Privacy Act of 1974; Implementation, 38624-38627 [2021-14987]
Download as PDF
38624
Federal Register / Vol. 86, No. 138 / Thursday, July 22, 2021 / Proposed Rules
relationship between the national
government and the States, or the
distribution of power and
responsibilities among the various
levels of government.
Executive Order 13175, Consultation
and Coordination With Indian Tribal
Governments
This proposed rule does not have
tribal implications warranting the
application of E.O. 13175. It does not
have substantial direct effects on one or
more Indian tribes, on the relationship
between the Federal government and
Indian tribes, or on the distribution of
power and responsibilities between the
Federal government and Indian tribes.
Paperwork Reduction Act of 1995
This action does not impose a new
collection of information requirement
under the Paperwork Reduction Act of
1995 (44 U.S.C. 3501–3521).
Regulatory Flexibility Act
The Administrator of DEA, in
accordance with the Regulatory
Flexibility Act, 5 U.S.C. 601–612, has
reviewed this proposed rule and, by
approving it, certifies that it will not
have a significant economic impact on
a substantial number of small entities.
DEA proposes placing the substance
amineptine, including its isomers, salts,
and salts of isomers, in schedule I of the
CSA. This action is being taken to
enable the United States to meet its
obligations under the 1971 Convention.
If finalized, this action would impose
the regulatory controls and
administrative, civil, and/or criminal
sanctions applicable to schedule I
controlled substances on persons who
handle (manufacture, distribute, reverse
distribute, import, export, engage in
research, conduct instructional
activities or chemical analysis with, or
possess), or propose to handle,
amineptine.
According to HHS, amineptine has a
high potential for abuse, has no
currently accepted medical use in
treatment in the United States, and lacks
accepted safety for use under medical
supervision. DEA’s research confirms
that there is no commercial market for
amineptine in the United States.
Additionally, queries of DEA’s STRIDE/
STARLiMS and the NFLIS databases on
November 17, 2020, did not generate
any reports of amineptine, suggesting
that it is not trafficked in the United
States. Therefore, DEA estimates that no
United States entity currently handles
amineptine and does not expect any
United States entity to handle
amineptine in the foreseeable future.
DEA concludes that no United States
entity would be affected by this rule, if
finalized. As such, the proposed rule
will not have a significant effect on a
substantial number of small entities.
Unfunded Mandates Reform Act of 1995
On the basis of information contained
in the ‘‘Regulatory Flexibility Act’’
section above, DEA has determined
pursuant to the Unfunded Mandates
Reform Act (UMRA) of 1995 (2 U.S.C.
1501 et seq.) that this action would not
result in any Federal mandate that may
result ‘‘in the expenditure by State,
local, and tribal governments, in the
aggregate, or by the private sector, of
$100,000,000 or more (adjusted
annually for inflation) in any 1 year
* * *.’’ Therefore, neither a Small
Government Agency Plan nor any other
action is required under provisions of
the UMRA of 1995.
List of Subjects in 21 CFR Part 1308
Administrative practice and
procedure, Drug traffic control,
Reporting and recordkeeping
requirements.
For the reasons set out above, 21 CFR
part 1308 is proposed to be amended to
read as follows:
PART 1308—SCHEDULES OF
CONTROLLED SUBSTANCES
1. The authority citation for 21 CFR
part 1308 continues to read as follows:
■
Authority: 21 U.S.C. 811, 812, 871(b),
956(b), unless otherwise noted.
2. Amend § 1308.11 by re-designating
paragraphs (f)(1) through (f)(9) as
paragraphs (f)(2) through (f)(10), and
adding a new paragraph (f)(1) to read as
follows:
■
§ 1308.11
*
Schedule I.
*
*
(f) * * *
*
*
(1) Amineptine (7-[(10,11-dihydro-5H-dibenzo[a,d]cyclohepten-5-yl)amino]heptanoic acid) ......................................................
*
*
*
*
*
Anne Milgram,
Administrator.
[FR Doc. 2021–15331 Filed 7–21–21; 8:45 am]
BILLING CODE 4410–09–P
DEPARTMENT OF JUSTICE
28 CFR Part 16
[CPCLO Order No. 003–2021]
Privacy Act of 1974; Implementation
United States Department of
Justice.
ACTION: Notice of proposed rulemaking.
lotter on DSK11XQN23PROD with PROPOSALS1
AGENCY:
On July 14, 2021 in the
publication of the Federal Register at 86
FR 37188, the Department of Justice
(Department or DOJ), has published a
notice of a modified system of records
that was retitled as, ‘‘Department of
Justice Information Technology,
SUMMARY:
VerDate Sep<11>2014
16:30 Jul 21, 2021
Jkt 253001
Information System, and Network
Activity and Access Records,’’ JUSTICE/
DOJ–002. In this notice of proposed
rulemaking, DOJ proposes to exempt
this system of records from certain
provisions of the Privacy Act in order to
avoid interference with the efforts of
DOJ and others to prevent the
unauthorized access, use, disclosure,
disruption, modification, or destruction
of DOJ information and information
systems, and to protect information on
DOJ classified networks. For the reasons
provided below, the Department
proposes to amend its Privacy Act
regulations by establishing an
exemption for records in this system
from certain provisions of the Privacy
Act. Public comment is invited.
DATES: Comments must be received by
August 23, 2021.
ADDRESSES: You may send comments by
any of the following methods:
• Federal eRulemaking Portal: https://
www.regulations.gov. When submitting
PO 00000
Frm 00035
Fmt 4702
Sfmt 4702
1219
comments electronically, you must
include the CPCLO Order No. in the
subject box. Please note that the
Department is requesting that electronic
comments be submitted before midnight
Eastern Standard Time on the day the
comment period closes because https://
www.regulations.gov terminates the
public’s ability to submit comments at
that time. Commenters in time zones
other than Eastern Standard Time may
want to consider this so that their
electronic comments are received.
• Mail: United States Department of
Justice, Office of Privacy and Civil
Liberties, ATTN: Privacy Analyst, Office
of Privacy and Civil Liberties, 145 N St.
NE, Suite 8W.300, Washington, DC
20530. All comments sent via regular or
express mail will be considered timely
if postmarked on the day the comment
period closes. To ensure proper
handling, please reference the CPCLO
Order No. in your correspondence.
Posting of Public Comments:
Interested persons are invited to
E:\FR\FM\22JYP1.SGM
22JYP1
Federal Register / Vol. 86, No. 138 / Thursday, July 22, 2021 / Proposed Rules
participate in this rulemaking by
submitting written data, views, or
arguments on all aspects of this rule by
one of the methods and by the deadline
stated above. All comments must be
submitted in English, or accompanied
by an English translation. The
Department also invites comments that
relate to the economic, environmental,
or federalism effects that might result
from this rule. Comments that will
provide the most assistance to the
Department in developing these
procedures will reference a specific
portion of the rule, explain the reason
for any recommended change, and
include data, information, or authority
that support such recommended change.
Please note that all comments
received are considered part of the
public record and made available for
public inspection at
www.regulations.gov. Such information
includes personally identifying
information (PII) (such as your name,
address, etc.). Interested persons are not
required to submit their PII in order to
comment on this rule. However, any PII
that is submitted is subject to being
posted to the publicly-accessible
www.regulations.gov site without
redaction.
Confidential business information
clearly identified in the first paragraph
of the comment as such will not be
placed in the public docket file.
The Department may withhold from
public viewing information provided in
comments that they determine may
impact the privacy of an individual or
is offensive. For additional information,
please read the Privacy Act notice that
is available via the link in the footer of
https://www.regulations.gov. To inspect
the agency’s public docket file in
person, you must make an appointment
with the agency. Please see the FOR
lotter on DSK11XQN23PROD with PROPOSALS1
FURTHER INFORMATION CONTACT
paragraph, below, for agency contact
information.
FOR FURTHER INFORMATION CONTACT:
Nickolous Ward, DOJ Chief Information
Security Officer, (202) 514–3101, 145 N
Street NE, Washington, DC 20530.
SUPPLEMENTARY INFORMATION: In
accordance with the Federal
Information Security Modernization Act
of 2014, among other authorities, DOJ is
responsible for complying with
information security policies and
procedures requiring information
security protections commensurate with
the risk and magnitude of harm
resulting from the unauthorized access,
use, disclosure, disruption,
modification, or destruction of DOJ
information and information systems.
See, e.g., 44 U.S.C. 3554 (2018).
VerDate Sep<11>2014
16:30 Jul 21, 2021
Jkt 253001
Consistent with these requirements, DOJ
must ensure that it maintains accurate
audit and activity records of the
observable occurrences on its
information systems and networks (also
referred to as ‘‘events’’) that are
significant and relevant to the security
of DOJ information and information
systems. These audit and activity
records may include, but are not limited
to, information that establishes what
type of event occurred, when the event
occurred, where the event occurred, the
source of the event, the outcome of the
event, and the identity of any
individuals or subjects associated with
the event. Additionally, monitored
events—whether detected utilizing
information systems maintaining audit
and activity records, reported to the
Department by information system
users, or reported to the Department by
the cybersecurity research community
and members of the general public
conducting good faith vulnerability
discovery activities—may constitute
occurrences that (1) actually or
imminently jeopardize, without lawful
authority, the integrity, confidentiality,
or availability of information or an
information system; or (2) constitute a
violation or imminent threat of violation
of law, security policies, security
procedures, or acceptable use policies.
The Department has developed a formal
process to track and document these
reported ‘‘incidents,’’ which may, in
limited circumstances, include records
of individuals reporting, or otherwise
associated with, an actual or suspected
event or incident.
The DOJ notice that published in the
July 14, 2021 issue of the Federal
Register, at 86 FR 37188 has proposed
modifications to a Department-wide
system of records retitled, ‘‘Department
of Justice Information Technology,
Information System, and Network
Activity and Access Records,’’ JUSTICE/
DOJ–002. This system covers the
Department’s tracking of all DOJ
information technology, DOJ
information system, and DOJ network
activity and access by users. These
records assist Department information
security professionals in protecting DOJ
information, ensuring the secure
operation of DOJ information systems,
and tracking and documenting incidents
reported to the agency. The revisions to
this notice reflect changes in
technology, including the increased
ability of the Department to link
individuals to information technology,
information system, or network activity,
and to better describe the Department’s
records linking individuals to reported
cybersecurity incidents or their access
PO 00000
Frm 00036
Fmt 4702
Sfmt 4702
38625
to certain information technologies,
information systems, and networks
through the internet or other authorized
connections.
In this rulemaking, the Department
proposes to exempt JUSTICE/DOJ–002
from certain provisions of the Privacy
Act in order to avoid interference with
the responsibilities of the Department to
prevent the unauthorized access, use,
disclosure, disruption, modification, or
destruction of DOJ information and
information systems. Additionally, the
Department proposes to exempt
JUSTICE/DOJ–002 from certain
provisions of the Privacy Act to protect
activity and audit log records on DOJ
classified networks.
Executive Orders 12866 and 13563—
Regulatory Review
In accordance with 552a(k), this
proposed action is subject to formal
rulemaking procedures by giving
interested persons an opportunity to
participate in the rulemaking process
‘‘through submission of written data,
views, or arguments,’’ pursuant to 5
U.S.C. 553. This proposed rule will
promulgate certain Privacy Act
exemptions for a DOJ system of records
titled, ‘‘Department of Justice
Information Technology, Information
System, and Network Activity and
Access Records,’’ JUSTICE/DOJ–002.
This proposed rule does not raise novel
legal or policy issues, nor does it
adversely affect the economy, the
budgetary impact of entitlements,
grants, user fees, loan programs, or the
rights and obligations of recipients
thereof in a material way. The
Department of Justice has determined
that this rule is not a ‘‘significant
regulatory action’’ under Executive
Order 12866, section 3(f), and
accordingly this rule has not been
reviewed by the Office of Information
and Regulatory Affairs within the Office
of Management and Budget pursuant to
Executive Order 12866.
Regulatory Flexibility Act
This proposed rule will only impact
Privacy Act-protected records, which
are personal and generally do not apply
to an individual’s entrepreneurial
capacity, subject to limited exceptions.
Accordingly, the Chief Privacy and Civil
Liberties Officer, in accordance with the
Regulatory Flexibility Act (5 U.S.C.
605(b)), has reviewed this regulation
and by approving it certifies that this
regulation will not have a significant
economic impact on a substantial
number of small entities.
E:\FR\FM\22JYP1.SGM
22JYP1
38626
Federal Register / Vol. 86, No. 138 / Thursday, July 22, 2021 / Proposed Rules
Small Business Regulatory Enforcement
Fairness Act of 1996 (Subtitle E—
Congressional Review Act)
The Small Business Regulatory
Enforcement Fairness Act (SBREFA) of
1996, 5 U.S.C. 801 et seq., requires the
Department to comply with small entity
requests for information and advice
about compliance with statutes and
regulations within the Department’s
jurisdiction. Any small entity that has a
question regarding this document may
contact the person listed in FOR FURTHER
INFORMATION CONTACT paragraph, above.
Persons can obtain further information
regarding SBREFA on the Small
Business Administration’s web page at
https://www.sba.gov/advocacy. This
proposed rule is not a major rule as
defined by 5 U.S.C. 804 of the
Congressional Review Act.
lotter on DSK11XQN23PROD with PROPOSALS1
Executive Order 13132—Federalism
This proposed rule will not have
substantial direct effects on the States,
on the relationship between the national
government and the States, or on
distribution of power and
responsibilities among the various
levels of government. Therefore, in
accordance with Executive Order 13132,
it is determined that this rule does not
have sufficient federalism implications
to warrant the preparation of a
Federalism Assessment.
by the private sector, of $100,000,000, as
adjusted for inflation, or more in any
one year, and it will not significantly or
uniquely affect small governments.
Therefore, no actions were deemed
necessary under the provisions of the
Unfunded Mandates Reform Act of
1995.
Paperwork Reduction Act
The Paperwork Reduction Act of
1995, 44 U.S.C. 3507(d), requires the
Department to consider the impact of
paperwork and other information
collection burdens imposed on the
public. There are no current or new
information collection requirements
associated with this proposed rule.
List of Subjects in 28 CFR Part 16
Administrative Practices and
Procedures, Courts, Freedom of
Information, and the Privacy Act.
Pursuant to the authority vested in the
Attorney General by 5 U.S.C. 552a and
delegated to me by Attorney General
Order 2940–2008, the Department of
Justice proposes to amend 28 CFR part
16 as follows:
PART 16—PRODUCTION OR
DISCLOSURE OF MATERIAL OR
INFORMATION
1. The authority citation for part 16
continues to read as follows:
■
Executive Order 12988—Civil Justice
Reform
This proposed regulation meets the
applicable standards set forth in
sections 3(a) and 3(b)(2) of Executive
Order 12988 to eliminate drafting errors
and ambiguity, minimize litigation,
provide a clear legal standard for
affected conduct, and promote
simplification and burden reduction.
Authority: 5 U.S.C. 301, 552, 552a, 553; 28
U.S.C. 509, 510, 534; 31 U.S.C. 3717.
Executive Order 13175—Consultation
and Coordination With Indian Tribal
Governments
This proposed rule will have no
implications for Indian Tribal
governments. More specifically, it does
not have substantial direct effects on
one or more Indian tribes, on the
relationship between the Federal
government and Indian tribes, or on the
distribution of power and
responsibilities between the Federal
government and Indian tribes.
Therefore, the consultation
requirements of Executive Order 13175
do not apply.
(a) The Department of Justice
Information Technology, Information
System, and Network Activity and
Access Records (JUSTICE/DOJ–002)
system of records is exempted from
subsections (c)(3); (d); (e)(1), (e)(4)(G),
(H), and (I); and (f) of the Privacy Act
of 1974, as amended. These exemptions
apply only to the extent that
information in this system is subject to
exemption pursuant to 5 U.S.C.
552a(k)(1) or (k)(2). The applicable
exemption may be waived by the DOJ in
its sole discretion where DOJ
determines compliance with the
exempted provisions of the Act would
not interfere with or adversely affect the
purpose of this system to ensure that the
Department can track information
system access and implement
information security protections
commensurate with the risk and
Unfunded Mandates Reform Act of
1995
This proposed rule will not result in
the expenditure by State, local and
tribal governments, in the aggregate, or
VerDate Sep<11>2014
16:30 Jul 21, 2021
Jkt 253001
Subpart E—Exemption of Records
Systems Under the Privacy Act
2. Add § 16.138 to subpart E to read
as follows:
■
§ 16.138 Exemption of the Department of
Justice, Computer Systems Activity and
Access Records, JUSTICE/DOJ–002.
PO 00000
Frm 00037
Fmt 4702
Sfmt 4702
magnitude of harm that could result
from the unauthorized access, use,
disclosure, disruption, modification, or
destruction of DOJ information and DOJ
information systems.
(b) Exemptions from the particular
subsections are justified for the
following reasons:
(1) From subsection (c)(3), the
requirement that an accounting be made
available to the named subject of a
record, because this system is exempt
from the access provisions of subsection
(d). Also, because making available to a
record subject the accounting of
disclosures of records concerning the
subject would specifically reveal
investigative interests in the records by
the DOJ or other entities that are
recipients of the disclosures. Revealing
this information could compromise
sensitive information classified in the
interest of national security, or interfere
with the overall law enforcement
process by revealing a pending sensitive
cybersecurity investigation. Revealing
this information could also permit the
record subject to obtain valuable insight
concerning the information obtained
during any investigation and to take
measures to impede the investigation,
e.g., destroy evidence or alter
techniques to evade discovery.
(2) From subsection (d)(1), (2), (3) and
(4), (e)(4)(G) and (H), and (f) because
these provisions concern individual
access to and amendment of certain law
enforcement and classified records,
compliance of which could alert the
subject of an authorized law
enforcement activity about that
particular activity and the interest of the
DOJ and/or other law enforcement or
intelligence agencies. Providing access
could compromise information
classified to protect national security, or
reveal sensitive cybersecurity
investigative techniques; provide
information that would allow a subject
to avoid detection; or constitute a
potential danger to the health or safety
of law enforcement personnel or
confidential sources.
(3) From subsection (e)(1) because it
is not always possible to know in
advance what information is relevant
and necessary for law enforcement and
intelligence purposes. The relevance
and utility of certain information that
may have a nexus to cybersecurity
threats may not always be fully evident
until and unless it is vetted and
matched with other information
necessarily and lawfully maintained by
the DOJ or other entities.
(4) From subsection (e)(4)(I), to the
extent that this subsection is interpreted
to require more detail regarding the
record sources in this system than has
E:\FR\FM\22JYP1.SGM
22JYP1
Federal Register / Vol. 86, No. 138 / Thursday, July 22, 2021 / Proposed Rules
been published in the Federal Register.
Should the subsection be so interpreted,
exemption from this provision is
necessary to protect the sources of law
enforcement and intelligence
information. Further, greater specificity
of sources of properly classified records
could compromise national security.
Dated: July 1, 2021.
Peter A. Winn,
Acting Chief Privacy and Civil Liberties
Officer, United States Department of Justice.
[FR Doc. 2021–14987 Filed 7–21–21; 8:45 am]
II. Authority for This Rulemaking
FMCS’ authority to issue rules is
found in 29 U.S.C. 172 of Taft Harley
Act of 1947. This regulation is within
the scope of that authority.
BILLING CODE 4410–NW–P
FEDERAL MEDIATION AND
CONCILIATION SERVICE
29 CFR 1402
RIN 3076–AA16
Notice to Mediation Agency
Federal Mediation and
Conciliation Service (FMCS).
ACTION: Notice of Proposed Rulemaking
(NPRM).
AGENCY:
The Federal Mediation and
Conciliation Service (FMCS), hereby
publishes notice of proposed
rulemaking to solicit comments on the
following modification to the
submission method of information
collection request, Notice to Mediation
Agency, (Agency Form F–7). FMCS
proposes to change its method of
submission from mail-in to electronic
submission. In addition, FMCS proposes
to remove the language from the Form
F–7.
DATES: Comments must be submitted on
or before August 23, 2021.
ADDRESSES: You may submit comments
through one of the following methods:
• Email: Arthur Pearlstein,
apearlstein@fmcs.gov.
• Mail: Arthur Pearlstein, HQ Office
of Arbitration, One Independence
Square, 250 E St. SW, Washington, DC
20427. Please note that as of September
11, 2020, the FMCS office is not open
for visitors and mail is not checked
daily. Therefore, we encourage emailed
inquiries.
FOR FURTHER INFORMATION CONTACT:
Arthur Pearlstein, Director, Arbitration,
Notice Processing, Shared Neutrals,
apearlstein@fmcs.gov, 202–606–8103.
SUPPLEMENTARY INFORMATION:
lotter on DSK11XQN23PROD with PROPOSALS1
SUMMARY:
I. Background
This modification will change the
submission process of information
collection request, Notice to Mediation
Agency, (Agency Form F–7) from mail-
VerDate Sep<11>2014
16:30 Jul 21, 2021
Jkt 253001
in to electronic submission. This
revision is necessary to increase
efficiency of FMCS both by allowing
FMCS to receive Agency Form F–7’s
more quickly, but also to reduce
processing time. This will allow the
Service to provide its services to the
parties more quickly. This revision will
also remove the language which
includes the verbiage of the Form-F7, to
allow for FMCS to modify the form, if
necessary, without necessitating
additional rule change.
III. Comments Invited
FMCS solicits comments to
(i) Evaluate whether the proposed
change of submission from mail-in to
electronic is necessary, including
whether the change will have practical
utility.
(ii) Enhance the quality, utility, and
clarity of the information collection
submission process.
(iii) Minimize the burden of the
collections of information on those who
are to respond, including the use of
appropriate automated, electronic
collection technologies or other forms of
information technology.
IV. Discussion of Proposed
Amendments Section by Section
The following describes the specific
changes proposed by this rulemaking:
• FMCS revises the language ‘‘shall
be in writing.’’ to ‘‘electronically via a
platform provided by FMCS. If
electronic submission creates an undue
hardship, the filer may contact the
FMCS Notice Processing office to
explain the circumstances and receive
assistance.’’
• FMCS revises the language ‘‘The
following Form F–7, for use by the
parties in filing a notice of dispute, has
been prepared by the Service:’’ to ‘‘The
Form F–7, for use by the parties in filing
a notice of dispute, has been prepared
by the Service.’’
• FMCS removes the form titled
‘‘Notice to Mediation Agencies’’.
List of Subjects in 29 CFR Part 1402
Information Collection Requests.
In consideration of the foregoing,
FMCS proposed to amend 29 CFR
1402.1 as follows:
■ 1. The authority citation for part 1402
continues to read as follows:
Authority: Sec. 202, 61 Stat. 153, sec. 3, 80
Stat. 250, sec. 203, 61 Stat. 153; 5 U.S.C. 552,
29 U.S.C. 172, 173.
PO 00000
Frm 00038
Fmt 4702
Sfmt 4702
■
38627
2. Revise § 1402.1 to read as follows:
§ 1402.1
Notice of Dispute.
The notice of dispute filed with the
Federal Mediation and Conciliation
Service pursuant to the provisions of
section 8(d)(3), of the LaborManagement Relations Act, 1947, as
amended, shall be submitted
electronically via a platform provided
by FMCS. If electronic submission
creates an undue hardship, the filer may
contact the FMCS Notice Processing
office to explain the circumstances and
receive assistance. The Form F–7, for
use by the parties in filing a notice of
dispute, has been prepared by the
Service.
Sarah Cudahy,
General Counsel.
[FR Doc. 2021–14929 Filed 7–21–21; 8:45 am]
BILLING CODE P
ENVIRONMENTAL PROTECTION
AGENCY
40 CFR Part 52
[EPA–R06–OAR–2020–0437; FRL–8698–01–
R6]
Air Plan Approval; Oklahoma; Volatile
Organic Compound Emissions in
Nonattainment Areas and Former
Nonattainment Areas
Environmental Protection
Agency (EPA).
ACTION: Proposed rule.
AGENCY:
Pursuant to the Federal Clean
Air Act (CAA or the Act), the
Environmental Protection Agency (EPA)
is proposing to approve revisions to the
State Implementation Plan (SIP) for
Oklahoma submitted by the State of
Oklahoma designee with a letter dated
May 7, 2020. The submittal covers
updates to the Oklahoma SIP, as
contained in the state’s 2019 annual SIP
update. Specifically, this action
addresses revisions to Oklahoma
Administrative Code (OAC), Emission of
Volatile Organic Compounds (VOCs) in
Nonattainment Areas and Former
Nonattainment Areas. There are two
Oklahoma counties affected by this
action: Tulsa County and Oklahoma
County.
DATES: Written comments must be
received on or before August 23, 2021.
ADDRESSES: Submit your comments,
identified by Docket No. EPA–R6–OAR–
2020–0437, at https://
www.regulations.gov or via email to
fuerst.sherry@epa.gov. Follow the
online instructions for submitting
comments. Once submitted, comments
SUMMARY:
E:\FR\FM\22JYP1.SGM
22JYP1
Agencies
[Federal Register Volume 86, Number 138 (Thursday, July 22, 2021)]
[Proposed Rules]
[Pages 38624-38627]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-14987]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF JUSTICE
28 CFR Part 16
[CPCLO Order No. 003-2021]
Privacy Act of 1974; Implementation
AGENCY: United States Department of Justice.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: On July 14, 2021 in the publication of the Federal Register at
86 FR 37188, the Department of Justice (Department or DOJ), has
published a notice of a modified system of records that was retitled
as, ``Department of Justice Information Technology, Information System,
and Network Activity and Access Records,'' JUSTICE/DOJ-002. In this
notice of proposed rulemaking, DOJ proposes to exempt this system of
records from certain provisions of the Privacy Act in order to avoid
interference with the efforts of DOJ and others to prevent the
unauthorized access, use, disclosure, disruption, modification, or
destruction of DOJ information and information systems, and to protect
information on DOJ classified networks. For the reasons provided below,
the Department proposes to amend its Privacy Act regulations by
establishing an exemption for records in this system from certain
provisions of the Privacy Act. Public comment is invited.
DATES: Comments must be received by August 23, 2021.
ADDRESSES: You may send comments by any of the following methods:
Federal eRulemaking Portal: https://www.regulations.gov.
When submitting comments electronically, you must include the CPCLO
Order No. in the subject box. Please note that the Department is
requesting that electronic comments be submitted before midnight
Eastern Standard Time on the day the comment period closes because
https://www.regulations.gov terminates the public's ability to submit
comments at that time. Commenters in time zones other than Eastern
Standard Time may want to consider this so that their electronic
comments are received.
Mail: United States Department of Justice, Office of
Privacy and Civil Liberties, ATTN: Privacy Analyst, Office of Privacy
and Civil Liberties, 145 N St. NE, Suite 8W.300, Washington, DC 20530.
All comments sent via regular or express mail will be considered timely
if postmarked on the day the comment period closes. To ensure proper
handling, please reference the CPCLO Order No. in your correspondence.
Posting of Public Comments: Interested persons are invited to
[[Page 38625]]
participate in this rulemaking by submitting written data, views, or
arguments on all aspects of this rule by one of the methods and by the
deadline stated above. All comments must be submitted in English, or
accompanied by an English translation. The Department also invites
comments that relate to the economic, environmental, or federalism
effects that might result from this rule. Comments that will provide
the most assistance to the Department in developing these procedures
will reference a specific portion of the rule, explain the reason for
any recommended change, and include data, information, or authority
that support such recommended change.
Please note that all comments received are considered part of the
public record and made available for public inspection at
www.regulations.gov. Such information includes personally identifying
information (PII) (such as your name, address, etc.). Interested
persons are not required to submit their PII in order to comment on
this rule. However, any PII that is submitted is subject to being
posted to the publicly-accessible www.regulations.gov site without
redaction.
Confidential business information clearly identified in the first
paragraph of the comment as such will not be placed in the public
docket file.
The Department may withhold from public viewing information
provided in comments that they determine may impact the privacy of an
individual or is offensive. For additional information, please read the
Privacy Act notice that is available via the link in the footer of
https://www.regulations.gov. To inspect the agency's public docket file
in person, you must make an appointment with the agency. Please see the
FOR FURTHER INFORMATION CONTACT paragraph, below, for agency contact
information.
FOR FURTHER INFORMATION CONTACT: Nickolous Ward, DOJ Chief Information
Security Officer, (202) 514-3101, 145 N Street NE, Washington, DC
20530.
SUPPLEMENTARY INFORMATION: In accordance with the Federal Information
Security Modernization Act of 2014, among other authorities, DOJ is
responsible for complying with information security policies and
procedures requiring information security protections commensurate with
the risk and magnitude of harm resulting from the unauthorized access,
use, disclosure, disruption, modification, or destruction of DOJ
information and information systems. See, e.g., 44 U.S.C. 3554 (2018).
Consistent with these requirements, DOJ must ensure that it maintains
accurate audit and activity records of the observable occurrences on
its information systems and networks (also referred to as ``events'')
that are significant and relevant to the security of DOJ information
and information systems. These audit and activity records may include,
but are not limited to, information that establishes what type of event
occurred, when the event occurred, where the event occurred, the source
of the event, the outcome of the event, and the identity of any
individuals or subjects associated with the event. Additionally,
monitored events--whether detected utilizing information systems
maintaining audit and activity records, reported to the Department by
information system users, or reported to the Department by the
cybersecurity research community and members of the general public
conducting good faith vulnerability discovery activities--may
constitute occurrences that (1) actually or imminently jeopardize,
without lawful authority, the integrity, confidentiality, or
availability of information or an information system; or (2) constitute
a violation or imminent threat of violation of law, security policies,
security procedures, or acceptable use policies. The Department has
developed a formal process to track and document these reported
``incidents,'' which may, in limited circumstances, include records of
individuals reporting, or otherwise associated with, an actual or
suspected event or incident.
The DOJ notice that published in the July 14, 2021 issue of the
Federal Register, at 86 FR 37188 has proposed modifications to a
Department-wide system of records retitled, ``Department of Justice
Information Technology, Information System, and Network Activity and
Access Records,'' JUSTICE/DOJ-002. This system covers the Department's
tracking of all DOJ information technology, DOJ information system, and
DOJ network activity and access by users. These records assist
Department information security professionals in protecting DOJ
information, ensuring the secure operation of DOJ information systems,
and tracking and documenting incidents reported to the agency. The
revisions to this notice reflect changes in technology, including the
increased ability of the Department to link individuals to information
technology, information system, or network activity, and to better
describe the Department's records linking individuals to reported
cybersecurity incidents or their access to certain information
technologies, information systems, and networks through the internet or
other authorized connections.
In this rulemaking, the Department proposes to exempt JUSTICE/DOJ-
002 from certain provisions of the Privacy Act in order to avoid
interference with the responsibilities of the Department to prevent the
unauthorized access, use, disclosure, disruption, modification, or
destruction of DOJ information and information systems. Additionally,
the Department proposes to exempt JUSTICE/DOJ-002 from certain
provisions of the Privacy Act to protect activity and audit log records
on DOJ classified networks.
Executive Orders 12866 and 13563--Regulatory Review
In accordance with 552a(k), this proposed action is subject to
formal rulemaking procedures by giving interested persons an
opportunity to participate in the rulemaking process ``through
submission of written data, views, or arguments,'' pursuant to 5 U.S.C.
553. This proposed rule will promulgate certain Privacy Act exemptions
for a DOJ system of records titled, ``Department of Justice Information
Technology, Information System, and Network Activity and Access
Records,'' JUSTICE/DOJ-002. This proposed rule does not raise novel
legal or policy issues, nor does it adversely affect the economy, the
budgetary impact of entitlements, grants, user fees, loan programs, or
the rights and obligations of recipients thereof in a material way. The
Department of Justice has determined that this rule is not a
``significant regulatory action'' under Executive Order 12866, section
3(f), and accordingly this rule has not been reviewed by the Office of
Information and Regulatory Affairs within the Office of Management and
Budget pursuant to Executive Order 12866.
Regulatory Flexibility Act
This proposed rule will only impact Privacy Act-protected records,
which are personal and generally do not apply to an individual's
entrepreneurial capacity, subject to limited exceptions. Accordingly,
the Chief Privacy and Civil Liberties Officer, in accordance with the
Regulatory Flexibility Act (5 U.S.C. 605(b)), has reviewed this
regulation and by approving it certifies that this regulation will not
have a significant economic impact on a substantial number of small
entities.
[[Page 38626]]
Small Business Regulatory Enforcement Fairness Act of 1996 (Subtitle
E--Congressional Review Act)
The Small Business Regulatory Enforcement Fairness Act (SBREFA) of
1996, 5 U.S.C. 801 et seq., requires the Department to comply with
small entity requests for information and advice about compliance with
statutes and regulations within the Department's jurisdiction. Any
small entity that has a question regarding this document may contact
the person listed in FOR FURTHER INFORMATION CONTACT paragraph, above.
Persons can obtain further information regarding SBREFA on the Small
Business Administration's web page at https://www.sba.gov/advocacy.
This proposed rule is not a major rule as defined by 5 U.S.C. 804 of
the Congressional Review Act.
Executive Order 13132--Federalism
This proposed rule will not have substantial direct effects on the
States, on the relationship between the national government and the
States, or on distribution of power and responsibilities among the
various levels of government. Therefore, in accordance with Executive
Order 13132, it is determined that this rule does not have sufficient
federalism implications to warrant the preparation of a Federalism
Assessment.
Executive Order 12988--Civil Justice Reform
This proposed regulation meets the applicable standards set forth
in sections 3(a) and 3(b)(2) of Executive Order 12988 to eliminate
drafting errors and ambiguity, minimize litigation, provide a clear
legal standard for affected conduct, and promote simplification and
burden reduction.
Executive Order 13175--Consultation and Coordination With Indian Tribal
Governments
This proposed rule will have no implications for Indian Tribal
governments. More specifically, it does not have substantial direct
effects on one or more Indian tribes, on the relationship between the
Federal government and Indian tribes, or on the distribution of power
and responsibilities between the Federal government and Indian tribes.
Therefore, the consultation requirements of Executive Order 13175 do
not apply.
Unfunded Mandates Reform Act of 1995
This proposed rule will not result in the expenditure by State,
local and tribal governments, in the aggregate, or by the private
sector, of $100,000,000, as adjusted for inflation, or more in any one
year, and it will not significantly or uniquely affect small
governments. Therefore, no actions were deemed necessary under the
provisions of the Unfunded Mandates Reform Act of 1995.
Paperwork Reduction Act
The Paperwork Reduction Act of 1995, 44 U.S.C. 3507(d), requires
the Department to consider the impact of paperwork and other
information collection burdens imposed on the public. There are no
current or new information collection requirements associated with this
proposed rule.
List of Subjects in 28 CFR Part 16
Administrative Practices and Procedures, Courts, Freedom of
Information, and the Privacy Act.
Pursuant to the authority vested in the Attorney General by 5
U.S.C. 552a and delegated to me by Attorney General Order 2940-2008,
the Department of Justice proposes to amend 28 CFR part 16 as follows:
PART 16--PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION
0
1. The authority citation for part 16 continues to read as follows:
Authority: 5 U.S.C. 301, 552, 552a, 553; 28 U.S.C. 509, 510,
534; 31 U.S.C. 3717.
Subpart E--Exemption of Records Systems Under the Privacy Act
0
2. Add Sec. 16.138 to subpart E to read as follows:
Sec. 16.138 Exemption of the Department of Justice, Computer Systems
Activity and Access Records, JUSTICE/DOJ-002.
(a) The Department of Justice Information Technology, Information
System, and Network Activity and Access Records (JUSTICE/DOJ-002)
system of records is exempted from subsections (c)(3); (d); (e)(1),
(e)(4)(G), (H), and (I); and (f) of the Privacy Act of 1974, as
amended. These exemptions apply only to the extent that information in
this system is subject to exemption pursuant to 5 U.S.C. 552a(k)(1) or
(k)(2). The applicable exemption may be waived by the DOJ in its sole
discretion where DOJ determines compliance with the exempted provisions
of the Act would not interfere with or adversely affect the purpose of
this system to ensure that the Department can track information system
access and implement information security protections commensurate with
the risk and magnitude of harm that could result from the unauthorized
access, use, disclosure, disruption, modification, or destruction of
DOJ information and DOJ information systems.
(b) Exemptions from the particular subsections are justified for
the following reasons:
(1) From subsection (c)(3), the requirement that an accounting be
made available to the named subject of a record, because this system is
exempt from the access provisions of subsection (d). Also, because
making available to a record subject the accounting of disclosures of
records concerning the subject would specifically reveal investigative
interests in the records by the DOJ or other entities that are
recipients of the disclosures. Revealing this information could
compromise sensitive information classified in the interest of national
security, or interfere with the overall law enforcement process by
revealing a pending sensitive cybersecurity investigation. Revealing
this information could also permit the record subject to obtain
valuable insight concerning the information obtained during any
investigation and to take measures to impede the investigation, e.g.,
destroy evidence or alter techniques to evade discovery.
(2) From subsection (d)(1), (2), (3) and (4), (e)(4)(G) and (H),
and (f) because these provisions concern individual access to and
amendment of certain law enforcement and classified records, compliance
of which could alert the subject of an authorized law enforcement
activity about that particular activity and the interest of the DOJ
and/or other law enforcement or intelligence agencies. Providing access
could compromise information classified to protect national security,
or reveal sensitive cybersecurity investigative techniques; provide
information that would allow a subject to avoid detection; or
constitute a potential danger to the health or safety of law
enforcement personnel or confidential sources.
(3) From subsection (e)(1) because it is not always possible to
know in advance what information is relevant and necessary for law
enforcement and intelligence purposes. The relevance and utility of
certain information that may have a nexus to cybersecurity threats may
not always be fully evident until and unless it is vetted and matched
with other information necessarily and lawfully maintained by the DOJ
or other entities.
(4) From subsection (e)(4)(I), to the extent that this subsection
is interpreted to require more detail regarding the record sources in
this system than has
[[Page 38627]]
been published in the Federal Register. Should the subsection be so
interpreted, exemption from this provision is necessary to protect the
sources of law enforcement and intelligence information. Further,
greater specificity of sources of properly classified records could
compromise national security.
Dated: July 1, 2021.
Peter A. Winn,
Acting Chief Privacy and Civil Liberties Officer, United States
Department of Justice.
[FR Doc. 2021-14987 Filed 7-21-21; 8:45 am]
BILLING CODE 4410-NW-P