Privacy Act Exemptions, 101887-101889 [2024-29596]

Agencies

• Office of the Secretary
• DEPARTMENT OF THE TREASURY

[Federal Register Volume 89, Number 242 (Tuesday, December 17, 2024)]
[Rules and Regulations]
[Pages 101887-101889]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-29596]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Secretary

31 CFR Part 1

RIN 1505-AC32


Privacy Act Exemptions

AGENCY: Departmental Offices, Department of the Treasury.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: In accordance with the Privacy Act of 1974, as amended 
(Privacy Act), the Department of the Treasury, Departmental Offices is 
issuing a final rule, exempting a new system of records entitled 
``Department of the Treasury, Departmental Offices .413--Outbound 
Investment Security Program Notification System'' from certain 
provisions of the Privacy Act. The Outbound Investment Security Program 
Notification System is being established for information collected in 
connection with the implementation of Executive Order 14105 of August 
9, 2023. The exemption is intended to comply with the legal 
prohibitions against the disclosure of certain kinds of information and 
to protect certain information maintained in this system of records.

DATES: This rule is effective on January 16, 2025.

FOR FURTHER INFORMATION CONTACT: For general questions and questions 
regarding privacy issues, please contact: Ryan Law, Deputy Assistant 
Secretary for Privacy, Transparency, and Records, Department of the 
Treasury, 1500 Pennsylvania Avenue NW, Washington, DC 20220; telephone: 
(202) 622-5710.

SUPPLEMENTARY INFORMATION:

Background

    The Department of the Treasury (Treasury) published a notice of 
proposed rulemaking (Systems Exemption NPRM) in the Federal Register, 
89 FR 76783 (published September 19, 2024), proposing to exempt 
portions of the system of records from one or more provisions of the 
Privacy Act.
    As background, on August 9, 2023, the President issued Executive 
Order 14105, 88 FR 54867 (the Outbound Order), which declares a 
national emergency to address the threat to the United States posed by 
countries of concern, which seek to develop and exploit sensitive 
technologies or products critical for military, intelligence, 
surveillance, or cyber-enabled capabilities. Among other things, the 
Outbound Order directs the Secretary of the Treasury to issue 
regulations that require U.S. persons to provide notification of 
information to Treasury regarding certain transactions involving a 
person of a country of concern that is engaged in certain activities 
involving covered national security technologies and products that may 
contribute to the threat to the national security of the United States 
as identified in the Outbound Order. The Outbound Order also directs 
the Secretary of the Treasury to issue regulations that prohibit 
certain transactions by a U.S. person involving a person of a country 
of concern that is engaged in certain activities involving covered 
national security technologies and products that pose a particularly 
acute national security threat to the United States. The Outbound Order 
authorizes the Secretary of the Treasury to exempt from applicable 
prohibitions or notification requirements any transaction determined to 
be in the national interest of the United States. On August 9, 2023, 
Treasury issued an advance notice of proposed rulemaking, 88 FR 54961 
(published August 14, 2023), to explain initial considerations and seek 
public comment on implementation of the Outbound Order.
    On June 21, 2024, Treasury issued a notice of proposed rulemaking 
to seek public comment on the proposed rule, 89 FR 55846 (published 
July 5, 2024). On October 28, 2024, Treasury issued a final rule, [89 
FR 90398] (published November 15, 2024) (the Outbound Rule), setting 
forth the regulations that implement the Outbound Order. The Outbound 
Rule requires U.S. persons to provide notification of certain 
transactions. This information will include relevant details on the 
U.S. person(s) involved in the transaction as well as information on 
the transaction and the foreign person(s) involved. These notifications 
will increase the U.S. Government's visibility into transactions by 
U.S. persons or their controlled foreign entities and involving 
technologies and products relevant to the threat to the national 
security of the United States due to the policies and actions of 
countries of concern. These notifications would also be helpful in 
highlighting aggregate sector trends and related capital flows as well 
as informing future policy development. The Outbound Rule also requires 
any U.S. person seeking a national interest exemption for a particular 
transaction to submit information to Treasury regarding the scope of 
that transaction including, as applicable, the information that would 
be required for a notification under the Outbound Rule.
    Treasury's Departmental Offices published separately the notice of 
a new system of records, 89 FR 76917 (published September 19, 2024), 
for information collected in connection with the implementation of the 
Outbound Order.

Public Comments

    Treasury received five comments on the Systems Exemption NPRM. Four 
commenters support the proposed exemptions because of their importance 
to protect national security. One commenter urged Treasury to consider 
the importance of transparency and accountability in government, as 
well as the impact exemptions to the Privacy Act could have on public 
trust. The commenter expressed concern that the Systems Exemption NPRM 
was too broad and noted that exemptions to the Privacy Act should be 
clearly defined and limited to situations implicating national 
security. The commenter also questioned whether there were any checks 
and balances in place to ensure that data is only collected in the 
interest of national security and public safety.

[[Page 101888]]

    Treasury notes the importance of transparency and accountability 
and the role of the Privacy Act in supporting those goals. As noted in 
the Systems Exemption NPRM, notification is limited to those 
transactions that may contribute to the threat to the national security 
of the United States identified in the Outbound Order, and the scope of 
notifiable transactions is linked to subsets of technologies and 
products and based on specific descriptions and technical thresholds 
provided in the Outbound Rule. In addition, the specific information 
required to be submitted to Treasury in the notifications is a limited 
universe of information related to the relevant transaction. 
Furthermore, as noted in the Outbound Rule, Treasury recognizes the 
importance of safeguarding sensitive information and has included 
specific confidentiality provisions in the regulations. Among the 
checks and balances in place, the Outbound Order requires annual 
reports be submitted to the President with an assessment of the 
effectiveness of the measures imposed under the Outbound Order in 
addressing threats to the national security of the United States, among 
other things. Treasury makes no changes to this final rule in response 
to these comments.

Privacy Act

    Treasury is hereby promulgating a final rule to exempt the Outbound 
Investment Security Program Notification System from certain provisions 
of the Privacy Act pursuant to 5 U.S.C. 552a(k)(1) and (k)(2) and the 
authority vested in the Secretary of the Treasury by 31 CFR 1.23(c).
    Under 5 U.S.C. 552a(k)(1), the head of a Federal agency may 
promulgate rules to exempt a system of records from certain provisions 
of 5 U.S.C. 552a if the system of records is subject to the exemption 
contained in section 552(b)(1) of this title. (Freedom of Information 
Act, exemption (b)(1) protects from disclosure information that has 
been deemed classified ``under criteria established by an Executive 
order to be kept secret in the interest of national defense or foreign 
policy'' and is ``in fact properly classified pursuant to such 
Executive order.'')
    Under 5 U.S.C. 552a(k)(2), the head of a Federal agency may 
promulgate rules to exempt a system of records from certain provisions 
of 5 U.S.C. 552a if the system of records contains investigatory 
materials compiled for law enforcement purposes that are not within the 
scope of subsection (j)(2) of the Privacy Act (which applies to 
agencies and components thereof that perform as their principal 
function any activity pertaining to the enforcement of criminal laws).
    To the extent that this system of records contains classified 
information protected by 5 U.S.C. 552a(k)(1) or investigatory materials 
compiled for law enforcement purposes protected by 5 U.S.C. 552a(k)(2), 
Treasury exempts the following system of records from various 
provisions of the Privacy Act:

DO .413--Outbound Investment Security Program Notification System

    Under 5 U.S.C. 552a(k)(1) and (k)(2), Treasury exempts certain 
records in the above-referenced system of records be exempt from 5 
U.S.C. 552a(c)(3), (d)(1) through (4), (e)(1), (e)(4)(G) through (I), 
and (f) of the Privacy Act. See 31 CFR 1.36.
    The following are the reasons why the classified records and 
investigatory materials contained in the above-referenced system of 
records may be exempted from various provisions of the Privacy Act 
pursuant to 5 U.S.C. 552a(k)(1) and (k)(2).
    1. 5 U.S.C. 552a(c)(3) requires an agency to make any accounting of 
disclosures of records required by 5 U.S.C. 552a(c)(1) available to the 
individual named in the record upon his or her request. Exemption from 
this requirement is appropriate because release of the accounting of 
disclosures of the records in this system could alert individuals 
whether they have been identified as the subject of an analysis related 
to the national security interests of the United States, to the 
existence of the analysis, and reveal the interest on the part of 
Treasury as well as the recipient agency. Disclosure of the accounting 
would present a serious impediment to efforts to protect national 
security interests by giving individuals an opportunity to learn 
whether they have been identified as subjects of a national security-
related analysis. As further described in the following paragraph, 
access to such knowledge would impair Treasury's ability to carry out 
its mission, since individuals could:
    i. Take steps to avoid analysis;
    ii. inform associates that a national security analysis is in 
progress;
    iii. learn the nature of the national security analysis;
    iv. learn the scope of the national security analysis;
    v. begin, continue, or resume conduct that may pose a threat to 
national security upon inferring they may not be part of a national 
security analysis because their records were not disclosed; or
    vi. destroy information relevant to the national security analysis.
    2. 5 U.S.C. 552a(d)(1) through (4) grant individuals access to 
records containing information about them and permit them to request 
amendment of a record pertaining to them and require the agency either 
to amend the record or note the disputed portion of the record and, if 
the agency refuses to amend the record, to provide a copy of the 
individual's statement of disagreement with the agency's refusal, to 
persons or other agencies to whom the record is thereafter disclosed. 
Exemption from this requirement is appropriate because access to a 
portion of the records contained in this system of records could inform 
individuals whether they have been identified as the subject of an 
analysis related to the national security interests of the United 
States, to the existence of the analysis and reveal the interest on the 
part of Treasury or another agency. Access to the records would present 
a serious impediment to efforts to protect national security interests 
by permitting the individual who is the subject of a record to learn 
whether they have been identified as a subject of a national security-
related analysis. Access to such knowledge would impair Treasury's 
ability to carry out its mission, since individuals could take steps to 
impede the analysis and avoid detection, including the steps described 
in paragraph 1.i-through vi of this section. Amendment of the records 
would interfere with ongoing analysis and impose an impossible 
administrative burden. The information contained in the system may also 
include classified information, the release of which would pose a 
threat to the national security of the United States. In addition, 
permitting access and amendment to such information could disclose 
sensitive security information that could be detrimental to Treasury.
    3. 5 U.S.C. 552a(e)(1) requires an agency to maintain in its 
records only such information about an individual as is relevant and 
necessary to accomplish a purpose of the agency required to be 
accomplished by statute or Executive order. Exemption from this 
requirement is appropriate because what information is relevant and 
necessary may not always be apparent at the time of collection. In the 
interests of national security, it is appropriate to include a broad 
range of information that may aid in identifying and assessing the 
nature and scope of national security threats to the United States. 
Additionally, the accuracy of information obtained or introduced 
occasionally may be unclear, or the information may not be strictly 
relevant or necessary to a specific analysis. In the interests of 
national security, it is appropriate to retain all

[[Page 101889]]

information that may aid in establishing patterns of suspicious 
activity.
    4. 5 U.S.C. 552a(e)(4)(G) through (I) and 5 U.S.C. 552a(f) require 
an agency to publish the agency procedures whereby individuals can be 
notified if the system of records pertains to them, how they can gain 
access to any record pertaining to them in the system of records and 
contest its content, and the categories of sources of records in the 
system. Exemption from these requirements is appropriate because, as 
noted above, this system is exempt from the access and amendment 
provisions of subsection (d).
    Any records from another Treasury system of records or another 
Executive Branch agency's system of records for which an exemption is 
claimed under 5 U.S.C. 552a(j) or (k) that may also be included in this 
system of records retains the same exempt status as such records have 
in the system for which such exemption is claimed.

Regulatory Analysis

    This rule is not a ``significant regulatory action'' under 
Executive Order 12866. Pursuant to the requirements of the Regulatory 
Flexibility Act (RFA), 5 U.S.C. 601 et seq., it is hereby certified 
that this rule will not have a significant economic impact on a 
substantial number of small entities. This rule, issued pursuant to 5 
U.S.C. 552a(k), exempts certain information maintained by Treasury in 
the above-referenced systems of records from certain provisions of the 
Privacy Act. Small entities, as defined in the RFA, are not provided 
rights under the Privacy Act and are outside the scope of this 
regulation.
    The related information collections have been submitted to the 
Office of Management and Budget on July 8, 2024 under control number: 
1505-0282.

List of Subjects in 31 CFR Part 1

    Courts, Freedom of Information, Government Employees, Privacy.

    For the reasons stated in the preamble, part 1 of title 31 of the 
Code of Federal Regulations is amended as follows:

PART 1--DISCLOSURE OF RECORDS

0
1. The authority citation for part 1 continues to read as follows:

    Authority: 5 U.S.C. 301, 552, 552a, 553; 31 U.S.C. 301, 321; 31 
U.S.C. 3717.


0
2. Amend Sec.  1.36 by adding, in alphanumeric order, entries for ``DO 
.413--Outbound Investment Security Program Notification System'' in 
table 8 to paragraph (e)(1)(ii) and table 11 to paragraph (g)(1)(ii) to 
read as follows:


Sec.  1.36  Systems exempt in whole or in part from provisions of the 
Privacy Act and this part.

* * * * *
    (e) * * *
    (1) * * *
    (ii) * * *

                     Table 8 to Paragraph (e)(1)(ii)
------------------------------------------------------------------------
           No.                             Name of system
------------------------------------------------------------------------
 
                              * * * * * * *
------------------------------------------------------------------------
DO .413..................  Outbound Investment Security Program
                            Notification System.
------------------------------------------------------------------------

* * * * *
    (g) * * *
    (1) * * *
    (ii) * * *

                    Table 11 to Paragraph (g)(1)(ii)
------------------------------------------------------------------------
           No.                             Name of system
------------------------------------------------------------------------
 
                              * * * * * * *
------------------------------------------------------------------------
DO .413..................  Outbound Investment Security Program
                            Notification System.
------------------------------------------------------------------------

* * * * *

    Dated: December 11, 2024.
Ryan Law,
Deputy Assistant Secretary for Privacy, Transparency, and Records.
[FR Doc. 2024-29596 Filed 12-16-24; 8:45 am]
BILLING CODE 4810-AK-P