Privacy Act of 1974; System of Records, 77504-77507 [2024-21700]

Agencies

• DEPARTMENT OF ENERGY

[Federal Register Volume 89, Number 184 (Monday, September 23, 2024)]
[Notices]
[Pages 77504-77507]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-21700]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF ENERGY


Privacy Act of 1974; System of Records

AGENCY: U.S. Department of Energy.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: As required by the Privacy Act of 1974 and the Office of 
Management and Budget (OMB) Circulars A-108 and A-130, the Department 
of Energy (DOE or the Department) is publishing notice of a 
modification to an existing Privacy Act system of records. DOE proposes 
to amend System of Records DOE-10 Energy Employees Occupational Illness 
Compensation Program Act Files. This System of Records Notice (SORN) is 
being modified to align with new formatting requirements, published by 
OMB, and to ensure appropriate Privacy Act coverage of business 
processes and Privacy Act information. This notice also incorporates 
into the ``Routine Uses'' section changes required by amendments to The 
Energy Employees Occupational Illness Compensation Program Act 
(EEOICPA). While there are no substantive changes to the ``Categories 
of Individuals'' or ``Categories of Records'' sections covered by this 
SORN, substantive changes have been made to the ``System Locations,'' 
``Routine Uses,'' and ``Administrative, Technical and Physical 
Safeguards'' sections to provide greater transparency. Changes to 
``Routine Uses'' include new provisions related to responding to 
breaches of information held under a Privacy Act SORN as required by 
OMB's Memorandum M-17-12, ``Preparing for and Responding to a Breach of 
Personally Identifiable Information'' (January 3, 2017). Changes to 
routine uses pertaining to EEOICPA have been modified to remove two 
categories of obsolete users due to the 2004 amendments that repealed 
the use of physician panels. Three routine uses have been consolidated 
into one to reduce redundancy. Language throughout the SORN has been 
updated to align with applicable Federal privacy laws, policies, 
procedures, and best practices.

DATES: This modified SORN will become applicable following the end of 
the public comment period on October 23, 2024 unless comments are 
received that result in a contrary determination.

ADDRESSES: Written comments should be sent to the DOE Desk Officer, 
Office of Information and Regulatory Affairs, Office of Management and 
Budget, New Executive Office Building, Room 10102, 735 17th Street NW, 
Washington, DC 20503, and to Ken Hunt, Chief Privacy Officer, U.S. 
Department of Energy, 1000 Independence Avenue SW, Rm. 8H-085, 
Washington, DC 20585, by facsimile at (202) 586-8151, or by email at 
[email protected].

FOR FURTHER INFORMATION CONTACT: Ken Hunt, Chief Privacy Officer, U.S. 
Department of Energy, 1000 Independence Avenue SW, Rm. 8H-085, 
Washington, DC 20585, or by facsimile at (202) 586-8151, by email at 
[email protected], or by telephone at (240) 686-9485.

SUPPLEMENTARY INFORMATION: On January 9, 2009, DOE published a 
Compilation of its Privacy Act systems of records, which included 
System of Records DOE-10 Energy Employees Occupational Illness 
Compensation Program Act Files. This notice proposes amendments to the 
system locations section of that system of records by updating, 
removing, and adding addresses as appropriate. Addresses updated 
include: John A. Gordon Albuquerque Complex, Office of Science (Chicago 
and Oak Ridge Offices), Golden Field Offices, Lawrence Livermore 
National Laboratory, Lockheed Idaho Technical Center, Miamisburg 
Environmental Management Project, National Energy Technology Laboratory 
(Pittsburg, Morgantown, and Albany Offices), National Nuclear Security 
Administration (NNSA) Nevada Field Office, Oak Ridge Institute for 
Science and Education, Environmental Management Consolidated Business 
Center, Office of River Protection, Richland Operations Office, 
Savannah River Office, SLAC National Accelerator Laboratory, and 
Stanford Synchrotron Radiology Laboratory. Addresses removed include: 
Bettis Atomic Power Laboratory, Office of Energy, Efficiency and 
Renewable Energy (Boston and Denver Offices), Hanford Environmental 
Health Foundation, Philadelphia Regional Office, Radiological and 
Environmental Health Laboratory, and Seattle Regional Office. Addresses 
added include: B&W Pantex, Office of Legacy Management, Technology 
Engineering Center, and Peek Street Facility. In the ``Routine Uses'' 
section, this modified notice deletes a previous routine use concerning 
efforts responding to a suspected or confirmed loss of confidentiality 
of information as it appears in DOE's compilation of its Privacy Act 
systems of records (January 9, 2009) and replaces it with one to assist 
DOE with responding to a suspected or confirmed breach of its records 
of Personally Identifiable Information (PII), modeled with language 
from OMB's Memorandum M-17-12, ``Preparing for and Responding to a 
Breach of Personally Identifiable Information'' (January 3, 2017). 
Further, this notice adds one new routine use to ensure that DOE may 
assist another agency or entity in responding to the other agency's or 
entity's confirmed or suspected breach of PII, as appropriate, as 
aligned with OMB's Memorandum M-17-12. Some changes have been made to 
the routine uses to accommodate 2004 and 2015 amendments to EEOICPA by 
Subtitle E of Division C of the Ronald W. Reagan National Defense 
Authorization Act for Fiscal Year 2005 (Pub. L. 108-375) and Carl Levin 
and Howard P. ``Buck'' McKeon National Defense Authorization Act for 
Fiscal Year 2015 (Pub. L. 113-291). ``Categories of Records in the 
System'' now includes individual medical records, payroll information/
records, accident reports; badging records; workers' compensation 
records; security badge records; security records; industrial hygiene 
records. ``Radiological and chemical'' has been added to modify 
``exposure records.'' An administrative change required by the FOIA 
Improvement Act of 2016 extends the length of time a requestor is 
permitted to file an appeal under the Privacy Act from 30 to 90 days. 
Both the ``System Locations'' and ``Administrative, Technical and 
Physical Safeguards'' sections have been modified to reflect the 
Department's usage of cloud-based services for records storage. 
Language throughout the SORN has been updated to align with applicable 
Federal privacy laws, policies, procedures, and best practices.

SYSTEM NAME AND NUMBER:
    DOE-10 Energy Employees Occupational Illness Compensation Program 
Act Files.

[[Page 77505]]

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Systems leveraging this SORN may exist in multiple locations. All 
systems storing records in a cloud-based server are required to use 
government-approved cloud services and follow National Institute of 
Standards and Technology (NIST) security and privacy standards for 
access and data retention. Records maintained in a government-approved 
cloud server are accessed through secure data centers in the 
continental United States.
    U.S. Department of Energy, 1000 Independence Avenue SW, Washington, 
DC 20585.
    U.S. Department of Energy, 19901 Germantown Road, Germantown, MD 
20874-1290.
    U.S. Department of Energy, John A. Gordon Albuquerque Complex, 
24600 20th Street SE, Albuquerque, NM 87116.
    U.S. Department of Energy, NNSA Naval Reactors Field Office, 
Pittsburgh Naval Reactors, P.O. Box 109, West Mifflin, PA 15122-0109.
    U.S. Department of Energy, NNSA Naval Reactors Field Office, 
Schenectady Naval Reactors, P.O. Box 1069, Schenectady, NY 12301.
    U.S. Department of Energy, Amarillo Site Operations, Highway 60, 
FM2373, Amarillo, TX 79177.
    U.S. Department of Energy, Carlsbad Field Office, P.O. Box 3090, 
Carlsbad, NM 88221.
    U.S. Department of Energy, Office of Science, Chicago Office, 
Consolidated Service Center, 9800 South Cass Avenue, Lemont, IL 60439.
    U.S. Department of Energy, Fernald Environmental Management 
Project, 7400 Wiley Road, Cincinnati, OH 45030.
    U.S. Department of Energy, General Atomics Site Office, 3550 
General Atomic Court, B-7, Room 119, San Diego, CA 92121.
    U.S. Department of Energy, Golden Field Office, 15013 Denver West 
Parkway, Golden, CO 80401.
    U.S. Department of Energy, Idaho Operations Office, 1955 Fremont 
Avenue, Idaho Falls, ID 83415.
    U.S. Department of Energy, Idaho National Engineering and 
Environmental Laboratory, CF 690 MS 4149, Scoville, ID 83415.
    U.S. Department of Energy, Kansas City Site Office, 2000 East 95th 
Street, Kansas City, MO 64141-3202.
    U.S. Department of Energy, NNSA Sandia Site Office, Pennsylvania & 
H Street, Albuquerque, NM 87185-5400.
    U.S. Department of Energy, NNSA Sandia Site Office, 1515 Eubank 
Blvd. SE, Albuquerque, NM 87123.
    U.S. Department of Energy, Knolls Atomic Power Laboratory, 2401 
River Road, Niskayuna, NY 12309.
    U.S. Department of Energy, Lawrence Berkeley National Laboratory, 1 
Cyclotron Road, Berkeley, CA 94720.
    U.S. Department of Energy, Lawrence Livermore National Laboratory, 
7000 East Avenue, P.O. Box 808, L-1, Livermore, CA 94551-0808.
    U.S. Department of Energy, Livermore Site Office, Nevada Test Site, 
University of California, P.O. Box 45, Mercury, NV 89023.
    U.S. Department of Energy, The Office of Site Operations, 528 35th 
Street, Los Alamos, NM 87545.
    U.S. Department of Energy, NNSA Los Alamos National Laboratory, SM 
#30 Bikini Road, Los Alamos, NM 87545.
    U.S. Department of Energy, National Energy Technology Laboratory 
(Pittsburgh), 626 Cochran Mill Road, Pittsburgh, PA 15236.
    U.S. Department of Energy, National Energy Technology Laboratory 
(Morgantown), 3610 Collins Ferry Road, Morgantown, WV 26505.
    U.S. Department of Energy, National Energy Technology Laboratory 
(Albany), 1450 Queen Avenue SW, Albany, OR 97321.
    U.S. Department of Energy, NNSA Nevada Field Office, 232 Energy 
Way, North Las Vegas, NV 89030.
    U.S. Department of Energy, Nevada Test Site Mercury, Nevada, 
Building 111, P.O. Box 677, Mercury, NV 89023-0677.
    Oak Ridge Institute for Science and Education (ORISE), 1299 Bethel 
Valley Road, Oak Ridge, TN 37830.
    U.S. Department of Energy, Office of Science, Consolidated Service 
Center, P.O. Box 2001, Oak Ridge, TN 37831.
    U.S. Department of Energy, Environmental Management Consolidated 
Business Center (EMCBC), 550 Main Street, Rm. 7-010, Cincinnati, OH 
45202.
    U.S. Department of Energy, Pacific Northwest National Laboratory, 
902 Battelle Blvd., P.O. Box 999, Richland, WA 99352.
    U.S. Department of Energy, Paducah Site Office, 5600 Hobbs Road, 
West Paducah, KY 42086.
    U.S. Department of Energy, Portsmouth/Paducah Project Office, 3930 
U.S. 23, Perimeter Road, Piketon, OH 45661.
    U.S. Department of Energy, Office of River Protection, P.O. Box 
450, Richland, WA 99352.
    U.S. Department of Energy, Richland Operations Office, P.O. Box 
550, Richland, WA 99352.
    U.S. Department of Energy, Savannah River Operations Office, P.O. 
Box A, Aiken, SC 29801.
    U.S. Department of Energy, SLAC National Accelerator Laboratory, 
2575 Sand Hill Road, Menlo Park, CA 94025.
    U.S. Department of Energy, Stanford Site Office, 2575 Sand Hill 
Road, B-41, MS: 8-A, Menlo Park, CA 94025.
    U.S. Department of Energy, Stanford Synchrotron Radiation 
Lightsource, 2575 Sand Hill Road MS69, Menlo Park, CA 94025.
    U.S. Department of Energy, Thomas Jefferson National Accelerator 
Facility, 12000 Jefferson Avenue, Newport News, VA 23606.
    U.S. Department of Energy, Waste Isolation Pilot Project Office, 
P.O. Box 3090, Carlsbad, NM 88221.
    U.S. Department of Energy, West Valley Demonstration Project, 10282 
Rock Springs Road, West Valley, NY 14171-9799.
    U.S. Department of Energy, B&W Pantex, Hwy. 60 & FM 2373, Bldg. 16-
12, Amarillo, TX 79120.
    U.S. Department of Energy, Office of Legacy Management, 2597 Legacy 
Way, Grand Junction, CO 81503.
    U.S. Department of Energy, Technology Engineering Center, 4100 
Guardian Street, Suite 160, Simi Valley, CA 93603.
    U.S. Department of Energy, Peek Street Facility, Code NAVSEA 08U, 
Navy Sea System Command, 1240 Isaac Hull Avenue SE, Building 104, 
Washington Navy Yard, DC 20376-8036.

SYSTEM MANAGER(S):
    Headquarters: U.S. Department of Energy, Office of Environment, 
Health, Safety and Security, 1000 Independence Avenue SW, Washington, 
DC 20585.
    Field Offices: The managers of the Office of Environment, Health, 
Safety and Security of ``Systems Locations'' listed above are the 
system managers for their respective portions of this system.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    42 U.S.C. 7101 et seq.; 50 U.S.C. 2401 et seq.; The Energy 
Employees Occupational Illness Compensation Program Act of 2000, Public 
Law 106-398, as amended, and Executive Order 13179, ``Providing 
Compensation to America's Nuclear Weapons Workers.''

PURPOSE(S) OF THE SYSTEM:
    Records in this system are collected and maintained by the 
Department to facilitate resolution of claims under the EEOICPA and to 
comply with the provisions of the EEOICPA, specifically the provisions 
of the Act that govern DOE's information sharing requirements.

[[Page 77506]]

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    This system of records covers individuals or their survivors who 
claim benefits under the Energy Employees Occupational Illness 
Compensation Program Act (EEOICPA). These individuals include, but are 
not limited to, federal employees or survivors of federal employees, 
employees or survivors of employees of the Department of Energy 
(including NNSA), its predecessor agencies, and their contractors and 
subcontractors.

CATEGORIES OF RECORDS IN THE SYSTEM:
    This system of records is created by DOE in response to requests 
from the Department of Labor (DOL), the National Institute for 
Occupational Safety and Health (NIOSH), and claimants for information 
for the adjudication of claims. The records are compiled as part of 
DOE's responsibilities under the EEOICPA. Claim forms filed by or on 
behalf of claimants or their survivors seeking benefits under the 
EEOICPA; employment records; radiological and chemical exposure 
records; medical reports; individual medical records; personnel 
security questionnaires; payroll information/records; safety records or 
other incident reports, including but not limited to area sampling 
data, accidental releases, explosions, spills, etc.; accident reports; 
badging records; workers' compensation records; security badge records; 
security records; industrial hygiene records; and correspondence from 
individuals, DOL, and NIOSH.

RECORD SOURCE CATEGORIES:
    Records in this system will be obtained from the individual who is 
the subject of the records; physicians and other medical professionals; 
medical institutions; state and federal workers' compensation offices; 
family members of the subject; attorneys representing the individual; 
individuals' employers, including DOE and its contractors and 
subcontractors; medical laboratories; and other state and federal 
agencies.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    1. A record from this system may be disclosed as a routine use to 
current or former DOE contractors in performance of their contracts, 
and their officers and employees who have a need for the record in the 
performance of their duties. Those provided information under this 
routine use are subject to the same limitations applicable to 
Department officers and employees under the Privacy Act.
    2. A record from this system may be disclosed as a routine use to 
DOE financial assistance or cooperative agreement recipients in 
performance of their financial assistance agreements, and their 
officers and employees who have a need for the record in the 
performance of their duties.
    3. A record from this system may be disclosed as a routine use to 
other state and federal agencies or entities whose mission entails 
reviewing or managing workers' compensation claims or administering 
other benefits programs.
    4. A record from this system may be disclosed as a routine use to 
members of DOE's Former Worker Medical Screening Program, DOE or DOL 
advisory board members, and cooperative agreement holders of the 
Department of Labor, the Department of Health and Human Services, the 
Department of Justice, and other Federal agencies and their components 
to implement the Federal compensation program established by the Energy 
Employees Occupational Illness Compensation Program Act, for the 
purpose of outreach and assisting in the adjudication or processing of 
a claim under that Act.
    5. A record from this system may be disclosed as a routine use for 
the purpose of an investigation, settlement of claims, or the 
preparation and conduct of litigation to (1) persons representing the 
Department in the investigation, settlement or litigation, and to 
individuals assisting in such representation; (2) others involved in 
the investigation, settlement, and litigation, and their 
representatives and individuals assisting those representatives; (3) 
witnesses, potential witnesses, or their representatives and 
assistants; and (4) any other persons who possess information 
pertaining to the matter when it is necessary to obtain information or 
testimony relevant to the matter.
    6. A record from this system may be disclosed as a routine use to 
the Department of Justice when DOE determines that an individual may be 
eligible for compensation under the Radiation Exposure and Compensation 
Act of 1990 (42 U.S.C. 2210, note, and as further clarified in title 28 
Code of Federal Regulations (CFR) part 79), a compensation program 
administered by the Department of Justice.
    7. A record from this system may be disclosed as a routine use to 
the appropriate local, tribal, state or federal agency when the record 
alone or in conjunction with other information, indicates a violation 
or potential violation of law whether civil, criminal, or regulatory in 
nature.
    8. A record from this system may be disclosed as a routine use to a 
member of Congress submitting a request involving a constituent when 
the constituent has requested assistance from the member concerning the 
subject matter of the record. The member of Congress must provide a 
copy of the constituent's signed request for assistance.
    9. A record from this system may be disclosed as a routine use to 
appropriate agencies, entities, and persons when (1) the Department 
suspects or has confirmed that there has been a breach of the system of 
records; (2) the Department has determined that as a result of the 
suspected or confirmed breach there is a risk of harm to individuals, 
DOE (including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the Department's efforts to respond to the 
suspected or confirmed breach or to prevent, minimize, or remedy such 
harm.
    10. A record from this system may be disclosed as a routine use to 
another Federal agency or Federal entity, when the Department 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records may be stored as paper records, microfilm, or electronic 
media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records are retrieved by the name of the individual, Social 
Security number, or employee number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Retention and disposition of these records is in accordance with 
the National Archives and Records Administration-approved records 
disposition schedules with a retention of 250 years.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    Electronic records may be secured and maintained on a cloud-based

[[Page 77507]]

software server and operating system that resides in Federal Risk and 
Authorization Management Program (FedRAMP) and Federal Information 
Security Modernization Act (FISMA) hosting environment. Data located in 
the cloud-based server is firewalled and encrypted at rest and in 
transit. The security mechanisms for handling data at rest and in 
transit are in accordance with DOE encryption standards. Records are 
protected from unauthorized access through the following appropriate 
safeguards:
     Administrative: Access to all records is limited to lawful 
government purposes only, with access to electronic records based on 
role and either two-factor authentication or password protection. The 
system requires passwords to be complex and to be changed frequently. 
Users accessing system records undergo frequent training in Privacy Act 
and information security requirements. Security and privacy controls 
are reviewed on an ongoing basis.
     Technical: Computerized records systems are safeguarded on 
Departmental networks configured for role-based access based on job 
responsibilities and organizational affiliation. Privacy and security 
controls are in place for this system and are updated in accordance 
with applicable requirements as determined by NIST and DOE directives 
and guidance.
     Physical: Computer servers on which electronic records are 
stored are located in secured Department facilities, which are 
protected by security guards, identification badges, and cameras. Paper 
copies of all records are locked in file cabinets, file rooms, or 
offices and are under the control of authorized personnel. Access to 
these facilities is granted only to authorized personnel and each 
person granted access to the system must be an individual authorized to 
use or administer the system.

RECORD ACCESS PROCEDURES:
    The Department follows the procedures outlined in 10 CFR 1008.4. 
Valid identification of the individual making the request is required 
before information will be processed, given, access granted, or a 
correction considered, to ensure that information is processed, given, 
corrected, or records disclosed or corrected only at the request of the 
proper person.

CONTESTING RECORD PROCEDURES:
    Any individual may submit a request to the System Manager and 
request a copy of any records relating to them. In accordance with 10 
CFR 1008.11, any individual may appeal the denial of a request made by 
him or her for information about or for access to or correction or 
amendment of records. An appeal shall be filed within 90 calendar days 
after receipt of the denial. When an appeal is filed by mail, the 
postmark is conclusive as to timeliness. The appeal shall be in writing 
and must be signed by the individual. The words ``PRIVACY ACT APPEAL'' 
should appear in capital letters on the envelope and the letter. 
Appeals of denials relating to records maintained in government-wide 
system of records reported by Office of Personnel Management (OPM), 
shall be filed, as appropriate, with the Assistant Director for Agency 
Compliance and Evaluation, OPM, 1900 E Street NW, Washington, DC 20415. 
All other appeals relating to DOE records shall be directed to the 
Director, Office of Hearings and Appeals (OHA), 1000 Independence 
Avenue SW, Washington, DC 20585.

NOTIFICATION PROCEDURES:
    In accordance with the DOE regulation implementing the Privacy Act, 
10 CFR part 1008, a request by an individual to determine if a system 
of records contains information about themselves should be directed to 
the U.S. Department of Energy, Headquarters, Privacy Act Officer. The 
request should include the requester's complete name and the time 
period for which records are sought.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    This SORN was last published in the Federal Register, 74 FR 1008-
1011, on January 9, 2009.

Signing Authority

    This document of the Department of Energy was signed on September 
13, 2024, by Ann Dunkin, Senior Agency Official for Privacy, pursuant 
to delegated authority from the Secretary of Energy. That document with 
the original signature and date is maintained by DOE. For 
administrative purposes only, and in compliance with requirements of 
the Office of the Federal Register, the undersigned DOE Federal 
Register Liaison Officer has been authorized to sign and submit the 
document in electronic format for publication, as an official document 
of the Department of Energy. This administrative process in no way 
alters the legal effect of this document upon publication in the 
Federal Register.

    Signed in Washington, DC, on September 18, 2024.
Treena V. Garrett,
Federal Register Liaison Officer, U.S. Department of Energy.
[FR Doc. 2024-21700 Filed 9-20-24; 8:45 am]
BILLING CODE 6450-01-P