Privacy Act of 1974; Implementation, 61687-61689 [2021-24315]
Download as PDF
61687
Federal Register / Vol. 86, No. 213 / Monday, November 8, 2021 / Rules and Regulations
Ingredient 1
Percent
Salt (sodium chloride) .......................................................................................................................................
Monosodium phosphate ...................................................................................................................................
Dried cane molasses ........................................................................................................................................
Zinc sulfate .......................................................................................................................................................
Copper sulfate ..................................................................................................................................................
Fenbendazole 20% Type A article ...................................................................................................................
(ii) Free-choice, dry Type C feed:
Salt (sodium chloride) .......................................................................................................................................
Dicalcium phosphate (18.5% P) .......................................................................................................................
Calcium carbonate (38% Ca) ...........................................................................................................................
Magnesium oxide (56% Mg) ............................................................................................................................
Zinc sulfate .......................................................................................................................................................
Mineral oil .........................................................................................................................................................
Dried cane molasses (46% sugars) .................................................................................................................
Potassium iodide ..............................................................................................................................................
Fenbendazole 20% Type A article ...................................................................................................................
(iii) Free-choice, liquid Type C feed:
Cane molasses 2 ...............................................................................................................................................
Water ................................................................................................................................................................
Urea solution, 55% ...........................................................................................................................................
Phosphoric acid 75% (feed grade) ...................................................................................................................
Xantham gum ...................................................................................................................................................
Trace minerals ..................................................................................................................................................
Vitamin premix ..................................................................................................................................................
Fenbendazole 20% Type A article ...................................................................................................................
International
feed No.
59.00
31.16
3.12
0.76
0.45
5.51
6–04–152
6–04–288
4–04–695
6–05–556
6–01–720
n/a
35.93
32.44
15.93
10.14
1.47
1.00
0.98
0.01
2.10
6–04–152
6–00–080
6–01–069
6–02–756
6–05–556
8–03–123
4–04–695
6–03–759
n/a
80.902
9.36
7.05
2.00
0.20
0.20
0.01
0.278
4–13–251
n/a
5–05–707
6–03–707
8–15–818
n/a
n/a
n/a
1 The content of any added vitamin and trace mineral may be varied; however, they should be comparable to those used by the manufacturer
for other free-choice cattle feeds. Formulation modifications require FDA approval prior to marketing. Selenium is not approved for the freechoice formulations described in paragraph (e)(3)(iii) of this section. Free-choice cattle feeds containing selenium must comply with published
regulations (see 21 CFR 573.920).
2 The percentage of cane molasses and water in the formulation may be adjusted as needed in order to bring the brix value of the molasses to
the industry standard of 79.5 brix.
(2) Indications for use. As in
paragraph (e)(3)(i) of this section.
(3) Limitations. Feed a total of 5 mg
of fenbendazole per kg (2.27 mg/lb) of
body weight to cattle over a 3- to 6-day
period. Retreatment may be needed after
4 to 6 weeks. Cattle must not be
slaughtered within 13 days following
last treatment. For dairy cattle the milk
discard time is zero hours. A
withdrawal period has not been
established for this product in preruminating calves. Do not use in calves
to be processed for veal.
*
*
*
*
*
25. In § 558.355, add a heading to
paragraph (f)(3) to read as follows:
■
§ 558.355
Monensin.
*
*
(f) * * *
(3) Cattle—
*
*
*
lotter on DSK11XQN23PROD with RULES1
*
*
*
*
*
Dated: October 28, 2021.
Lauren K. Roth,
Associate Commissioner for Policy.
[FR Doc. 2021–24075 Filed 11–5–21; 8:45 am]
BILLING CODE 4164–01–P
VerDate Sep<11>2014
16:24 Nov 05, 2021
Jkt 256001
and is finalizing the rule without
change.
DEPARTMENT OF JUSTICE
28 CFR Part 16
This final rule is effective
December 8, 2021.
DATES:
[CPCLO Order No. 010–2021]
FOR FURTHER INFORMATION CONTACT:
Privacy Act of 1974; Implementation
United States Department of
Justice.
ACTION: Final rule.
AGENCY:
The United States Department
of Justice (DOJ or Department) is
finalizing without changes its Privacy
Act exemption regulations for the
system of records titled, Department of
Justice Information Technology,
Information System, and Network
Activity and Access Records, JUSTICE/
DOJ–002, which were published as a
notice of proposed rulemaking (NPRM)
(July 22, 2021). Specifically, the
Department’s regulations will exempt
the records maintained in JUSTICE/
DOJ–002 from one or more provisions of
the Privacy Act. The exemptions are
necessary to avoid interference with the
efforts of DOJ and others to prevent the
unauthorized access, use, disclosure,
disruption, modification, or destruction
of DOJ information and information
systems, and to protect information on
DOJ classified networks. The
Department received no comments
during the notice-and-comment period
SUMMARY:
PO 00000
Frm 00023
Fmt 4700
Sfmt 4700
Nickolous Ward, DOJ Chief Information
Security Officer, (202) 514–3101, 145 N
Street NE, Washington, DC 20530.
SUPPLEMENTARY INFORMATION: In
accordance with the Federal
Information Security Modernization Act
of 2014, among other authorities, DOJ is
responsible for complying with
information security policies and
procedures requiring information
security protections commensurate with
the risk and magnitude of harm
resulting from the unauthorized access,
use, disclosure, disruption,
modification, or destruction of DOJ
information and information systems.
See, e.g., 44 U.S.C. 3554 (2018).
Consistent with these requirements, DOJ
must ensure that it maintains accurate
audit and activity records of the
observable occurrences on its
information systems and networks (also
referred to as ‘‘events’’) that are
significant and relevant to the security
of DOJ information and information
systems. These audit and activity
records may include, but are not limited
to, information that establishes what
type of event occurred, when the event
occurred, where the event occurred, the
E:\FR\FM\08NOR1.SGM
08NOR1
lotter on DSK11XQN23PROD with RULES1
61688
Federal Register / Vol. 86, No. 213 / Monday, November 8, 2021 / Rules and Regulations
source of the event, the outcome of the
event, and the identity of any
individuals or subjects associated with
the event. Additionally, monitored
events—whether detected utilizing
information systems maintaining audit
and activity records, reported to the
Department by information system
users, or reported to the Department by
the cybersecurity research community
and members of the general public
conducting good faith vulnerability
discovery activities—may constitute
occurrences that (1) actually or
imminently jeopardize, without lawful
authority, the integrity, confidentiality,
or availability of information or an
information system; or (2) constitute a
violation or imminent threat of violation
of law, security policies, security
procedures, or acceptable use policies.
The Department has developed a formal
process to track and document these
reported ‘‘incidents,’’ which may, in
limited circumstances, include records
of individuals reporting, or otherwise
associated with, an actual or suspected
event or incident.
In the Federal Register of July 14,
2021 (86 FR 37188), the Department
modified a Department-wide system of
records retitled, ‘‘Department of Justice
Information Technology, Information
System, and Network Activity and
Access Records,’’ JUSTICE/DOJ–002.
This system of records covers the
Department’s tracking of all DOJ
information technology, DOJ
information system, and DOJ network
activity and access by users. These
records assist Department information
security professionals in protecting DOJ
information, ensuring the secure
operation of DOJ information systems,
and tracking and documenting incidents
reported to the agency. The revisions to
this notice reflect changes in
technology, including the increased
ability of the Department to link
individuals to information technology,
information system, or network activity,
and to better describe the Department’s
records linking individuals to reported
cybersecurity incidents or their access
to certain information technologies,
information systems, and networks
through the internet or other authorized
connections.
The Department received no
comments in response to the NPRM for
JUSTICE/DOJ–002 (86 FR 38624 (July
22, 2021)), and now finalizes this rule
without changes. In this rulemaking, the
Department exempts JUSTICE/DOJ–002
from certain provisions of the Privacy
Act in order to avoid interference with
the responsibilities of the Department to
prevent the unauthorized access, use,
disclosure, disruption, modification, or
VerDate Sep<11>2014
16:24 Nov 05, 2021
Jkt 256001
destruction of DOJ information and
information systems. Additionally, the
Department exempts JUSTICE/DOJ–002
from certain provisions of the Privacy
Act to protect activity and audit log
records on DOJ classified networks.
The Department notes that the name
of the system of records which is the
subject of this rule was changed from
‘‘Department of Justice Computer
Systems Activity and Access Records’’
to ‘‘Department of Justice Information
Technology, Information System, and
Network Activity and Access Records’’
in the notice that was published on July
14, 2021. The NPRM, which was
published on July 21, 2021,
inadvertently referred to the system of
records by the previous name.
Additionally, the NPRM indicated in
one place an exemption from subsection
(d), and in another place an exemption
from subsections (d)(1)–(4). In an effort
to reduce potential confusion, the
language in the final rule has been
modified to consistently identify the
system of records as being exempted
from subsections (d)(1)–(4). Further,
corrections have been inserted in the
final rule in multiple places where the
NPRM had used the term ‘‘system,’’
although ‘‘system of records’’ was
clearly intended. Finally, the proposed
rule stated that, in determining the
relevance and utility of certain
exempted information, it would be
vetted and matched with other
information necessarily and lawfully
maintained by the DOJ, external federal
agency subscribers, or other entities.
Such information need only be
maintained lawfully by the DOJ,
external federal agency subscribers, or
other entities for use in the vetting and
matching described. The Department
has determined that these changes do
not significantly alter the efficacy of the
notice that was provided to the public.
The Department has made the
adjustments in the final rule, which is
published herein.
Executive Orders 12866 and 13563—
Regulatory Review
This regulation has been drafted and
reviewed in accordance with Executive
Order 12866, ‘‘Regulatory Planning and
Review’’ section 1(b), Principles of
Regulation, and Executive Order 13563
‘‘Improving Regulation and Regulatory
Review’’ section 1(b), General Principles
of Regulation.
The Department of Justice has
determined that this rule is not a
‘‘significant regulatory action’’ under
Executive Order 12866, section 3(f), and
accordingly this rule has not been
reviewed by the Office of Information
and Regulatory Affairs within the Office
PO 00000
Frm 00024
Fmt 4700
Sfmt 4700
of Management and Budget pursuant to
Executive Order 12866.
Regulatory Flexibility Act
This regulation will only impact
Privacy Act-protected records, which
are personal and generally do not apply
to an individual’s entrepreneurial
capacity, subject to limited exceptions.
Accordingly, the Chief Privacy and Civil
Liberties Officer, in accordance with the
Regulatory Flexibility Act (5 U.S.C.
605(b)), has reviewed this regulation
and by approving it certifies that this
regulation will not have a significant
economic impact on a substantial
number of small entities.
Executive Order 13132—Federalism
This regulation will not have
substantial direct effects on the States,
on the relationship between the
National Government and the States, or
on distribution of power and
responsibilities among the various
levels of government. Therefore, in
accordance with Executive Order 13132,
it is determined that this rule does not
have sufficient federalism implications
to warrant the preparation of a
Federalism Assessment.
Executive Order 12988—Civil Justice
Reform
This regulation meets the applicable
standards set forth in sections 3(a) and
3(b)(2) of Executive Order 12988 to
eliminate drafting errors and ambiguity,
minimize litigation, provide a clear legal
standard for affected conduct, and
promote simplification and burden
reduction.
Executive Order 13175—Consultation
and Coordination With Indian Tribal
Governments
This regulation will have no
implications for Indian Tribal
governments. More specifically, it does
not have substantial direct effects on
one or more Indian tribes, on the
relationship between the Federal
Government and Indian tribes, or on the
distribution of power and
responsibilities between the Federal
Government and Indian tribes.
Therefore, the consultation
requirements of Executive Order 13175
do not apply.
Unfunded Mandates Reform Act of
1995
This regulation will not result in the
expenditure by State, local, and tribal
governments, in the aggregate, or by the
private sector, of $100,000,000, as
adjusted for inflation, or more in any
one year, and it will not significantly or
uniquely affect small governments.
E:\FR\FM\08NOR1.SGM
08NOR1
Federal Register / Vol. 86, No. 213 / Monday, November 8, 2021 / Rules and Regulations
Therefore, no actions were deemed
necessary under the provisions of the
Unfunded Mandates Reform Act of
1995.
Small Business Regulatory Enforcement
Fairness Act of 1996 (Subtitle E—
Congressional Review Act)
The Small Business Regulatory
Enforcement Fairness Act (SBREFA) of
1996, 5 U.S.C. 801 et seq., requires the
Department to comply with small entity
requests for information and advice
about compliance with statutes and
regulations within the Department’s
jurisdiction. Any small entity that has a
question regarding this document may
contact the person listed in FOR FURTHER
INFORMATION CONTACT section, above.
Persons can obtain further information
regarding SBREFA on the Small
Business Administration’s web page at
https://www.sba.gov/advocacy. This
rule is not a major rule as defined by 5
U.S.C. 804 of the Congressional Review
Act.
Paperwork Reduction Act
This rule imposes no information
collection or recordkeeping
requirements.
List of Subjects in 28 CFR Part 16
Administrative practices and
procedures, Courts, Freedom of
information, Privacy.
Pursuant to the authority vested in the
Attorney General by 5 U.S.C. 552a and
delegated to me by Attorney General
Order 2940–2008, the Department of
Justice amends 28 CFR part 16 as
follows:
PART 16—PRODUCTION OR
DISCLOSURE OF MATERIAL OR
INFORMATION
1. The authority citation for part 16
continues to read as follows:
■
Authority: 5 U.S.C. 301, 552, 552a, 553;
28 U.S.C. 509, 510, 534; 31 U.S.C. 3717.
Subpart E—Exemption of Records
Systems Under the Privacy Act
■
2. Add § 16.138 to read as follows:
lotter on DSK11XQN23PROD with RULES1
§ 16.138 Exemption of the Department of
Justice Information Technology,
Information System, and Network Activity
and Access Records, JUSTICE/DOJ–002.
(a) The Department of Justice
Information Technology, Information
System, and Network Activity and
Access Records (JUSTICE/DOJ–002)
system of records is exempted from
subsections (c)(3); (d)(1), (2), (3) and (4);
(e)(1), (e)(4)(G), (H), and (I); and (f) of
the Privacy Act of 1974, as amended.
The exemptions in this paragraph (a)
VerDate Sep<11>2014
16:24 Nov 05, 2021
Jkt 256001
apply only to the extent that
information in this system is subject to
exemption pursuant to 5 U.S.C.
552a(k)(1) or (k)(2). The applicable
exemption may be waived by the DOJ in
its sole discretion where DOJ
determines compliance with the
exempted provisions of the Act would
not interfere with or adversely affect the
purpose of this system of records to
ensure that the Department can track
information system access and
implement information security
protections commensurate with the risk
and magnitude of harm that could result
from the unauthorized access, use,
disclosure, disruption, modification, or
destruction of DOJ information and DOJ
information systems.
(b) Exemptions from the particular
subsections listed in paragraph (a) of
this section are justified for the
following reasons:
(1) From subsection (c)(3), the
requirement that an accounting be made
available to the named subject of a
record, because this system of records is
exempt from the access provisions of
subsection (d). Also, because making
available to a record subject the
accounting of disclosures of records
concerning the subject would
specifically reveal investigative interests
in the records by the DOJ or other
entities that are recipients of the
disclosures. Revealing this information
could compromise sensitive information
classified in the interest of national
security, or interfere with the overall
law enforcement process by revealing a
pending sensitive cybersecurity
investigation. Revealing this
information could also permit the
record subject to obtain valuable insight
concerning the information obtained
during any investigation and to take
measures to impede the investigation,
e.g., destroy evidence or alter
techniques to evade discovery.
(2) From subsection (d)(1), (2), (3) and
(4), (e)(4)(G) and (H), and (f) because
these provisions concern individual
access to and amendment of records,
compliance with which regarding
certain law enforcement and classified
records could alert the subject of an
authorized law enforcement activity
about that particular activity and the
interest of the DOJ and/or other law
enforcement or intelligence agencies.
Providing access could compromise
information classified to protect
national security, or reveal sensitive
cybersecurity investigative techniques;
provide information that would allow a
subject to avoid detection; or constitute
a potential danger to the health or safety
of law enforcement personnel or
confidential sources.
PO 00000
Frm 00025
Fmt 4700
Sfmt 4700
61689
(3) From subsection (e)(1) because it
is not always possible to know in
advance what information is relevant
and necessary for law enforcement and
intelligence purposes. The relevance
and utility of certain information that
may have a nexus to cybersecurity
threats may not always be fully evident
until and unless it is vetted and
matched with other information
lawfully maintained by the DOJ or other
entities.
(4) From subsection (e)(4)(I), to the
extent that this subsection is interpreted
to require more detail regarding the
record sources in this system than has
been published in the Federal Register.
Should the subsection be so interpreted,
exemption from this provision is
necessary to protect the sources of law
enforcement and intelligence
information. Further, greater specificity
of sources of properly classified records
could compromise national security.
Dated: October 26, 2021.
Peter A. Winn,
Acting Chief Privacy and Civil Liberties
Officer, United States Department of Justice.
[FR Doc. 2021–24315 Filed 11–5–21; 8:45 am]
BILLING CODE 4410–NW–P
DEPARTMENT OF JUSTICE
28 CFR Part 16
[CPCLO Order No. 011–2021]
Privacy Act of 1974; Implementation
Justice Management Division,
United States Department of Justice.
ACTION: Final rule.
AGENCY:
The United States Department
of Justice (DOJ or Department) is
finalizing without changes its Privacy
Act exemption regulations for the
system of records titled, Security
Monitoring and Analytics Service
Records, JUSTICE/JMD–026, which
were published as a notice of proposed
rulemaking (NPRM) on July 30, 3021.
Specifically, the Department’s
regulations will exempt the records
maintained in JUSTICE/JMD–026 from
one or more provisions of the Privacy
Act. The exemptions are necessary to
avoid interference with efforts to
prevent the unauthorized access, use,
disclosure, disruption, modification, or
destruction of information, information
systems, and networks of DOJ and
external Federal agency subscribers. The
Department received two comments on
the NPRM, neither of which impact the
Department’s decision to proceed with
issuing this final rule.
DATES: This final rule is effective
December 8, 2021.
SUMMARY:
E:\FR\FM\08NOR1.SGM
08NOR1
Agencies
[Federal Register Volume 86, Number 213 (Monday, November 8, 2021)]
[Rules and Regulations]
[Pages 61687-61689]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-24315]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF JUSTICE
28 CFR Part 16
[CPCLO Order No. 010-2021]
Privacy Act of 1974; Implementation
AGENCY: United States Department of Justice.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The United States Department of Justice (DOJ or Department) is
finalizing without changes its Privacy Act exemption regulations for
the system of records titled, Department of Justice Information
Technology, Information System, and Network Activity and Access
Records, JUSTICE/DOJ-002, which were published as a notice of proposed
rulemaking (NPRM) (July 22, 2021). Specifically, the Department's
regulations will exempt the records maintained in JUSTICE/DOJ-002 from
one or more provisions of the Privacy Act. The exemptions are necessary
to avoid interference with the efforts of DOJ and others to prevent the
unauthorized access, use, disclosure, disruption, modification, or
destruction of DOJ information and information systems, and to protect
information on DOJ classified networks. The Department received no
comments during the notice-and-comment period and is finalizing the
rule without change.
DATES: This final rule is effective December 8, 2021.
FOR FURTHER INFORMATION CONTACT: Nickolous Ward, DOJ Chief Information
Security Officer, (202) 514-3101, 145 N Street NE, Washington, DC
20530.
SUPPLEMENTARY INFORMATION: In accordance with the Federal Information
Security Modernization Act of 2014, among other authorities, DOJ is
responsible for complying with information security policies and
procedures requiring information security protections commensurate with
the risk and magnitude of harm resulting from the unauthorized access,
use, disclosure, disruption, modification, or destruction of DOJ
information and information systems. See, e.g., 44 U.S.C. 3554 (2018).
Consistent with these requirements, DOJ must ensure that it maintains
accurate audit and activity records of the observable occurrences on
its information systems and networks (also referred to as ``events'')
that are significant and relevant to the security of DOJ information
and information systems. These audit and activity records may include,
but are not limited to, information that establishes what type of event
occurred, when the event occurred, where the event occurred, the
[[Page 61688]]
source of the event, the outcome of the event, and the identity of any
individuals or subjects associated with the event. Additionally,
monitored events--whether detected utilizing information systems
maintaining audit and activity records, reported to the Department by
information system users, or reported to the Department by the
cybersecurity research community and members of the general public
conducting good faith vulnerability discovery activities--may
constitute occurrences that (1) actually or imminently jeopardize,
without lawful authority, the integrity, confidentiality, or
availability of information or an information system; or (2) constitute
a violation or imminent threat of violation of law, security policies,
security procedures, or acceptable use policies. The Department has
developed a formal process to track and document these reported
``incidents,'' which may, in limited circumstances, include records of
individuals reporting, or otherwise associated with, an actual or
suspected event or incident.
In the Federal Register of July 14, 2021 (86 FR 37188), the
Department modified a Department-wide system of records retitled,
``Department of Justice Information Technology, Information System, and
Network Activity and Access Records,'' JUSTICE/DOJ-002. This system of
records covers the Department's tracking of all DOJ information
technology, DOJ information system, and DOJ network activity and access
by users. These records assist Department information security
professionals in protecting DOJ information, ensuring the secure
operation of DOJ information systems, and tracking and documenting
incidents reported to the agency. The revisions to this notice reflect
changes in technology, including the increased ability of the
Department to link individuals to information technology, information
system, or network activity, and to better describe the Department's
records linking individuals to reported cybersecurity incidents or
their access to certain information technologies, information systems,
and networks through the internet or other authorized connections.
The Department received no comments in response to the NPRM for
JUSTICE/DOJ-002 (86 FR 38624 (July 22, 2021)), and now finalizes this
rule without changes. In this rulemaking, the Department exempts
JUSTICE/DOJ-002 from certain provisions of the Privacy Act in order to
avoid interference with the responsibilities of the Department to
prevent the unauthorized access, use, disclosure, disruption,
modification, or destruction of DOJ information and information
systems. Additionally, the Department exempts JUSTICE/DOJ-002 from
certain provisions of the Privacy Act to protect activity and audit log
records on DOJ classified networks.
The Department notes that the name of the system of records which
is the subject of this rule was changed from ``Department of Justice
Computer Systems Activity and Access Records'' to ``Department of
Justice Information Technology, Information System, and Network
Activity and Access Records'' in the notice that was published on July
14, 2021. The NPRM, which was published on July 21, 2021, inadvertently
referred to the system of records by the previous name. Additionally,
the NPRM indicated in one place an exemption from subsection (d), and
in another place an exemption from subsections (d)(1)-(4). In an effort
to reduce potential confusion, the language in the final rule has been
modified to consistently identify the system of records as being
exempted from subsections (d)(1)-(4). Further, corrections have been
inserted in the final rule in multiple places where the NPRM had used
the term ``system,'' although ``system of records'' was clearly
intended. Finally, the proposed rule stated that, in determining the
relevance and utility of certain exempted information, it would be
vetted and matched with other information necessarily and lawfully
maintained by the DOJ, external federal agency subscribers, or other
entities. Such information need only be maintained lawfully by the DOJ,
external federal agency subscribers, or other entities for use in the
vetting and matching described. The Department has determined that
these changes do not significantly alter the efficacy of the notice
that was provided to the public. The Department has made the
adjustments in the final rule, which is published herein.
Executive Orders 12866 and 13563--Regulatory Review
This regulation has been drafted and reviewed in accordance with
Executive Order 12866, ``Regulatory Planning and Review'' section 1(b),
Principles of Regulation, and Executive Order 13563 ``Improving
Regulation and Regulatory Review'' section 1(b), General Principles of
Regulation.
The Department of Justice has determined that this rule is not a
``significant regulatory action'' under Executive Order 12866, section
3(f), and accordingly this rule has not been reviewed by the Office of
Information and Regulatory Affairs within the Office of Management and
Budget pursuant to Executive Order 12866.
Regulatory Flexibility Act
This regulation will only impact Privacy Act-protected records,
which are personal and generally do not apply to an individual's
entrepreneurial capacity, subject to limited exceptions. Accordingly,
the Chief Privacy and Civil Liberties Officer, in accordance with the
Regulatory Flexibility Act (5 U.S.C. 605(b)), has reviewed this
regulation and by approving it certifies that this regulation will not
have a significant economic impact on a substantial number of small
entities.
Executive Order 13132--Federalism
This regulation will not have substantial direct effects on the
States, on the relationship between the National Government and the
States, or on distribution of power and responsibilities among the
various levels of government. Therefore, in accordance with Executive
Order 13132, it is determined that this rule does not have sufficient
federalism implications to warrant the preparation of a Federalism
Assessment.
Executive Order 12988--Civil Justice Reform
This regulation meets the applicable standards set forth in
sections 3(a) and 3(b)(2) of Executive Order 12988 to eliminate
drafting errors and ambiguity, minimize litigation, provide a clear
legal standard for affected conduct, and promote simplification and
burden reduction.
Executive Order 13175--Consultation and Coordination With Indian Tribal
Governments
This regulation will have no implications for Indian Tribal
governments. More specifically, it does not have substantial direct
effects on one or more Indian tribes, on the relationship between the
Federal Government and Indian tribes, or on the distribution of power
and responsibilities between the Federal Government and Indian tribes.
Therefore, the consultation requirements of Executive Order 13175 do
not apply.
Unfunded Mandates Reform Act of 1995
This regulation will not result in the expenditure by State, local,
and tribal governments, in the aggregate, or by the private sector, of
$100,000,000, as adjusted for inflation, or more in any one year, and
it will not significantly or uniquely affect small governments.
[[Page 61689]]
Therefore, no actions were deemed necessary under the provisions of the
Unfunded Mandates Reform Act of 1995.
Small Business Regulatory Enforcement Fairness Act of 1996 (Subtitle
E--Congressional Review Act)
The Small Business Regulatory Enforcement Fairness Act (SBREFA) of
1996, 5 U.S.C. 801 et seq., requires the Department to comply with
small entity requests for information and advice about compliance with
statutes and regulations within the Department's jurisdiction. Any
small entity that has a question regarding this document may contact
the person listed in FOR FURTHER INFORMATION CONTACT section, above.
Persons can obtain further information regarding SBREFA on the Small
Business Administration's web page at https://www.sba.gov/advocacy.
This rule is not a major rule as defined by 5 U.S.C. 804 of the
Congressional Review Act.
Paperwork Reduction Act
This rule imposes no information collection or recordkeeping
requirements.
List of Subjects in 28 CFR Part 16
Administrative practices and procedures, Courts, Freedom of
information, Privacy.
Pursuant to the authority vested in the Attorney General by 5
U.S.C. 552a and delegated to me by Attorney General Order 2940-2008,
the Department of Justice amends 28 CFR part 16 as follows:
PART 16--PRODUCTION OR DISCLOSURE OF MATERIAL OR INFORMATION
0
1. The authority citation for part 16 continues to read as follows:
Authority: 5 U.S.C. 301, 552, 552a, 553; 28 U.S.C. 509, 510,
534; 31 U.S.C. 3717.
Subpart E--Exemption of Records Systems Under the Privacy Act
0
2. Add Sec. 16.138 to read as follows:
Sec. 16.138 Exemption of the Department of Justice Information
Technology, Information System, and Network Activity and Access
Records, JUSTICE/DOJ-002.
(a) The Department of Justice Information Technology, Information
System, and Network Activity and Access Records (JUSTICE/DOJ-002)
system of records is exempted from subsections (c)(3); (d)(1), (2), (3)
and (4); (e)(1), (e)(4)(G), (H), and (I); and (f) of the Privacy Act of
1974, as amended. The exemptions in this paragraph (a) apply only to
the extent that information in this system is subject to exemption
pursuant to 5 U.S.C. 552a(k)(1) or (k)(2). The applicable exemption may
be waived by the DOJ in its sole discretion where DOJ determines
compliance with the exempted provisions of the Act would not interfere
with or adversely affect the purpose of this system of records to
ensure that the Department can track information system access and
implement information security protections commensurate with the risk
and magnitude of harm that could result from the unauthorized access,
use, disclosure, disruption, modification, or destruction of DOJ
information and DOJ information systems.
(b) Exemptions from the particular subsections listed in paragraph
(a) of this section are justified for the following reasons:
(1) From subsection (c)(3), the requirement that an accounting be
made available to the named subject of a record, because this system of
records is exempt from the access provisions of subsection (d). Also,
because making available to a record subject the accounting of
disclosures of records concerning the subject would specifically reveal
investigative interests in the records by the DOJ or other entities
that are recipients of the disclosures. Revealing this information
could compromise sensitive information classified in the interest of
national security, or interfere with the overall law enforcement
process by revealing a pending sensitive cybersecurity investigation.
Revealing this information could also permit the record subject to
obtain valuable insight concerning the information obtained during any
investigation and to take measures to impede the investigation, e.g.,
destroy evidence or alter techniques to evade discovery.
(2) From subsection (d)(1), (2), (3) and (4), (e)(4)(G) and (H),
and (f) because these provisions concern individual access to and
amendment of records, compliance with which regarding certain law
enforcement and classified records could alert the subject of an
authorized law enforcement activity about that particular activity and
the interest of the DOJ and/or other law enforcement or intelligence
agencies. Providing access could compromise information classified to
protect national security, or reveal sensitive cybersecurity
investigative techniques; provide information that would allow a
subject to avoid detection; or constitute a potential danger to the
health or safety of law enforcement personnel or confidential sources.
(3) From subsection (e)(1) because it is not always possible to
know in advance what information is relevant and necessary for law
enforcement and intelligence purposes. The relevance and utility of
certain information that may have a nexus to cybersecurity threats may
not always be fully evident until and unless it is vetted and matched
with other information lawfully maintained by the DOJ or other
entities.
(4) From subsection (e)(4)(I), to the extent that this subsection
is interpreted to require more detail regarding the record sources in
this system than has been published in the Federal Register. Should the
subsection be so interpreted, exemption from this provision is
necessary to protect the sources of law enforcement and intelligence
information. Further, greater specificity of sources of properly
classified records could compromise national security.
Dated: October 26, 2021.
Peter A. Winn,
Acting Chief Privacy and Civil Liberties Officer, United States
Department of Justice.
[FR Doc. 2021-24315 Filed 11-5-21; 8:45 am]
BILLING CODE 4410-NW-P