Privacy Act of 1974; System of Records, 18925-18928 [2024-05576]
Download as PDF
<![CDATA[
Federal Register / Vol. 89, No. 52 / Friday, March 15, 2024 / Notices
DEPARTMENT OF ENERGY
Environmental Management SiteSpecific Advisory Board, Nevada
Office of Environmental
Management, Department of Energy.
ACTION: Notice of open meeting.
AGENCY:
This notice announces an inperson/virtual hybrid meeting of the
Environmental Management SiteSpecific Advisory Board (EM SSAB),
Nevada. The Federal Advisory
Committee Act requires that public
notice of this meeting be announced in
the Federal Register.
DATES: Wednesday, April 17, 2024; 4:00
p.m.–7:45 p.m. PDT.
The opportunity for public comment
is at 4:10 p.m. PDT.
This time is subject to change; please
contact the Nevada Site Specific
Advisory Board (NSSAB) Administrator
(below) for confirmation of time prior to
the meeting.
ADDRESSES: This meeting will be open
to the public in-person at the Beatty
Community Center (address below) or
virtually via Microsoft Teams. To attend
virtually, please contact Barbara Ulmer,
NSSAB Administrator, by email nssab@
emcbc.doe.gov or phone (702) 523–
0894, no later than 4:00 p.m. PDT on
Monday, April 15, 2024.
Beatty Community Center, 100 A
South Avenue, Beatty, Nevada 89003.
FOR FURTHER INFORMATION CONTACT:
Barbara Ulmer, NSSAB Administrator,
by phone: (702) 523–0894 or email:
nssab@emcbc.doe.gov or visit the
Board’s internet homepage at
www.nnss.gov/NSSAB/.
SUPPLEMENTARY INFORMATION:
Purpose of the Board: The purpose of
the Board is to provide advice and
recommendations concerning the
following EM site-specific issues: cleanup activities and environmental
restoration; waste and nuclear materials
management and disposition; excess
facilities; future land use and long-term
stewardship. The Board may also be
asked to provide advice and
recommendations on any EM program
components.
SUMMARY:
khammond on DSKJM1Z7X2PROD with NOTICES
Tentative Agenda
18:17 Mar 14, 2024
Signed in Washington, DC, on March 12,
2024.
Treena V. Garrett,
Federal Register Liaison Officer, U.S.
Department of Energy.
[FR Doc. 2024–05570 Filed 3–14–24; 8:45 am]
BILLING CODE 6450–01–P
1. Public Comment Period
2. Update from Deputy Designated
Federal Officer
3. Update from National Nuclear
Security Administration/Nevada Field
Office
4. Updates from NSSAB Liaisons
5. Presentations
Public Participation: The in-person/
online virtual hybrid meeting is open to
VerDate Sep<11>2014
the public either in-person at the Beatty
Community Center or via Microsoft
Teams. To sign-up for public comment,
please contact the NSSAB
Administrator (above) no later than 4:00
p.m. PDT on Monday, April 15, 2024. In
addition to participation in the live
public comment session identified
above, written statements may be filed
with the Board either before or within
seven days after the meeting by sending
them to the NSSAB Administrator at the
aforementioned email address. Written
public comment received prior to the
meeting will be read into the record.
The Deputy Designated Federal Officer
is empowered to conduct the meeting in
a fashion that will facilitate the orderly
conduct of business. Individuals
wishing to make public comments can
do so in 2-minute segments for the 15
minutes allotted for public comments.
Minutes: Minutes will be available by
writing or calling Barbara Ulmer,
NSSAB Administrator, U.S. Department
of Energy, EM Nevada Program, 100
North City Parkway, Suite 1750, Las
Vegas, NV 89106; Phone: (702) 523–
0894. Minutes will also be available at
the following website: https://
www.nnss.gov/nssab/nssab-meetings/.
Signing Authority: This document of
the Department of Energy was signed on
March 12, 2024, by David Borak, Deputy
Committee Management Officer,
pursuant to delegated authority from the
Secretary of Energy. That document
with the original signature and date is
maintained by DOE. For administrative
purposes only, and in compliance with
requirements of the Office of the Federal
Register, the undersigned DOE Federal
Register Liaison Officer has been
authorized to sign and submit the
document in electronic format for
publication, as an official document of
the Department of Energy. This
administrative process in no way alters
the legal effect of this document upon
publication in the Federal Register.
Jkt 262001
DEPARTMENT OF ENERGY
Privacy Act of 1974; System of
Records
AGENCY:
ACTION:
U.S. Department of Energy.
Notice of a modified system of
records.
PO 00000
Frm 00038
Fmt 4703
Sfmt 4703
18925
As required by the Privacy
Act of 1974 and the Office of
Management and Budget (OMB)
Circulars A–108 and A–130, the
Department of Energy (DOE or the
Department) is publishing notice of a
modification to an existing Privacy Act
System of Records. DOE proposes to
amend System of Records DOE–23
Property Accountability System. This
System of Records Notice (SORN) is
being modified to align with new
formatting requirements, published by
the Office of Management and Budget,
and to ensure appropriate Privacy Act
coverage of business processes and
Privacy Act information. While there are
no substantive changes to the
‘‘Categories of Individuals’’ or
‘‘Categories of Records’’ sections
covered by this SORN, substantive
changes have been made to the ‘‘System
Locations,’’ ‘‘Routine Uses,’’ and
‘‘Administrative, Technical and
Physical Safeguards’’ sections to
provide greater transparency. Changes
to ‘‘Routine Uses’’ include new
provisions related to responding to
breaches of information held under a
Privacy Act SORN as required by OMB’s
Memorandum M–17–12, ‘‘Preparing for
and Responding to a Breach of
Personally Identifiable Information’’
(January 3, 2017). Language throughout
the SORN has been updated to align
with applicable Federal privacy laws,
policies, procedures, and best practices.
DATES: This modified SORN will
become applicable following the end of
the public comment period on April 15,
2024 unless comments are received that
result in a contrary determination.
ADDRESSES: Written comments should
be sent to the DOE Desk Officer, Office
of Information and Regulatory Affairs,
Office of Management and Budget, New
Executive Office Building, Room 10102,
735 17th Street NW, Washington, DC
20503 and to Ken Hunt, Chief Privacy
Officer, U.S. Department of Energy,
1000 Independence Avenue SW, Rm
8H–085, Washington, DC 20585 or by
facsimile at (202) 586–8151 or by email
at privacy@hq.doe.gov.
FOR FURTHER INFORMATION CONTACT: Ken
Hunt, Chief Privacy Officer, U.S.
Department of Energy, 1000
Independence Avenue SW, Rm 8H–085,
Washington, DC 20585, by facsimile at
(202) 586–8151, by email at privacy@
hq.doe.gov, or by telephone at (240)
686–9485.
SUPPLEMENTARY INFORMATION: On
January 9, 2009, DOE published a
Compilation of its Privacy Act systems
of records, which included System of
Records DOE–23 Property
Accountability System. This notice
SUMMARY:
E:\FR\FM\15MRN1.SGM
15MRN1
khammond on DSKJM1Z7X2PROD with NOTICES
18926
Federal Register / Vol. 89, No. 52 / Friday, March 15, 2024 / Notices
proposes amendments to the System
Locations section of that System of
Records by removing four System
Locations where DOE–23 is no longer
applicable. These locations are as
follows: Bonneville Power
Administration, the National Energy
Technology Laboratory, Southeastern
Area Power Administration, and
Western Area Power Administration. In
the ‘‘Routine Uses’’ section, this
modified notice deletes a previous
routine use concerning efforts
responding to a suspected or confirmed
loss of confidentiality of information as
it appears in DOE’s compilation of its
Privacy Act systems of records (January
9, 2009) and replaces it with one to
assist DOE with responding to a
suspected or confirmed breach of its
records of Personally Identifiable
Information (PII), modeled with
language from OMB’s Memorandum M–
17–12, ‘‘Preparing for and Responding
to a Breach of Personally Identifiable
Information’’ (January 3, 2017). Further,
this notice adds one new routine use to
ensure that DOE may assist another
agency or entity in responding to the
other agency’s or entity’s confirmed or
suspected breach of PII, as appropriate,
as aligned with OMB’s Memorandum
M–17–12.
Additionally, the routine use formerly
numbered six has been determined to be
duplicative and therefore has been
deleted. This routine use is covered by
that which is currently numbered five.
From the ‘‘Categories of Records in the
System’’ section, the following elements
have been removed: operation number,
high risk field, disposal code, the name
and employee identification and
position numbers of employees’
assigned equipment, account numbers,
and user activity on device. To this
section, ‘‘name and phone number of
individual to whom equipment is
issued’’ and ‘‘name of the Accountable
Property Representative’’ have been
added to reflect current processes. To
‘‘Categories of Individuals,’’ the
qualifiers ‘‘current and former’’ and
‘‘employees and contractors’’ have been
added to qualify ‘‘DOE employees.’’ The
‘‘Purpose(s) of the System’’ section now
includes the following: ‘‘(f) enable
security-related functions in the event
that government property is misused,
lost, or stolen.’’ An administrative
change required by the FOIA
Improvement Act of 2016 extends the
length of time a requestor is permitted
to file an appeal under the Privacy Act
from 30 to 90 days. Both the ‘‘System
Locations’’ and ‘‘Administrative,
Technical and Physical Safeguards’’
sections have been modified to reflect
VerDate Sep<11>2014
18:17 Mar 14, 2024
Jkt 262001
the Department’s usage of cloud-based
services for records storage. Language
throughout the SORN has been updated
to align with applicable Federal privacy
laws, policies, procedures, and best
practices.
SYSTEM NAME AND NUMBER:
DOE–23 Property Accountability
System.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Systems leveraging this SORN may
exist in multiple locations. All systems
storing records in a cloud-based server
are required to use governmentapproved cloud services and follow
National Institute of Standards and
Technology (NIST) security and privacy
standards for access and data retention.
Records maintained in a governmentapproved cloud server are accessed
through secure data centers in the
continental United States.
U.S. Department of Energy,
Headquarters, 1000 Independence
Avenue SW, Washington, DC 20585.
U.S. Department of Energy, Office of
River Protection, P.O. Box 450,
Richland, WA 99352.
U.S. Department of Energy, Richland
Operations Office, P.O. Box 550,
Richland, WA 99352.
U.S. Department of Energy,
Southwestern Power Administration,
One West Third Street, Suite 1500,
Tulsa, OK 74103.
SYSTEM MANAGER(S):
Headquarters: Director, Office of
Management, U.S. Department of
Energy, 1000 Independence Avenue
SW, Washington, DC 20585.
Field Offices: The Managers of the
‘‘System Locations’’ listed above are the
system managers for their respective
portions of the system.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 7101 et seq.: 50 U.S.C. 2401
et seq.; Federal Property and
Administrative Services Act of 1949,
section 202(b), 40 U.S.C. 483(b); and 41
CFR part 109, Federal Property
Management Regulation (FPMR),
subchapter E, part 109.
PURPOSE(S) OF THE SYSTEM:
Records in this system are maintained
and used by DOE (a) to provide
inventories to satisfy other Federal
Procurement Management Regulation
requirements; (b) to maintain a record of
location of emergency equipment; (c) to
control equipment assignments,
including but not limited to those
authorized under union contracts; (d) to
PO 00000
Frm 00039
Fmt 4703
Sfmt 4703
provide management information
necessary for the budgeting and
allocation of equipment; (e) to provide
evidence of assignment, location, use,
and value in the event that government
property is misused, lost or stolen; and
(f) enable security-related functions in
the event that government property is
misused, lost, or stolen.
Current and former DOE employees
and contractors, including National
Nuclear Security Administration
(NNSA) employees, and contractor
employees, authorized to be custodians
of controlled DOE equipment.
CATEGORIES OF RECORDS IN THE SYSTEM:
Item description, date of purchase,
acquire date, purchase price, purchase
order number, vendor and
manufacturer, model/serial/license
number, property tag identification,
status/date, condition of property, name
and phone number of individual to
whom equipment is issued, name of the
Accountable Property Representative,
organization, organization code, and
location.
RECORD SOURCE CATEGORIES:
Information in this system comes
from the Payroll/Personnel system
application, various internal forms,
accountable property representatives
and employees, data processing
personnel, supply officers, and
information from use of government
property.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
1. A record from this system may be
disclosed as a routine use to any law
enforcement agency as needed to
provide evidence of assignment,
location, and value in the event that
government property is stolen.
2. A record from this system may be
disclosed as a routine use to the
appropriate local, Tribal, State, or
Federal agency when records, alone or
in conjunction with other information,
indicate a violation or potential
violation of law whether civil, criminal,
or regulatory in nature, and whether
arising by general statute or particular
program pursuant thereto.
3. A record from this system may be
disclosed as a routine use for the
purpose of an investigation, settlement
of claims, or the preparation and
conduct of litigation to (1) persons
representing the Department in the
investigation, settlement or litigation,
and to individuals assisting in such
representation; (2) others involved in
E:\FR\FM\15MRN1.SGM
15MRN1
khammond on DSKJM1Z7X2PROD with NOTICES
Federal Register / Vol. 89, No. 52 / Friday, March 15, 2024 / Notices
the investigation, settlement, and
litigation, and their representatives and
individuals assisting those
representatives; (3) witnesses, potential
witnesses, or their representatives and
assistants; and (4) any other persons
who possess information pertaining to
the matter when it is relevant and
necessary to obtain information or
testimony relevant to the matter.
4. A record from this system may be
disclosed as a routine use in court or
administrative proceedings to the
tribunals, counsel, other parties,
witnesses, and the public (in publicly
available pleadings, filings, or
discussion in open court) when such
disclosure: (1) is relevant to, and
necessary for, the proceeding; (2) is
compatible with the purpose for which
the Department collected the records;
and (3) the proceedings involve:
a. The Department, its predecessor
agencies, current or former contractors
of the Department, or other United
States Government agencies and their
components, or
b. A current or former employee of the
Department and its predecessor
agencies, current or former contractors
of the Department, or other United
States Government agencies and their
components, who is acting in an official
capacity or in any individual capacity
where the Department or other United
States Government agency has agreed to
represent the employee.
5. A record from this system may be
disclosed as a routine use to a Federal,
State, Tribal, or local agency to facilitate
the requesting agency’s decision
concerning the hiring or retention of an
employee, the issuance of a security
clearance, the reporting of an
investigation of an employee, the letting
of a contract, or the issuance of a
license, grant, or other benefit, to the
extent that the information is relevant
and necessary to the requesting agency’s
decision on the matter. The Department
must deem such disclosure to be
compatible with the purpose for which
the Department collected the
information.
6. A record from this system may be
disclosed as a routine use to DOE
contractors in performance of their
contracts, and their officers and
employees who have a need for the
record in the performance of their
duties. Those provided information
under this routine use are subject to the
same limitations applicable to DOE
officers and employees under the
Privacy Act.
7. A record from this system may be
disclosed as a routine use to a member
of Congress submitting a request
involving a constituent when the
VerDate Sep<11>2014
18:17 Mar 14, 2024
Jkt 262001
constituent has requested assistance
from the member concerning the subject
matter of the record. The member of
Congress must provide a copy of the
constituent’s signed request for
assistance.
8. A record from this system may be
disclosed as a routine use to appropriate
agencies, entities, and persons when (1)
the Department suspects or has
confirmed that there has been a breach
of the System of Records; (2) the
Department has determined that as a
result of the suspected or confirmed
breach there is a risk of harm to
individuals, DOE (including its
information systems, programs, and
operations), the Federal Government, or
national security; and (3) the disclosure
made to such agencies, entities, and
persons is reasonably necessary to assist
in connection with the Department’s
efforts to respond to the suspected or
confirmed breach or to prevent,
minimize, or remedy such harm.
9. A record from this system may be
disclosed as a routine use to another
Federal agency or Federal entity, when
the Department determines that
information from this System of Records
is reasonably necessary to assist the
recipient agency or entity in (1)
responding to a suspected or confirmed
breach or (2) preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including its information
systems, programs, and operations), the
Federal Government, or national
security, resulting from a suspected or
confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Records may be stored as paper
records, microfilm, or electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Records are retrieved by tag number,
license number, custodian name,
employee identification number,
position number, accounting
information, catalog number, contract
number, make, model, security logon
identification, serial number, or storage
location.
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Retention and disposition of these
records are unscheduled. This requires
the records to be retained as permanent
until the National Archives and Records
Administration approves the draft
schedule, which will require the records
to be retained for 10 years.
PO 00000
Frm 00040
Fmt 4703
Sfmt 4703
18927
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Electronic records may be secured
and maintained on a cloud-based
software server and operating system
that resides in Federal Risk and
Authorization Management Program
(FedRAMP) and Federal Information
Security Modernization Act (FISMA)
hosting environment. Data located in
the cloud-based server is firewalled and
encrypted at rest and in transit. The
security mechanisms for handling data
at rest and in transit are in accordance
with DOE encryption standards.
Records are protected from
unauthorized access through the
following appropriate safeguards:
• Administrative: Access to all
records is limited to lawful government
purposes only, with access to electronic
records based on role and either twofactor authentication or password
protection. The system requires
passwords to be complex and to be
changed frequently. Users accessing
system records undergo frequent
training in Privacy Act and information
security requirements. Security and
privacy controls are reviewed on an
ongoing basis.
• Technical: Computerized records
systems are safeguarded on
Departmental networks configured for
role-based access based on job
responsibilities and organizational
affiliation. Privacy and security controls
are in place for this system and are
updated in accordance with applicable
requirements as determined by NIST
and DOE directives and guidance.
• Physical: Computer servers on
which electronic records are stored are
located in secured Department facilities,
which are protected by security guards,
identification badges, and cameras.
Paper copies of all records are locked in
file cabinets, file rooms, or offices and
are under the control of authorized
personnel. Access to these facilities is
granted only to authorized personnel
and each person granted access to the
system must be an individual
authorized to use and/or administer the
system.
RECORD ACCESS PROCEDURES:
The Department follows the
procedures outlined in 10 CFR 1008.4.
Valid identification of the individual
making the request is required before
information will be processed, given,
access granted, or a correction
considered, to ensure that information is
processed, given, corrected, or records
disclosed or corrected only at the
request of the proper person.
E:\FR\FM\15MRN1.SGM
15MRN1
18928
Federal Register / Vol. 89, No. 52 / Friday, March 15, 2024 / Notices
CONTESTING RECORD PROCEDURES:
Any individual may submit a request
to the System Manager and request a
copy of any records relating to them. In
accordance with 10 CFR 1008.11, any
individual may appeal the denial of a
request made by him or her for
information about or for access to or
correction or amendment of records. An
appeal shall be filed within 90 calendar
days after receipt of the denial. When an
appeal is filed by mail, the postmark is
conclusive as to timeliness. The appeal
shall be in writing and must be signed
by the individual. The words
‘‘PRIVACY ACT APPEAL’’ should
appear in capital letters on the envelope
and the letter. Appeals relating to DOE
records shall be directed to the Director,
Office of Hearings and Appeals (OHA),
1000 Independence Avenue SW,
Washington, DC 20585.
NOTIFICATION PROCEDURES:
In accordance with the DOE
regulation implementing the Privacy
Act, 10 CFR part 1008, a request by an
individual to determine if a System of
Records contains information about
themselves should be directed to the
U.S. Department of Energy,
Headquarters, Privacy Act Officer. The
request should include the requester’s
complete name and the time period for
which records are sought.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
This SORN was last published in the
Federal Register, 74 FR 1023–1024, on
January 9, 2009.
khammond on DSKJM1Z7X2PROD with NOTICES
Signing Authority
This document of the Department of
Energy was signed on January 31, 2024,
by Ann Dunkin, Senior Agency Official
for Privacy, pursuant to delegated
authority from the Secretary of Energy.
That document with the original
signature and date is maintained by
DOE. For administrative purposes only,
and in compliance with requirements of
the Office of the Federal Register, the
undersigned DOE Federal Register
Liaison Officer has been authorized to
sign and submit the document in
electronic format for publication, as an
official document of the Department of
Energy. This administrative process in
no way alters the legal effect of this
document upon publication in the
Federal Register.
VerDate Sep<11>2014
18:17 Mar 14, 2024
Jkt 262001
Signed in Washington, DC, on March 12,
2024.
Treena V. Garrett,
Federal Register Liaison Officer, U.S.
Department of Energy.
[FR Doc. 2024–05576 Filed 3–14–24; 8:45 am]
BILLING CODE 6450–01–P
DEPARTMENT OF ENERGY
Agency Information Collection
Extension
U.S. Department of Energy.
Notice of request for comments.
AGENCY:
ACTION:
The Department of Energy
(DOE) invites public comment on a
proposed collection of information that
DOE is developing for submission to the
Office of Management and Budget
(OMB) pursuant to the Paperwork
Reduction Act of 1995.
DATES: Comments regarding this
proposed information collection must
be received on or before April 15, 2024.
If you anticipate that you will be
submitting comments but find it
difficult to do so within the period of
time allowed by this notice, please
advise the DOE Desk Officer at OMB of
your intention to make a submission as
soon as possible. The Desk Officer may
be telephoned at 202–881–8585.
ADDRESSES: Written comments and
recommendations for the proposed
information collection should be sent
within 30 days of publication of this
notice to www.reginfo.gov/public/do/
PRAMain. Find this information
collection by selecting ‘‘Currently under
30-day Review—Open for Public
Comments’’ or by using the search
function.
SUMMARY:
Mr.
Chris Early, U.S. Department of Energy,
Building Technologies Program, Mail
Stop EE–5B, Forrestal Building, 1000
Independence Avenue SW, Washington,
DC 20585–0121, or by email at
Chris.Early@ee.doe.gov or by calling
240–354–1304.
SUPPLEMENTARY INFORMATION: This
information collection request contains:
(1) OMB No.: 1910–5184; (2)
Information Collection Request Titled:
Programs for Improving Energy
Efficiency in Buildings; (3) Type of
Review: extension; (4) Purpose: The
proposed collection will enable DOE to
understand the universe of
organizations participating in building
load management programs, including
the following four voluntary programs:
the Home Performance with ENERGY
STAR Program, the Home Energy Score
Program, the Better Buildings
FOR FURTHER INFORMATION CONTACT:
PO 00000
Frm 00041
Fmt 4703
Sfmt 4703
Residential Network, and the Zero
Energy Ready Home Program. DOE
encourages and assists the people and
organizations that voluntarily
participate in energy efficiency
programs to build or renovate buildings
for the purposes of improved efficiency,
reliability, and affordability. The
partners who voluntarily participate in
the programs include: home builders,
building trades and building-related
associations, home design professionals,
home energy raters and auditors, home
inspectors, building consultants,
manufacturers of building products,
retailers, utility companies, financial
institutions, non-profit organizations,
educational institutions, energy program
administrators and implementers, Home
Performance with ENERGY STAR
sponsors, state or local government
energy offices or agencies, and other
organizations that believe peer sharing
will help them improve their
effectiveness in encouraging effective
energy upgrades. DOE proposes to
continue to collect information such as
names of program participants and
names of organizations and addresses;
estimates of how many homes they can
get to participate in the programs;
information about building stock (no
building owner information is
collected), and load management
strategies. The collected information
helps DOE understand the participating
partners’ activities and progress toward
achieving scheduled milestones
enabling DOE to make decisions about
the best way to respond to partners’
needs to improve their operations and
actions to lower energy consumption
and improve affordability. DOE
published a notice and request for
comments related to this current request
for OMB clearance to collect
information on April 20, 2023 (88 FR
24395) and received no comments; (5)
Annual Estimated Number of
Respondents: 969; (6) Annual Estimated
Number of Total Responses: 45,170; (7)
Annual Estimated Number of Burden
Hours: 19,397; (8) Annual Estimated
Reporting and Recordkeeping Cost
Burden: zero.
Statutory Authority: The U.S. Code,
title 42, chapter 149, subchapter IX, part
A, section 16191—Energy Efficiency.
Signing Authority
This document of the Department of
Energy was signed on March 8, 2024, by
Amanda Mahoney, Director, Building
Technologies Office, pursuant to
delegated authority from the Secretary
of Energy. That document with the
original signature and date is
maintained by DOE. For administrative
purposes only, and in compliance with
E:\FR\FM\15MRN1.SGM
15MRN1
]]>Agencies
[Federal Register Volume 89, Number 52 (Friday, March 15, 2024)]
[Notices]
[Pages 18925-18928]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-05576]
-----------------------------------------------------------------------
DEPARTMENT OF ENERGY
Privacy Act of 1974; System of Records
AGENCY: U.S. Department of Energy.
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: As required by the Privacy Act of 1974 and the Office of
Management and Budget (OMB) Circulars A-108 and A-130, the Department
of Energy (DOE or the Department) is publishing notice of a
modification to an existing Privacy Act System of Records. DOE proposes
to amend System of Records DOE-23 Property Accountability System. This
System of Records Notice (SORN) is being modified to align with new
formatting requirements, published by the Office of Management and
Budget, and to ensure appropriate Privacy Act coverage of business
processes and Privacy Act information. While there are no substantive
changes to the ``Categories of Individuals'' or ``Categories of
Records'' sections covered by this SORN, substantive changes have been
made to the ``System Locations,'' ``Routine Uses,'' and
``Administrative, Technical and Physical Safeguards'' sections to
provide greater transparency. Changes to ``Routine Uses'' include new
provisions related to responding to breaches of information held under
a Privacy Act SORN as required by OMB's Memorandum M-17-12, ``Preparing
for and Responding to a Breach of Personally Identifiable Information''
(January 3, 2017). Language throughout the SORN has been updated to
align with applicable Federal privacy laws, policies, procedures, and
best practices.
DATES: This modified SORN will become applicable following the end of
the public comment period on April 15, 2024 unless comments are
received that result in a contrary determination.
ADDRESSES: Written comments should be sent to the DOE Desk Officer,
Office of Information and Regulatory Affairs, Office of Management and
Budget, New Executive Office Building, Room 10102, 735 17th Street NW,
Washington, DC 20503 and to Ken Hunt, Chief Privacy Officer, U.S.
Department of Energy, 1000 Independence Avenue SW, Rm 8H-085,
Washington, DC 20585 or by facsimile at (202) 586-8151 or by email at
[email protected].
FOR FURTHER INFORMATION CONTACT: Ken Hunt, Chief Privacy Officer, U.S.
Department of Energy, 1000 Independence Avenue SW, Rm 8H-085,
Washington, DC 20585, by facsimile at (202) 586-8151, by email at
[email protected], or by telephone at (240) 686-9485.
SUPPLEMENTARY INFORMATION: On January 9, 2009, DOE published a
Compilation of its Privacy Act systems of records, which included
System of Records DOE-23 Property Accountability System. This notice
[[Page 18926]]
proposes amendments to the System Locations section of that System of
Records by removing four System Locations where DOE-23 is no longer
applicable. These locations are as follows: Bonneville Power
Administration, the National Energy Technology Laboratory, Southeastern
Area Power Administration, and Western Area Power Administration. In
the ``Routine Uses'' section, this modified notice deletes a previous
routine use concerning efforts responding to a suspected or confirmed
loss of confidentiality of information as it appears in DOE's
compilation of its Privacy Act systems of records (January 9, 2009) and
replaces it with one to assist DOE with responding to a suspected or
confirmed breach of its records of Personally Identifiable Information
(PII), modeled with language from OMB's Memorandum M-17-12, ``Preparing
for and Responding to a Breach of Personally Identifiable Information''
(January 3, 2017). Further, this notice adds one new routine use to
ensure that DOE may assist another agency or entity in responding to
the other agency's or entity's confirmed or suspected breach of PII, as
appropriate, as aligned with OMB's Memorandum M-17-12.
Additionally, the routine use formerly numbered six has been
determined to be duplicative and therefore has been deleted. This
routine use is covered by that which is currently numbered five. From
the ``Categories of Records in the System'' section, the following
elements have been removed: operation number, high risk field, disposal
code, the name and employee identification and position numbers of
employees' assigned equipment, account numbers, and user activity on
device. To this section, ``name and phone number of individual to whom
equipment is issued'' and ``name of the Accountable Property
Representative'' have been added to reflect current processes. To
``Categories of Individuals,'' the qualifiers ``current and former''
and ``employees and contractors'' have been added to qualify ``DOE
employees.'' The ``Purpose(s) of the System'' section now includes the
following: ``(f) enable security-related functions in the event that
government property is misused, lost, or stolen.'' An administrative
change required by the FOIA Improvement Act of 2016 extends the length
of time a requestor is permitted to file an appeal under the Privacy
Act from 30 to 90 days. Both the ``System Locations'' and
``Administrative, Technical and Physical Safeguards'' sections have
been modified to reflect the Department's usage of cloud-based services
for records storage. Language throughout the SORN has been updated to
align with applicable Federal privacy laws, policies, procedures, and
best practices.
SYSTEM NAME AND NUMBER:
DOE-23 Property Accountability System.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Systems leveraging this SORN may exist in multiple locations. All
systems storing records in a cloud-based server are required to use
government-approved cloud services and follow National Institute of
Standards and Technology (NIST) security and privacy standards for
access and data retention. Records maintained in a government-approved
cloud server are accessed through secure data centers in the
continental United States.
U.S. Department of Energy, Headquarters, 1000 Independence Avenue
SW, Washington, DC 20585.
U.S. Department of Energy, Office of River Protection, P.O. Box
450, Richland, WA 99352.
U.S. Department of Energy, Richland Operations Office, P.O. Box
550, Richland, WA 99352.
U.S. Department of Energy, Southwestern Power Administration, One
West Third Street, Suite 1500, Tulsa, OK 74103.
SYSTEM MANAGER(S):
Headquarters: Director, Office of Management, U.S. Department of
Energy, 1000 Independence Avenue SW, Washington, DC 20585.
Field Offices: The Managers of the ``System Locations'' listed
above are the system managers for their respective portions of the
system.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 7101 et seq.: 50 U.S.C. 2401 et seq.; Federal Property
and Administrative Services Act of 1949, section 202(b), 40 U.S.C.
483(b); and 41 CFR part 109, Federal Property Management Regulation
(FPMR), subchapter E, part 109.
PURPOSE(S) OF THE SYSTEM:
Records in this system are maintained and used by DOE (a) to
provide inventories to satisfy other Federal Procurement Management
Regulation requirements; (b) to maintain a record of location of
emergency equipment; (c) to control equipment assignments, including
but not limited to those authorized under union contracts; (d) to
provide management information necessary for the budgeting and
allocation of equipment; (e) to provide evidence of assignment,
location, use, and value in the event that government property is
misused, lost or stolen; and (f) enable security-related functions in
the event that government property is misused, lost, or stolen.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Current and former DOE employees and contractors, including
National Nuclear Security Administration (NNSA) employees, and
contractor employees, authorized to be custodians of controlled DOE
equipment.
CATEGORIES OF RECORDS IN THE SYSTEM:
Item description, date of purchase, acquire date, purchase price,
purchase order number, vendor and manufacturer, model/serial/license
number, property tag identification, status/date, condition of
property, name and phone number of individual to whom equipment is
issued, name of the Accountable Property Representative, organization,
organization code, and location.
RECORD SOURCE CATEGORIES:
Information in this system comes from the Payroll/Personnel system
application, various internal forms, accountable property
representatives and employees, data processing personnel, supply
officers, and information from use of government property.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
1. A record from this system may be disclosed as a routine use to
any law enforcement agency as needed to provide evidence of assignment,
location, and value in the event that government property is stolen.
2. A record from this system may be disclosed as a routine use to
the appropriate local, Tribal, State, or Federal agency when records,
alone or in conjunction with other information, indicate a violation or
potential violation of law whether civil, criminal, or regulatory in
nature, and whether arising by general statute or particular program
pursuant thereto.
3. A record from this system may be disclosed as a routine use for
the purpose of an investigation, settlement of claims, or the
preparation and conduct of litigation to (1) persons representing the
Department in the investigation, settlement or litigation, and to
individuals assisting in such representation; (2) others involved in
[[Page 18927]]
the investigation, settlement, and litigation, and their
representatives and individuals assisting those representatives; (3)
witnesses, potential witnesses, or their representatives and
assistants; and (4) any other persons who possess information
pertaining to the matter when it is relevant and necessary to obtain
information or testimony relevant to the matter.
4. A record from this system may be disclosed as a routine use in
court or administrative proceedings to the tribunals, counsel, other
parties, witnesses, and the public (in publicly available pleadings,
filings, or discussion in open court) when such disclosure: (1) is
relevant to, and necessary for, the proceeding; (2) is compatible with
the purpose for which the Department collected the records; and (3) the
proceedings involve:
a. The Department, its predecessor agencies, current or former
contractors of the Department, or other United States Government
agencies and their components, or
b. A current or former employee of the Department and its
predecessor agencies, current or former contractors of the Department,
or other United States Government agencies and their components, who is
acting in an official capacity or in any individual capacity where the
Department or other United States Government agency has agreed to
represent the employee.
5. A record from this system may be disclosed as a routine use to a
Federal, State, Tribal, or local agency to facilitate the requesting
agency's decision concerning the hiring or retention of an employee,
the issuance of a security clearance, the reporting of an investigation
of an employee, the letting of a contract, or the issuance of a
license, grant, or other benefit, to the extent that the information is
relevant and necessary to the requesting agency's decision on the
matter. The Department must deem such disclosure to be compatible with
the purpose for which the Department collected the information.
6. A record from this system may be disclosed as a routine use to
DOE contractors in performance of their contracts, and their officers
and employees who have a need for the record in the performance of
their duties. Those provided information under this routine use are
subject to the same limitations applicable to DOE officers and
employees under the Privacy Act.
7. A record from this system may be disclosed as a routine use to a
member of Congress submitting a request involving a constituent when
the constituent has requested assistance from the member concerning the
subject matter of the record. The member of Congress must provide a
copy of the constituent's signed request for assistance.
8. A record from this system may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) the Department
suspects or has confirmed that there has been a breach of the System of
Records; (2) the Department has determined that as a result of the
suspected or confirmed breach there is a risk of harm to individuals,
DOE (including its information systems, programs, and operations), the
Federal Government, or national security; and (3) the disclosure made
to such agencies, entities, and persons is reasonably necessary to
assist in connection with the Department's efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such
harm.
9. A record from this system may be disclosed as a routine use to
another Federal agency or Federal entity, when the Department
determines that information from this System of Records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records may be stored as paper records, microfilm, or electronic
media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by tag number, license number, custodian
name, employee identification number, position number, accounting
information, catalog number, contract number, make, model, security
logon identification, serial number, or storage location.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Retention and disposition of these records are unscheduled. This
requires the records to be retained as permanent until the National
Archives and Records Administration approves the draft schedule, which
will require the records to be retained for 10 years.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Electronic records may be secured and maintained on a cloud-based
software server and operating system that resides in Federal Risk and
Authorization Management Program (FedRAMP) and Federal Information
Security Modernization Act (FISMA) hosting environment. Data located in
the cloud-based server is firewalled and encrypted at rest and in
transit. The security mechanisms for handling data at rest and in
transit are in accordance with DOE encryption standards. Records are
protected from unauthorized access through the following appropriate
safeguards:
Administrative: Access to all records is limited to lawful
government purposes only, with access to electronic records based on
role and either two-factor authentication or password protection. The
system requires passwords to be complex and to be changed frequently.
Users accessing system records undergo frequent training in Privacy Act
and information security requirements. Security and privacy controls
are reviewed on an ongoing basis.
Technical: Computerized records systems are safeguarded on
Departmental networks configured for role-based access based on job
responsibilities and organizational affiliation. Privacy and security
controls are in place for this system and are updated in accordance
with applicable requirements as determined by NIST and DOE directives
and guidance.
Physical: Computer servers on which electronic records are
stored are located in secured Department facilities, which are
protected by security guards, identification badges, and cameras. Paper
copies of all records are locked in file cabinets, file rooms, or
offices and are under the control of authorized personnel. Access to
these facilities is granted only to authorized personnel and each
person granted access to the system must be an individual authorized to
use and/or administer the system.
RECORD ACCESS PROCEDURES:
The Department follows the procedures outlined in 10 CFR 1008.4.
Valid identification of the individual making the request is required
before information will be processed, given, access granted, or a
correction considered, to ensure that information is processed, given,
corrected, or records disclosed or corrected only at the request of the
proper person.
[[Page 18928]]
CONTESTING RECORD PROCEDURES:
Any individual may submit a request to the System Manager and
request a copy of any records relating to them. In accordance with 10
CFR 1008.11, any individual may appeal the denial of a request made by
him or her for information about or for access to or correction or
amendment of records. An appeal shall be filed within 90 calendar days
after receipt of the denial. When an appeal is filed by mail, the
postmark is conclusive as to timeliness. The appeal shall be in writing
and must be signed by the individual. The words ``PRIVACY ACT APPEAL''
should appear in capital letters on the envelope and the letter.
Appeals relating to DOE records shall be directed to the Director,
Office of Hearings and Appeals (OHA), 1000 Independence Avenue SW,
Washington, DC 20585.
NOTIFICATION PROCEDURES:
In accordance with the DOE regulation implementing the Privacy Act,
10 CFR part 1008, a request by an individual to determine if a System
of Records contains information about themselves should be directed to
the U.S. Department of Energy, Headquarters, Privacy Act Officer. The
request should include the requester's complete name and the time
period for which records are sought.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
This SORN was last published in the Federal Register, 74 FR 1023-
1024, on January 9, 2009.
Signing Authority
This document of the Department of Energy was signed on January 31,
2024, by Ann Dunkin, Senior Agency Official for Privacy, pursuant to
delegated authority from the Secretary of Energy. That document with
the original signature and date is maintained by DOE. For
administrative purposes only, and in compliance with requirements of
the Office of the Federal Register, the undersigned DOE Federal
Register Liaison Officer has been authorized to sign and submit the
document in electronic format for publication, as an official document
of the Department of Energy. This administrative process in no way
alters the legal effect of this document upon publication in the
Federal Register.
Signed in Washington, DC, on March 12, 2024.
Treena V. Garrett,
Federal Register Liaison Officer, U.S. Department of Energy.
[FR Doc. 2024-05576 Filed 3-14-24; 8:45 am]
BILLING CODE 6450-01-P
