Privacy Act of 1974; System of Records, 50682-50686 [2018-21796]
Download as PDF
<![CDATA[
amozie on DSK3GDR082PROD with NOTICES1
50682
Federal Register / Vol. 83, No. 195 / Tuesday, October 9, 2018 / Notices
the Oil Pollution Act of 1990 (OPA; 33
U.S.C. 2701 et seq.). Pursuant to the
OPA, Federal and State agencies act as
trustees on behalf of the public to assess
natural resource injuries and losses and
to determine the actions required to
compensate the public for those injuries
and losses. The OPA further instructs
the designated trustees to develop and
implement a plan for the restoration,
rehabilitation, replacement, or
acquisition of the equivalent of the
injured natural resources under their
trusteeship, including the loss of use of
and services from those resources from
the time of injury until the time of
restoration to baseline (the resource
quality and conditions that would exist
if the spill had not occurred) is
complete.
The Deepwater Horizon Trustees are:
• U.S. Department of the Interior
(DOI), as represented by the National
Park Service, U.S. Fish and Wildlife
Service, and Bureau of Land
Management;
• National Oceanic and Atmospheric
Administration (NOAA), on behalf of
the U.S. Department of Commerce;
• U.S. Department of Agriculture
(USDA);
• U.S. Environmental Protection
Agency (EPA);
• State of Louisiana Coastal
Protection and Restoration Authority,
Oil Spill Coordinator’s Office,
Department of Environmental Quality,
Department of Wildlife and Fisheries,
and Department of Natural Resources;
• State of Mississippi Department of
Environmental Quality;
• State of Alabama Department of
Conservation and Natural Resources and
Geological Survey of Alabama;
• State of Florida Department of
Environmental Protection and Fish and
Wildlife Conservation Commission; and
• State of Texas: Texas Parks and
Wildlife Department, Texas General
Land Office, and Texas Commission on
Environmental Quality.
The Trustees reached and finalized a
settlement of their natural resource
damage claims with BP in an April 4,
2016, Consent Decree approved by the
U.S. District Court for the Eastern
District of Louisiana. Pursuant to that
Consent Decree, restoration projects in
the Open Ocean Restoration Area are
now selected and implemented by the
Open Ocean TIG. The Open Ocean TIG
is composed of four federal Trustees:
DOI, NOAA, EPA, and USDA.
Background
On March 31, 2017, the Open Ocean
TIG posted a public notice at https://
www.gulfspillrestoration.noaa.gov,
requesting new or revised natural
VerDate Sep<11>2014
19:13 Oct 05, 2018
Jkt 247001
resource restoration project ideas by
May 15, 2017, for the Open Ocean
Restoration Area for the 2017–20
planning years. The notice stated that
the Open Ocean TIG was seeking project
ideas for the following Restoration
Types: (1) Birds; (2) Sturgeon; (3) Sea
Turtles; (4) Marine Mammals; (5) Fish
and Water Column Invertebrates; and (6)
Mesophotic and Deep Benthic
Communities.
On February 7, 2018, the Open Ocean
TIG announced that it had initiated
drafting of its first and second post
settlement draft restoration plans; and
that the first plan would include
restoration projects for Birds and
Sturgeon, while the second plan would
include restoration projects for Sea
Turtles, Marine Mammals, Fish and
Water Column Invertebrates, and
Mesophotic and Deep Benthic
Communities.
Next Steps
As described above, two public
webinars are scheduled to facilitate the
public review and comment process on
the Draft RP1/EA. After the public
comment period ends, the Open Ocean
TIG will consider and address the
comments received before issuing a
final RP1/EA.
Overview of the Open Ocean TIG Draft
RP1/EA
Administrative Record
The documents comprising the
Administrative Record for the Draft
RP1/EA can be viewed electronically at
https://www.doi.gov/deepwaterhorizon/
administrativerecord.
The Draft RP1/EA is being released in
accordance with the OPA, NRDA
regulations found in the Code of Federal
Regulations (CFR) at 15 CFR part 990,
NEPA, the Consent Decree, and the
Final PDARP/PEIS.
In the Draft RP1/EA, the Open Ocean
TIG proposes three preferred
alternatives from the Bird and Sturgeon
restoration types, at an estimated total
cost of $16,000,000. The preferred
alternatives include restoration of
common loons in Minnesota through
conservation easements or fee title
acquisitions of loon nesting habitat,
breeding habitat enhancements, and
reduction in exposure to lead-based
fishing tackle; restoration of black terns
in the prairie pothole region of North
Dakota and South Dakota through
conservation easements of black tern
nesting habitat; and characterizing Gulf
sturgeon spawning habitat, habitat use,
and origins of juvenile sturgeon in the
Pearl and Pascagoula River Systems in
Louisiana and Mississippi. The Open
Ocean TIG also analyzes three
additional alternatives, as well as the
no-action alternative in the Draft RP1/
EA. One or more alternatives may be
selected for implementation by the
Open Ocean TIG in the Final RP1/EA or
in future restoration plans.
The proposed alternatives are
intended to continue the process of
using Deepwater Horizon restoration
funding to restore natural resources
injured or lost as a result of the
Deepwater Horizon oil spill. Additional
restoration planning for the Open Ocean
Restoration Area will continue.
PO 00000
Frm 00052
Fmt 4703
Sfmt 4703
Public Availability of Comments
Before including your address, phone
number, email address, or other
personal identifying information in your
comment, you should be aware that
your entire comment—including your
personal identifying information—may
be made publicly available at any time.
While you can ask us in your comment
to withhold your personal identifying
information from public review, we
cannot guarantee that we will be able to
do so.
Authority
The authority for this action is the Oil
Pollution Act of 1990 (33 U.S.C. 2701 et
seq.), its implementing Natural Resource
Damage Assessment regulations found
at 15 CFR part 990, and the National
Environmental Policy Act of 1969 (42
U.S.C. 4321 et seq.).
Kevin D. Reynolds,
Assistant Regional Director—Gulf
Restoration, FWS; Department of the Interior
Natural Resource Trustee Official for the
Open Ocean Trustee Implementation Group.
[FR Doc. 2018–21602 Filed 10–5–18; 8:45 am]
BILLING CODE 4333–15–P
DEPARTMENT OF THE INTERIOR
Office of the Secretary
[DOI–2018–0008; 18XD4523WS,
DS64900000, DWSN00000.000000,
DP.64916]
Privacy Act of 1974; System of
Records
Office of the Secretary, Interior.
Notice of a modified system of
AGENCY:
ACTION:
records.
Pursuant to the provisions of
the Privacy Act of 1974, as amended,
the Department of the Interior proposes
to modify the Department of the Interior
‘‘DOI–16, DOI LEARN (Departmentwide Learning Management System)’’
system of records notice. This system of
SUMMARY:
E:\FR\FM\09OCN1.SGM
09OCN1
Federal Register / Vol. 83, No. 195 / Tuesday, October 9, 2018 / Notices
amozie on DSK3GDR082PROD with NOTICES1
records helps the Department of the
Interior maintain and validate training
records, manage class rosters and
transcripts, meet Federal mandatory
training and statistical reporting
requirements, and manage other
functions related to training and
educational programs. This modified
system will be included in the
Department of the Interior’s inventory of
record systems.
DATES: This modified system will be
effective upon publication. New or
modified routine uses will be effective
November 8, 2018. Submit comments on
or before November 8, 2018.
ADDRESSES: You may submit comments,
identified by docket number DOI–2018–
0008, by any of the following methods:
• Federal e-Rulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
• Mail: Teri Barnett, Departmental
Privacy Officer, U.S. Department of the
Interior, 1849 C Street NW, Room 7112,
Washington, DC 20240.
• Hand-delivering comments to Teri
Barnett, Departmental Privacy Officer,
U.S. Department of the Interior, 1849 C
Street NW, Room 7112, Washington, DC
20240.
• Email: DOI_Privacy@ios.doi.gov.
All submissions received must
include the agency name and docket
number. All comments received will be
posted without change to https://
www.regulations.gov, including any
personal information provided.
FOR FURTHER INFORMATION CONTACT: Teri
Barnett, Departmental Privacy Officer,
U.S. Department of the Interior, 1849 C
Street NW, Room 7112, Washington, DC
20240, email at DOI_Privacy@
ios.doi.gov or by telephone at (202) 208–
1605.
SUPPLEMENTARY INFORMATION:
I. Background
The Department of the Interior (DOI),
Office of the Secretary maintains the
DOI–16, DOI LEARN, system of records
to manage Department-wide, bureau and
office training and learning programs.
This system of record helps DOI
maintain and validate training records,
manage class rosters and transcripts for
course administrators and the student or
learner, meet Federal mandatory
training and statistical reporting
requirements, and manage other
programmatic functions related to
training and educational programs. DOI
collects personal information from
students in order to communicate
training opportunities, manage course
registration and delivery, validate
training records necessary for
certification or granting of college
VerDate Sep<11>2014
19:13 Oct 05, 2018
Jkt 247001
credit, process billing information for
training classes, and to meet Federal
training reporting requirements.
Information may also be collected to
comply with the Americans with
Disabilities Act requirements to address
facilities accommodations. Training and
learning records are maintained in DOI’s
web-based learning management
system, and bureau and office systems
and locations where training programs
are managed.
DOI is revising the system of records
notice to update the system name,
system location, system manager and
address, categories of individuals,
categories of records, storage,
retrievability, safeguards, retention and
disposal, notification procedures,
records access and contesting
procedures, and records source
categories; reorganize the sections and
add new sections to describe the
purpose of the system and history in
accordance with Office of Management
and Budget (OMB) Circular A–108; and
provide general and administrative
updates to the remaining sections.
Additionally, DOI is modifying existing
routine uses to provide clarity and
transparency, and proposing to add new
proposed routine uses to permit sharing
of information with other agencies to
respond to breaches of personally
identifiable information. Routine uses
D, E, H, I, and J have been modified to
provide additional clarification on
external organizations and
circumstances where disclosures are
proper and necessary to facilitate
training functions or to comply with
Federal requirements. Routine use G
was modified to further clarify
disclosures to the Department of Justice
or other Federal agencies when
necessary in relation to litigation or
judicial proceedings.
DOI is proposing to add new routine
uses K through S to facilitate sharing of
information with agencies and
organizations to ensure the efficient and
effective management of training for
employees, promote the integrity of the
records in the system, or carry out a
statutory responsibility of the DOI or the
Federal Government. Proposed routine
use K facilitates sharing of information
with the Executive Office of the
President to resolve issues concerning
individual’s records. Routine use L
allows DOI to refer matters to the
appropriate Federal, state, local, or
foreign agencies, or other public
authority agencies responsible for
investigating or prosecuting violations
of law. Routine use M facilitates sharing
with other government and tribal
organizations pursuant to a court order
or discovery request. Modified routine
PO 00000
Frm 00053
Fmt 4703
Sfmt 4703
50683
use N and proposed routine use O allow
DOI to share information with
appropriate Federal agencies or entities
when reasonably necessary to respond
to a breach of personally identifiable
information and to prevent, minimize,
or remedy the risk of harm to
individuals or the Federal Government,
or assist an agency in locating
individuals affected by a breach in
accordance with OMB Memorandum
M–17–12, ‘‘Preparing for and
Responding to a Breach of Personally
Identifiable Information.’’ Routine use P
facilitates sharing of privacy
information with OMB as required
under OMB Circular A–19, ‘‘Legislative
Coordination and Clearance.’’ Routine
use Q allows DOI to share information
with the Department of the Treasury to
recover debts owed to the United States.
Routine use R allows DOI to disclose
information to the news media and the
public when there is a legitimate public
interest in the information, or to
demonstrate accountability or ensure
effective Government functions. Routine
use S allows DOI to share information
with the Office of Personnel
Management to maintain integrity of
employee training records and provide
training reports to meet Federal training
requirements.
II. Privacy Act
The Privacy Act of 1974, as amended,
embodies fair information practice
principles in a statutory framework
governing the means by which Federal
agencies collect, maintain, use, and
disseminate individuals’ records. The
Privacy Act applies to records about
individuals that are maintained in a
‘‘system of records.’’ A ‘‘system of
records’’ is a group of any records under
the control of an agency from which
information is retrieved by the name of
an individual or by some identifying
number, symbol, or other identifying
particular assigned to the individual.
The Privacy Act defines an individual
as a United States citizen or an alien
lawfully admitted for permanent
residence. Individuals may request
access to their own records that are
maintained in a system of records in the
possession or under the control of DOI
by complying with DOI Privacy Act
regulations at 43 CFR part 2, subpart K,
and following the procedures outlined
in the Records Access, Contesting
Record, and Notification Procedures
sections of this notice.
The Privacy Act requires each agency
to publish in the Federal Register a
description denoting the existence and
character of each system of records that
the agency maintains and the routine
uses of each system. The revised DOI
E:\FR\FM\09OCN1.SGM
09OCN1
50684
Federal Register / Vol. 83, No. 195 / Tuesday, October 9, 2018 / Notices
learning management system of records
notice is published in its entirety below.
In accordance with 5 U.S.C. 552a(r), DOI
has provided a report of this system of
records to the Office of Management and
Budget and to Congress.
Management in Federal Service; 5 CFR
410, Subpart C, Establishing and
Implementing Training Programs;
Americans with Disabilities Act (42
U.S.C. 12101); and the E-Government
Act of 2002 (44 U.S.C. 3501, et seq.).
III. Public Participation
You should be aware your entire
comment including your personal
identifying information, such as your
address, phone number, email address,
or any other personal identifying
information in your comment, may be
made publicly available at any time.
While you may request to withhold your
personal identifying information from
public review, we cannot guarantee we
will be able to do so.
PURPOSE(S) OF THE SYSTEM:
Teri Barnett,
Departmental Privacy Officer.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
SYSTEM NAME AND NUMBER:
INTERIOR/DOI–16, Learning Management
System.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
(1) Department-wide training records
are centrally managed by the Office of
Policy, Management and Budget, Chief
Human Capital Office, and are
maintained in the Department’s learning
management system located at a DOIcontrolled datacenter at U.S.
Department of the Interior, 7301 W
Mansfield Avenue, Denver, CO 80235.
(2) Records are also located in DOI
bureau and office facilities, systems, and
portals that manage or sponsor training
and educational programs.
SYSTEM MANAGER(S):
(1) Chief Learning Officer, Office of
the Secretary, Department of the
Interior, Main Interior Building, 1849 C
Street NW, Washington, DC 20240.
(2) Bureau and Office Learning
Managers responsible for managing
training, educational and learning
programs. A current list of the Learning
Managers and their addresses is
available on the DOI Learn Bureau
Contact website at https://www.doi.gov/
doilearn/datastewards/.
amozie on DSK3GDR082PROD with NOTICES1
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 4101, et seq., Government
Organization and Employee Training; 5
U.S.C. 1302, 2951, 4118, 4506, 3101; 43
U.S.C. 1457; Title VI of the Civil Rights
Act of 1964 as amended (42 U.S.C.
2000d); Executive Order 11348,
Providing for Further Training of
Government Employees, as amended by
Executive Order 12107, Relating to Civil
Service Commission and Labor
VerDate Sep<11>2014
19:13 Oct 05, 2018
The primary purposes of the system
are to: (1) Manage training and learning
programs; (2) plan and facilitate training
courses including outreach, registration,
enrollment and payment; (3) maintain
and validate training records for
certification and mandatory compliance
reporting; (4) meet Federal training
statistical reporting requirements; (5)
maintain class rosters and transcripts for
course administrators, students and
learners; and (6) generate budget
estimates for training requirements.
Jkt 247001
DOI employees, contractors, interns,
emergency workers, volunteers and
appointees who receive training related
to their official duties, whether or not
sponsored by DOI bureaus and offices.
Non-DOI individuals who participate in
DOI-sponsored training and educational
programs, or participate in DOIsponsored meetings and activities
related to training and educational
programs. Non-DOI individuals may
include individuals from other Federal,
state or local agencies, private or notfor-profit organizations, universities and
other schools, and members of the
public.
CATEGORIES OF RECORDS IN THE SYSTEM:
Training, educational and learning
management records may include
course registration, attendance rosters,
and course information including
course title, class name, objectives,
description, and who should attend;
class status information including begin
and end dates, responsible class
instructor, completion status and
certification requirements; student
transcripts (course(s) completed/not
completed, test scores, acquired skills);
and correspondence, reports and
documentation related to training,
education and learning management
programs. These records may contain:
Name, Social Security number,
employee common identifier generated
from the DOI Federal Personnel and
Payroll System (FPPS), login username,
password, agency or organization
affiliation, work or personal address,
work or personal phone and fax
number, work or personal email
address, gender, date of birth,
organization code, position title,
occupational series, pay plan, grade
PO 00000
Frm 00054
Fmt 4703
Sfmt 4703
level, supervisory status, type of
appointment, education level, duty
station code, agency, bureau, office,
organization, supervisor’s name and
phone number, date of Federal service,
date of organization or position
assignment, date of last promotion,
occupational category, race, national
origin, and adjusted basic pay. Records
may also include billing information
such as responsible agency, tax
identifier number, DUNS number,
purchase order numbers, agency
location codes and credit card
information. Records maintained on
non-DOI individuals is generally limited
to name, agency or organization
affiliation, address, work and personal
phone and fax numbers, work and
personal email addresses, supervisor
name and contact information, position
title, occupational series, and billing
information.
RECORD SOURCE CATEGORIES:
Information on DOI employees is
obtained directly from individuals on
whom the records are maintained,
supervisors, or existing DOI records.
Historical employee training records
may be obtained from other DOI
learning management systems.
Information from non-DOI individuals
who register or participate in DOIsponsored training programs is obtained
from individuals through paper and
electronic forms. Information may also
be obtained by another agency,
institution or organization that
sponsored the training event.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
THE PURPOSES OF SUCH USES:
In addition to those disclosures
generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a
portion of the records or information
contained in this system may be
disclosed outside DOI as a routine use
pursuant to 5 U.S.C. 552a(b)(3) as
follows:
A. To release statistical information
and training reports to other
organizations who are involved with the
training.
B. To disclose information to other
Government training facilities (Federal,
state, and local) and to non-Government
training facilities (private vendors of
training courses or programs, private
schools, etc.) for training purposes.
C. To provide transcript information
to education institutions upon the
student’s request in order to facilitate
transfer of credit to that institution, and
to provide college and university
officials with information about their
students working in the Pathways
E:\FR\FM\09OCN1.SGM
09OCN1
amozie on DSK3GDR082PROD with NOTICES1
Federal Register / Vol. 83, No. 195 / Tuesday, October 9, 2018 / Notices
Program, Volunteer Service, or other
similar programs necessary to a
student’s obtaining credit for the
experience.
D. To Federal, state, territorial, local,
tribal, or foreign agencies that have
requested information relevant or
necessary to the hiring, firing or
retention of an employee or contractor,
or the issuance of a security clearance,
license, contract, grant or other benefit,
when the disclosure is compatible with
the purpose for which the records were
compiled.
E. To an expert, consultant, grantee,
or contractor (including employees of
the contractor) of DOI that performs
services requiring access to these
records on DOI’s behalf to carry out the
purposes of the system.
F. To share logistical or attendance
information with partner agencies
(Government or non-Government) who,
based on cooperative training
agreements, have a need to know.
G. To the Department of Justice (DOJ),
including Offices of the U.S. Attorneys,
or other Federal agency conducting
litigation or in proceedings before any
court, adjudicative, or administrative
body, when it is relevant or necessary to
the litigation and one of the following
is a party to the litigation or has an
interest in such litigation:
(1) DOI or any component of DOI;
(2) Any other Federal agency
appearing before the Office of Hearings
and Appeals;
(3) Any DOI employee or former
employee acting in his or her official
capacity;
(4) Any DOI employee or former
employee acting in his or her individual
capacity when DOI or DOJ has agreed to
represent that employee or pay for
private representation of the employee;
or
(5) The United States Government or
any agency thereof, when DOJ
determines that DOI is likely to be
affected by the proceeding.
H. To a congressional office when
requesting information on behalf of, and
at the request of, the individual who is
the subject of the record.
I. To an official of another Federal,
state or local government or Tribal
organization to provide information
needed in the performance of official
duties related to reconciling or
reconstructing data files, in support of
the functions for which the records were
collected and maintained, or to enable
that agency to respond to an inquiry by
the individual to whom the record
pertains.
J. To representatives of the National
Archives and Records Administration
(NARA) to conduct records management
VerDate Sep<11>2014
19:13 Oct 05, 2018
Jkt 247001
inspections under the authority of 44
U.S.C. 2904 and 2906.
K. To the Executive Office of the
President in response to an inquiry from
that office made at the request of the
subject of a record or a third party on
that person’s behalf, or for a purpose
compatible with the reason for which
the records are collected or maintained.
L. To any criminal, civil, or regulatory
law enforcement authority (whether
Federal, state, territorial, local, tribal or
foreign) when a record, either alone or
in conjunction with other information,
indicates a violation or potential
violation of law—criminal, civil, or
regulatory in nature, and the disclosure
is compatible with the purpose for
which the records were compiled.
M. To state, territorial and local
governments and tribal organizations to
provide information needed in response
to court order and/or discovery
purposes related to litigation, when the
disclosure is compatible with the
purpose for which the records were
compiled.
N. To appropriate agencies, entities,
and persons when:
(1) DOI suspects or has confirmed that
there has been a breach of the system of
records;
(2) DOI has determined that as a result
of the suspected or confirmed breach
there is a risk of harm to individuals,
DOI (including its information systems,
programs, and operations), the Federal
Government, or national security; and
(3) the disclosure made to such
agencies, entities and persons is
reasonably necessary to assist in
connection with DOI’s efforts to respond
to the suspected or confirmed breach or
to prevent, minimize, or remedy such
harm.
O. To another Federal agency or
Federal entity, when DOI determines
that information from this system of
records is reasonably necessary to assist
the recipient agency or entity in:
(1) responding to a suspected or
confirmed breach; or
(2) preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including its information
systems, programs, and operations), the
Federal Government, or national
security, resulting from a suspected or
confirmed breach.
P. To the Office of Management and
Budget (OMB) during the coordination
and clearance process in connection
with legislative affairs as mandated by
OMB Circular A–19.
Q. To the Department of the Treasury
to recover debts owed to the United
States.
PO 00000
Frm 00055
Fmt 4703
Sfmt 4703
50685
R. To the news media and the public,
with the approval of the Public Affairs
Officer in consultation with counsel and
the Senior Agency Official for Privacy,
where there exists a legitimate public
interest in the disclosure of the
information, except to the extent it is
determined that release of the specific
information in the context of a
particular case would constitute an
unwarranted invasion of personal
privacy.
S. To the Office of Personnel
Management to disclose information on
employee general training, including
recommendations and completion,
specialized training obtained,
participation in government-sponsored
training, or training history as required
to provide workforce information for
official personnel files.
DISCLOSURE TO CONSUMER REPORTING
AGENCIES:
Pursuant to 5 U.S.C. 552a(b)(12),
records may be disclosed to consumer
reporting agencies as they are defined in
the Fair Credit Reporting Act (15 U.S.C.
1681a(f)) or the Federal Claims
Collection Act of 1966 (31 U.S.C.
3701(a)(3)).
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Records are stored in systems,
databases, electronic media on hard
disks, magnetic tapes, compact disks
and paper media.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Information from this system is
retrieved by either unique identifying
fields (e.g., student name or email
address) or by general category (e.g.,
course code, training location, class start
date, registration date, affiliation,
mandatory training compliance and
payment status).
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
DOI training records are maintained
under Department Records Schedule
(DRS)—1.2.0004, Short-Term Human
Resources Records (DAA–0048–2013–
0001–0004) and DRS –1.2.0005, Longterm Human Resources Records (DAA–
0048–2013–0001–0005), which were
approved by NARA. General employee
training records and working files have
a temporary disposition authority and
are maintained for three years. Records
will be cut off at the end of fiscal year
in which files are closed, and the
records will be destroyed 3 years after
cut-off. Employee performance and
competency management records
maintained under DRS 1.2.0005 have a
longer retention period. The records
E:\FR\FM\09OCN1.SGM
09OCN1
50686
Federal Register / Vol. 83, No. 195 / Tuesday, October 9, 2018 / Notices
disposition is temporary, and records
will be cut off at the end of the fiscal
year in which the record is created.
Contractor data will be cut off when the
contractor separates or is no longer
employed by the agency. Records must
be retained 7 years after cut-off.
Training records related to specialized
program areas may be covered under
other approved records retention
schedules based on the program or
mission area and agency needs.
Retention periods may vary based on
the training program or subject matter,
and longer retention is authorized for
specific training programs when it is
necessary to support business use or to
meet Federal records requirements.
Approved destruction methods for
temporary records that have met their
retention period include shredding or
pulping paper records, and erasing or
degaussing electronic records in
accordance with 384 Departmental
Manual 1 and NARA guidelines.
amozie on DSK3GDR082PROD with NOTICES1
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
The records maintained in this system
are safeguarded in accordance with 43
CFR 2.226 and other applicable security
rules and policies. During normal hours
of operation, paper or micro format
records are maintained in locked file
cabinets in secured rooms under the
control of authorized personnel.
Information technology systems follow
the National Institute of Standards and
Technology privacy and security
standards developed to comply with the
Privacy Act of 1974 as amended, 5
U.S.C. 552a; the Paperwork Reduction
Act of 1995, Public Law 104–13; the
Federal Information Security
Modernization Act of 2014, Public Law
113–283, as codified at 44 U.S.C. 3551,
et seq.; and the Federal Information
Processing Standard 199, Standards for
Security Categorization of Federal
Information and Information Systems.
Computer servers on which electronic
records are stored are located in secured
DOI facilities with physical, technical
and administrative levels of security to
prevent unauthorized access to the DOI
network and information assets.
Security controls include encryption,
firewalls, audit logs, and network
system security monitoring. Electronic
data is protected through user
identification, passwords, database
permissions and software controls.
Access to records in the system is
limited to authorized personnel who
have a need to access the records in the
performance of their official duties, and
each person’s access is restricted to only
the functions and data necessary to
perform that person’s job
VerDate Sep<11>2014
19:13 Oct 05, 2018
Jkt 247001
responsibilities. System administrators
and authorized users for DOI are trained
and required to follow established
internal security protocols and must
complete all security, privacy, and
records management training, and sign
DOI Rules of Behavior.
Computerized records systems follow
the National Institute of Standards and
Technology privacy and security
standards as developed to comply with
the Privacy Act of 1974, 5 U.S.C. 552a;
Paperwork Reduction Act of 1995, 44
U.S.C. 3501–3521; Federal Information
Security Modernization Act of 2014, 44
U.S.C. 3551–3558; and the Federal
Information Processing Standards 199:
Standards for Security Categorization of
Federal Information and Information
Systems. Security controls include user
identification, passwords, database
permissions, encryption, firewalls, audit
logs, and network system security
monitoring, and software controls. A
privacy impact assessment was
conducted on DOI’s learning
management system to ensure that
Privacy Act requirements are met and
appropriate privacy controls were
implemented to safeguard personally
identifiable information.
RECORD ACCESS PROCEDURES:
An individual requesting records on
himself or herself should send a signed,
written inquiry to the System Manager
as identified above. The request must
include the specific bureau or office that
maintains the record to facilitate
location of the applicable records. The
request envelope and letter should both
be clearly marked ‘‘PRIVACY ACT
REQUEST FOR ACCESS.’’ A request for
access must meet the requirements of 43
CFR 2.238.
CONTESTING RECORD PROCEDURES:
An individual requesting corrections
or the removal of material from his or
her records should send a signed,
written request to the System Manager
as identified above. The request must
include the specific bureau or office that
maintains the record to facilitate
location of the applicable records. A
request for corrections or removal must
meet the requirements of 43 CFR 2.246.
NOTIFICATION PROCEDURES:
An individual requesting notification
of the existence of records on himself or
herself should send a signed, written
inquiry to the System Manager as
identified above. The request must
include the specific bureau or office that
maintains the record to facilitate
location of the applicable records. The
request envelope and letter should both
be clearly marked ‘‘PRIVACY ACT
PO 00000
Frm 00056
Fmt 4703
Sfmt 4703
INQUIRY.’’ A request for notification
must meet the requirements of 43 CFR
2.235.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
70 FR 58230 (October 5, 2005);
modification published at 73 FR 8342
(February 13, 2008).
[FR Doc. 2018–21796 Filed 10–5–18; 8:45 am]
BILLING CODE 4334–63–P
DEPARTMENT OF THE INTERIOR
Office of the Secretary
[XXXD5198NI DS61100000
DNINR0000.000000 DX61104]
Exxon Valdez Oil Spill Public Advisory
Committee
Office of the Secretary, Interior.
Notice of renewal.
AGENCY:
ACTION:
The U.S. Department of the
Interior announces the charter renewal
of the Exxon Valdez Oil Spill Public
Advisory Committee.
FOR FURTHER INFORMATION CONTACT: Dr.
Philip Johnson, U.S. Department of the
Interior, Office of Environmental Policy
and Compliance, 1689 C Street, Suite
119, Anchorage, Alaska 99501–5126,
907–271–5011.
SUPPLEMENTARY INFORMATION: The Court
Order establishing the Exxon Valdez Oil
Spill Trustee Council also requires a
public advisory committee. The Public
Advisory Committee was established to
advise the Trustee Council and began
functioning in October 1992. The Public
Advisory Committee consists of 10
members representing the following
principal interests: Aquaculture/
mariculture, commercial fishing,
commercial tourism, recreation,
conservation/environmental, Native
landownership, sport hunting/fishing,
subsistence, science/technology, and
public-at-large. In order to ensure that a
broad range of public viewpoints
continues to be available to the Trustee
Council, and in keeping with the
settlement agreement, the continuation
of the Public Advisory Committee is
necessary.
In accordance with the provisions of
the Federal Advisory Committee Act, as
amended (5 U.S.C., App. 2), and in
consultation with the General Services
Administration, the Secretary of the
Interior hereby renews the charter for
the Exxon Valdez Oil Spill Public
Advisory Committee.
Certification Statement: I hereby
certify that the renewal of the charter for
SUMMARY:
E:\FR\FM\09OCN1.SGM
09OCN1
]]>Agencies
[Federal Register Volume 83, Number 195 (Tuesday, October 9, 2018)]
[Notices]
[Pages 50682-50686]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-21796]
-----------------------------------------------------------------------
DEPARTMENT OF THE INTERIOR
Office of the Secretary
[DOI-2018-0008; 18XD4523WS, DS64900000, DWSN00000.000000, DP.64916]
Privacy Act of 1974; System of Records
AGENCY: Office of the Secretary, Interior.
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as
amended, the Department of the Interior proposes to modify the
Department of the Interior ``DOI-16, DOI LEARN (Department-wide
Learning Management System)'' system of records notice. This system of
[[Page 50683]]
records helps the Department of the Interior maintain and validate
training records, manage class rosters and transcripts, meet Federal
mandatory training and statistical reporting requirements, and manage
other functions related to training and educational programs. This
modified system will be included in the Department of the Interior's
inventory of record systems.
DATES: This modified system will be effective upon publication. New or
modified routine uses will be effective November 8, 2018. Submit
comments on or before November 8, 2018.
ADDRESSES: You may submit comments, identified by docket number DOI-
2018-0008, by any of the following methods:
Federal e-Rulemaking Portal: https://www.regulations.gov.
Follow the instructions for submitting comments.
Mail: Teri Barnett, Departmental Privacy Officer, U.S.
Department of the Interior, 1849 C Street NW, Room 7112, Washington, DC
20240.
Hand-delivering comments to Teri Barnett, Departmental
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW,
Room 7112, Washington, DC 20240.
Email: [email protected].
All submissions received must include the agency name and docket
number. All comments received will be posted without change to https://www.regulations.gov, including any personal information provided.
FOR FURTHER INFORMATION CONTACT: Teri Barnett, Departmental Privacy
Officer, U.S. Department of the Interior, 1849 C Street NW, Room 7112,
Washington, DC 20240, email at [email protected] or by telephone
at (202) 208-1605.
SUPPLEMENTARY INFORMATION:
I. Background
The Department of the Interior (DOI), Office of the Secretary
maintains the DOI-16, DOI LEARN, system of records to manage
Department-wide, bureau and office training and learning programs. This
system of record helps DOI maintain and validate training records,
manage class rosters and transcripts for course administrators and the
student or learner, meet Federal mandatory training and statistical
reporting requirements, and manage other programmatic functions related
to training and educational programs. DOI collects personal information
from students in order to communicate training opportunities, manage
course registration and delivery, validate training records necessary
for certification or granting of college credit, process billing
information for training classes, and to meet Federal training
reporting requirements. Information may also be collected to comply
with the Americans with Disabilities Act requirements to address
facilities accommodations. Training and learning records are maintained
in DOI's web-based learning management system, and bureau and office
systems and locations where training programs are managed.
DOI is revising the system of records notice to update the system
name, system location, system manager and address, categories of
individuals, categories of records, storage, retrievability,
safeguards, retention and disposal, notification procedures, records
access and contesting procedures, and records source categories;
reorganize the sections and add new sections to describe the purpose of
the system and history in accordance with Office of Management and
Budget (OMB) Circular A-108; and provide general and administrative
updates to the remaining sections. Additionally, DOI is modifying
existing routine uses to provide clarity and transparency, and
proposing to add new proposed routine uses to permit sharing of
information with other agencies to respond to breaches of personally
identifiable information. Routine uses D, E, H, I, and J have been
modified to provide additional clarification on external organizations
and circumstances where disclosures are proper and necessary to
facilitate training functions or to comply with Federal requirements.
Routine use G was modified to further clarify disclosures to the
Department of Justice or other Federal agencies when necessary in
relation to litigation or judicial proceedings.
DOI is proposing to add new routine uses K through S to facilitate
sharing of information with agencies and organizations to ensure the
efficient and effective management of training for employees, promote
the integrity of the records in the system, or carry out a statutory
responsibility of the DOI or the Federal Government. Proposed routine
use K facilitates sharing of information with the Executive Office of
the President to resolve issues concerning individual's records.
Routine use L allows DOI to refer matters to the appropriate Federal,
state, local, or foreign agencies, or other public authority agencies
responsible for investigating or prosecuting violations of law. Routine
use M facilitates sharing with other government and tribal
organizations pursuant to a court order or discovery request. Modified
routine use N and proposed routine use O allow DOI to share information
with appropriate Federal agencies or entities when reasonably necessary
to respond to a breach of personally identifiable information and to
prevent, minimize, or remedy the risk of harm to individuals or the
Federal Government, or assist an agency in locating individuals
affected by a breach in accordance with OMB Memorandum M-17-12,
``Preparing for and Responding to a Breach of Personally Identifiable
Information.'' Routine use P facilitates sharing of privacy information
with OMB as required under OMB Circular A-19, ``Legislative
Coordination and Clearance.'' Routine use Q allows DOI to share
information with the Department of the Treasury to recover debts owed
to the United States. Routine use R allows DOI to disclose information
to the news media and the public when there is a legitimate public
interest in the information, or to demonstrate accountability or ensure
effective Government functions. Routine use S allows DOI to share
information with the Office of Personnel Management to maintain
integrity of employee training records and provide training reports to
meet Federal training requirements.
II. Privacy Act
The Privacy Act of 1974, as amended, embodies fair information
practice principles in a statutory framework governing the means by
which Federal agencies collect, maintain, use, and disseminate
individuals' records. The Privacy Act applies to records about
individuals that are maintained in a ``system of records.'' A ``system
of records'' is a group of any records under the control of an agency
from which information is retrieved by the name of an individual or by
some identifying number, symbol, or other identifying particular
assigned to the individual. The Privacy Act defines an individual as a
United States citizen or an alien lawfully admitted for permanent
residence. Individuals may request access to their own records that are
maintained in a system of records in the possession or under the
control of DOI by complying with DOI Privacy Act regulations at 43 CFR
part 2, subpart K, and following the procedures outlined in the Records
Access, Contesting Record, and Notification Procedures sections of this
notice.
The Privacy Act requires each agency to publish in the Federal
Register a description denoting the existence and character of each
system of records that the agency maintains and the routine uses of
each system. The revised DOI
[[Page 50684]]
learning management system of records notice is published in its
entirety below. In accordance with 5 U.S.C. 552a(r), DOI has provided a
report of this system of records to the Office of Management and Budget
and to Congress.
III. Public Participation
You should be aware your entire comment including your personal
identifying information, such as your address, phone number, email
address, or any other personal identifying information in your comment,
may be made publicly available at any time. While you may request to
withhold your personal identifying information from public review, we
cannot guarantee we will be able to do so.
Teri Barnett,
Departmental Privacy Officer.
SYSTEM NAME AND NUMBER:
INTERIOR/DOI-16, Learning Management System.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
(1) Department-wide training records are centrally managed by the
Office of Policy, Management and Budget, Chief Human Capital Office,
and are maintained in the Department's learning management system
located at a DOI-controlled datacenter at U.S. Department of the
Interior, 7301 W Mansfield Avenue, Denver, CO 80235.
(2) Records are also located in DOI bureau and office facilities,
systems, and portals that manage or sponsor training and educational
programs.
SYSTEM MANAGER(S):
(1) Chief Learning Officer, Office of the Secretary, Department of
the Interior, Main Interior Building, 1849 C Street NW, Washington, DC
20240.
(2) Bureau and Office Learning Managers responsible for managing
training, educational and learning programs. A current list of the
Learning Managers and their addresses is available on the DOI Learn
Bureau Contact website at https://www.doi.gov/doilearn/datastewards/.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 4101, et seq., Government Organization and Employee
Training; 5 U.S.C. 1302, 2951, 4118, 4506, 3101; 43 U.S.C. 1457; Title
VI of the Civil Rights Act of 1964 as amended (42 U.S.C. 2000d);
Executive Order 11348, Providing for Further Training of Government
Employees, as amended by Executive Order 12107, Relating to Civil
Service Commission and Labor Management in Federal Service; 5 CFR 410,
Subpart C, Establishing and Implementing Training Programs; Americans
with Disabilities Act (42 U.S.C. 12101); and the E-Government Act of
2002 (44 U.S.C. 3501, et seq.).
PURPOSE(S) OF THE SYSTEM:
The primary purposes of the system are to: (1) Manage training and
learning programs; (2) plan and facilitate training courses including
outreach, registration, enrollment and payment; (3) maintain and
validate training records for certification and mandatory compliance
reporting; (4) meet Federal training statistical reporting
requirements; (5) maintain class rosters and transcripts for course
administrators, students and learners; and (6) generate budget
estimates for training requirements.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
DOI employees, contractors, interns, emergency workers, volunteers
and appointees who receive training related to their official duties,
whether or not sponsored by DOI bureaus and offices. Non-DOI
individuals who participate in DOI-sponsored training and educational
programs, or participate in DOI-sponsored meetings and activities
related to training and educational programs. Non-DOI individuals may
include individuals from other Federal, state or local agencies,
private or not-for-profit organizations, universities and other
schools, and members of the public.
CATEGORIES OF RECORDS IN THE SYSTEM:
Training, educational and learning management records may include
course registration, attendance rosters, and course information
including course title, class name, objectives, description, and who
should attend; class status information including begin and end dates,
responsible class instructor, completion status and certification
requirements; student transcripts (course(s) completed/not completed,
test scores, acquired skills); and correspondence, reports and
documentation related to training, education and learning management
programs. These records may contain: Name, Social Security number,
employee common identifier generated from the DOI Federal Personnel and
Payroll System (FPPS), login username, password, agency or organization
affiliation, work or personal address, work or personal phone and fax
number, work or personal email address, gender, date of birth,
organization code, position title, occupational series, pay plan, grade
level, supervisory status, type of appointment, education level, duty
station code, agency, bureau, office, organization, supervisor's name
and phone number, date of Federal service, date of organization or
position assignment, date of last promotion, occupational category,
race, national origin, and adjusted basic pay. Records may also include
billing information such as responsible agency, tax identifier number,
DUNS number, purchase order numbers, agency location codes and credit
card information. Records maintained on non-DOI individuals is
generally limited to name, agency or organization affiliation, address,
work and personal phone and fax numbers, work and personal email
addresses, supervisor name and contact information, position title,
occupational series, and billing information.
RECORD SOURCE CATEGORIES:
Information on DOI employees is obtained directly from individuals
on whom the records are maintained, supervisors, or existing DOI
records. Historical employee training records may be obtained from
other DOI learning management systems. Information from non-DOI
individuals who register or participate in DOI-sponsored training
programs is obtained from individuals through paper and electronic
forms. Information may also be obtained by another agency, institution
or organization that sponsored the training event.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DOI as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To release statistical information and training reports to other
organizations who are involved with the training.
B. To disclose information to other Government training facilities
(Federal, state, and local) and to non-Government training facilities
(private vendors of training courses or programs, private schools,
etc.) for training purposes.
C. To provide transcript information to education institutions upon
the student's request in order to facilitate transfer of credit to that
institution, and to provide college and university officials with
information about their students working in the Pathways
[[Page 50685]]
Program, Volunteer Service, or other similar programs necessary to a
student's obtaining credit for the experience.
D. To Federal, state, territorial, local, tribal, or foreign
agencies that have requested information relevant or necessary to the
hiring, firing or retention of an employee or contractor, or the
issuance of a security clearance, license, contract, grant or other
benefit, when the disclosure is compatible with the purpose for which
the records were compiled.
E. To an expert, consultant, grantee, or contractor (including
employees of the contractor) of DOI that performs services requiring
access to these records on DOI's behalf to carry out the purposes of
the system.
F. To share logistical or attendance information with partner
agencies (Government or non-Government) who, based on cooperative
training agreements, have a need to know.
G. To the Department of Justice (DOJ), including Offices of the
U.S. Attorneys, or other Federal agency conducting litigation or in
proceedings before any court, adjudicative, or administrative body,
when it is relevant or necessary to the litigation and one of the
following is a party to the litigation or has an interest in such
litigation:
(1) DOI or any component of DOI;
(2) Any other Federal agency appearing before the Office of
Hearings and Appeals;
(3) Any DOI employee or former employee acting in his or her
official capacity;
(4) Any DOI employee or former employee acting in his or her
individual capacity when DOI or DOJ has agreed to represent that
employee or pay for private representation of the employee; or
(5) The United States Government or any agency thereof, when DOJ
determines that DOI is likely to be affected by the proceeding.
H. To a congressional office when requesting information on behalf
of, and at the request of, the individual who is the subject of the
record.
I. To an official of another Federal, state or local government or
Tribal organization to provide information needed in the performance of
official duties related to reconciling or reconstructing data files, in
support of the functions for which the records were collected and
maintained, or to enable that agency to respond to an inquiry by the
individual to whom the record pertains.
J. To representatives of the National Archives and Records
Administration (NARA) to conduct records management inspections under
the authority of 44 U.S.C. 2904 and 2906.
K. To the Executive Office of the President in response to an
inquiry from that office made at the request of the subject of a record
or a third party on that person's behalf, or for a purpose compatible
with the reason for which the records are collected or maintained.
L. To any criminal, civil, or regulatory law enforcement authority
(whether Federal, state, territorial, local, tribal or foreign) when a
record, either alone or in conjunction with other information,
indicates a violation or potential violation of law--criminal, civil,
or regulatory in nature, and the disclosure is compatible with the
purpose for which the records were compiled.
M. To state, territorial and local governments and tribal
organizations to provide information needed in response to court order
and/or discovery purposes related to litigation, when the disclosure is
compatible with the purpose for which the records were compiled.
N. To appropriate agencies, entities, and persons when:
(1) DOI suspects or has confirmed that there has been a breach of
the system of records;
(2) DOI has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, DOI (including
its information systems, programs, and operations), the Federal
Government, or national security; and
(3) the disclosure made to such agencies, entities and persons is
reasonably necessary to assist in connection with DOI's efforts to
respond to the suspected or confirmed breach or to prevent, minimize,
or remedy such harm.
O. To another Federal agency or Federal entity, when DOI determines
that information from this system of records is reasonably necessary to
assist the recipient agency or entity in:
(1) responding to a suspected or confirmed breach; or
(2) preventing, minimizing, or remedying the risk of harm to
individuals, the recipient agency or entity (including its information
systems, programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
P. To the Office of Management and Budget (OMB) during the
coordination and clearance process in connection with legislative
affairs as mandated by OMB Circular A-19.
Q. To the Department of the Treasury to recover debts owed to the
United States.
R. To the news media and the public, with the approval of the
Public Affairs Officer in consultation with counsel and the Senior
Agency Official for Privacy, where there exists a legitimate public
interest in the disclosure of the information, except to the extent it
is determined that release of the specific information in the context
of a particular case would constitute an unwarranted invasion of
personal privacy.
S. To the Office of Personnel Management to disclose information on
employee general training, including recommendations and completion,
specialized training obtained, participation in government-sponsored
training, or training history as required to provide workforce
information for official personnel files.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
Pursuant to 5 U.S.C. 552a(b)(12), records may be disclosed to
consumer reporting agencies as they are defined in the Fair Credit
Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act
of 1966 (31 U.S.C. 3701(a)(3)).
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in systems, databases, electronic media on hard
disks, magnetic tapes, compact disks and paper media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information from this system is retrieved by either unique
identifying fields (e.g., student name or email address) or by general
category (e.g., course code, training location, class start date,
registration date, affiliation, mandatory training compliance and
payment status).
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
DOI training records are maintained under Department Records
Schedule (DRS)--1.2.0004, Short-Term Human Resources Records (DAA-0048-
2013-0001-0004) and DRS -1.2.0005, Long-term Human Resources Records
(DAA-0048-2013-0001-0005), which were approved by NARA. General
employee training records and working files have a temporary
disposition authority and are maintained for three years. Records will
be cut off at the end of fiscal year in which files are closed, and the
records will be destroyed 3 years after cut-off. Employee performance
and competency management records maintained under DRS 1.2.0005 have a
longer retention period. The records
[[Page 50686]]
disposition is temporary, and records will be cut off at the end of the
fiscal year in which the record is created. Contractor data will be cut
off when the contractor separates or is no longer employed by the
agency. Records must be retained 7 years after cut-off.
Training records related to specialized program areas may be
covered under other approved records retention schedules based on the
program or mission area and agency needs. Retention periods may vary
based on the training program or subject matter, and longer retention
is authorized for specific training programs when it is necessary to
support business use or to meet Federal records requirements. Approved
destruction methods for temporary records that have met their retention
period include shredding or pulping paper records, and erasing or
degaussing electronic records in accordance with 384 Departmental
Manual 1 and NARA guidelines.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The records maintained in this system are safeguarded in accordance
with 43 CFR 2.226 and other applicable security rules and policies.
During normal hours of operation, paper or micro format records are
maintained in locked file cabinets in secured rooms under the control
of authorized personnel. Information technology systems follow the
National Institute of Standards and Technology privacy and security
standards developed to comply with the Privacy Act of 1974 as amended,
5 U.S.C. 552a; the Paperwork Reduction Act of 1995, Public Law 104-13;
the Federal Information Security Modernization Act of 2014, Public Law
113-283, as codified at 44 U.S.C. 3551, et seq.; and the Federal
Information Processing Standard 199, Standards for Security
Categorization of Federal Information and Information Systems.
Computer servers on which electronic records are stored are located
in secured DOI facilities with physical, technical and administrative
levels of security to prevent unauthorized access to the DOI network
and information assets. Security controls include encryption,
firewalls, audit logs, and network system security monitoring.
Electronic data is protected through user identification, passwords,
database permissions and software controls. Access to records in the
system is limited to authorized personnel who have a need to access the
records in the performance of their official duties, and each person's
access is restricted to only the functions and data necessary to
perform that person's job responsibilities. System administrators and
authorized users for DOI are trained and required to follow established
internal security protocols and must complete all security, privacy,
and records management training, and sign DOI Rules of Behavior.
Computerized records systems follow the National Institute of
Standards and Technology privacy and security standards as developed to
comply with the Privacy Act of 1974, 5 U.S.C. 552a; Paperwork Reduction
Act of 1995, 44 U.S.C. 3501-3521; Federal Information Security
Modernization Act of 2014, 44 U.S.C. 3551-3558; and the Federal
Information Processing Standards 199: Standards for Security
Categorization of Federal Information and Information Systems. Security
controls include user identification, passwords, database permissions,
encryption, firewalls, audit logs, and network system security
monitoring, and software controls. A privacy impact assessment was
conducted on DOI's learning management system to ensure that Privacy
Act requirements are met and appropriate privacy controls were
implemented to safeguard personally identifiable information.
RECORD ACCESS PROCEDURES:
An individual requesting records on himself or herself should send
a signed, written inquiry to the System Manager as identified above.
The request must include the specific bureau or office that maintains
the record to facilitate location of the applicable records. The
request envelope and letter should both be clearly marked ``PRIVACY ACT
REQUEST FOR ACCESS.'' A request for access must meet the requirements
of 43 CFR 2.238.
CONTESTING RECORD PROCEDURES:
An individual requesting corrections or the removal of material
from his or her records should send a signed, written request to the
System Manager as identified above. The request must include the
specific bureau or office that maintains the record to facilitate
location of the applicable records. A request for corrections or
removal must meet the requirements of 43 CFR 2.246.
NOTIFICATION PROCEDURES:
An individual requesting notification of the existence of records
on himself or herself should send a signed, written inquiry to the
System Manager as identified above. The request must include the
specific bureau or office that maintains the record to facilitate
location of the applicable records. The request envelope and letter
should both be clearly marked ``PRIVACY ACT INQUIRY.'' A request for
notification must meet the requirements of 43 CFR 2.235.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
70 FR 58230 (October 5, 2005); modification published at 73 FR 8342
(February 13, 2008).
[FR Doc. 2018-21796 Filed 10-5-18; 8:45 am]
BILLING CODE 4334-63-P
