Privacy Act of 1974; System of Records, 88255-88258 [2024-25898]
Download as PDF
<![CDATA[
Federal Register / Vol. 89, No. 216 / Thursday, November 7, 2024 / Notices
national security; and (3) the disclosure
made to such agencies, entities, and
persons is reasonably necessary to assist
in connection with the Department’s
efforts to respond to the suspected or
confirmed breach or to prevent,
minimize, or remedy such harm.
4. A record from this system may be
disclosed as a routine use to another
Federal agency or Federal entity, when
the Department determines that
information from this System of Records
is reasonably necessary to assist the
recipient agency or entity in (1)
responding to a suspected or confirmed
breach or (2) preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including its information
systems, programs, and operations), the
Federal Government, or national
security, resulting from a suspected or
confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Records may be stored as paper
records or electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
Records are retrieved by name.
RECORD ACCESS PROCEDURES:
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
Retention and disposition of these
records is in accordance with the
National Archives and Records
Administration approved records
disposition schedules under the Federal
Advisory Committee records with the
potential of two retentions. One is after
superseded/obsolete, and the other is
permanent.
lotter on DSK11XQN23PROD with NOTICES1
Electronic records may be secured
and maintained on a cloud-based
software server and operating system
that resides in Federal Risk and
Authorization Management Program
(FedRAMP) and Federal Information
Security Modernization Act (FISMA)
hosting environment. Data located in
the cloud-based server is firewalled and
encrypted at rest and in transit. The
security mechanisms for handling data
at rest and in transit are in accordance
with DOE encryption standards.
Records are protected from
unauthorized access through the
following appropriate safeguards:
• Administrative: Access to all
records is limited to lawful government
purposes only, with access to electronic
records based on role and either twofactor authentication or password
protection. The system requires
passwords to be complex and to be
18:15 Nov 06, 2024
Jkt 265001
The Department follows the
procedures outlined in 10 CFR part
1008.4. Valid identification of the
individual making the request is
required before information will be
processed, given, access granted, or a
correction considered, to ensure that
information is processed, given,
corrected, or records disclosed or
corrected only at the request of the
proper person.
CONTESTING RECORD PROCEDURES:
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
VerDate Sep<11>2014
changed frequently. Users accessing
system records undergo frequent
training in Privacy Act and information
security requirements. Security and
privacy controls are reviewed on an
ongoing basis.
• Technical: Computerized records
systems are safeguarded on
Departmental networks configured for
role-based access based on job
responsibilities and organizational
affiliation. Privacy and security controls
are in place for this system and are
updated in accordance with applicable
requirements as determined by NIST
and DOE directives and guidance.
• Physical: Computer servers on
which electronic records are stored are
located in secured Department facilities,
which are protected by security guards,
identification badges, and cameras.
Paper copies of all records are locked in
file cabinets, file rooms, or offices and
are under the control of authorized
personnel. Access to these facilities is
granted only to authorized personnel
and each person granted access to the
system must be an individual
authorized to use or administer the
system.
Any individual may submit a request
to the System Manager and request a
copy of any records relating to them. In
accordance with 10 CFR 1008.11, any
individual may appeal the denial of a
request made by him or her for
information about or for access to or
correction or amendment of records. An
appeal shall be filed within 90 calendar
days after receipt of the denial. When an
appeal is filed by mail, the postmark is
conclusive as to timeliness. The appeal
shall be in writing and must be signed
by the individual. The words
‘‘PRIVACY ACT APPEAL’’ should
appear in capital letters on the envelope
and the letter. Appeals of denials
relating to records maintained in
government-wide System of Records
reported by Office of Personnel
Management (OPM), shall be filed, as
appropriate, with the Assistant Director
for Agency Compliance and Evaluation,
OPM, 1900 E Street NW, Washington,
PO 00000
Frm 00026
Fmt 4703
Sfmt 4703
88255
DC 20415. All other appeals relating to
DOE records shall be directed to the
Director, Office of Hearings and Appeals
(OHA), 1000 Independence Avenue SW,
Washington, DC 20585.
NOTIFICATION PROCEDURES:
In accordance with the DOE
regulation implementing the Privacy
Act, 10 CFR part 1008, a request by an
individual to determine if a System of
Records contains information about
themselves should be directed to the
U.S. Department of Energy,
Headquarters, Privacy Act Officer. The
request should include the requester’s
complete name and the time period for
which records are sought.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
This SORN was last published in the
Federal Register, 74 FR 1007–1008, on
January 9, 2009.
Signing Authority
This document of the Department of
Energy was signed on November 2,
2024, by Ann Dunkin, Senior Agency
Official for Privacy, pursuant to
delegated authority from the Secretary
of Energy. That document with the
original signature and date is
maintained by DOE. For administrative
purposes only, and in compliance with
requirements of the Office of the Federal
Register, the undersigned DOE Federal
Register Liaison Officer has been
authorized to sign and submit the
document in electronic format for
publication, as an official document of
the Department of Energy. This
administrative process in no way alters
the legal effect of this document upon
publication in the Federal Register.
Signed in Washington, DC, on November 4,
2024.
Jennifer Hartzell,
Alternate Federal Register Liaison Officer,
U.S. Department of Energy.
[FR Doc. 2024–25899 Filed 11–6–24; 8:45 am]
BILLING CODE 6450–01–P
DEPARTMENT OF ENERGY
Privacy Act of 1974; System of
Records
U.S. Department of Energy.
Notice of a modified system of
AGENCY:
ACTION:
records.
As required by the Privacy
Act of 1974 and the Office of
Management and Budget (OMB)
Circulars A–108 and A–130, the
Department of Energy (DOE or the
SUMMARY:
E:\FR\FM\07NON1.SGM
07NON1
88256
Federal Register / Vol. 89, No. 216 / Thursday, November 7, 2024 / Notices
Department) is publishing notice of a
modification to an existing Privacy Act
system of records. DOE proposes to
amend System of Records DOE–17 DOE
Alert System. This System of Records
Notice (SORN) is being modified to
align with new formatting requirements,
published by OMB, and to ensure
appropriate Privacy Act coverage of
business processes and Privacy Act
information.
This modified SORN will
become applicable following the end of
the public comment period on
December 9, 2024 unless comments are
received that result in a contrary
determination.
DATES:
Written comments should
be sent to the DOE Desk Officer, Office
of Information and Regulatory Affairs,
Office of Management and Budget, New
Executive Office Building, Room 10102,
735 17th Street NW, Washington, DC
20503 and to Ken Hunt, Chief Privacy
Officer, U.S. Department of Energy,
1000 Independence Avenue SW, Rm.
8H–085, Washington, DC 20585, by
facsimile at (202) 586–8151, or by email
at privacy@hq.doe.gov.
ADDRESSES:
Ken
Hunt, Chief Privacy Officer, U.S.
Department of Energy, 1000
Independence Avenue SW, Rm. 8H–
085, Washington, DC 20585, by
facsimile at (202) 586–8151, by email at
privacy@hq.doe.gov, or by telephone at
(240) 686–9485.
SUPPLEMENTARY INFORMATION: On
January 9, 2009, DOE published a
Compilation of its Privacy Act systems
of records, which included System of
DOE–17 DOE Alert System. This notice
proposes the following amendments.
The system manager has been updated
as the Office of Emergency Management.
‘‘Categories of Individuals Covered by
the System’’ now includes contractors.
‘‘Categories of Records in this System’’
has been updated to include cell phone
number. In the ‘‘Routine Uses’’ section,
this modified notice deletes a previous
routine use concerning efforts
responding to a suspected or confirmed
loss of confidentiality of information as
it appears in DOE’s compilation of its
Privacy Act systems of records (January
9, 2009) and replaces it with one to
assist DOE with responding to a
suspected or confirmed breach of its
records of Personally Identifiable
Information (PII), modeled with
language from OMB’s Memorandum M–
17–12, ‘‘Preparing for and Responding
to a Breach of Personally Identifiable
Information’’ (January 3, 2017). Further,
this notice adds one new routine use to
ensure that DOE may assist another
lotter on DSK11XQN23PROD with NOTICES1
FOR FURTHER INFORMATION CONTACT:
VerDate Sep<11>2014
18:15 Nov 06, 2024
Jkt 265001
agency or entity in responding to the
other agency’s or entity’s confirmed or
suspected breach of PII, as appropriate,
as aligned with OMB’s Memorandum
M–17–12. An administrative change
required by the FOIA Improvement Act
of 2016 extends the length of time a
requestor is permitted to file an appeal
under the Privacy Act from 30 to 90
days. Both the ‘‘System Locations’’ and
‘‘Administrative, Technical and
Physical Safeguards’’ sections have been
modified to reflect the Department’s
usage of cloud-based services for
records storage. Language throughout
the SORN has been updated to align
with applicable Federal privacy laws,
policies, procedures, and best practices.
SYSTEM NAME AND NUMBER:
DOE–17 DOE Alert System.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Systems leveraging this SORN may
exist in multiple locations. All systems
storing records in a cloud-based server
are required to use governmentapproved cloud services and follow
National Institute of Standards and
Technology (NIST) security and privacy
standards for access and data retention.
Records maintained in a governmentapproved cloud server are accessed
through secure data centers in the
continental United States.
U.S. Department of Energy,
Headquarters, 1000 Independence
Avenue SW, Washington, DC 20585.
SYSTEM MANAGER(S):
Director, Office of Emergency
Management, Office of Continuity
Programs and Mission Resilience, U.S.
Department of Energy, 1000
Independence Avenue SW, Washington,
DC 20585.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 7101 et seq. and 50 U.S.C.
2401 et seq.
PURPOSE(S) OF THE SYSTEM:
Records in this system are used by the
Department to alert those employees
who have requested and registered to be
notified in the event of an emergency at
DOE or its facilities.
CATEGORIES OF INDIVIDUALS COVERED BY THE
SYSTEM:
Current DOE, including National
Nuclear Security Administration
(NNSA), employees and contractor
employees, consultants, and board
members.
PO 00000
Frm 00027
Fmt 4703
Sfmt 4703
CATEGORIES OF RECORDS IN THE SYSTEM:
The records include the name of the
individual, work and home email
addresses, work and home telephone
numbers, cellphone numbers, and pager
numbers.
RECORD SOURCE CATEGORIES:
The individual to whom the record
pertains provides all information
maintained in the system.
ROUTINE USES OF RECORDS MAINTAINED IN THE
SYSTEM, INCLUDING CATEGORIES OF USERS AND
PURPOSES OF SUCH USES:
1. A record from this system may be
disclosed as a routine use for the
purpose of an investigation, settlement
of claims, or the preparation and
conduct of litigation to (1) persons
representing the Department in the
investigation, settlement or litigation,
and to individuals assisting in such
representation; (2) others involved in
the investigation, settlement, and
litigation, and their representatives and
individuals assisting those
representatives; (3) witnesses, potential
witnesses, or their representatives and
assistants; and (4) any other persons
who possess information pertaining to
the matter when it is necessary to obtain
information or testimony relevant to the
matter.
2. A record from this system may be
disclosed as a routine use in court or
administrative proceedings to the
tribunals, counsel, other parties,
witnesses, and the public (in publicly
available pleadings, filings, or
discussion in open court) when such
disclosure: (1) is relevant to, and
necessary for, the proceeding; (2) is
compatible with the purpose for which
the Department collected the records;
and (3) the proceedings involve:
(a) The Department, its predecessor
agencies, current or former contractors
of the Department, or other United
States Government agencies and their
components, or
(b) A current or former employee of
the Department and its predecessor
agencies, current or former contractors
of the Department, or other United
States Government agencies and their
components, who is acting in an official
capacity, or in any individual capacity
where the Department or other United
States Government agency has agreed to
represent the employee.
3. A record from this system may be
disclosed as a routine use to the
appropriate local, tribal, state, or federal
agency when records, alone or in
conjunction with other information,
indicate a violation or potential
violation of law whether civil, criminal,
or regulatory in nature, and whether
E:\FR\FM\07NON1.SGM
07NON1
Federal Register / Vol. 89, No. 216 / Thursday, November 7, 2024 / Notices
arising by general statute or particular
program pursuant thereto.
4. A record from this system may be
disclosed as a routine use to a member
of Congress submitting a request
involving a constituent when the
constituent has requested assistance
from the member concerning the subject
matter of the record. The member of
Congress must provide a copy of the
constituent’s signed request for
assistance.
5. A record from this system may be
disclosed as a routine use to DOE
contractors in performance of their
contracts, and their officers and
employees who have a need for the
record in the performance of their
duties. Those provided information
under this routine use are subject to the
same limitations applicable to
Department officers and employees
under the Privacy Act.
6. A record from this system may be
disclosed as a routine use to appropriate
agencies, entities, and persons when (1)
the Department suspects or has
confirmed that there has been a breach
of the system of records; (2) the
Department has determined that as a
result of the suspected or confirmed
breach there is a risk of harm to
individuals, DOE (including its
information systems, programs, and
operations), the Federal Government, or
national security; and (3) the disclosure
made to such agencies, entities, and
persons is reasonably necessary to assist
in connection with the Department’s
efforts to respond to the suspected or
confirmed breach or to prevent,
minimize, or remedy such harm.
7. A record from this system may be
disclosed as a routine use to another
Federal agency or Federal entity, when
the Department determines that
information from this system of records
is reasonably necessary to assist the
recipient agency or entity in (1)
responding to a suspected or confirmed
breach or (2) preventing, minimizing, or
remedying the risk of harm to
individuals, the recipient agency or
entity (including its information
systems, programs, and operations), the
Federal Government, or national
security, resulting from a suspected or
confirmed breach.
lotter on DSK11XQN23PROD with NOTICES1
POLICIES AND PRACTICES FOR STORAGE OF
RECORDS:
Records may be stored as paper
records or electronic media.
Records are retrieved by the name of
the individual.
18:15 Nov 06, 2024
Jkt 265001
Retention and disposition of these
records is in accordance with the
National Archives and Records
Administration-approved records
disposition schedule with a retention of
3 years.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL
SAFEGUARDS:
Electronic records may be secured
and maintained on a cloud-based
software server and operating system
that resides in Federal Risk and
Authorization Management Program
(FedRAMP) and Federal Information
Security Modernization Act (FISMA)
hosting environment. Data located in
the cloud-based server is firewalled and
encrypted at rest and in transit. The
security mechanisms for handling data
at rest and in transit are in accordance
with DOE encryption standards.
Records are protected from
unauthorized access through the
following appropriate safeguards:
• Administrative: Access to all
records is limited to lawful government
purposes only, with access to electronic
records based on role and either twofactor authentication or password
protection. The system requires
passwords to be complex and to be
changed frequently. Users accessing
system records undergo frequent
training in Privacy Act and information
security requirements. Security and
privacy controls are reviewed on an
ongoing basis.
• Technical: Computerized records
systems are safeguarded on
Departmental networks configured for
role-based access based on job
responsibilities and organizational
affiliation. Privacy and security controls
are in place for this system and are
updated in accordance with applicable
requirements as determined by NIST
and DOE directives and guidance.
• Physical: Computer servers on
which electronic records are stored are
located in secured Department facilities,
which are protected by security guards,
identification badges, and cameras.
Paper copies of all records are locked in
file cabinets, file rooms, or offices and
are under the control of authorized
personnel. Access to these facilities is
granted only to authorized personnel
and each person granted access to the
system must be an individual
authorized to use or administer the
system.
RECORD ACCESS PROCEDURES:
POLICIES AND PRACTICES FOR RETRIEVAL OF
RECORDS:
VerDate Sep<11>2014
POLICIES AND PRACTICES FOR RETENTION AND
DISPOSAL OF RECORDS:
The Department follows the
procedures outlined in 10 CFR 1008.4.
Valid identification of the individual
PO 00000
Frm 00028
Fmt 4703
Sfmt 4703
88257
making the request is required before
information will be processed, given,
access granted, or a correction
considered, to ensure that information is
processed, given, corrected, or records
disclosed or corrected only at the
request of the proper person.
CONTESTING RECORD PROCEDURES:
Any individual may submit a request
to the System Manager and request a
copy of any records relating to them. In
accordance with 10 CFR 1008.11, any
individual may appeal the denial of a
request made by him or her for
information about or for access to or
correction or amendment of records. An
appeal shall be filed within 90 calendar
days after receipt of the denial. When an
appeal is filed by mail, the postmark is
conclusive as to timeliness. The appeal
shall be in writing and must be signed
by the individual. The words
‘‘PRIVACY ACT APPEAL’’ should
appear in capital letters on the envelope
and the letter. Appeals relating to DOE
records shall be directed to the Director,
Office of Hearings and Appeals (OHA),
1000 Independence Avenue SW,
Washington, DC 20585.
NOTIFICATION PROCEDURES:
In accordance with the DOE
regulation implementing the Privacy
Act, at 10 CFR part 1008, a request by
an individual to determine if a system
of records contains information about
themselves should be directed to the
U.S. Department of Energy,
Headquarters, Privacy Act Officer. The
request should include the requester’s
complete name and the time period for
which records are sought.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
This SORN was last published in the
Federal Register, 74 FR 1019–1020, on
January 9, 2009.
Signing Authority
This document of the Department of
Energy was signed on November 1,
2024, by Ann Dunkin, Senior Agency
Official for Privacy, pursuant to
delegated authority from the Secretary
of Energy. That document with the
original signature and date is
maintained by DOE. For administrative
purposes only, and in compliance with
requirements of the Office of the Federal
Register, the undersigned DOE Federal
Register Liaison Officer has been
authorized to sign and submit the
document in electronic format for
publication, as an official document of
the Department of Energy. This
administrative process in no way alters
E:\FR\FM\07NON1.SGM
07NON1
88258
Federal Register / Vol. 89, No. 216 / Thursday, November 7, 2024 / Notices
the legal effect of this document upon
publication in the Federal Register.
Signed in Washington, DC, on November 4,
2024.
Jennifer Hartzell,
Alternate Federal Register Liaison Officer,
U.S. Department of Energy.
[FR Doc. 2024–25898 Filed 11–6–24; 8:45 am]
BILLING CODE 6450–01–P
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
Dated: October 31, 2024.
Carlos D. Clay,
Acting Deputy Secretary.
[Project No. 2701–061]
[FR Doc. 2024–25849 Filed 11–6–24; 8:45 am]
lotter on DSK11XQN23PROD with NOTICES1
Erie Boulevard Hydropower, L.P.;
Notice of Availability of Final
Environmental Assessment
BILLING CODE 6717–01–P
In accordance with the National
Environmental Policy Act of 1969 and
the Federal Energy Regulatory
Commission’s (Commission)
regulations, 18 CFR part 380, the Office
of Energy Projects has reviewed the
application for a new license to
continue to operate and maintain the
West Canada Creek Hydroelectric
Project (West Canada Creek Project) and
has prepared a Final Environmental
Assessment (final EA) for the project.
The West Canada Creek Project is
located on West Canada Creek, in the
counties of Oneida and Herkimer, New
York.
The final EA contains staff’s analysis
of the potential environmental impacts
of the project and concludes that
licensing the project, with appropriate
environmental protective measures,
would not constitute a major federal
action that would significantly affect the
quality of the human environment.
The Commission provides all
interested persons with an opportunity
to view and/or print the final EA via the
internet through the Commission’s
Home Page (https://www.ferc.gov/), using
the ‘‘eLibrary’’ link. Enter the docket
number, excluding the last three digits
in the docket number field, to access the
document. For assistance, contact FERC
Online Support at
FERCOnlineSupport@ferc.gov, or tollfree at (866) 208–3676, or for TTY, (202)
502–8659.
You may also register online at
https://ferconline.ferc.gov/FERCOnline.
aspx to be notified via email of new
filings and issuances related to this or
other pending projects. For assistance,
contact FERC Online Support.
The Commission’s Office of Public
Participation (OPP) supports meaningful
public engagement and participation in
Commission proceedings. OPP can help
members of the public, including
VerDate Sep<11>2014
18:15 Nov 06, 2024
landowners, environmental justice
communities, Tribal members and
others, access publicly available
information and navigate Commission
processes. For public inquiries and
assistance with making filings such as
interventions, comments, or requests for
rehearing, the public is encouraged to
contact OPP at (202)502–6595 or OPP@
ferc.gov.
For further information, contact
Laurie Bauer at (202) 502–6519 or by
email at laurie.bauer@ferc.gov.
Jkt 265001
DEPARTMENT OF ENERGY
Federal Energy Regulatory
Commission
[Docket No. CP25–7–000]
Colorado Interstate Gas Company,
LLC; Notice of Application and
Establishing Intervention Deadline
Take notice that on October 17, 2024,
Colorado Interstate Gas Company, L.L.C.
(CIG), P.O. Box 1087, Colorado Springs,
Colorado 80944, filed an application
under section 7(b) of the Natural Gas
Act (NGA), and part 157 of the
Commission’s regulations requesting
authorization to abandon by sale to its
affiliate, Hiland Crude LLC,
approximately 100 miles of its 16-inchdiameter Powder River Lateral. CIG
estimates the total cost of the
abandonment to be $1,115,203, all as
more fully set forth in the application
which is on file with the Commission
and open for public inspection.
In addition to publishing the full text
of this document in the Federal
Register, the Commission provides all
interested persons an opportunity to
view and/or print the contents of this
document via the internet through the
Commission’s Home Page (https://
www.ferc.gov). From the Commission’s
Home Page on the internet, this
information is available on eLibrary.
The full text of this document is
available on eLibrary in PDF and
Microsoft Word format for viewing,
printing, and/or downloading. To access
this document in eLibrary, type the
docket number excluding the last three
digits of this document in the docket
number field.
User assistance is available for
eLibrary and the Commission’s website
during normal business hours from
FERC Online Support at (202) 502–6652
PO 00000
Frm 00029
Fmt 4703
Sfmt 4703
(toll free at 1–866–208–3676) or email at
ferconlinesupport@ferc.gov, or the
Public Reference Room at (202) 502–
8371, TTY (202) 502–8659. Email the
Public Reference Room at
public.referenceroom@ferc.gov.
Any questions regarding the proposed
project should be directed to Francisco
Tarin, Director, Regulatory, Colorado
Interstate Gas Company, L.L.C., P.O.
Box 1087, Colorado Springs, Colorado
80944, by phone at (719) 667–7517, or
by email at CIGregulatoryaffairs@
kindermorgan.com.
Pursuant to section 157.9 of the
Commission’s Rules of Practice and
Procedure,1 within 90 days of this
Notice the Commission staff will either:
complete its environmental review and
place it into the Commission’s public
record (eLibrary) for this proceeding; or
issue a Notice of Schedule for
Environmental Review. If a Notice of
Schedule for Environmental Review is
issued, it will indicate, among other
milestones, the anticipated date for the
Commission staff’s issuance of the final
environmental impact statement (FEIS)
or environmental assessment (EA) for
this proposal. The filing of an EA in the
Commission’s public record for this
proceeding or the issuance of a Notice
of Schedule for Environmental Review
will serve to notify federal and state
agencies of the timing for the
completion of all necessary reviews, and
the subsequent need to complete all
federal authorizations within 90 days of
the date of issuance of the Commission
staff’s FEIS or EA.
Public Participation
There are three ways to become
involved in the Commission’s review of
this project: you can file comments on
the project, you can protest the filing,
and you can file a motion to intervene
in the proceeding. There is no fee or
cost for filing comments or intervening.
The deadline for filing a motion to
intervene is 5:00 p.m. Eastern Time on
November 21, 2024. How to file
protests, motions to intervene, and
comments is explained below.
The Commission’s Office of Public
Participation (OPP) supports meaningful
public engagement and participation in
Commission proceedings. OPP can help
members of the public, including
landowners, environmental justice
communities, Tribal members and
others, access publicly available
information and navigate Commission
processes. For public inquiries and
assistance with making filings such as
interventions, comments, or requests for
rehearing, the public is encouraged to
1 18
CFR 157.9.
E:\FR\FM\07NON1.SGM
07NON1
]]>Agencies
[Federal Register Volume 89, Number 216 (Thursday, November 7, 2024)]
[Notices]
[Pages 88255-88258]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-25898]
-----------------------------------------------------------------------
DEPARTMENT OF ENERGY
Privacy Act of 1974; System of Records
AGENCY: U.S. Department of Energy.
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: As required by the Privacy Act of 1974 and the Office of
Management and Budget (OMB) Circulars A-108 and A-130, the Department
of Energy (DOE or the
[[Page 88256]]
Department) is publishing notice of a modification to an existing
Privacy Act system of records. DOE proposes to amend System of Records
DOE-17 DOE Alert System. This System of Records Notice (SORN) is being
modified to align with new formatting requirements, published by OMB,
and to ensure appropriate Privacy Act coverage of business processes
and Privacy Act information.
DATES: This modified SORN will become applicable following the end of
the public comment period on December 9, 2024 unless comments are
received that result in a contrary determination.
ADDRESSES: Written comments should be sent to the DOE Desk Officer,
Office of Information and Regulatory Affairs, Office of Management and
Budget, New Executive Office Building, Room 10102, 735 17th Street NW,
Washington, DC 20503 and to Ken Hunt, Chief Privacy Officer, U.S.
Department of Energy, 1000 Independence Avenue SW, Rm. 8H-085,
Washington, DC 20585, by facsimile at (202) 586-8151, or by email at
[email protected].
FOR FURTHER INFORMATION CONTACT: Ken Hunt, Chief Privacy Officer, U.S.
Department of Energy, 1000 Independence Avenue SW, Rm. 8H-085,
Washington, DC 20585, by facsimile at (202) 586-8151, by email at
[email protected], or by telephone at (240) 686-9485.
SUPPLEMENTARY INFORMATION: On January 9, 2009, DOE published a
Compilation of its Privacy Act systems of records, which included
System of DOE-17 DOE Alert System. This notice proposes the following
amendments. The system manager has been updated as the Office of
Emergency Management. ``Categories of Individuals Covered by the
System'' now includes contractors. ``Categories of Records in this
System'' has been updated to include cell phone number. In the
``Routine Uses'' section, this modified notice deletes a previous
routine use concerning efforts responding to a suspected or confirmed
loss of confidentiality of information as it appears in DOE's
compilation of its Privacy Act systems of records (January 9, 2009) and
replaces it with one to assist DOE with responding to a suspected or
confirmed breach of its records of Personally Identifiable Information
(PII), modeled with language from OMB's Memorandum M-17-12, ``Preparing
for and Responding to a Breach of Personally Identifiable Information''
(January 3, 2017). Further, this notice adds one new routine use to
ensure that DOE may assist another agency or entity in responding to
the other agency's or entity's confirmed or suspected breach of PII, as
appropriate, as aligned with OMB's Memorandum M-17-12. An
administrative change required by the FOIA Improvement Act of 2016
extends the length of time a requestor is permitted to file an appeal
under the Privacy Act from 30 to 90 days. Both the ``System Locations''
and ``Administrative, Technical and Physical Safeguards'' sections have
been modified to reflect the Department's usage of cloud-based services
for records storage. Language throughout the SORN has been updated to
align with applicable Federal privacy laws, policies, procedures, and
best practices.
SYSTEM NAME AND NUMBER:
DOE-17 DOE Alert System.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Systems leveraging this SORN may exist in multiple locations. All
systems storing records in a cloud-based server are required to use
government-approved cloud services and follow National Institute of
Standards and Technology (NIST) security and privacy standards for
access and data retention. Records maintained in a government-approved
cloud server are accessed through secure data centers in the
continental United States.
U.S. Department of Energy, Headquarters, 1000 Independence Avenue
SW, Washington, DC 20585.
SYSTEM MANAGER(S):
Director, Office of Emergency Management, Office of Continuity
Programs and Mission Resilience, U.S. Department of Energy, 1000
Independence Avenue SW, Washington, DC 20585.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 7101 et seq. and 50 U.S.C. 2401 et seq.
PURPOSE(S) OF THE SYSTEM:
Records in this system are used by the Department to alert those
employees who have requested and registered to be notified in the event
of an emergency at DOE or its facilities.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Current DOE, including National Nuclear Security Administration
(NNSA), employees and contractor employees, consultants, and board
members.
CATEGORIES OF RECORDS IN THE SYSTEM:
The records include the name of the individual, work and home email
addresses, work and home telephone numbers, cellphone numbers, and
pager numbers.
RECORD SOURCE CATEGORIES:
The individual to whom the record pertains provides all information
maintained in the system.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
1. A record from this system may be disclosed as a routine use for
the purpose of an investigation, settlement of claims, or the
preparation and conduct of litigation to (1) persons representing the
Department in the investigation, settlement or litigation, and to
individuals assisting in such representation; (2) others involved in
the investigation, settlement, and litigation, and their
representatives and individuals assisting those representatives; (3)
witnesses, potential witnesses, or their representatives and
assistants; and (4) any other persons who possess information
pertaining to the matter when it is necessary to obtain information or
testimony relevant to the matter.
2. A record from this system may be disclosed as a routine use in
court or administrative proceedings to the tribunals, counsel, other
parties, witnesses, and the public (in publicly available pleadings,
filings, or discussion in open court) when such disclosure: (1) is
relevant to, and necessary for, the proceeding; (2) is compatible with
the purpose for which the Department collected the records; and (3) the
proceedings involve:
(a) The Department, its predecessor agencies, current or former
contractors of the Department, or other United States Government
agencies and their components, or
(b) A current or former employee of the Department and its
predecessor agencies, current or former contractors of the Department,
or other United States Government agencies and their components, who is
acting in an official capacity, or in any individual capacity where the
Department or other United States Government agency has agreed to
represent the employee.
3. A record from this system may be disclosed as a routine use to
the appropriate local, tribal, state, or federal agency when records,
alone or in conjunction with other information, indicate a violation or
potential violation of law whether civil, criminal, or regulatory in
nature, and whether
[[Page 88257]]
arising by general statute or particular program pursuant thereto.
4. A record from this system may be disclosed as a routine use to a
member of Congress submitting a request involving a constituent when
the constituent has requested assistance from the member concerning the
subject matter of the record. The member of Congress must provide a
copy of the constituent's signed request for assistance.
5. A record from this system may be disclosed as a routine use to
DOE contractors in performance of their contracts, and their officers
and employees who have a need for the record in the performance of
their duties. Those provided information under this routine use are
subject to the same limitations applicable to Department officers and
employees under the Privacy Act.
6. A record from this system may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) the Department
suspects or has confirmed that there has been a breach of the system of
records; (2) the Department has determined that as a result of the
suspected or confirmed breach there is a risk of harm to individuals,
DOE (including its information systems, programs, and operations), the
Federal Government, or national security; and (3) the disclosure made
to such agencies, entities, and persons is reasonably necessary to
assist in connection with the Department's efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such
harm.
7. A record from this system may be disclosed as a routine use to
another Federal agency or Federal entity, when the Department
determines that information from this system of records is reasonably
necessary to assist the recipient agency or entity in (1) responding to
a suspected or confirmed breach or (2) preventing, minimizing, or
remedying the risk of harm to individuals, the recipient agency or
entity (including its information systems, programs, and operations),
the Federal Government, or national security, resulting from a
suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records may be stored as paper records or electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by the name of the individual.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Retention and disposition of these records is in accordance with
the National Archives and Records Administration-approved records
disposition schedule with a retention of 3 years.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Electronic records may be secured and maintained on a cloud-based
software server and operating system that resides in Federal Risk and
Authorization Management Program (FedRAMP) and Federal Information
Security Modernization Act (FISMA) hosting environment. Data located in
the cloud-based server is firewalled and encrypted at rest and in
transit. The security mechanisms for handling data at rest and in
transit are in accordance with DOE encryption standards. Records are
protected from unauthorized access through the following appropriate
safeguards:
Administrative: Access to all records is limited to lawful
government purposes only, with access to electronic records based on
role and either two-factor authentication or password protection. The
system requires passwords to be complex and to be changed frequently.
Users accessing system records undergo frequent training in Privacy Act
and information security requirements. Security and privacy controls
are reviewed on an ongoing basis.
Technical: Computerized records systems are safeguarded on
Departmental networks configured for role-based access based on job
responsibilities and organizational affiliation. Privacy and security
controls are in place for this system and are updated in accordance
with applicable requirements as determined by NIST and DOE directives
and guidance.
Physical: Computer servers on which electronic records are
stored are located in secured Department facilities, which are
protected by security guards, identification badges, and cameras. Paper
copies of all records are locked in file cabinets, file rooms, or
offices and are under the control of authorized personnel. Access to
these facilities is granted only to authorized personnel and each
person granted access to the system must be an individual authorized to
use or administer the system.
RECORD ACCESS PROCEDURES:
The Department follows the procedures outlined in 10 CFR 1008.4.
Valid identification of the individual making the request is required
before information will be processed, given, access granted, or a
correction considered, to ensure that information is processed, given,
corrected, or records disclosed or corrected only at the request of the
proper person.
CONTESTING RECORD PROCEDURES:
Any individual may submit a request to the System Manager and
request a copy of any records relating to them. In accordance with 10
CFR 1008.11, any individual may appeal the denial of a request made by
him or her for information about or for access to or correction or
amendment of records. An appeal shall be filed within 90 calendar days
after receipt of the denial. When an appeal is filed by mail, the
postmark is conclusive as to timeliness. The appeal shall be in writing
and must be signed by the individual. The words ``PRIVACY ACT APPEAL''
should appear in capital letters on the envelope and the letter.
Appeals relating to DOE records shall be directed to the Director,
Office of Hearings and Appeals (OHA), 1000 Independence Avenue SW,
Washington, DC 20585.
NOTIFICATION PROCEDURES:
In accordance with the DOE regulation implementing the Privacy Act,
at 10 CFR part 1008, a request by an individual to determine if a
system of records contains information about themselves should be
directed to the U.S. Department of Energy, Headquarters, Privacy Act
Officer. The request should include the requester's complete name and
the time period for which records are sought.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
This SORN was last published in the Federal Register, 74 FR 1019-
1020, on January 9, 2009.
Signing Authority
This document of the Department of Energy was signed on November 1,
2024, by Ann Dunkin, Senior Agency Official for Privacy, pursuant to
delegated authority from the Secretary of Energy. That document with
the original signature and date is maintained by DOE. For
administrative purposes only, and in compliance with requirements of
the Office of the Federal Register, the undersigned DOE Federal
Register Liaison Officer has been authorized to sign and submit the
document in electronic format for publication, as an official document
of the Department of Energy. This administrative process in no way
alters
[[Page 88258]]
the legal effect of this document upon publication in the Federal
Register.
Signed in Washington, DC, on November 4, 2024.
Jennifer Hartzell,
Alternate Federal Register Liaison Officer, U.S. Department of Energy.
[FR Doc. 2024-25898 Filed 11-6-24; 8:45 am]
BILLING CODE 6450-01-P
