Privacy Act of 1974; Implementation, 498-499 [2020-28791]

Agencies

• DEPARTMENT OF DEFENSE
• Office of the Secretary

[Federal Register Volume 86, Number 3 (Wednesday, January 6, 2021)]
[Proposed Rules]
[Pages 498-499]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-28791]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

32 CFR Part 310

[Docket ID DoD-2020-OS-0095]
RIN 0790-AK96


Privacy Act of 1974; Implementation

AGENCY: Department of Defense (DoD).

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The DoD is giving concurrent notice of an updated system of 
records pursuant to the Privacy Act of 1974 for the DoD 0004 ``Defense 
Repository for Common Enterprise Data (DRCED)'' system of records and 
this proposed rulemaking. In this proposed rulemaking, the Department 
proposes to exempt portions of the DRCED system of records from certain 
provisions of the Privacy Act because of national security 
requirements.

DATES: Send comments on or before March 8, 2021.

ADDRESSES: You may submit comments, identified by docket number and 
title, by any of the following methods:
     Federal Rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Mail: The DoD cannot receive written comments at this time 
due to the COVID-19 pandemic. Comments should be sent electronically to 
the docket listed above.
    Instructions: All submissions received must include the agency name 
and docket number for this Federal Register document. The general 
policy for comments and other submissions from members of the public is 
to make these submissions available for public viewing on the internet 
at https://www.regulations.gov as they are received without change, 
including any personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT: Ms. Lyn Kirby, Chief, Defense Privacy, 
Civil Liberties, and Transparency Division, Directorate for Oversight 
and Compliance, Department of Defense, 4800 Mark Center Drive, Mailbox 
#24, Suite 08D09, Alexandria, VA 22350-1700; [email protected]; (703) 
571-0070.

SUPPLEMENTARY INFORMATION:

I. Background

    The DoD 0004 DRCED system of records is a DoD-wide system of 
records that supports multiple information systems that provide DoD-
wide and component-level enterprise solutions for integrating and 
analyzing targeted data from existing DoD systems to develop timely, 
actionable, and insightful conclusions in support of national 
strategies. These systems are used to automate financial and business 
transactions, perform cost-management analysis, produce oversight and 
audit reports, and provide critical data linking to improve performance 
of mission objectives. These systems are also capable of creating 
predictive analytic models based upon specific data streams to equip 
decision makers with critical data necessary for execution of fiscal 
and operational requirements.

II. Privacy Act Exemption

    The Privacy Act allows federal agencies to exempt eligible records 
in a system of records from certain provisions of the Act, including 
the provisions providing individuals with a right to request access to 
and amendment of their own records. If an agency intends to exempt a 
particular system of records, it must typically first go through the 
rulemaking process to provide public notice and an opportunity to 
comment on the proposed exemption. This proposed rule explains why an 
exemption is being claimed for this system of records and invites 
public comment, which DoD will consider before the issuance of a final 
rule implementing the exemption.
    The DoD proposes to modify 32 CFR part 310 to add a new Privacy Act 
exemption rule for the DoD 0004 DRCED system of records. The DoD 
proposes an exemption for DoD 0004 DRCED because some of its records 
may contain classified national security information and disclosure of 
those records to an individual may cause damage to national security. 
The Privacy Act, pursuant to 5 U.S.C. 552a(k)(1), authorizes agencies 
to claim an exemption for systems of records that contain information 
properly classified pursuant to executive order. DoD is proposing to 
claim an exemption from the access and amendment requirements of the 
Privacy Act, pursuant to 5 U.S.C. 552a(k)(1), to prevent disclosure of 
any information properly classified pursuant to executive order, as 
implemented by DoD Instruction (DoDI) 5200.01 and DoD Manual (DoDM) 
5200.01, Volumes 1 and 3.
    If implemented, this proposed rule will deny an individual access 
under the Privacy Act to only those portions of records for which the 
claimed exemption applies. In addition, records in the DoD 0004 DRCED 
system of records are only exempt from the Privacy Act to the extent 
the purposes underlying the exemption pertain to the record.
    A notice of a modified system of records for DoD 0004 DRCED is also 
published in this issue of the Federal Register.

Regulatory Analysis

Executive Order 12866, ``Regulatory Planning and Review'' and Executive 
Order 13563, ``Improving Regulation and Regulatory Review''
    Executive Orders 12866 and 13563 direct agencies to assess all 
costs and benefits of available regulatory alternatives and, if 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health and safety effects, distribute impacts, and equity). Executive 
Order 13563 emphasizes the importance of quantifying both costs and 
benefits, of reducing costs, of harmonizing rules, and of promoting 
flexibility. It has been determined that this proposed rule is not a 
significant regulatory action.
Executive Order 13771, ``Reducing Regulation and Controlling Regulatory 
Costs''
    This proposed rule has been deemed not significant under Executive 
Order (E.O.) 12866, ``Regulatory Planning and Review,'' therefore, the 
requirements of E.O. 13771, ``Reducing Regulation and Controlling 
Regulatory Costs'' do not apply.
Congressional Review Act
    This proposed rule is not a ``major rule'' as defined by 5 U.S.C. 
804(2).

[[Page 499]]

Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C Chapter 6)
    It has been certified that this proposed rule does not have a 
significant economic impact on a substantial number of small entities 
because it is concerned only with the administration of Privacy Act 
Systems of Records within the DoD. A Regulatory Flexibility Analysis is 
not required.
Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)
    It has been determined that this proposed rule does not impose 
additional information collection requirements on the public under the 
Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.).
Section 202, Public Law 104-4, ``Unfunded Mandates Reform Act''
    It has been determined that this proposed rule does not involve a 
Federal mandate that may result in the expenditure by State, local and 
tribal governments, in the aggregate, or by the private sector, of $100 
million or more and that it will not significantly or uniquely affect 
small governments.
Executive Order 13132, ``Federalism''
    It has been determined that this proposed rule does not have 
federalism implications. This rule does not have substantial direct 
effects on the States, on the relationship between the National 
Government and the States, or on the distribution of power and 
responsibilities among the various levels of government.

List of Subjects in 32 CFR Part 310

    Privacy.

    Accordingly, 32 CFR part 310 is proposed to be amended as follows:

PART 310--PROTECTION OF PRIVACY AND ACCESS TO AND AMENDMENT OF 
INDIVIDUAL RECORDS UNDER THE PRIVACY ACT OF 1974

0
1. The authority citation for 32 CFR part 310 continues to read as 
follows:

    Authority: 5 U.S.C. 552a.

0
2. Section 310.13 is amended by adding paragraph (e)(3) as follows:


Sec.  310.13  Exemptions for DoD-wide systems.

* * * * *
    (e) * * *
    (3) System identifier and name: DoD 0004, ``Defense Repository for 
Common Enterprise Data (DRCED).''
    (i) Exemptions: This system of records is exempt from subsections 5 
U.S.C. 552a(c)(3), (d)(1), (d)(2), (d)(3), and (d)(4) of the Privacy 
Act.
    (ii) Authority: 5 U.S.C. 552a(k)(1).
    (iii) Exemption from the particular subsections. Exemption from the 
particular subsections is justified for the following reasons:
    (A) Subsection (c)(3) (accounting of disclosures). Because common 
enterprise records may contain information properly classified pursuant 
to Executive Order, the disclosure accountings of such records may also 
contain information properly classified pursuant to executive order, 
the disclosure of which may cause damage to national security.
    (B) Subsections (d)(1), (2), (3), and (4) (record subject's right 
to access and amend records). Access to and amendment of records by the 
record subject could disclose information properly classified pursuant 
to executive order. Disclosure of classified records to an individual 
may cause damage to national security.
    (iv) Exempt records from other systems. In addition, in the course 
of carrying out the overall purpose for this system, exempt records 
from other system of records may in turn become part of the records 
maintained in this system. To the extent that copies of exempt records 
from those other systems of records are maintained in this system, the 
DoD claims the same exemptions for the records from those other systems 
that are entered into this system, as claimed for the prior system(s) 
of which they are a part, provided the reason for the exemption remains 
valid and necessary.

    Dated: December 22, 2020.
Aaron T. Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 2020-28791 Filed 1-5-21; 8:45 am]
BILLING CODE 5001-06-P