Privacy Act of 1974; System of Records, 54242-54248 [2022-19077]

Agencies

• DEPARTMENT OF THE INTERIOR
• Office of the Secretary

[Federal Register Volume 87, Number 170 (Friday, September 2, 2022)]
[Notices]
[Pages 54242-54248]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-19077]


-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

Office of the Secretary

[DOI-2021-0006; 223D0102DM, DLSN00000.000000, DS65100000, DX.65101]


Privacy Act of 1974; System of Records

AGENCY: Office of the Secretary, Interior.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Department of the Interior (DOI) is issuing a public 
notice of its intent to modify the Privacy Act system of records, 
INTERIOR/DOI-45, HSPD-12: Identity Management System and Personnel 
Security Files. DOI is revising this notice to update the title of the 
system, update all sections of the system notice, propose new and 
modified routine uses, and provide general administrative updates to 
the remaining sections of the notice. Additionally, DOI is publishing a 
notice of proposed rulemaking (NPRM) elsewhere in the Federal Register 
to exempt this system of records from certain provisions of the Privacy 
Act. This modified system will be included in DOI's inventory of record 
systems.

DATES: This modified system will be effective upon publication. New or 
modified routine uses will be effective October 3, 2022. Submit 
comments on or before October 3, 2022.

ADDRESSES: You may send comments identified by docket number [DOI-2021-
0006] by any of the following methods:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for sending comments.
     Email: [email protected]. Include docket number 
[DOI-2021-0006] in the subject line of the message.
     U.S. Mail or Hand-Delivery: Teri Barnett, Departmental 
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, 
Room 7112, Washington, DC 20240.
    Instructions: All submissions received must include the agency name 
and docket number [DOI-2021-0006]. All comments received will be posted 
without change to https://www.regulations.gov, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to https://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Teri Barnett, Departmental Privacy 
Officer, U.S. Department of the Interior, 1849 C

[[Page 54243]]

Street NW, Room 7112, Washington, DC 20240, [email protected] or 
(202) 208-1605.

SUPPLEMENTARY INFORMATION:

I. Background

    The DOI Office of Law Enforcement and Security (OLES) maintains the 
INTERIOR/DOI-45, HSPD-12: Identity Management System and Personnel 
Security Files, system of records. This system supports the DOI 
Personnel Security Program functions to determine suitability, 
eligibility, and fitness for service of applicants for Federal 
employment and contract positions or individuals appointed to 
commissions and boards, including Bureau of Indian Education agency or 
local school boards, who require access to Departmental facilities, 
information systems and networks. The system also helps OLES manage a 
National Security Program to document and support decisions regarding 
clearance access to classified information and implement provisions 
that apply to Federal employees and contractors who access classified 
information or materials and participate in classified activities that 
impact national security, and ensure the safety, storage of classified 
information and security of Departmental facilities, information 
systems and networks, occupants, and users.
    DOI last published the INTERIOR/DOI-45, HSPD-12: Identity 
Management System and Personnel Security Files, system notice in the 
Federal Register on March 12, 2007 (72 FR 11036), modification 
published at 86 FR 50156 (September 7, 2021). DOI is publishing this 
revised notice to reflect the expanded scope of the modified system of 
records to meet personnel security and national security requirements 
outlined in Federal law, Executive Orders, and Intelligence Community 
(IC) policy for security clearance and access determinations, access to 
Sensitive Compartmented Information (SCI) reciprocity, exceptions to 
personnel security standards, and safeguarding classified information 
and secure facilities. DOI is proposing to change the title to 
INTERIOR/DOI-45, Personnel Security Program Files, to accurately 
reflect the purpose and scope of the system of records; update the 
system manager and system location; expand on categories of individuals 
covered by the system, the categories of records and records source 
categories sections; update authorities for maintenance of the system; 
update storage, safeguards, and records retention schedule; update the 
notification, records access and contesting procedures; and provide 
general updates in accordance with the Office of Management and Budget 
(OMB) Circular A-108, Federal Agency Responsibilities for Review, 
Reporting, and Publication under the Privacy Act.
    DOI personnel security records are maintained in DOI Bureau and 
Office Personnel Security Offices and in the National Background 
Investigation Services (NBIS) system managed by the Department of the 
Defense (DoD), Defense Counterintelligence and Security Agency (DCSA). 
The DCSA conducts background investigations, end-to-end personnel 
security, suitability, fitness, and credentialing processes, 
investigations, adjudications, and continuous vetting activities on 
behalf of Federal agencies. The records created and managed by DCSA 
belong to the DCSA and are covered by the DoD system of records notice 
(SORN), DUSDI 02-DoD, Personnel Vetting Records System (October 17, 
2018; 83 FR 52420). Copies of these decentralized records may be in the 
custody of DOI, but are owned by DoD and are subject to the DoD SORN. 
To the extent that individuals are seeking access to their background 
investigation records owned and managed by the DoD, individuals must 
follow the instructions in the DUSDI 02-DoD SORN and must submit a 
Privacy Act request for access, notification or amendment to the DoD 
system manager.
    This notice covers the records created and managed by DOI to 
support personnel security activities and document evaluations and 
decisions regarding suitability, eligibility, and fitness for service 
of applicants for Federal employment and contract positions to the 
extent necessary to manage secure access to Departmental facilities, 
information systems and networks, and to manage access to classified 
information and reciprocity.
    DOI is also changing the routine uses from a numeric to alphabetic 
list and is proposing to modify existing routine uses to provide 
clarity and transparency and reflect updates consistent with standard 
DOI routine uses. Routine use A has been modified to further clarify 
disclosures to the Department of Justice or other Federal agencies when 
necessary in relation to litigation or judicial proceedings. Routine 
use B has been modified to clarify disclosures to a congressional 
office to respond to or resolve an individual's request made to that 
office. Modified routine use E allows DOI to share information with 
other Federal agencies to assist in the performance of their 
responsibility to ensure records are accurate and complete, and to 
respond to requests from individuals who are the subject of the 
records. Routine use F facilitates sharing of information related to 
hiring, issuance of a security clearance, or a license, contract, grant 
or benefit. Routine use G has been modified to update the legal 
authority for the National Archives and Administration to conduct 
records management inspections. Routine use H has been modified to 
expand the sharing of information with territorial organizations in 
response to court orders or for discovery purposes related to 
litigation. Routine use I has been modified to include the sharing of 
information with grantees of DOI that perform services requiring access 
to these records on DOI's behalf to carry out the purposes of the 
system. Routine use J was slightly modified to allow DOI to share 
information with appropriate Federal agencies or entities when 
reasonably necessary to prevent, minimize, or remedy the risk of harm 
to individuals or the Federal Government resulting from a breach in 
accordance with OMB Memorandum M-17-12, Preparing for and Responding to 
a Breach of Personally Identifiable Information. Routine use L was 
modified to clarify sharing with OMB in relation to legislative affairs 
mandated by OMB Circular A-19. Routine use P was modified to expand the 
sharing of information with DoD and DCSA in support of personnel 
security programs, suitability, and/or credentialing. Routine use Q was 
modified to clarify that information is shared with the Federal Bureau 
of Investigation during background investigation activities.
    Proposed new routine use C permits sharing of information with the 
Executive Office of the President to respond to an inquiry by the 
individual to whom that record pertains. Proposed routine use D allows 
DOI to refer matters to the appropriate Federal, state, local, or 
foreign agencies, or other public authority agencies responsible for 
investigating or prosecuting violations of, or for enforcing, or 
implementing, a statute, rule, regulation, order, or license. Proposed 
routine use M allows sharing with the Department of the Treasury to 
recover debts owed to the United States. Proposed routine use N allows 
sharing of information with the news media and the public, with 
approval by the Public Affairs Officer and Senior Agency Official for 
Privacy in consultation with counsel, where there is a legitimate 
public interest or in support of a legitimate law enforcement or public 
safety function. Proposed routine use R allows sharing with Federal 
agencies

[[Page 54244]]

and organizations in the IC to manage accounts and access to systems, 
verify personnel security information, implement visitor control, and 
facilitate information sharing and clearance reciprocity. Proposed 
routine use S allows sharing with other Federal agencies and 
organizations to report, investigate, and respond to a classified 
spillage or major security violation. Proposed routine use T allows 
sharing with Congressional committees that have oversight of personnel 
security programs, background investigations, and continuous vetting 
activities. Proposed routine use U allows the Merit Systems Protection 
Board or the Office of the Special Counsel to respond to requests 
related to appeals and civil service and other merit systems, review of 
applicable agency rules and regulations, investigations of personnel 
practices, and other functions. Proposed routine use V allows sharing 
with another Federal agency or organization for national security 
purposes to fulfill responsibilities under Federal law or Executive 
Order. Proposed routine use W allows sharing with other agencies under 
a shared service agreement with DOI for the processing or maintenance 
of records in this system.
    In an NPRM published separately in today's Federal Register, DOI is 
proposing to exempt records maintained in this system from certain 
provisions of the Privacy Act pursuant to 5 U.S.C. 552a(k)(1), (k)(2), 
(k)(3), (k)(5), and (k)(6).

II. Privacy Act

    The Privacy Act of 1974, as amended, embodies fair information 
practice principles in a statutory framework governing the means by 
which Federal agencies collect, maintain, use, and disseminate 
individuals' records. The Privacy Act applies to records about 
individuals that are maintained in a ``system of records.'' A ``system 
of records'' is a group of any records under the control of an agency 
from which information is retrieved by the name of an individual or by 
some identifying number, symbol, or other identifying particular 
assigned to the individual. The Privacy Act defines an individual as a 
United States citizen or lawful permanent resident. Individuals may 
request access to their own records that are maintained in a system of 
records in the possession or under the control of DOI by complying with 
DOI Privacy Act regulations at 43 CFR part 2, subpart K, and following 
the procedures outlined in the Records Access, Contesting Record, and 
Notification Procedures sections of this notice.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the existence and character of each 
system of records that the agency maintains and the routine uses of 
each system. The INTERIOR/DOI-45, Personnel Security Program Files, 
SORN is published in its entirety below. In accordance with 5 U.S.C. 
552a(r), DOI has provided a report of this system of records to the 
Office of Management and Budget and to Congress.

III. Public Participation

    You should be aware your entire comment including your personally 
identifiable information, such as your address, phone number, email 
address, or any other personal information in your comment, may be made 
publicly available at any time. While you may request to withhold your 
personally identifiable information from public review, we cannot 
guarantee we will be able to do so.

SYSTEM NAME AND NUMBER:
    INTERIOR/DOI-45, Personnel Security Program Files.

SECURITY CLASSIFICATION:
    Classified and Unclassified.

SYSTEM LOCATION:
    The system is centrally managed by the Office of Law Enforcement 
and Security, Office of the Secretary, U.S. Department of the Interior, 
1849 C Street NW, Mail Stop 3428 MIB, Washington, DC 20240. Records are 
maintained in the NBIS system located at the Defense Information 
Systems Agency (DISA), Defense Enterprise Computing Center (DECC), 3990 
E Broad St., Columbus, OH 43213. Records in this system are also 
maintained by DOI bureaus and offices that manage personnel security 
programs at the following locations:
    (1) Bureau of Indian Affairs, Office of Human Capital Management, 
Personnel Security Office, 1011 Indian School Road NW, Suite 273, 
Albuquerque, NM 87104.
    (2) Bureau of Indian Education, Human Resources, Personnel Security 
Office, 1011 Indian School Road NW, Suite 150, Albuquerque, NM 87104.
    (3) Bureau of Land Management, National Operations Center, Office 
of Security Operations, Denver Federal Center, Building 50, Denver, 
Colorado 80225.
    (4) Bureau of Ocean Energy Management, 45600 Woodland Road, Mail 
Stop VAE/PSB, Sterling, VA 20166.
    (5) Bureau of Reclamation, Policy and Programs Directorate, 
Security Division, Personnel Security and Suitability Program, P.O. Box 
25007, Denver, CO 80225.
    (6) Bureau of Safety and Environmental Enforcement, 45600 Woodland 
Road, Mail Stop VAE/PSB, Sterling, VA 20166.
    (7) National Park Service, Workforce & Inclusion Directorate, 
Personnel Security & Identity Management Group, 1849 C Street NW, 
Washington, DC 20240.
    (8) Office of Surface Mining, Reclamation and Enforcement, Office 
of Human Resources, 1849 C Street NW, Mail Stop 1543 MIB, Washington, 
DC 20240.
    (9) Office of Inspector General, 381 Elden Street, Suite 3000, 
Herndon, VA 20170.
    (10) Office of the Solicitor, Division of Administration, 1849 C 
Street NW, Mail Stop 6556 MIB, Washington, DC 20240.
    (11) U.S. Fish and Wildlife Service, 5275 Leesburg Pike, Mail Stop: 
JAO, Falls Church, VA 22041.
    (12) U.S. Geological Survey, Office of Management Services, 
Security Management Branch, 12201 Sunrise Valley Drive, Mail Stop 250 
National Center, Reston, VA 20192.
    (13) Assistant Secretary--Indian Affairs, Office of Human Capital 
Management, Personnel Security, 12220 Sunrise Valley Drive, Reston, VA 
20191.

SYSTEM MANAGER(S):
    (1) Personnel Security Manager, Office of Law Enforcement and 
Security, U.S. Department of the Interior, 1849 C Street NW, Mail Stop 
3428 MIB, Washington, DC 20240.
    (2) National Security Program Office Manager, Office of Law 
Enforcement and Security, U.S. Department of the Interior, 1849 C 
Street NW, Mail Stop 3428 MIB, Washington, DC 20240. This official is 
responsible for the Classified National Security Information, the 
Sensitive Compartmented Information, and the Industrial Security 
Programs.
    (3) Bureau Personnel Security System Managers:
    (a) Bureau of Indian Affairs: Personnel Security Officer, Bureau of 
Indian Affairs, Office of Human Capital Management, Personnel Security 
Office, 1011 Indian School Road NW, Suite 273, Albuquerque, NM 87104.
    (b) Bureau of Indian Education: Personnel Security Specialist, 
Bureau of Indian Education, Human Resources, Personnel Security Office, 
1011 Indian School Road NW, Suite 150, Albuquerque, NM 87104.
    (c) Bureau of Land Management: Chief Security and Intelligence, 
Bureau of Land Management, Office of Law Enforcement and Security, 1620 
L Street NW, Washington, DC 20036.

[[Page 54245]]

    (d) Bureau of Ocean Energy Management, Personnel Security Officer, 
45600 Woodland Road, Mail Stop VAE/PSB, Sterling, VA 20166.
    (e) Bureau of Reclamation: Lead Personnel Security Specialist, 
Bureau of Reclamation, P.O. Box 25007, Denver, CO 80225.
    (f) Bureau of Safety and Environmental Enforcement: Personnel 
Security Officer, 45600 Woodland Road, Mail Stop VAE/PSB, Sterling, VA 
20166.
    (g) National Park Service: Security Officer, National Park Service, 
Workforce & Inclusion Directorate, Personnel Security & Identity 
Management Group, 1849 C Street NW, Washington, DC 20240.
    (h) Office of Surface Mining, Reclamation and Enforcement: 
Personnel Security Officer, Office of Surface Mining, Reclamation and 
Enforcement, 1951 Constitution Avenue NW, South Interior Building, 
Washington, DC 20240.
    (i) Office of Inspector General: Security Specialist, Office of 
Inspector General, 381 Elden Street, Suite 3000, Herndon, VA 20170.
    (j) Office of the Secretary/Interior Business Center: Security 
Manager, Interior Business Center, 1849 C Street NW, Mail Stop 1224 
MIB, Washington, DC 20240.
    (k) Office of the Solicitor: Director of Administrative Services, 
Division of Administration, Office of the Solicitor, 1849 C Street NW, 
Mail Stop 6556 MIB, Washington, DC 20240.
    (l) U.S. Fish and Wildlife Service: Personnel Security Manager, 
U.S. Fish and Wildlife Service, 5275 Leesburg Pike, Mail Stop: JAO, 
Falls Church, VA 22041.
    (m) U.S. Geological Survey: U.S. Geological Survey, Office of 
Management Services, Security Management Branch, 12201 Sunrise Valley 
Drive, Mail Stop 250 National Center, Reston, VA 20192.
    (n) Assistant Secretary--Indian Affairs, Office of Human Capital 
Management, Personnel Security Specialist, 12220 Sunrise Valley Drive, 
Reston, VA 20191.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    50 U.S.C. Ch. 23, Internal Security Act of 1950, as amended; 
National Security Act of 1947, as amended, Public Law 80-253; 40 U.S.C. 
11331, Responsibilities for Federal information systems standards; 
Federal Property and Administrative Services Act of 1949, as amended, 
Public Law 81-152; E-Government Act of 2002, Public Law 107-347, 
section 203; 44 U.S.C. 3501-3520, Paperwork Reduction Act of 1995; 5 
U.S.C. 301, Departmental regulations; 5 U.S.C. 3301, Civil service; 
generally; 5 U.S.C. 9101, Access to criminal history records for 
national security and other purposes; 42 U.S.C. 2165, Security 
restrictions; 42 U.S.C. 2201, General duties of Commission; 5 CFR part 
5, Regulations, Investigation, and Enforcement (Rule V); 5 CFR part 
732, National Security Positions; 5 CFR part 736, Personnel 
Investigations; Executive Order (E.O.) 9397, as amended, Numbering 
System for Federal Accounts Relating to Individual Persons; E.O. 10450, 
as amended, Security Requirements for Government Employment; E.O. 
10865, Safeguarding Classified Information within Industry; E.O. 12829, 
as amended, National Industrial Security Program; Executive Order 
12333, as amended, United States Intelligence Activities; Executive 
Order 12968, as amended, Access to Classified Information; E.O. 13470, 
Further Amendments to Executive Order 12333, United States Intelligence 
Activities; E.O. 13488, as amended, Granting Reciprocity on Excepted 
Service and Federal Contractor Employee Fitness and Reinvestigating 
Individuals in Positions of Public Trust; E.O. 13526, Classified 
National Security Information; E.O. 13741, Amending Executive Order 
13467, To Establish the Roles and Responsibilities of the National 
Background Investigations Bureau and Related Matters; E.O. 13764, 
Amending the Civil Service Rules; Security Executive Agent Directives; 
Homeland Security Presidential Directive (HSPD) 12, Policy for a Common 
Identification Standard for Federal Employees and Contractors, August 
27, 2004; 32 CFR parts 2001 and 2003; and Federal Information 
Processing Standard (FIPS) 201-3, Personal Identity Verification (PIV) 
of Federal Employees and Contractors.

PURPOSE(S) OF THE SYSTEM:
    The primary purposes of the system are:
    (1) To document and support decisions regarding suitability, 
eligibility, and fitness for service of applicants for Federal 
employment, contractors and subcontractors, students, interns, 
affiliates, or volunteers, or individuals appointed to commissions and 
boards, including Bureau of Indian Education agency or local school 
boards, to the extent their duties require regular, ongoing access to 
Departmental facilities and information systems and networks including 
clearance for access to classified information and Sensitive 
Compartmented Information (SCI) access;
    (2) To prescribe a uniform system for classification management, 
safeguarding, and declassifying national security information;
    (3) To ensure the safety and security of Departmental facilities, 
information systems and networks, occupants, and users; and
    (4) To verify personnel security clearances, access to SCI, 
reciprocity, and documented exceptions to personnel security standards.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    (1) Individuals who require regular, ongoing access to Departmental 
facilities, information systems and networks, that will grant them 
access to either classified and unclassified information in the 
interest of national security, including applicants for employment or 
contracts with DOI, Departmental employees, contractors, 
subcontractors, students, interns, volunteers, affiliates, or 
individuals appointed to commissions and boards, including Bureau of 
Indian Education agency or local school boards, and individuals 
formerly in any of these positions. In addition, it will cover 
individuals needing access to a uniform system of classification 
management.
    (2) Employees of independent agencies, councils and commissions, 
which are provided administrative support by DOI.

CATEGORIES OF RECORDS IN THE SYSTEM:
    (1) Copies of forms submitted by individuals covered by this system 
including but not limited to: SF 85, Questionnaire for Non-Sensitive 
Positions; SF 85P, Questionnaire for Public Trust Positions; SF 85P-S, 
Supplemental Questionnaire for Selected Positions; SF-86, Questionnaire 
for National Security Positions; SF 86C, Certification; SF 87 
Fingerprint Chart; the FD 258 Applicant Fingerprint Card; and other 
forms and information provided by individuals.
    (2) Personnel security records including but not limited to 
favorable or unfavorable adjudications related to suitability, fitness 
for service, credentialing, and continuous vetting, and approvals, 
denials, revocations, suspensions, waivers, deviations or eligibility-
for-access determinations related to national security.
    (3) Records of all collateral clearances, SCI access, and personnel 
security background investigations and adjudications granted or 
conducted by an IC element, to include pending and cancelled 
investigations or adjudications.
    (4) Copies of letters of transmittal between DOI and the Department 
of

[[Page 54246]]

Defense regarding the covered individual's background investigation.
    (5) Copies of certification of clearance status and briefings and/
or copies of debriefing certificates signed by the individual, as 
appropriate. Card files contain case file summaries, case numbers, and 
dispositions of case files following review.
    (6) Copies of the annual Self-Inspection Report that is due to the 
Information Security Oversight Office (ISOO); loss, possible 
compromise, or unauthorized disclosure of classified information; 
mandatory review of declassified information report; and any report as 
stipulated by ISOO under the authority 32 CFR parts 2001 and 2003.
    (7) Records maintained on individuals issued credentials by the 
Department including personal identity verification (PIV) request form, 
PIV registrar approval signature, PIV card serial number, PIV card 
issue and expiration dates, personal identification number, emergency 
responder designation, copies of ``I-9'' documents including driver's 
license, birth certificate or other government issued identification 
used to verify identification. These records include information 
derived from those documents such as document title, document issuing 
authority, document number, or document expiration date; level of 
national security clearance and expiration date; computer system user 
name; user access and permission rights, authentication certificates; 
and digital signature information.
    These records may contain a combination of personally identifiable 
information on individuals including but not limited to: full name, 
former names, date of birth, place of birth, Social Security number 
(SSN), signature, home and work address, personal and official email 
address, personal and official phone numbers, driver's license number, 
passport number, foreign passport, employment or travel visa, 
employment history, agency affiliation (i.e., employee, contractor or 
volunteer); military record including status, branch of service, entry 
and separation date, and type of discharge; residential history, 
education and degrees earned, names of associates and references and 
their contact information, citizenship, names of relatives, birthdates 
and places of relatives, citizenship of relatives, names of relatives 
who work for the Federal government, criminal history, mental health 
history, drug use, financial information, image (photograph), 
fingerprints, gender, hair color, eye color, height, weight; and 
background investigation, summary report of investigation, results of 
suitability decisions, level of security clearance, date of issuance of 
security clearance, and requests for appeal.

RECORD SOURCE CATEGORIES:
    Information is obtained from a variety of sources including 
applicants for employment with DOI, employees, contractors, 
subcontractors, students, interns, volunteers, affiliates, or 
individuals appointed to commissions and boards, including Bureau of 
Indian Education agency or local school boards, individuals formerly in 
any of these positions, and individuals who are the subject of a 
background investigation through forms such as the SF-85, Questionnaire 
for Non-Sensitive Positions, SF-85P, Questionnaire for Public Trust 
Positions, SF-86, Questionnaire for the National Security Positions, 
and self-reported information provided in other forms; personal 
interviews; employers' and former employers' records; other Federal 
agencies supplying data on covered individuals; Federal Bureau of 
Investigation criminal history records and other law enforcement 
databases; financial institutions and credit reports; medical records 
and health care providers; educational institutions; and individuals or 
Federal, state, local, territory, tribal entities or an individual as 
protected by the Freedom of Information Act.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DOI as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including Offices of the 
U.S. Attorneys, or other Federal agency conducting litigation or in 
proceedings before any court, adjudicative, or administrative body, 
when it is relevant or necessary to the litigation and one of the 
following is a party to the litigation or has an interest in such 
litigation:
    (1) DOI or any component of DOI;
    (2) Any other Federal agency appearing before the Office of 
Hearings and Appeals;
    (3) Any DOI employee or former employee acting in his or her 
official capacity;
    (4) Any DOI employee or former employee acting in his or her 
individual capacity when DOI or DOJ has agreed to represent that 
employee or pay for private representation of the employee; or
    (5) The United States Government or any agency thereof when DOJ 
determines that DOI is likely to be affected by the proceeding.
    B. To a congressional office when requesting information on behalf 
of, and at the request of, the individual who is the subject of the 
record, to the extent the records have not been exempted from 
disclosure pursuant to 5 U.S.C. 552a(k).
    C. To the Executive Office of the President in response to an 
inquiry from that office made at the request of the subject of a record 
or a third party on that person's behalf, or for a purpose compatible 
with the reason for which the records are collected or maintained, to 
the extent the records have not been exempted from disclosure pursuant 
to 5 U.S.C. 552a(k).
    D. To any criminal, civil, or regulatory law enforcement authority 
(whether Federal, state, territorial, local, tribal or foreign) when a 
record, either alone or in conjunction with other information, 
indicates a violation or potential violation of law--criminal, civil, 
or regulatory in nature, and the disclosure is compatible with the 
purpose for which the records were compiled.
    E. To an official of another Federal agency to provide information 
needed in the performance of official duties related to reconciling or 
reconstructing data files or to enable that agency to respond to an 
inquiry by the individual to whom the record pertains.
    F. To Federal, state, territorial, local, tribal, or foreign 
agencies that have requested information relevant or necessary to the 
hiring, firing or retention of an employee or contractor, or the 
issuance of a security clearance, license, contract, grant or other 
benefit, when the disclosure is compatible with the purpose for which 
the records were compiled.
    G. To representatives of the National Archives and Records 
Administration (NARA) to conduct records management inspections under 
the authority of 44 U.S.C. 2904 and 2906.
    H. To state, territorial and local governments and tribal 
organizations to provide information needed in response to court order 
and/or discovery purposes related to litigation, when the disclosure is 
compatible with the purpose for which the records were compiled.
    I. To an expert, consultant, grantee, or contractor (including 
employees of the contractor) of DOI that performs services requiring 
access to these records on DOI's behalf to carry out the purposes of 
the system.
    J. To appropriate agencies, entities, and persons when:

[[Page 54247]]

    (1) DOI suspects or has confirmed that there has been a breach of 
the system of records;
    (2) DOI has determined that as a result of the suspected or 
confirmed breach there is a risk of harm to individuals, DOI (including 
its information systems, programs, and operations), the Federal 
Government, or national security; and
    (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DOI's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    K. To another Federal agency or Federal entity, when DOI determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in:
    (1) responding to a suspected or confirmed breach; or
    (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    L. To the Office of Management and Budget (OMB) during the 
coordination and clearance process in connection with legislative 
affairs as mandated by OMB Circular A-19.
    M. To the Department of the Treasury to recover debts owed to the 
United States.
    N. To the news media and the public, with the approval of the 
Public Affairs Officer in consultation with counsel and the Senior 
Agency Official for Privacy, where there exists a legitimate public 
interest in the disclosure of the information, except to the extent it 
is determined that release of the specific information in the context 
of a particular case would constitute an unwarranted invasion of 
personal privacy.
    O. To the Federal Protective Service and appropriate Federal, 
state, local or foreign agencies responsible for investigating 
emergency response situations or investigating or prosecuting the 
violation of or for enforcing or implementing a statute, rule, 
regulation, order or license, when DOI becomes aware of a violation or 
potential violation of a statute, rule, regulation, order or license.
    P. To the Department of Defense, Defense Counterintelligence and 
Security Agency, Director of National Intelligence, as Security 
Executive Agent, the Director of the Office of Personnel Management, as 
Suitability Executive Agent or Credentialing Executive Agent, or their 
assignee, to perform oversight or any functions authorized by law or 
executive order in support of personnel security programs, suitability, 
and/or credentialing.
    Q. To the Federal Bureau of Investigation for the purpose of 
conducting background investigations and performing authorized audit 
and oversight functions.
    R. To Federal agencies and organizations in the Intelligence 
Community to manage individual accounts and logical access to systems, 
verify personnel security information, and facilitate information 
sharing, visitor control, and clearance reciprocity.
    S. To other Federal agencies and organizations as appropriate to 
report, investigate, and respond to a classified spillage and/or any 
major security violation.
    T. To a Congressional committee with jurisdiction for oversight of 
matters pertaining to personnel security programs, background 
investigations, and continuous vetting activities.
    U. To the Merit Systems Protection Board or the Office of the 
Special Counsel to disclose information when requested in connection 
with appeals, special studies of the civil service and other merit 
systems, review of applicable agency rules and regulations, 
investigations of alleged or possible prohibited personnel practices, 
and such other functions, e.g., as promulgated in 5 U.S.C. 1205 and 
1206, or as may be authorized by law.
    V. To another Federal agency or organization when authorized and 
necessary for the purpose of national security, to include but not 
limited to, insider threat, counterintelligence, counterterrorism, and 
homeland defense activities to fulfill responsibilities under Federal 
law or Executive Order.
    W. To another Federal agency or organization operating under a 
shared service agreement with DOI for the processing and maintenance of 
records and support related to the provision of personnel security and 
suitability services, to reconstitute the system in case of system 
failure or helpdesk request, and to ensure the integrity of the system 
and effective management of personnel security program functions.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Paper records are contained in file folders stored within filing 
cabinets in secured rooms. Electronic records are contained in 
computers, compact discs, computer tapes, removable drives, email, 
diskettes, and electronic databases.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrievable by name, SSN, and date of birth.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    The Departmental Records Schedule (DRS), Administrative Records 
Bucket Schedule has superseded many of the General Records Schedule 
(GRS) items for security records. Personnel security records include 
questionnaires, summaries of reports prepared by the investigating 
agency, documentation of agency adjudication process and final 
determination, as well as case files of applicants not hired. The 
records disposition is temporary. Records are cut off one year after 
consideration of the candidate ends and destroyed when no longer needed 
after cutoff (DRS 1.1.0003, DAA-0048-2013-0001-0003). For records 
maintained on individuals issued credentials by the Department 
including PIV request form, PIV registrar approval signature, PIV card 
serial number, PIV card issue and expiration dates, personal 
identification number, emergency responder designation, copies of ``I-
9'' documents including driver's license, birth certificate or other 
government issued identification used to verify identification, the 
records disposition is temporary. The records are cut off at the end of 
the fiscal year in which files are closed and destroyed 7 years after 
cut off (DRS 1.1.0002, DAA-0048-2013-0001-0002). The Standard Form 312, 
Classified Information Nondisclosure Agreement (NDA), is covered under 
GRS 4.2 item 121 (DAA-GRS-2015-0002-0003) and requires longer 
retention. The disposition is temporary. SF 312 forms are destroyed 50 
years after final signature.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The records contained in this system are safeguarded in accordance 
with 43 CFR 2.226 and other applicable security and privacy rules and 
policies. Paper records are maintained in locked file cabinets and/or 
safes under the control of authorized personnel during normal hours of 
operation. Computer servers on which electronic records are stored are 
located in secured DOI and DoD facilities with physical, technical and 
administrative levels of security to prevent unauthorized access to the 
DOI or DoD network and information assets. Authorized DOI and DoD 
personnel must complete training specific to their roles to ensure they 
are knowledgeable about how to protect personally

[[Page 54248]]

identifiable information before they are granted access to the system 
of records.
    Computerized records systems follow the National Institute of 
Standards and Technology privacy and security standards as developed to 
comply with the Privacy Act of 1974, as amended, 5 U.S.C. 552a; 
Paperwork Reduction Act of 1995, 44 U.S.C. 3501 et seq.; Federal 
Information Security Modernization Act of 2014, 44 U.S.C. 3551 et seq.; 
and the Federal Information Processing Standards 199: Standards for 
Security Categorization of Federal Information and Information Systems. 
Security controls include user identification, passwords, database 
permissions, encryption, firewalls, audit logs, and network system 
security monitoring and software controls which establish access levels 
according to the type of user. Access to records in the system is 
limited to authorized personnel who have a need to access the records 
in the performance of their official duties, and each user's access is 
restricted to only the functions and data necessary to perform that 
person's job responsibilities. Audit trails are maintained and reviewed 
periodically to identify unauthorized access or use. System 
administrators and authorized users are trained and required to follow 
established internal security protocols and must complete all security, 
privacy, and records management training and sign the DOI Rules of 
Behavior.

RECORD ACCESS PROCEDURES:
    DOI is proposing to exempt portions of this system from the 
notification, access, and amendment procedures of the Privacy Act 
pursuant to sections (k)(1), (k)(2), (k)(3), (k)(5), and (k)(6). DOI 
will make access determinations on a case-by-case basis.
    An individual requesting records on himself or herself should send 
a signed, written inquiry to the applicable System Manager identified 
above. The request must include the specific bureau or office that 
maintains the record to facilitate location of the applicable records. 
The request envelope and letter should both be clearly marked ``PRIVACY 
ACT REQUEST FOR ACCESS.'' A request for access must meet the 
requirements of 43 CFR 2.238.

CONTESTING RECORD PROCEDURES:
    DOI is proposing to exempt portions of this system from the 
notification, access, and amendment procedures of the Privacy Act 
pursuant to sections (k)(1), (k)(2), (k)(3), (k)(5), and (k)(6). DOI 
will make amendment determinations on a case by case basis.
    An individual requesting corrections or the removal of material 
from his or her records should send a signed, written request to the 
applicable System Manager as identified above. The request must include 
the specific bureau or office that maintains the record to facilitate 
location of the applicable records. A request for corrections or 
removal must meet the requirements of 43 CFR 2.246.

NOTIFICATION PROCEDURES:
    DOI is proposing to exempt portions of this system from the 
notification, access, and amendment procedures of the Privacy Act 
pursuant to sections (k)(1), (k)(2), (k)(3), (k)(5), and (k)(6). DOI 
will make notification determinations on a case by case basis.
    An individual requesting notification of the existence of records 
on himself or herself should send a signed, written inquiry to the 
applicable System Manager as identified above. The request must include 
the specific bureau or office that maintains the record to facilitate 
location of the applicable records. The request envelope and letter 
should both be clearly marked ``PRIVACY ACT INQUIRY.'' A request for 
notification must meet the requirements of 43 CFR 2.235.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    This system contains background investigation records and 
investigatory records related to law enforcement and 
counterintelligence activities that are exempt from certain provisions 
of the Privacy Act, 5 U.S.C. 552a(k). Pursuant to the Privacy Act, 5 
U.S.C. 552a(k)(1), (k)(2), (k)(3), (k)(5), and (k)(6), DOI has exempted 
portions of this system from the following subsections of the Privacy 
Act: (c)(3), (c)(4), (d), (e)(1) through (e)(3), (e)(4)(G) through 
(e)(4)(I), (e)(5), (e)(8), (e)(12), (f), and (g). In accordance with 5 
U.S.C. 553(b), (c) and (e), DOI is publishing a NPRM separately in the 
Federal Register to claim exemptions under 5 U.S.C. 552a(k)(1), (k)(2), 
(k)(3), (k)(5), and (k)(6). Additionally, when this system receives a 
record from another system exempted in that source system under 5 
U.S.C. 552a(j) or (k), DOI claims the same exemptions for those records 
that are claimed for the original primary systems of records from which 
they originated and claims any additional exemptions set forth here.

HISTORY:
    72 FR 11036 (March 12, 2007); modification published at 86 FR 50156 
(September 7, 2021).

Teri Barnett,
Departmental Privacy Officer, Department of the Interior.
[FR Doc. 2022-19077 Filed 9-1-22; 8:45 am]
BILLING CODE 4334-63-P