07-886. Implementation of Privacy Act of 1974  

  • Start Preamble Start Printed Page 8879

    AGENCY:

    U.S. Nuclear Waste Technical Review Board.

    ACTION:

    Final rule.

    SUMMARY:

    This document institutes the U.S. Nuclear Waste Technical Review Board's (Board) final rule implementing a set of procedural regulations under the Privacy Act of 1974, Public Law 93-579, 5 U.S.C. 552a. These regulations have been written to conform to the statutory provisions of the Act. They are intended to expedite the processing of Privacy Act requests received by the Board and to ensure the proper dissemination of information to the public.

    DATES:

    Effective February 28, 2007.

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Victoria Reich, 703-235-4473

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    The proposed rule was published in the November 22, 2006 Federal Register for a public comment period to end on January 22, 2007. Copies of the proposed rule also were posted on the Board's Web site and on the Federal Rulemaking Portal. This rule sets forth the procedures to be used by members of the public when requesting records from the Board under the Privacy Act of 1974. It also establishes time frames for responses from the Board, a fee schedule for copying records, and charges for obtaining information, when applicable. No comments were received on the proposed rule.

    Executive order 12866

    The proposed regulation does not meet the criteria for a significant regulatory action under Executive order 12866. Therefore, review by the Office of Management and Budget is not required.

    Regulatory Flexibility Act

    The proposed rule adds Privacy Act regulations to 10 CFR part 1304 and will not have a significant economic impact on a substantial number of small entities.

    Paperwork Reduction Act

    The rule is exempt from the requirements of the Paperwork Reduction Act.

    Start List of Subjects

    List of Subjects in 10 CFR Part 1304

    • Administrative practice and procedure
    • Privacy
    • Reporting and recordkeeping requirements
    End List of Subjects Start Amendment Part

    Therefore, the Board adds part 1304 to Chapter XIII, Title 10 of the Code of Federal Regulations to read as follows:

    End Amendment Part Start Part

    PART 1304—PRIVACY ACT OF 1974

    1304.101
    Purpose and scope.
    1304.102
    Definitions.
    1304.103
    Privacy Act inquiries.
    1304.104
    Privacy Act records maintained by the Board.
    1304.105
    Requests for access to records.
    1304.106
    Processing of requests.
    1304.107
    Fees.
    1304.108
    Appealing denials of access.
    1304.109
    Requests for correction of records.
    1304.110
    Disclosure of records to third parties.
    1304.111
    Maintaining records of disclosures.
    1304.112
    Notification of systems of Privacy Act records.
    1304.113
    Privacy Act training.
    1304.114
    Responsibility for maintaining adequate safeguards.
    1304.115
    Systems of records covered by exemptions.
    1304.116
    Mailing lists.
    Start Authority

    Authority: 5 U.S.C. 552a(f).

    End Authority

    Source: 56 FR 47144, Sept. 18, 1991, unless otherwise noted.

    Purpose and Scope.

    This part sets forth the policies and procedures of the U.S. Nuclear Waste Technical Review Board (Board) regarding access to systems of records maintained by the Board under the Privacy Act of 1974, Public Law 93-579, 5 U.S.C. 552a. The provisions in the Act shall take precedence over any part of the Board's regulations in conflict with the Act. These regulations establish procedures by which an individual may exercise the rights granted by the Privacy Act to determine whether a Board system contains a record pertaining to him or her; to gain access to such records; and to request correction or amendment of such records. These regulations also set identification requirements and prescribe fees to be charged for copying records.

    Definitions.

    The terms used in these regulations are defined in the Privacy Act of 1974, 5 U.S.C. 552a. In addition, as used in this part:

    (a) Agency means any executive department, military department, government corporation, or other establishment in this executive branch of the Federal Government, including the Executive Office of the President or any independent regulatory agency;

    (b) Individual means any citizen of the United States or an alien lawfully admitted for permanent residence;

    (c) Maintain means to collect, use, store, or disseminate records as well as any combination of these recordkeeping functions. The term also includes exercise of control over, and therefore responsibility and accountability for, systems of records;

    (d) Record means any item, collection, or grouping of information about an individual that is maintained by the Board and contains the individual's name or other identifying information, such as a number or symbol assigned to the individual or his or her fingerprint, voice print, or photograph. The term includes, but is not limited to, information regarding an individual's education, financial transactions, medical history, and criminal or employment history;

    (e) System of records means a group of records under the control of the Board from which information is retrievable by use of the name of the individual or by some number, symbol, or other identifying particular assigned to the individual;

    (f) Routine use means, with respect to the disclosure of a record, the use of a record for a purpose that is compatible with the purpose for which it was collected;

    (g) Designated Privacy Act Officer means the person named by the board to administer the Board's activities in regard to the regulations in this part. The Privacy Act Officer also shall be the following:Start Printed Page 8880

    (1) The Board officer having custody of, or responsibility for, agency records in the possession of the Board.

    (2) The Board officer having responsibility for authorizing or denying production of records from requests filed under the Privacy Act.

    (h) Executive Director means the chief operating officer of the Board;

    (i) Member means an individual appointed to serve on the Board by the President of the United States;

    (j) Days means standard working days, excluding weekends and federal holidays; and

    (k) Act refers to the Privacy Act of 1974.

    Privacy Act inquiries.

    (a) Requests regarding the contents of record systems. Any person wanting to know whether the Board's systems of records contains a record pertaining to him or her may file a request in person or in writing, via the internet, or by telephone.

    (b) Requests in persons may be submitted at the Board's headquarters located at 2300 Clarendon Blvd., Suite 1300; Arlington, VA. Requests should be marked “Privacy Act Request” on each page of the request and on the front of the envelope and directed to the Privacy Act Officer.

    (c) Requests in writing may be sent to: Privacy Act Officer, U.S. Nuclear Waste Technical Review Board, 2300 Clarendon Blvd., Suite 1300, Arlington, VA 22201. “Privacy Act Request” should be written on the envelope and each page of the request.

    (d) Requests via the internet may be made on the Board's Web site at www.nwtrb.gov,, using the “Contact NWTRB” icon on the bottom of the Home page. The words “Privacy Act” should appear on the subject line.

    (e) Telephone requests may be made by calling the Board's Privacy Act Officer at 703-235-4473.

    Privacy Act records maintained by the Board.

    (a) The Board shall maintain only such information about an individual as is relevant and necessary to accomplish a purpose of the agency required by statute or by Executive Order of the President. In addition, the Board shall maintain all records that are used in making determinations about any individual with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to ensure fairness to that individual in the making of any determination about him or her. However, the Board shall not be required to update retired records.

    (b) The Board shall not maintain any record about any individual with respect to or describing how such individual exercises rights guaranteed by the First Amendment of the Constitution of the United States, unless expressly authorized by statute or by the subject individual, or unless pertinent to and within the scope of an authorized law enforcement activity.

    Requests for access to records.

    (a) All requests for records should include the following information:

    (1) Full name, address, and telephone number of requester.

    (2) The system of records containing the desired information.

    (3) Any other information that the requester believes would help locate the record.

    (b) Requests in writing. A person may request access to his or her own records in writing by addressing a letter to: Privacy Act Officer; U.S. Nuclear Waste Technical Review Board; 2300 Clarendon Blvd., Suite 1300; Arlington, VA 22201.

    (c) Requests via the internet. Internet requests should be transmitted through the Board's Web site at www.nwtrb.gov,, using the “Contact NWTRB” icon on the bottom of the main page. The words “Privacy Act” should appear on the subject line.

    (d) Requests in person. Any person may examine and request copies of his or her own records on the Board's premises. The requester should contact the Board's offices at least one week before the desired appointment date. This request may be made to the Privacy Act Officer in writing, via the Internet, or by calling 703-235-4473.

    (e) Before viewing the records, proof of identification, must be provided. The identification should be a valid copy of one of the following:

    A government ID,

    A driver's license,

    A passport, or

    Other current identification that contains both an address and a picture of the requester.

    Processing of requests.

    Upon receipt of a request for information, the Privacy Act Officer will ascertain:

    Whether the records identified by the requester exist, and

    Whether they are subject to any exemption under § 1304.115. If the records exist and are not subject to exemption, the Privacy Officer will provide the information.

    (a) Requests in writing, including those sent by e-mail, via the Web site, or by Fax. Within five working days of receiving the requests the Privacy Act Officer will acknowledge its receipt and will advise the requester of any additional information that may be needed. Within 15 working days of receiving the request, the Privacy Act Officer will send the requested information or will explain to the requester why additional time is needed for a response.

    (b) Requests in person or by telephone. Within 15 days of the initial request, the Privacy Act Officer will contact the requestor and arrange an appointment at a mutually agreeable time when the records can be examined. The requester may be accompanied by one person. The requestor should inform the Privacy Act Officer that a second individual will be present and must sign a statement authorizing disclosure of the records to that person. The statement will be kept with the requester's records. At the appointment, the requester will be asked to present identification as stated in § 1304.105.

    (c) Excluded information. If a request is received for information compiled in reasonable anticipation of litigation, the Privacy Officer will inform the requester that the information is not subject to release under the Privacy Act (see 5 U.S.C. 552a(d)(5)).

    Fees.

    A fee will not be charged for searching, reviewing, or making corrections to records.

    A fee for copying will be assessed at the same rate established for Freedom of Information Act requests. Duplication fees for paper copies of a record will be 10 cents per page for black and white and 20 cents per page for color. For all other forms of duplication, the Board will charge the direct costs of producing the copy. However, the first 100 pages of black-and-white copying or its equivalent will be free of charge.

    Appealing denials of access.

    If access to records is denied by the Privacy Act Officer, the requester may file an appeal in writing. The appeal should be directed to Executive Director; U.S. Technical Review Board; 2300 Clarendon Blvd., Suite 1300; Arlington, VA 22201. The appeal letter must:

    Specify the denied records that are still sought; and

    State why denial by the Privacy Act Officer is erroneous.

    The Executive Director or his or her designee will respond to such appeals within 20 working days of the receipt of the appeal letter in the Board offices. The appeal determination will explain Start Printed Page 8881the basis of the decision to deny or grant the appeal.

    Requests for correction of records.

    (a) Correction requests. Any person is entitled to request correction of his or her record(s) covered under the Act. The request must be made in writing and should be addressed to Privacy Act Officer; U.S. Nuclear Waste Technical Review Board; 2300 Clarendon Blvd., Suite 1300; Arlington, VA 22201. The letter should clearly identify the corrections desired. In most circumstances, an edited copy of the record will be acceptable for this purpose.

    (b) Initial response. Receipt of a correction request will be acknowledged by the Privacy Act Officer in writing within 5 working days. The Privacy Act Officer will endeavor to provide a letter to the requester within 20 working days stating whether the request for correction has been granted or denied. If the Privacy Act Officer denies any part of the correction request, the reasons for the denial will be provided to the requester.

    Disclosure of records to third parties.

    (a) The Board will not disclose any record that is contained in a system of records to any person or agency, except with a written request by or with the prior written consent of the individual whose record is requested, unless disclosure of the record is:

    (1) Required by an employee or agent of the Board in the performance of his/her official duties.

    (2) Required under the provisions of the Freedom of Information Act (5 U.S.C. 552). Records required to be made available by the Freedom of Information Act will be released in response to a request in accordance with the Board's regulations published at 10 CFR part 1303.

    (3) For a routine use as published in the annual notice in the Federal Register.

    (4) To the Census Bureau for planning or carrying out a census, survey, or related activities pursuant to the provisions of Title 13 of the United States Code.

    (5) To a recipient who has provided the Board with adequate advance written assurance that the record will be used solely as a statistical research or reporting record and that the record is to be transferred in a form that is not individually identifiable.

    (6) To the National Archives and Records Administration as a record that has sufficient historical or other value to warrant its continued preservation by the United States government, or for evaluation by the Archivist of the United States, or his or her designee, to determine whether the record has such value.

    (7) To another agency or to an instrumentality of any governmental jurisdiction within or under the control of the United States for a civil or criminal law enforcement activity, if the activity is authorized by law, and if the head of the agency or instrumentality has made a written request to the Board for such records specifying the particular part desired and the law enforcement activity for which the record is sought. The Board also may disclose such a record to a law enforcement agency on its own initiative in situations in which criminal conduct is suspected, provided that such disclosure has been established as a routine use, or in situations in which the misconduct is directly related to the purpose for which the record is maintained.

    (8) To a person pursuant to a showing of compelling circumstances affecting the health or safety of an individual if, upon such disclosure, notification is transmitted to the last known address of such individual.

    (9) To either House of Congress, or, to the extent of matters within its jurisdiction, any committee or subcommittee thereof, any joint committee of Congress, or subcommittee of any such joint committee.

    (10) To the Comptroller General, or any of his or her authorized representatives, in the course of the performance of official duties of the Government Accountability Office.

    (11) Pursuant to an order of a court of competent jurisdiction. In the event that any record is disclosed under such compulsory legal process, the Board shall make reasonable efforts to notify the subject individual after the process becomes a matter of public record.

    (12) To a consumer reporting agency in accordance with 31 U.S.C. 3711(e).

    (b) Before disseminating any record about any individual to any person other than a Board employee, the Board shall make reasonable efforts to ensure that the records are, or at the time they were collected were, accurate, complete, timely, and relevant. This paragraph (b) does not apply to disseminations made pursuant to the provisions of the Freedom of Information Act ( 5 U.S.C. 552) and paragraph (a)(2) of this section.

    Maintaining records of disclosures.

    (a) The Board shall maintain a log containing the date, nature, and purpose of each disclosure of a record to any person or agency. Such accounting also shall contain the name and address of the person or agency to whom or to which each disclosure was made. This log will not include disclosures made to Board employees or agents in the course of their official duties or pursuant to the provisions of the Freedom of Information Act (5 U.S.C. 552).

    (b) The Board shall retain the accounting of each disclosure for at least five years after the accounting is made or for the life of the record that was disclosed, whichever is longer.

    (c) The Board shall make the accounting of disclosures of a record pertaining to an individual available to that individual at his or her request. Such a request should be made in accordance with the procedures set forth in § 1304.105. This paragraph (c) does not apply to disclosures made for law enforcement purposes under 5 U.S.C. 552a(b)(7) and § 1304.110(a)(7).

    Notification of systems of Privacy Act records.

    (a) Public notice. On November 22, 1996, the Board published a notice of its systems of records in the Federal Register (Vol. 61, Number 227, pages 59472-69473). It is updating and republishing the notice in this issue of the Federal Register. The Board periodically reviews its systems of records and will publish information about any significant additions or changes to those systems. Information about systems of records maintained by other agencies that are in the temporary custody of the Board will not be published. In addition, the Office of the Federal Register biennially compiles and publishes all systems of records maintained by all federal agencies, including the Board.

    (b) At least 30 days before publishing additions or changes to the Board's systems of records, the Board will publish a notice of intent to amend, providing the public with an opportunity to comment on the proposed amendments to its systems of records.

    Privacy Act training.

    (a) The Board shall ensure that all persons involved in the design, development, operation, or maintenance of any Board systems are informed of all requirements necessary to protect the privacy of individuals. The Board shall ensure that all employees having access to records receive adequate training in their protection and that records have adequate and proper storage with sufficient security to ensure their privacy.Start Printed Page 8882

    (b) All employees shall be informed of the civil remedies provided under 5 U.S.C. 552a(g)(1) and other implications of the Privacy Act and of the fact that the Board may be subject to civil remedies for failure to comply with the provisions of the Privacy Act and the regulations in this part.

    Responsibility for maintaining adequate safeguards.

    The Board has the responsibility for maintaining adequate technical, physical, and security safeguards to prevent unauthorized disclosure or destruction of manual and automatic record systems. These security safeguards shall apply to all systems in which identified personal data are processed or maintained, including all reports and output from such systems that contain identifiable personal information. Such safeguards must be sufficient to prevent negligent, accidental, or unintentional disclosure, modification, or destruction of any personal records or data; must minimize; to the extent practicable, the risk that skilled technicians or knowledgeable persons could improperly obtain access to modify or destroy such records or data; and shall further ensure against such casual entry by unskilled persons without official reasons for access to such records or data.

    (a) Manual systems. (1) Records contained in a system of records as defined in this part may be used, held, or stored only where facilities are adequate to prevent unauthorized access by persons within or outside the Board.

    (2) Access to and use of a system of records shall be permitted only to persons whose duties require such access to the information for routine uses or for such other uses as may be provided in this part.

    (3) Other than for access by employees or agents of the Board, access to records within a system of records shall be permitted only to the individual to whom the record pertains or upon his or her written request.

    (4) The Board shall ensure that all persons whose duties require access to and use of records contained in a system of records are adequately trained to protect the security and privacy of such records.

    (5) The disposal and destruction of identifiable personal data records shall be done by shredding and in accordance with rules promulgated by the Archivist of the United States.

    (b) Automated systems. (1) Identifiable personal information may be processed, stored, or maintained by automated data systems only where facilities or conditions are adequate to prevent unauthorized access to such systems in any form.

    (2) Access to and use of identifiable personal data associated with automated data systems shall be limited to those persons whose duties require such access. Proper control of personal data in any form associated with automated data systems shall be maintained at all times, including maintenance of accountability records showing disposition of input and output documents.

    (3) All persons whose duties require access to processing and maintenance of identifiable personal data and automated systems shall be adequately trained in the security and privacy of personal data.

    (4) The disposal and disposition of identifiable personal data and automated systems shall be done by shredding, burning, or, in the case of electronic records, by degaussing or by overwriting with the appropriate security software, in accordance with regulations of the Archivist of the United States or other appropriate authority.

    Systems of records covered by exemptions.

    The Board currently has no exempt systems of records.

    Mailing lists.

    The Board shall not sell or rent an individual's name and/or address unless such action is specifically authorized by law. This section shall not be construed to require the withholding of names and addresses otherwise permitted to be made public.

    End Part Start Signature

    Dated: February 23, 2007.

    William D. Barnard,

    Executive Director, U.S. Nuclear Waste Technical Review Board.

    End Signature End Supplemental Information

    [FR Doc. 07-886 Filed 2-27-07; 8:45 am]

    BILLING CODE 6820-AM-M

Document Information

Effective Date:
2/28/2007
Published:
02/28/2007
Department:
Nuclear Waste Technical Review Board
Entry Type:
Rule
Action:
Final rule.
Document Number:
07-886
Dates:
Effective February 28, 2007.
Pages:
8879-8882 (4 pages)
Topics:
Administrative practice and procedure, Privacy, Reporting and recordkeeping requirements
PDF File:
07-886.pdf
CFR: (16)
10 CFR 1304.101
10 CFR 1304.102
10 CFR 1304.103
10 CFR 1304.104
10 CFR 1304.105
More ...