2024-15922. Privacy Act of 1974; Systems of Records  

  • AGENCY:

    Nuclear Regulatory Commission.

    ACTION:

    Notice of modified systems of records; request for comment.

    SUMMARY:

    Pursuant to the Privacy Act of 1974 and Office of Management and Budget (OMB) Circular No. A-108, to ensure the system of records notices remain accurate, the U.S. Nuclear Regulatory Commission (NRC) staff reviews each notice on a periodic basis. As a result of this review, the NRC is republishing 16 of its system of records notices and has made various revisions to ensure that the NRC's notices remain clear, accurate, and up to date. Three of the system notices—NRC 37, Information Security Files and Associated Records, NRC 44, Employee Fitness Center Records, and NRC 46, Health Emergency Records—are subject to a 30-day comment period based on the nature of their revisions. The revisions to these systems are in effect upon this publication with the exception of the NRC 37, NRC 44 and NRC 46 modifications, which will go into effect 30 days after this publication. The remaining systems revisions are minor corrective and administrative changes that do not meet the threshold criteria established by OMB for either a new or altered system of records. The minor modifications include updating authorities, system managers, retention schedules, and various other minor updates, in accordance with OMB Circular A-108.

    DATES:

    Submit comments on revisions and changes by August 19, 2024. Comments received after this date will be considered if it is practical to do so, but the Commission is able to ensure consideration only for comments received before this date.

    ADDRESSES:

    You may submit comments by any of the following methods; however, the NRC encourages electronic comment submission through the Federal rulemaking website:

    • Federal rulemaking website: Go to https://www.regulations.gov and search for Docket ID NRC-2023-0168. Address questions about Docket IDs in Regulations.gov to Stacy Schumann; telephone: 301-415-0624; email: Stacy.Schumann@nrc.gov. For technical questions, contact the individual listed in the For Further Information Contact section of this document.
    • Mail comments to: Office of Administration, Mail Stop: TWFN-7-A60M, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, ATTN: Program Management, Announcements and Editing Staff.

    For additional direction on obtaining information and submitting comments, see “Obtaining Information and Submitting Comments” in the SUPPLEMENTARY INFORMATION section of this document.

    FOR FURTHER INFORMATION CONTACT:

    Sally Hardy, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, telephone: 301-415-5607; email: Sally.Hardy@nrc.gov.

    SUPPLEMENTARY INFORMATION:

    I. Obtaining Information and Submitting Comments

    A. Obtaining Information

    Please refer to Docket ID NRC-2023-0168 when contacting the NRC about the availability of information for this action. You may obtain publicly available information related to this action by any of the following methods:

    • Federal Rulemaking Website: Go to https://www.regulations.gov and search for Docket ID NRC-2023-0168.
    • NRC's Agencywide Documents Access and Management System (ADAMS): You may obtain publicly available documents online in the ADAMS Public Documents collection at https://www.nrc.gov/​reading-rm/​adams.html. To begin the search, select “Begin Web-based ADAMS Search.” For problems with ADAMS, please contact the NRC's Public Document Room (PDR) reference staff at 1-800-397-4209, at 301-415-4737, or by email to PDR.Resource@nrc.gov.
    • NRC's PDR: The PDR, where you may examine and order copies of publicly available documents, is open by appointment. To make an appointment to visit the PDR, please send an email to PDR.Resource@nrc.gov or call 1-800-397-4209 or 301-415-4737, between 8 a.m. and 4 p.m. eastern time (ET), Monday through Friday, except Federal holidays.

    B. Submitting Comments

    The NRC encourages electronic comment submission through the Federal rulemaking website ( https://www.regulations.gov). Please include Docket ID NRC-2023-0168 in your comment submission.

    The NRC cautions you not to include identifying or contact information that you do not want to be publicly disclosed in your comment submission. The NRC will post all comment submissions at https://www.regulations.gov as well as enter the comment submissions into ADAMS. The NRC does not routinely edit comment submissions to remove identifying or contact information.

    If you are requesting or aggregating comments from other persons for submission to the NRC, then you should inform those persons not to include identifying or contact information that they do not want to be publicly disclosed in their comment submission. Your request should state that the NRC does not routinely edit comment submissions to remove such information before making the comment submissions available to the public or entering the comment into ADAMS.

    II. Background

    Pursuant to the Privacy Act of 1974 and OMB Circular No. A-108, “Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act,” notice is hereby given that the NRC is republishing 16 of its system of records notices. In 12 of those system of records notices, there are revisions that include minor and administrative changes that do not meet the criteria for either a new or altered system of records notice. One system is being republished without any revisions as part of our review process for ease of use and reference since the last publication in 2019.

    The changes in the following three Privacy Act system of records notices do meet the criteria for an altered system of records:

    The NRC is revising NRC 37, Information Security Files and Associated Records. Modifications include revision of the purpose, categories of records in the system, record source categories and storage of records.

    The NRC is revising NRC 44, Employee Fitness Center Records. Modifications include removing duplicate system locations.

    The NRC is revising NRC 46, Health Emergency Records. Modifications include revision of the authority for maintenance of the system, categories of individuals covered, categories of records, record source categories, routine uses and storage of records.

    A report on these revisions has been sent to OMB, the Committee on Homeland Security and Governmental Affairs of U.S. Senate, and the Committee on Oversight and Accountability of the U.S. House of Representatives, as required by the Privacy Act.

    If changes are made based on the NRC's review of comments received, the NRC will publish a subsequent notice.

    The text of the report, in its entirety, is attached.

    Dated: July 16, 2024.

    For the Nuclear Regulatory Commission.

    Jonathan Feibus,

    Senior Agency Official for Privacy, Office of the Chief Information Officer.

    Attachment—Nuclear Regulatory Commission Privacy Act Systems of Records NRC Systems of Records

    25. Oral History Program—NRC.

    26. Transit Subsidy Benefits Program Records—NRC.

    27. Radiation Exposure Information and Reporting System (REIRS) Records—NRC.

    32. Office of the Chief Financial Officer Financial Transactions and Debt Collection Management Records—NRC.

    33. Special Inquiry Records—NRC.

    35. Drug Testing Program Records—NRC.

    36. Employee Locator Records—NRC.

    37. Information Security Files and Associated Records—NRC.

    38. Mailing Lists—NRC.

    39. Personnel Security Files and Associated Records—NRC.

    40. Facility Security Access Control Records—NRC.

    41. Tort Claims and Personal Property Claims Records—NRC.

    43. Employee Health Center Records—NRC.

    44. Employee Fitness Center Records—NRC.

    45. Electronic Credentials for Personal Identity Verification—NRC.

    46. Health Emergency Records—NRC.

    These systems of records are maintained by the NRC and contain personal information about individuals that is retrieved by an individual's name or identifier.

    The notice for each system of records states the name and location of the record system, the authority for and manner of its operation, the categories of individuals that it covers, the types of records that it contains, the sources of information in those records, and the routine uses of each system of records. Each notice also includes the business address of the NRC official who will inform interested persons of the procedures whereby they may gain access to and request amendment of records pertaining to them.

    The Privacy Act provides certain safeguards for an individual against an invasion of personal privacy by requiring Federal agencies to protect records contained in an agency system of records from unauthorized disclosure and to ensure that information is current and accurate for its intended use and that adequate safeguards are provided to prevent misuse of such information.

    SYSTEM NAME AND NUMBER:

    Oral History Program—NRC 25.

    SECURITY CLASSIFICATION:

    Unclassified

    SYSTEM LOCATION:

    Office of the Secretary, NRC, One White Flint North, 11555 Rockville Pike, Rockville, Maryland.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    42 U.S.C. 2161(b) and 44 U.S.C. 3301.

    PURPOSE(S) OF THE SYSTEM:

    Recorded interviews and transcribed scripts of interviews for providing a history of the nuclear regulatory program.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Individuals who volunteer to be interviewed for the purpose of providing information for a history of the nuclear regulatory program.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    Records consist of recorded interviews and as needed, transcribed scripts of the interviews.

    RECORD SOURCE CATEGORIES:

    Information in this system of records is obtained from interviews granted on a voluntary basis to the Historian.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In addition to the other types of disclosures permitted under subsection (b) of the Privacy Act, the NRC may disclose information contained in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected under the following routine uses:

    a. For incorporation in publications on the history of the nuclear regulatory program;

    b. To provide information to historians and other researchers;

    c. A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed that there has been a breach of the system of records, (2) NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NRC efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

    d. A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when the NRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Maintained on electronic media.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Information is accessed by the name of the interviewee.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Narrative Histories will be retained under NRC's approved schedule found in the NUREG 0910 version 4 at 2.22.7.a(1): Record copy maintained by the NRC Historian. Permanent. Transfer to the National Archives when 20 years old. (Paper records created before 4/1/2000. ADAMS PDF files and TIFF files (2.22.7.a(4) re cutoff at the close of the fiscal year. Transfer to the National Archives 5 years after cutoff.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    Maintained on an access restricted drive. Access to and use of these records is limited to those authorized by the Historian or a designee.

    SYSTEM MANAGER(S):

    NRC Historian, Office of the Secretary, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

    RECORD ACCESS PROCEDURES:

    Same as “Notification procedures.”

    CONTESTING RECORD PROCEDURES:

    Same as “Notification procedures.”

    NOTIFICATION PROCEDURES:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and comply with the procedures contained in NRC's Privacy Act regulations, 10 CFR part 9.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    None.

    SYSTEM NAME AND NUMBER:

    Transit Subsidy Benefits Program Records—NRC 26.

    SECURITY CLASSIFICATION:

    Unclassified

    SYSTEM LOCATION:

    Facility and Logistics Branch, Office of Administration, NRC, Two White Flint North, 11545 Rockville Pike, Rockville, Maryland.

    SYSTEM MANAGER(S):

    Chief, Facility and Logistics Branch, Division of Facilities and Security, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    5 U.S.C. 7905; 26 U.S.C. 132; 31 U.S.C. 3511; 41 CFR 102-74.210; 41 CFR subtitle F; 41 CFR 102-71.20; Executive Order (E.O.) 9397, as amended by E.O. 13478; E.O. 13150.

    PURPOSE(S) OF THE SYSTEM:

    The information contained in this system is used to enroll employees in the Transit Subsidy Program.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    NRC employees who apply for subsidized mass transit costs.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    The records consist of an individual's application to participate in the program which includes, but is not limited to, the applicant's name, home address, office telephone number, and information regarding the employee's commuting schedule and mass transit system(s) used.

    RECORD SOURCE CATEGORIES:

    NRC employees.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In addition to the other types of disclosures permitted under subsection (b) of the Privacy Act, the NRC may disclose information contained in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected under the following routine uses:

    a. To provide statistical reports to the city, county, State, and Federal government agencies;

    b. To provide the basis for program approval and issue monthly subsides;

    c. A record from this system of records which indicates a violation of civil or criminal law, regulation or order may be referred as a routine use to a Federal, State, local or foreign agency that has authority to investigate, enforce, implement or prosecute such laws. Further, a record from this system of records may be disclosed for civil or criminal law or regulatory enforcement purposes to another agency in response to a written request from that agency's head or an official who has been delegated such authority;

    d. A record from this system of records may be disclosed as a routine use in the course of discovery; in presenting evidence to a court, magistrate, administrative tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative dispute resolution proceedings, such as arbitration or mediation; or in the course of settlement negotiations;

    e. A record from this system of records may be disclosed as a routine use to a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual;

    f. A record from this system of records may be disclosed as a routine use to NRC-paid experts or consultants, and those under contract with the NRC on a “need-to-know” basis for a purpose within the scope of the pertinent NRC task. This access will be granted to an NRC contractor or employee of such contractor by a system manager only after satisfactory justification has been provided to the system manager;

    g. A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed that there has been a breach of the system of records, (2) NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NRC efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

    h. A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when the NRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Records are maintained on electronic media.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Accessed by name and smart trip card.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Records are retained under the National Archives and Records Administration's General Records Schedule 2.4: Employee Compensation and Benefit Records, Item 130, Transportation subsidy program administrative records. Destroy when 3 years old, but longer retention is authorized if required for business use. Records are also retained under General Records Schedule 2.4, item 131, Transportation subsidy program individual case files. Destroy 2 years after employee participation concludes, but longer retention is authorized if required for business use.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    Computer files are maintained on a hard drive, access to which is password protected. Access to and use of these records is limited to those persons whose official duties require access.

    RECORD ACCESS PROCEDURES:

    Same as “Notification procedures.”

    CONTESTING RECORD PROCEDURES:

    Same as “Notification procedures.”

    NOTIFICATION PROCEDURES:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and comply with the procedures contained in NRC's Privacy Act regulations, 10 CFR part 9.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    None.

    SYSTEM NAME AND NUMBER:

    Radiation Exposure Information and Reporting System (REIRS) Records—NRC 27.

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    Primary system—Oak Ridge Associated Universities (ORAU), Oak Ridge, Tennessee (or current contractor facility).

    Duplicate system—Duplicate systems exist, in part, regarding employee exposure records, with the NRC's Radiation Safety Officers at Regional office locations listed in Addendum 1, Part 2, in the Office of Nuclear Reactor Regulations (NRR), the Office of Nuclear Material Safety and Safeguards (NMSS). The Office of Administration (ADM), NRC, One White Flint North, 11555 Rockville Pike, Rockville, Maryland, maintains the employee dosimeter tracking system.

    SYSTEM MANAGER(S):

    REIRS Project Manager, Radiation Protection Branch, Division of Systems Analysis, Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    5 U.S.C. 7902; 29 U.S.C. 668; 42 U.S.C. 2051, 2073, 2093, 2095, 2111, 2133, 2134, and 2201(o); 10 CFR parts 20 and 34; Executive Order (E.O.) 9397, as amended by E.O. 13478; E.O. 12196, as amended.

    PURPOSE(S) OF THE SYSTEM:

    REIRS serves as the central repository for all NRC radiation exposure monitoring records that are recorded and reported pursuant to part 20 of title 10 of the Code of Federal Regulations (10 CFR) and Regulatory Guide 8.7. This central repository is used for the oversight of radiation protection policies and practices at NRC-licensed facilities.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Individuals monitored for radiation exposure while employed by or visiting or temporarily assigned to certain NRC-licensed facilities; individuals who are exposed to radiation or radioactive materials in incidents required to be reported under 10 CFR 20.2201-20.2204 and 20.2206 by all NRC licensees; individuals who may have been exposed to radiation or radioactive materials offsite from a facility, plant installation, or other place of use of licensed materials, or in unrestricted areas, as a result of an incident involving byproduct, source, or special nuclear material.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    These records contain information relating to an individual's name, sex, social security number, birth date, place and period date of exposure; name and license number of individual's employer; name and number of licensees reporting the information; radiation doses or estimates of exposure received during this period, type of radiation, part(s) or organ(s) exposed, and radionuclide(s) involved.

    RECORD SOURCE CATEGORIES:

    Information in this system of records comes from licensees; the subject individual; the individual's employer; the person in charge of the facility where the individual has been assigned; NRC Form 5, “Occupational Exposure Record for a Monitoring Period,” or equivalent, contractor reports, and Radiation Safety Officers.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In addition to the other types of disclosures permitted under subsection (b) of the Privacy Act, the NRC may disclose information contained in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected under the following routine uses:

    a. To provide data to other Federal and State agencies involved in monitoring and/or evaluating radiation exposure received by individuals as enumerated in the paragraph “Categories of individuals covered by the system;”

    b. To return data provided by licensee upon request;

    c. A record from this system of records which indicates a violation of civil or criminal law, regulation or order may be referred as a routine use to a Federal, State, local or foreign agency that has authority to investigate, enforce, implement or prosecute such laws. Further, a record from this system of records may be disclosed for civil or criminal law or regulatory enforcement purposes to another agency in response to a written request from that agency's head or an official who has been delegated such authority;

    d. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency to obtain information relevant to an NRC decision concerning hiring or retaining an employee, letting a contract, or issuing a security clearance, license, grant or other benefit;

    e. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency requesting a record that is relevant and necessary to its decision on a matter of hiring or retaining an employee, issuing a security clearance, reporting an investigation of an employee, letting a contract, or issuing a license, grant, or other benefit;

    f. A record from this system of records may be disclosed as a routine use in the course of discovery; in presenting evidence to a court, magistrate, administrative tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative dispute resolution proceedings, such as arbitration or mediation; or in the course of settlement negotiations;

    g. A record from this system of records may be disclosed as a routine use to a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual;

    h. A record from this system of records may be disclosed as a routine use to NRC-paid experts or consultants, and those under contract with the NRC on a “need-to-know” basis for a purpose within the scope of the pertinent NRC task. This access will be granted to an NRC contractor or employee of such contractor by a system manager only after satisfactory justification has been provided to the system manager;

    i. A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed that there has been a breach of the system of records, (2) NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NRC efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

    j. A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when the NRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Records are maintained on paper and electronic media. The electronic records maintained in Oak Ridge, TN, are in a centralized database management system that is password protected. Backup tapes of the database are generated and maintained at a secure, off-site location for disaster recovery purposes. During the processing and data entry, paper records are temporarily stored in designated business offices that are locked when not in use and are accessible only to authorized personnel. Upon completion of data entry and processing, the paper records are stored in an offsite security storage facility accessible only to authorized personnel.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Records are accessed by individual name, social security number, date of birth, and/or by licensee name or number.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Records managed using REIRS are scheduled under NRC's NUREG-0910, Revision 4. Transfer a copy of REIRS data to the National Archives and Records Administration every 5 years (2.19.16). Retain Personnel monitoring reports and personnel overexposure reports entered into REIRS, Paper records, are retained under 2.19.14.a(1). Destroy 2 years after data are input into REIRS. ADAMS PDF files, TIFF files, ADAMS document profiles, and ADAMS digital signature and concurrence data are retained under 2.19.14.a(4) and are cut off at the end of the fiscal year and destroyed 2 years after cutoff. Personnel monitoring reports and personnel overexposure reports of which only selected data are entered into REIRS, records are retained under 2.19.14.b(1). Cut off at end of fiscal year. Transfer to National Archives and Records Administration (NARA) when 20 years old.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    Information maintained at ORAU is accessible by the Office of Nuclear Regulatory Research (RES) and individuals that have been authorized access by NRC, including all NRC Radiation Safety Officers and ORAU employees that are directly involved in the REIRS project. Reports received and reviewed by the NRC's RES, NRR, NMSS, and Regional offices are in lockable file cabinets and bookcases in secured buildings. A log is maintained of both telephone and written requests for information.

    The data maintained in the REIRS database are protected from unauthorized access by several means. The database server resides in a protected environment with physical security barriers under keycard access control. Accounts authorizing access to the server and databases are maintained by the ORAU REIRS system administrator. In addition, ORAU maintains a computer security “firewall” that further restricts access to the ORAU computer network. Authorization for access must be approved by NRC, ORAU project management, and ORAU computer security. Transmittal of data via the internet is protected by data encryption.

    RECORD ACCESS PROCEDURES:

    Same as “Notification procedures.”

    CONTESTING RECORD PROCEDURES:

    Same as “Notification procedures.”

    NOTIFICATION PROCEDURES:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and comply with the procedures contained in NRC's Privacy Act regulations, 10 CFR part 9.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    None.

    SYSTEM NAME AND NUMBER:

    Office of the Chief Financial Officer Financial Transactions and Debt Collection Management Records—NRC 32.

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    Office of the Chief Financial Officer, NRC, Two White Flint North, 11545 Rockville Pike, Rockville, Maryland. NRC has an interagency agreement with the U.S. Treasury, Administrative Resource Center (ARC), Parkersburg, WV, as a Federal service provider for transactional services in the NRC core financial system since March 2018.

    Other systems of records contain information that may duplicate some of the records in this system. These other systems include, but are not limited to:

    NRC-10, Freedom of Information Act (FOIA) and Privacy Act (PA) Request Records—NRC;

    NRC-18, Office of the Inspector General (OIG) Investigative Records—NRC;

    NRC-19, Official Personnel Training Records—NRC;

    NRC-21, Payroll Accounting Records—NRC;

    NRC-41, Tort Claims and Personal Property Claims Records—NRC; and

    GSA/GOVT-4, Contracted Travel Services Program (E-Travel).

    SYSTEM MANAGER:

    Comptroller, Division of the Comptroller, Office of the Chief Financial Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    5 U.S.C. 552a; 5 U.S.C. 5514; 15 U.S.C. 1681; 26 U.S.C. 6103; 31 U.S.C. chapter 37; 31 U.S.C. 6501-6508; 42 U.S.C. 2201; 42 U.S.C. 5841; 31 CFR 900-904; 10 CFR parts 15, 16, 170, 171; Executive Order (E.O.) 9397, as amended by E.O. 13478; and E.O. 12731.

    PURPOSE(S) OF THE SYSTEM:

    Financial Transactions and Debt Collection

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Individuals covered are those to who the NRC owes/owed money, those who receive/received a payment from NRC, and those who owe/owed money to the United States. Individuals receiving payments include, but are not limited to, current and former employees, contractors, consultants, vendors, and others who travel or perform certain services for NRC. Individuals owing money include, but are not limited to, those who have received goods or services from NRC for which there is a charge or fee (NRC licensees, applicants for NRC licenses, Freedom of Information Act requesters, etc.) and those who have been overpaid and owe NRC a refund (current and former employees, contractors, consultants, vendors, etc.).

    CATEGORIES OF RECORDS IN THE SYSTEM:

    Information in the system includes, but is not limited to, names, addresses, telephone numbers, Social Security Numbers (SSN), employee identification number (EIN), Taxpayer Identification Numbers (TIN), Individual Taxpayer Identification Numbers (ITIN), Data Universal Numbering System (DUNS) number, fee categories, application and license numbers, contract numbers, vendor numbers, amounts owed, background and supporting documentation, correspondence concerning claims and debts, credit reports, and billing and payment histories. The overall agency accounting system contains data and information integrating accounting functions such as general ledger, funds control, travel, accounts receivable, accounts payable, property, and appropriation of funds. Although this system of records contains information on corporations and other business entities, only those records that contain information about individuals that is retrieved by the individual's name or other personal identifier are subject to the Privacy Act.

    RECORD SOURCE CATEGORIES:

    Record source categories include, but are not limited to, individuals covered by the system, their attorneys, or other representatives; NRC; collection agencies or contractors; employing agencies of debtors; and Federal, State, and local agencies.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In accordance with an interagency agreement, the NRC may disclose records to Treasury ARC as a Federal service provider for transactional services in the NRC core financial system. In addition to the other types of disclosures permitted under subsection (b) of the Privacy Act, the NRC may disclose information contained in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected under the following routine uses or, where determined to be appropriate and necessary, the NRC may authorize Treasury ARC to make the disclosure:

    a. To debt collection contractors (31 U.S.C. 3718) or to other Federal agencies such as the Department of the Treasury (Treasury) and Department of Interior (DOI) for the purpose of collecting and reporting on delinquent debts as authorized by the Debt Collection Act of 1982 or the Debt Collection Improvement Act (DCIA) of 1996 and the Digital Accountability and Transparency Act (DATA) of 2014;

    b. To Treasury; the Defense Manpower Data Center, Department of Defense; the United States Postal Service; government corporations; or any other Federal, State, or local agency to conduct an authorized computer matching program in compliance with the Privacy Act of 1974, as amended, to identify and locate individuals, including Federal employees, who are delinquent in their repayment of certain debts owed to the U.S. Government, including those incurred under certain programs or services administered by the NRC, in order to collect debts under common law or under the provisions of the Debt Collection Act of 1982 or the Debt Collection Improvement Act of 1996 and DATA of 2014 which include by voluntary repayment, administrative or salary offset, and referral to debt collection contractors;

    c. To the Department of Justice, United States Attorney Treasury ARC, or other Federal agencies for further collection action on any delinquent account when circumstances warrant;

    d. To credit reporting agencies/credit bureaus for the purpose of either adding to a credit history file or obtaining a credit history file or comparable credit information for use in the administration of debt collection. As authorized by the DCIA, NRC may report current (not delinquent) as well as delinquent consumer and commercial debt to these entities in order to aid in the collection of debts, typically by providing an incentive to the person to repay the debt timely;

    e. To any Federal agency where the debtor is employed or receiving some form of remuneration for the purpose of enabling that agency to collect a debt owed the Federal Government on NRC's behalf by counseling the debtor for voluntary repayment or by initiating administrative or salary offset procedures, or other authorized debt collection methods under the provisions of the Debt Collection Act of 1982 or the DCIA of 1996. Under the DCIA, NRC may garnish non-Federal wages of certain delinquent debtors so long as required due process procedures are followed. In these instances, NRC's notice to the employer will disclose only the information that may be necessary for the employer to comply with the withholding order;

    f. To the Internal Revenue Service (IRS) by computer matching to obtain the mailing address of a taxpayer for the purpose of locating such taxpayer to collect or to compromise a Federal claim by NRC against the taxpayer under 26 U.S.C. 6103(m)(2) and under 31 U.S.C. 3711, 3717, and 3718 or common law. Re-disclosure of a mailing address obtained from the IRS may be made only for debt collection purposes, including to a debt collection agent to facilitate the collection or compromise of a Federal claim under the Debt Collection Act of 1982 or the DCIA of 1996, except that re-disclosure of a mailing address to a reporting agency is for the limited purpose of obtaining a credit report on the particular taxpayer. Any mailing address information obtained from the IRS will not be used or shared for any other NRC purpose or disclosed by NRC to another Federal, State, or local agency which seeks to locate the same taxpayer for its own debt collection purposes;

    g. To refer legally enforceable debts to the IRS or to Treasury's Debt Management Services to be offset against the debtor's tax refunds under the Federal Tax Refund Offset Program;

    h. To prepare W-2, 1099, or other forms or electronic submittals, to forward to the IRS and applicable State and local governments for tax reporting purposes. Under the provisions of the DCIA, NRC is permitted to provide Treasury with Form 1099-C information on discharged debts so that Treasury may file the form on NRC's behalf with the IRS. W-2 and 1099 Forms contain information on items to be considered as income to an individual, including certain travel related payments to employees, payments made to persons not treated as employees ( e.g., fees to consultants and experts), and amounts written-off as legally or administratively uncollectible, in whole or in part;

    i. To banks enrolled in the Treasury Credit Card Network to collect a payment or debt when the individual has given his or her credit card number for this purpose;

    j. To another Federal agency that has asked the NRC to effect an administrative offset under common law or under 31 U.S.C. 3716 to help collect a debt owed the United States. Disclosure under this routine use is limited to name, address, SSN, EIN, TIN, ITIN, and other information necessary to identify the individual; information about the money payable to or held for the individual; and other information concerning the administrative offset;

    k. To Treasury or other Federal agencies with whom NRC has entered into an agreement establishing the terms and conditions for debt collection cross servicing operations on behalf of the NRC to satisfy, in whole or in part, debts owed to the U.S. Government. Cross servicing includes the possible use of all debt collection tools such as administrative offset, tax refund offset, referral to debt collection contractors, salary offset, administrative wage garnishment, and referral to the Department of Justice. The DCIA of 2014 requires agencies to transfer to Treasury or Treasury-designated Debt Collection Centers for cross servicing certain nontax debt over 120 days delinquent. Treasury has the authority to act in the Federal Government's best interest to service, collect, compromise, suspend, or terminate collection action under existing laws under which the debts arise;

    l. Information on past due, legally enforceable nontax debts more than 120 days delinquent will be referred to Treasury for the purpose of locating the debtor and/or effecting administrative offset against monies payable by the Government to the debtor, or held by the Government for the debtor under the DCIA's mandatory, Government-wide Treasury Offset Program (TOP). Under TOP, Treasury maintains a database of all qualified delinquent nontax debts and works with agencies to match by computer their payments against the delinquent debtor database in order to divert payments to pay the delinquent debt. Treasury has the authority to waive the computer matching requirement for NRC and other agencies upon written certification that administrative due process notice requirements have been complied with;

    m. For debt collection purposes, NRC may publish or otherwise publicly disseminate information regarding the identity of delinquent nontax debtors and the existence of the nontax debts under the provisions of the DCIA of 1996;

    n. To the Department of Labor (DOL) and the Department of Health and Human Services (HHS) to conduct an authorized computer matching program in compliance with the Privacy Act of 1974, as amended, to match NRC's debtor records with records of DOL and HHS to obtain names, name controls, names of employers, addresses, dates of birth, and TINs. The DCIA requires all Federal agencies to obtain taxpayer identification numbers from each individual or entity doing business with the agency, including applicants and recipients of licenses, grants, or benefit payments; contractors; and entities and individuals owing fines, fees, or penalties to the agency. NRC will use TINs in collecting and reporting any delinquent amounts resulting from the activity and in making payments;

    o. If NRC decides or is required to sell a delinquent nontax debt under 31 U.S.C. 3711(I), information in this system of records may be disclosed to purchasers, potential purchasers, and contractors engaged to assist in the sale or to obtain information necessary for potential purchasers to formulate bids and information necessary for purchasers to pursue collection remedies;

    p. If NRC has current and delinquent collateralized nontax debts under 31 U.S.C. 3711(i)(4)(A), certain information in this system of records on its portfolio of loans, notes and guarantees, and other collateralized debts will be reported to Congress based on standards developed by the Office of Management and Budget, in consultation with Treasury;

    q. To Treasury in order to request a payment to individuals owed money by the NRC;

    r. To the National Archives and Records Administration or to the General Services Administration for records management inspections conducted under 44 U.S.C. 2904 and 2906;

    s. A record from this system of records which indicates a violation of civil or criminal law, regulation or order may be referred as a routine use to a Federal, State, local or foreign agency that has authority to investigate, enforce, implement or prosecute such laws. Further, a record from this system of records may be disclosed for civil or criminal law or regulatory enforcement purposes to another agency in response to a written request from that agency's head or an official who has been delegated such authority;

    t. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency to obtain information relevant to an NRC decision concerning hiring or retaining an employee, letting a contract, or issuing a security clearance, license, grant or other benefit;

    u. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency requesting a record that is relevant and necessary to its decision on a matter of hiring or retaining an employee, issuing a security clearance, reporting an investigation of an employee, letting a contract, or issuing a license, grant, or other benefit;

    v. A record from this system of records may be disclosed as a routine use in the course of discovery; in presenting evidence to a court, magistrate, administrative tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative dispute resolution proceedings, such as arbitration or mediation; or in the course of settlement negotiations;

    w. A record from this system of records may be disclosed as a routine use to a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual;

    x. A record from this system of records may be disclosed as a routine use to NRC-paid experts or consultants, and those under contract with the NRC on a “need-to-know” basis for a purpose within the scope of the pertinent NRC task. This access will be granted to an NRC contractor or employee of such contractor by a system manager only after satisfactory justification has been provided to the system manager;

    y. A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed that there has been a breach of the system of records, (2) NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NRC efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

    z. A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when the NRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Information in this system is stored on paper, microfiche, and electronic media.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Automated information can be retrieved by name, SSN, TIN, DUNS number, license or application number, contract or purchase order number, invoice number, voucher number, and/or vendor code. Paper records are retrieved by invoice number.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Records are retained under the National Archives and Records Administration's General Records Schedule 1.1: Financial Management and Reporting Records, Item 010, Financial transaction records related to procuring goods and services, paying bills, collecting debts, and accounting as the Official record held in the office of record. Destroy 6 years after final payment or cancellation, but longer retention is authorized if needed for business use. Records related to Administrative claims by or against the United States are retained under General Records Schedule 1.1: Financial Management and Reporting Records, item 080. Destroy 7 years after final action, but longer retention is authorized if required for business use. Records used to calculate payroll, arrange paycheck deposit, and change previously issued paychecks are scheduled under General Records Schedule 2.4: Employee Compensation and Benefits Records, item 010. Destroy 3 years after paying agency or payroll processor validates data, but longer retention is authorized if required for business use.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    Records in the primary system are maintained in a building where access is controlled by a security guard force. Records are kept in lockable file rooms or at user's workstations in an area where access is controlled by keycard and is limited to NRC and contractor personnel who need the records to perform their official duties. The records are under visual control during duty hours. Access to automated data requires use of proper password and user identification codes by NRC or contractor personnel.

    RECORDS ACCESS PROCEDURES:

    Same as “Notification procedures.”

    CONTESTING RECORD PROCEDURES:

    Same as “Notification procedures.”

    NOTIFICATION PROCEDURES:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and comply with the procedures contained in NRC's Privacy Act regulations, 10 CFR part 9.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    None.

    DISCLOSURES TO CONSUMER REPORTING AGENCIES:

    Disclosures Pursuant to 5 U.S.C. 552a(b)(12): Disclosures of information to a consumer reporting agency are not considered a routine use of records. Disclosures may be made from this system to “consumer reporting agencies” as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966, as amended (31 U.S.C. 3701(a)(3)).

    SYSTEM NAME AND NUMBER:

    Special Inquiry Records—NRC 33.

    SECURITY CLASSIFICATION:

    Classified and Unclassified.

    SYSTEM LOCATION:

    Primary system—Special Inquiry Group, NRC, One White Flint North, 11555 Rockville Pike, Rockville, Maryland.

    Duplicate system—Duplicate systems exist, in whole or in part, at the locations listed in Addendum I, Parts 1 and 2.

    SYSTEM MANAGER(S):

    Records Manager—, Special Inquiry Group, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    42 U.S.C. 2051, 2052, 2201(c), (i) and (o).

    PURPOSE(S) OF THE SYSTEM:

    Investigation material for potential or actual concerns in connection with investigations of accidents or incidents at nuclear power plants or other nuclear facility, nuclear materials or an allegation regarding public health and safety.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Individuals possessing information regarding or having knowledge of matters of potential or actual concern to the Commission in connection with the investigation of an accident or incident at a nuclear power plant or other nuclear facility, or an incident involving nuclear materials or an allegation regarding the public health and safety related to the NRC's mission responsibilities.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    The system consists of an alphabetical index file bearing individual names. The index provides access to associated records which are arranged by subject matter, title, or identifying number(s) and/or letter(s). The system incorporates the records of all Commission correspondence, memoranda, audit reports and data, interviews, questionnaires, legal papers, exhibits, investigative reports and data, and other material relating to or developed as a result of the inquiry, study, or investigation of an accident or incident.

    RECORD SOURCE CATEGORIES:

    The information in this system of records is obtained from sources including, but not limited to, NRC officials and employees; Federal, State, local, and foreign agencies; NRC licensees; nuclear reactor vendors and architectural engineering firms; other organizations or persons knowledgeable about the incident or activity under investigation; and relevant NRC records.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In addition to the other types of disclosures permitted under subsection (b) of the Privacy Act, the NRC may disclose information contained in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected under the following routine uses:

    a. To provide information relating to an item which has been referred to the Commission or Special Inquiry Group for investigation by an agency, group, organization, or individual and may be disclosed as a routine use to notify the referring agency, group, organization, or individual of the status of the matter or of any decision or determination that has been made;

    b. To disclose a record as a routine use to a foreign country under an international treaty or convention entered into and ratified by the United States;

    c. To provide records relating to the integrity and efficiency of the Commission's operations and management and may be disseminated outside the Commission as part of the Commission's responsibility to inform the Congress and the public about Commission operations;

    d. A record from this system of records which indicates a violation of civil or criminal law, regulation or order may be referred as a routine use to a Federal, State, local or foreign agency that has authority to investigate, enforce, implement or prosecute such laws. Further, a record from this system of records may be disclosed for civil or criminal law or regulatory enforcement purposes to another agency in response to a written request from that agency's head or an official who has been delegated such authority;

    e. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency to obtain information relevant to an NRC decision concerning hiring or retaining an employee, letting a contract, or issuing a security clearance, license, grant or other benefit;

    f. A record from this system of records may be disclosed as a routine use in the course of discovery; in presenting evidence to a court, magistrate, administrative tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative dispute resolution proceedings, such as arbitration or mediation; or in the course of settlement negotiations;

    g. A record from this system of records may be disclosed as a routine use to a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual;

    h. A record from this system of records may be disclosed as a routine use to NRC-paid experts or consultants, and those under contract with the NRC on a “need-to-know” basis for a purpose within the scope of the pertinent NRC task. This access will be granted to an NRC contractor or employee of such contractor by a system manager only after satisfactory justification has been provided to the system manager;

    i. A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed that there has been a breach of the system of records, (2) NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NRC efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

    j. A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when the NRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Records are maintained on paper in file folders and electronic media. Documents are maintained in secured vault facilities.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Accessed by name (author or recipient), corporate source, title of document, subject matter, or other identifying document or control number.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Permanent Records retained as General Program Correspondence Files (Subject Files) at the Office Director Level are scheduled under NUREG 0910 rev 4—2.18.5.a(1). Cut off at close of fiscal year. Transfer to the National Archives and Records Administration when 20 years old. Permanent Nuclear Power Plant Docket Files are scheduled under NUREG 0910 Rev 4—2.18.11.a(1). Cut off files upon license termination following completion of decommissioning procedure. Closing date is the termination date following completion of decommissioning procedure. Transfer to the National Archives and Records Administration 20 years after termination of license.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    These records are located in locking filing cabinets or safes in a secured facility and are available only to authorized personnel whose duties require access.

    RECORD ACCESS PROCEDURES:

    Same as “Notification procedures.” Information classified under Executive Order 12958 will not be disclosed. Information received in confidence will not be disclosed to the extent that disclosure would reveal a confidential source.

    CONTESTING RECORD PROCEDURES:

    Same as “Notification procedures.”

    NOTIFICATION PROCEDURES:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and comply with the procedures contained in NRC's Privacy Act regulations, 10 CFR part 9.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    Pursuant to 5 U.S.C. 552a(k)(1), (k)(2), and (k)(5), the Commission has exempted portions of this system of records from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f).

    SYSTEM NAME AND NUMBER:

    Drug Testing Program Records—NRC 35.

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    Primary system—Division of Facilities and Security, Office of Administration, NRC, Two White Flint North, 11545 Rockville Pike, Rockville, Maryland.

    Duplicate system—Duplicate systems exist in part at the NRC Regional office locations listed in Addendum I, Part 2 (for a temporary period of time); and at the current contractor testing laboratories, collection/evaluation facilities.

    SYSTEM MANAGER(S):

    Director, Division of Facilities and Security, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    5 U.S.C 7301; 5 U.S.C. 7361-7363; 42 U.S.C. 2165; 42 U.S.C. 290dd; Executive Order (E.O.) 12564; 9397, as amended by E.O. 13478.

    PURPOSE(S) OF THE SYSTEM:

    This record system will maintain information gathered by and in the possession of NRC Drug Testing Program, used in verifying positive test results for illegal use of controlled substance, as well as collecting and maintaining evidence of possession, distribution, or trafficking of controlled substances.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    NRC employees, applicants, consultants, licensees, and contractors.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    These records contain information regarding the drug testing program; requests for and results of initial, confirmatory and follow-up testing, if appropriate; additional information supplied by NRC employees, employment applicants, consultants, licensees, or contractors in challenge to positive test results; and written statements or medical evaluations of attending physicians and/or information regarding prescription or nonprescription drugs.

    RECORD SOURCE CATEGORIES:

    NRC employees, employment applicants, consultants, licensees, and contractors who have been identified for drug testing who have been tested; physicians making statements regarding medical evaluations and/or authorized prescriptions for drugs; NRC contractors for processing including, but not limited to, specimen collection, laboratories for analysis, and medical evaluations; and NRC staff administering the drug testing program to ensure the achievement of a drug-free workplace.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In addition to the other types of disclosures permitted under subsection (b) of the Privacy Act, the NRC may disclose information contained in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected under the following routine uses:

    a. To identify substance abusers within the agency;

    b. To initiate counseling and/or rehabilitation programs;

    c. To take personnel actions;

    d. To take personnel security actions;

    e. For statistical reporting purposes. Statistical reporting will not include personally identifiable information;

    f. A record from this system of records may be disclosed as a routine use to NRC-paid experts or consultants, and those under contract with the NRC on a “need-to-know” basis for a purpose within the scope of the pertinent NRC task. This access will be granted to an NRC contractor or employee of such contractor by a system manager only after satisfactory justification has been provided to the system manager;

    g. A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed that there has been a breach of the system of records, (2) NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NRC efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

    h. A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when the NRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Records are maintained on paper and electronic media. Specimens are maintained in appropriate environments.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Records are indexed and accessed by name, social security number, testing position number, specimen number, drug testing laboratory accession number, or a combination thereof.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Employee drug test plans, procedures, and scheduling records are retained under the National Archives and Records Administration's General Records Schedule 2.7: Employee Health and Safety Records, item 100. Destroy when 3 years old or when superseded or obsolete. Employee drug test acknowledgement of notice forms are retained under General Records Schedule 2.7, item 110. Destroy when employee separates from testing-designated position. Employee drug testing specimen records are retained under General Records Schedule 2.7, item 120. Destroy 3 years after date of last entry or when 3 years old, whichever is later. Employee drug test results (Positive Results) are retained under General Records Schedule 2.7, item 130. Destroy when employee leaves agency or when 3 years old, whichever is later. Employee drug test results (Negative results) are retained under General Records Schedule 2.7, item 131. Destroy when 3 years old.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    Records in use are protected to ensure that access is limited to those persons whose official duties require such access. Unattended records are maintained in NRC-controlled space in locked offices, locked desk drawers, or locked file cabinets. Stand-alone and network processing systems are password protected and removable media is stored in locked offices, locked desk drawers, or locked file cabinets when unattended. Network processing systems have roles and responsibilities protection and system security plans. Records at laboratory, collection, and evaluation facilities are stored with appropriate security measures to control and limit access to those persons whose official duties require such access.

    RECORD ACCESS PROCEDURES:

    Same as “Notification procedures.”

    CONTESTING RECORD PROCEDURES:

    Same as “Notification procedures.”

    NOTIFICATION PROCEDURES:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and comply with the procedures contained in NRC's Privacy Act regulations, 10 CFR part 9.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    Pursuant to 5 U.S.C. 552a(k)(5), the Commission has exempted portions of this system of records from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f).

    SYSTEM NAME AND NUMBER:

    Employee Locator Records—NRC 36.

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    Primary system—Part 1: For Headquarters personnel: Office of Chief Human Capital Officer, NRC, Two White Flint North, 11545 Rockville Pike, Rockville, Maryland. For Regional personnel: Regional Offices I-IV at the locations listed in Addendum 1, Part 2.

    Part 2: Operations Division, Office of the Chief Information Officer, NRC, Two White Flint North, 11545 Rockville Pike, Rockville, Maryland.

    Part 3: Division of Administrative Services, Office of Administration, NRC, One White Flint North, 11555 Rockville Pike, Rockville, Maryland.

    Duplicate system—Duplicate systems exist, in part, for Incident Response Operations within the Office of Nuclear Security and Incident Response, NRC, Two White Flint North, 11545 Rockville Pike, Rockville, Maryland, and at the NRC's Regional Offices, at the locations listed in Addendum I, Part 2.

    Duplicate system—Duplicate systems may exist, in part, within the organization where an individual actually works, at the locations listed in Addendum I, Parts 1 and 2.

    SYSTEM MANAGER(S):

    Part 1: For Headquarters personnel: Associate Director for Human Resources Operations and Policy, Office of the Chief Human Capital Officer, U.S. Nuclear Regulatory Commission (NRC), Washington, DC 20555-0001; and for Regional personnel: Regional Personnel Officer at the Regional Offices listed in Addendum I, Part 2; Part 2: IT Specialist, Network/Infrastructure Services Branch, IT Services Development & Operations Division, Office of the Chief Information Officer, NRC, Washington, DC 20555-0001; Part 3: Mail Services Team Leader, Administrative Services Center, Division of Administrative Services, Office of Administration, NRC, Washington, DC 20555-0001.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    44 U.S.C. 3101, 3301; Executive Order (E.O.) 9397, as amended by E.O. 13478; and E.O. 12656.

    PURPOSE(S) OF THE SYSTEM:

    The purpose of this system is for NRC employees and contractor's accountability, to support NRC emergency response, and to contact designated persons in the event of an emergency.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    NRC employees and contractors.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    These records include, but are not limited to, an individual's name, home address, office organization and location (building, room number, mail stop), telephone number (home, business, and cell), person to be notified in case of emergency (name, address, telephone number), and other related records.

    RECORD SOURCE CATEGORIES:

    Individual on whom the record is maintained; Employee Express; Enterprise Identity Hub (EIH), and other related records.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In addition to the other types of disclosures permitted under subsection (b) of the Privacy Act, the NRC may disclose information contained in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected under the following routine uses:

    a. To contact the subject individual's designated emergency contact in the case of an emergency;

    b. To contact the subject individual regarding matters of official business;

    c. To maintain the agency telephone directory (accessible from www.nrc.gov);

    d. For internal agency mail services;

    e. A record from this system of records which indicates a violation of civil or criminal law, regulation or order may be referred as a routine use to a Federal, State, local or foreign agency that has authority to investigate, enforce, implement or prosecute such laws. Further, a record from this system of records may be disclosed for civil or criminal law or regulatory enforcement purposes to another agency in response to a written request from that agency's head or an official who has been delegated such authority;

    f. A record from this system of records may be disclosed as a routine use to NRC-paid experts or consultants, and those under contract with the NRC on a “need-to-know” basis for a purpose within the scope of the pertinent NRC task. This access will be granted to an NRC contractor or employee of such contractor by a system manager only after satisfactory justification has been provided to the system manager;

    g. A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed that there has been a breach of the system of records, (2) NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NRC efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

    h. A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when the NRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Electronic media.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Information is accessed by name.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Mail, printing, and telecommunication service control records are retained under the National Archives and Records Administration's General Records Schedule 5.5: Mail, Printing, and Telecommunications Service Management Records, item 020. Destroy when 1 year old or when superseded or obsolete, whichever is applicable, but longer retention is authorized if required for business use. Custom/client records are retained under General Records Schedule 6.5: Public Customer Service Records, item 020. Destroy when superseded, obsolete, or when customer requests the agency to remove the records.

    Administrative records maintained in any agency office are retained under General Records Schedule 5.1: Common Office Records, item 010. Destroy when business use ceases.

    Employee emergency contact information records are retained under the National Archives General Records Schedule 5.3 item 020. Destroy when superseded or obsolete, or upon separation or transfer of employee. These records are used to account for and maintain communication with personnel during emergencies, office dismissal, and closure situations.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    Electronic records are password protected. Access to and use of these records is limited to those persons whose official duties require such access.

    RECORD ACCESS PROCEDURES:

    Same as “Notification procedures.”

    CONTESTING RECORD PROCEDURES:

    Same as “Notification procedures.”

    NOTIFICATION PROCEDURES:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and comply with the procedures contained in NRC's Privacy Act regulations, 10 CFR part 9.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    None.

    SYSTEM NAME AND NUMBER:

    Information Security Files and Associated Records—NRC 37.

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    Division of Security Operations, Office of Nuclear Security and Incident Response, NRC, One White Flint North, 11555 Rockville Pike, Rockville, Maryland.

    SYSTEM MANAGER(S):

    Director, Division of Security Operations, Office of Nuclear Security and Incident Response, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    42 U.S.C. 2161-2169 and 2201(i); Executive Order 13526; 10 CFR part 95.

    PURPOSE(S) OF THE SYSTEM:

    Keep track of NRC employees, contractors, consultants, licensees, and other cleared persons who have been granted classification authority.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Individuals include present and former NRC employees, contractors, consultants, licensees, and other cleared persons.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    These records include information regarding:

    a. Personnel who are authorized access to specified levels, categories and types of information, the approving authority, and related documents; and

    b. Names of individuals who classify and/or declassify documents ( e.g., for the protection of Classified National Security Information and Restricted Data).

    RECORD SOURCE CATEGORIES:

    NRC employees, contractors, consultants, and licensees.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In addition to the other types of disclosures permitted under subsection (b) of the Privacy Act, the NRC may disclose information contained in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected under the following routine uses:

    a. To prepare statistical reports for the Information Security Oversight Office;

    b. A record from this system of records which indicates a violation of civil or criminal law, regulation or order may be referred as a routine use to a Federal, State, local or foreign agency that has authority to investigate, enforce, implement or prosecute such laws. Further, a record from this system of records may be disclosed for civil or criminal law or regulatory enforcement purposes to another agency in response to a written request from that agency's head or an official who has been delegated such authority;

    c. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency to obtain information relevant to an NRC decision concerning hiring or retaining an employee, letting a contract, or issuing a security clearance, license, grant or other benefit;

    d. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency requesting a record that is relevant and necessary to its decision on a matter of hiring or retaining an employee, issuing a security clearance, reporting an investigation of an employee, letting a contract, or issuing a license, grant, or other benefit;

    e. A record from this system of records may be disclosed as a routine use in the course of discovery; in presenting evidence to a court, magistrate, administrative tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative dispute resolution proceedings, such as arbitration or mediation; or in the course of settlement negotiations;

    f. A record from this system of records may be disclosed as a routine use to a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual;

    g. A record from this system of records may be disclosed as a routine use to NRC-paid experts or consultants, and those under contract with the NRC on a “need-to-know” basis for a purpose within the scope of the pertinent NRC task. This access will be granted to an NRC contractor or employee of such contractor by a system manager only after satisfactory justification has been provided to the system manager;

    h. A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed that there has been a breach of the system of records, (2) NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NRC efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

    i. A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when the NRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Records are maintained on electronic media.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Accessed by name and/or assigned number.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Records are retained under the National Archives and Records Administration's, General Records Schedule 4.2: Information Access and Protection Records. FOIA, Privacy Act, and classified administrative records are retained under General Records Schedule 4.2, item 001. Destroy when 3 years old, but longer retention is authorized if needed for business use. Information access and protection tracking and control records are retained under General Records Schedule 4.2, item 030. Destroy 2 years after last form entry, reply, or submission; or when associated documents are declassified or destroyed; or when authorization expires; whichever is appropriate. Longer retention is authorized if required for business use. Access control records are retained under General Records Schedule 4.2, item 031. Destroy when superseded or obsolete, but longer retention is authorized if required for business use. Accounting for and control of access to classified and controlled unclassified records and records requested under FOIA, PA and MDR are retained under General Records Schedule 4.2, item 040. Destroy or delete 5 years after date of last entry, final adjudication by courts, or final action by agency (such as downgrading, transfer or destruction of related classified documents, or release of information from controlled unclassified status), as may apply, whichever is later; but longer retention is authorized if required for business use.

    Classified information nondisclosure agreements which are maintained separately from the individual's official personnel folder are retained under the National Archives and Records Administration's General Records Schedule 4.2 item 121. Destroy records when 50 years old.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    Information maintained in locked buildings, containers, or security areas under guard and/or alarm protection, as appropriate. Records are processed only on systems approved for processing classified information or accessible through password protected systems for unclassified information. The classified systems are stand-alone systems located within secure facilities or with removable hard drives that are either stored in locked security containers or in alarmed vaults cleared for open storage of TOP SECRET information.

    CONTESTING RECORD PROCEDURE:

    Same as “Notification procedures.”

    RECORD ACCESS PROCEDURE:

    Same as “Notification procedures.” Some information is classified under Executive Order 13526 and will not be disclosed. Other information has been received in confidence and will not be disclosed to the extent that disclosure would reveal a confidential source.

    NOTIFICATION PROCEDURE:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and comply with the procedures contained in NRC's Privacy Act regulations, 10 CFR part 9.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    Pursuant to 5 U.S.C. 552a(k)(1) and (k)(5), the Commission has exempted portions of this system of records from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4), (G), (H), and (I), and (f).

    SYSTEM NAME AND NUMBER:

    Mailing Lists—NRC 38.

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    Primary system—Digital Communications & Administrative Services Branch, Division of Facilities and Securities, Office of Administration, NRC, 11545 Rockville Pike, Rockville, Maryland.

    Duplicate system—Duplicate systems exist in whole or in part at the locations listed in Addendum I, Parts 1 and 2.

    SYSTEM MANAGER(S):

    Digital Communications & Administrative Services Branch, Division of Facilities and Securities, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    44 U.S.C. 3101, 3301.

    PURPOSE(S) OF THE SYSTEM:

    The system is maintained for the purpose of mailing informational literature or responses to those who request it; maintaining lists of individuals who attend meetings; and for other purposes for which mailing or contact lists may be created.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Individuals, including NRC staff, with an interest in receiving information from the NRC.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    Mailing lists include an individual's name and address; and title, occupation, and institutional affiliation, when applicable.

    RECORD SOURCE CATEGORIES:

    NRC staff, NRC licensees, and individuals expressing an interest in NRC activities and publications.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In addition to the other types of disclosures permitted under subsection (b) of the Privacy Act, the NRC may disclose information contained in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected under the following routine uses:

    a. A record from this system of records may be disclosed as a routine use for distribution of documents to persons and organizations listed on the mailing list;

    b. A record from this system of records may be disclosed as a routine use to NRC-paid experts or consultants, and those under contract with the NRC on a “need-to-know” basis for a purpose within the scope of the pertinent NRC task. This access will be granted to an NRC contractor or employee of such contractor by a system manager only after satisfactory justification has been provided to the system manager;

    c. A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed that there has been a breach of the system of records, (2) NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NRC efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

    d. A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when the NRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Records maintained on paper, and electronic media.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Records are accessed by company name, individual name, or file code identification number.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Customer/client records are retained under the National Archives and Records Administration's General Records Schedule 6.5: Public Customer Service Records, Item 020. Delete when superseded, obsolete, or when customer requests the agency to remove the records.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    Access to and use of these records is limited to those persons whose official duties require such access.

    RECORD ACCESS PROCEDURES:

    Same as “Notification procedures.”

    CONTESTING RECORD PROCEDURES:

    Same as “Notification procedures.”

    NOTIFICATION PROCEDURES:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and comply with the procedures contained in NRC's Privacy Act regulations, 10 CFR part 9.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    None.

    SYSTEM NAME AND NUMBER:

    Personnel Security Files and Associated Records—NRC 39.

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    Division of Facilities and Security, Office of Administration, NRC, Two White Flint North, Rockville, Maryland.

    SYSTEM MANAGER(S):

    Director, Division of Facilities and Security, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    42 U.S.C. 2011 et seq.;42 U.S.C. 2165, 2201(i), 2201a, and 2284; 42 U.S.C. 5801 et seq.; Executive Order (E.O.) 9397, as amended by E.O. 13478; E.O. 10450, as amended; E.O. 10865, as amended; E.O. 13467; E.O. 13526; E.O. 13587; 10 CFR parts 10, 11, 14, 25, 50, 73, 95; OMB Circular No. A-130, Revised; 5 CFR parts 731, 732, and authorities cited therein.

    PURPOSE(S) OF THE SYSTEM:

    This record system will maintain information gathered by and in the possession of the NRC Division of Facilities and Security to maintain the NRC's Personnel Security and Insider Threat programs.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Persons including NRC employees, employment applicants, consultants, contractors, and licensees; other Government agency personnel, other persons who have been considered for an access authorization, special nuclear material access authorization, unescorted access to NRC buildings or nuclear power plants, NRC building access, access to Federal automated information systems or data, or participants in the criminal history program; aliens who visit NRC's facilities; and actual or suspected violators of laws administered by NRC.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    These records contain information about individuals, which includes, but is not limited to, their name(s), address, date and place of birth, social security number, identifying information, citizenship, residence history, employment history, military history, financial history, foreign travel, foreign contacts, education, spouse/cohabitant and relatives, personal references, organizational membership, medical, fingerprints, criminal record, and security clearance history. These records also contain copies of personnel security investigative reports from other Federal agencies, summaries of investigative reports, results of Federal agency indices and database checks, records necessary for participation in the criminal history program, reports of personnel security interviews, clearance actions information ( e.g., grants and terminations), access approval/disapproval actions related to NRC building access or unescorted access to nuclear plants, or access to Federal automated information systems or data, violations of laws, reports of security infraction, insider threat program inquiry records including analysis, results, referrals, and/or mitigation actions, and other related personnel security processing documents.

    RECORD SOURCE CATEGORIES:

    NRC applicants, employees, contractors, consultants, licensees, visitors and others, as well as information furnished by other Government agencies or their contractors.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    Information in these records may be used by the Division of Facilities and Security and on a need-to-know basis by appropriate NRC officials, Hearing Examiners, Personnel Security Review Panel members, Office of Personnel Management, Central Intelligence Agency, Office of the Director of National intelligence, and other Federal agencies under the following routine uses:

    a. To determine clearance or access authorization eligibility;

    b. To determine eligibility for access to NRC buildings or access to Federal automated information systems or data;

    c. To certify clearance or access authorization;

    d. To maintain the NRC personnel security program, including the Insider Threat Program;

    e. To provide licensees information needed for unescorted access or access to safeguards information determinations;

    f. A record from this system of records which indicates a violation of civil or criminal law, regulation or order may be referred as a routine use to a Federal, State, local or foreign agency that has authority to investigate, enforce, implement or prosecute such laws. Further, a record from this system of records may be disclosed for civil or criminal law or regulatory enforcement purposes to another agency in response to a written request from that agency's head or an official who has been delegated such authority;

    g. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency to obtain information relevant to an NRC decision concerning hiring or retaining an employee, letting a contract, or issuing a security clearance, license, grant or other benefit;

    h. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency requesting a record that is relevant and necessary to its decision on a matter of hiring or retaining an employee, issuing a security clearance, reporting an investigation of an employee, letting a contract, or issuing a license, grant, or other benefit;

    i. A record from this system of records may be disclosed as a routine use in the course of discovery; in presenting evidence to a court, magistrate, administrative tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative dispute resolution proceedings, such as arbitration or mediation; or in the course of settlement negotiations;

    j. A record from this system of records may be disclosed as a routine use to a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual;

    k. A record from this system of records may be disclosed as a routine use to NRC-paid experts or consultants, and those under contract with the NRC on a “need-to-know” basis for a purpose within the scope of the pertinent NRC task. This access will be granted to an NRC contractor or employee of such contractor by a system manager only after satisfactory justification has been provided to the system manager;

    l. A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed that there has been a breach of the system of records, (2) NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NRC efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

    m. A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when the NRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Records maintained on paper, tapes, and electronic media.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Indexed and accessed by name, social security number, docket number, or a combination thereof.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Security administrative records are retained under the National Archives and Records Administration's General Records Schedule 5.6: Security Records, Item 010. Destroy when 3 years old, but longer retention is authorized if required for business use. Visitor processing records in areas requiring highest level security awareness are retained under General Records Schedule 5.6, item 110. Destroy when 5 years old, but longer retention is authorized if required for business use. Visitor processing records in all other facility security areas are retained under General Records Schedule 5.6, item 111. Destroy when 2 years old, but longer retention is authorized if required for business use. Personnel security and access clearance records of people issued clearances are retained under General Records Schedule 5.6, item 181. Destroy 5 years after employee or contractor relationship ends, but longer retention is authorized if required for business use. Indexes to the personnel security case files are retained according to General Records Schedule 5.6 item 190 and destroyed when superseded or obsolete.

    Insider threat inquiry records are retained according to General Records Schedule 5.6 item 220 and destroyed 25 years after close of inquiry, but longer retention is authorized if required for business use.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    Records in use are protected to ensure that access is limited to those persons whose official duties require such access. Unattended records are maintained in NRC-controlled space in locked offices, locked desk drawers, or locked file cabinets. Mass storage of records is protected when unattended by a combination lock and alarm system. Unattended classified records are protected in appropriate security containers in accordance with Management Directive 12.1.

    NOTIFICATION PROCEDURE:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and comply with the procedures contained in NRC's Privacy Act regulations, 10 CFR part 9.

    RECORD ACCESS PROCEDURE:

    Same as “Notification procedures.” Some information is classified under Executive Order 12958 and will not be disclosed. Other information has been received in confidence and will not be disclosed to the extent the disclosure would reveal a confidential source.

    CONTESTING RECORD PROCEDURE:

    Same as “Notification procedures.”

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    Pursuant to 5 U.S.C. 552a(k)(1), (k)(2), and (k)(5), the Commission has exempted portions of this system of records from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f).

    SYSTEM NAME AND NUMBER:

    Facility Security Access Control Records—NRC 40.

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    Primary system—Division of Facilities and Security, Office of Administration, NRC, Two White Flint North, 11545 Rockville Pike, Rockville, Maryland.

    Duplicate system—Duplicate systems exist in part at NRC Regional Offices and the NRC Technical Training Center at the locations listed in Addendum I, Part 2.

    SYSTEM MANAGER(S):

    Director, Division of Facilities and Security, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    42 U.S.C. 2165-2169 and 2201; Executive Order (E.O.) 9397, as amended by E.O. 13478; E.O. 13462, as amended by E.O. 13516.

    PURPOSE(S) OF THE SYSTEM:

    Tracking issued NRC personal identification badges issued for access to NRC-controlled space and approved visitors to the NRC.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Current and former NRC employees, consultants, contractors, other Government agency personnel, and approved visitors.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    The system includes information regarding: (1) NRC personal identification badges issued for continued access to NRC-controlled space; and (2) records regarding visitors to NRC. The records include, but are not limited to, an individual's name, social security number, electronic image, badge number, citizenship, employer, purpose of visit, person visited, date and time of visit, and other information contained on Government issued credentials.

    RECORD SOURCE CATEGORIES:

    Sources of information include NRC employees, contractors, consultants, employees of other Government agencies, and visitors.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In addition to the other types of disclosures permitted under subsection (b) of the Privacy Act, the NRC may disclose information contained in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected under the following routine uses:

    a. To control access to NRC classified information and to NRC spaces by human or electronic means;

    b. Information (identification badge) may also be used for tracking applications within the NRC for other than security access purposes;

    c. The electronic image used for the NRC employee personal identification badge may be used for other than security purposes only with the written consent of the subject individual;

    d. A record from this system of records which indicates a violation of civil or criminal law, regulation or order may be referred as a routine use to a Federal, State, local or foreign agency that has authority to investigate, enforce, implement or prosecute such laws. Further, a record from this system of records may be disclosed for civil or criminal law or regulatory enforcement purposes to another agency in response to a written request from that agency's head or an official who has been delegated such authority;

    e. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency to obtain information relevant to an NRC decision concerning hiring or retaining an employee, letting a contract, or issuing a security clearance, license, grant or other benefit;

    f. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency requesting a record that is relevant and necessary to its decision on a matter of hiring or retaining an employee, issuing a security clearance, reporting an investigation of an employee, letting a contract, or issuing a license, grant, or other benefit;

    g. A record from this system of records may be disclosed as a routine use in the course of discovery; in presenting evidence to a court, magistrate, administrative tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative dispute resolution proceedings, such as arbitration or mediation; or in the course of settlement negotiations;

    h. A record from this system of records may be disclosed as a routine use to a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual;

    i. A record from this system of records may be disclosed as a routine use to NRC-paid experts or consultants, and those under contract with the NRC on a “need-to-know” basis for a purpose within the scope of the pertinent NRC task. This access will be granted to an NRC contractor or employee of such contractor by a system manager only after satisfactory justification has been provided to the system manager;

    j. A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed that there has been a breach of the system of records, (2) NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NRC efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

    k. A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when the NRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Records are maintained on paper and electronic media.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Information is indexed and accessed by individual's name, social security number, identification badge number, employer's name, date of visit, or sponsor's name.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    The National Archives and Records Administration's General Records Schedule 5.6 includes Security Records. Visitor processing records in areas requiring highest level security awareness, including areas designated by the interagency Security Committee as Facility Security Level V, are retained according to General Records Schedule 5.6, item 110. Destroy when 5 years old, but longer retention is authorized if required for business use. Visitor processing records in facility security areas not requiring highest level security awareness, including areas designated by the interagency Security Committee as Facility Security Levels I through IV, are retained under General Records Schedule 5.6, item 111. Destroy when 2 years old, but longer retention is authorized if required for business use. Indexes to personnel security case files are retained under General Records Schedule 5.6, item 190. Destroy when superseded or obsolete. Records of routine security operations are retained under General Records Schedule 5.6, item 090. Destroy when 30 days old, but longer retention is authorized if required for business use. Personal identification credentials and cards, including application and activation records, are retained according to General Records Schedule 5.6, item 120. Destroy 6 years after the end of an employee or contractor's tenure, but longer retention is authorized if required for business use. Personal identification cards are retained according to General Records Schedule 5.6 item 121 and destroyed after expiration, confiscation, or return. Personnel suitability and eligibility investigative reports are retained according to General Records Schedule 5.6, item 170. Destroy in accordance with the investigating agency instruction. Reports and records created by agencies conducting investigations under delegated investigative authority are retained according to General Records Schedule 5.6, item 171. Destroy in accordance with delegated authority agreement or memorandum of understanding.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    All records are maintained in NRC-controlled space that is secured after normal duty hours or a security area under guard presence in a locked security container/vault. There is an approved security plan which identifies the physical protective measures and access controls ( i.e., passwords and software design limiting access based on each individual's role and responsibilities relative to the system) specific to each system.

    RECORD ACCESS PROCEDURES:

    Same as “Notification procedures.”

    CONTESTING RECORD PROCEDURES:

    Same as “Notification procedures.”

    NOTIFICATION PROCEDURES:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and comply with the procedures contained in NRC's Privacy Act regulations, 10 CFR part 9.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    None.

    SYSTEM NAME AND NUMBER:

    Tort Claims and Personal Property Claims Records—NRC 41.

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    Primary system—Office of the General Counsel, NRC, One White Flint North, 11555 Rockville Pike, Rockville, Maryland.

    Duplicate system—Duplicate systems exist, in whole or in part, in the Office of the Chief Financial Officer, NRC, Two White Flint North, 11545 Rockville Pike, Rockville, Maryland, and at the locations listed in Addendum I, Parts 1 and 2. Other NRC systems of records, including but not limited to, NRC-18, “Office of the Inspector General (OIG) Investigative Records—NRC and Defense Nuclear Facilities Safety Board (DNFSB), ” and NRC-32, “Office of the Chief Financial Officer Financial Transactions and Debt Collection Management Records—NRC,” may contain some of the information in this system of records.

    SYSTEM MANAGER:

    Assistant General Counsel for Labor, Employment and Contract Law, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    Federal Tort Claims Act, 28 U.S.C. 2671 et seq.; Military Personnel and Civilian Employees' Claims Act, 31 U.S.C. 3721; 44 U.S.C. 3101.

    PURPOSE(S) OF THE SYSTEM:

    Claims with the NRC under the Federal Tort Claims Act or the Military Personnel and Civilian Employees' Claims Act.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Individuals who have filed claims with NRC under the Federal Tort Claims Act or the Military Personnel and Civilian Employees' Claims Act and individuals who have matters pending before the NRC that may result in a claim being filed.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    This system contains information relating to loss or damage to property and/or personal injury or death in which the U.S. Government may be liable. This information includes, but is not limited to, the individual's name, home address and phone number, work address and phone number, driver's license number, claim forms and supporting documentation, police reports, witness statements, medical records, insurance information, investigative reports, repair/replacement receipts and estimates, litigation documents, court decisions, and other information necessary for the evaluation and settlement of claims.

    RECORD SOURCE CATEGORIES:

    Information is obtained from a number of sources, including but not limited to, claimants, NRC employees involved in the incident, witnesses or others having knowledge of the matter, police reports, medical reports, investigative reports, insurance companies, and attorneys.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In addition to the other types of disclosures permitted under subsection (b) of the Privacy Act, NRC may disclose information contained in a record in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected under the following routine uses:

    a. To third parties, including claimants' attorneys, insurance companies, witnesses, potential witnesses, local police authorities where an accident occurs, and others who may have knowledge of the matter to the extent necessary to obtain information that will be used to evaluate, settle, refer, pay, and/or adjudicate claims;

    b. To the Department of Justice (DOJ) when the matter comes within their jurisdiction, such as to coordinate litigation or when NRC's authority is limited, and DOJ advice or approval is required before NRC can award, adjust, compromise, or settle certain claims;

    c. To the appropriate Federal agency or agencies when a claim has been incorrectly filed with NRC or when more than one agency is involved, and NRC makes agreements with the other agencies as to which one will investigate the claim;

    d. To the Department of the Treasury to request payment of an award, compromise, or settlement of a claim;

    e. Information contained in litigation records is public to the extent that the documents have been filed in a court or public administrative proceeding, unless the court or other adjudicative body has ordered otherwise. This public information, including information concerning the nature, status, and disposition of the proceeding, may be disclosed to any person, unless it is determined that release of specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy;

    f. To the National Archives and Records Administration or to the General Services Administration for records management inspections conducted under 44 U.S.C. 2904 and 2906;

    g. A record from this system of records which indicates a violation of civil or criminal law, regulation or order may be referred as a routine use to a Federal, State, local or foreign agency that has authority to investigate, enforce, implement or prosecute such laws. Further, a record from this system of records may be disclosed for civil or criminal law or regulatory enforcement purposes to another agency in response to a written request from that agency's head or an official who has been delegated such authority;

    h. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency to obtain information relevant to an NRC decision concerning hiring or retaining an employee, letting a contract, or issuing a security clearance, license, grant or other benefit;

    i. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency requesting a record that is relevant and necessary to its decision on a matter of hiring or retaining an employee, issuing a security clearance, reporting an investigation of an employee, letting a contract, or issuing a license, grant, or other benefit;

    j. A record from this system of records may be disclosed as a routine use in the course of discovery; in presenting evidence to a court, magistrate, administrative tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative dispute resolution proceedings, such as arbitration or mediation; or in the course of settlement negotiations;

    k. A record from this system of records may be disclosed as a routine use to a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual;

    l. A record from this system of records may be disclosed as a routine use to NRC-paid experts or consultants, and those under contract with the NRC on a “need-to-know” basis for a purpose within the scope of the pertinent NRC task. This access will be granted to an NRC contractor or employee of such contractor by a system manager only after satisfactory justification has been provided to the system manager;

    m. A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed that there has been a breach of the system of records, (2) NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NRC efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

    n. A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when the NRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Information in this system of records is stored on paper and computer media.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Information is indexed and accessed by the claimant's name.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Records will be retained under the National Archives and Records Administration's General Records Schedules and the NRC NUREG 0910 Revision 4.

    Financial transaction records related to procuring goods and services, paying bills, collecting debts, and accounting, are retained according to General Records Schedule 1.1: Financial Management and Reporting Records, item 010 (“Official record held in the office of record”). Financial transaction records are destroyed 6 years after final payment or cancellation, but longer retention is authorized if required for business use. Since the General Records Schedule (GRS) allows for longer retention, NRC chooses to retain records for 7 years as required for its business use, before destruction. Administrative claims by or against the United States are retained according to General Records Schedule 1.1, item 080. Administrative claims records are destroyed 7 years after final action, but longer retention is authorized if required for business use. Litigation Case Files, are retained according to NRC's NUREG 0910, Revision 4, Part 2.12.7.a. Closed files are retired 7 years after cases are closed and transferred to the National Archives and Records Administration 20 years after cases are closed. ADAMS PDF files and TIFF files are cutoff when case is closed and transferred to the National Archives 20 years after case is closed.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    The paper records are stored in locked file cabinets and access is restricted to those agency personnel whose official duties and responsibilities require access. Automated records are protected by password.

    RECORD ACCESS PROCEDURES:

    Same as “Notification procedures.”

    CONTESTING RECORD PROCEDURES:

    Same as “Notification procedures.”

    NOTIFICATION PROCEDURES:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and comply with the procedures contained in NRC's Privacy Act regulations, 10 CFR part 9.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    None.

    DISCLOSURE TO CONSUMER REPORTING AGENCIES:

    Disclosure Pursuant to 5 U.S.C. 552a(b)(12): Disclosure of information to a consumer reporting agency is not considered a routine use of records. Disclosures may be made from this system of records to “consumer reporting agencies” as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966, as amended (31 U.S.C. 3701(a)(3)).

    SYSTEM NAME AND NUMBER:

    Employee Health Center Records—NRC 43.

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    Primary system—Employee Health Center, NRC, One White Flint North, 11555 Rockville Pike, Rockville, Maryland.

    Duplicate system—Duplicate systems exist, in part, at health care facilities operating under a contract or agreement with NRC for health-related services in the vicinity of each of NRC's Regional offices listed in Addendum I, Part 2. NRC's Regional offices may also maintain copies of occupational health records for their employees.

    This system may contain some of the information maintained in other systems of records, including NRC-11, “Reasonable Accommodation Records—NRC,” NRC-44, “Employee Fitness Center Records—NRC, and DOL/GOVT-1 “Office of Worker's Compensation Programs, Federal Employee's Compensation Act File.”

    SYSTEM MANGERS(S):

    Technical Assistance Project Manager, Office of the Chief Human Capital Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    5 U.S.C. 7901; Executive Order 9397, as amended by E.O. 13478.

    PURPOSE(S) OF THE SYSTEM:

    Maintaining health records for current and former NRC employees, consultants, contractors, other Government personnel, and anyone who may require emergency or first-aid treatment on NRC premises.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Current and former NRC employees, consultants, contractors, other Government personnel, and anyone on NRC premises who requires emergency or first-aid treatment.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    This system is comprised of records developed as a result of voluntary employee use of health services provided by the Health Center, and of emergency health services rendered by Health Center staff to individuals for injuries and illnesses suffered while on NRC premises. Specific information maintained on individuals may include, but is not limited to, their name, date of birth, and social security number; medical history and other biographical data; test reports and medical diagnoses based on employee health maintenance physical examinations or health screening programs (tests for single medical conditions or diseases); history of complaint, diagnosis, and treatment of injuries and illness rendered by the Health Center staff; immunization records; records of administration by Health Center staff of medications prescribed by personal physicians; medical consultation records; statistical records; daily log of patients; and medical documentation such as personal physician correspondence, test results submitted to the Health Center staff by the employee; and occupational health records. This system does not maintain records that are a result of a condition of employment, records and reports generated in relation to a Workers' Compensation claim, or records resulting from participation in an agency-sponsored health and wellness program. Such records are maintained in the government-wide system of records notice “OPM/GOVT-10 Employee Medical File System Records.”

    RECORD SOURCE CATEGORIES:

    Information in this system of records is obtained from a number of sources including, but not limited to, the individual to whom it pertains; laboratory reports and test results; NRC Health Center physicians, nurses, and other medical technicians or personnel who have examined, tested, or treated the individual; the individual's coworkers or supervisors; other systems of records; the individual's personal physician(s); NRC Fitness Center staff; other Federal agencies; and other Federal employee health units.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In addition to the other types of disclosures permitted under subsection (b) of the Privacy Act, the NRC may disclose information contained in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected under the following routine uses:

    a. To refer information required by applicable law to be disclosed to a Federal, State, or local public health service agency concerning individuals who have contracted certain communicable diseases or conditions in an effort to prevent further outbreak of the disease or condition;

    b. To disclose information to the appropriate Federal, State, or local agency responsible for investigation of an accident, disease, medical condition, or injury as required by pertinent legal authority;

    c. To disclose information to the Office of Workers' Compensation Programs in connection with a claim for benefits filed by an employee;

    d. To Health Center staff and medical personnel under a contract or agreement with NRC who need the information in order to schedule, conduct, evaluate, or follow up on physical examinations, tests, emergency treatments, or other medical and health care services;

    e. To refer information to private physicians designated by the individual when requested in writing;

    f. To the National Archives and Records Administration or to the General Services Administration for records management inspections conducted under 44 U.S.C. 2904 and 2906;

    g. A record from this system of records which indicates a violation of civil or criminal law, regulation or order may be referred as a routine use to a Federal, State, local or foreign agency that has authority to investigate, enforce, implement or prosecute such laws. Further, a record from this system of records may be disclosed for civil or criminal law or regulatory enforcement purposes to another agency in response to a written request from that agency's head or an official who has been delegated such authority;

    h. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency to obtain information relevant to an NRC decision concerning hiring or retaining an employee, letting a contract, or issuing a security clearance, license, grant or other benefit;

    i. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency requesting a record that is relevant and necessary to its decision on a matter of hiring or retaining an employee, issuing a security clearance, reporting an investigation of an employee, letting a contract, or issuing a license, grant, or other benefit;

    j. A record from this system of records may be disclosed as a routine use in the course of discovery; in presenting evidence to a court, magistrate, administrative tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative dispute resolution proceedings, such as arbitration or mediation; or in the course of settlement negotiations;

    k. A record from this system of records may be disclosed as a routine use to a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual;

    l. A record from this system of records may be disclosed as a routine use to NRC-paid experts or consultants, and those under contract with the NRC on a “need-to-know” basis for a purpose within the scope of the pertinent NRC task. This access will be granted to an NRC contractor or employee of such contractor by a system manager only after satisfactory justification has been provided to the system manager;

    m. A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed that there has been a breach of the system of records, (2) NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NRC efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

    n. A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when the NRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Records are stored in file folders, on electronic media, and on file cards, logs, x-rays, and other medical reports and forms.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Records are retrieved by the individual's name, date of birth, and social security number, or any combination of those identifiers.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Clinic Scheduling Records are retained under the National Archives and Records Administration's General Records Schedule 2.7: Employee Health and Safety Records, item 010. Destroy when 3 years old, but longer retention is authorized if required for business use. Short-term occupational individual medical case files are retained under General Records Schedule 2.7, item 061. Destroy 1 year after employee separation or transfer. Individual employee health case files created prior to establishment of the Employee Medical File system in 1986 are retained under General Records Schedule 2.7, item 062. Destroy 60 years after retirement to the NARA records storage facility. Non- occupational individual medical case files are retained under General Records Schedule 2.7, item 070. Destroy 10 years after the most recent encounter, but longer retention is authorized if needed for business use.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    Records in the primary system are maintained in a building where access is controlled by a security guard force and entry to each floor is controlled by keycard. Records in the system are maintained in lockable file cabinets with access limited to agency or contractor personnel whose duties require access. The records are under visual control during duty hours. Access to automated data requires use of proper password and user identification codes by authorized personnel.

    RECORD ACCESS PROCEDURES:

    Same as “Notification procedures.”

    CONTESTING RECORD PROCEDURES:

    Same as “Notification procedures.”

    NOTIFICATION PROCEDURES:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001; comply with the procedures contained in NRC's Privacy Act regulations, 10 CFR part 9; and provide their full name, any former name(s), date of birth, and Social Security number.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    None.

    SYSTEM NAME AND NUMBER:

    Employee Fitness Center Records—NRC 44.

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    Primary system—Fitness Center, NRC, Two White Flint North, 11545 Rockville Pike, Rockville, Maryland.

    SYSTEM MANAGER(S):

    Office of Chief Human Capital Officer Contracting Officer Representative, Office of the Chief Human Capital Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    5 U.S.C. 7901; Executive Order (E.O.) 9397, as amended by E.O. 13478.

    PURPOSE(S) OF THE SYSTEM:

    Maintaining membership for the NRC Fitness Center.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    NRC employees who apply for membership at the Fitness Center, including current and former members.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    The system includes applications to participate in NRC's Fitness Center, information on an individual's degree of physical fitness and their fitness activities and goals; and various forms, memoranda, and correspondence related to Fitness Facilities membership and financial/payment matters. Specific information contained in the application for membership includes the employee applicant's name, gender, age, badge id, height, weight, and medical information, including a history of certain medical conditions; the name of the individual's personal physician and any prescription or over-the-counter drugs taken on a regular basis; and the name and address of a person to be notified in case of emergency.

    RECORD SOURCE CATEGORIES:

    Information in this system of records is principally obtained from the subject individual. Other sources of information include, but are not limited to, the NRC Fitness Center Director, staff physicians retained by the NRC, and the individual's personal physicians.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In addition to the other types of disclosures permitted under subsection (b) of the Privacy Act, the NRC may disclose information contained in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected under the following routine uses:

    a. To the individual listed as an emergency contact, in the event of an emergency;

    b. To the National Archives and Records Administration or to the General Services Administration for records management inspections conducted under 44 U.S.C. 2904 or 2906;

    c. A record from this system of records which indicates a violation of civil or criminal law, regulation or order may be referred as a routine use to a Federal, State, local or foreign agency that has authority to investigate, enforce, implement or prosecute such laws. Further, a record from this system of records may be disclosed for civil or criminal law or regulatory enforcement purposes to another agency in response to a written request from that agency's head or an official who has been delegated such authority;

    d. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency to obtain information relevant to an NRC decision concerning hiring or retaining an employee, letting a contract, or issuing a security clearance, license, grant or other benefit;

    e. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency requesting a record that is relevant and necessary to its decision on a matter of hiring or retaining an employee, issuing a security clearance, reporting an investigation of an employee, letting a contract, or issuing a license, grant, or other benefit;

    f. A record from this system of records may be disclosed as a routine use in the course of discovery; in presenting evidence to a court, magistrate, administrative tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative dispute resolution proceedings, such as arbitration or mediation; or in the course of settlement negotiations;

    g. A record from this system of records may be disclosed as a routine use to a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual;

    h. A record from this system of records may be disclosed as a routine use to NRC-paid experts or consultants, and those under contract with the NRC on a “need-to-know” basis for a purpose within the scope of the pertinent NRC task. This access will be granted to an NRC contractor or employee of such contractor by a system manager only after satisfactory justification has been provided to the system manager;

    i. A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed that there has been a breach of the system of records, (2) NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NRC efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

    j. A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when the NRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Records are maintained on paper and electronic media.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Information is indexed and accessed by an individual's name and/or NRC Badge ID number.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS

    Fitness Center records are retained according to the National Archives and Records Administration's General Records Schedule 2.7: Employee Health and Safety Records, item 080, Non-occupational health and wellness program records. Destroy 3 years after the project/activity or transaction is completed or superseded, but longer retention is authorized if needed for business use.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    Records are maintained in a building where access is controlled by a security guard force. Access to the Fitness Center is controlled by keycard and bar code verification. Records in paper form are stored alphabetically by individuals' names in lockable file cabinets maintained in the NRC where access to the records is limited to agency and Fitness Center personnel whose duties require access. The records are under visual control during duty hours. Automated records are protected by screen saver. Access to automated data requires use of proper password and user identification codes. Only authorized personnel have access to areas in which information is stored.

    RECORD ACCESS PROCEDURES:

    Same as “Notification procedures.”

    CONTESTING RECORD PROCEDURES:

    Same as “Notification procedures.”

    NOTIFICATION PROCEDURES:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and comply with the procedures contained in NRC's Privacy Act regulations, 10 CFR part 9.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    None.

    DISCLOSURES TO CONSUMER REPORTING AGENCIES:

    Disclosures Pursuant to 5 U.S.C. 552a(b)(12): Disclosures of information to a consumer reporting agency are not considered a routine use of records. Disclosures may be made from this system to “consumer reporting agencies” as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966, as amended (31 U.S.C. 3701(a)(3)).

    SYSTEM NAME AND NUMBER:

    Electronic Credentials for Personal Identity Verification—NRC 45.

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    Primary system—Office of the Chief Information Officer, NRC, White Flint North Complex, 11555 Rockville Pike, Rockville, Maryland, and current contractor facility.

    Duplicate system—Duplicate systems may exist, in whole or in part, at the locations listed in Addendum I, Part 2.

    SYSTEM MANAGER(S):

    Director, Solutions Development and Operations Division, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    5 U.S.C. 301; 42 U.S.C. 2165 and 2201(i); 44 U.S.C. 3501, 3504; Electronic Government Act of 2002, 44 U.S.C. chapter 36; Homeland Security Presidential Directive 12 (HSPD-12), Policy for a Common Identification Standard for Federal Employees and Contractors, August 27, 2004; Executive Order (E.O.) 9397, as amended by E.O. 13478.

    PURPOSE(S) OF THE SYSTEM:

    Track and control PIV cards issued to persons entering and exiting the NRC facilities or using NRC systems; and verify that all person entering federal facilities, using Federal information resources, are authorized to do so.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    Individuals covered are persons who have applied for the issuance of electronic credentials for signature, encryption, and/or authentication purposes; have had their credentials renewed, replaced, suspended, revoked, or denied; have used their credentials to electronically make contact with, retrieve information from, or submit information to an automated information system; or have corresponded with NRC or its contractor concerning digital services.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    The system contains information needed to establish and verify the identity of users, to maintain the system, and to establish accountability and audit controls. System records may include: (a) applications for the issuance, amendment, renewal, replacement, or revocation of electronic credentials, including evidence provided by applicants or proof of identity and authority, and sources used to verify an applicant's identity and authority; (b) credentials issued; (c) credentials denied, suspended, or revoked, including reasons for denial, suspension, or revocation; (d) a list of currently valid credentials; (e) a list of currently invalid credentials; (f) a record of validation transactions attempted with electronic credentials; and (g) a record of validation transactions completed with electronic credentials.

    RECORD SOURCE CATEGORIES:

    The sources for information are the individuals who apply for electronic credentials, the NRC and contractors using multiple sources to verify identities, and internal system transactions designed to gather and maintain data needed to manage and evaluate the electronic credentials program.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In addition to the disclosures permitted under subsection (b) of the Privacy Act, the NRC may disclose information contained in this system of records without the consent of the subject individual if the disclosure is compatible with the purpose for which the record was collected under the following routine uses:

    a. To agency electronic credential program contractors to compile and maintain documentation on applicants for verifying applicants' identity and authority to access information system applications; to establish and maintain documentation on information sources for verifying applicants' identities; to ensure proper management, data accuracy, and evaluation of the system;

    b. To Federal authorities to determine the validity of subscriber digital certificates and other identity attributes;

    c. To the National Archives and Records Administration (NARA) for records management purposes;

    d. To a public data repository ( only name, email address, organization, and public key) to facilitate secure communications using digital certificates;

    e. A record from this system of records which indicates a violation of civil or criminal law, regulation or order may be referred as a routine use to a Federal, State, local or foreign agency that has authority to investigate, enforce, implement or prosecute such laws. Further, a record from this system of records may be disclosed for civil or criminal law or regulatory enforcement purposes to another agency in response to a written request from that agency's head or an official who has been delegated such authority;

    f. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency to obtain information relevant to an NRC decision concerning hiring or retaining an employee, letting a contract, or issuing a security clearance, license, grant or other benefit;

    g. A record from this system of records may be disclosed as a routine use to a Federal, State, local, or foreign agency requesting a record that is relevant and necessary to its decision on a matter of hiring or retaining an employee, issuing a security clearance, reporting an investigation of an employee, letting a contract, or issuing a license, grant, or other benefit;

    h. A record from this system of records may be disclosed as a routine use in the course of discovery; in presenting evidence to a court, magistrate, administrative tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative dispute resolution proceedings, such as arbitration or mediation; or in the course of settlement negotiations;

    i. A record from this system of records may be disclosed as a routine use to a Congressional office from the record of an individual in response to an inquiry from the Congressional office made at the request of that individual;

    j. A record from this system of records may be disclosed as a routine use to NRC-paid experts or consultants, and those under contract with the NRC on a “need-to-know” basis for a purpose within the scope of the pertinent NRC task. This access will be granted to an NRC contractor or employee of such contractor by a system manager only after satisfactory justification has been provided to the system manager;

    k. A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed that there has been a breach of the system of records, (2) NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with NRC efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm; and

    l. A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when the NRC determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    Records are stored electronically or on paper.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Records are retrievable by an individual's name, email address, certificate status, certificate number or credential number, certificate issuance date, or approval role.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    Records are retained under the National Archives and Records Administration's, General Records Schedule 5.6: Security Records. Application and activation records for personal identification credentials and cards are retained under General Records Schedule 5.6, item 120. Destroy 6 years after the end of an employee or contractor's tenure, but longer retention is authorized if required for business use. Personnel identification cards are retained under General Records Schedule 5.6, item 121. Destroy after expiration, confiscation, or return. Local facility identification and card access records are retained under General Records Schedule 5.6, item 130. Destroy upon immediate collection once the temporary credential or card is returned for potential reissuance due to nearing expiration or not to exceed 6 months from time of issuance or when individual no longer requires access, whichever is sooner, but longer retention is authorized if required for business use.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    Technical, administrative, and personnel security measures are implemented to ensure confidentiality, integrity, and availability of the system data stored, processed, and transmitted. Hard copy documents are maintained in locking file cabinets. Electronic records are, at a minimum, password protected. Access to and use of these records is limited to those individuals whose official duties require access.

    RECORD ACCESS PROCEDURES:

    Same as “Notification procedures.”

    CONTESTING RECORD PROCEDURES:

    Same as “Notification procedures.”

    NOTIFICATION PROCEDURES:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and comply with the procedures contained in NRC's Privacy Act regulations, 10 CFR part 9.

    EXEMPTIONS CLAIMS FOR THE SYSTEM:

    None.

    DISCLOSURE TO CONSUMER REPORTING AGENCIES:

    Disclosure of system records to consumer reporting systems is not permitted.

    SYSTEM NAME AND NUMBER:

    Health Emergency Records—NRC 46.

    SECURITY CLASSIFICATION:

    Unclassified.

    SYSTEM LOCATION:

    Headquarters, 11555 Rockville Pike, Rockville, Maryland. Records may be maintained at all locations at which the NRC, or contractors on behalf of the NRC, operate or at which NRC operations are supported.

    SYSTEM MANAGER(S):

    Chief Human Capital Officer, Office of the Chief Human Capital Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

    AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

    Workforce safety Federal requirements, which include: the Occupational Safety and Health Act of 1970; Executive Order 12196; and 5 U.S.C. 7902, “Safety programs.” Federal laws that authorize the NRC to create and maintain Federal records of agency activities, which include: 44 U.S.C. 3101; the Religious Freedom Restoration Act of 1933, 42 U.S.C. chapter 21B; Title VII of the Civil Rights Act of 1964, as amended, 42 U.S.C. 2000e; and the Rehabilitation Act of 1973, as amended, 29 U.S.C. 701 et seq. Authorities addressing the federal government's preparation for, and response to, public health threats, including the PREVENT Pandemics Act, 42 U.S.C. 300hh-3; and Executive Order 13987, “Organizing and Mobilizing the United States Government to Provide a Unified and Effective Response to Combat COVID-19 and to Provide United States Leadership on Global Health and Security.”

    PURPOSE(S) OF THE SYSTEM:

    Maintaining records necessary and relevant to NRC activities responding to and mitigating high-consequence public health threats. Records may include, but are not limited to, those applicable health related records needed to understand the impact of an illness or disease on the NRC workforce or to assist the NRC in protecting its workforce from a declared public health emergency, pandemic, or other high-consequence public health threat, including records submitted by NRC personnel or by the lawful representative of such personnel.

    CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

    NRC's employees.

    CATEGORIES OF RECORDS IN THE SYSTEM:

    Records maintained in this system may include:

    A. Full name, NRC employee ID number; telephone number, worksite, email address, supervisor's name, address and contact information.

    C. Other information about the individual directly related to the disease or illness ( e.g., testing results/information, symptoms, treatments, source of exposure, or other applicable health related information).

    D. Appointment scheduling information, including the date, time, and location of a scheduled appointment.

    E. Medical screening information, including the individual's name, date of birth, age, category of employment, current medical status, related medical history, and any relevant medical history.

    RECORD SOURCE CATEGORIES:

    Records may be obtained from NRC employees or their representative who may provide relevant information on a suspected or confirmed disease or illness, or the prevention of such disease or illness, which is the subject of a high-consequence public health threat.

    ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:

    In addition to the other types of disclosures permitted under subsection (b) of the Privacy Act, the NRC may disclose information contained in this system of records without the consent of the persons or entities mentioned herein if the disclosure is compatible with the purpose for which the record was collected under the following routine uses:

    A. To appropriate medical facilities, or Federal, State, local, Tribal, territorial or foreign government agencies, to the extent permitted by law, for the purpose of protecting the vital interests of individual(s), including to assist the United States Government in responding to or mitigating high-consequence public health threats.

    B. To determine eligibility for access to NRC buildings, NRC licensee facilities or sites, or other Federal facilities.

    C. To provide licensees information needed for unescorted access or access to the licensee's facility(s).

    D. Where a record, either alone or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil, or regulatory in nature—the relevant records may be referred to the appropriate Federal, State, local, territorial, Tribal, or foreign law enforcement authority or other appropriate entity charged with the responsibility for investigating or prosecuting such violation or charged with enforcing or implementing such law.

    E. In an appropriate proceeding before a court, grand jury, or administrative or adjudicative body, when the NRC determines that the records are arguably relevant to its proceeding; or in an appropriate proceeding before an administrative or adjudicative body when the adjudicator determines the records to be relevant to the proceeding.

    F. To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the Federal Government, when necessary to accomplish an NRC function related to this system of records.

    G. A record on an employee from this system of records may be disclosed as a routine use to a Federal, State, local, territorial, Tribal, or foreign agency requesting a record that is relevant and necessary to its decision on a matter of hiring or retaining an employee, issuing a security clearance, reporting an investigation of that individual, letting a contract, or issuing a license, grant, or other benefit.

    H. A record on an employee from this system of records may be disclosed as a routine use to a Congressional office in response to an inquiry from the Congressional office made at the request of that individual.

    I. To the National Archives and Records Administration for purposes of records management inspections conducted under the authority of 44 U.S.C. 2904 and 2906.

    J. To appropriate agencies, entities, and persons when (1) the NRC suspects or has confirmed that there has been a breach of the system of records. (2) the NRC has determined that as a result of the suspected or confirmed breach there is a risk of harm to an individual(s), the NRC (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the NRC's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

    K. To another Federal agency or Federal entity, when the NRC determines that information from this system of records is necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach, or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

    L. To any agency, organization, or individual for the purpose of performing authorized audit or oversight operations of the NRC and meeting related reporting requirements.

    M. To such recipients and under such circumstances and procedures as are mandated by Federal statute or treaty.

    N. A record from this system of records may be disclosed as a routine use to NRC-paid experts or consultants, and those under contract with the NRC on a “need-to-know” basis for purpose within the scope of the pertinent NRC task. This access will be granted to an NRC contractor or employee of such contractor by a system manager only after satisfactory justification has been provided to the system manager.

    O. To a Federal agency employee, expert, consultant, or contractor in performing a Federal duty for purposes of authorizing, arranging, and/or claiming reimbursement for official travel, including, but not limited to, traveler profile information.

    POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

    All records in this system of records are maintained and in compliance with applicable executive orders, statutes, and agency implementing recommendations. Electronic records are stored in databases. Paper records are maintained in a secure, access-controlled room, with access limited to authorized personnel.

    POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

    Records will be retrieved by any of the categories of records, including name, location, date of applicable health information, or work status.

    POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

    To the extent applicable, to ensure compliance with Americans with Disabilities Act, the Rehabilitation Act, and the Genetic Information Nondiscrimination Act of 2008, medical information must be “maintained on separate forms and in separate medical files and be treated as a confidential medical record.” 42 U.S.C. 12112(d)(3)(B); 42 U.S.C. sec 2000ff-5(a); 29 CFR 1630.14(b)(1), (c)(1),(d)(4)(i); and 29 CFR 1635.9(a). This means that medical information and documents must be stored separately from other personnel records. As such, the NRC must keep medical records for at least 1 year from creation date. 29 CFR 1602.14. Further, records compiled under this system of records notice will be maintained in accordance with the National Archives and Records Administration General Records Schedule (GRS) 2.7, Employee Health and Safety Records, Items 010, 070, or 080 to the extent applicable.

    GRS 2.7 item 010 (DAA-GRS-2017-0010-0001)—Clinic scheduling records. Temporary. Destroy when 3 years old, but longer retention is authorized if needed for business use.

    GRS 2.7 item 070 (DAA-GRS-2017-0010-0012)—Non-occupational individual case files. Temporary. Destroy 10 years after the most recent encounter, but longer retention is authorized if needed for business use.

    GRS 2.7 item 080 (DAA-GRS-2017-0010-0013)—Non-occupational health and wellness program records. Temporary. Destroy 3 years after the project/activity/or transaction is completed or superseded, but longer retention is authorized if needed for business use.

    GRS 2.7 item 063 (DAA-GRS-2021-0003-0001)—Vaccination attestations and proof of vaccination records. Federal employees and contractors. Temporary. Destroy when 3 years old.

    GRS 2.7 item 064 (DAA-GRS-2021-0003-0002)—Vaccination attestations and proof of vaccination records. Visitors. Temporary. Destroy when 30 days old.

    ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

    The NRC safeguards records in this system according to applicable rules and polices, including all applicable NRC automated systems security and access policies. The NRC has imposed controls to minimize the risk of compromising the information that is being stored. Users of individual computers can only gain access to the data by valid user identification and password. Paper records are maintained in a secure, access-controlled room, with access limited to authorized personnel.

    RECORDS ACCESS PROCEDURES:

    Same as “Notification procedures.”

    CONTESTING RECORD PROCEDURES:

    Same as “Notification procedures.”

    NOTIFICATION PROCEDURES:

    Individuals seeking to determine whether this system of records contains information about them should write to the Freedom of Information Act Officer or Privacy Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and comply with procedures contained in NRC's Privacy Act regulations, 10 CFR part 9.

    EXEMPTIONS CLAIMED FOR THE SYSTEM:

    None.

    HISTORY:

    None.

    Addendum I—List of U.S. Nuclear Regulatory Commission Locations

    Part 1—NRC Headquarters Offices

    1. One White Flint North, 11555 Rockville Pike, Rockville, Maryland.

    2. Two White Flint North, 11545 Rockville Pike, Rockville, Maryland.

    3. Three White Flint North, 11601 Landsdown Street, North Bethesda, MD

    Part 2—NRC Regional Offices

    1. NRC Region I, 475 Allendale Road, Suite 102, King of Prussia, Pennsylvania.

    2. NRC Region II, Marquis One Tower, 245 Peachtree Center Avenue NE, Suite 1200, Atlanta, Georgia.

    3. NRC Region III, 2443 Warrenville Road, Suite 210, Lisle, Illinois.

    4. NRC Region IV, 1600 East Lamar Boulevard, Arlington, Texas.

    5. NRC Technical Training Center, Osborne Office Center, 5746 Marlin Road, Suite 200, Chattanooga, Tennessee.

    [FR Doc. 2024-15922 Filed 7-18-24; 8:45 am]

    BILLING CODE 7590-01-P

Document Information

Published:
07/19/2024
Department:
Nuclear Regulatory Commission
Entry Type:
Notice
Action:
Notice of modified systems of records; request for comment.
Document Number:
2024-15922
Dates:
Submit comments on revisions and changes by August 19, 2024. Comments received after this date will be considered if it is practical to do so, but the Commission is able to ensure consideration only for comments received before this date.
Pages:
58779-58802 (24 pages)
Docket Numbers:
NRC-2023-0168
PDF File:
2024-15922.pdf