AGENCY:

Office of the Secretary, DoD.

ACTION:

Notice to alter a system of records.

SUMMARY:

The Office of the Secretary of Defense proposes to alter a system of records in its inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended.

DATES:

This proposed action would be effective without further notice on June 8, 2011 unless comments are received which result in a contrary determination.

ADDRESSES:

You may submit comments, identified by docket number and/Regulatory Information Number (RIN) and title, by any of the following methods:

* Federal Rulemaking Portal: http://www.regulations.gov. Follow the instructions for submitting comments.

* Mail: Federal Docket Management System Office, 1160 Defense Pentagon, OSD Mailroom 3C843, Washington, DC 20301-1160.

Instructions: All submissions received must include the agency name and docket number or Regulatory Information Number (RIN) for this Federal Register document. The general policy for comments and other submissions from members of the public is to make these submissions available for public viewing on the Internet at http://www.regulations.gov as they are received without change, including any personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT:

Ms. Cindy Allard at (703) 588-6830, or Chief, OSD/JS Privacy Office, Freedom of Information Directorate, Washington Headquarters Services, 1155 Defense Pentagon, Washington, DC 20301-1155.

SUPPLEMENTARY INFORMATION:

The Office of the Secretary of Defense notices for systems of records subject to the Privacy Act of 1974 (5 U.S.C. 552a), as amended, have been published in the Federal Register and are available from the FOR FURTHER INFORMATION CONTACT address above.

The proposed system report, as required by 5 U.S.C. 552a(r) of the Privacy Act of 1974, as amended, was submitted on May 2, 2011, to the House Committee on Oversight and Government Reform, the Senate Committee on Governmental Affairs, and the Office of Management and Budget (OMB) pursuant to paragraph 4c of Appendix I to OMB Circular No. A-130, “Federal Agency Responsibilities for Maintaining Records About Individuals,” dated February 8, 1996 (February 20, 1996, 61 FR 6427).

DEPARTMENT OF DEFENSE

Office of the Secretary of Defense

Narrative Statement on an Altered System of Records Under the Privacy Act of 1974

1. System identifier and name: DPFPA 01, entitled “Pentagon Facilities Access Control Systems.”

2. Responsible official: Ms. Paula Jones-Griffin, Chief, Pentagon Access Control Division, Security Services Directorate, Pentagon Force Protection Agency, Room 1F1084, 9000 Defense Pentagon, Washington, DC 20301-9000, telephone (703) 693-2865.

3. Nature of changes proposed for the system: The Office of the Secretary of Defense proposes to change the system name, update the categories of individuals covered, categories of records, authorities, purpose, retrievability, safeguards, retention, system manager, notification, access, and record source sections.

4. Authority for the maintenance of the system: 10 U.S.C. 113, Secretary of Defense; 10 U.S.C. 2674, Operation and Control of Pentagon Reservation and Defense facilities in National Capital Region; DoD Directive 1000.25, DoD Personnel Identity Protection (PIP) Program; DoD Directive 5105.68, Pentagon Force Protection Agency (PFPA); DoD 5200.08-R, Physical Security Program; DoD Directive 8521.01E, Department of Defense Biometrics; Directive Type Memorandum 09-012, Interim Policy Guidance for DoD Physical Access Control; and E.O. 9397 (SSN), as amended.

5. Probable or potential effects on the privacy of individuals: None.

6. Is the system, in whole or in part, being maintained by a contractor? Yes.

7. Steps taken to minimize risk of unauthorized access: Records are maintained in secure, limited access, or monitored areas. Access to data is restricted through the use of Common Access Cards (CAC) along with passwords specific to the system. Data is encrypted, while being stored and transmitted. Physical entry to the Pentagon Access Control Division Office, server rooms and security equipment closets where information is stored or processed is restricted through the use of locks, guards, passwords, or other administrative procedures. Access to personal information is limited to those individuals who require the records to perform their official assigned duties.

8. Routine use compatibility: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, these records may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

The DoD `Blanket Routine Uses' set forth at the beginning of the Office of the Secretary of Defense (OSD) compilation of systems of records notices apply to this system.

9. OMB information collection requirements: 0704-0328, expires 07/31/2011.

10. Supporting documentation: None.

11. Name of the IT System: Pentagon Facilities Access Control Systems.

DPFPA 01

System name:

Department of Defense (DoD) Pentagon Building Pass Files (September 11, 2008, 73 FR 52840).

Changes:

System name:

Delete entry and replace with “Pentagon Facilities Access Control System.”

Categories of individuals covered by the system:

Delete entry and replace with “Any Department of Defense military, civilian employee, or contractor sponsored by the Department of Defense, or other persons who have reason to enter Pentagon Facilities for official Department of Defense business.”

Categories of records in the system:

Delete entry and replace with “File contains, name, Social Security Number (SSN), DoD ID number, date of birth, place of birth, height, weight, race, gender, biometric images and templates (e.g., fingerprint and iris), citizenship, name of DoD sponsoring office, access investigation completion date, access level, previous facility pass issuances, and authenticating official.”

Authority for maintenance of the system:

Delete entry and replace with “10 U.S.C. 113, Secretary of Defense; 10 U.S.C. 2674, Operation and Control of Pentagon Reservation and Defense Start Printed Page 26713facilities in National Capital Region; DoD Directive 1000.25, DoD Personnel Identity Protection (PIP) Program; DoD Directive 5105.68, Pentagon Force Protection Agency; DoD 5200.08-R, Physical Security Program; DoD Directive 8521.01E, Department of Defense Biometrics; Directive Type Memorandum 09-012, Interim Policy Guidance for DoD Physical Access Control; and E.O. 9397 (SSN), as amended.”

Purpose:

Delete entry and replace with “To maintain a listing of personnel who are authorized to access Pentagon Facilities and verify identity of approved individuals to access such facilities and offices.”

Retrievability:

Delete entry and replace with “By individual's name, SSN, or DoD ID number.”

Safeguards:

Delete entry and replace with “Records are maintained in secure, limited access, or monitored areas. Access to data is restricted through the use of Common Access Cards (CAC) along with passwords specific to the system. Data is encrypted, while being stored and transmitted. Physical entry to the Pentagon Access Control Division Office, server rooms and security equipment closets where information is stored or processed is restricted through the use of locks, guards, passwords, or other administrative procedures. Access to personal information is limited to those individuals who require the records to perform their official assigned duties.”

Retention and disposal:

Delete entry and replace with “Applications and credentials are destroyed three (3) months after expiration or return to PFPA. Verification records are maintained for 3-5 years and then destroyed.”

System manager(s) and address:

Delete entry and replace with “Chief, Pentagon Access Control Division, Security Services Directorate, Pentagon Force Protection Agency, Room 1F1084, 9000 Defense Pentagon, Washington, DC 20301-9000.”

Notification procedure:

Delete entry and replace with “Individuals seeking to determine if their information is contained in this system should address written inquiries to Pentagon Force Protection Agency, Security Services Directorate, Pentagon Access Control Division, 9000 Defense Pentagon, Washington, DC 20301-9000.

Written requests should contain the full name, SSN, DoD ID number, and current address and telephone number of the individual.”

Record access procedures:

Delete entry and replace with “Individuals seeking access to their information contained in this system should address written inquiries to the Office of the Secretary of Defense/Joint Staff Freedom of Information Act Requester Service Center, Office of the Freedom of Information, 1155 Defense Pentagon, Washington, DC 20301-1155.

Written requests should contain the full name, SSN, DoD ID number, current address and telephone number of the individual, the name and number of this system of records notice, and be signed.”

Record source categories:

Delete entry and replace with “The individual, security managers, and the Joint Personnel Adjudication System.”

DPFPA 01

System name:

Pentagon Facilities Access Control Systems.

System location:

Pentagon Force Protection Agency (PFPA), Security Services Directorate, Pentagon Access Control Division, 9000 Defense Pentagon, Washington, DC 20301-9000.

Categories of individuals covered by the system:

Any Department of Defense military, civilian employee, or contractor sponsored by the Department of Defense, or other persons who have reason to enter Pentagon Facilities for official Department of Defense business.

Categories of records in the system:

File contains, name, Social Security Number (SSN), DoD ID number, date of birth, place of birth, height, weight, race, gender, biometric images and templates (e.g., fingerprint and iris), citizenship, name of DoD sponsoring office, access investigation completion date, access level, previous facility pass issuances, and authenticating official.

Authority for maintenance of the system:

10 U.S.C. 113, Secretary of Defense; 10 U.S.C. 2674, Operation and Control of Pentagon Reservation and Defense facilities in National Capital Region; DoD Directive 1000.25, DoD Personnel Identity Protection (PIP) Program; DoD Directive 5105.68, Pentagon Force Protection Agency; DoD 5200.08-R, Physical Security Program; DoD Directive 8521.01E, Department of Defense Biometrics; Directive Type Memorandum 09-012, Interim Policy Guidance for DoD Physical Access Control; and E.O. 9397 (SSN), as amended.

Purpose:

To maintain a listing of personnel who are authorized to access Pentagon Facilities and verify identity of approved individuals to access such facilities and offices.

Routine uses of records maintained in the system, including categories of users and the purposes of such uses:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, these records may specifically be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

The DoD “Blanket Routine Uses” set forth at the beginning of the Office of the Secretary of Defense (OSD) compilation of systems of records notices apply to this system.

Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:

Storage:

Paper records in file folders and electronic storage media.

Retrievability:

By individual's name, SSN, or DoD ID number.

Safeguards:

Records are maintained in secure, limited access, or monitored areas. Access to data is restricted through the use of Common Access Cards (CAC) along with passwords specific to the system. Data is encrypted, while being stored and transmitted. Physical entry to the Pentagon Access Control Division Office, server rooms and security equipment closets where information is stored or processed is restricted through the use of locks, guards, passwords, or other administrative procedures. Access to personal information is limited to those individuals who require the records to perform their official assigned duties.

Retention and disposal:

Applications and credentials are destroyed three (3) months after expiration or return to PFPA. Verification records are maintained for 3-5 years and then destroyed.Start Printed Page 26714

System manager(s) and address:

Chief, Pentagon Access Control Division, Security Services Directorate, Pentagon Force Protection Agency, Room 1F1084, 9000 Defense Pentagon, Washington, DC 20301-9000.

Notification procedure:

Individuals seeking to determine if their information is contained in this system should address written inquiries to Pentagon Force Protection Agency, Security Services Directorate, Pentagon Access Control Division, 9000 Defense Pentagon, Washington, DC 20301-9000.

Written requests should contain the full name, SSN, DoD ID number, and current address and telephone number of the individual.

Record access procedures:

Individuals seeking access to their information contained in this system should address written inquiries to the Office of the Secretary of Defense/Joint Staff Freedom of Information Act Requester Service Center, Office of the Freedom of Information, 1155 Defense Pentagon, Washington, DC 20301-1155.

Written requests should contain the full name, SSN, DoD ID number, current address and telephone number of the individual, the name and number of this system of records notice, and be signed.

Contesting record procedures:

The OSD rules for accessing records, for contesting contents and appealing initial agency determinations are published in OSD Administrative Instruction 81; 32 CFR Part 311; or may be obtained from the system manager.

Record source categories:

The individual, security managers, and the Joint Personnel Adjudication System.

Exemptions claimed for the system:

None.