Privacy Act; Implementation, 14622-14624 [2019-07122]
Download as PDF
<![CDATA[
14622
Federal Register / Vol. 84, No. 70 / Thursday, April 11, 2019 / Rules and Regulations
Transfer and Advancement Act
(NTTAA) (15 U.S.C. 272 note).
VII. Congressional Review Act
Pursuant to the Congressional Review
Act (5 U.S.C. 801 et seq.), EPA will
submit a report containing this rule and
other required information to the U.S.
Senate, the U.S. House of
Representatives, and the Comptroller
General of the United States prior to
publication of the rule in the Federal
Register. This action is not a ‘‘major
rule’’ as defined by 5 U.S.C. 804(2).
Environmental protection,
Administrative practice and procedure,
Agricultural commodities, Pesticides
and pests, Reporting and recordkeeping
requirements.
are no U.S. registrations as of May
25, 2017 for use on pineapple and tea.
2 This tolerance expires on October 11,
2019.
*
*
RIN 0991–AC10
Privacy Act; Implementation
Department of Health and
Human Services (HHS).
ACTION: Final rule.
1. The authority citation for part 180
continues to read as follows:
■
Authority: 21 U.S.C. 321(q), 346a and 371.
2. In § 180.632, revise the table in
paragraph (a) to read as follows:
■
The Department of Health and
Human Services (HHS or Department) is
issuing this final rule to make effective
the exemptions that HHS proposed for
certain records covered in a new Privacy
Act system of records, System No. 09–
90–1701, HHS Insider Threat Program
Records.
This final rule is effective April
11, 2019.
FOR FURTHER INFORMATION CONTACT:
Michael W. Schmoyer, Assistant Deputy
Secretary for National Security by email
at insiderthreat@hhs.gov or telephone at
(202) 690–5756, or by mail to the HHS
Office of Security and Strategic
Information (OSSI), 200 Independence
Ave. SW, Washington, DC 20201.
SUPPLEMENTARY INFORMATION: In
accordance with 5 U.S.C. 552a (Privacy
Act or Act), the exemptions were
described in a Notice of Proposed
Rulemaking (NPRM) published for
public notice and comment at 83 FR
42627 (Aug. 23, 2018). The new system
of records is described in a System of
Records Notice (SORN) which was
published for public notice and
comment the same day, at 83 FR 42667
(Aug 23, 2018). Only law enforcement
investigatory material and classified
intelligence information were proposed
to be exempted, based on subsections
(k)(1) and (k)(2) of the Act, from the
requirements contained in subsections
(c)(3), (d)(1)-(4), (e)(1), (e)(4)(G), (H), and
(I), and (f) of the Act, which require the
agency to provide an accounting of
disclosures; provide notification, access,
and amendment rights, rules, and
procedures; maintain only relevant and
necessary information; and identify
DATES:
§ 180.632 Fenazaquin; Tolerances for
residues.
(a) * * *
Parts per
million
Jkt 247001
*
45 CFR Part 5b
SUMMARY:
16:02 Apr 10, 2019
*
BILLING CODE 6560–50–P
Therefore, 40 CFR chapter I is
amended as follows:
VerDate Sep<11>2014
*
[FR Doc. 2019–07173 Filed 4–10–19; 8:45 am]
AGENCY:
Almond, hulls ..............................
Avocado ......................................
Berry, low growing, subgroup
13–07G ...................................
Bushberry, subgroup 13–07B .....
Caneberry, subgroup 13–07A ....
Fruit, Citrus, Group 10 except
Grapefruit 2 ..............................
Fruit, citrus, group 10–10 ...........
Fruit, citrus, group 10–10, oil .....
Fruit, pome, group 11–10 ...........
Fruit, small vine climbing, except
fuzzy kiwifruit, subgroup 13–
07F ..........................................
Fruit, stone, group 12–12 ...........
Grape, raisin ...............................
Hop, dried cones ........................
Nuts, Tree, Group 14–12 ...........
Pea and bean, dried shelled, except soybean, subgroup 6C ....
Pea and bean, succulent
shelled, subgroup 6B ..............
Peppermint, fresh leaves ............
Pineapple 1 ..................................
Spearmint, fresh leaves ..............
Tea, dried 1 .................................
Vegetable, cucurbit, group 9 ......
Vegetable, fruiting, group 8–10 ..
0.4
1 There
Dated: March 28, 2019.
Michael Goodis,
Director, Registration Division, Office of
Pesticide Programs.
PART 180—[AMENDED]
amozie on DSK9F9SC42PROD with RULES
Vegetable, legume, edible podded, subgroup 6A ...................
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
List of Subjects in 40 CFR Part 180
Commodity
Parts per
million
Commodity
4
0.15
2
0.8
0.7
0.5
0.4
20
0.6
0.7
2
0.8
30
0.02
0.3
0.03
10
0.2
10
9
0.3
0.3
PO 00000
Frm 00036
Fmt 4700
Sfmt 4700
categories of record sources. The NPRM
also explained that if the HHS Insider
Threat Program obtains law enforcement
investigatory material from another
Privacy Act system of records that has
been exempted from Privacy Act
requirements based on subsection (j)(2)
of the Act, that material will be exempt
in System No. 09–90–1701 to the same
extent it is exempt in the source system,
so it may be exempt from requirements
in any of these subsections of the Act:
(c)(3)–(4); (d)(1)–(4); (e)(1)–(3), (e)(4)(G)–
(I), (e)(5), (e)(8), (e)(12); (f); (g); and (h).
The comment period for the SORN
and NPRM was open through September
24, 2018. No comments were received
on the NPRM and no comments were
received on the SORN. No changes to
the proposed exemptions or to the
SORN were made following the public
comment period.
The specific rationales that support
the exemptions as to each affected
Privacy Act provision, remain as stated
in the NPRM; the exemptions from the
particular subsections are necessary and
appropriate, and justified for the
following reasons:
• 5 U.S.C. 552a(c)(3) (the requirement
to provide accountings of disclosures)
and 5 U.S.C. 552a(d)(1)–(4)
(requirements addressing notification,
access, and amendment rights,
collectively referred to herein as access
requirements). Providing individual
record subjects with accountings of
disclosures and with notification,
access, and amendment rights with
respect to Insider Threat Program
records could reveal the existence of an
investigation, investigative interest,
investigative techniques, details about
an investigation, security-sensitive
information such as information about
security measures and security
vulnerabilities, information that must
remain non-public to protect national
security or personal privacy-identities of
law enforcement personnel, or other
sensitive or classified information.
Revealing such information to record
subjects would thwart or impede
pending and future law enforcement
investigations and efforts to protect
national security, and would violate
personal privacy. Revealing the
information would enable record
subjects or other persons to evade
detection and apprehension by security
and law enforcement personnel;
destroy, conceal, or tamper with
evidence or fabricate testimony; or
harass, intimidate, harm, coerce, or
retaliate against witnesses,
complainants, investigators, security
personnel, law enforcement personnel,
or their family members, their
employees, or other individuals. With
E:\FR\FM\11APR1.SGM
11APR1
amozie on DSK9F9SC42PROD with RULES
Federal Register / Vol. 84, No. 70 / Thursday, April 11, 2019 / Rules and Regulations
respect to investigatory material
compiled for law enforcement purposes,
the exemption pursuant to 5 U.S.C.
552a(k)(2) from access requirements in
subsection (d) of the Act is statutorily
limited. If any individual is denied a
right, privilege, or benefit to which the
individual would otherwise be entitled
by federal law or for which the
individual would otherwise be eligible,
access will be granted, except to the
extent that the disclosure would reveal
the identity of a source who furnished
information to the Government under an
express promise of confidentiality.
• 5 U.S.C. 552a(e)(1) (the requirement
to maintain only relevant and necessary
information authorized by statute or
Executive Order). It will not always be
possible to determine at the time
information is received or compiled in
this system of records whether the
information is or will be relevant and
necessary to a law enforcement
investigation or to protecting national
security. For example, a tip or lead that
does not appear relevant or necessary to
uncovering an insider threat by itself or
at the time the tip or lead is received
may prove to be relevant and necessary
when combined with other information
that reveals a pattern or that comes to
light later.
• 5 U.S.C. 552a(e)(4)(G) and (H) (the
requirements to describe procedures by
which subjects may be notified of
whether the system of records contains
records about them and seek access or
amendment of a record). These
requirements concern individual access
to records, and the records are exempt
under (c) and (d), as described above. To
the extent that (e)(4)(G) and (H) are
interpreted to require more detailed
procedures regarding record
notification, access, or amendment than
have been published in the Federal
Register, exemption from those
provisions is necessary for the same
rationale as applies to (c) and (d).
• 5 U.S.C. 552a(e)(4)(I) (the
requirement to describe the categories of
record sources). To the extent that this
subsection is interpreted to require a
more detailed description regarding the
record sources in this system than has
been published in the Federal Register,
exemption from this provision is
necessary to protect the sources of law
enforcement and intelligence
information and to protect the privacy
and safety of witnesses and informants
and others who provide information to
HHS. Further, greater specificity of
sources of properly classified records
could compromise national security.
Moreover, because records used in the
Insider Threat Program could come from
any source, it is not possible to know
VerDate Sep<11>2014
16:02 Apr 10, 2019
Jkt 247001
every category in advance in order to
list them all in the SORN. Some record
source categories may not be
appropriate to make public in the SORN
if, for example, revealing them could
enable record subjects or other
individuals to discover investigative
techniques and devise ways to bypass
them to evade detection and
apprehension.
• 5 U.S.C. 552a(f) (the requirement to
promulgate rules to implement
provisions of the Privacy Act). To the
extent that this subsection is interpreted
to require agency rules addressing the
above exempted requirements,
exemption from this provision is also
necessary to protect the sources of law
enforcement and intelligence
information and to protect the privacy
and safety of witnesses and informants
and others who provide information to
HHS. Greater specificity in rulemaking
regarding properly classified records
could compromise national security.
Accordingly, based on 5 U.S.C.
552a(k)(1) and (k)(2) and the specific
rationales indicated above, HHS is now
exempting law enforcement
investigatory material and classified
intelligence information in system of
records 09–90–1701 HHS Insider Threat
Program Records from subsections
(c)(3), (d)(1)–(4), (e)(1), (e)(4)(G), (H),
and (I), and (f) of the Act, which contain
requirements to provide an accounting
of disclosures; provide notification,
access, and amendment rights, rules,
and procedures; maintain only relevant
and necessary information; and identify
categories of record sources. In addition,
HHS affirms that if the HHS Insider
Threat Program obtains law enforcement
investigatory material from another
Privacy Act system of records that has
been exempted from Privacy Act
requirements based on subsection (j)(2)
of the Act, that material will be exempt
in System No. 09–90–1701 to the same
extent it is exempt in the source system.
Notwithstanding these exemptions,
consideration will be given to any
requests for notification, access, and
amendment that are addressed to the
System Manager, as provided in the
SORN for system of records 09–90–
1701, and to accounting of disclosure
requests. Where HHS determines that
compliance with a request would not
interfere with or adversely affect the
purpose of this system of records to
detect, deter, or mitigate insider threats,
the applicable exemption may be
waived by HHS in its sole discretion.
The Federal Register notice
containing the SORN proposed for new
system of records 09–90–1701 provides
for that SORN to be effective upon
publication of this final rule. No
PO 00000
Frm 00037
Fmt 4700
Sfmt 4700
14623
changes were made to the SORN as a
result of public comments and,
therefore, the SORN, as published at 83
FR 42667 (Aug. 23, 2018), is now
effective.
Analysis of Impacts
The agency has reviewed this rule
under Executive Orders 12866 and
13563, which direct agencies to assess
costs and benefits of available regulatory
alternatives and, if regulation is
necessary, to maximize the net benefits.
The agency believes that this rule is not
a significant regulatory action under
Executive Order 12866, and therefore
does not constitute an Executive Order
13771 regulatory action, because it will
not (1) have an annual effect on the
economy of $100 million or more or
adversely affect in a material way the
economy, a sector of the economy,
productivity, competition, jobs, the
environment, public health or safety, or
state, local or tribal governments or
communities; (2) create a serious
inconsistency or otherwise interfere
with an action taken or planned by
another agency; (3) materially alter the
budgetary impact of entitlements,
grants, user fees or loan programs, or the
rights and obligations of recipients
thereof; or (4) raise novel legal or policy
issues arising out of legal mandates, the
President’s priorities, or the principles
set forth in Executive Order 12866.
The Regulatory Flexibility Act
requires agencies to analyze regulatory
options that would minimize any
significant impact of a rule on small
entities. Because the rule imposes no
duties or obligations on small entities,
the Department certifies that the rule
will not have a significant economic
impact on a substantial number of small
entities.
Section 202(a) of the Unfunded
Mandates Reform Act of 1995 requires
that agencies prepare a written
statement, which includes an
assessment of anticipated costs and
benefits, before proposing ‘‘any rule that
includes any Federal mandate that may
result in the expenditure by State, local,
and tribal governments, in the aggregate,
or by the private sector, of $100,000,000
or more (adjusted annually for inflation)
in any one year.’’ The current threshold
after adjustment for inflation is $144
million, using the most current (2015)
Implicit Price Deflator for the Gross
Domestic Product. The Department does
not expect that this final rule would
result in any one-year expenditure that
would meet or exceed this amount.
List of Subjects in 45 CFR Part 5b
Privacy.
E:\FR\FM\11APR1.SGM
11APR1
14624
Federal Register / Vol. 84, No. 70 / Thursday, April 11, 2019 / Rules and Regulations
For the reasons stated in the
preamble, the Department amends part
5b of title 45 of the Code of Federal
Regulations as follows:
PART 5b—PRIVACY ACT
REGULATIONS
1. The authority citation for part 5b
continues to read as follows:
■
2. Section 5b.11 is amended by adding
paragraph (b)(2)(viii)(A) and reserved
paragraph (b)(2)(viii)(B) to read as
follows:
■
SUPPLEMENTARY INFORMATION:
Correction
Exempt systems.
*
*
*
*
(b) * * *
(2) * * *
(viii) Pursuant to subsections (k)(1)
and (k)(2) of the Act:
(A) HHS Insider Threat Program
Records, 09–90–1701.
(B) [Reserved]
*
*
*
*
*
In the Federal Register of March 26,
2019, in FR Doc. 2019–05620, on page
11226, in the first column, the
compliance dates are corrected to read
as set forth in the DATES section above
and the first paragraph of the
‘‘Compliance’’ section in
SUPPLEMENTARY INFORMATION is
corrected to read:
Michael Schmoyer,
Assistant Deputy Secretary for National
Security.
Dated: April 4, 2019.
Alex M. Azar II,
Secretary.
‘‘Compliance
‘‘The amendments of the
Commission’s rules as set forth in this
document are effective 30 days after
publication of a notice in the Federal
Register announcing approval by the
Office of Management and Budget
(OMB). Compliance will not be required
for §§ 52.15(f)(1)(ii) and (f)(8), 52.103(d),
and 64.1200(l)(1) until after approval by
the OMB of information collection
requirements contained in §§ 52.15(f)(8)
and 64.1200(l)(1). The compliance date
for §§ 52.15(f)(1)(ii) and (f)(8), 52.103(d),
and 64.1200(l)(1) will be specified in a
document published in the Federal
Register. Compliance will not be
required for § 64.1200(l)(2) until after
approval by OMB and the reassigned
numbers database administrator is ready
to begin accepting reports of the data
collected in accordance with
§ 64.1200(l)(1). The Commission will
publish another document in the
Federal Register announcing the
compliance date for the requirements
contained in § 64.1200(l)(2).’’
*
[FR Doc. 2019–07122 Filed 4–10–19; 8:45 am]
BILLING CODE 4151–17–P
FEDERAL COMMUNICATIONS
COMMISSION
47 CFR Parts 52 and 64
[CG Docket No. 17–59; FCC 18–177]
Advanced Methods To Target and
Eliminate Unlawful Robocalls
Federal Communications
Commission.
ACTION: Final rule; correction.
AGENCY:
The Federal Communications
Commission (Commission) published a
document in the Federal Register of
March 26, 2019 (84 FR 11226), regarding
the establishment of a single,
comprehensive database that will
contain the most recent permanent
disconnection date for toll free numbers
and for each number allocated to or
ported to each provider that receives
North American Numbering Plan U.S.
geographic numbers. The document
contained references to an incorrect rule
section for compliance. This document
corrects those inaccurate references.
DATES: This correction is effective April
11, 2019. The compliance dates for the
final rule published March 26, 2019, at
SUMMARY:
amozie on DSK9F9SC42PROD with RULES
Josh
Zeldis, Consumer Policy Division,
Consumer and Governmental Affairs
Bureau (CGB), at (202) 418–0715, email:
Josh.Zeldis@fcc.gov.
FOR FURTHER INFORMATION CONTACT:
Authority: 5 U.S.C. 301, 5 U.S.C. 552a.
§ 5b.11
84 FR 11226, are corrected as follows:
Compliance date: Compliance will not
be required for §§ 52.15(f)(1)(ii) and
(f)(8), 52.103(d), and 64.1200(l)(1) and
(2) until the Commission publishes
documents in the Federal Register
announcing the compliance dates.
VerDate Sep<11>2014
16:02 Apr 10, 2019
Jkt 247001
Federal Communications Commission.
Katura Jackson,
Federal Register Liaison Officer, Office of the
Secretary.
[FR Doc. 2019–06961 Filed 4–10–19; 8:45 am]
BILLING CODE 6712–01–P
PO 00000
Frm 00038
Fmt 4700
Sfmt 4700
GENERAL SERVICES
ADMINISTRATION
48 CFR Parts 511, 516, 532, 538, 546
and 552
[GSAR Amendment 2008–02; GSAR Case
2008–G517; Docket No. 2008–0007;
Sequence No. 02]
RIN 3090–AI68
General Services Administration
Acquisition Regulation; GSAR Case
2008–G517; Cooperative PurchasingAcquisition of Security and Law
Enforcement Related Goods and
Services (Schedule 84) by State and
Local Governments Through Federal
Supply Schedules
Office of Acquisition Policy,
General Services Administration (GSA).
ACTION: Final rule.
AGENCY:
The General Services
Administration (GSA) is adopting as
final, without change, an interim rule
amending the General Services
Administration Acquisition Regulation
(GSAR) to implement The Local
Preparedness Acquisition Act of 2008.
The Act authorizes the Administrator of
General Services to provide for the use
by State or local governments of Federal
Supply Schedules of the GSA safety
equipment and services.
DATES: Effective Date: May 13, 2019.
FOR FURTHER INFORMATION CONTACT: Mr.
Thomas O’Linn, Procurement Analyst,
at 202–445–0390, for clarification of
content. For information pertaining to
status or publication schedules, contact
the Regulatory Secretariat Division at
202–501–4755. Please cite GSAR Case
2008–G517.
SUPPLEMENTARY INFORMATION:
SUMMARY:
I. Background
As part of GSA’s regulatory reform
efforts, GSA has been performing a
comprehensive review of the regulatory
requirements in the GSAR. As a part of
these efforts, GSA discovered that a
Federal Register notification had not
been published to finalize this interim
rule. As a result, GSA included as part
of the Fall edition of the Unified Agenda
of Federal Regulatory and Deregulatory
Actions in the Federal Register at 83 FR
58086 on November 16, 2018 its
intention to publish a final rule
notification in the Federal Register.
The purpose of this rule is the
straightforward implementation of the
statutory authority provided by Public
Law 110–248, The Local Preparedness
Acquisition Act to open Schedule 84 or
any amended or subsequent version of
that Federal supply classification group
E:\FR\FM\11APR1.SGM
11APR1
]]>Agencies
[Federal Register Volume 84, Number 70 (Thursday, April 11, 2019)]
[Rules and Regulations]
[Pages 14622-14624]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-07122]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
45 CFR Part 5b
RIN 0991-AC10
Privacy Act; Implementation
AGENCY: Department of Health and Human Services (HHS).
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Department of Health and Human Services (HHS or
Department) is issuing this final rule to make effective the exemptions
that HHS proposed for certain records covered in a new Privacy Act
system of records, System No. 09-90-1701, HHS Insider Threat Program
Records.
DATES: This final rule is effective April 11, 2019.
FOR FURTHER INFORMATION CONTACT: Michael W. Schmoyer, Assistant Deputy
Secretary for National Security by email at [email protected] or
telephone at (202) 690-5756, or by mail to the HHS Office of Security
and Strategic Information (OSSI), 200 Independence Ave. SW, Washington,
DC 20201.
SUPPLEMENTARY INFORMATION: In accordance with 5 U.S.C. 552a (Privacy
Act or Act), the exemptions were described in a Notice of Proposed
Rulemaking (NPRM) published for public notice and comment at 83 FR
42627 (Aug. 23, 2018). The new system of records is described in a
System of Records Notice (SORN) which was published for public notice
and comment the same day, at 83 FR 42667 (Aug 23, 2018). Only law
enforcement investigatory material and classified intelligence
information were proposed to be exempted, based on subsections (k)(1)
and (k)(2) of the Act, from the requirements contained in subsections
(c)(3), (d)(1)-(4), (e)(1), (e)(4)(G), (H), and (I), and (f) of the
Act, which require the agency to provide an accounting of disclosures;
provide notification, access, and amendment rights, rules, and
procedures; maintain only relevant and necessary information; and
identify categories of record sources. The NPRM also explained that if
the HHS Insider Threat Program obtains law enforcement investigatory
material from another Privacy Act system of records that has been
exempted from Privacy Act requirements based on subsection (j)(2) of
the Act, that material will be exempt in System No. 09-90-1701 to the
same extent it is exempt in the source system, so it may be exempt from
requirements in any of these subsections of the Act: (c)(3)-(4);
(d)(1)-(4); (e)(1)-(3), (e)(4)(G)-(I), (e)(5), (e)(8), (e)(12); (f);
(g); and (h).
The comment period for the SORN and NPRM was open through September
24, 2018. No comments were received on the NPRM and no comments were
received on the SORN. No changes to the proposed exemptions or to the
SORN were made following the public comment period.
The specific rationales that support the exemptions as to each
affected Privacy Act provision, remain as stated in the NPRM; the
exemptions from the particular subsections are necessary and
appropriate, and justified for the following reasons:
5 U.S.C. 552a(c)(3) (the requirement to provide
accountings of disclosures) and 5 U.S.C. 552a(d)(1)-(4) (requirements
addressing notification, access, and amendment rights, collectively
referred to herein as access requirements). Providing individual record
subjects with accountings of disclosures and with notification, access,
and amendment rights with respect to Insider Threat Program records
could reveal the existence of an investigation, investigative interest,
investigative techniques, details about an investigation, security-
sensitive information such as information about security measures and
security vulnerabilities, information that must remain non-public to
protect national security or personal privacy-identities of law
enforcement personnel, or other sensitive or classified information.
Revealing such information to record subjects would thwart or impede
pending and future law enforcement investigations and efforts to
protect national security, and would violate personal privacy.
Revealing the information would enable record subjects or other persons
to evade detection and apprehension by security and law enforcement
personnel; destroy, conceal, or tamper with evidence or fabricate
testimony; or harass, intimidate, harm, coerce, or retaliate against
witnesses, complainants, investigators, security personnel, law
enforcement personnel, or their family members, their employees, or
other individuals. With
[[Page 14623]]
respect to investigatory material compiled for law enforcement
purposes, the exemption pursuant to 5 U.S.C. 552a(k)(2) from access
requirements in subsection (d) of the Act is statutorily limited. If
any individual is denied a right, privilege, or benefit to which the
individual would otherwise be entitled by federal law or for which the
individual would otherwise be eligible, access will be granted, except
to the extent that the disclosure would reveal the identity of a source
who furnished information to the Government under an express promise of
confidentiality.
5 U.S.C. 552a(e)(1) (the requirement to maintain only
relevant and necessary information authorized by statute or Executive
Order). It will not always be possible to determine at the time
information is received or compiled in this system of records whether
the information is or will be relevant and necessary to a law
enforcement investigation or to protecting national security. For
example, a tip or lead that does not appear relevant or necessary to
uncovering an insider threat by itself or at the time the tip or lead
is received may prove to be relevant and necessary when combined with
other information that reveals a pattern or that comes to light later.
5 U.S.C. 552a(e)(4)(G) and (H) (the requirements to
describe procedures by which subjects may be notified of whether the
system of records contains records about them and seek access or
amendment of a record). These requirements concern individual access to
records, and the records are exempt under (c) and (d), as described
above. To the extent that (e)(4)(G) and (H) are interpreted to require
more detailed procedures regarding record notification, access, or
amendment than have been published in the Federal Register, exemption
from those provisions is necessary for the same rationale as applies to
(c) and (d).
5 U.S.C. 552a(e)(4)(I) (the requirement to describe the
categories of record sources). To the extent that this subsection is
interpreted to require a more detailed description regarding the record
sources in this system than has been published in the Federal Register,
exemption from this provision is necessary to protect the sources of
law enforcement and intelligence information and to protect the privacy
and safety of witnesses and informants and others who provide
information to HHS. Further, greater specificity of sources of properly
classified records could compromise national security. Moreover,
because records used in the Insider Threat Program could come from any
source, it is not possible to know every category in advance in order
to list them all in the SORN. Some record source categories may not be
appropriate to make public in the SORN if, for example, revealing them
could enable record subjects or other individuals to discover
investigative techniques and devise ways to bypass them to evade
detection and apprehension.
5 U.S.C. 552a(f) (the requirement to promulgate rules to
implement provisions of the Privacy Act). To the extent that this
subsection is interpreted to require agency rules addressing the above
exempted requirements, exemption from this provision is also necessary
to protect the sources of law enforcement and intelligence information
and to protect the privacy and safety of witnesses and informants and
others who provide information to HHS. Greater specificity in
rulemaking regarding properly classified records could compromise
national security.
Accordingly, based on 5 U.S.C. 552a(k)(1) and (k)(2) and the
specific rationales indicated above, HHS is now exempting law
enforcement investigatory material and classified intelligence
information in system of records 09-90-1701 HHS Insider Threat Program
Records from subsections (c)(3), (d)(1)-(4), (e)(1), (e)(4)(G), (H),
and (I), and (f) of the Act, which contain requirements to provide an
accounting of disclosures; provide notification, access, and amendment
rights, rules, and procedures; maintain only relevant and necessary
information; and identify categories of record sources. In addition,
HHS affirms that if the HHS Insider Threat Program obtains law
enforcement investigatory material from another Privacy Act system of
records that has been exempted from Privacy Act requirements based on
subsection (j)(2) of the Act, that material will be exempt in System
No. 09-90-1701 to the same extent it is exempt in the source system.
Notwithstanding these exemptions, consideration will be given to
any requests for notification, access, and amendment that are addressed
to the System Manager, as provided in the SORN for system of records
09-90-1701, and to accounting of disclosure requests. Where HHS
determines that compliance with a request would not interfere with or
adversely affect the purpose of this system of records to detect,
deter, or mitigate insider threats, the applicable exemption may be
waived by HHS in its sole discretion.
The Federal Register notice containing the SORN proposed for new
system of records 09-90-1701 provides for that SORN to be effective
upon publication of this final rule. No changes were made to the SORN
as a result of public comments and, therefore, the SORN, as published
at 83 FR 42667 (Aug. 23, 2018), is now effective.
Analysis of Impacts
The agency has reviewed this rule under Executive Orders 12866 and
13563, which direct agencies to assess costs and benefits of available
regulatory alternatives and, if regulation is necessary, to maximize
the net benefits. The agency believes that this rule is not a
significant regulatory action under Executive Order 12866, and
therefore does not constitute an Executive Order 13771 regulatory
action, because it will not (1) have an annual effect on the economy of
$100 million or more or adversely affect in a material way the economy,
a sector of the economy, productivity, competition, jobs, the
environment, public health or safety, or state, local or tribal
governments or communities; (2) create a serious inconsistency or
otherwise interfere with an action taken or planned by another agency;
(3) materially alter the budgetary impact of entitlements, grants, user
fees or loan programs, or the rights and obligations of recipients
thereof; or (4) raise novel legal or policy issues arising out of legal
mandates, the President's priorities, or the principles set forth in
Executive Order 12866.
The Regulatory Flexibility Act requires agencies to analyze
regulatory options that would minimize any significant impact of a rule
on small entities. Because the rule imposes no duties or obligations on
small entities, the Department certifies that the rule will not have a
significant economic impact on a substantial number of small entities.
Section 202(a) of the Unfunded Mandates Reform Act of 1995 requires
that agencies prepare a written statement, which includes an assessment
of anticipated costs and benefits, before proposing ``any rule that
includes any Federal mandate that may result in the expenditure by
State, local, and tribal governments, in the aggregate, or by the
private sector, of $100,000,000 or more (adjusted annually for
inflation) in any one year.'' The current threshold after adjustment
for inflation is $144 million, using the most current (2015) Implicit
Price Deflator for the Gross Domestic Product. The Department does not
expect that this final rule would result in any one-year expenditure
that would meet or exceed this amount.
List of Subjects in 45 CFR Part 5b
Privacy.
[[Page 14624]]
For the reasons stated in the preamble, the Department amends part
5b of title 45 of the Code of Federal Regulations as follows:
PART 5b--PRIVACY ACT REGULATIONS
0
1. The authority citation for part 5b continues to read as follows:
Authority: 5 U.S.C. 301, 5 U.S.C. 552a.
0
2. Section 5b.11 is amended by adding paragraph (b)(2)(viii)(A) and
reserved paragraph (b)(2)(viii)(B) to read as follows:
Sec. 5b.11 Exempt systems.
* * * * *
(b) * * *
(2) * * *
(viii) Pursuant to subsections (k)(1) and (k)(2) of the Act:
(A) HHS Insider Threat Program Records, 09-90-1701.
(B) [Reserved]
* * * * *
Michael Schmoyer,
Assistant Deputy Secretary for National Security.
Dated: April 4, 2019.
Alex M. Azar II,
Secretary.
[FR Doc. 2019-07122 Filed 4-10-19; 8:45 am]
BILLING CODE 4151-17-P
