SUPPLEMENTARY INFORMATION:

On January 9, 2009, DOE published a Compilation of its Privacy Act Systems of Records, which included System of Records DOE-31 Firearms Qualifications Records. This notice proposes the following amendments: National Nuclear Security Administration (NNSA) Headquarters has been added as a system location. The following addresses have been removed as system locations: NNSA Naval Reactors Field Office in Schenectady, New York; NNSA Nevada Site Office in Las Vegas, Nevada; Nonproliferation and National Security Institute in Albuquerque, New Mexico; Argonne National Laboratory-West in Idaho Falls, Idaho; Brookhaven National Laboratory in Upton, New York; and Amarillo Site Office in Amarillo, Texas. The following addresses have been updated: NNSA John A. Gordon Albuquerque Complex, NNSA Los Alamos Site Office, Office of River Protection, Richland Operations Office, and both Office of Science locations. In the “Routine Uses” section, this modified notice deletes a previous routine use concerning efforts responding to a suspected or confirmed loss of confidentiality of information as it appears in DOE's compilation of its Privacy Act Systems of Records (January 9, 2009) and replaces it with one to assist DOE with responding to a suspected or confirmed breach of its records of Personally Identifiable Information (PII), modeled with language from OMB's Memorandum M-17-12, “Preparing for and Responding to a Breach of Personally Identifiable Information” (January 3, 2017). Further, this notice adds one new routine use to ensure that DOE may assist another agency or entity in responding to the other agency's or entity's confirmed or suspected breach of PII, as appropriate, as aligned with OMB's Memorandum M-17-12. This notice deletes a duplicative routine use about sharing the records to a Federal, state, or local agency in order to obtain information relevant to a Departmental decision concerning the hiring or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant or other benefit. This routine use continues to be recognized, singularly, as routine use number two. An administrative change required by the FOIA Improvement Act of 2016 extends the length of time a requestor is permitted to file an appeal under the Privacy Act from 30 to 90 days. Both the “System Locations” and “Administrative, Technical and Physical Safeguards” sections have been modified to reflect the Department's usage of cloud-based services for records storage. Language throughout the SORN has been updated to align with applicable Federal privacy laws, policies, procedures, and best practices.

SYSTEM NAME AND NUMBER:

DOE-31 Firearms Qualification Records.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATIONS:

Systems leveraging this SORN may exist in multiple locations. All systems storing records in a cloud-based server are required to use government-approved cloud services and follow National Institute of Standards and Technology (NIST) security and privacy standards for access and data retention. Records maintained in a government-approved cloud server are accessed through secure data centers in the continental United States.

U.S. Department of Energy, Headquarters, 1000 Independence Avenue SW, Washington, DC 20585. ( print page 104138)

U.S. Department of Energy, NNSA Headquarters, 1000 Independence Avenue SW, Washington, DC 20585.

U.S. Department of Energy, John A. Gordon Albuquerque Complex, 24600 20th Street SE, Albuquerque, NM 87116.

U.S. Department of Energy, NNSA Naval Reactors Field Office, Pittsburgh Naval Reactors, P.O. Box 109, Wet Mifflin, PA 15122-0109.

U.S. Department of Energy, Kansas City Site Office, P.O. Box 410202, 2000 E 95th Street, Kansas City, MO 64141-3202.

U.S. Department of Energy, NNSA Los Alamos Site Office, 2900 E Road, Los Alamos, NM 87544.

U.S. Department of Energy, NNSA Sandia Site Office, 1515 Eubank Blvd. SE, Albuquerque, NM 87123.

U.S. Department of Energy, Office of Science, Chicago Office, Consolidated Service Center, 9800 South Cass Avenue, Lemont, IL 60439.

U.S. Department of Energy, Office of Science, Consolidated Service Center, P.O. Box 2001, Oak Ridge, TN 37831.

U.S. Department of Energy, Idaho Operations Office, 1955 Fremont Avenue, Idaho Falls, ID 83415.

U.S. Department of Energy, Hanford Field Office, P.O. Box 550, Richland, WA 99352.

U.S. Department of Energy, Savannah River Operations Office, P.O. Box A, Aiken, SC 29801.

SYSTEM MANAGER(S):

Headquarters: Director, Office of Security Operations, U.S. Department of Energy, 1000 Independence Avenue SW, Washington, DC 20585.

Field Offices: The Security Directors of the “System Locations” listed above are the system managers for their respective portions of this system.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

42 U.S.C. 7101 et seq.;50 U.S.C. 2401 et seq.

PURPOSE(S) OF THE SYSTEM:

Records in this system are maintained to document DOE protective force firearms programs information and training.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

DOE, including NNSA, Federal and contractor employees who are required to conduct or to maintain firearms qualification, training, and proficiency activities in the performance of their regular duties.

CATEGORIES OF RECORDS IN THE SYSTEM:

Records of an individual's annual qualification scores, approvals of arming authority and issue of Security Police Officer and Federal Officer Credentials and other firearms accountability and maintenance records.

RECORD SOURCE CATEGORIES:

Arming and arrest credential notifications and firearm qualifications results from individuals and training personnel.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

1. A record from this system may be disclosed as a routine use to the appropriate local, tribal, state, or Federal agency when records, alone or in conjunction with other information, which indicates a violation or potential violation of law whether civil, criminal, or regulatory in nature, and whether arising by general statute or particular program pursuant thereto.

2. A record from this system may be disclosed as a routine use to a Federal, state, tribal, or local agency to facilitate the requesting agency's decision concerning the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit, to the extent that the information is relevant and necessary to the requesting agency's decision on the matter. The Department must deem such disclosure to be compatible with the purpose for which the Department collected the information.

3. A record from this system may be disclosed as a routine use for the purpose of an investigation, settlement of claims, or the preparation and conduct of litigation to (1) persons representing the Department in the investigation, settlement or litigation, and to individuals assisting in such representation; (2) others involved in the investigation, settlement, and litigation, and their representatives and individuals assisting those representatives; (3) witnesses, potential witnesses, or their representatives and assistants; and (4) any other persons who possess information pertaining to the matter when it is relevant and necessary to obtain information or testimony relevant to the matter.

4. A record from this system may be disclosed as a routine use in court or administrative proceedings to the tribunals, counsel, other parties, witnesses, and the public (in publicly available pleadings, filings, or discussion in open court) when such disclosure: (1) is relevant to, and necessary for, the proceeding; (2) compatible with the purpose for which the Department collected the records; and (3) the proceedings involve:

a. The Department, its predecessor agencies, current or former contractor of the Department, or other United States Government agencies and their components, or

b. A current or former employee of the Department and its predecessor agencies, current or former contractors of the Department, or other United States Government agencies and their components, who is acting in an official capacity or in any individual capacity where the Department or other United States Government agency has agreed to represent the employee.

5. A record from this system may be disclosed as a routine use to DOE contractors in performance of their contracts, and their officers and employees who have a need for the record in the performance of their duties. Those provided information under this routine use are subject to the same limitations applicable to Department officers and employees under the Privacy Act.

6. A record from this system may be disclosed as a routine use to a member of Congress submitting a request involving a constituent when the constituent has requested assistance from the member concerning the subject matter of the record. The member of Congress must provide a copy of the constituent's signed request for assistance.

7. A record from this system may be disclosed to training, administrative, and operations personnel of local law enforcement agencies in the performance of their regular duties in order to process and to maintain documentation for protective force personnel who have been commissioned as reserve officers or deputies.

8. A record from this system may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) the Department suspects or has confirmed that there has been a breach of the system of records; (2) the Department has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, DOE (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

9. A record from this system may be disclosed as a routine use to another Federal agency or Federal entity, when ( print page 104139) the Department determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records may be stored as paper records or electronic media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records are retrieved by name.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Retention and disposition of these records is in accordance with the National Archives and Records Administration-approved records disposition schedule with a retention of 250 years.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Electronic records may be secured and maintained on a cloud-based software server and operating system that resides in Federal Risk and Authorization Management Program (FedRAMP) and Federal Information Security Modernization Act (FISMA) hosting environment. Data located in the cloud-based server is firewalled and encrypted at rest and in transit. The security mechanisms for handling data at rest and in transit are in accordance with DOE encryption standards. Records are protected from unauthorized access through the following appropriate safeguards:

• Administrative: Access to all records is limited to lawful government purposes only, with access to electronic records based on role and either two-factor authentication or password protection. The system requires passwords to be complex and to be changed frequently. Users accessing system records undergo frequent training in Privacy Act and information security requirements. Security and privacy controls are reviewed on an ongoing basis.
• Technical: Computerized records systems are safeguarded on Departmental networks configured for role-based access based on job responsibilities and organizational affiliation. Privacy and security controls are in place for this system and are updated in accordance with applicable requirements as determined by NIST and DOE directives and guidance.
• Physical: Computer servers on which electronic records are stored are located in secured Department facilities, which are protected by security guards, identification badges, and cameras. Paper copies of all records are locked in file cabinets, file rooms, or offices and are under the control of authorized personnel. Access to these facilities is granted only to authorized personnel and each person granted access to the system must be an individual authorized to use or administer the system.

RECORD ACCESS PROCEDURES:

The Department follows the procedures outlined in title 10 CFR 1008.4. Valid identification of the individual making the request is required before information will be processed, given, access granted, or a correction considered, to ensure that information is processed, given, corrected, or records disclosed or corrected only at the request of the proper person.

CONTESTING RECORD PROCEDURES:

Any individual may submit a request to the System Manager and request a copy of any records relating to them. In accordance with 10 CFR 1008.11, any individual may appeal the denial of a request made by him or her for information about or for access to or correction or amendment of records. An appeal shall be filed within 90 calendar days after receipt of the denial. When an appeal is filed by mail, the postmark is conclusive as to timeliness. The appeal shall be in writing and must be signed by the individual. The words “PRIVACY ACT APPEAL” should appear in capital letters on the envelope and the letter. Appeals relating to DOE records shall be directed to the Director, Office of Hearings and Appeals (OHA), 1000 Independence Avenue SW, Washington, DC 20585.

NOTIFICATION PROCEDURES:

In accordance with the DOE regulation implementing the Privacy Act, 10 CFR part 1008, a request by an individual to determine if a system of records contains information about themselves should be directed to the U.S. Department of Energy, Headquarters, Privacy Act Officer. The request should include the requester's complete name and the time period for which records are sought.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

This SORN was last published in the Federal Register ,74 FR 1030-1032, on January 9, 2009.

Signing Authority

This document of the Department of Energy was signed on December 13, 2024, by Ann Dunkin, Senior Agency Official for Privacy, pursuant to delegated authority from the Secretary of Energy. That document with the original signature and date is maintained by DOE. For administrative purposes only, and in compliance with requirements of the Office of the Federal Register, the undersigned DOE Federal Register Liaison Officer has been authorized to sign and submit the document in electronic format for publication, as an official document of the Department of Energy. This administrative process in no way alters the legal effect of this document upon publication in the Federal Register .