AGENCY:

Office of the Secretary, Interior.

ACTION:

Notice of a new system of records.

SUMMARY:

Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of the Interior (DOI) is issuing a public notice of its intent to create a DOI Privacy Act system of records titled, “INTERIOR/DOI-21, eRulemaking Program.” This system of records helps DOI manage an eRulemaking Program and the associated rulemaking documents, public comments, and supporting materials submitted on its rulemakings and Federal Register notices. This newly established system will be included in DOI's inventory of record systems.

DATES:

This new system will take effect upon publication. New routine uses will take effect July 2, 2020. Submit comments on or before July 2, 2020.

ADDRESSES:

You may submit comments identified by docket number [DOI-2019-0013] by any of the following methods:

• Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for sending comments.
• Email: DOI_Privacy@ios.doi.gov. Include docket number [DOI-2019-0013] in the subject line of the message.
• U.S. mail or hand-delivery: Teri Barnett, Departmental Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, Room 7112, Washington, DC 20240.

Instructions: All submissions received must include the agency name and docket number [DOI-2019-0013]. All comments received will be posted without change to http://www.regulations.gov,, including any personal information provided.

Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT:

Teri Barnett, Departmental Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, Room 7112, Washington, DC 20240, DOI_Privacy@ios.doi.gov or (202) 208-1605.

SUPPLEMENTARY INFORMATION:

I. Background

The DOI Office of the Executive Secretariat and Regulatory Affairs manages regulatory policy for the Department and is establishing the INTERIOR/DOI-21, eRulemaking Program, system of records to process, analyze and manage documents, comments and supporting materials submitted by members of the public in response to proposed rulemakings and notices. The system is comprised of public comments and documents received from the public that contain personally identifiable information that may include names, mailing addresses, email addresses, or other information received as part of the public comment and regulatory review process.

Public comments are published on Regulations.gov, a public facing website that provides public users ease of access to Federal regulatory content and a way to submit comments on regulatory documents published in the Federal Register. On Regulations.gov, the public can search, view, download, and comment on publicly available regulatory materials and post comments or provide supporting documents on rulemakings or Federal Register notices. Public comments published on Regulations.gov are maintained in the Federal Docket Management System (FDMS), a government-wide system that provides a platform for agencies to manage their rulemaking and content in Regulations.gov. FDMS allows Federal agencies to search, view, download, and review the public comments or supporting materials submitted on rulemakings and notices.

Regulations.gov and FDMS are managed by the General Services Administration (GSA) as the managing partner and government shared services provider to Federal partner agencies. Although GSA manages Regulations.gov and FDMS and provides assistance to Federal partner agencies, each Federal partner agency accesses and manages its own rulemaking documents and comments in FDMS. Therefore, DOI is publishing this INTERIOR/DOI-21, eRulemaking Program, system of records notice to cover records collected, used and maintained by DOI in support of Federal rulemakings through FDMS and Regulations.gov, as well as, DOI bureau and office eRulemaking Programs that may include administrative records and comments, information, and documents received from the public as part of the public comment process through email correspondence, postal mail, or other methods. Each DOI bureau and office is responsible for managing its own docket and the comments or supporting materials submitted on its own rulemakings.

II. Privacy Act

The Privacy Act of 1974, as amended, embodies fair information practice principles in a statutory framework governing the means by which Federal agencies collect, maintain, use, and disseminate individuals' records. The Privacy Act applies to records about individuals that are maintained in a “system of records.” A “system of records” is a group of any records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. The Privacy Act defines an individual as a United States citizen or lawful permanent resident. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of DOI by complying with DOI Privacy Act regulations at 43 CFR part 2, subpart K, and following the procedures outlined in the Records Access, Contesting Record, and Notification Procedures sections of this notice.

The Privacy Act requires each agency to publish in the Federal Register a description denoting the existence and character of each system of records that the agency maintains and the routine uses of each system. The INTERIOR/DOI-21, eRulemaking Program, system of records notice is published in its entirety below. In accordance with 5 U.S.C. 552a(r), DOI has provided a report of this system of records to the Office of Management and Budget and to Congress.

III. Public Participation

You should be aware that your entire comment including your personal identifying information, such as your address, phone number, email address, or any other personal identifying information in your comment, may be made publicly available at any time. While you may request to withhold your personal identifying information from public review, we cannot guarantee we will be able to do so.

SYSTEM NAME AND NUMBER:

INTERIOR/DOI-21, eRulemaking Program.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Office of the Executive Secretariat, U.S. Department of the Interior, 1849 C Street NW, Mail Stop 7314 MIB, Washington, DC 20240; DOI bureaus and offices managing eRulemaking Program records; and General Services Administration servers located in the National Computer Center, Research Triangle Park, North Carolina.

SYSTEM MANAGER(S):

Director, Office of the Executive Secretariat and Regulatory Affairs, U.S. Department of the Interior, 1849 C Street NW, Mail Stop 7314 MIB, Washington, DC 20240.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

E-Government Act of 2002, Public Law 107-347, 206(d); 44 U.S.C. Ch 36; 5 U.S.C. 301.

PURPOSE(S) OF THE SYSTEM:

The eRulemaking Program helps DOI manage a central, electronic repository for all DOI rulemaking materials and dockets, which include the rulemaking itself, Federal Register notices, supporting materials such as scientific or economic analyses, and public comments. The electronic repository also includes non-rulemaking dockets. DOI uses Regulations.gov to accept public comments electronically and FDMS for comment analysis. Each DOI bureau and office manages its own docket and can only access the comments or supporting materials submitted on its own rulemakings.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

Individuals covered by the system are any individuals—including public citizens; representatives of Federal, state, Tribal, or local governments; businesses; and industries—who provide personal information while submitting a comment or supporting materials on a Federal agency rulemaking.

CATEGORIES OF RECORDS IN THE SYSTEM:

Public comments and any supporting materials received in response to DOI rulemakings and Federal Register notices. Records may include names, mailing addresses, email addresses and other information about members of the public submitting comments in response to DOI rulemakings and notices. This system may also include administrative records, comment analyses, correspondence and other records related to the management of the eRulemaking Program that may contain personal information.

RECORD SOURCE CATEGORIES:

Any individual who submits a comment or supporting materials on a DOI rulemaking.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DOI as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

A. To the Department of Justice (DOJ), including Offices of the U.S. Attorneys, or other Federal agency conducting litigation or in proceedings before any court, adjudicative, or administrative body, when it is relevant or necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation:

(1) DOI or any component of DOI;

(2) Any other Federal agency appearing before the Office of Hearings and Appeals;

(3) Any DOI employee or former employee acting in his or her official capacity;

(4) Any DOI employee or former employee acting in his or her individual capacity when DOI or DOJ has agreed to represent that employee or pay for private representation of the employee; or

(5) The United States Government or any agency thereof, when DOJ determines that DOI is likely to be affected by the proceeding.

B. To a congressional office when requesting information on behalf of, and at the request of, the individual who is the subject of the record.

C. To the Executive Office of the President in response to an inquiry from that office made at the request of the subject of a record or a third party on that person's behalf, or for a purpose compatible with the reason for which the records are collected or maintained.

D. To any criminal, civil, or regulatory law enforcement authority (whether Federal, state, territorial, local, Tribal or foreign) when a record, either alone or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil, or regulatory in nature, and the disclosure is compatible with the purpose for which the records were compiled.

E. To an official of another Federal agency to provide information needed in the performance of official duties related to reconciling or reconstructing data files, or to enable that agency to respond to an inquiry by the individual to whom the record pertains.

F. To Federal, state, territorial, local, Tribal, or foreign agencies that have requested information relevant or necessary to the hiring, firing or retention of an employee or contractor, or the issuance of a security clearance, license, contract, grant or other benefit, when the disclosure is compatible with the purpose for which the records were compiled.

G. To representatives of the National Archives and Records Administration (NARA) to conduct records management inspections under the authority of 44 U.S.C. 2904 and 2906.

H. To state, territorial, Tribal and local governments to provide information needed in response to court order and/or discovery purposes related to litigation, when the disclosure is compatible with the purpose for which the records were compiled.

I. To an expert, consultant, grantee, or contractor (including employees of the contractor) of DOI that performs services requiring access to these records on DOI's behalf to carry out the purposes of the system.

J. To appropriate agencies, entities, and persons when:

(1) DOI suspects or has confirmed that there has been a breach of the system of records;

(2) DOI has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, DOI (including its information systems, programs, and operations), the Federal Government, or national security; and

(3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DOI's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

K. To another Federal agency or Federal entity, when DOI determines that information from this system of Start Printed Page 33703records is reasonably necessary to assist the recipient agency or entity in:

(1) responding to a suspected or confirmed breach; or

(2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

L. To the Office of Management and Budget (OMB) during the coordination and clearance process in connection with legislative affairs as mandated by OMB Circular A-19.

M. To the Department of the Treasury to recover debts owed to the United States.

N. To the news media and the public, with the approval of the Public Affairs Officer in consultation with counsel and the Senior Agency Official for Privacy, where there exists a legitimate public interest in the disclosure of the information, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.

O. To the General Services Administration (GSA) or other Federal agency operating under a shared service provider cross-servicing agreement with DOI for purposes relating to the processing and maintenance of records, to reconstitute the system in case of system failure or helpdesk request, and to ensure the integrity of the system and the effective management of the eRulemaking Program.

P. To OMB, the Government Accountability Office (GAO), or other organization for the purpose of performing audit or oversight operations as authorized by law in accordance with their responsibilities for evaluating Federal programs, but only such information as is necessary and relevant to such audit or oversight function.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Paper records are contained in file folders stored in file cabinets in secure DOI controlled facilities. Electronic records are contained in removable drives, computers, email, electronic databases, backups maintained by DOI, and on secure servers maintained by GSA that are only accessed by authorized personnel.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Records, comments and supporting materials submitted for DOI rulemakings may be retrieved by various data elements and key word searches, including: Name, docket type, docket sub-type, agency docket ID, docket title, docket category, document type, CFR part, date comment received, and Federal Register publication date.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Retention periods may vary depending on the program, notice or purpose of the rulemaking or publication. Records of public comments are retained and disposed of in accordance with applicable DOI records schedules that have been approved by NARA based on the subject or function and records series. The majority of public comments related to Federal Register notices fall under the DOI Departmental Records Schedule (DRS). Records related to Federal Register notices are covered by DRS 1, Short-term Administration Records (DAA-0048-2013-0001-0001), which have a temporary disposition and are destroyed 3 years after cut-off. Records related to rulemaking are covered by DRS 3, Policy Records (DAA-0048-2013-0008-0010), Final Regulations, which have a Permanent disposition and are transferred to NARA 15 years after cut-off.

Records of public comments are disposed of in accordance with the applicable DOI records retention schedules and policy based on the program area and agency needs. When approved for destruction, paper records are disposed of by shredding or pulping, and records contained on electronic media are degaussed or erased in accordance with NARA guidelines and 384 Departmental Manual 1.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

The records contained in this system are safeguarded in accordance with 43 CFR 2.226 and other applicable security and privacy rules and policies. During normal hours of operation, paper records such as the original or scanned copies of the supporting materials received in response to DOI rulemakings and Federal Register notices are maintained in file cabinets under the control of authorized personnel.

Computer servers on which electronic records are stored are located in secured DOI-controlled facilities with physical, technical, and administrative levels of security to prevent unauthorized access to the DOI network and information assets. Access granted to authorized personnel is password-protected, and each person granted access to the system must be individually authorized to use the system. A Privacy Act Warning Notice appears on the computer monitor screens when records containing information on individuals are first displayed. Data exchanged between the servers and the system is encrypted. Backup tapes are encrypted and stored in a locked and controlled room in a secure, off-site location.

Computerized records systems follow the National Institute of Standards and Technology privacy and security standards as developed to comply with the Privacy Act of 1974 as amended, 5 U.S.C. 552a; the Paperwork Reduction Act of 1995, Public Law 104-13, as codified at 44 U.S.C. 3501 et seq.; the Federal Information Security Modernization Act of 2014, Public Law 113-283, as codified at 44 U.S.C. 3551, et seq.; and the Federal Information Processing Standard 199, “Standards for Security Categorization of Federal Information and Information Systems.” Security controls include user identification, passwords, database permissions, encryption, firewalls, audit logs, network system security monitoring, and software controls.

Access to records in the system is limited to authorized personnel who have a need to access the records in the performance of their official duties, and each user's access is restricted to only the functions and data necessary to perform that person's job responsibilities. System administrators and authorized users are trained and required to follow established internal security protocols and must complete all security, privacy, and records management training and sign the DOI Rules of Behavior.

The GSA information technology system that hosts Regulations.gov and FDMS is located in a facility protected by physical walls, security guards, and requiring identification badges. Rooms housing the information technology system infrastructure are locked, as are the individual server racks. All security controls are reviewed on a periodic basis by external assessors. The controls themselves include measures for access control, security awareness training, audits, configuration management, contingency planning, incident response, and maintenance. Records in FDMS are maintained in a secure, password protected electronic system that utilizes security hardware and software to include multiple firewalls, active intrusion detection, encryption, identification and authentication of users.

As a partner agency, DOI manages access to FDMS through designated account managers in order to establish, manage, and terminate DOI user Start Printed Page 33704accounts. DOI bureaus and offices have access to comments and supporting materials submitted on their own rulemakings and are responsible for managing those records in accordance with DOI policies and regulations.

RECORD ACCESS PROCEDURES:

An individual requesting records on himself or herself should send a signed, written inquiry to the applicable System Manager identified above. The request must include the specific bureau or office that maintains the record to facilitate the location of the applicable records. The request envelope and letter should both be clearly marked “PRIVACY ACT REQUEST FOR ACCESS.” A request for access must meet the requirements of 43 CFR 2.238.

CONTESTING RECORD PROCEDURES:

An individual requesting corrections or the removal of material from his or her records should send a signed, written request to the applicable System Manager as identified above. The request must include the specific bureau or office that maintains the record to facilitate the location of the applicable records. A request for corrections or removal must meet the requirements of 43 CFR 2.246.

NOTIFICATION PROCEDURES:

An individual requesting notification of the existence of records on himself or herself should send a signed, written inquiry to the applicable System Manager as identified above. The request must include the specific bureau or office that maintains the record to facilitate the location of the applicable records. The request envelope and letter should both be clearly marked “PRIVACY ACT INQUIRY.” A request for notification must meet the requirements of 43 CFR 2.235.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

None.