Privacy Act Regulations; Exemption for the Insider Threat Program Documents
Privacy Act Regulations; Exemption for the Insider Threat Program
 

Table of Contents Back to Top

Submit written comments on or before November 3, 2014

ADDRESSES: Back to Top

Send written comments, identified by the number 1090-AB07, by one of the following methods:

  • Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
  • Mail: Teri Barnett, Department of the Interior Privacy Act Officer, 1849 C Street NW., Mail Stop 5547 MIB, Washington, DC 20240.

FOR FURTHER INFORMATION CONTACT: Back to Top

Teri Barnett, Department of the Interior Privacy Act Officer, 1849 C Street NW., Mail Stop 5547 MIB, Washington, DC 20240. Email at Privacy@ios.doi.gov.

SUPPLEMENTARY INFORMATION: Back to Top

Background Back to Top

The Privacy Act of 1974, as amended, 5 U.S.C. 552a, governs the means by which the U.S. Government collects, maintains, uses and disseminates personally identifiable information. The Privacy Act applies to records about individuals that are maintained in a “system of records.” A system of records is a group of any records under the control of an agency from which information about an individual is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. See 5 U.S.C. 552a(a)(4) and (5).

An individual may request access to records containing information about him or herself, 5 U.S.C. 552a(b), (c) and (d). However, the Privacy Act authorizes Federal agencies to exempt systems of records from access by individuals under certain circumstances, such as where the access or disclosure of such information would impede national security or law enforcement efforts. Exemptions from Privacy Act provisions must be established by regulation, 5 U.S.C. 552a(j) and (k).

The Department of the Interior (DOI) Office of Law Enforcement and Security created the Insider Threat Program system of records to implement Presidential Executive Order 13587, issued October 7, 2011, which required Federal agencies to establish an insider threat detection and prevention program to ensure the security of classified networks and the responsible sharing and safeguarding of classified information consistent with appropriate protections for privacy and civil liberties. The Insider Threat Program system of records will be used to facilitate management of insider threat investigations and activities associated with counterintelligence complaints, inquiries and investigations; identify potential threats to Department of the Interior resources and information assets; track referrals of potential insider threats to internal and external partners; and provide statistical reports and meet other insider threat reporting requirements. Insider threats include attempted or actual espionage, subversion, sabotage, terrorism or extremist activities directed against the Department of the Interior and its personnel, facilities, resources, and activities; unauthorized use of or intrusion into automated information systems; unauthorized disclosure of classified, controlled unclassified, sensitive, or proprietary-information or technology; indicators of potential insider threats or other incidents that may indicate activities of an insider threat.

The Insider Threat Program system contains classified and unclassified intelligence and law enforcement investigatory records related to counterintelligence and insider threat activities that are exempt from certain provisions of the Privacy Act, 5 U.S.C. 552a(j)(2) and (k)(2). In this notice of proposed rulemaking, the Department of the Interior is proposing to exempt the Insider Threat Program system from certain provisions of the Privacy Act pursuant to 5 U.S.C. 552a(j)(2) and (k)(2).

Under 5 U.S.C. 552a (j)(2), the head of a Federal agency may promulgate rules to exempt a system of records from certain provisions of 5 U.S.C. 552a if the system of records is “maintained by an agency or component thereof which performs as its principal function any activity pertaining to the enforcement of criminal laws, including police efforts to prevent, control or reduce crime or to apprehend criminals.” Under 5 U.S.C. 552a (k)(2), the head of a Federal agency may promulgate rules to exempt a system of records from certain provisions of 5 U.S.C. 552a if the system of records is “investigatory material complied for law enforcement purposes, other than material within the scope of subsection (j)(2),” or “investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information.”

Because this system of records contains investigative and law enforcement material within the provisions of 5 U.S.C. 552a(j)(2) and (k)(2), the Department of the Interior proposes to exempt the Insider Threat Program system of records from one or more of the following provisions: 5 U.S.C. 552a(c)(3), (c)(4), (d), (e)(1) through (e)(3), (e)(4)(G) through (e)(4)(I), (e)(5), (e)(8), (e)(12), (f), and (g). Where a release would not interfere with or adversely affect investigations or law enforcement activities, including but not limited to revealing sensitive information or compromising confidential sources, the exemption may be waived on a case-by-case basis. Exemptions from these particular subsections are justified for the following reasons:

1. 5 U.S.C. 552a(c)(3). This section requires an agency to make the accounting of each disclosure of records available to the individual named in the record upon request. Release of accounting of disclosures would alert the subjects of an investigation to the existence of the investigation and the fact that they are subjects of the investigation. The release of such information to the subjects of an investigation would provide them with significant information concerning the nature of the investigation, and could seriously impede or compromise the investigation, endanger the physical safety of confidential sources, witnesses and their families, and lead to the improper influencing of witnesses, the destruction of evidence, or the fabrication of testimony.

2. 5 U.S.C. 552a(c)(4); (d); (e)(4)(G) and (e)(4)(H); (f); and (g). These sections require an agency to provide notice and disclosure to individuals that a system contains records pertaining to the individual, as well as providing rights of access and amendment. Granting access to records in the Insider Threat Program system could inform the subject of an investigation of an actual or potential criminal violation of the existence of that investigation, of the nature and scope of the information and evidence obtained, of the identity of confidential sources, witnesses, and law enforcement personnel, and could provide information to enable the subject to avoid detection or apprehension. Granting access to such information could seriously impede or compromise an investigation; endanger the physical safety of confidential sources, witnesses, and law enforcement personnel, as well as their families; lead to the improper influencing of witnesses, the destruction of evidence, or the fabrication of testimony; and disclose investigative techniques and procedures. In addition, granting access to such information could disclose classified, security-sensitive, or confidential information and could constitute an unwarranted invasion of the personal privacy of others.

3. 5 U.S.C. 552a(e)(1). This section requires the agency to maintain information about an individual only to the extent that such information is relevant or necessary. The application of this provision could impair investigations and law enforcement, because it is not always possible to determine the relevance or necessity of specific information in the early stages of an investigation. Relevance and necessity are often questions of judgment and timing, and it is only after the information is evaluated that the relevance and necessity of such information can be established. In addition, during the course of the investigation, the investigator may obtain information that is incidental to the main purpose of the investigation but which may relate to matters under the investigative jurisdiction of another agency. Such information cannot readily be segregated. Furthermore, during the course of the investigation, an investigator may obtain information concerning the violation of laws outside the scope of the investigator’s jurisdiction. In the interest of effective law enforcement, DOI investigators should retain this information, since it can aid in establishing patterns of criminal activity and can provide valuable leads for other law enforcement agencies.

4. 5 U.S.C. 552a(e)(2). This section requires the agency to collect information directly from the individual to the greatest extent practical when the information may result in an adverse determination. The application of this provision could impair investigations and law enforcement activities by alerting the subject of an investigation of the existence of the investigation, enabling the subject to avoid detection or apprehension, to influence witnesses improperly, to destroy evidence, or to fabricate testimony. In addition, in certain circumstances, the subject of an investigation cannot be required to provide information to investigators, and information must be collected from other sources. Furthermore, it is often necessary to collect information from sources other than the subject of the investigation to verify the accuracy of the evidence collected.

5. 5 U.S.C. 552a(e)(3). This section requires an agency to inform each person whom it asks to supply information, on a form that can be retained by the person, of the authority which the information is sought and whether disclosure is mandatory or voluntary; of the principal purposes for which the information is intended to be used; of the routine uses that may be made of the information; and the effects on the person, if any, of not providing all or any part of the requested information. The application of this provision could provide the subject of an investigation with substantial information about the nature of that investigation, which could interfere with the investigation. Moreover, providing such information to the subject of an investigation could seriously impede or compromise an undercover investigation by revealing its existence and could endanger the physical safety of confidential sources, witnesses, and investigators by revealing their identities.

6. 5 U.S.C. 552a(e)(4)(I). This section requires an agency to provide public notice of the categories of sources of records in the system. The application of this section could disclose investigative techniques and procedures and cause sources to refrain from giving such information because of fear of reprisal, or fear of breach of promise(s) of anonymity and confidentiality. This could compromise DOI’s ability to conduct investigations and to identify, detect and apprehend violators.

7. 5 U.S.C. 552a(e)(5). This section requires an agency to maintain its records with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to assure fairness to the individual in making any determination about the individual. In collecting information during investigations and for criminal law enforcement purposes, it is not possible to determine in advance what information is accurate, relevant, timely, and complete. Material that may seem unrelated, irrelevant, or incomplete when collected may take on added meaning or significance as the investigation progresses. The restrictions of this provision could interfere with the preparation of a complete investigative report and impede effective law enforcement.

8. 5 U.S.C. 552a(e)(8). This section requires an agency to make reasonable efforts to serve notice on an individual when any record on the individual is made available to any person under compulsory legal process when that process becomes a matter of public record. Complying with this provision could prematurely reveal an ongoing investigation to the subject of the investigation.

9. 5 U.S.C. 552a(e)(12). This section requires an agency to publish in the Federal Register notice of the establishment or revision of a matching program at least 30 days prior to conducting the matching program. Complying with this provision could prematurely reveal an ongoing investigation to the subject of the investigation, impede DOI’s ability to conduct law enforcement investigative matches, and compromise investigations and efforts to identify and detect potential insider threats.

Procedural Requirements Back to Top

1. Regulatory Planning and Review (E.O. 12866)

Executive Order 12866 provides that the Office of Information and Regulatory Affairs in the Office of Management and Budget will review all significant rules. The Office of Information and Regulatory Affairs has determined that this rule is not significant.

Executive Order 13563 reaffirms the principles of E.O. 12866 while calling for improvements in the nation’s regulatory system to promote predictability, to reduce uncertainty, and to use the best, most innovative, and least burdensome tools for achieving regulatory ends. The executive order directs agencies to consider regulatory approaches that reduce burdens and maintain flexibility and freedom of choice for the public where these approaches are relevant, feasible, and consistent with regulatory objectives. E.O. 13563 emphasizes further that regulations must be based on the best available science and that the rulemaking process must allow for public participation and an open exchange of ideas. We have developed this rule in a manner consistent with these requirements.

2. Regulatory Flexibility Act

The Department of the Interior certifies that this document will not have a significant economic effect on a substantial number of small entities under the Regulatory Flexibility Act (5 U.S.C. 601, et seq.). This rule does not impose a requirement for small businesses to report or keep records on any of the requirements contained in this rule. The exemptions to the Privacy Act apply to individuals, and individuals are not covered entities under the Regulatory Flexibility Act.

3. Small Business Regulatory Enforcement Fairness Act (SBREFA)

This rule is not a major rule under 5 U.S.C. 804(2), the Small Business Regulatory Enforcement Fairness Act. This rule:

(a) Does not have an annual effect on the economy of $100 million or more.

(b) Will not cause a major increase in costs or prices for consumers, individual industries, Federal, State, or local government agencies, or geographic regions.

(c) Does not have significant adverse effects on competition, employment, investment, productivity, innovation, or the ability of United States-based enterprises to compete with foreign-based enterprises.

4. Unfunded Mandates Reform Act

This rule does not impose an unfunded mandate on State, local, or tribal governments in the aggregate, or on the private sector, of more than $100 million per year. The rule does not have a significant or unique effect on State, local, or tribal governments or the private sector. This rule makes only minor changes to 43 CFR part 2. A statement containing the information required by the Unfunded Mandates Reform Act (2 U.S.C. 1531 et seq.) is not required.

5. Takings (E.O. 12630)

In accordance with Executive Order 12630, the rule does not have significant takings implications. This rule makes only minor changes to 43 CFR part 2. A takings implication assessment is not required.

6. Federalism (E.O. 13132)

In accordance with Executive Order 13132, this rule does not have any federalism implications to warrant the preparation of a Federalism Assessment. The rule is not associated with, nor will it have substantial direct effects on the States, on the relationship between the national government and the States, or on the distribution of power and responsibilities among the various levels of government. A Federalism Assessment is not required.

7. Civil Justice Reform (E.O. 12988)

This rule complies with the requirements of Executive Order 12988. Specifically, this rule:

(a) Does not unduly burden the judicial system.

(b) Meets the criteria of section 3(a) requiring that all regulations be reviewed to eliminate errors and ambiguity and be written to minimize litigation; and

(c) Meets the criteria of section 3(b)(2) requiring that all regulations be written in clear language and contain clear legal standards.

8. Consultation with Indian Tribes (E.O. 13175)

In accordance with Executive Order 13175, the Department of the Interior has evaluated this rule and determined that it would have no substantial effects on federally recognized Indian Tribes.

9. Paperwork Reduction Act

This rule does not require an information collection from 10 or more parties and a submission under the Paperwork Reduction Act is not required.

10. National Environmental Policy Act

This rule does not constitute a major Federal action and would not have a significant effect on the quality of the human environment. Therefore, this rule does not require the preparation of an environmental assessment or environmental impact statement under the requirements of the National Environmental Policy Act of 1969.

11. Effects on Energy Supply (E.O. 13211)

This rule is not a significant energy action under the definition in Executive Order 13211. A Statement of Energy Effects is not required.

12. Clarity of this Regulation

We are required by Executive Order 12866 and 12988, the Plain Writing Act of 2010 (H.R. 946), and the Presidential Memorandum of June 1, 1998, to write all rules in plain language. This means each rule we publish must:

—Be logically organized;

—Use the active voice to address readers directly;

—Use clear language rather than jargon;

—Be divided into short sections and sentences; and

—Use lists and table wherever possible.

List of Subjects in 43 CFR Part 2 Back to Top

Dated: August 21, 2014.

Rhea Suh,

Assistant Secretary for Policy, Management and Budget.

For the reasons stated in the preamble, the Department of the Interior proposes to amend 43 CFR part 2 as follows:

begin regulatory text

PART 2—FREEDOM OF INFORMATION ACT; RECORDS AND TESTIMONY Back to Top

1.The authority citation for part 2 continues to read as follows:

Authority:

5 U.S.C. 301, 552, 552a, 553; 31 U.S.C. 3717; 43 U.S.C. 1460, 1461.

2.Amend § 2.254 by:

a. Revising the introductory text in paragraph (a);

b. Reserving paragraph (a)(5) and adding paragraph (a)(6);

c. Revising the introductory text in paragraph (b); and

d. Reserving paragraphs (b)(14) and (b)(15) and adding paragraph (b)(16).

end regulatory text

The revisions and additions read as follows:

begin regulatory text

§ 2.254—Exemptions.

(a) Criminal law enforcement records exempt under 5 U.S.C. 552a(j)(2). Pursuant to 5 U.S.C. 552a(j)(2) the following systems of records are exempted from all of the provisions of 5 U.S.C. 552a and the regulations in this subpart except paragraphs (b), (c) (1) and (2), (e)(4) (A) through (F), (e) (6), (7), (9), (10), (11) and (12), and (i) of 5 U.S.C. 552a and the portions of the regulations in this subpart implementing these paragraphs:

* * * * *

(5) [Reserved]

(6) Insider Threat Program, DOI-50.

(b) Law enforcement records exempt under 5 U.S.C. 552a(k)(2). Pursuant to 5 U.S.C. 552a(k)(2), the following systems of records are exempted from paragraphs (c)(3), (d), (e)(1), (e)(4) (G), (H), and (I), and (f) of 5 U.S.C. 552a and the provisions of the regulations in this subpart implementing these paragraphs:

* * * * *

(14) [Reserved]

(15) [Reserved]

(16) Insider Threat Program, DOI-50.

end regulatory text

[FR Doc. 2014-20743 Filed 8-29-14; 8:45 am]

BILLING CODE 4310-RK-P