Privacy Act of 1974; System of Records, 83906-83908 [2024-23950]

Agencies

• Department of Justice

[Federal Register Volume 89, Number 202 (Friday, October 18, 2024)]
[Notices]
[Pages 83906-83908]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-23950]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF JUSTICE

[CPCLO Order No. 06-2024]


Privacy Act of 1974; System of Records

AGENCY: Office of Justice Programs, United States Department of 
Justice.

ACTION: Notice of a new system of record.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the Privacy Act of 1974 and Office of Management 
and Budget (OMB) Circular No. A-108, notice is hereby given that the 
Office of Justice Programs (OJP) proposes to develop a new system of 
records titled ``OJP Award Nomination System, JUSTICE/OJP-019.'' OJP 
will use the OJP Award Nomination System to manage the submitting, 
reviewing, and coordinating of nomination applications for prestigious 
awards such as the Law Enforcement Congressional Badge of Bravery, 
Public Safety Officer Medal of Valor, National Crime Victims' Service 
Awards, and other OJP award programs.

DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), this notice is 
applicable upon publication, subject to a 30-day period in which to 
comment on the routine uses described below. Please submit any comments 
by November 18, 2024.

ADDRESSES: The public, OMB, and Congress are invited to submit any 
comments by mail to the United States Department of Justice, Office of 
Privacy and Civil Liberties, ATTN: Privacy Analyst, 145 N St. NE, Suite 
8W. 300, Washington, DC 20002; by facsimile at 202-307-0693; or by 
email at [email protected]. To ensure proper handling, 
please reference the above CPCLO Order No. on your correspondence.

FOR FURTHER INFORMATION CONTACT: Bryce Mitchell, Division Director, 
Enterprise Application Development Division, Office of the Chief 
Information Officer, Office of Justice Programs, 999 North Capitol 
Street NE, Washington, DC 20002, [email protected], (202) 514-
2412.

SUPPLEMENTARY INFORMATION: The OJP Award Nomination System provides 
authorized DOJ users with the capability to receive, maintain, and 
disseminate electronic nomination applications among panel review 
members. The OJP Award Nomination System also provides members of the 
public (i.e., nominators) the ability to create and submit records 
about individual nominees for these OJP awards through an online 
nomination form hosted on OJP Award Nomination sites. The online 
nomination applications constitute records about individuals, which 
once submitted into the system, are available for review by authorized 
OJP staff with a need to access the records in the system. Nominations 
for awards and related records will be maintained in the OJP Award 
Nomination System. These records will be used to determine eligibility 
for awards and may be disseminated to panel review members and other 
appropriate public officials who need to know the information for 
purposes of selecting awardees from the nominations received.
    In accordance with 5 U.S.C. 552a(r), the DOJ has provided a report 
to OMB and Congress on this new system of records.

    Dated: October 9, 2024.
Peter Winn,
Acting Chief Privacy and Civil Liberties Officer, United States 
Department of Justice.
JUSTICE/OJP--019

SYSTEM NAME AND NUMBER:
    OJP Award Nomination System, JUSTICE/OJP--019.

SECURITY CLASSIFICATION:
    The system is unclassified.

SYSTEM LOCATION:
    Records in this system are maintained at the following locations: 
Office of Justice Programs (OJP); 999 North Capitol Street NE, 
Washington, DC 20002; and with the following cloud service providers: 
AWS GovCloud and/or Acquia Cloud. The cloud computing service providers 
and their location may change from time to time, and this document may 
not reflect the most current information available. To confirm 
information about the current cloud computing service provider, please 
contact OJP through the OJP service desk at email address 
[email protected].

SYSTEM MANAGER(S):
    Bryce Mitchell, Division Director, Enterprise Application 
Development Division, Office of the Chief Information Officer, Office 
of Justice Programs, 999 North Capitol Street NE, Washington, DC 20002, 
[email protected], (202) 514-2412.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    28 U.S.C. 530C; 34 U.S.C. 10102 (a)(3).

PURPOSE(S) OF THE SYSTEM:
    The OJP Award Nomination System manages the submittal, review, and 
coordination of nomination applications for prestigious DOJ awards 
conferred by OJP to recognize and honor exceptional and/or 
extraordinary acts of public service, often in the attempt to save or 
protect human life. Members of the public will access the system via an 
online portal where they will submit nomination applications for 
individuals they wish to receive the respective awards. Once the 
nominations are submitted, authorized DOJ users (e.g., the Designated 
Federal Officer, DOJ need-to-know program staff, and members of the 
panel review board), will have access to the records of the online 
nomination application of each nominee. Authorized DOJ users will use 
the system to run queries on various data elements within the records, 
review and score applications, and make awards determinations. These 
authorized DOJ users will also utilize the system to maintain files on 
unsuccessful nominees and update, modify, and maintain records on past 
and current award recipients.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    Current and former OJP award nominees; members of the public who 
nominate individuals for OJP awards; DOJ personnel and contractors; OJP 
award review board members, and others with a need to use the records 
as permitted by the Privacy Act and pursuant to the routine uses in 
this notice.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system will maintain names of nominators and award nominees, 
personal contact information (e.g., email address, phone number, home 
address) for award nominees, business contact information (e.g., email 
address, phone

[[Page 83907]]

number, address of business) of the nominators; as well as other 
personal information (e.g., date of birth or age, place of birth, 
gender, race, religion, education or employment information, military 
service information) of the public safety award nominees, social 
security numbers (full or truncated) contained in the Authorization for 
Release of Information Form (SF-85P); health information or records 
(e.g., medical notes, disability, accommodations) pertaining to 
injuries sustained or disabilities resulting from an award nominee's 
act of bravery; and other personal information pertaining to the acts 
constituting the basis of the proposed award.

RECORD SOURCE CATEGORIES:
    The records in the system may be obtained from, among other things, 
members of the public who nominate individuals for OJP awards, 
information pertaining to witnesses; case files from agencies and 
courts; other official State, Federal, Tribal, or Territorial records, 
as well as other information pertaining to the acts constituting the 
basis of the proposed award.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND THE PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b), all or a portion of the records contained in this system of 
records may be disclosed as a routine use pursuant to 5 U.S.C. 
552a(b)(3) under the circumstances or for the purposes described below, 
to the extent such disclosures are compatible with the purposes for 
which the information was collected:
    1. Where a record, either alone or in conjunction with other 
information, may be relevant to investigating a violation or potential 
violation of law--criminal, civil, or regulatory in nature--the 
relevant records may be referred to the appropriate Federal, state, 
local, territorial, tribal, or foreign law enforcement authority or 
other appropriate entity charged with the responsibility for 
investigating or prosecuting such violation or charged with enforcing 
or implementing such law.
    2. To appropriate officials and employees of a Federal agency or 
entity to the extent necessary for making decisions about the award, 
such as but not limited to, background checks and suitability 
investigations.
    3. To any person or entity that the DOJ has reason to believe 
possesses knowledge regarding matters pertaining to a DOJ award, to the 
extent deemed to be necessary by the DOJ in order to elicit information 
about the potential awardee for use in conferring the award.
    4. In an appropriate proceeding before a court, grand jury, or 
administrative or adjudicative body, when the DOJ determines that the 
records are arguably relevant to the proceeding; or in an appropriate 
proceeding before an administrative or adjudicative body when the 
adjudicator determines the records to be relevant to the proceeding.
    5. To the news media and the public, including but not limited to 
disclosures pursuant to 28 CFR 50.2, unless it is determined that 
release of the specific information in the context of a particular case 
or matter would constitute an unwarranted invasion of personal privacy. 
While disclosures under 28 CFR 50.2 are in connection with a civil or 
criminal proceeding, disclosures under this routine use may also 
pertain to administrative proceedings as well as investigations of 
Federal employee misconduct prejudicial to the interests of members of 
the public.
    6. To contractors, grantees, experts, consultants, students, and 
others performing or working on a contract, service, grant, cooperative 
agreement, or other assignment for the Federal Government, when 
necessary to accomplish an agency function related to this system of 
records.
    7. To a former employee of the DOJ for official purposes where the 
DOJ requires information and/or consultation assistance from the former 
employee regarding a matter within that person's former area of 
responsibility.
    8. To a Member of Congress or staff acting upon the Member's behalf 
when the Member or staff requests the information on behalf of, and at 
the request of, the individual who is the subject of the record.
    9. To the National Archives and Records Administration for purposes 
of records management inspections conducted under the authority of 44 
U.S.C. 2904 and 2906.
    10. To appropriate agencies, entities, and persons when (1) the DOJ 
suspects or has confirmed that there has been a breach of the system of 
records; (2) the DOJ has determined that as a result of the suspected 
or confirmed breach there is a risk of harm to individuals, the DOJ 
(including its information systems, programs, and operations), the 
Federal Government, or national security; and (3) the disclosure made 
to such agencies, entities, and persons is reasonably necessary to 
assist in connection with the DOJ's efforts to respond to the suspected 
or confirmed breach or to prevent, minimize, or remedy such harm.
    11. To another Federal agency or Federal entity, when the DOJ 
determines that information from this system of records is reasonably 
necessary to assist the recipient agency or entity in (1) responding to 
a suspected or confirmed breach, or (2) preventing, minimizing, or 
remedying the risk of harm to individuals, the recipient agency or 
entity (including its information systems, programs, and operations), 
the Federal Government, or national security, resulting from a 
suspected or confirmed breach.
    12. To any agency, organization, or individual for the purpose of 
performing authorized audit or oversight operations of DOJ and meeting 
related reporting requirements.
    13. To such recipients and under such circumstances and procedures 
as are mandated by Federal statute or treaty.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Records in the OJP Award Nomination System are stored in electronic 
format in OJP cloud platforms. Records are stored securely in 
accordance with applicable Federal laws, regulations, DOJ directives, 
and guidance.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records can be retrieved through the OJP Award Nomination Systems 
portals or through a connecting system via a connector or application 
program interface (API). The records are retrievable by global search 
for application ID, or a combination of: first name, last name, city, 
state, or email address of nominee, witnesses, or nominator; date of 
relevant event/occurrence; nominee employing agency; and nominee 
physical addresses.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system are retained and disposed of in accordance 
with the National Archives and Records Administration, General Records 
Schedule 5.7: ``Administrative Management and Oversight Records'' for 
records about administrative management activities in Federal agencies.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    This system meets all DOJ requirements for authorization to operate 
per DOJ Order 0904, Cybersecurity Program. Specifically, information in 
this system is maintained in accordance with applicable laws,

[[Page 83908]]

rules, and policies on protecting individual privacy. The system 
leverages cloud service providers that maintain an authority to operate 
in accordance with applicable laws, rules, and policies, including 
Federal Risk and Authorization Management Program (FedRAMP) 
requirements.
    Backup information will be maintained in accordance with a 
government contract that requires adherence to applicable laws, rules, 
and policies. Internet connections are protected by multiple firewalls. 
Security personnel conduct periodic vulnerability scans using DOJ-
approved software to ensure security compliance and security logs are 
enabled for all computers to assist in troubleshooting and forensics 
analysis during incident investigations. Users of individual computers 
can only gain access to the data by a valid user's identification and 
authentication.

RECORD ACCESS PROCEDURES:
    All requests for access to records must be in writing and should be 
addressed to the component that manages the relevant award:
    OJP FOIA Officer; Office of Justice Programs; Office of the General 
Counsel; 999 North Capitol Street NE, Washington, DC 20002.
    The envelope and letter should be clearly marked ``Privacy Act 
Access Request.'' The request must describe the records sought in 
sufficient detail to enable DOJ personnel to locate them with a 
reasonable amount of effort. The request must include a general 
description of the records sought and must include the requester's full 
name, current address, and date and place of birth. The request must be 
signed and either notarized or submitted under penalty of perjury. 
Although no specific form is required, you may obtain forms for this 
purpose from the FOIA/Privacy Act Mail Referral Unit, United States 
Department of Justice, 950 Pennsylvania Avenue NW, Washington, DC 
20530, or on the Department of Justice website at https://www.justice.gov/oip/oip-request.html.
    More information regarding the DOJ's procedures for accessing 
records in accordance with the Privacy Act can be found at 28 CFR part 
16, subpart D, ``Access to and Amendment of Individual Records Pursuant 
to the Privacy Act of 1974, and Other Privacy Protections.''

CONTESTING RECORD PROCEDURES:
    Individuals seeking to contest or amend records pertaining to them, 
maintained in this system of records, must direct their requests to the 
address indicated in the RECORD ACCESS PROCEDURES paragraph, above. All 
requests to contest or amend records must be in writing and the 
envelope and letter should be clearly marked ``Privacy Act Amendment 
Request.'' All requests must state clearly and concisely what record is 
being contested, the reasons for contesting it, and the proposed 
amendment to the record.
    More information regarding the DOJ's procedures for amending or 
contesting records in accordance with the Privacy Act can be found at 
28 CFR 16.46, ``Privacy Act requests for amendment or correction.''

NOTIFICATION PROCEDURES:
    Individuals may request to be notified if a record in this system 
of records pertains to them by utilizing the same procedures as those 
identified in the RECORD ACCESS PROCEDURES paragraph, above.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    None.

[FR Doc. 2024-23950 Filed 10-17-24; 8:45 am]
BILLING CODE 4410-18-P