AGENCY:

Office of the Secretary, Interior.

ACTION:

Notice of a modified system of records.

SUMMARY:

Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of the Interior proposes to modify the Department of the Interior “DOI-16, DOI LEARN (Department-wide Learning Management System)” system of records notice. This system of Start Printed Page 50683records helps the Department of the Interior maintain and validate training records, manage class rosters and transcripts, meet Federal mandatory training and statistical reporting requirements, and manage other functions related to training and educational programs. This modified system will be included in the Department of the Interior's inventory of record systems.

DATES:

This modified system will be effective upon publication. New or modified routine uses will be effective November 8, 2018. Submit comments on or before November 8, 2018.

ADDRESSES:

You may submit comments, identified by docket number DOI-2018-0008, by any of the following methods:

• Federal e-Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.
• Mail: Teri Barnett, Departmental Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, Room 7112, Washington, DC 20240.
• Hand-delivering comments to Teri Barnett, Departmental Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, Room 7112, Washington, DC 20240.
• Email: DOI_Privacy@ios.doi.gov.

All submissions received must include the agency name and docket number. All comments received will be posted without change to http://www.regulations.gov,, including any personal information provided.

FOR FURTHER INFORMATION CONTACT:

Teri Barnett, Departmental Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, Room 7112, Washington, DC 20240, email at DOI_Privacy@ios.doi.gov or by telephone at (202) 208-1605.

SUPPLEMENTARY INFORMATION:

I. Background

The Department of the Interior (DOI), Office of the Secretary maintains the DOI-16, DOI LEARN, system of records to manage Department-wide, bureau and office training and learning programs. This system of record helps DOI maintain and validate training records, manage class rosters and transcripts for course administrators and the student or learner, meet Federal mandatory training and statistical reporting requirements, and manage other programmatic functions related to training and educational programs. DOI collects personal information from students in order to communicate training opportunities, manage course registration and delivery, validate training records necessary for certification or granting of college credit, process billing information for training classes, and to meet Federal training reporting requirements. Information may also be collected to comply with the Americans with Disabilities Act requirements to address facilities accommodations. Training and learning records are maintained in DOI's web-based learning management system, and bureau and office systems and locations where training programs are managed.

DOI is revising the system of records notice to update the system name, system location, system manager and address, categories of individuals, categories of records, storage, retrievability, safeguards, retention and disposal, notification procedures, records access and contesting procedures, and records source categories; reorganize the sections and add new sections to describe the purpose of the system and history in accordance with Office of Management and Budget (OMB) Circular A-108; and provide general and administrative updates to the remaining sections. Additionally, DOI is modifying existing routine uses to provide clarity and transparency, and proposing to add new proposed routine uses to permit sharing of information with other agencies to respond to breaches of personally identifiable information. Routine uses D, E, H, I, and J have been modified to provide additional clarification on external organizations and circumstances where disclosures are proper and necessary to facilitate training functions or to comply with Federal requirements. Routine use G was modified to further clarify disclosures to the Department of Justice or other Federal agencies when necessary in relation to litigation or judicial proceedings.

DOI is proposing to add new routine uses K through S to facilitate sharing of information with agencies and organizations to ensure the efficient and effective management of training for employees, promote the integrity of the records in the system, or carry out a statutory responsibility of the DOI or the Federal Government. Proposed routine use K facilitates sharing of information with the Executive Office of the President to resolve issues concerning individual's records. Routine use L allows DOI to refer matters to the appropriate Federal, state, local, or foreign agencies, or other public authority agencies responsible for investigating or prosecuting violations of law. Routine use M facilitates sharing with other government and tribal organizations pursuant to a court order or discovery request. Modified routine use N and proposed routine use O allow DOI to share information with appropriate Federal agencies or entities when reasonably necessary to respond to a breach of personally identifiable information and to prevent, minimize, or remedy the risk of harm to individuals or the Federal Government, or assist an agency in locating individuals affected by a breach in accordance with OMB Memorandum M-17-12, “Preparing for and Responding to a Breach of Personally Identifiable Information.” Routine use P facilitates sharing of privacy information with OMB as required under OMB Circular A-19, “Legislative Coordination and Clearance.” Routine use Q allows DOI to share information with the Department of the Treasury to recover debts owed to the United States. Routine use R allows DOI to disclose information to the news media and the public when there is a legitimate public interest in the information, or to demonstrate accountability or ensure effective Government functions. Routine use S allows DOI to share information with the Office of Personnel Management to maintain integrity of employee training records and provide training reports to meet Federal training requirements.

II. Privacy Act

The Privacy Act of 1974, as amended, embodies fair information practice principles in a statutory framework governing the means by which Federal agencies collect, maintain, use, and disseminate individuals' records. The Privacy Act applies to records about individuals that are maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. The Privacy Act defines an individual as a United States citizen or an alien lawfully admitted for permanent residence. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of DOI by complying with DOI Privacy Act regulations at 43 CFR part 2, subpart K, and following the procedures outlined in the Records Access, Contesting Record, and Notification Procedures sections of this notice.

The Privacy Act requires each agency to publish in the Federal Register a description denoting the existence and character of each system of records that the agency maintains and the routine uses of each system. The revised DOI Start Printed Page 50684learning management system of records notice is published in its entirety below. In accordance with 5 U.S.C. 552a(r), DOI has provided a report of this system of records to the Office of Management and Budget and to Congress.

III. Public Participation

You should be aware your entire comment including your personal identifying information, such as your address, phone number, email address, or any other personal identifying information in your comment, may be made publicly available at any time. While you may request to withhold your personal identifying information from public review, we cannot guarantee we will be able to do so.

SYSTEM NAME AND NUMBER:

INTERIOR/DOI-16, Learning Management System.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

(1) Department-wide training records are centrally managed by the Office of Policy, Management and Budget, Chief Human Capital Office, and are maintained in the Department's learning management system located at a DOI-controlled datacenter at U.S. Department of the Interior, 7301 W Mansfield Avenue, Denver, CO 80235.

(2) Records are also located in DOI bureau and office facilities, systems, and portals that manage or sponsor training and educational programs.

SYSTEM MANAGER(S):

(1) Chief Learning Officer, Office of the Secretary, Department of the Interior, Main Interior Building, 1849 C Street NW, Washington, DC 20240.

(2) Bureau and Office Learning Managers responsible for managing training, educational and learning programs. A current list of the Learning Managers and their addresses is available on the DOI Learn Bureau Contact website at https://www.doi.gov/​doilearn/​datastewards/​.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. 4101, et seq., Government Organization and Employee Training; 5 U.S.C. 1302, 2951, 4118, 4506, 3101; 43 U.S.C. 1457; Title VI of the Civil Rights Act of 1964 as amended (42 U.S.C. 2000d); Executive Order 11348, Providing for Further Training of Government Employees, as amended by Executive Order 12107, Relating to Civil Service Commission and Labor Management in Federal Service; 5 CFR 410, Subpart C, Establishing and Implementing Training Programs; Americans with Disabilities Act (42 U.S.C. 12101); and the E-Government Act of 2002 (44 U.S.C. 3501, et seq.).

PURPOSE(S) OF THE SYSTEM:

The primary purposes of the system are to: (1) Manage training and learning programs; (2) plan and facilitate training courses including outreach, registration, enrollment and payment; (3) maintain and validate training records for certification and mandatory compliance reporting; (4) meet Federal training statistical reporting requirements; (5) maintain class rosters and transcripts for course administrators, students and learners; and (6) generate budget estimates for training requirements.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

DOI employees, contractors, interns, emergency workers, volunteers and appointees who receive training related to their official duties, whether or not sponsored by DOI bureaus and offices. Non-DOI individuals who participate in DOI-sponsored training and educational programs, or participate in DOI-sponsored meetings and activities related to training and educational programs. Non-DOI individuals may include individuals from other Federal, state or local agencies, private or not-for-profit organizations, universities and other schools, and members of the public.

CATEGORIES OF RECORDS IN THE SYSTEM:

Training, educational and learning management records may include course registration, attendance rosters, and course information including course title, class name, objectives, description, and who should attend; class status information including begin and end dates, responsible class instructor, completion status and certification requirements; student transcripts (course(s) completed/not completed, test scores, acquired skills); and correspondence, reports and documentation related to training, education and learning management programs. These records may contain: Name, Social Security number, employee common identifier generated from the DOI Federal Personnel and Payroll System (FPPS), login username, password, agency or organization affiliation, work or personal address, work or personal phone and fax number, work or personal email address, gender, date of birth, organization code, position title, occupational series, pay plan, grade level, supervisory status, type of appointment, education level, duty station code, agency, bureau, office, organization, supervisor's name and phone number, date of Federal service, date of organization or position assignment, date of last promotion, occupational category, race, national origin, and adjusted basic pay. Records may also include billing information such as responsible agency, tax identifier number, DUNS number, purchase order numbers, agency location codes and credit card information. Records maintained on non-DOI individuals is generally limited to name, agency or organization affiliation, address, work and personal phone and fax numbers, work and personal email addresses, supervisor name and contact information, position title, occupational series, and billing information.

RECORD SOURCE CATEGORIES:

Information on DOI employees is obtained directly from individuals on whom the records are maintained, supervisors, or existing DOI records. Historical employee training records may be obtained from other DOI learning management systems. Information from non-DOI individuals who register or participate in DOI-sponsored training programs is obtained from individuals through paper and electronic forms. Information may also be obtained by another agency, institution or organization that sponsored the training event.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DOI as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To release statistical information and training reports to other organizations who are involved with the training.

B. To disclose information to other Government training facilities (Federal, state, and local) and to non-Government training facilities (private vendors of training courses or programs, private schools, etc.) for training purposes.

C. To provide transcript information to education institutions upon the student's request in order to facilitate transfer of credit to that institution, and to provide college and university officials with information about their students working in the Pathways Start Printed Page 50685Program, Volunteer Service, or other similar programs necessary to a student's obtaining credit for the experience.

D. To Federal, state, territorial, local, tribal, or foreign agencies that have requested information relevant or necessary to the hiring, firing or retention of an employee or contractor, or the issuance of a security clearance, license, contract, grant or other benefit, when the disclosure is compatible with the purpose for which the records were compiled.

E. To an expert, consultant, grantee, or contractor (including employees of the contractor) of DOI that performs services requiring access to these records on DOI's behalf to carry out the purposes of the system.

F. To share logistical or attendance information with partner agencies (Government or non-Government) who, based on cooperative training agreements, have a need to know.

G. To the Department of Justice (DOJ), including Offices of the U.S. Attorneys, or other Federal agency conducting litigation or in proceedings before any court, adjudicative, or administrative body, when it is relevant or necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:

(1) DOI or any component of DOI;

(2) Any other Federal agency appearing before the Office of Hearings and Appeals;

(3) Any DOI employee or former employee acting in his or her official capacity;

(4) Any DOI employee or former employee acting in his or her individual capacity when DOI or DOJ has agreed to represent that employee or pay for private representation of the employee; or

(5) The United States Government or any agency thereof, when DOJ determines that DOI is likely to be affected by the proceeding.

H. To a congressional office when requesting information on behalf of, and at the request of, the individual who is the subject of the record.

I. To an official of another Federal, state or local government or Tribal organization to provide information needed in the performance of official duties related to reconciling or reconstructing data files, in support of the functions for which the records were collected and maintained, or to enable that agency to respond to an inquiry by the individual to whom the record pertains.

J. To representatives of the National Archives and Records Administration (NARA) to conduct records management inspections under the authority of 44 U.S.C. 2904 and 2906.

K. To the Executive Office of the President in response to an inquiry from that office made at the request of the subject of a record or a third party on that person's behalf, or for a purpose compatible with the reason for which the records are collected or maintained.

L. To any criminal, civil, or regulatory law enforcement authority (whether Federal, state, territorial, local, tribal or foreign) when a record, either alone or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil, or regulatory in nature, and the disclosure is compatible with the purpose for which the records were compiled.

M. To state, territorial and local governments and tribal organizations to provide information needed in response to court order and/or discovery purposes related to litigation, when the disclosure is compatible with the purpose for which the records were compiled.

N. To appropriate agencies, entities, and persons when:

(1) DOI suspects or has confirmed that there has been a breach of the system of records;

(2) DOI has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, DOI (including its information systems, programs, and operations), the Federal Government, or national security; and

(3) the disclosure made to such agencies, entities and persons is reasonably necessary to assist in connection with DOI's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

O. To another Federal agency or Federal entity, when DOI determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in:

(1) responding to a suspected or confirmed breach; or

(2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

P. To the Office of Management and Budget (OMB) during the coordination and clearance process in connection with legislative affairs as mandated by OMB Circular A-19.

Q. To the Department of the Treasury to recover debts owed to the United States.

R. To the news media and the public, with the approval of the Public Affairs Officer in consultation with counsel and the Senior Agency Official for Privacy, where there exists a legitimate public interest in the disclosure of the information, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.

S. To the Office of Personnel Management to disclose information on employee general training, including recommendations and completion, specialized training obtained, participation in government-sponsored training, or training history as required to provide workforce information for official personnel files.

DISCLOSURE TO CONSUMER REPORTING AGENCIES:

Pursuant to 5 U.S.C. 552a(b)(12), records may be disclosed to consumer reporting agencies as they are defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)).

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are stored in systems, databases, electronic media on hard disks, magnetic tapes, compact disks and paper media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Information from this system is retrieved by either unique identifying fields (e.g., student name or email address) or by general category (e.g., course code, training location, class start date, registration date, affiliation, mandatory training compliance and payment status).

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

DOI training records are maintained under Department Records Schedule (DRS)—1.2.0004, Short-Term Human Resources Records (DAA-0048-2013-0001-0004) and DRS -1.2.0005, Long-term Human Resources Records (DAA-0048-2013-0001-0005), which were approved by NARA. General employee training records and working files have a temporary disposition authority and are maintained for three years. Records will be cut off at the end of fiscal year in which files are closed, and the records will be destroyed 3 years after cut-off. Employee performance and competency management records maintained under DRS 1.2.0005 have a longer retention period. The records Start Printed Page 50686disposition is temporary, and records will be cut off at the end of the fiscal year in which the record is created. Contractor data will be cut off when the contractor separates or is no longer employed by the agency. Records must be retained 7 years after cut-off.

Training records related to specialized program areas may be covered under other approved records retention schedules based on the program or mission area and agency needs. Retention periods may vary based on the training program or subject matter, and longer retention is authorized for specific training programs when it is necessary to support business use or to meet Federal records requirements. Approved destruction methods for temporary records that have met their retention period include shredding or pulping paper records, and erasing or degaussing electronic records in accordance with 384 Departmental Manual 1 and NARA guidelines.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

The records maintained in this system are safeguarded in accordance with 43 CFR 2.226 and other applicable security rules and policies. During normal hours of operation, paper or micro format records are maintained in locked file cabinets in secured rooms under the control of authorized personnel. Information technology systems follow the National Institute of Standards and Technology privacy and security standards developed to comply with the Privacy Act of 1974 as amended, 5 U.S.C. 552a; the Paperwork Reduction Act of 1995, Public Law 104-13; the Federal Information Security Modernization Act of 2014, Public Law 113-283, as codified at 44 U.S.C. 3551, et seq.; and the Federal Information Processing Standard 199, Standards for Security Categorization of Federal Information and Information Systems.

Computer servers on which electronic records are stored are located in secured DOI facilities with physical, technical and administrative levels of security to prevent unauthorized access to the DOI network and information assets. Security controls include encryption, firewalls, audit logs, and network system security monitoring. Electronic data is protected through user identification, passwords, database permissions and software controls. Access to records in the system is limited to authorized personnel who have a need to access the records in the performance of their official duties, and each person's access is restricted to only the functions and data necessary to perform that person's job responsibilities. System administrators and authorized users for DOI are trained and required to follow established internal security protocols and must complete all security, privacy, and records management training, and sign DOI Rules of Behavior.

Computerized records systems follow the National Institute of Standards and Technology privacy and security standards as developed to comply with the Privacy Act of 1974, 5 U.S.C. 552a; Paperwork Reduction Act of 1995, 44 U.S.C. 3501-3521; Federal Information Security Modernization Act of 2014, 44 U.S.C. 3551-3558; and the Federal Information Processing Standards 199: Standards for Security Categorization of Federal Information and Information Systems. Security controls include user identification, passwords, database permissions, encryption, firewalls, audit logs, and network system security monitoring, and software controls. A privacy impact assessment was conducted on DOI's learning management system to ensure that Privacy Act requirements are met and appropriate privacy controls were implemented to safeguard personally identifiable information.

RECORD ACCESS PROCEDURES:

An individual requesting records on himself or herself should send a signed, written inquiry to the System Manager as identified above. The request must include the specific bureau or office that maintains the record to facilitate location of the applicable records. The request envelope and letter should both be clearly marked “PRIVACY ACT REQUEST FOR ACCESS.” A request for access must meet the requirements of 43 CFR 2.238.

CONTESTING RECORD PROCEDURES:

An individual requesting corrections or the removal of material from his or her records should send a signed, written request to the System Manager as identified above. The request must include the specific bureau or office that maintains the record to facilitate location of the applicable records. A request for corrections or removal must meet the requirements of 43 CFR 2.246.

NOTIFICATION PROCEDURES:

An individual requesting notification of the existence of records on himself or herself should send a signed, written inquiry to the System Manager as identified above. The request must include the specific bureau or office that maintains the record to facilitate location of the applicable records. The request envelope and letter should both be clearly marked “PRIVACY ACT INQUIRY.” A request for notification must meet the requirements of 43 CFR 2.235.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

70 FR 58230 (October 5, 2005); modification published at 73 FR 8342 (February 13, 2008).