Privacy Act of 1974; Implementation, 13208-13211 [2018-05657]

Agencies

• Department of Justice

[Federal Register Volume 83, Number 60 (Wednesday, March 28, 2018)]
[Proposed Rules]
[Pages 13208-13211]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-05657]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF JUSTICE

28 CFR Part 16

[CPCLO Order No. 003-2018]


Privacy Act of 1974; Implementation

AGENCY: Office of Inspector General, United States Department of 
Justice.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: Elsewhere in this issue of the Federal Register, the Office of 
Inspector General (OIG), a component within the United States 
Department of Justice (DOJ or Department), has published a new system 
of records notice, ``Data Analytics Program Records System,'' JUSTICE/
OIG-006. In this notice of proposed rulemaking, OIG proposes to exempt 
this system of records from certain provisions of the Privacy Act in 
order to avoid interference with the law enforcement functions and 
responsibilities of OIG. For the reasons provided below, the Department 
proposes to amend its Privacy Act regulations by establishing an 
exemption for records in this system from certain provisions of the 
Privacy Act. Public comment is invited.

DATES: Comments must be received by April 27, 2018.

ADDRESSES: You may send comments by any of the following methods:
     Email: [email protected]. To ensure proper 
handling, please reference the CPCLO Order Number in the subject line 
of the message.
     Fax: 202-307-0693. To ensure proper handling, please 
reference the CPCLO Order Number on the accompanying cover page.
     Mail: United States Department of Justice, Office of 
Privacy and Civil Liberties, ATTN: Privacy Analyst, National Place 
Building, 1331 Pennsylvania Avenue NW, Suite 1000, Washington, DC 
20530. All comments sent via regular or express mail will be considered 
timely if postmarked on the day the comment period closes. To ensure 
proper handling, please reference the CPCLO Order Number in your 
correspondence.
     Federal eRulemaking Portal: https://www.regulations.gov. 
When submitting comments electronically, you must include the CPCLO 
Order Number in the subject box. Please note that the Department is 
requesting that electronic comments be submitted before midnight 
Eastern Time on the day the comment period closes.
    Posting of Public Comments: Please note that all comments received 
are considered part of the public record and made available for public 
inspection online at https://www.regulations.gov and in the 
Department's public docket. Such information includes personally 
identifying information (such as name, address, etc.) voluntarily 
submitted by the commenter. If you want to submit personal identifying 
information as part of your comment, but do not want it to be posted 
online or made available in the public docket, you must include the 
phrase ``PERSONAL IDENTIFYING INFORMATION'' in the first paragraph of 
your comment. You must also place all personal identifying information 
that you do not want posted online or made available in the public 
docket in the first paragraph of your comment and identify what 
information you want redacted.
    If you want to submit confidential business information as part of 
your comment, but do not want it to be

[[Page 13209]]

posted online or made available in the public docket, you must include 
the phrase ``CONFIDENTIAL BUSINESS INFORMATION'' in the first paragraph 
of your comment. You must also prominently identify confidential 
business information to be redacted within the comment. If a comment 
has so much confidential business information that it cannot be 
effectively redacted, all or part of that comment may not be posted 
online or made available in the public docket.
    Personal identifying information and confidential business 
information identified and located as set forth above will be redacted 
and the comment, in redacted form, may be posted online and placed in 
the Department's public docket file. Please note that the Freedom of 
Information Act applies to all comments received. If you wish to 
inspect the agency's public docket file in person by appointment, 
please see the FOR FURTHER INFORMATION CONTACT paragraph, below.

FOR FURTHER INFORMATION CONTACT: William Blier, General Counsel, Office 
of the General Counsel, Office of the Inspector General, Department of 
Justice, 950 Pennsylvania Avenue NW, Washington, DC 20530, (202) 514-
3435.

SUPPLEMENTARY INFORMATION: Under the Inspector General Act of 1978, as 
amended, Inspectors General, including the DOJ Inspector General, are 
responsible for conducting, supervising, and coordinating audits and 
investigations relating to programs and operations of the Federal 
agency for which their office is established to recognize and mitigate 
fraud, waste, and abuse. The Data Analytics Program Records System, 
JUSTICE/OIG-006, facilitates OIG's performance of this statutory 
responsibility by maintained records as part of a data analytics (DA) 
program to assist with the performance of OIG audits, investigations, 
and reviews, and accommodate the requirements of the Digital 
Accountability and Transparency Act of 2014 (DATA Act), Public Law 113-
101, 128 Stat. 1146.
    The DA program will provide OIG: Timely insights from the data 
already stored in DOJ databases that OIG has legal authorization to 
access and maintain; the ability to monitor and analyze data for 
patterns and correlations that signal wasteful, fraudulent, or abusive 
activities impacting Department performance and operations; the ability 
to find, acquire, extract, manipulate, analyze, connect, and visualize 
data; the capability to manage vast amounts of data; the ability to 
identify significant information that can improve decision quality; and 
the ability to mitigate risk of waste, fraud, and abuse. The DA program 
will also allow the OIG to obtain technology to develop risk indicators 
that can analyze large volumes of data and help focus the OIG's efforts 
to combat waste, fraud, and abuse. OIG intends to use statistical and 
mathematical techniques to identify areas to conduct audits and 
identify activities that may indicate whether an investigation is 
warranted. The information maintained within JUSTICE/OIG-006 will be 
limited to only information that OIG has legal authorization to collect 
and maintain as part of its responsibility to conduct, supervise, and 
coordinate audits and investigations of Department programs and 
operations to recognize and mitigate fraud, waste, and abuse.
    In this rulemaking, OIG proposes to exempt JUSTICE/OIG-006 from 
certain provisions of the Privacy Act in order to avoid interference 
with the law enforcement responsibilities of OIG, as established in 
federal law and policy.
    Additionally, as an administrative matter, this proposal will 
replace the current paragraphs (c) and (d) of 28 CFR 16.75, which 
currently exempt from certain provisions of the Privacy Act a 
previously rescinded OIG system of records notice (SORN), ``Office of 
the Inspector General, Freedom of Information/Privacy Acts (FOI/PA) 
Records,'' JUSTICE/OIG-003, from certain provisions of the Privacy Act. 
On June 4, 2001, at 77 FR 26580, the Department modified the 
Department-wide SORN, ``Freedom of Information Act, Privacy Act, and 
Mandatory Declassification Review Records,'' JUSTICE/DOJ-004, to 
consolidate all DOJ Freedom of Information Act, Privacy Act, Mandatory 
Declassification Review Request, and Administrative Appeal systems of 
records under one Department-wide SORN. Accordingly, the Department 
rescinded, among other SORNs, JUSTICE/OIG-003. OIG no longer requires 
exemption regulations for JUSTICE/OIG-003 and proposes to replace the 
existing exemption regulations with exemption regulations for JUSTICE/
OIG-006.

Executive Orders 12866 and 13563

    This proposed rule is not a ``significant regulatory action'' 
within the meaning of Executive Order 12866 and the principles 
reaffirmed in Executive Order 13563. Accordingly, it is not subject to 
review by the Office of Information and Regulatory Affairs within 
Office of Management and Budget, pursuant to Executive Order 12866.

Regulatory Flexibility Act

    This proposed rule will only impact certain Privacy Act-protected 
records on individuals maintained by OIG in the above-mentioned system 
of records. A ``record'' for purposes of the Privacy Act is any item, 
collection, or grouping of information about an individual that is 
maintained by an agency (for example, the individual's education 
information, financial transactions, medical history, criminal history, 
or employment history) that contains the individual's name, or the 
identifying number, symbol, or other identifying particular assigned to 
the individual. Such records are personal and generally do not apply to 
an individual's entrepreneurial capacity, subject to limited 
exceptions. As such, the Chief Privacy and Civil Liberties Officer 
certifies that this proposed rule will not result in a significant 
economic impact on a substantial number of small entities, pursuant to 
the requirements of the Regulatory Flexibility Act of 1980, 5 U.S.C. 
601-610.

Small Business Regulatory Enforcement Fairness Act

    The Small Business Regulatory Enforcement Fairness Act (SBREFA) of 
1996, 5 U.S.C. 801 et seq., requires the Department to comply with 
small entity requests for information and advice about compliance with 
statutes and regulations within the Department's jurisdiction. Any 
small entity that has a question regarding this document may contact 
the person listed in the FOR FURTHER INFORMATION CONTACT paragraph, 
above. Persons can obtain further information regarding SBREFA on the 
Small Business Administration's website at https://www.sba.gov/advocacy.

Executive Order 13132

    This proposed rule does not have federalism implications warranting 
the application of Executive Order 13132. The proposed rule does not 
have substantial direct effects on the States, on the relationship 
between the national government and the States, or the distribution of 
power and responsibilities among the various levels of government.

Executive Order 13175

    This proposed rule does not have tribal implications warranting the 
application of Executive Order 13175. It does not have substantial 
direct effects on one or more Indian tribes, on the relationship 
between the Federal government and Indian tribes, or on the 
distribution of power and

[[Page 13210]]

responsibilities between the Federal government and Indian tribes.

Executive Order 12988

    This proposed rule meets the applicable standards set forth in 
sections 3(a) and 3(b)(2) of Executive Order 12988 to eliminate 
drafting errors and ambiguity, minimize litigation, provide a clear 
legal standard for affected conduct, and promote simplification and 
burden reduction.

Paperwork Reduction Act

    The Paperwork Reduction Act of 1995, 44 U.S.C. 3507(d), requires 
the Department to consider the impact of paperwork and other 
information collection burdens imposed on the public. There are no 
current or new information collection requirements associated with this 
proposed rule.

Unfunded Mandates Reform Act of 1995

    This rule will not result in the expenditure by State, local and 
tribal governments, in the aggregate, or by the private sector, of 
$100,000,000, as adjusted for inflation, or more in any one year, and 
it will not significantly or uniquely affect small governments. 
Therefore, no actions were deemed necessary under the provisions of the 
Unfunded Mandates Reform Act of 1995.

List of Subjects in 28 CFR Part 16

    Administrative practices and procedures, Courts, Freedom of 
information, Privacy Act.

    Pursuant to the authority vested in the Attorney General by 5 
U.S.C. 552a and delegated to me by Attorney General Order 2940-2008, 
the Department of Justice proposes to amend 28 CFR part 16 as follows:

PART 16--PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION

0
1. The authority citation for part 16 continues to read as follows:

    Authority:  5 U.S.C. 301, 552, 552a, 553; 28 U.S.C. 509, 510, 
534; 31 U.S.C. 3717.

Subpart E--Exemption of Records Systems Under the Privacy Act

0
2. Amend Sec.  16.75 by revising paragraphs (c) and (d) to read as 
follows:


Sec.  16.75  Exemption of the Office of the Inspector General Systems/
Limited Access.

* * * * *
    (c) The Data Analytics Program Records System (JUSTICE/OIG-006) 
system of records is exempt from 5 U.S.C. 552a(c)(3) and (4); (d); 
(e)(1), (2), (3), (5) and (8); and (g) of the Privacy Act. These 
exemptions apply only to the extent that information in this system is 
subject to exemption pursuant to 5 U.S.C. 552a(j) and/or (k). Where 
compliance would not appear to interfere with or adversely affect the 
law enforcement process, and/or where it may be appropriate to permit 
individuals to contest the accuracy of the information collected, e.g., 
public source materials, the applicable exemption may be waived, either 
partially or totally, by OIG.
    (d) Exemptions from the particular subsections are justified for 
the following reasons:
    (1) From subsection (c)(3), the requirement that an accounting be 
made available to the named subject of a record, because release of 
disclosure accounting could alert the subject of an investigation of an 
actual or potential criminal, civil, or regulatory violation to the 
existence of an investigation and the fact that the individual is the 
subject of the investigation. Such a disclosure could also reveal 
investigative interest by not only OIG, but also by the recipient 
agency or component. Since release of such information to the subjects 
of an investigation would provide them with significant information 
concerning the nature of the investigation, release could result in the 
destruction of documentary evidence, improper influencing of witnesses, 
endangerment of the physical safety of confidential sources, witnesses, 
and law enforcement personnel, the fabrication of testimony, flight of 
the subject from the area, and other activities that could impede or 
compromise the investigation. In addition, providing the individual an 
accounting for each disclosure could result in the release of properly 
classified information which would compromise the national defense or 
disrupt foreign policy.
    (2) From subsection (c)(4) notification requirements, for the same 
reasons that justify exempting this system from the access and 
amendment provisions of subsection (d), and similarly, from the 
accounting of disclosures provision of subsection (c)(3). The DOJ takes 
seriously its obligation to maintain accurate records despite its 
assertion of this exemption, and to the extent it, in its sole 
discretion, agrees to permit amendment or correction of DOJ records, it 
will share that information in appropriate cases.
    (3) From subsection (d), the access and amendment provisions, 
because access to the records contained in this system of records could 
inform the subject of an investigation of an actual or potential 
criminal, civil, or regulatory violation, of the existence of the 
investigation; of the nature and scope of the information and evidence 
obtained as to his activities; of the identity of confidential sources, 
witnesses, and law enforcement personnel, and of information that may 
enable the subject to avoid detection or apprehension. These factors 
would present a serious impediment to effective law enforcement where 
they prevent the successful completion of the investigation, endanger 
the physical safety of confidential sources, witnesses, and law 
enforcement personnel, and/or lead to the improper influencing of 
witnesses, the destruction of evidence, or the fabrication of 
testimony. In addition, granting access to such information could 
disclose security-sensitive or confidential business information or 
information that would constitute an unwarranted invasion of the 
personal privacy of third parties. Finally, access to the records could 
result in the release of properly classified information that would 
compromise the national defense or disrupt foreign policy. Amendment of 
the records would interfere with ongoing investigations and law 
enforcement activities and impose an impossible administrative burden 
by requiring investigations to be continuously reinvestigated.
    (4) From subsection (e)(1), because the application of this 
provision could impair investigations and interfere with the law 
enforcement responsibilities of the OIG for the following reasons:
    (i) It is not possible to determine the relevance or necessity of 
specific information in the early stages of a civil, criminal or other 
law enforcement investigation, case, or matter, including 
investigations in which use is made of properly classified information. 
Relevance and necessity are questions of judgment and timing, and it is 
only after the information is evaluated that the relevance and 
necessity of such information can be established.
    (ii) During the course of any investigation, the OIG may obtain 
information concerning actual or potential violations of laws other 
than those within the scope of its jurisdiction. In the interest of 
effective law enforcement, the OIG should retain this information in 
accordance with applicable record retention procedures, as it may aid 
in establishing patterns of criminal activity, and can provide valuable 
leads for Federal and other law enforcement agencies.
    (iii) In interviewing individuals or obtaining other forms of 
evidence during an investigation, information may be supplied to an 
investigator

[[Page 13211]]

which relates to matters incidental to the primary purpose of the 
investigation but which may also relate to matters under the 
investigative jurisdiction of another agency. Such information cannot 
readily be segregated.
    (5) From subsection (e)(2), because, in some instances, the 
application of this provision would present a serious impediment to law 
enforcement for the following reasons:
    (i) The subject of an investigation would be placed on notice as to 
the existence of an investigation and would therefore be able to avoid 
detection or apprehension, to improperly influence witnesses, to 
destroy evidence, or to fabricate testimony.
    (ii) In certain circumstances the subject of an investigation 
cannot be required to provide information to investigators, and 
information relating to a subject's illegal acts, violations of rules 
of conduct, or any other misconduct must be obtained from other 
sources.
    (iii) In any investigation it is necessary to obtain evidence from 
a variety of sources other than the subject of the investigation in 
order to verify the evidence necessary for successful litigation.
    (6) From subsection (e)(3), because the application of this 
provision would provide the subject of an investigation with 
substantial information which could impede or compromise the 
investigation. Providing such notice to a subject of an investigation 
could interfere with an undercover investigation by revealing its 
existence, and could endanger the physical safety of confidential 
sources, witnesses, and investigators by revealing their identities.
    (7) From subsection (e)(5), because the application of this 
provision would prevent the collection of any data not shown to be 
accurate, relevant, timely, and complete at the moment it is collected. 
In the collection of information for law enforcement purposes, it is 
impossible to determine in advance what information is accurate, 
relevant, timely, and complete. Material that may seem unrelated, 
irrelevant, or incomplete when collected may take on added meaning or 
significance as an investigation progresses. The restrictions of this 
provision could interfere with the preparation of a complete 
investigative report, and thereby impede effective law enforcement.
    (8) From subsection (e)(8), because to require individual notice of 
disclosure of information due to compulsory legal process would pose an 
impossible administrative burden on OIG and may alert the subjects of 
law enforcement investigations, who might be otherwise unaware, to the 
fact of those investigations. Such notice could also could reveal 
investigative techniques, procedures, or evidence.
    (9) From subsection (g), to the extent that this system is exempt 
from the access and amendment provisions of subsection (d), pursuant to 
subsections (j)(2), (k)(1), and (k)(2) of the Privacy Act.

    Dated: March 15, 2018.
Katherine Harman-Stokes,
Deputy Director, Office of Privacy and Civil Liberties, United States 
Department of Justice.
[FR Doc. 2018-05657 Filed 3-27-18; 8:45 am]
 BILLING CODE 4410-58-P