Privacy Act of 1974; System of Records, 59759-59762 [2020-21014]

Agencies

• DEPARTMENT OF DEFENSE
• Office of the Secretary

[Federal Register Volume 85, Number 185 (Wednesday, September 23, 2020)]
[Notices]
[Pages 59759-59762]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-21014]


-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

[Docket ID: DoD-2020-OS-0080]


Privacy Act of 1974; System of Records

AGENCY: Defense Human Resources Activity (DHRA), Department of Defense 
(DoD).

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: The Office of the Secretary of Defense (OSD) is modifying the 
system of records titled, ``Commercial Travel Information Management 
System,'' DHRA 14 DoD. The Commercial Travel Information Management 
System (CTIMS) houses the CTIMS data repository and provides web-based 
travel information to the DoD travel community, including commercial 
vendors. It offers tools to submit help desk tickets, create reports, 
complete schedule training, plan trips, and complete other travel 
related functions, as well as provides a survey tool that supports the 
assessment of Defense Travel programs and the Defense Travel Management 
Office (DTMO) Workforce Assessment.

DATES: This system of records modification is effective upon 
publication; however, comments on the Routine Uses will be accepted on 
or before October 23, 2020. The Routine Uses are effective at the close 
of the comment period.

ADDRESSES: You may submit comments, identified by docket number and 
title, by any of the following methods:
    * Federal Rulemaking Portal: https://www.regulations.gov.
    Follow the instructions for submitting comments.
    * Mail: DoD cannot receive written comments at this time due to the 
COVID-19 pandemic. Comments should

[[Page 59760]]

be sent electronically to the docket listed above.
    Instructions: All submissions received must include the agency name 
and docket number for this Federal Register document. The general 
policy for comments and other submissions from members of the public is 
to make these submissions available for public viewing on the internet 
at https://www.regulations.gov as they are received without change, 
including any personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT: Ms. Lyn Kirby, Defense Privacy, Civil 
Liberties, and Transparency Division, Directorate for Oversight and 
Compliance, Department of Defense, 4800 Mark Center Drive, Mailbox #24, 
Suite 08D09, Alexandria, VA 22350-1700; [email protected]; (703) 571-
0070.

SUPPLEMENTARY INFORMATION: The CTIMS serves as a repository of DoD 
travel records consisting of travel booked within the Defense Travel 
System (DTS) in order to perform key DTMO mission functions including 
responding to federal reporting requirements and conducting oversight 
operations. The OSD proposes to modify this system of records to 
reflect the revision of the Joint Federal Travel Regulation and its 
codification in 41 CFR 300-304. Additional changes were made to reflect 
evolving mission needs and updates to the system location and security. 
In all, this modification reflects changes to the system location, 
system manager(s), security classification, authority for maintenance 
of the system, purpose of the system, categories of individuals covered 
by the system, categories of records in the system, record source 
categories, routine uses of records maintained in the system, including 
categories of users and purposes of such users, policies and practices 
for retrieval of records, policies and practices for retention and 
disposal of records, contesting record procedures, administrative, 
physical, and technical safeguards, record access procedures, and 
notification procedures. If these updates were not made, the system 
would not be able to provide the full set of services required to 
support the mission-essential Defense Travel Program.
    The DoD notices for systems of records subject to the Privacy Act 
of 1974, as amended, have been published in the Federal Register and 
are available from the address in FOR FURTHER INFORMATION CONTACT or at 
the Defense Privacy, Civil Liberties, and Transparency Division website 
at https://dpcld.defense.gov.
    In accordance with 5 U.S.C. 552a(r) and Office of Management and 
Budget (OMB) Circular No. A-108, the DoD has provided a report of this 
system of records to the OMB and to Congress.

    Dated: September 16, 2020.
Aaron T. Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.

SYSTEM NAME AND NUMBER:
    Commercial Travel Information Management System, DHRA 14 DoD.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Network Enterprise Center, 1422 Sultan Road, Fort Detrick, MD 
21702-9200.

SYSTEM MANAGER(S):
    Deputy Director, Defense Travel Management Office, 4800 Mark Center 
Drive, Alexandria, VA 22350-9000, email: [email protected].

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    5 U.S.C. Ch. 57, Travel, Transportation, and Subsistence; 10 U.S.C. 
135, Under Secretary of Defense (Comptroller); 10 U.S.C. 136, Under 
Secretary of Defense for Personnel and Readiness; 37 U.S.C. 463, 
Programs of Compliance, Electronic Processing of Travel Claims; 41 CFR. 
300-304, Federal Travel Regulation System; DoD Directive (DoDD) 
4500.09, Transportation and Traffic Management; DoDD 5100.87, 
Department of Defense Human Resources Activity (DoDHRA); DoD 
Instruction (DoDI) 5154.31, Vols 1-6 Commercial Travel Management; DoDI 
1100.13, DoD Survey; DoD Financial Management Regulation 7000.14-R, 
Vol. 9, Travel Policy; DoD 4500.9-R, Defense Transportation Regulation 
(DTR), Parts I-V; The Joint Federal Travel Regulation, Uniformed 
Service Members and DoD Civilian Employees; and E.O. 9397 (SSN), as 
amended

PURPOSE(S) OF THE SYSTEM:
    To establish a repository of DoD travel records consisting of 
travel booked within the Defense Travel System (DTS) as well as through 
commercial travel vendors in order to satisfy reporting requirements; 
identify and notify travelers in potential distress due to natural or 
man-made disasters; assist in the planning, budgeting, and allocation 
of resources for future DoD travel; conduct oversight operations; 
analyze travel, budgetary, or other trends; detect fraud and abuse; 
conduct surveys for the evaluation of program effectiveness, calculate 
travel and housing allowances, provide insight into the gap between 
product/service delivery and customer expectations, assist in 
understanding what drives customer satisfaction; respond to authorized 
internal and external requests for data relating to DoD official travel 
and travel related services, including premium class travel, and to 
provide website registered guests an online customer support site for 
submitting inquiries regarding commercial travel within the DoD, 
including assistance with the DTS.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    DoD civilian personnel; active, former, and retired military 
members; Reserve and National Guard personnel; military academy 
nominees, applicants, and cadets; dependents of DoD sponsors 
accompanying the DoD sponsor on travel; and all other individuals in 
receipt of DoD travel orders; registered website guests submitting 
inquiries regarding DoD commercial travel.

CATEGORIES OF RECORDS IN THE SYSTEM:
    For DoD travelers, information from commercial travel booking 
systems and the DTS: Name, Social Security Number (SSN), DoD ID number, 
individual taxpayer identification number (ITIN), passport information, 
gender, date of birth, email address; home and/or business address, and 
cellular phone numbers; emergency contact information to include 
spouses name and number;
    Employment information: Employment status, organizational 
information, duty station, rank, military status information, travel 
preferences, frequent flyer information;
    Financial information to include government and/or personal charge 
card account numbers and expiration information, government travel 
charge card transactions, personal checking and/or savings account 
numbers, government accounting code/budget information, specific trip 
information to include travel itineraries (includes dates of travel) 
and reservations, trip record number, trip cost estimates, travel 
vouchers, travel-related receipts, travel document status information, 
travel budget information, commitment of travel funds, records of 
actual payment of travel funds and supporting documentation.
    For dependents who are accompanying the DoD sponsor on travel: 
Name, date of birth, and passport information.

[[Page 59761]]

    For registered website guests: Name, phone number, email address; 
if affiliated with DoD, duty station, rank, DoD ID number; if desiring 
travel alerts, cellular phone number and cellular phone provider; if 
requiring assistance with the DTS, last four of the SSN.

RECORD SOURCE CATEGORIES:
    The individual, DTS, General Services Administration data 
repository, and commercial travel booking systems.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act of 1974, as amended, the records contained 
herein may be disclosed outside the DoD as a routine use pursuant to 5 
U.S.C. 552a(b)(3) as follows:
    a. To contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the federal government when 
necessary to accomplish an agency function related to this system of 
records.
    b. To Federal and private entities providing travel services for 
purposes of arranging transportation at Government expense for official 
business.
    c. To the appropriate Federal, State, local, territorial, tribal, 
foreign, or international law enforcement authority or other 
appropriate entity where a record, either alone or in conjunction with 
other information, indicates a violation or potential violation of law, 
whether criminal, civil, or regulatory in nature.
    d. To any component of the Department of Justice for the purpose of 
representing the DoD, or its components, officers, employees, or 
members in pending or potential litigation to which the record is 
pertinent.
    e. In an appropriate proceeding before a court, grand jury, or 
administrative or adjudicative body or official, when the DoD or other 
Agency representing the DoD determines the records are relevant and 
necessary to the proceeding; or in an appropriate proceeding before an 
administrative or adjudicative body when the adjudicator determines the 
records to be relevant to the proceeding.
    f. To the National Archives and Records Administration for the 
purpose of records management inspections conducted under the authority 
of 44 U.S.C. 2904 and 2906.
    g. To a Member of Congress or staff acting upon the Member's behalf 
when the Member or staff requests the information on behalf of, and at 
the request of, the individual who is the subject of the record.
    h. To appropriate agencies, entities, and persons when (1) the DoD 
suspects or confirms a breach of the system of records; (2) the DoD 
determines as a result of the suspected or confirmed breach there is a 
risk of harm to individuals, the DoD (including its information 
systems, programs, and operations), the Federal Government, or national 
security; and (3) the disclosure made to such agencies, entities, and 
persons is reasonably necessary to assist in connection with the DoD's 
efforts to respond to the suspected or confirmed breach or to prevent, 
minimize, or remedy such harm.
    i. To another Federal agency or Federal entity, when the DoD 
determines information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records are maintained in electronic storage media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Name, home/business address, email address, passport number, date 
of birth, SSN, and/or DoD ID number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Destroy 6 years after final payment or cancellation.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Records are stored on secure military installations. Physical 
controls include use of visitor registers and identification badges, 
electronic key card access, safes, security guards, and closed-circuit 
television monitoring. Technical controls including intrusion detection 
systems, secure socket layer encryption, firewalls, intrusion detection 
systems, external certificate authority certificates, least privilege 
access, and virtual private networks protect the data in transit and at 
rest. Physical and electronic access is limited to individuals who are 
properly screened and cleared on a need-to-know basis in the 
performance of their official duties. Usernames and passwords, Common 
Access Cards, and DoD Public Key Infrastructure, in addition to role-
based access controls are used to control access to the system data. 
Procedures are in place to deter and detect browsing and unauthorized 
access including periodic security audits and monitoring of users' 
security practices. Backups are stored on encrypted media and secured 
off-site. Periodic security audits and regular monitoring of user's 
security practices also occur. Electronic records are maintained in a 
controlled facility. Physical entry is restricted by the use of locks, 
guards, and is accessible only to authorized personnel. Access to 
records is limited to person(s) servicing the record in performance of 
their official duties and who are properly screened and cleared for 
need-to-know. Access to computerized data is restricted by the use of 
Common Access Cards (CAC) and data encryption.

RECORD ACCESS PROCEDURES:
    Individuals seeking access to records about themselves contained in 
this system should address written inquiries to the Office of the 
Secretary of Defense/Joint Staff, Freedom of Information Act Requester 
Service Center, Office of Freedom of Information, 1155 Defense 
Pentagon, Washington, DC 20301-1155. Signed, written requests should 
contain the individual's full name, personal contact information (home 
address, phone number, email), and the number and name of this system 
of records notice. In addition, the requester must provide either a 
notarized statement or a declaration made in accordance with 28 U.S.C. 
1746, using the following format:
    If executed outside the United States: ``I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).''
    If executed within the United States, its territories, possessions, 
or commonwealths: ``I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).''

CONTESTING RECORD PROCEDURES:
    The DoD rules for accessing records, contesting contents and 
appealing initial agency determinations are published in 32 CFR part 
310, or may be obtained from the system manager.

NOTIFICATION PROCEDURES:
    Individuals seeking to determine whether information about 
themselves is contained in this system should address written inquiries 
to the Deputy Director, Defense Travel Management

[[Page 59762]]

Office, 4800 Mark Center Drive, Alexandria, VA 22350-9000. Signed, 
written requests should contain full name, email address, telephone 
number, and SSN (or passport number). Website registered guests should 
provide their full name and email address. In addition, the requester 
must provide either a notarized statement or an unsworn declaration 
made in accordance with 28 U.S.C. 1746, in the following format:
    If executed outside the United States: ``I declare (or certify, 
verify, or state) under penalty of perjury under the laws of the United 
States of America that the foregoing is true and correct. Executed on 
(date). (Signature).''
    If executed within the United States, its territories, possessions, 
or commonwealths: ``I declare (or certify, verify, or state) under 
penalty of perjury that the foregoing is true and correct. Executed on 
(date). (Signature).''

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    August 22, 2014, 79 FR 49764.

[FR Doc. 2020-21014 Filed 9-22-20; 8:45 am]
BILLING CODE 5001-06-P