Privacy Act of 1974; System of Records, 32678-32681 [2018-15010]

Agencies

• DEPARTMENT OF THE INTERIOR
• Office of the Secretary

[Federal Register Volume 83, Number 135 (Friday, July 13, 2018)]
[Notices]
[Pages 32678-32681]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-15010]


-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

Office of the Secretary

[DOI-2018-0003;DS62200000, DWSN00000.000000, DP.62206, 18XD4523WS]


Privacy Act of 1974; System of Records

AGENCY: Office of the Secretary, Interior.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Department of the Interior is issuing a public notice of 
its intent to modify the Department of the Interior Privacy Act system 
of records, DOI-12, Donations Program Files, to update section titles, 
add a purpose section, reorganize the sections of the system notice 
into the government-wide approved format, add new proposed routine 
uses, and update content in applicable sections of the notice. Updated 
sections include, system location, system manager, categories of 
individuals, categories of records, authorities, routine uses, storage, 
retrieval, retention and disposal, safeguards, notification procedures, 
and record access and contesting record procedures sections.

DATES: This modified system will be effective upon publication. New or 
modified routine uses will be effective August 13, 2018. Submit 
comments on or before August 13, 2018.

ADDRESSES: You may submit comments, identified by docket number DOI-
2018-0003, by any of the following methods:
     Federal e-Rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Mail: Teri Barnett, Departmental Privacy Officer, U.S. 
Department of the Interior, 1849 C Street NW, Room 7112, Washington, DC 
20240.
     Hand-delivering comments to Teri Barnett, Departmental 
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, 
Room 7112, Washington, DC 20240.
     Email: [email protected].
    All submissions received must include the agency name and docket 
number. All comments received will be posted without change to https://www.regulations.gov, including any personal information provided.

FOR FURTHER INFORMATION CONTACT: Paul Batlan, Financial Analyst, 
Conservation Partnerships, Office of Financial Management, U.S. 
Department of the Interior, 1849 C Street NW, Mail Stop 5530 MIB, 
Washington, DC 20240; email at [email protected] or by telephone 
at 202-208-4826.

SUPPLEMENTARY INFORMATION: 

I. Background

    The Department of the Interior (DOI) Office of Financial Management 
maintains the DOI-12, Donations Program Files, system of records. This 
system assists DOI in managing the Donations Program and facilitating 
the evaluation, acceptance, and solicitation of donations of money, 
real property, personal property, services, or other gifts by members 
of the public and organizations to the Department of the Interior and 
its officials.
    DOI is publishing this revised notice to make administrative 
updates to the following sections: System location; system manager; 
authorities; categories of individuals; categories of records; storage; 
retrieval; retention and disposal; safeguards; and the procedures on 
record access, contesting record and notification. This revised notice 
is organized to reflect the government-wide format established by the 
Office of Management and Budget (OMB), which includes new sections on 
the purpose and history of the system of records. Additionally, DOI is 
proposing to modify routine use ``A'' to clarify authorized disclosures 
to the Department of Justice; modify routine

[[Page 32679]]

use ``J'' and add new routine use ``K'' to permit sharing of 
information with appropriate Federal agencies or entities when 
reasonably necessary to assist in efforts to respond to a breach of 
personally identifiable information and to prevent, minimize, or remedy 
the risk of harm to individuals or the Federal Government in accordance 
with OMB policy; and modify routine use ``N'' to further clarify 
authorized disclosures to the news media and the public. DOI last 
published the Donations Program Files system of records notice in the 
Federal Register at 77 FR 66628 (November 6, 2012).

II. Privacy Act

    The Privacy Act of 1974, as amended, embodies fair information 
practice principles in a statutory framework governing the means by 
which Federal agencies collect, maintain, use, and disseminate 
individuals' personal information. The Privacy Act applies to records 
about individuals that are maintained in a ``system of records.'' A 
``system of records'' is a group of any records under the control of an 
agency for which information is retrieved by the name of an individual 
or by some identifying number, symbol, or other identifying particular 
assigned to the individual. The Privacy Act defines an individual as a 
United States citizen or lawful permanent resident. Individuals may 
request access to their own records that are maintained in a system of 
records in the possession or under the control of DOI by complying with 
DOI Privacy Act regulations at 43 CFR part 2, subpart K, and following 
the procedures outlined in the Records Access, Contesting Record, and 
Notification Procedures sections of this notice.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the existence and character of each 
system of records that the agency maintains and the routine uses of 
each system. The revised Donations Program Files system of records 
notice is published in its entirety below. In accordance with 5 U.S.C. 
552a(r), DOI has provided a report of this system of records to the 
Office of Management and Budget and to Congress.

III. Public Participation

    You should be aware your entire comment including your personal 
identifying information, such as your address, phone number, email 
address, or any other personal identifying information in your comment, 
may be made publicly available at any time. While you may request to 
withhold your personal identifying information from public review, we 
cannot guarantee we will be able to do so.

Teri Barnett,
Departmental Privacy Officer.
SYSTEM NAME AND NUMBER
    INTERIOR/DOI-12, Donations Program Files.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records in this system are maintained by the Office of Financial 
Management, U.S. Department of the Interior, 1849 C Street NW, Mail 
Stop 5530 MIB, Washington, DC 20240; and Bureaus and Offices that 
manage Donations Programs.

SYSTEM MANAGER(S):
    Director and Senior Manager for Donations, Office of Financial 
Management, U.S. Department of the Interior, 1849 C Street NW, Mail 
Stop 5530 MIB, Washington, DC 20240. A list of bureau and office level 
senior managers may be obtained by contacting the Office of Financial 
Management at 202-208-4826.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. 301, Departmental Regulations; 43 U.S.C. 1737, Federal 
Land Policy and Management Act, Implementation provisions; 54 U.S.C. 
101101, Authority to accept land, rights-of-way, buildings, other 
property, and money; 43 U.S.C. 36c, Acceptance of contributions from 
public and private sources; cooperation with other agencies in 
prosecution of projects; 16 U.S.C. 742f, Powers of Secretaries of the 
Interior and Commerce.

PURPOSE(S) OF THE SYSTEM:
    The purpose of this system is to assist the Department of the 
Interior (DOI) in managing the Donations Program and facilitating the 
evaluation, acceptance, and solicitation of donations of money, real 
property, personal property, services, or other gifts by members of the 
public and organizations.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals who donate money, real property, personal property, 
services, or other gifts to the DOI and its officials, prospective 
donors, and other individuals who contact or correspond with the DOI 
officials on matters related to the Donations Program. This system may 
also include information on current and former Federal government 
employees, contractors, and volunteers who support or are involved in 
the management of the Donations Program. This system contains records 
concerning corporations and other business entities, which are not 
subject to the Privacy Act. However, records pertaining to individuals 
acting on behalf of corporations and other business entities may 
reflect personal information that may be maintained in the Donations 
Program system of records.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system contains information provided by individuals or 
organizations who propose to donate money, real property, personal 
property, services, or other gifts to the DOI or its officials, and may 
include names; home or work addresses; phone numbers; email addresses; 
other contact information; financial data such as the amount of the 
donation and method of remittance; biographical information; 
descriptions or other information regarding type of donations made; and 
miscellaneous information about gifts donated in the past. This system 
also contains background data and affiliations related to eligibility 
determinations for proposed donations; correspondence or other data 
related to the acceptance of proposed donations; and correspondence and 
data related to the management of the Donations Program.

RECORD SOURCE CATEGORIES:
    Records in the system are obtained from individual members of the 
public, organizations, DOI officials, employees, contractors, 
volunteers, and may be obtained from other Federal officials, state, 
territorial and local government officials, and non-governmental 
organizations, in the course of daily business activities and 
communications related to the management of the Donations Program.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information maintained in this system may be disclosed to authorized 
entities outside DOI for purposes determined to be relevant and 
necessary as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including Offices of the 
U.S. Attorneys, or other Federal agency conducting litigation, or in 
proceedings before any court, adjudicative, or administrative

[[Page 32680]]

body, when it is relevant or necessary to the litigation and one of the 
following is a party to the litigation or has an interest in such 
litigation:
    (1) DOI or any component of DOI;
    (2) Any other Federal agency appearing before the Office of 
Hearings and Appeals;
    (3) Any DOI employee or former employee acting in his or her 
official capacity;
    (4) Any DOI employee or former employee acting in his or her 
individual capacity when DOI or DOJ has agreed to represent that 
employee or pay for private representation of the employee; or
    (5) The United States Government or any agency thereof, when DOJ 
determines that DOI is likely to be affected by the proceeding.
    B. To a congressional office in response to a written inquiry that 
an individual covered by the system, or the heir of such individual if 
the covered individual is deceased, has made to the office.
    C. To the Executive Office of the President in response to an 
inquiry from that office made at the request of the subject of a record 
or a third party on that person's behalf, or for a purpose compatible 
with the reason for which the records are collected or maintained.
    D. To any criminal, civil, or regulatory law enforcement authority 
(whether Federal, state, territorial, local, tribal or foreign) when a 
record, either alone or in conjunction with other information, 
indicates a violation or potential violation of law--criminal, civil, 
or regulatory in nature, and the disclosure is compatible with the 
purpose for which the records were compiled.
    E. To an official of another Federal agency to provide information 
needed in the performance of official duties related to reconciling or 
reconstructing data files or to enable that agency to respond to an 
inquiry by the individual to whom the record pertains.
    F. To Federal, state, territorial, local, tribal, or foreign 
agencies that have requested information relevant or necessary to the 
hiring, firing or retention of an employee or contractor, or the 
issuance of a security clearance, license, contract, grant or other 
benefit, when the disclosure is compatible with the purpose for which 
the records were compiled.
    G. To representatives of the National Archives and Records 
Administration (NARA) to conduct records management inspections under 
the authority of 44 U.S.C. 2904 and 2906.
    H. To state, territorial and local governments and tribal 
organizations to provide information needed in response to court order 
and/or discovery purposes related to litigation, when the disclosure is 
compatible with the purpose for which the records were compiled.
    I. To an expert, consultant, or contractor (including employees of 
the contractor) of DOI that performs services requiring access to these 
records on DOI's behalf to carry out the purposes of the system.
    J. To appropriate agencies, entities, and persons when:
    (1) DOI suspects or has confirmed that there has been a breach of 
the system of
    records;
    (2) DOI has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DOI (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and
    (3) the disclosure made to such agencies, entities and persons is 
reasonably necessary to assist in connection with DOI's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    K. To another Federal agency or Federal entity, when DOI determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in:
    (1) Responding to a suspected or confirmed breach; or
    (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    L. To the Office of Management and Budget (OMB) during the 
coordination and clearance process in connection with legislative 
affairs as mandated by OMB Circular A-19.
    M. To the Department of the Treasury to recover debts owed to the 
United States.
    N. To the news media and the public, with the approval of the 
Public Affairs Officer in consultation with counsel and the Senior 
Agency Official for Privacy, when a matter has become public knowledge; 
when it is necessary to preserve the confidence in the integrity of DOI 
or is necessary to demonstrate the accountability of its officers, 
employees, or individuals covered in the system; or where there exists 
a legitimate public interest in the disclosure of the information, such 
as circumstances where providing information supports a legitimate law 
enforcement or public safety function, or protects the public from 
imminent threat of life or property; except to the extent it is 
determined that release of the specific information in the context of a 
particular case would constitute an unwarranted invasion of personal 
privacy.
    O. To an official of another Federal, state, territorial, local, 
tribal, or foreign agency to provide information needed in the 
performance of official duties related to the verification, 
authorization, or processing of money, real property, personal 
property, services, or other gift donations by individuals or 
organizations, or any issue otherwise related to the purpose for which 
the records were compiled.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained in both paper and electronic form. Paper 
records are maintained in file folders stored in file cabinets. 
Electronic records are maintained as files in computers, computer 
databases, email, and on encrypted removable drives and agency servers.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Information within this system may be retrieved by the DOI office 
or bureau receiving the donation, the benefitting program or activity, 
nature of the gift, size of the donation, the identity of the donor by 
individual or organization name, and may also be retrieved by keyword 
search.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are maintained under Departmental Records Schedule (DRS)-
3.1.0001, Program Monitoring and Policy Development (DAA-0048-2013-
0008-0001), which has been approved by the National Archives and 
Records Administration (NARA). DRS-3.1.0001 is a Department-wide 
records schedule that covers records involved in the regular monitoring 
and oversight of Federal programs. The disposition for these records is 
temporary. These records will be destroyed five years after cut-off, 
which is at the end of the fiscal year in which the final document is 
superseded or obsolete, or upon determination that a final document 
will not be produced. Records not used to support the program are cut 
off at the end of the fiscal year when the document was created as 
these records support the creation of permanent policy records that are 
not authorized for destruction and must be transferred to the National 
Archives in accordance with other records retention schedules. Paper 
records are disposed of by shredding or pulping, and records

[[Page 32681]]

contained on electronic media are degaussed or erased in accordance 
with 384 Departmental Manual 1 and NARA guidelines.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The records contained in this system are safeguarded in accordance 
with 43 CFR 2.226 and other applicable security and privacy rules and 
policies. During normal hours of operation, paper records are 
maintained in locked file cabinets under the control of authorized 
personnel. Electronic records are safeguarded by permissions set to 
``Authenticated Users'' which require password login. Computer servers 
on which electronic records are stored are located in secured DOI 
controlled facilities with physical, technical and administrative 
levels of security to prevent unauthorized access to the DOI network 
and information assets. The computer servers in which electronic 
records are stored are located in DOI facilities that are secured by 
security guards, alarm systems and off-master key access. Access to 
servers containing records in this system is limited to DOI personnel 
and other authorized parties who have a need to know the information 
for the performance of their official duties. Data exchanged between 
the servers and the system is encrypted. Backup tapes are encrypted and 
stored in a locked and controlled room in a secure, off-site location.
    Computerized records systems follow the National Institute of 
Standards and Technology privacy and security standards as developed to 
comply with the Privacy Act of 1974, 5 U.S.C. 552a; Paperwork Reduction 
Act of 1995, 44 U.S.C. 3501-3521; Federal Information Security 
Modernization Act of 2014, 44 U.S.C. 3551-3558; and the Federal 
Information Processing Standards 199: Standards for Security 
Categorization of Federal Information and Information Systems. Security 
controls include user identification, passwords, database permissions, 
encryption, firewalls, audit logs, and network system security 
monitoring, and software controls. Access to records in the system is 
limited to authorized personnel who have a need to access the records 
in the performance of their official duties, and each user's access is 
restricted to only the functions and data necessary to perform that 
person's job responsibilities. System administrators and authorized 
users are trained and required to follow established internal security 
protocols and must complete all security, privacy, and records 
management training and sign the DOI Rules of Behavior.

RECORD ACCESS PROCEDURES:
    An individual requesting records on himself or herself should send 
a signed, written inquiry to the applicable System Manager identified 
above. The request must include the specific bureau or office that 
maintains the record to facilitate location of the applicable records. 
The request envelope and letter should both be clearly marked ``PRIVACY 
ACT REQUEST FOR ACCESS.'' A request for access must meet the 
requirements of 43 CFR 2.238.

CONTESTING RECORD PROCEDURES:
    An individual requesting corrections or the removal of material 
from his or her records should send a signed, written request to the 
applicable System Manager as identified above. The request must include 
the specific bureau or office that maintains the record to facilitate 
location of the applicable records. A request for corrections or 
removal must meet the requirements of 43 CFR 2.246.

NOTIFICATION PROCEDURES:
    An individual requesting notification of the existence of records 
on himself or herself should send a signed, written inquiry to the 
applicable System Manager as identified above. The request must include 
the specific bureau or office that maintains the record to facilitate 
location of the applicable records. The request envelope and letter 
should both be clearly marked ``PRIVACY ACT INQUIRY.'' A request for 
notification must meet the requirements of 43 CFR 2.235.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    77 FR 66628 (November 6, 2012).
[FR Doc. 2018-15010 Filed 7-12-18; 8:45 am]
 BILLING CODE 4334-63-P