Privacy Act of 1974; System of Records, 16542-16544 [2022-06117]
Download as PDF
16542
Federal Register / Vol. 87, No. 56 / Wednesday, March 23, 2022 / Notices
For the Commission, by the Division of
Trading and Markets, pursuant to delegated
authority.17
J. Matthew DeLesDernier,
Assistant Secretary.
[FR Doc. 2022–06100 Filed 3–22–22; 8:45 am]
BILLING CODE 8011–01–P
DEPARTMENT OF STATE
[Public Notice: 11688]
Privacy Act of 1974; System of
Records
ACTION:
Notice of a modified system of
records.
The information in this
system of records, Risk Analysis and
Management Records, supports the
vetting of directors, officers, or other
employees of organizations who apply
for Department of State contracts,
grants, cooperative agreements, or other
funding; and individuals who may
benefit from such funding. The
information collected from these
organizations and individuals is
specifically used to conduct screening
to ensure that Department funds are not
used to provide support to entities or
individuals deemed to be a risk to U.S.
national security interests.
DATES: In accordance with 5 U.S.C.
552a(e)(4) and (11), this system of
records notice is effective upon
publication, with the exception of the
routine uses (a), (b), (c), (d), and (e) that
are subject to a 30-day period during
which interested persons may submit
comments to the Department. Please
submit any comments by April 22, 2022.
ADDRESSES: Questions can be submitted
by mail, email, or by calling Eric F.
Stein, the Senior Agency Official for
Privacy on (202) 485–2051. If mail,
please write to: U.S Department of State;
Office of Global Information Systems,
A/GIS; Room 1417, 2201 C St. NW,
Washington, DC 20520. If email, please
address the email to the Senior Agency
Official for Privacy, Eric F. Stein, at
Privacy@state.gov. Please write ‘‘Risk
Analysis and Management Records,
State–78’’ on the envelope or the subject
line of your email.
FOR FURTHER INFORMATION CONTACT: Eric
F. Stein, Senior Agency Official for
Privacy; U.S. Department of State; Office
of Global Information Services, A/GIS;
Room 1417, 2201 C St. NW,
Washington, DC 20520 or by calling on
(202) 485–2051.
jspears on DSK121TN23PROD with NOTICES1
SUMMARY:
17
17 CFR 200.30–3(a)(12).
VerDate Sep<11>2014
20:07 Mar 22, 2022
Jkt 256001
This
notice is being modified to reflect new
OMB guidance, changes to the
categories of records and security
classification. The modified system of
records notice includes substantive
revisions and additions to the following
sections: Dates, Security Classification,
System Location, Categories of
Individuals Covered by the System,
Categories of Records in the System,
Routine Uses of Records, Retention and
Disposal of Records, and Exemptions
Promulgated. In addition, the
Department is taking this opportunity to
make minor administrative updates to
the following sections: Addresses, For
Further Information Contact, and
History.
SUPPLEMENTARY INFORMATION:
SYSTEM NAME AND NUMBER:
Risk Analysis and Management
Records, State–78.
SECURITY CLASSIFICATION:
directors, program managers, chief of
party for the program and other
individuals employed by the
organization. The Privacy Act defines an
individual at 5 U.S.C. 552a(a)(2) as a
United States citizen or lawful
permanent resident.
CATEGORIES OF RECORDS IN THE SYSTEM:
Information in this system includes:
Name, aliases, date and place of birth,
gender (as shown in a governmentissued foreign or U.S. photo ID),
citizenship(s), government-issued
identification information (including
but not limited to Social Security
number if U.S. citizen or Legal
Permanent Resident, passport number,
or any other numbers originated by a
government that specifically identifies
an individual), mailing address,
telephone numbers, email, social media
information, current employer
organizational and project title.
RECORD SOURCE CATEGORIES:
Unclassified.
SYSTEM MANAGER(S):
Information is collected from the
record subjects themselves and also
from public sources, agencies
conducting national security screening,
law enforcement and intelligence
agency records, and other government
databases.
Director, Office of Risk Analysis and
Management (RAM) 2201 C St. NW,
Washington, DC 20520, RAM@state.gov.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
SYSTEM LOCATION:
Office of Risk Analysis and
Management (RAM), Department of
State, Washington, DC, 2201 C St. NW,
Washington, DC 20520.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
18 U.S.C. 2339A, 2339B, 2339C; 22
U.S.C. 2151 et seq.; E.O. 13224, 13099
and 12947; and Homeland Security
Presidential Directive–6.
PURPOSE(S) OF THE SYSTEM:
The information in the system
supports the vetting of directors,
officers, or other employees of
organizations who apply for Department
of State contracts, grants, cooperative
agreements, or other funding; and
individuals who may benefit from such
funding. The information collected from
these organizations and individuals is
specifically used to conduct screening
to ensure that Department funds are not
used to provide support to entities or
individuals deemed to be a risk to U.S.
national security interests.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
The system covers key personnel of
organizations that have applied for
contracts, grants, cooperative
agreements, or other funding from the
Department of State; and individuals
who may benefit from such funding.
These individuals may include but are
not limited to principal officers or
PO 00000
Frm 00090
Fmt 4703
Sfmt 4703
Risk Analysis and Management
Records may be disclosed:
(a.) To appropriate agencies, entities,
and persons when (1) the Department of
State suspects or has confirmed that
there has been a breach of the system of
records; (2) the Department of State has
determined that as a result of the
suspected or confirmed breach there is
a risk of harm to individuals, the
Department of State (including its
information systems, programs, and
operations), the Federal Government, or
national security; and (3) the disclosure
made to such agencies, entities, and
persons is reasonably necessary to assist
in connection with the Department of
State efforts to respond to the suspected
or confirmed breach or to prevent,
minimize, or remedy such harm.
(b.) To another Federal agency or
Federal entity, when the Department of
State determines that information from
this system of records is reasonably
necessary to assist the recipient agency
or entity in (1) responding to a
suspected or confirmed breach or (2)
preventing, minimizing, or remedying
the risk of harm to individuals, the
recipient agency or entity (including its
information systems, programs, and
operations), the Federal Government, or
E:\FR\FM\23MRN1.SGM
23MRN1
Federal Register / Vol. 87, No. 56 / Wednesday, March 23, 2022 / Notices
national security, resulting from a
suspected or confirmed breach.
(c.) To other U.S. government
agencies for vetting programs.
(d.) To the Federal Bureau of
Investigation, the Department of
Homeland Security, the National
Counter-Terrorism Center (NCTC), the
Terrorist Screening Center (TSC), or
other appropriate federal agencies, for
the integration and use of such
information to protect against terrorism,
if that record is about one or more
individuals known, or suspected, to be
or to have been involved in activities
constituting, in preparation for, in aid
of, or related to terrorism. Such
information may be further
disseminated by recipient agencies to
Federal, State, local, territorial, tribal,
and foreign government authorities, and
to support private sector processes as
contemplated in Homeland Security
Presidential Directive/HSPD–6 and
other relevant laws and directives, for
terrorist screening, threat-protection,
and other homeland security purposes.
(e.) To a federal, state, or local agency
maintaining civil, criminal, or other
relevant enforcement information or
other pertinent information, such as
current licenses, if necessary, to obtain
information relevant to an agency
decision concerning the hiring or
retention of an employee, the issuance
of a security clearance, the letting of a
contract, or the issuance of a license,
grant, or other benefit.
The Department of State periodically
publishes in the Federal Register its
standard routine uses which apply to
many of its Privacy Act systems of
records. These notices appear in the
form of a Prefatory Statement (published
in Volume 73, Number 136, Public
Notice 6290, on July 15, 2008). All these
standard routine uses apply to Risk
Analysis and Management Records,
State–78.
jspears on DSK121TN23PROD with NOTICES1
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Records are stored both in hard copy
and on electronic media. A description
of standard Department of State policies
concerning storage of electronic records
is found at https://fam.state.gov/FAM/
05FAM/05FAM0440.html. All hard
copies of records containing personal
information are maintained in secured
file cabinets in restricted areas, access to
which is limited to authorized
personnel only.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Records are retrieved by name, date
and place of birth, government
identifying numbers (such as Social
VerDate Sep<11>2014
20:07 Mar 22, 2022
Jkt 256001
Security numbers or passport numbers),
or other identifying data specified under
Categories of Records in the system.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Records with no derogatory findings
are purged annually; records with
derogatory information are maintained
for seven years. Records are retired and
destroyed in accordance with published
Department of State Records Disposition
Schedules as approved by the National
Archives and Records Administration
(NARA) and outlined at https://
foia.state.gov/Learn/
RecordsDisposition.aspx. More specific
information may be obtained by writing
to the following address: U.S.
Department of State; Director, Office of
Information Programs and Services; A/
GIS/IPS; 2201 C Street NW, Room B–
266; Washington, DC 20520.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
All Department of State network users
are given cyber security awareness
training which covers the procedures for
handling Sensitive but Unclassified
(SBU) information, including personally
identifiable information (PII). Annual
refresher training is mandatory. In
addition, all Department OpenNet
network users are required to take, on a
biennial basis, the Foreign Service
Institute distance learning course
instructing employees on privacy and
security requirements, including the
rules of behavior for handling PII and
the potential consequences if it is
handled improperly. Before being
granted access to Risk Analysis and
Management Records, a user must first
be granted access to the Department of
State computer network.
Department of State employees and
contractors may remotely access this
system of records using nonDepartment-owned information
technology. Such access is subject to
approval by the Department’s mobile
and remote access program and is
limited to information maintained in
unclassified information systems.
Remote access to the Department’s
information systems is configured in
compliance with OMB Circular A–130
multifactor authentication requirements
and includes a time-out function.
All Department of State employees
and contractors with authorized access
to records maintained in this system of
records have undergone a thorough
background security investigation.
Access to the Department of State, its
annexes and posts abroad is controlled
by security guards and admission is
limited to those individuals possessing
PO 00000
Frm 00091
Fmt 4703
Sfmt 4703
16543
a valid identification card or individuals
under proper escort. Access to
computerized files is passwordprotected and under the direct
supervision of the system manager. The
system manager has the capability of
printing audit trails of access from the
computer media, thereby permitting
regular and ad hoc monitoring of
computer usage. When it is determined
that a user no longer needs access, the
user account is disabled.
RECORD ACCESS PROCEDURES:
Individuals who wish to gain access
to or to amend records pertaining to
themselves should write to U.S.
Department of State; Director, Office of
Information Programs and Services; A/
GIS/IPS; 2201 C Street NW, Room B–
266; Washington, DC 20520. The
individual must specify that he or she
wishes the Risk Analysis and
Management Records to be checked. At
a minimum, the individual must
include: Full name (including maiden
name, if appropriate) and any other
names used; current mailing address
and zip code; date and place of birth;
notarized signature or statement under
penalty of perjury; a brief description of
the circumstances that caused the
creation of the record (including the city
and/or country and the approximate
dates) which gives the individual cause
to believe that the Risk Analysis and
Management Records include records
pertaining to the individual. Detailed
instructions on Department of State
procedures for accessing and amending
records can be found at the
Department’s FOIA website located at
https://foia.state.gov/Request/
Guide.aspx.
CONTESTING RECORD PROCEDURES:
Individuals who wish to contest a
record should write to U.S. Department
of State; Director, Office of Information
Programs and Services; A/GIS/IPS; 2201
C Street NW, Room B–266; Washington,
DC 20520.
NOTIFICATION PROCEDURES:
Individuals who have reason to
believe that this system of records may
contain information pertaining to
themselves may write to U.S.
Department of State; Director, Office of
Information Programs and Services; A/
GIS/IPS; 2201 C Street NW, Room B–
266; Washington, DC 20520. The
individual must specify that he or she
wishes the Risk Analysis and
Management Records to be checked. At
a minimum, the individual must
include: Full name (including maiden
name, if appropriate) and any other
names used; current mailing address
E:\FR\FM\23MRN1.SGM
23MRN1
16544
Federal Register / Vol. 87, No. 56 / Wednesday, March 23, 2022 / Notices
and zip code; date and place of birth;
notarized signature or statement under
penalty of perjury; a brief description of
the circumstances that caused the
creation of the record (including the city
and/or country and the approximate
dates) which gives the individual cause
to believe that the Risk Analysis and
Management Records include records
pertaining to the individual.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
To the extent applicable, because this
system contains information related to
the government’s national security
programs, records in this system may be
exempt from any part of 5 U.S.C. 552a
except subsections (b), (c)(1) and (2),
(e)(4)(A) through (F), (e)(6),(7), (9), (10),
and (11) if the records in the system are
subject to the exemption found in 5
U.S.C. 552a(j). To the extent applicable,
records in this system may be exempt
from subsections (c)(3), (d), (e)(1),
(e)(4)(G), (H), (I), and (f) of 5 U.S.C. 552a
if the records in the system are subject
to the exemption found in 5 U.S.C.
552a(k). Any other exempt records from
other systems of records that are
recompiled into this system are also
considered exempt to the extent they are
claimed as such in the original systems.
that Public Notice of these
determinations be published in the
Federal Register.
FOR FURTHER INFORMATION CONTACT: Chi
D. Tran, Program Administrator, Office
of the Legal Adviser, U.S. Department of
State (telephone: 202–632–6471; email:
section2459@state.gov). The mailing
address is U.S. Department of State,
L/PD, 2200 C Street NW (SA–5), Suite
5H03, Washington, DC 20522–0505.
SUPPLEMENTARY INFORMATION: The
foregoing determinations were made
pursuant to the authority vested in me
by the Act of October 19, 1965 (79 Stat.
985; 22 U.S.C. 2459), E.O. 12047 of
March 27, 1978, the Foreign Affairs
Reform and Restructuring Act of 1998
(112 Stat. 2681, et seq.; 22 U.S.C. 6501
note, et seq.), Delegation of Authority
No. 234 of October 1, 1999, Delegation
of Authority No. 236–3 of August 28,
2000, and Delegation of Authority No.
523 of December 22, 2021.
BILLING CODE 4710–05–P
B. Privacy Act
[Public Notice 11687]
Notice of Determinations; Culturally
Significant Objects Being Imported for
Exhibition—Determinations: ‘‘Philip
Guston Now’’ Exhibition
Notice is hereby given of the
following determinations: I hereby
determine that certain objects being
imported from abroad pursuant to
agreements with their foreign owners or
custodians for temporary display in the
exhibition ‘‘Philip Guston Now’’ at the
Museum of Fine Arts, Boston, in Boston,
Massachusetts; the Museum of Fine
Arts, Houston, in Houston, Texas; the
National Gallery of Art, Washington,
District of Columbia; and at possible
additional exhibitions or venues yet to
be determined, are of cultural
significance, and, further, that their
temporary exhibition or display within
the United States as aforementioned is
in the national interest. I have ordered
jspears on DSK121TN23PROD with NOTICES1
SUMMARY:
20:07 Mar 22, 2022
Federal Motor Carrier Safety
Administration
Qualification of Drivers; Exemption
Applications; Vision
DEPARTMENT OF STATE
VerDate Sep<11>2014
DEPARTMENT OF TRANSPORTATION
[Docket No. FMCSA–2022–0012]
BILLING CODE 4710–24–P
Jkt 256001
A. Viewing Comments
[FR Doc. 2022–06153 Filed 3–22–22; 8:45 am]
Stacy E. White,
Deputy Assistant Secretary for Professional
and Cultural Exchanges, Bureau of
Educational and Cultural Affairs, Department
of State.
Previously published at 76 FR 76215.
[FR Doc. 2022–06117 Filed 3–22–22; 8:45 am]
I. Public Participation
To view comments go to
www.regulations.gov, insert the docket
number, FMCSA–2022–0012, in the
keyword box, and click ‘‘Search.’’ Next,
sort the results by ‘‘Posted (NewerOlder),’’ choose the first notice listed,
and click ‘‘Browse Comments.’’ If you
do not have access to the internet, you
may view the docket online by visiting
Dockets Operations in Room W12–140
on the ground floor of the DOT West
Building, 1200 New Jersey Avenue SE,
Washington, DC 20590–0001, between 9
a.m. and 5 p.m., ET, Monday through
Friday, except Federal holidays. To be
sure someone is there to help you,
please call (202) 366–9317 or (202) 366–
9826 before visiting Dockets Operations.
HISTORY:
Eric F. Stein,
Deputy Assistant Secretary, Bureau of
Administration, Global Information Services,
US Department of State.
W64–224, Washington, DC 20590–0001.
Office hours are from 8:30 a.m. to 5
p.m., ET, Monday through Friday,
except Federal holidays. If you have
questions regarding viewing or
submitting material to the docket,
contact Dockets Operations, (202) 366–
9826.
SUPPLEMENTARY INFORMATION:
Federal Motor Carrier Safety
Administration (FMCSA), Department
of Transportation (DOT).
ACTION: Notice of final disposition.
In accordance with 5 U.S.C. 553(c),
DOT solicits comments from the public
to better inform its rulemaking process.
DOT posts these comments, without
edit, including any personal information
the commenter provides, to
www.regulations.gov, as described in
the system of records notice (DOT/ALL–
14 FDMS), which can be reviewed at
www.dot.gov/privacy.
AGENCY:
II. Background
FMCSA announces its
decision to exempt 12 individuals from
the vision requirement in the Federal
Motor Carrier Safety Regulations
(FMCSRs) to operate a commercial
motor vehicle (CMV) in interstate
commerce. They are unable to meet the
vision requirement in one eye for
various reasons. The exemptions enable
these individuals to operate CMVs in
interstate commerce without meeting
the vision requirement in one eye.
DATES: The exemptions were applicable
on March 8, 2022. The exemptions
expire on March 8, 2024.
FOR FURTHER INFORMATION CONTACT: Ms.
Christine A. Hydock, Chief, Medical
Programs Division, (202) 366–4001,
fmcsamedical@dot.gov, FMCSA, DOT,
1200 New Jersey Avenue SE, Room
On February 3, 2022, FMCSA
published a notice announcing receipt
of applications from 12 individuals
requesting an exemption from vision
requirement in 49 CFR 391.41(b)(10)
and requested comments from the
public (87 FR 6229). The public
comment period ended on March 7,
2022, and two comments were received.
FMCSA has evaluated the eligibility
of these applicants and determined that
granting the exemptions to these
individuals would achieve a level of
safety equivalent to, or greater than, the
level that would be achieved by
complying with § 391.41(b)(10).
The physical qualification standard
for drivers regarding vision found in
§ 391.41(b)(10) states that a person is
physically qualified to drive a CMV if
that person has distant visual acuity of
at least 20/40 (Snellen) in each eye
without corrective lenses or visual
acuity separately corrected to 20/40
SUMMARY:
PO 00000
Frm 00092
Fmt 4703
Sfmt 4703
E:\FR\FM\23MRN1.SGM
23MRN1
Agencies
[Federal Register Volume 87, Number 56 (Wednesday, March 23, 2022)]
[Notices]
[Pages 16542-16544]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-06117]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF STATE
[Public Notice: 11688]
Privacy Act of 1974; System of Records
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: The information in this system of records, Risk Analysis and
Management Records, supports the vetting of directors, officers, or
other employees of organizations who apply for Department of State
contracts, grants, cooperative agreements, or other funding; and
individuals who may benefit from such funding. The information
collected from these organizations and individuals is specifically used
to conduct screening to ensure that Department funds are not used to
provide support to entities or individuals deemed to be a risk to U.S.
national security interests.
DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this system of
records notice is effective upon publication, with the exception of the
routine uses (a), (b), (c), (d), and (e) that are subject to a 30-day
period during which interested persons may submit comments to the
Department. Please submit any comments by April 22, 2022.
ADDRESSES: Questions can be submitted by mail, email, or by calling
Eric F. Stein, the Senior Agency Official for Privacy on (202) 485-
2051. If mail, please write to: U.S Department of State; Office of
Global Information Systems, A/GIS; Room 1417, 2201 C St. NW,
Washington, DC 20520. If email, please address the email to the Senior
Agency Official for Privacy, Eric F. Stein, at [email protected].
Please write ``Risk Analysis and Management Records, State-78'' on the
envelope or the subject line of your email.
FOR FURTHER INFORMATION CONTACT: Eric F. Stein, Senior Agency Official
for Privacy; U.S. Department of State; Office of Global Information
Services, A/GIS; Room 1417, 2201 C St. NW, Washington, DC 20520 or by
calling on (202) 485-2051.
SUPPLEMENTARY INFORMATION: This notice is being modified to reflect new
OMB guidance, changes to the categories of records and security
classification. The modified system of records notice includes
substantive revisions and additions to the following sections: Dates,
Security Classification, System Location, Categories of Individuals
Covered by the System, Categories of Records in the System, Routine
Uses of Records, Retention and Disposal of Records, and Exemptions
Promulgated. In addition, the Department is taking this opportunity to
make minor administrative updates to the following sections: Addresses,
For Further Information Contact, and History.
SYSTEM NAME AND NUMBER:
Risk Analysis and Management Records, State-78.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Office of Risk Analysis and Management (RAM), Department of State,
Washington, DC, 2201 C St. NW, Washington, DC 20520.
SYSTEM MANAGER(S):
Director, Office of Risk Analysis and Management (RAM) 2201 C St.
NW, Washington, DC 20520, [email protected].
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
18 U.S.C. 2339A, 2339B, 2339C; 22 U.S.C. 2151 et seq.; E.O. 13224,
13099 and 12947; and Homeland Security Presidential Directive-6.
PURPOSE(S) OF THE SYSTEM:
The information in the system supports the vetting of directors,
officers, or other employees of organizations who apply for Department
of State contracts, grants, cooperative agreements, or other funding;
and individuals who may benefit from such funding. The information
collected from these organizations and individuals is specifically used
to conduct screening to ensure that Department funds are not used to
provide support to entities or individuals deemed to be a risk to U.S.
national security interests.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The system covers key personnel of organizations that have applied
for contracts, grants, cooperative agreements, or other funding from
the Department of State; and individuals who may benefit from such
funding. These individuals may include but are not limited to principal
officers or directors, program managers, chief of party for the program
and other individuals employed by the organization. The Privacy Act
defines an individual at 5 U.S.C. 552a(a)(2) as a United States citizen
or lawful permanent resident.
CATEGORIES OF RECORDS IN THE SYSTEM:
Information in this system includes: Name, aliases, date and place
of birth, gender (as shown in a government-issued foreign or U.S. photo
ID), citizenship(s), government-issued identification information
(including but not limited to Social Security number if U.S. citizen or
Legal Permanent Resident, passport number, or any other numbers
originated by a government that specifically identifies an individual),
mailing address, telephone numbers, email, social media information,
current employer organizational and project title.
RECORD SOURCE CATEGORIES:
Information is collected from the record subjects themselves and
also from public sources, agencies conducting national security
screening, law enforcement and intelligence agency records, and other
government databases.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
Risk Analysis and Management Records may be disclosed:
(a.) To appropriate agencies, entities, and persons when (1) the
Department of State suspects or has confirmed that there has been a
breach of the system of records; (2) the Department of State has
determined that as a result of the suspected or confirmed breach there
is a risk of harm to individuals, the Department of State (including
its information systems, programs, and operations), the Federal
Government, or national security; and (3) the disclosure made to such
agencies, entities, and persons is reasonably necessary to assist in
connection with the Department of State efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such
harm.
(b.) To another Federal agency or Federal entity, when the
Department of State determines that information from this system of
records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2)
preventing, minimizing, or remedying the risk of harm to individuals,
the recipient agency or entity (including its information systems,
programs, and operations), the Federal Government, or
[[Page 16543]]
national security, resulting from a suspected or confirmed breach.
(c.) To other U.S. government agencies for vetting programs.
(d.) To the Federal Bureau of Investigation, the Department of
Homeland Security, the National Counter-Terrorism Center (NCTC), the
Terrorist Screening Center (TSC), or other appropriate federal
agencies, for the integration and use of such information to protect
against terrorism, if that record is about one or more individuals
known, or suspected, to be or to have been involved in activities
constituting, in preparation for, in aid of, or related to terrorism.
Such information may be further disseminated by recipient agencies to
Federal, State, local, territorial, tribal, and foreign government
authorities, and to support private sector processes as contemplated in
Homeland Security Presidential Directive/HSPD-6 and other relevant laws
and directives, for terrorist screening, threat-protection, and other
homeland security purposes.
(e.) To a federal, state, or local agency maintaining civil,
criminal, or other relevant enforcement information or other pertinent
information, such as current licenses, if necessary, to obtain
information relevant to an agency decision concerning the hiring or
retention of an employee, the issuance of a security clearance, the
letting of a contract, or the issuance of a license, grant, or other
benefit.
The Department of State periodically publishes in the Federal
Register its standard routine uses which apply to many of its Privacy
Act systems of records. These notices appear in the form of a Prefatory
Statement (published in Volume 73, Number 136, Public Notice 6290, on
July 15, 2008). All these standard routine uses apply to Risk Analysis
and Management Records, State-78.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored both in hard copy and on electronic media. A
description of standard Department of State policies concerning storage
of electronic records is found at https://fam.state.gov/FAM/05FAM/05FAM0440.html. All hard copies of records containing personal
information are maintained in secured file cabinets in restricted
areas, access to which is limited to authorized personnel only.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by name, date and place of birth, government
identifying numbers (such as Social Security numbers or passport
numbers), or other identifying data specified under Categories of
Records in the system.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records with no derogatory findings are purged annually; records
with derogatory information are maintained for seven years. Records are
retired and destroyed in accordance with published Department of State
Records Disposition Schedules as approved by the National Archives and
Records Administration (NARA) and outlined at https://foia.state.gov/Learn/RecordsDisposition.aspx. More specific information may be
obtained by writing to the following address: U.S. Department of State;
Director, Office of Information Programs and Services; A/GIS/IPS; 2201
C Street NW, Room B-266; Washington, DC 20520.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
All Department of State network users are given cyber security
awareness training which covers the procedures for handling Sensitive
but Unclassified (SBU) information, including personally identifiable
information (PII). Annual refresher training is mandatory. In addition,
all Department OpenNet network users are required to take, on a
biennial basis, the Foreign Service Institute distance learning course
instructing employees on privacy and security requirements, including
the rules of behavior for handling PII and the potential consequences
if it is handled improperly. Before being granted access to Risk
Analysis and Management Records, a user must first be granted access to
the Department of State computer network.
Department of State employees and contractors may remotely access
this system of records using non-Department-owned information
technology. Such access is subject to approval by the Department's
mobile and remote access program and is limited to information
maintained in unclassified information systems. Remote access to the
Department's information systems is configured in compliance with OMB
Circular A-130 multifactor authentication requirements and includes a
time-out function.
All Department of State employees and contractors with authorized
access to records maintained in this system of records have undergone a
thorough background security investigation. Access to the Department of
State, its annexes and posts abroad is controlled by security guards
and admission is limited to those individuals possessing a valid
identification card or individuals under proper escort. Access to
computerized files is password-protected and under the direct
supervision of the system manager. The system manager has the
capability of printing audit trails of access from the computer media,
thereby permitting regular and ad hoc monitoring of computer usage.
When it is determined that a user no longer needs access, the user
account is disabled.
RECORD ACCESS PROCEDURES:
Individuals who wish to gain access to or to amend records
pertaining to themselves should write to U.S. Department of State;
Director, Office of Information Programs and Services; A/GIS/IPS; 2201
C Street NW, Room B-266; Washington, DC 20520. The individual must
specify that he or she wishes the Risk Analysis and Management Records
to be checked. At a minimum, the individual must include: Full name
(including maiden name, if appropriate) and any other names used;
current mailing address and zip code; date and place of birth;
notarized signature or statement under penalty of perjury; a brief
description of the circumstances that caused the creation of the record
(including the city and/or country and the approximate dates) which
gives the individual cause to believe that the Risk Analysis and
Management Records include records pertaining to the individual.
Detailed instructions on Department of State procedures for accessing
and amending records can be found at the Department's FOIA website
located at https://foia.state.gov/Request/Guide.aspx.
CONTESTING RECORD PROCEDURES:
Individuals who wish to contest a record should write to U.S.
Department of State; Director, Office of Information Programs and
Services; A/GIS/IPS; 2201 C Street NW, Room B-266; Washington, DC
20520.
NOTIFICATION PROCEDURES:
Individuals who have reason to believe that this system of records
may contain information pertaining to themselves may write to U.S.
Department of State; Director, Office of Information Programs and
Services; A/GIS/IPS; 2201 C Street NW, Room B-266; Washington, DC
20520. The individual must specify that he or she wishes the Risk
Analysis and Management Records to be checked. At a minimum, the
individual must include: Full name (including maiden name, if
appropriate) and any other names used; current mailing address
[[Page 16544]]
and zip code; date and place of birth; notarized signature or statement
under penalty of perjury; a brief description of the circumstances that
caused the creation of the record (including the city and/or country
and the approximate dates) which gives the individual cause to believe
that the Risk Analysis and Management Records include records
pertaining to the individual.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
To the extent applicable, because this system contains information
related to the government's national security programs, records in this
system may be exempt from any part of 5 U.S.C. 552a except subsections
(b), (c)(1) and (2), (e)(4)(A) through (F), (e)(6),(7), (9), (10), and
(11) if the records in the system are subject to the exemption found in
5 U.S.C. 552a(j). To the extent applicable, records in this system may
be exempt from subsections (c)(3), (d), (e)(1), (e)(4)(G), (H), (I),
and (f) of 5 U.S.C. 552a if the records in the system are subject to
the exemption found in 5 U.S.C. 552a(k). Any other exempt records from
other systems of records that are recompiled into this system are also
considered exempt to the extent they are claimed as such in the
original systems.
HISTORY:
Previously published at 76 FR 76215.
Eric F. Stein,
Deputy Assistant Secretary, Bureau of Administration, Global
Information Services, US Department of State.
[FR Doc. 2022-06117 Filed 3-22-22; 8:45 am]
BILLING CODE 4710-24-P