Privacy Act of 1974; System of Records
ODNI provides notice that it is establishing one new Privacy Act system of records at the National Counterintelligence and Security Center (NCSC). This new system of records is titled the NCSC Continuous Evaluation System, also identified as ODNI/NCSC-003. This notice is necessary to inform the public of the existence and character of records that the agency maintains. Continuous Evaluation (CE) is a personnel security investigative process used to review the continued eligibility of individuals who have been determined eligible for access to classified information or to hold a sensitive position. Individuals subject to CE include current Executive Branch employees, detailees, contractors, and other sponsored individuals who are cleared for access to classified information or to hold a sensitive position. The Departments and Agencies (D/As) that sponsor these individuals for access to classified information or to hold a sensitive position ``enroll'' the individuals (enrollees) for CE by electronically entering their identifying information into a technical system that carries out the CE capability. All D/As are required to submit their qualifying populations to CE. D/As may choose to develop a technical CE system of their own, or subscribe to CE services provided by another agency. The ODNI/NCSC will provide CE services to subscribing agencies. The NCSC CE System leverages electronic checks of government and commercial databases and, based on automated business rules, transmits alerts and reports to the enrolling D/A. Datasets queried in the CE process are those that contain security-relevant information, e.g., government-owned financial, law enforcement, terrorism, foreign travel, and current clearance status information. Credit data and commercially-obtained aggregated data also is utilized. On receipt of the electronic prompt, the personnel security function at the enrolling agency verifies that the alert or report received pertains to the enrollee (the subject of the electronic queries). Where the agency verifies that the alert or report pertains to the enrollee, appropriate personnel security officials review the nature of the alert or report to determine the need for further investigation, as dictated by Federal Investigative Standards requirements. Information obtained through the follow-on investigation is considered in adjudicating the enrollee's continued eligibility for access to classified information or to hold a sensitive position. The NCSC CE System retains the enrollment information (personal identifiers as provided by the enrolling D/A) in order to facilitate ongoing CE checks. The system does not retain the records returned from the electronic database queries beyond the time needed to ensure proper electronic delivery to the enrolling agency. Data necessary to implement CE business rules, to perform program assessments, and to satisfy auditing requirements will be retained. D/As conducting CE will adhere to the principles articulated in the Security Executive Agent Directive (SEAD) relating to CE (i.e., SEAD 6). A SEAD provides high level guidance and instruction for the conduct of a personnel security process. SEAD 6 establishes policy and requirements specifically related to CE.