[Federal Register Volume 64, Number 250 (Thursday, December 30, 1999)]
[Notices]
[Pages 73585-73586]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-33838]
-----------------------------------------------------------------------
DEPARTMENT OF JUSTICE
[AAG/A Order No. 189-99]
Privacy Act of 1974; System of Records
Pursuant to the provisions of the Privacy Act of 1974 (5 U.S.C.
552a), the Department of Justice (DOJ) is establishing a system of
records entitled ``DOJ Computer Systems Activity and Access Records,
DOJ-002.''
Title 5 U.S.C. 552a(e)(4) and (11) provide that the public be given
a 30-day period in which to comment on the new system. The Office of
Management and Budget (OMB), which has oversight responsibility under
the Act, requires a 40-day period in which to review the proposed
system. Therefore, please submit any comments by 40 days from
publication of this notice. The public, OMB, and the Congress are
invited to submit written comments to Mary Cahill, Management and
Planning Staff, Justice Management Division, Washington, DC 20530,
(202) 307-1823.
In accordance with 5 U.S.C. 552a(r), the Department has provided a
report on this system to OMB and the Congress.
Dated: December 17, 1999.
Stephen R. Colgate,
Assistant Attorney General for Administration.
SYSTEM NAME:
Department of Justice (DOJ) Computer Systems Activity and Access
Records, DOJ-002
SYSTEM LOCATION:
Department of Justice offices (and other sites utilized by the
Department of Justice) throughout the world.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who access DOJ network computers or mainframe/
enterprise servers, including individuals who send and receive
electronic communications, access Internet sites, or access system
databases, files, or applications from DOJ computers or sending
electronic communications to DOJ computers; and individuals attempting
to access DOJ computers or systems without authorization.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records in this system of records may include: records on the use
of the interoffice and Internet e-mail systems, including the e-mail
address of the sender and receiver of the e-mail message, subject,
date, and time; records on user access to DOJ's office automation
networks, including user ID, date and time of log on and log off, and
denials of access to unauthorized files or directories; records of
Internet access from a DOJ computer, such as the Internet Protocol (IP)
address of the computer being used to initiate the Internet connection,
the site accessed, date, and time; records relating to mainframe/
enterprise server access, such as user ID of the individual accessing
the mainframe, date and time, and the process being run on the
mainframe; records relating to verification or authorization of an
individual's access to systems, files, or applications, such as user
IDs, passwords, user names, title, and agency.
Logs of Internet access from a DOJ computer do not contain names or
similar personal identifiers. However, for official government business
purposes, a name may be associated with an IP address.
AUTORITY FOR MAINTENANCE OF THE SYSTEM:
The Computer Security Act of 1987, 40 U.S.C. 1441 note, requires
Federal
[[Page 73586]]
Agencies to plan for the security and privacy of their computer
systems.
PURPOSE(S):
the underlying raw data in this system of records is used by DOJ
systems and security personnel, or persons authorized to assist these
personnel, to plan and manage system services and to otherwise perform
their official duties. Authorized DOJ managers may use the records in
this system to investigate improper access or other improper activity
related to computer system access; to initiate disciplinary or other
such action; and/or where the record(s) may appear to indicate a
violation or potential violation of the law, to refer such record(s) to
the appropriate investigative arm of DOJ, or other law enforcement
agency for investigation.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSE OF SUCH USE:
Information maybe made available in accordance with the disclosure
provisions cited below.
1. To members of Congress or staff to respond to inquiries made on
behalf of individual constituents who are record subjects.
2. To representatives of the General Services Administration and/or
the National Archives and Records Administration who are conducting
records management inspections under the authority of 44 U.S.C. 2904
and 2906.
3. To the news media and the public pursuant to 28 CFR 50.2 unless
it is determined that the release of the specific information in the
context of a particular case would constitute an unwarranted invasion
of personal privacy.
4. To a Federal, state, local, tribal or foreign agency, or a
private contractor, in connection with: the hiring or retention of any
employee; the issuance of a security clearance; the conduct of a
security or suitability investigation or pursuit of other appropriate
personnel matter; the reporting of an investigation on an employee; the
letting of a contract; or the issuance of a grant, license, or other
benefit to an employee by the agency, but only to the extent that the
information disclosed is relevant and necessary to the agency's
decision on the matter.
5. To provide information to any person(s) authorized to assist in
an approved investigation of improper usage of DOJ computer systems.
6. To an actual or potential party or his or her authorized
representative for the purpose of negotiation or discussion on such
matters as settlement of the case or matter, or informal discovery
proceedings.
7. In the event that material in this system of records appears to
indicate, either on its face or in conjunction with other information,
a violation or potential violation of law, whether civil, criminal, or
regulatory in nature, and whether arising by general statute, or by
regulation, rule, or order issued pursuant thereto, to a Federal, State
local tribal, or foreign unit of government charged with the
responsibility therefor.
8. In a proceeding before a court or adjudicative body, when any of
the following is a party to litigation or has an interest in litigation
and such records are determined by the DOJ to be arguably relevant to
the litigation: the DOJ; any employee of the DOJ in his or her official
capacity; or any employee of the DOJ in his or her individual capacity
where the DOJ has agreed to represent or has authorized private
attorneys to represent the employees; or, the United States, where the
DOJ determines that the litigation is likely to affect it or any of its
subdivisions.
9. To contractors, grantees, experts, consultants, detailees, and
other non-DOJ employees performing or working on a contract, service,
grant, cooperative agreement, or other assignment for the Federal
government, when necessary to accomplish an agency function related to
this system of records.
10. To other government agencies where required by law.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE:
Records are stored in electronic and/or paper form.
RETRIEVABILITY:
Records may be retrieved by user name, user ID, e-mail address, or
other identifying search term employed, depending on the record
category. The Department does not usually connect IP addresses with a
person. However, in some instances, for official government business
purposes, the Department may connect the IP address with an individual,
and records may be retrieved by IP address.
SAFEGUARDS:
Access is limited to those who have an official need to know.
Specifically, only systems and security personnel or persons authorized
to assist these personnel have access to automated records and magnetic
storage media. These records are kept in a locked room with controlled
entry. The use of password protection identification features and other
automated data processing system protection methods also restrict
access. All records are located in buildings with restricted access.
RETENTION AND DISPOSAL:
Records of verification, authorization, computer system access, and
other activities generated by the system shall be retained no longer
than one year, unless required for management review, then destroyed/
deleted. (Records retention schedule pending approval by the Archivist
of the United States.)
SYSTEM MANAGER:
Deputy Assistant Attorney General, Information Resources
Management, Justice Management Division, Department of Justice,
Washington, DC 20530.
NOTIFICATION PROCEDURE:
To determine whether the system may contain records relating to
you, write to the System Manager identified above.
RECORD ACCESS PROCEDURES:
Same as ``Notification Procedure'' above. Provide name, assigned
computer location, and a description of information being sought,
including the time frame during which the record(s) may have been
generated. Provide verification of identity as instructed in 28 CFR,
Sec. 16.41(d).
CONTESTING RECORD PROCEDURES:
See ``Notification Procedure'' and ``Record Access Procedure''
above. Identify the information being contested, the reason for
contesting it, and the correction requested. In general, this
information is computer-generated and is not subject to contest.
RECORD SOURCE CATEGORIES:
Most records are generated internally, i.e., computer activity
logs; individuals covered by the system; and management officials.
SYSTEMS EXEMPTED FROM CERTAIN PROVISIONS OF THE ACT:
None.
[FR Doc. 99-33838 Filed 12-29-99; 8:45 am]
BILLING CODE 4410-OJ-M
