Privacy Act of 1974; System of Records, 61395-61398 [2018-25970]

Download as PDF Federal Register / Vol. 83, No. 230 / Thursday, November 29, 2018 / Notices Michael Griffin—Chief of Staff, NEA Ann Eilers—Deputy Chairman for Management & Budget, NEA Sunil Iyengar—Director, Research & Analysis, NEA Jeanette Duncan—Chief Information Officer, NEA Tony Chauveaux—Deputy Chairman for Programs & Partnerships, NEA Adam Wolfson—Assistant Chairman for Programs, NEH Nancy Weiss—General Counsel, IMLS Dated: November 26, 2018. Gregory Gendron, Director of Administrative Services, National Endowment for the Arts. [FR Doc. 2018–25967 Filed 11–28–18; 8:45 am] BILLING CODE P OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE Privacy Act of 1974; System of Records Office of the Director of National Intelligence (ODNI). ACTION: Notice of a new system of records. AGENCY: ODNI provides notice that it is establishing one new Privacy Act system of records at the National Counterintelligence and Security Center (NCSC). This new system of records is titled the NCSC Continuous Evaluation System, also identified as ODNI/NCSC– 003. This notice is necessary to inform the public of the existence and character of records that the agency maintains. Continuous Evaluation (CE) is a personnel security investigative process used to review the continued eligibility of individuals who have been determined eligible for access to classified information or to hold a sensitive position. Individuals subject to CE include current Executive Branch employees, detailees, contractors, and other sponsored individuals who are cleared for access to classified information or to hold a sensitive position. The Departments and Agencies (D/As) that sponsor these individuals for access to classified information or to hold a sensitive position ‘‘enroll’’ the individuals (enrollees) for CE by electronically entering their identifying information into a technical system that carries out the CE capability. All D/As are required to submit their qualifying populations to CE. D/As may choose to develop a technical CE system of their own, or subscribe to CE services provided by another agency. The ODNI/ NCSC will provide CE services to subscribing agencies. The NCSC CE System leverages electronic checks of khammond on DSK30JT082PROD with NOTICES SUMMARY: VerDate Sep<11>2014 16:42 Nov 28, 2018 Jkt 247001 government and commercial databases and, based on automated business rules, transmits alerts and reports to the enrolling D/A. Datasets queried in the CE process are those that contain security-relevant information, e.g., government-owned financial, law enforcement, terrorism, foreign travel, and current clearance status information. Credit data and commercially-obtained aggregated data also is utilized. On receipt of the electronic prompt, the personnel security function at the enrolling agency verifies that the alert or report received pertains to the enrollee (the subject of the electronic queries). Where the agency verifies that the alert or report pertains to the enrollee, appropriate personnel security officials review the nature of the alert or report to determine the need for further investigation, as dictated by Federal Investigative Standards requirements. Information obtained through the follow-on investigation is considered in adjudicating the enrollee’s continued eligibility for access to classified information or to hold a sensitive position. The NCSC CE System retains the enrollment information (personal identifiers as provided by the enrolling D/A) in order to facilitate ongoing CE checks. The system does not retain the records returned from the electronic database queries beyond the time needed to ensure proper electronic delivery to the enrolling agency. Data necessary to implement CE business rules, to perform program assessments, and to satisfy auditing requirements will be retained. D/As conducting CE will adhere to the principles articulated in the Security Executive Agent Directive (SEAD) relating to CE (i.e., SEAD 6). A SEAD provides high level guidance and instruction for the conduct of a personnel security process. SEAD 6 establishes policy and requirements specifically related to CE. DATES: This System of Records will go into effect on December 31, 2018, unless comments are received that result in a contrary determination. ADDRESSES: You may submit comments by any of the following methods: Federal eRulemaking Portal: http:// www.regulations.gov. Email: transparency@dni.gov. Mail: Director, Information Management Division, Strategy & Engagement, ODNI, Washington, DC 20511. FOR FURTHER INFORMATION CONTACT: Director, Information Management Division, Strategy & Engagement, Office PO 00000 Frm 00023 Fmt 4703 Sfmt 4703 61395 of the Director of National Intelligence, at the addresses provided above. SUPPLEMENTARY INFORMATION: The NCSC CE System implements the requirements of Executive Orders 12968, as amended (Access to Classified Information) and 13467, as amended, (Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information). To protect classified and sensitive personnel or law enforcement information covered by this new system of records, the Director of National Intelligence (DNI) is proposing to exempt this system from certain requirements of the Privacy Act where necessary, as permitted by law. Accordingly, as required by the Privacy Act, a proposed rule is being published concurrently with this notice seeking public comment regarding exemptions claimed for this system. By previously established rule, the DNI may exercise derivative exemption authority by preserving the exempt status of records received from providing agencies when the reason for the exemption remains valid. See 32 CFR part 1701.20 (a)(2) (73 FR 16531, 16537). SYSTEM NAME AND NUMBER: Continuous Evaluation Records (ODNI/NCSC–003). SECURITY CLASSIFICATION: The classification of records in this system ranges from UNCLASSIFIED to TOP SECRET. SYSTEM LOCATION: National Counterintelligence and Security Center, Office of the Director of National Intelligence, Washington, DC 20511. SYSTEM MANAGER(S): Assistant Director, Special Security Directorate, ODNI/NCSC, Washington, DC 20511. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: The Intelligence Reform and Terrorism Prevention Act of 2004, Public Law 108–458, 118 Stat. 3638 (Dec. 17, 2004); the National Security Act of 1947, as amended, 50 U.S.C. 3023 et seq.; the Counterintelligence Enhancement Act of 2002, as amended, 50 U.S.C. 3382; Executive Order 12333, 46 FR 59941 (1981), as amended by Executive Order 13284, 68 FR 4075 (2003), Executive Order 13355, 69 FR 53593 (2004), and Executive Order 13470, 73 FR 45325 (2008); Executive Order 13488, 74 FR 4111 (2009), as amended by Executive Order 13764, 82 E:\FR\FM\29NON1.SGM 29NON1 61396 Federal Register / Vol. 83, No. 230 / Thursday, November 29, 2018 / Notices FR 8115 (2017); Executive Order 13549, 75 FR 51609 (2010); Executive Order 12968, 60 FR 40245 (1995), as amended by Executive Order 13467, 73 FR 38103 (2008), and Executive Order 13764, 82 FR 8115 (2017); Executive Order 13467, as amended by Executive Order 13764 82 FR 8115 (2017). PURPOSE(S) OF THE SYSTEM: Records in this system of records are collected for the purpose of electronically comparing enrollee identifying data against specified U.S. Government (financial, law enforcement, terrorism, foreign travel, and clearance status) databases and credit and commercial databases. The comparison serves to identify securityrelevant conduct, practices, activities, or incidents that personnel security professionals can use, consistent with the Federal Investigative Standards, to determine an enrollee’s continued eligibility for access to classified information or to hold a sensitive position. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Executive Branch employees, detailees, contractors, and other sponsored individuals who have been determined to be eligible for access to classified information or eligible to hold a sensitive position. CATEGORIES OF RECORDS IN THE SYSTEM: This system maintains (i) biographic enrollment data including name, date and place of birth, fingerprints, social security number, gender, current address, other first or last names, prior address(es), personal email address(es) and phone numbers, passport information, employment type (contractor/government) or other status, and; (ii) data returned from or about the automated record checks conducted against current clearance status information and against financial, law enforcement, credit, terrorism, foreign travel, and commercial databases. khammond on DSK30JT082PROD with NOTICES RECORD SOURCE CATEGORIES: Record source categories include government-owned financial, law enforcement, terrorism, foreign travel databases, and current clearance status information, as well as credit and commercial entities, and providers of aggregated public source data. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES: The following routine uses, which have programmatic, law enforcement, or oversight purposes, apply to this system of records: VerDate Sep<11>2014 16:42 Nov 28, 2018 Jkt 247001 (i) Except as noted on Standard Forms 85 and 86 and supplemental forms thereto (questionnaires for employment in, respectively, ‘‘non-sensitive’’ and ‘‘national security’’ positions within the Federal Government), a record that on its face or in conjunction with other information indicates or relates to a violation or potential violation of law, whether civil, criminal, administrative, or regulatory in nature, and whether arising by general statute, particular program statute, regulation, rule, or order issued pursuant thereto, may be disclosed as a routine use to an appropriate federal, state, territorial, tribal, local law enforcement authority, foreign government, or international law enforcement authority, or to an appropriate regulatory body charged with investigating, enforcing, or prosecuting such violations; (ii) A record from a system of records maintained by the ODNI may be disclosed as a routine use to representatives of another IC entity addressing intelligence equities in the context of a legislative proceding or hearing when ODNI interests are implicated, and the record is relevant and necessary to the matter. (iii) A record from a system of records maintained by the ODNI may be disclosed as a routine use in a proceeding before a court or adjudicative body when any of the following is a party to litigation or has an interest in such litigation, and the ODNI, Office of General Counsel, determines that use of such records is relevant and necessary to the litigation: The ODNI; any staff of the ODNI in his or her official capacity; any staff of the ODNI in his or her individual capacity where the Department of Justice has agreed to represent the staff or has agreed to provide counsel at government expense; or the United States or another federal agency, where the ODNI, Office of General Counsel, determines that litigation is likely to affect the ODNI; (iv) A record from this system of records may be disclosed to the Department of Justice when (a) the ODNI, or any component thereof; or (b) any employee of the ODNI in his or her official capacity; or (c) any employee of the ODNI in his or her individual capacity where the Department of Justice has agreed to represent the employee; or (d) the United States, where the ODNI determines that litigation is likely to affect the agency, or any of its components, is a party to litigation or has an interest in such litigation, and the use of such records by the Department of Justice is deemed by the agency to be relevant and necessary to the litigation provided, however, that PO 00000 Frm 00024 Fmt 4703 Sfmt 4703 in each case, the agency determines that disclosure of the records to the Department of Justice is a use of the information contained in the records that is compatible with the purpose for which the records were collected. (v) A record from a system of records maintained by the ODNI may be disclosed as a routine use to representatives of the Department of Justice and other U.S. Government entities, to the extent necessary to obtain advice on any matter within the official responsibilities of such representatives, and the responsibilities of the ODNI; (vi) A record from a system of records maintained by the ODNI may be disclosed as a routine use to a federal, state, or local agency or other appropriate entities or individuals from which/whom information may be sought relevant to: A decision concerning the hiring or retention of an employee or other personnel action; the issuing or retention of a security clearance or special access, contract, grant, credential, or other benefit; or the conduct of an authorized investigation or inquiry, to the extent necessary to identify the individual, inform the source of the nature and purpose of the inquiry, and identify the type of information requested; (vii) A record from a system of records maintained by the ODNI may be disclosed as a routine use to any federal, state, local, tribal, or other public authority, or to a legitimate agency of a foreign government or international authority to the extent the record is relevant and necessary to the other entity’s decision regarding the hiring or retention of an employee or other personnel action; the issuing or retention of a security clearance or special access, contract, grant, license, or other benefit; or the conduct of an authorized inquiry or investigation; (viii) A record from a system of records maintained by the ODNI may be disclosed as a routine use to any agency, for authorized audit operations, and for meeting related reporting requirements, including disclosure to the National Archives and Records Administration for records management inspections and such other purposes conducted under the authority of 44 U.S.C. 2904 and 2906, or successor provisions; (ix) A record from a system of records maintained by the ODNI may be disclosed as a routine use to contractors, grantees, experts, consultants, or others when access to the record is necessary to perform the function or service for which they have been engaged by the ODNI; E:\FR\FM\29NON1.SGM 29NON1 khammond on DSK30JT082PROD with NOTICES Federal Register / Vol. 83, No. 230 / Thursday, November 29, 2018 / Notices (x) A record from a system of records maintained by the ODNI may be disclosed as a routine use to any federal agency that has provided employee enrollment data to the ODNI for purposes of conducting continuous evaluation when records obtained by ODNI are relevant to the enrolling agency’s adjudication of the employee’s continued eligibility for access to classified information or to hold a sensitive position. (xi) A record from a system of records maintained by the ODNI may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) ODNI suspects or has confirmed that there has been a breach of the system of records; (2) ODNI has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, ODNI (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department’s efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. (xii) A record from a system of records maintained by the ODNI may be disclosed as a routine use to another federal agency or federal entity, when the ODNI determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. (xiii) A record from a system of records maintained by the ODNI may be disclosed as a routine use to a federal, state, local, tribal, territorial, foreign, or multinational agency or entity or to any other appropriate entity or individual for any of the following purposes: To provide notification of a serious terrorist threat for the purpose of guarding against or responding to such threat; to assist in coordination of terrorist threat awareness, assessment, analysis, or response; or to assist the recipient in performing authorized responsibilities relating to terrorism or counterterrorism; (xiv) A record from a system of records maintained by the ODNI may be disclosed as a routine use for the purpose of conducting or supporting authorized counterintelligence activities as defined by section 3003(3) of the VerDate Sep<11>2014 16:42 Nov 28, 2018 Jkt 247001 National Security Act of 1947, as amended, to elements of the Intelligence Community, as defined by section 3003(4) of the National Security Act of 1947, as amended; to the head of any federal agency or department; and to selected counterintelligence officers within the Federal Government; and (xv) A record from a system of records maintained by the ODNI may be disclosed as a routine use to a federal, state, local, tribal, territorial, foreign, or multinational government agency or entity, or to other authorized entities or individuals, but only if such disclosure is undertaken in furtherance of responsibilities conferred by, and in a manner consistent with, the National Security Act of 1947, as amended; the Counterintelligence Enhancement Act of 2002, as amended; Executive Order 12333 or any successor order together with its implementing procedures approved by the Attorney General; and other provisions of law, Executive Order or directive relating to national intelligence, or otherwise applicable to the ODNI. This routine use is not intended to supplant the other routine uses published by the ODNI. POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Electronic records are stored in secure file-servers located in governmentmanaged facilities or in governmentleased private cloud-based systems. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: The records in this system are retrieved by name, social security number, or other unique identifier. Information may be retrieved from this system of records by automated capabilities utilized in the normal course of business. All searches of this system of records are performed by authorized Executive Branch security personnel. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Pursuant to 44 U.S.C. 3303a(d) and 36 CFR Chapter 12, Subchapter B—Records Management, CE records are covered by the National Archives and Records Administration (NARA) General Records Schedule (GRS) 5.6, Security records, Items 170 through 181, and will be retained and disposed of according to those provisions. Biographic data and data about protecting and accessing information will be retained consistent with the Privacy Act of 1974, 5 U.S.C. 552a, and GRS 4.2, Information Access and Protection Records. Records about security data and information systems are listed in GRS 3.2, Information Systems Security Records. PO 00000 Frm 00025 Fmt 4703 Sfmt 4703 61397 ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: Information in this system is safeguarded in accordance with recommended and/or prescribed administrative, physical, and technical safeguards. Records are maintained in secure government-owned or leased facilities with access limited to authorized personnel. Physical security protections include guards and locked facilities requiring badges and passwords for access. Records are accessed only by current governmentauthorized personnel whose official duties require access to the records. Electronic authorization and authentication of users is required at all points before any system information can be accessed. Communications are encrypted where required and other safeguards are in place to monitor and audit access, and to detect intrusions. System backup is maintained separately. RECORD ACCESS PROCEDURES: As specified below, records in this system have been exempted from certain notification, access, and amendment procedures. A request for access shall be made in writing with the envelope and letter clearly marked ‘‘Privacy Act Request.’’ Requesters shall provide their full name and complete address. The requester must sign the request and have it verified by a notary public. Alternately, the request may be submitted under 28 U.S.C. 1746, certifying the requester’s identity and understanding that obtaining a record under false pretenses constitutes a criminal offense. Requests for access to information must be addressed to the Director, Information Management Division, Strategy & Engagement, Office of the Director of National Intelligence, Washington, DC 20511. Regulations governing access to one’s records or for appealing an initial determination concerning access to records are contained in the ODNI regulation implementing the Privacy Act, 32 CFR part 1701 (73 FR 16531). CONTESTING RECORD PROCEDURES: As specified below, records in this system are exempt from certain notification, access, and amendment procedures. Individuals seeking to correct or amend non-exempt records should address their requests to the ODNI at the address and according to the requirements set forth above under the heading ‘‘Record Access Procedures.’’ Regulations governing access to and amendment of one’s records or for appealing an initial determination concerning access or E:\FR\FM\29NON1.SGM 29NON1 61398 Federal Register / Vol. 83, No. 230 / Thursday, November 29, 2018 / Notices amendment of records are contained in the ODNI regulation implementing the Privacy Act, 32 CFR part 1701 (73 FR 16531). NOTIFICATION PROCEDURES: As specified below, records in this system are exempt from certain notification, access, and amendment procedures. Individuals seeking to learn whether this system contains nonexempt information about them should address inquiries to the ODNI at the address and according to the requirements set forth above under the heading ‘‘Record Access Procedures.’’ EXEMPTIONS PROMULGATED FOR THE SYSTEM: The Privacy Act authorizes ODNI to exempt records contained in this system of records from the requirements of subsections (c)(3); (d)(1), (d)(2), (d)(3), (d)(4); (e)(1); (e)(4)(G), (H), (I); and (f) of the Privacy Act pursuant to 5 U.S.C. 552a(k)(1), (k)(2) and (k)(5). In addition, pursuant to published rule, ODNI may derivatively exempt records from other agencies in this system from the requirements of the subsections listed above, as well as subsections (c)(4); (e)(2), (e)(3), (e)(5), (e)(8), (e)(12); and (g) of the Privacy Act consistent with any exemptions claimed under 5 U.S.C. 552a(j) or (k) by the originator of the record, provided the reason for the exemption remains valid and necessary. HISTORY: The ODNI/NCSC CE Records is a new system of records. No previously published ODNI system of records notice covers any aspect of continuous evaluation. In accordance with 5 U.S.C. 552(r), the ODNI has provided a report of this new system of records to the Office of Management and Budget and to Congress. Patricia Gaviria, Director, Information Management Division, Strategy & Engagement, Office of the Director of National Intelligence. [FR Doc. 2018–25970 Filed 11–28–18; 8:45 am] BILLING CODE 3910–79–P–P DEPARTMENT OF STATE khammond on DSK30JT082PROD with NOTICES [Public Notice 10615] 30-Day Notice of Proposed Information Collection: Iraqi Citizens and Nationals Employed by U.S. Federal Contractors and Grantees Notice of request for public comment and submission to OMB of proposed collection of information. ACTION: VerDate Sep<11>2014 16:42 Nov 28, 2018 Jkt 247001 The Department of State has submitted the information collection described below to the Office of Management and Budget (OMB) for approval. In accordance with the Paperwork Reduction Act of 1995 we are requesting comments on this collection from all interested individuals and organizations. The purpose of this Notice is to allow 30 days for public comment. DATES: Submit comments directly to the Office of Management and Budget (OMB) up to December 31, 2018. ADDRESSES: Direct comments to the Department of State Desk Officer in the Office of Information and Regulatory Affairs at the Office of Management and Budget (OMB). You may submit comments by the following methods: • Email: oira_submission@ omb.eop.gov. You must include the DS form number, information collection title, and the OMB control number in the subject line of your message. • Fax: 202–395–5806. Attention: Desk Officer for Department of State. FOR FURTHER INFORMATION CONTACT: Direct requests for additional information regarding the collection listed in this notice, including requests for copies of the proposed collection instrument and supporting documents, to Lea Rivera, PRM/Admissions, 2025 E Street NW, SA–9, 8th Floor, Washington, DC 20522–0908, who may be reached on 202.453.9255 or at riveralp@state.gov. SUPPLEMENTARY INFORMATION: • Title of Information Collection: Iraqi Citizens and Nationals Employed by Federal Contractors and Grantees. • OMB Control Number: 1405–0184. • Type of Request: Extension of a Currently Approved Collection. • Originating Office: PRM/A. • Form Number: DS–7655. • Respondents: Refugee applicants for the U.S. Refugee Admissions Program. • Estimated Number of Respondents: 50. • Estimated Number of Responses: 200. • Average Time per Response: 30 minutes. • Total Estimated Burden Time: 100 hours. • Frequency: On occasion. • Obligation to Respond: Required to Obtain or Retain a Benefit. We are soliciting public comments to permit the Department to: • Evaluate whether the proposed information collection is necessary for the proper functions of the Department. • Evaluate the accuracy of our estimate of the time and cost burden for this proposed collection, including the SUMMARY: PO 00000 Frm 00026 Fmt 4703 Sfmt 4703 validity of the methodology and assumptions used. • Enhance the quality, utility, and clarity of the information to be collected. • Minimize the reporting burden on those who are to respond, including the use of automated collection techniques or other forms of information technology. Please note that comments submitted in response to this Notice are public record. Before including any detailed personal information, you should be aware that your comments as submitted, including your personal information, will be available for public review. Abstract of Proposed Collection The information requested will be used to verify the employment of Iraqi citizens and nationals for the processing and adjudication of other refugee, asylum, special immigrant visa, and other immigration claims and applications. Methodology The method for the collection of information will be via electronic submission. The format for compiling the information will be the Department of State’s myData application. Contracting officers and Grants officers will distribute the DS–7655 by email to contractors, grantees and cooperative agreement partners under their authority. Respondents complete the form, and email it to their Contracting Officers or Grant Officers. Kelly Gauger, Deputy Director, Office of Admissions, Bureau of Population, Refugees and Migration, Department of State. [FR Doc. 2018–25889 Filed 11–28–18; 8:45 am] BILLING CODE 4710–33–P DEPARTMENT OF STATE [Public Notice 10606] 30-Day Notice of Proposed Information Collection: Nonimmigrant Treaty Trader/Investor Application Notice of request for public comment and submission to OMB of proposed collection of information. ACTION: The Department of State has submitted the information collection described below to the Office of Management and Budget (OMB) for approval. In accordance with the Paperwork Reduction Act of 1995 we are requesting comments on this collection from all interested individuals and organizations. The SUMMARY: E:\FR\FM\29NON1.SGM 29NON1

Agencies

[Federal Register Volume 83, Number 230 (Thursday, November 29, 2018)]
[Notices]
[Pages 61395-61398]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-25970]


=======================================================================
-----------------------------------------------------------------------

OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE


Privacy Act of 1974; System of Records

AGENCY: Office of the Director of National Intelligence (ODNI).

ACTION: Notice of a new system of records.

-----------------------------------------------------------------------

SUMMARY: ODNI provides notice that it is establishing one new Privacy 
Act system of records at the National Counterintelligence and Security 
Center (NCSC). This new system of records is titled the NCSC Continuous 
Evaluation System, also identified as ODNI/NCSC-003. This notice is 
necessary to inform the public of the existence and character of 
records that the agency maintains.
    Continuous Evaluation (CE) is a personnel security investigative 
process used to review the continued eligibility of individuals who 
have been determined eligible for access to classified information or 
to hold a sensitive position. Individuals subject to CE include current 
Executive Branch employees, detailees, contractors, and other sponsored 
individuals who are cleared for access to classified information or to 
hold a sensitive position. The Departments and Agencies (D/As) that 
sponsor these individuals for access to classified information or to 
hold a sensitive position ``enroll'' the individuals (enrollees) for CE 
by electronically entering their identifying information into a 
technical system that carries out the CE capability.
    All D/As are required to submit their qualifying populations to CE. 
D/As may choose to develop a technical CE system of their own, or 
subscribe to CE services provided by another agency. The ODNI/NCSC will 
provide CE services to subscribing agencies. The NCSC CE System 
leverages electronic checks of government and commercial databases and, 
based on automated business rules, transmits alerts and reports to the 
enrolling D/A. Datasets queried in the CE process are those that 
contain security-relevant information, e.g., government-owned 
financial, law enforcement, terrorism, foreign travel, and current 
clearance status information. Credit data and commercially-obtained 
aggregated data also is utilized. On receipt of the electronic prompt, 
the personnel security function at the enrolling agency verifies that 
the alert or report received pertains to the enrollee (the subject of 
the electronic queries). Where the agency verifies that the alert or 
report pertains to the enrollee, appropriate personnel security 
officials review the nature of the alert or report to determine the 
need for further investigation, as dictated by Federal Investigative 
Standards requirements. Information obtained through the follow-on 
investigation is considered in adjudicating the enrollee's continued 
eligibility for access to classified information or to hold a sensitive 
position.
    The NCSC CE System retains the enrollment information (personal 
identifiers as provided by the enrolling D/A) in order to facilitate 
ongoing CE checks. The system does not retain the records returned from 
the electronic database queries beyond the time needed to ensure proper 
electronic delivery to the enrolling agency. Data necessary to 
implement CE business rules, to perform program assessments, and to 
satisfy auditing requirements will be retained.
    D/As conducting CE will adhere to the principles articulated in the 
Security Executive Agent Directive (SEAD) relating to CE (i.e., SEAD 
6). A SEAD provides high level guidance and instruction for the conduct 
of a personnel security process. SEAD 6 establishes policy and 
requirements specifically related to CE.

DATES: This System of Records will go into effect on December 31, 2018, 
unless comments are received that result in a contrary determination.

ADDRESSES: You may submit comments by any of the following methods:
    Federal eRulemaking Portal: http://www.regulations.gov.
    Email: [email protected].
    Mail: Director, Information Management Division, Strategy & 
Engagement, ODNI, Washington, DC 20511.

FOR FURTHER INFORMATION CONTACT: Director, Information Management 
Division, Strategy & Engagement, Office of the Director of National 
Intelligence, at the addresses provided above.

SUPPLEMENTARY INFORMATION: The NCSC CE System implements the 
requirements of Executive Orders 12968, as amended (Access to 
Classified Information) and 13467, as amended, (Reforming Processes 
Related to Suitability for Government Employment, Fitness for 
Contractor Employees, and Eligibility for Access to Classified National 
Security Information).
    To protect classified and sensitive personnel or law enforcement 
information covered by this new system of records, the Director of 
National Intelligence (DNI) is proposing to exempt this system from 
certain requirements of the Privacy Act where necessary, as permitted 
by law. Accordingly, as required by the Privacy Act, a proposed rule is 
being published concurrently with this notice seeking public comment 
regarding exemptions claimed for this system. By previously established 
rule, the DNI may exercise derivative exemption authority by preserving 
the exempt status of records received from providing agencies when the 
reason for the exemption remains valid. See 32 CFR part 1701.20 (a)(2) 
(73 FR 16531, 16537).

SYSTEM NAME AND NUMBER:
    Continuous Evaluation Records (ODNI/NCSC-003).

SECURITY CLASSIFICATION:
    The classification of records in this system ranges from 
UNCLASSIFIED to TOP SECRET.

SYSTEM LOCATION:
    National Counterintelligence and Security Center, Office of the 
Director of National Intelligence, Washington, DC 20511.

SYSTEM MANAGER(S):
    Assistant Director, Special Security Directorate, ODNI/NCSC, 
Washington, DC 20511.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    The Intelligence Reform and Terrorism Prevention Act of 2004, 
Public Law 108-458, 118 Stat. 3638 (Dec. 17, 2004); the National 
Security Act of 1947, as amended, 50 U.S.C. 3023 et seq.; the 
Counterintelligence Enhancement Act of 2002, as amended, 50 U.S.C. 
3382; Executive Order 12333, 46 FR 59941 (1981), as amended by 
Executive Order 13284, 68 FR 4075 (2003), Executive Order 13355, 69 FR 
53593 (2004), and Executive Order 13470, 73 FR 45325 (2008); Executive 
Order 13488, 74 FR 4111 (2009), as amended by Executive Order 13764, 82

[[Page 61396]]

FR 8115 (2017); Executive Order 13549, 75 FR 51609 (2010); Executive 
Order 12968, 60 FR 40245 (1995), as amended by Executive Order 13467, 
73 FR 38103 (2008), and Executive Order 13764, 82 FR 8115 (2017); 
Executive Order 13467, as amended by Executive Order 13764 82 FR 8115 
(2017).

PURPOSE(S) OF THE SYSTEM:
    Records in this system of records are collected for the purpose of 
electronically comparing enrollee identifying data against specified 
U.S. Government (financial, law enforcement, terrorism, foreign travel, 
and clearance status) databases and credit and commercial databases. 
The comparison serves to identify security-relevant conduct, practices, 
activities, or incidents that personnel security professionals can use, 
consistent with the Federal Investigative Standards, to determine an 
enrollee's continued eligibility for access to classified information 
or to hold a sensitive position.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Executive Branch employees, detailees, contractors, and other 
sponsored individuals who have been determined to be eligible for 
access to classified information or eligible to hold a sensitive 
position.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system maintains (i) biographic enrollment data including 
name, date and place of birth, fingerprints, social security number, 
gender, current address, other first or last names, prior address(es), 
personal email address(es) and phone numbers, passport information, 
employment type (contractor/government) or other status, and; (ii) data 
returned from or about the automated record checks conducted against 
current clearance status information and against financial, law 
enforcement, credit, terrorism, foreign travel, and commercial 
databases.

RECORD SOURCE CATEGORIES:
    Record source categories include government-owned financial, law 
enforcement, terrorism, foreign travel databases, and current clearance 
status information, as well as credit and commercial entities, and 
providers of aggregated public source data.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    The following routine uses, which have programmatic, law 
enforcement, or oversight purposes, apply to this system of records:
    (i) Except as noted on Standard Forms 85 and 86 and supplemental 
forms thereto (questionnaires for employment in, respectively, ``non-
sensitive'' and ``national security'' positions within the Federal 
Government), a record that on its face or in conjunction with other 
information indicates or relates to a violation or potential violation 
of law, whether civil, criminal, administrative, or regulatory in 
nature, and whether arising by general statute, particular program 
statute, regulation, rule, or order issued pursuant thereto, may be 
disclosed as a routine use to an appropriate federal, state, 
territorial, tribal, local law enforcement authority, foreign 
government, or international law enforcement authority, or to an 
appropriate regulatory body charged with investigating, enforcing, or 
prosecuting such violations;
    (ii) A record from a system of records maintained by the ODNI may 
be disclosed as a routine use to representatives of another IC entity 
addressing intelligence equities in the context of a legislative 
proceding or hearing when ODNI interests are implicated, and the record 
is relevant and necessary to the matter.
    (iii) A record from a system of records maintained by the ODNI may 
be disclosed as a routine use in a proceeding before a court or 
adjudicative body when any of the following is a party to litigation or 
has an interest in such litigation, and the ODNI, Office of General 
Counsel, determines that use of such records is relevant and necessary 
to the litigation: The ODNI; any staff of the ODNI in his or her 
official capacity; any staff of the ODNI in his or her individual 
capacity where the Department of Justice has agreed to represent the 
staff or has agreed to provide counsel at government expense; or the 
United States or another federal agency, where the ODNI, Office of 
General Counsel, determines that litigation is likely to affect the 
ODNI;
    (iv) A record from this system of records may be disclosed to the 
Department of Justice when (a) the ODNI, or any component thereof; or 
(b) any employee of the ODNI in his or her official capacity; or (c) 
any employee of the ODNI in his or her individual capacity where the 
Department of Justice has agreed to represent the employee; or (d) the 
United States, where the ODNI determines that litigation is likely to 
affect the agency, or any of its components, is a party to litigation 
or has an interest in such litigation, and the use of such records by 
the Department of Justice is deemed by the agency to be relevant and 
necessary to the litigation provided, however, that in each case, the 
agency determines that disclosure of the records to the Department of 
Justice is a use of the information contained in the records that is 
compatible with the purpose for which the records were collected.
    (v) A record from a system of records maintained by the ODNI may be 
disclosed as a routine use to representatives of the Department of 
Justice and other U.S. Government entities, to the extent necessary to 
obtain advice on any matter within the official responsibilities of 
such representatives, and the responsibilities of the ODNI;
    (vi) A record from a system of records maintained by the ODNI may 
be disclosed as a routine use to a federal, state, or local agency or 
other appropriate entities or individuals from which/whom information 
may be sought relevant to: A decision concerning the hiring or 
retention of an employee or other personnel action; the issuing or 
retention of a security clearance or special access, contract, grant, 
credential, or other benefit; or the conduct of an authorized 
investigation or inquiry, to the extent necessary to identify the 
individual, inform the source of the nature and purpose of the inquiry, 
and identify the type of information requested;
    (vii) A record from a system of records maintained by the ODNI may 
be disclosed as a routine use to any federal, state, local, tribal, or 
other public authority, or to a legitimate agency of a foreign 
government or international authority to the extent the record is 
relevant and necessary to the other entity's decision regarding the 
hiring or retention of an employee or other personnel action; the 
issuing or retention of a security clearance or special access, 
contract, grant, license, or other benefit; or the conduct of an 
authorized inquiry or investigation;
    (viii) A record from a system of records maintained by the ODNI may 
be disclosed as a routine use to any agency, for authorized audit 
operations, and for meeting related reporting requirements, including 
disclosure to the National Archives and Records Administration for 
records management inspections and such other purposes conducted under 
the authority of 44 U.S.C. 2904 and 2906, or successor provisions;
    (ix) A record from a system of records maintained by the ODNI may 
be disclosed as a routine use to contractors, grantees, experts, 
consultants, or others when access to the record is necessary to 
perform the function or service for which they have been engaged by the 
ODNI;

[[Page 61397]]

    (x) A record from a system of records maintained by the ODNI may be 
disclosed as a routine use to any federal agency that has provided 
employee enrollment data to the ODNI for purposes of conducting 
continuous evaluation when records obtained by ODNI are relevant to the 
enrolling agency's adjudication of the employee's continued eligibility 
for access to classified information or to hold a sensitive position.
    (xi) A record from a system of records maintained by the ODNI may 
be disclosed as a routine use to appropriate agencies, entities, and 
persons when (1) ODNI suspects or has confirmed that there has been a 
breach of the system of records; (2) ODNI has determined that as a 
result of the suspected or confirmed breach there is a risk of harm to 
individuals, ODNI (including its information systems, programs, and 
operations), the Federal Government, or national security; and (3) the 
disclosure made to such agencies, entities, and persons is reasonably 
necessary to assist in connection with the Department's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    (xii) A record from a system of records maintained by the ODNI may 
be disclosed as a routine use to another federal agency or federal 
entity, when the ODNI determines that information from this system of 
records is reasonably necessary to assist the recipient agency or 
entity in (1) responding to a suspected or confirmed breach or (2) 
preventing, minimizing, or remedying the risk of harm to individuals, 
the recipient agency or entity (including its information systems, 
programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    (xiii) A record from a system of records maintained by the ODNI may 
be disclosed as a routine use to a federal, state, local, tribal, 
territorial, foreign, or multinational agency or entity or to any other 
appropriate entity or individual for any of the following purposes: To 
provide notification of a serious terrorist threat for the purpose of 
guarding against or responding to such threat; to assist in 
coordination of terrorist threat awareness, assessment, analysis, or 
response; or to assist the recipient in performing authorized 
responsibilities relating to terrorism or counterterrorism;
    (xiv) A record from a system of records maintained by the ODNI may 
be disclosed as a routine use for the purpose of conducting or 
supporting authorized counterintelligence activities as defined by 
section 3003(3) of the National Security Act of 1947, as amended, to 
elements of the Intelligence Community, as defined by section 3003(4) 
of the National Security Act of 1947, as amended; to the head of any 
federal agency or department; and to selected counterintelligence 
officers within the Federal Government; and
    (xv) A record from a system of records maintained by the ODNI may 
be disclosed as a routine use to a federal, state, local, tribal, 
territorial, foreign, or multinational government agency or entity, or 
to other authorized entities or individuals, but only if such 
disclosure is undertaken in furtherance of responsibilities conferred 
by, and in a manner consistent with, the National Security Act of 1947, 
as amended; the Counterintelligence Enhancement Act of 2002, as 
amended; Executive Order 12333 or any successor order together with its 
implementing procedures approved by the Attorney General; and other 
provisions of law, Executive Order or directive relating to national 
intelligence, or otherwise applicable to the ODNI. This routine use is 
not intended to supplant the other routine uses published by the ODNI.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Electronic records are stored in secure file-servers located in 
government-managed facilities or in government-leased private cloud-
based systems.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    The records in this system are retrieved by name, social security 
number, or other unique identifier. Information may be retrieved from 
this system of records by automated capabilities utilized in the normal 
course of business. All searches of this system of records are 
performed by authorized Executive Branch security personnel.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Pursuant to 44 U.S.C. 3303a(d) and 36 CFR Chapter 12, Subchapter 
B--Records Management, CE records are covered by the National Archives 
and Records Administration (NARA) General Records Schedule (GRS) 5.6, 
Security records, Items 170 through 181, and will be retained and 
disposed of according to those provisions. Biographic data and data 
about protecting and accessing information will be retained consistent 
with the Privacy Act of 1974, 5 U.S.C. 552a, and GRS 4.2, Information 
Access and Protection Records. Records about security data and 
information systems are listed in GRS 3.2, Information Systems Security 
Records.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Information in this system is safeguarded in accordance with 
recommended and/or prescribed administrative, physical, and technical 
safeguards. Records are maintained in secure government-owned or leased 
facilities with access limited to authorized personnel. Physical 
security protections include guards and locked facilities requiring 
badges and passwords for access. Records are accessed only by current 
government-authorized personnel whose official duties require access to 
the records. Electronic authorization and authentication of users is 
required at all points before any system information can be accessed. 
Communications are encrypted where required and other safeguards are in 
place to monitor and audit access, and to detect intrusions. System 
backup is maintained separately.

RECORD ACCESS PROCEDURES:
    As specified below, records in this system have been exempted from 
certain notification, access, and amendment procedures. A request for 
access shall be made in writing with the envelope and letter clearly 
marked ``Privacy Act Request.'' Requesters shall provide their full 
name and complete address. The requester must sign the request and have 
it verified by a notary public. Alternately, the request may be 
submitted under 28 U.S.C. 1746, certifying the requester's identity and 
understanding that obtaining a record under false pretenses constitutes 
a criminal offense. Requests for access to information must be 
addressed to the Director, Information Management Division, Strategy & 
Engagement, Office of the Director of National Intelligence, 
Washington, DC 20511. Regulations governing access to one's records or 
for appealing an initial determination concerning access to records are 
contained in the ODNI regulation implementing the Privacy Act, 32 CFR 
part 1701 (73 FR 16531).

CONTESTING RECORD PROCEDURES:
    As specified below, records in this system are exempt from certain 
notification, access, and amendment procedures. Individuals seeking to 
correct or amend non-exempt records should address their requests to 
the ODNI at the address and according to the requirements set forth 
above under the heading ``Record Access Procedures.'' Regulations 
governing access to and amendment of one's records or for appealing an 
initial determination concerning access or

[[Page 61398]]

amendment of records are contained in the ODNI regulation implementing 
the Privacy Act, 32 CFR part 1701 (73 FR 16531).

NOTIFICATION PROCEDURES:
    As specified below, records in this system are exempt from certain 
notification, access, and amendment procedures. Individuals seeking to 
learn whether this system contains non-exempt information about them 
should address inquiries to the ODNI at the address and according to 
the requirements set forth above under the heading ``Record Access 
Procedures.''

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    The Privacy Act authorizes ODNI to exempt records contained in this 
system of records from the requirements of subsections (c)(3); (d)(1), 
(d)(2), (d)(3), (d)(4); (e)(1); (e)(4)(G), (H), (I); and (f) of the 
Privacy Act pursuant to 5 U.S.C. 552a(k)(1), (k)(2) and (k)(5). In 
addition, pursuant to published rule, ODNI may derivatively exempt 
records from other agencies in this system from the requirements of the 
subsections listed above, as well as subsections (c)(4); (e)(2), 
(e)(3), (e)(5), (e)(8), (e)(12); and (g) of the Privacy Act consistent 
with any exemptions claimed under 5 U.S.C. 552a(j) or (k) by the 
originator of the record, provided the reason for the exemption remains 
valid and necessary.

HISTORY:
    The ODNI/NCSC CE Records is a new system of records. No previously 
published ODNI system of records notice covers any aspect of continuous 
evaluation.
    In accordance with 5 U.S.C. 552(r), the ODNI has provided a report 
of this new system of records to the Office of Management and Budget 
and to Congress.

Patricia Gaviria,
Director, Information Management Division, Strategy & Engagement, 
Office of the Director of National Intelligence.
[FR Doc. 2018-25970 Filed 11-28-18; 8:45 am]
 BILLING CODE 3910-79-P-P