Privacy Act of 1974; System of Records, 6196-6199 [2022-02294]

Agencies

• DEPARTMENT OF THE INTERIOR
• National Park Service

[Federal Register Volume 87, Number 23 (Thursday, February 3, 2022)]
[Notices]
[Pages 6196-6199]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-02294]


-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

National Park Service

[DOI-2021-0015; PPWONRADE4, PEN00EN15.YP0000]


Privacy Act of 1974; System of Records

AGENCY: National Park Service, Interior.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Department of the Interior (DOI) is issuing a public 
notice of its intent to modify the National Park Service (NPS) Privacy 
Act system of records, INTERIOR/NPS-23, Planning, Environment and 
Public Comment (PEPC) System. DOI is updating this system of records 
notice (SORN) to update the system location, system manager, categories 
of records, records source, records retrieval, records retention and 
disposal, and safeguards; propose new and modified routine uses; and 
provide general updates to remaining sections to accurately reflect 
management of the system of records. This modified system will be 
included in the DOI's inventory of record systems.

DATES: This modified system will be effective upon publication. New or 
modified routine uses will be effective March 7, 2022. Submit comments 
on or before March 7, 2022.

ADDRESSES: You may send comments identified by docket number [DOI-2021-
0015] by any of the following methods:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for sending comments.
     Email: [email protected]. Include docket number 
[DOI-2021-0015] in the subject line of the message.
     U.S. mail or hand delivery: Teri Barnett, Departmental 
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, 
Room 7112, Washington, DC 20240.
     Instructions: All submissions received must include the 
agency name and docket number [DOI-2021-0015]. All comments received 
will be posted without change to https://www.regulations.gov, including 
any personal information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Felix Uribe, Associate Privacy 
Officer, National Park Service, 12201 Sunrise Valley Drive, Reston, VA 
20192, [email protected] or (202) 354-6925.

SUPPLEMENTARY INFORMATION:

I. Background

    The NPS maintains the NPS-23, Planning, Environment and Public 
Comment (PEPC) System, system of records. The PEPC System is an online 
collaborative tool designed to facilitate the project management 
process in conservation planning and environmental impact analysis that 
is

[[Page 6197]]

managed by the Natural Resource Stewardship and Science Directorate. 
The system assists the NPS in making informed decisions regarding a 
number of compliance issues throughout the planning, design, and 
construction process.
    DOI is publishing this revised notice to reflect updates to the 
system location, system manager, categories of records, records source, 
records retrieval, records retention and disposal, and safeguards; 
include new sections for security classification, purpose and history 
of the system of records; and make general updates to the remaining 
sections to accurately reflect management of the system of records in 
accordance with the Office of Management and Budget (OMB) Circular A-
108, Federal Agency Responsibilities for Review, Reporting, and 
Publication under the Privacy Act. DOI is proposing to modify existing 
routine uses and add new routine uses to provide clarity, transparency, 
and to facilitate sharing of information with agencies and 
organizations to promote the integrity of the records in the system or 
carry out a statutory responsibility of the DOI or Federal Government.
    Routine use A was slightly modified to further clarify disclosures 
to the Department of Justice (DOJ) or other Federal agencies, when 
necessary, in relation to litigation or judicial hearings. Routine use 
B was modified to clarify disclosures to a congressional office to 
respond to or resolve an individual's request made to that office. 
Routine use H was modified to clarify sharing of information with 
government agencies and organizations in response to court orders or 
for discovery purposes related to litigation. Routine use I was 
modified to include grantees to facilitate sharing of information when 
authorized and necessary to perform services on DOI's behalf. Modified 
routine use J allows DOI to share information with appropriate Federal 
agencies or entities when reasonably necessary to respond to a breach 
of PII and to prevent, minimize, or remedy the risk of harm to 
individuals or the Federal Government, or assist an agency in locating 
individuals affected by a breach in accordance with OMB Memorandum M-
17-12, Preparing for and Responding to a Breach of Personally 
Identifiable Information. Routine use N was modified to include review 
by public affairs, legal counsel, and the Senior Agency Official for 
Privacy and clarify circumstances where there is a legitimate public 
interest in the disclosure of information that would not constitute an 
unwarranted invasion of privacy.
    Proposed new routine use C facilitates sharing of information with 
the Executive Office of the President to resolve issues concerning 
individuals' records. Proposed routine use P allows sharing with 
members of the public in order to provide copies or summaries of 
comments received on a project, and to provide information to the 
public as a report or verification of all correspondence received for a 
project, or as part of the process of reporting the public's concerns 
on a project and the NPS's response to those concerns.

II. Privacy Act

    The Privacy Act of 1974, as amended, embodies fair information 
practice principles in a statutory framework governing the means by 
which Federal agencies collect, maintain, use, and disseminate 
individuals' records. The Privacy Act applies to records about 
individuals that are maintained in a ``system of records.'' A ``system 
of records'' is a group of any records under the control of an agency 
from which information is retrieved by the name of an individual or by 
some identifying number, symbol, or other identifying particulars 
assigned to the individual. The Privacy Act defines an individual as a 
United States citizen or lawful permanent resident. Individuals may 
request access to their own records that are maintained in a system of 
records in the possession or under the control of DOI by complying with 
DOI Privacy Act regulations at 43 CFR part 2, subpart K, and following 
the procedures outlined in the Records Access, Contesting Record, and 
Notification Procedures sections of this notice.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the existence and character of each 
system of records that the agency maintains, and the routine uses of 
each system. The INTERIOR/NPS-23, Planning, Environment and Public 
Comment (PEPC) System, SORN is published in its entirety below. In 
accordance with 5 U.S.C. 552a(r), DOI has provided a report of this 
system of records to OMB and to Congress.

III. Public Participation

    You should be aware your entire comment including your personally 
identifiable information, such as your address, phone number, email 
address, or any other personal information in your comment, may be made 
publicly available at any time. While you may request to withhold your 
personally identifiable information from public review, we cannot 
guarantee we will be able to do so.

SYSTEM NAME AND NUMBER:
    INTERIOR/NPS-23, Planning, Environment and Public Comment (PEPC) 
System.

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    This system is located at the National Information Technology 
Center, National Park Service, 12201 Sunrise Valley Drive, Reston, VA 
20192. Records may also be located at NPS regional and field offices 
responsible for projects related to conservation planning and 
environmental impact analysis. A current listing of park offices and 
contact information may be obtained by visiting the NPS website at 
https://www.nps.gov/aboutus/contactinformation.htm.

SYSTEM MANAGER(S):
    Chief, Environmental Information Management Branch, Environmental 
Quality Division, Natural Resource Stewardship and Science, National 
Park Service, P.O. Box 25287, Denver, CO 80225-0287.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 4321 et seq., The National Environmental Policy Act of 
1969, as amended; and 43 CFR part 46, Implementation of the National 
Environmental Policy Act of 1969.

PURPOSE(S) OF THE SYSTEM:
    The PEPC System is a collaborative online tool designed to: (1) 
Facilitate the project management process in conservation planning and 
environmental impact analysis; (2) assist NPS employees in making 
informed decisions regarding pertinent compliance issues throughout the 
planning, design, and construction process; (3) provide consistency in 
applying applicable policies, laws and regulations; and (4) provide a 
platform for public comment opportunities for environmental impact 
analysis and other documents that require public input.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Individuals covered by the system include DOI employees, 
contractors and volunteers; other Federal, state or local government 
agency employees, contractors and volunteers; partners of NPS that are 
involved in the projects; members of the public providing and seeking 
comments on the projects; and other individuals involved with projects 
related to conservation planning and environmental impact analysis.

[[Page 6198]]

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system contains documents necessary to track compliance, 
milestones, and status of projects related to conservation planning and 
environmental impact analysis. These records may include name, home or 
business address, home or business telephone number, home or business 
email address, organization affiliation, correspondent identification 
number, project number, and unique correspondence identification number 
for each correspondence record received. The correspondent 
identification number is a unique number in the database that can be 
used to query the correspondent's information.

RECORD SOURCE CATEGORIES:
    Records in the PEPC System are obtained from DOI employees, 
contractors, and volunteers; other Federal, state, or local government 
agency employees, contractors, and volunteers; partners; tribes; 
members of the public; comments posted on regulations.gov; and other 
individuals involved with projects related to conservation planning and 
environmental impact analysis.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DOI as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including Offices of the 
U.S. Attorneys, or other Federal agency conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is relevant or necessary to the litigation and one of the 
following is a party to the litigation or has an interest in such 
litigation:
    (1) DOI or any component of DOI;
    (2) Any other Federal agency appearing before the Office of 
Hearings and Appeals;
    (3) Any DOI employee or former employee acting in his or her 
official capacity;
    (4) Any DOI employee or former employee acting in his or her 
individual capacity when DOI or DOJ has agreed to represent that 
employee or pay for private representation of the employee; or
    (5) The United States Government or any agency thereof, when DOJ 
determines that DOI is likely to be affected by the proceeding.
    B. To a congressional office when requesting information on behalf 
of, and at the request of, the individual who is the subject of the 
record.
    C. To the Executive Office of the President in response to an 
inquiry from that office made at the request of the subject of a record 
or a third party on that person's behalf, or for a purpose compatible 
with the reason for which the records are collected or maintained.
    D. To any criminal, civil, or regulatory law enforcement authority 
(whether Federal, state, territorial, local, tribal or foreign) when a 
record, either alone or in conjunction with other information, 
indicates a violation or potential violation of law--criminal, civil, 
or regulatory in nature, and the disclosure is compatible with the 
purpose for which the records were compiled.
    E. To an official of another Federal agency to provide information 
needed in the performance of official duties related to reconciling or 
reconstructing data files or to enable that agency to respond to an 
inquiry by the individual to whom the record pertains.
    F. To Federal, state, territorial, local, tribal, or foreign 
agencies that have requested information relevant or necessary to the 
hiring, firing or retention of an employee or contractor, or the 
issuance of a security clearance, license, contract, grant or other 
benefit, when the disclosure is compatible with the purpose for which 
the records were compiled.
    G. To representatives of the National Archives and Records 
Administration (NARA) to conduct records management inspections under 
the authority of 44 U.S.C. 2904 and 2906.
    H. To state, territorial and local governments and tribal 
organizations to provide information needed in response to court order 
and/or discovery purposes related to litigation, when the disclosure is 
compatible with the purpose for which the records were compiled.
    I. To an expert, consultant, grantee, or contractor (including 
employees of the contractor) of DOI that performs services requiring 
access to these records on DOI's behalf to carry out the purposes of 
the system.
    J. To appropriate agencies, entities, and persons when:
    (1) DOI suspects or has confirmed that there has been a breach of 
the system of records;
    (2) DOI has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DOI (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and
    (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DOI's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    K. To another Federal agency or Federal entity, when DOI determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in:
    (1) Responding to a suspected or confirmed breach; or
    (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    L. To the Office of Management and Budget (OMB) during the 
coordination and clearance process in connection with legislative 
affairs as mandated by OMB Circular A-19.
    M. To the Department of the Treasury to recover debts owed to the 
United States.
    N. To the news media and the public, with the approval of the 
Public Affairs Officer in consultation with counsel and the Senior 
Agency Official for Privacy, where there exists a legitimate public 
interest in the disclosure of the information, except to the extent it 
is determined that release of the specific information in the context 
of a particular case would constitute an unwarranted invasion of 
personal privacy.
    O. To officials of another Federal, state, local, or tribal agency 
to retrieve, review or analyze public comments for projects under their 
authority, which were received via the PEPC System.
    P. To members of the public in order to provide copies or summaries 
of comments received on a project, and to provide information to the 
public as a report or verification of all correspondence received for a 
project, or as part of the process of reporting the public's concerns 
on a project and the NPS's response to those concerns.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:
    Disclosure pursuant to 5 U.S.C. 552a(b)(12). Disclosures may be 
made from this system to consumer reporting agencies as defined in the 
Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims 
Collection Act of 1966 (31 U.S.C. 3701(a)(3)).

[[Page 6199]]

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Paper records are contained in file folders stored within filing 
cabinets. Electronic records are contained in computers, magnetic 
disks, computer tapes, removable drives, email, and electronic 
databases.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    The information may be retrieved by various fields including 
correspondent's name, project number, correspondence's identification 
number, correspondent's identification number, document identification 
number, park, organization type, affiliation, or correspondence receipt 
date.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records are retained in accordance with the National Park Service 
Records Schedule, Resource Management and Lands (Item 1C), which has 
been approved by NARA (Job No. N1-79-0801). The disposition of records 
with short-term operational value and not considered essential for 
ongoing management of land, cultural and natural resources is 
temporary, including account management records. These operational 
records are destroyed/deleted 15 years after closure. The disposition 
for routine housekeeping and supporting documentation is temporary and 
records are destroyed/deleted 3 years after closure.
    Approved disposition methods for records include shredding or 
pulping paper records and erasing or degaussing electronic records in 
accordance with NARA guidelines and Departmental policy. Detailed 
disposition procedures and processes will be defined, implemented, and 
published to internal system administration staff within the PEPC 
technical reference manuals.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The records contained in this system are safeguarded in accordance 
with 43 CFR 2.226 and other applicable security rules and policies. 
Access to records in the PEPC System is limited to authorized personnel 
whose official duties require such access. Paper records are secured in 
file cabinets in areas which are locked during non-duty hours.
    Computerized records systems follow the National Institute of 
Standards and Technology privacy and security standards as developed to 
comply with the Privacy Act of 1974, as amended, 5 U.S.C. 552a; 
Paperwork Reduction Act of 1995, 44 U.S.C. 3501et seq; Federal 
Information Security Modernization Act of 2014, 44 U.S.C. 3551 et seq; 
and the Federal Information Processing Standards 199: Standards for 
Security Categorization of Federal Information and Information Systems. 
Security controls include user identification, passwords, database 
permissions, encryption, firewalls, audit logs, network system security 
monitoring, and software controls.
    Database tables are kept on separate file servers away from general 
file storage and other local area network usage. The data itself is 
stored in a password-protected, client-server database. Security 
measures establish access levels for different types of users.
    Personnel authorized to access the system must complete all 
security, privacy, and records management training and sign the DOI 
Rules of Behavior. A Privacy Impact Assessment was conducted on the 
PEPC System to ensure that Privacy Act requirements are met, and 
appropriate privacy controls were implemented to safeguard the 
personally identifiable information contained in the system.

RECORD ACCESS PROCEDURES:
    An individual requesting records on himself or herself should send 
a signed, written inquiry to the applicable System Manager identified 
above. The request must include the specific bureau or office that 
maintains the record to facilitate location of the applicable records. 
The request envelope and letter should both be clearly marked ``PRIVACY 
ACT REQUEST FOR ACCESS.'' A request for access must meet the 
requirements of 43 CFR 2.238.

CONTESTING RECORD PROCEDURES:
    An individual requesting corrections or the removal of material 
from his or her records should send a signed, written request to the 
applicable System Manager as identified above. The request must include 
the specific bureau or office that maintains the record to facilitate 
location of the applicable records. A request for corrections or 
removal must meet the requirements of 43 CFR 2.246.

NOTIFICATION PROCEDURES:
    An individual requesting notification of the existence of records 
on himself or herself should send a signed, written inquiry to the 
applicable System Manager as identified above. The request must include 
the specific bureau or office that maintains the record to facilitate 
location of the applicable records. The request envelope and letter 
should both be clearly marked ``PRIVACY ACT INQUIRY.'' A request for 
notification must meet the requirements of 43 CFR 2.235.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    79 FR 30641 (May 28, 2014), modification published at 86 FR 50156 
(September 7, 2021).

Teri Barnett,
Departmental Privacy Officer, Department of the Interior.
[FR Doc. 2022-02294 Filed 2-2-22; 8:45 am]
BILLING CODE 4312-52-P