the PO 00000 Frm 00061 Fmt 4703 Sfmt 4703 25815 continuity of government functions in the event of any actual or potential disruption of normal government operations. This use encompasses all manner of such situations in which government operations may be disrupted, including: Military, terrorist, cyber, or other attacks, natural or manmade disasters, and other national or local emergencies; inclement weather and other acts of nature; infrastructure/ utility outages; failures, renovations, or maintenance of buildings or building systems; problems arising from planning, testing or other development efforts; and other operational interruptions. This also includes all related pre-event planning, preparation, backup/redundancy, training and exercises, and post-event operations, mitigation, and recovery. U. To an agency of a foreign government or international agency or entity where the DOJ determines that the information is relevant to the recipient’s responsibilities, dissemination serves the best interests of the United States Government, and where the purpose in making the disclosure is compatible with the purpose for which the information was collected. V. Auditors. To any agency, organization, or individual for the purposes of performing authorized audit or oversight operations of the DOJ and meeting related reporting requirements. W. As Mandated by Law. To such recipients and under such circumstances and procedures as are mandated by Federal statute, treaty, or other source of applicable law. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Records in this system are stored on paper and/or in electronic form. Electronic records are stored in enterprise information technology platforms and networks, databases and/ or on hard disks, removable storage devices, or other electronic media. Paper records may be stored in individual file folders and file cabinets with controlled access, or other appropriate GSA-approved security containers. Classified information is stored in accordance with applicable legal, administrative, and other requirements. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Information in this system may be retrieved by an individual’s name, user ID, email address, Social Security number, unique employee identifier, as well as by use of key word search terms, including the names of persons with E:\FR\FM\05JNN1.SGM 05JNN1 25816 Federal Register / Vol. 82, No. 106 / Monday, June 5, 2017 / Notices whom covered individuals have interacted or to whom they have been linked. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Records in this system are maintained and destroyed in accordance with applicable schedules and procedures issued or approved by NARA. asabaliauskas on DSKBBXCHB2PROD with NOTICES ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: Records are maintained in secure, restricted areas and are accessed only by personnel who have a need for the records in the performance of their duties and have been authorized to access them. Physical security protections include guarded and locked facilities requiring badges and passwords for access and other physical and technological safeguards (such as role-based access and strong passwords) to prevent unauthorized access. All visitors must be accompanied by authorized staff personnel at all times. Highly Classified or sensitive information is electronically transmitted on secure lines and in encrypted form to prevent interception and interpretation. Users accessing system components through mobile or portable computers or electronic devices such as laptop computers, multi-purpose cell phones, and personal digital assistants (PDAs) must comply with the DOJ’s remote access policy, which requires encryption. All DOJ employees receive a complete background investigation prior to being hired. Other persons with authorized access to system records receive comparable vetting. All personnel are required to undergo privacy and annual information security training, and are cautioned about divulging confidential information or any information contained in DOJ files. Failure to abide by this provision violates DOJ regulations and may violate certain civil and criminal statutes providing for penalties of fine or imprisonment or both. As a condition of employment, DOJ personnel also sign nondisclosure agreements which encompass, as appropriate, Classified and Unclassified information and remain in force even after DOJ employment. Employees who resign or retire are also cautioned about divulging information acquired in their DOJ capacity. RECORD ACCESS PROCEDURES: The Attorney General has exempted this system of records from the notification, access, amendment, and contest procedures of the Privacy Act. These exemptions apply only to the VerDate Sep<11>2014 18:39 Jun 02, 2017 Jkt 241001 extent that the information in this system is subject to exemption pursuant to 5 U.S.C. 552a(j) or (k). Where compliance would not appear to interfere with or adversely affect the purposes of the system, or the overall law enforcement/intelligence process, the applicable exemption (in whole or in part) may be waived by the DOJ in its sole discretion. A request for access to a record from this system of records must be submitted in writing and comply with 28 CFR part 16, and should be sent to the Office of Information Policy, 1425 New York Avenue NW., Suite 11050, Washington, DC 20530–0001. The envelope and letter should be clearly marked ‘‘Privacy Act Access Request.’’ The request should include a general description of the records sought, and must include the requester’s full name, current address, and date and place of birth. The request must be signed and dated and either notarized or submitted under penalty of perjury. While no specific form is required, requesters may obtain a form (Form DOJ–361) for use in certification of identity from the FOIA/ Privacy Act Mail Referral Unit, Justice Management Division, United States Department of Justice, 950 Pennsylvania Avenue NW., Washington, DC 20530– 0001, or from the Department’s Web site at https://www.justice.gov/sites/default/ files/oip/legacy/2014/07/23/cert_ ind.pdf. CONTESTING RECORD PROCEDURES: The Attorney General has exempted this system of records from the notification, access, amendment, and contest procedures of the Privacy Act. These exemptions apply only to the extent that the information in this system is subject to exemption pursuant to 5 U.S.C. 552a(j) or (k). Where compliance would not appear to interfere with or adversely affect the purposes of the system, or the overall law enforcement/intelligence process, the applicable exemption (in whole or in part) may be waived by the DOJ in its sole discretion. Individuals desiring to contest or amend information maintained in the system should direct their requests according to the RECORD ACCESS PROCEDURES listed above, stating clearly and concisely what information is being contested, the reasons for contesting it, and the proposed amendment to the information sought. The envelope and letter should be clearly marked ‘‘Privacy Act Amendment Request’’ and comply with 28 CFR 16.46. PO 00000 Frm 00062 Fmt 4703 Sfmt 4703 NOTIFICATION PROCEDURES: Same as the RECORD ACCESS above. PROCEDURES, EXEMPTIONS PROMULGATED FOR THE SYSTEM: The Attorney General has exempted this system of records from subsection (c)(3) and (4); (d)(1), (2), (3) and (4); (e)(1), (2), and (3); (e)(4)(G), (H) and (I); (e)(5) and (8); (f) and (g) of the Privacy Act. These exemptions apply only to the extent that information in the system is subject to exemption pursuant to 5 U.S.C. 552a(j) or (k). Rules are being promulgated in accordance with the requirements of 5 U.S.C. 553(b), (c), and (e) and have been published in this Federal Register. In addition, the DOJ will continue in effect and claim all exemptions claimed under 5 U.S.C. 552a(j) or (k) (or other applicable authority) by an originating agency from which the DOJ obtains records, where one or more reasons underlying an original exemption claim remain valid. Where compliance with an exempted provision does not appear to interfere with or adversely affect interests of the United States or other stakeholders, the DOJ in its sole discretion may waive an exemption in whole or in part; exercise of the discretionary waiver prerogative in a particular matter shall not create any entitlement to or expectation of waiver in that matter or any other matter. As a condition of discretionary waiver, the DOJ in its sole discretion may impose any restrictions deemed advisable by the DOJ (including, but not limited to, restrictions on the location, manner, or scope of notice, access or amendment). HISTORY: None. [FR Doc. 2017–11445 Filed 6–2–17; 8:45 am] BILLING CODE 4410–NW–P DEPARTMENT OF JUSTICE U.S. Marshals Service [OMB Number 1105–NEW] Agency Information Collection Activities; Proposed eCollection eComments Requested; Proposed Collection; Comments Requested: Form USM–164, Applicant Reference Check Questionnaire U.S. Marshals Service, Department of Justice. ACTION: 60-day notice. AGENCY: The Department of Justice (DOJ), U.S. Marshals Service (USMS), will submit the following information collection request to the Office of SUMMARY: E:\FR\FM\05JNN1.SGM 05JNN1

Agencies

[Federal Register Volume 82, Number 106 (Monday, June 5, 2017)]
[Notices]
[Pages 25812-25816]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-11445]


-----------------------------------------------------------------------

DEPARTMENT OF JUSTICE

[CPCLO Order No. 001-2017]


Privacy Act of 1974; System of Records

AGENCY: United States Department of Justice.

ACTION: Notice of a New System of Records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974 and Office of Management 
and Budget (OMB) Circular No. A-108, notice is hereby given that the 
Department of Justice (Department or DOJ) proposes to add a new DOJ 
system of records titled, ``DOJ Insider Threat Program Records 
(ITPR),'' JUSTICE/DOJ-018. In the Federal Register of May 31, 2017, the 
Department is rescinding its notice of an FBI system of records notice 
titled ``FBI Insider Threat Program Records,'' JUSTICE/FBI-023, 
published on September 19, 2016. This new DOJ-wide system of records 
will cover the records previously claimed under JUSTICE/FBI-023. This 
new system of records establishes certain Department-wide capabilities 
to detect, deter, and mitigate insider threats. Insiders are defined to 
include any person with authorized access to any United States 
Government resource to include personnel, facilities, information, 
equipment, networks, or systems. DOJ personnel assigned to the DOJ 
Insider Threat Prevention and Detection Program (ITPDP) will use the 
system to facilitate management of insider threat inquiries and 
activities associated with inquiries and referrals, identify potential 
threats to DOJ resources and information assets, track referrals of 
potential insider threats to internal and external partners, and 
provide statistical reports and meet other insider threat reporting 
requirements. Elsewhere in this Federal Register, DOJ is concurrently 
issuing a Notice of Proposed Rulemaking to exempt JUSTICE/DOJ-018 from 
certain provisions of the Privacy Act, and withdrawing the notice of 
proposed rulemaking regarding for JUSTICE/FBI-023, issued in CPCLO 
Order No. 008-2016.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is 
effective upon publication, subject to a 30-day period in which to 
comment on the routine uses, described below. Please submit any 
comments by July 5, 2017.

ADDRESSES: The public, OMB, and Congress are invited to submit any 
comments to the U.S. Department of Justice, ATTN: Privacy Analyst, 
Office of Privacy and Civil Liberties, National Place Building, 1331 
Pennsylvania Avenue NW., Suite 1000, Washington, DC 20530-0001, by 
facsimile at 202-307-0693, or email at privacy.compliance@usdoj.gov. To 
ensure proper handling, please reference the above CPCLO Order No. in 
your correspondence.

FOR FURTHER INFORMATION CONTACT: Laurence Reed, DOJ Insider Threat

[[Page 25813]]

Program Manager, United States Department of Justice, Insider Threat 
Prevention and Detection Program, 145 N Street NE., Washington, DC 
20002, 202-357-0165, itp@usdoj.gov.

SUPPLEMENTARY INFORMATION: The DOJ has created a system of records, 
known as the DOJ Insider Threat Program Records (ITPR), to manage 
insider threat matters within the DOJ. Executive Order (E.O.) 13587, 
Structural Reforms to Improve the Security of Classified Networks and 
the Responsible Sharing and Safeguarding of Classified Information, 
issued October 7, 2011, requires Federal agencies to establish an 
insider threat detection and prevention program to ensure the security 
of Classified networks and the responsible sharing and safeguarding of 
Classified information, consistent with appropriate protections for 
privacy and civil liberties. This system of records has been 
established to enable the DOJ to implement the requirements of E.O. 
13587, to meet operating capability requirements as defined by the 
National Insider Threat Policy and Minimum Standards for Executive 
Branch Insider Threat Programs (Nov. 21, 2012), and to fulfill 
responsibilities under DOJ Order 0901, Insider Threat (Feb. 12, 2014). 
For an overview of the Privacy Act, see: https://www.justice.gov/opcl/privacy-act-1974.
    The Presidential Memorandum--National Insider Threat Policy and 
Minimum Standards for Executive Branch Insider Threat Programs (Nov. 
21, 2012)--states that an insider threat is the threat that any person 
with authorized access to any United States Government resource, to 
include personnel, facilities, information, equipment, networks or 
systems, will use her/his authorized access, wittingly or unwittingly, 
to do harm to the security of the United States. This threat can 
include damage to the United States through espionage, terrorism, 
unauthorized disclosure of national security information, or through 
the loss or degradation of departmental resources or capabilities.
    The DOJ ITPR may include information lawfully obtained by the DOJ 
from any United States Government component, from other domestic or 
foreign government entities, or from private entities, which is 
necessary to identify, analyze, or resolve insider threat matters.
    In accordance with the Privacy Act requirements of 5 U.S.C. 
552a(r), the Department of Justice has provided a report to OMB and to 
Congress on this new system of records.

    Dated: May 19, 2017.
Peter A. Winn,
Acting Chief Privacy and Civil Liberties Officer, United States 
Department of Justice.
JUSTICE/DOJ-001

SYSTEM NAME AND NUMBER:
    DOJ Insider Threat Program Records (ITPR), JUSTICE/DOJ-001.

SYSTEM CLASSIFICATION:
    This system includes both Classified and Unclassified information.

SYSTEM LOCATION:
    Records may be maintained at all locations at which the Department 
of Justice (DOJ) operates or at which DOJ operations are supported, 
including: Robert F. Kennedy Main Justice Department Building, 950 
Pennsylvania Avenue NW., Washington, DC 20530-0001; Federal Bureau of 
Investigation J. Edgar Hoover Building, 935 Pennsylvania Avenue NW., 
Washington, DC 20535-0001; Bureau of Alcohol, Tobacco, Firearms and 
Explosives, 99 New York Avenue NE., Washington, DC 20226; and other DOJ 
components, field offices, information technology centers, and other 
locations as listed on the DOJ and DOJ components' Internet Web sites, 
including https://www.justice.gov. Some or all system information may 
also be duplicated at other locations where the DOJ has granted direct 
access for support of DOJ missions, for purposes of system backup, 
emergency preparedness, and/or continuity of operations.

SYSTEM MANAGER AND ADDRESS:
    DOJ Insider Threat Program Manager, United States Department of 
Justice, Insider Threat Prevention and Detection Program, 145 N Street 
NE., Washington, DC 20002, 202-357-0165, itp@usdoj.gov.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    E.O. 12968, Access to Classified Information, issued August 2, 
1995, 60 FR 40245 (Aug. 7, 1995), as amended by E.O. 13467, Reforming 
Processes Related to Suitability for Government Employment, Fitness for 
Contractor Employees, and Eligibility for Access to Classified National 
Security Information, issued June 30, 2008, 73 FR 38103 (July 2, 2008); 
E.O. 13526, Classified National Security Information, issued December 
29, 2009, 75 FR 707 (Jan. 5, 2010); E.O. 13587, Structural Reforms to 
Improve the Security of Classified Networks and the Responsible Sharing 
and Safeguarding of Classified Information, issued October 7, 2011, 76 
FR 63811 (Oct. 13, 2011); and Presidential Memorandum, National Insider 
Threat Policy and Minimum Standards for Executive Branch Insider Threat 
Programs (Nov. 21, 2012).
    DOJ Order 901, Insider Threat (Feb. 12, 2014), also directs the 
head of each Department Component to implement DOJ policy and minimum 
standards issued pursuant to this policy and in coordination with the 
DOJ ITPDP and ``[p]romulgate additional Component guidance, if needed, 
to reflect unique mission requirements consistent with meeting the 
minimum standards and guidance issued pursuant to this policy.''

PURPOSE(S) OF THE SYSTEM:
    This system of records is used by DOJ employees and contractors to 
monitor, detect, deter, and/or mitigate DOJ insider threats. The DOJ 
has established the DOJ ITPDP and this system of records in order to 
implement the requirements of E.O. 13587, Structural Reforms to Improve 
the Security of Classified Networks and the Responsible Sharing and 
Safeguarding of Classified Information (Oct. 7, 2011), and the National 
Insider Threat Policy and Minimum Standards for Executive Branch 
Insider Threat Programs (Nov. 21, 2012). These authorities require 
agencies with access to Classified information to establish certain 
capabilities for detecting, deterring, and/or mitigating insider 
threats, including: Accessing, gathering, integrating, assessing, and 
sharing information and data derived from offices across the 
organization for centralized analysis, reporting, and response; 
monitoring user activity on classified computer networks controlled by 
the Federal Government; evaluating personnel security information; and 
establishing procedures for insider threat response actions, such as 
inquiries to clarify or resolve insider threat matters.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The categories of individuals covered by this system are DOJ 
insiders, defined as any person with authorized access to any DOJ 
resource to include personnel, facilities, information, equipment, 
networks or systems. Such persons include but are not limited to 
present and former DOJ employees, members of joint task forces under 
the purview of the DOJ, contractors, detailees, assignees, interns, 
visitors, and guests.

[[Page 25814]]

CATEGORIES OF RECORDS IN THE SYSTEM:
    An insider threat is defined as the threat that any person with 
authorized access to any DOJ resource, to include personnel, 
facilities, information, equipment, networks or systems, will use his/
her authorized access, wittingly or unwittingly, to do harm to the 
security of the United States. This threat can include damage to the 
United States through espionage, terrorism, unauthorized disclosure of 
national security information, or through the loss or degradation of 
DOJ resources or capabilities. See Presidential Memorandum, National 
Insider Threat Policy and Minimum Standards for Executive Branch 
Insider Threat Programs (Nov. 21, 2012). The Minimum Standards state 
that Agency heads shall direct Counterintelligence, Security, 
Information Assurance, Human Resources, and other relevant 
organizational components to securely provide insider threat program 
personnel regular, timely, and, if possible, electronic access to the 
information necessary to identify, analyze, and resolve insider threat 
matters. Such access and information includes, but is not limited to, 
the following:
    A. All relevant counterintelligence and security databases and 
files, including personnel security files, polygraph examination 
reports, facility access records, security violation files, travel 
records, foreign contact reports, and financial disclosure filings;
    B. All relevant Unclassified and Classified network information 
generated by Information Assurance elements, including, but not limited 
to, personnel usernames and aliases, levels of network access, audit 
data, unauthorized use of removable media, print logs, and other data 
needed for clarification or resolution of an insider threat concern; 
and
    C. All relevant Human Resources databases and files including, but 
not limited to, personnel files, payroll and voucher files, outside 
work and activities requests, disciplinary files, and personal contact 
records, as may be necessary for resolving or clarifying insider threat 
matters.
    Records in the ITPR system consist of information necessary to 
identify, analyze, or resolve insider threat matters, including the 
information listed above or information derived from such information.

RECORD SOURCE CATEGORIES:
    Information may be provided by individuals covered by this system, 
the DOJ or other United States Government components, other domestic 
and foreign government entities, or obtained from private entities.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b), all or a portion of the records or information contained in 
this system of records may be disclosed as a routine use pursuant to 5 
U.S.C. 552a(b)(3) under the circumstances or for the purposes described 
below, to the extent such disclosures are compatible with the purposes 
for which the information was collected:
    A. To a governmental entity lawfully engaged in collecting law 
enforcement, law enforcement intelligence, or national security 
intelligence information for such purposes when determined to be 
relevant by the DOJ.
    B. To any person, organization, or governmental entity in order to 
notify them of a potential terrorist threat for the purpose of guarding 
against or responding to such threat.
    C. To any entity or individual where there is reason to believe the 
recipient is or could become the target of a particular criminal 
activity, conspiracy, or other threat, to the extent the information is 
relevant to the protection of life, health, or property. Information 
may similarly be disclosed to other recipients to the extent the 
information is relevant to the protection of life, health, or property.
    D. To any person or entity if necessary to elicit information or 
cooperation from the recipient for use by the DOJ in the performance of 
an authorized law enforcement, national security, or intelligence 
function.
    E. Violations of Law, Regulation, Rule, Order, or Contract. If any 
system record, alone, or in conjunction with other information, 
indicates a violation or potential violation of law (whether civil or 
criminal), regulation, rule, order, or contract, the pertinent record 
may be disclosed to the appropriate entity (whether federal, state, 
local, joint, tribal, foreign, or international) that is charged with 
the responsibility of investigating, prosecuting, implementing and/or 
enforcing such law, regulation, rule, order, or contract.
    F. Complainants and Victims. To complainants and/or victims to the 
extent necessary to provide such persons with information and 
explanations concerning the progress and/or results of the 
investigations or cases arising from the matters of which they 
complained and/or of which they were victims.
    G. Courts or Adjudicative Bodies. To a court, grand jury, or 
administrative or adjudicative body, in matters in which (a) the DOJ or 
any DOJ employee in his or her official capacity, (b) any DOJ employee 
in his or her individual capacity where the Department of Justice has 
agreed to represent the employee, or (c) the United States, is or could 
be a party to the litigation, is likely to be affected by the 
litigation, or has an official interest in the litigation, and 
disclosure of system records has been determined by the DOJ to be 
arguably relevant, or by the adjudicator to be relevant, to the 
litigation. Similar disclosures may be made in the situations stated 
above related to assistance provided to the Federal Government by non-
DOJ employees (see Routine Use J).
    H. Parties. To an actual or potential party to litigation or his or 
her attorney or authorized representative for the purpose of 
negotiating or discussing such matters as settlement of the case or 
matter, plea bargaining, or informal discovery proceedings, in matters 
in which the DOJ has an official interest and in which the DOJ 
determines records in the system to be arguably relevant.
    I. Appropriate Disclosures to the Public. To the news media or 
members of the general public in furtherance of a legitimate law 
enforcement or public safety function as determined by the DOJ (e.g., 
to assist in locating fugitives; to provide notifications of arrests; 
to provide alerts, assessments, or similar information on potential 
threats to life, health, or property; or to keep the public 
appropriately informed of other law enforcement or DOJ matters or other 
matters of legitimate public interest) where disclosure could not 
reasonably be expected to constitute an unwarranted invasion of 
personal privacy. (The availability of information in pending criminal 
or civil cases will be governed by the provisions of 28 CFR 50.2.)
    J. Non-DOJ Employees. To contractors, grantees, experts, 
consultants, students, or others performing or working on a contract, 
service, grant, cooperative agreement, or other assignment for the 
Federal Government, when necessary to accomplish an agency function 
related to this system of records.
    K. To designated officers and employees of state, local (including 
the District of Columbia), territorial, or tribal law enforcement or 
detention agencies in connection with the hiring or continued 
employment of an employee or contractor, where the employee or 
contractor would occupy or

[[Page 25815]]

occupies a position of public trust as a law enforcement officer or 
detention officer having direct contact with the public or with 
prisoners or detainees, to the extent that the information is relevant 
to the recipient agency's decision.
    L. To appropriate officials and employees of a Federal agency or 
entity that requires information relevant to a decision concerning the 
hiring, appointment, or retention of an employee; the assignment, 
detail, or deployment of an employee; the issuance, renewal, 
suspension, or revocation of a security clearance; the execution of a 
security or suitability investigation; the letting of a contract; or 
the issuance of a grant or benefit.
    M. The White House. To the White House (the President, Vice 
President, their staffs, and other entities of the Executive Office of 
the President (EOP)), and, during Presidential transitions, the 
President-Elect and Vice-President-Elect and their designees for 
appointment, employment, security, and access purposes compatible with 
the purposes for which the records were collected by the DOJ, e.g., 
disclosure of information to assist the White House in making a 
determination whether an individual should be: (1) Granted, denied, or 
permitted to continue in employment on the White House Staff; (2) given 
a Presidential appointment or Presidential recognition; (3) provided 
access, or continued access, to classified or sensitive information; or 
(4) permitted access, or continued access, to personnel or facilities 
of the White House/EOP complex. System records may be disclosed also to 
the White House and, during Presidential transitions, to the President-
Elect and Vice-President-Elect and their designees, for Executive 
Branch coordination of activities that relate to or have an effect upon 
the carrying out of the constitutional, statutory, or other official or 
ceremonial duties of the President, President-Elect, Vice-President or 
Vice-President-Elect. System records or information may also be 
disclosed during a Presidential campaign to a major-party Presidential 
candidate, including the candidate's designees, to the extent the 
disclosure is reasonably related to a clearance request submitted by 
the candidate for the candidate's transition team members pursuant to 
Section 7601 of the Intelligence Reform and Terrorism Prevention Act of 
2004, as amended.
    N. Former Employees. To a former employee of the Department for 
purposes of: Responding to an official inquiry by a federal, state, 
local, tribal, or territorial government entity or professional 
licensing authority, in accordance with applicable DOJ regulations; or 
facilitating communications with a former employee that may be 
necessary for personnel-related or other official purposes where the 
DOJ requires information and/or consultation assistance from the former 
employee regarding a matter within that person's former area of 
responsibility. (Such disclosures will be effected under procedures 
established in 28 CFR 16.300-301 and DOJ Order 2710.8C, including any 
future revisions.)
    O. To federal, state, local, tribal, territorial, foreign, or 
international licensing agencies or associations when the DOJ 
determines the information is relevant to the suitability or 
eligibility of an individual for a license or permit.
    P. Members of Congress. To a Member of Congress or a person on his 
or her staff acting on the Member's behalf when the Member or staff 
requests the information on behalf of, and at the request of, the 
individual who is the subject of the record.
    Q. National Archives and Records Administration (NARA) Records 
Management. To the National Archives and Records Administration (NARA) 
for purposes of records management inspections and such other purposes 
conducted under the authority of 44 U.S.C. 2904 and 2906.
    R. To appropriate agencies, entities, and persons when (1) DOJ 
suspects or has confirmed that there has been a breach of the system of 
records; (2) DOJ has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DOJ (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and (3) the disclosure made to such 
agencies, entities, and persons is reasonably necessary to assist in 
connection with DOJ's efforts to respond to the suspected or confirmed 
breach or to prevent, minimize, or remedy such harm.
    S. To another Federal agency or Federal entity, when DOJ determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in (1) responding to a suspected 
or confirmed breach or (2) preventing, minimizing, or remedying the 
risk of harm to individuals, the recipient agency or entity (including 
its information systems, programs, and operations), the Federal 
Government, or national security, resulting from a suspected or 
confirmed breach.
    T. To such agencies, entities, or persons as is necessary to ensure 
the continuity of government functions in the event of any actual or 
potential disruption of normal government operations. This use 
encompasses all manner of such situations in which government 
operations may be disrupted, including: Military, terrorist, cyber, or 
other attacks, natural or manmade disasters, and other national or 
local emergencies; inclement weather and other acts of nature; 
infrastructure/utility outages; failures, renovations, or maintenance 
of buildings or building systems; problems arising from planning, 
testing or other development efforts; and other operational 
interruptions. This also includes all related pre-event planning, 
preparation, backup/redundancy, training and exercises, and post-event 
operations, mitigation, and recovery.
    U. To an agency of a foreign government or international agency or 
entity where the DOJ determines that the information is relevant to the 
recipient's responsibilities, dissemination serves the best interests 
of the United States Government, and where the purpose in making the 
disclosure is compatible with the purpose for which the information was 
collected.
    V. Auditors. To any agency, organization, or individual for the 
purposes of performing authorized audit or oversight operations of the 
DOJ and meeting related reporting requirements.
    W. As Mandated by Law. To such recipients and under such 
circumstances and procedures as are mandated by Federal statute, 
treaty, or other source of applicable law.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in this system are stored on paper and/or in electronic 
form. Electronic records are stored in enterprise information 
technology platforms and networks, databases and/or on hard disks, 
removable storage devices, or other electronic media. Paper records may 
be stored in individual file folders and file cabinets with controlled 
access, or other appropriate GSA-approved security containers. 
Classified information is stored in accordance with applicable legal, 
administrative, and other requirements.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information in this system may be retrieved by an individual's 
name, user ID, email address, Social Security number, unique employee 
identifier, as well as by use of key word search terms, including the 
names of persons with

[[Page 25816]]

whom covered individuals have interacted or to whom they have been 
linked.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system are maintained and destroyed in accordance 
with applicable schedules and procedures issued or approved by NARA.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are maintained in secure, restricted areas and are accessed 
only by personnel who have a need for the records in the performance of 
their duties and have been authorized to access them. Physical security 
protections include guarded and locked facilities requiring badges and 
passwords for access and other physical and technological safeguards 
(such as role-based access and strong passwords) to prevent 
unauthorized access. All visitors must be accompanied by authorized 
staff personnel at all times. Highly Classified or sensitive 
information is electronically transmitted on secure lines and in 
encrypted form to prevent interception and interpretation. Users 
accessing system components through mobile or portable computers or 
electronic devices such as laptop computers, multi-purpose cell phones, 
and personal digital assistants (PDAs) must comply with the DOJ's 
remote access policy, which requires encryption. All DOJ employees 
receive a complete background investigation prior to being hired. Other 
persons with authorized access to system records receive comparable 
vetting. All personnel are required to undergo privacy and annual 
information security training, and are cautioned about divulging 
confidential information or any information contained in DOJ files. 
Failure to abide by this provision violates DOJ regulations and may 
violate certain civil and criminal statutes providing for penalties of 
fine or imprisonment or both. As a condition of employment, DOJ 
personnel also sign nondisclosure agreements which encompass, as 
appropriate, Classified and Unclassified information and remain in 
force even after DOJ employment. Employees who resign or retire are 
also cautioned about divulging information acquired in their DOJ 
capacity.

RECORD ACCESS PROCEDURES:
    The Attorney General has exempted this system of records from the 
notification, access, amendment, and contest procedures of the Privacy 
Act. These exemptions apply only to the extent that the information in 
this system is subject to exemption pursuant to 5 U.S.C. 552a(j) or 
(k). Where compliance would not appear to interfere with or adversely 
affect the purposes of the system, or the overall law enforcement/
intelligence process, the applicable exemption (in whole or in part) 
may be waived by the DOJ in its sole discretion.
    A request for access to a record from this system of records must 
be submitted in writing and comply with 28 CFR part 16, and should be 
sent to the Office of Information Policy, 1425 New York Avenue NW., 
Suite 11050, Washington, DC 20530-0001. The envelope and letter should 
be clearly marked ``Privacy Act Access Request.'' The request should 
include a general description of the records sought, and must include 
the requester's full name, current address, and date and place of 
birth. The request must be signed and dated and either notarized or 
submitted under penalty of perjury. While no specific form is required, 
requesters may obtain a form (Form DOJ-361) for use in certification of 
identity from the FOIA/Privacy Act Mail Referral Unit, Justice 
Management Division, United States Department of Justice, 950 
Pennsylvania Avenue NW., Washington, DC 20530-0001, or from the 
Department's Web site at https://www.justice.gov/sites/default/files/oip/legacy/2014/07/23/cert_ind.pdf.

CONTESTING RECORD PROCEDURES:
    The Attorney General has exempted this system of records from the 
notification, access, amendment, and contest procedures of the Privacy 
Act. These exemptions apply only to the extent that the information in 
this system is subject to exemption pursuant to 5 U.S.C. 552a(j) or 
(k). Where compliance would not appear to interfere with or adversely 
affect the purposes of the system, or the overall law enforcement/
intelligence process, the applicable exemption (in whole or in part) 
may be waived by the DOJ in its sole discretion.
    Individuals desiring to contest or amend information maintained in 
the system should direct their requests according to the RECORD ACCESS 
PROCEDURES listed above, stating clearly and concisely what information 
is being contested, the reasons for contesting it, and the proposed 
amendment to the information sought. The envelope and letter should be 
clearly marked ``Privacy Act Amendment Request'' and comply with 28 CFR 
16.46.

NOTIFICATION PROCEDURES:
    Same as the RECORD ACCESS PROCEDURES, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    The Attorney General has exempted this system of records from 
subsection (c)(3) and (4); (d)(1), (2), (3) and (4); (e)(1), (2), and 
(3); (e)(4)(G), (H) and (I); (e)(5) and (8); (f) and (g) of the Privacy 
Act. These exemptions apply only to the extent that information in the 
system is subject to exemption pursuant to 5 U.S.C. 552a(j) or (k). 
Rules are being promulgated in accordance with the requirements of 5 
U.S.C. 553(b), (c), and (e) and have been published in this Federal 
Register. In addition, the DOJ will continue in effect and claim all 
exemptions claimed under 5 U.S.C. 552a(j) or (k) (or other applicable 
authority) by an originating agency from which the DOJ obtains records, 
where one or more reasons underlying an original exemption claim remain 
valid. Where compliance with an exempted provision does not appear to 
interfere with or adversely affect interests of the United States or 
other stakeholders, the DOJ in its sole discretion may waive an 
exemption in whole or in part; exercise of the discretionary waiver 
prerogative in a particular matter shall not create any entitlement to 
or expectation of waiver in that matter or any other matter. As a 
condition of discretionary waiver, the DOJ in its sole discretion may 
impose any restrictions deemed advisable by the DOJ (including, but not 
limited to, restrictions on the location, manner, or scope of notice, 
access or amendment).

 HISTORY:
    None.

[FR Doc. 2017-11445 Filed 6-2-17; 8:45 am]
 BILLING CODE 4410-NW-P