2010-23320. Privacy Act Systems of Records  

  • Start Preamble

    AGENCY:

    Office of the Director of National Intelligence.

    ACTION:

    Final rule.

    SUMMARY:

    The Office of the Director of National Intelligence (ODNI) is issuing a final rule exempting fourteen (14) new systems of records from subsections (c)(3); (d)(1), (2), (3), (4); (e)(1) and (e)(4)(G), (H), (I); and (f) of the Privacy Act, pursuant to 5 U.S.C. 552a(k). The ODNI published a notice and a proposed rule implementing these exemptions on April 2, 2010. The enumerated exemptions will be invoked on a case-by-case basis, as necessary to preclude interference with investigatory, intelligence and counterterrorism functions and responsibilities of the ODNI. This document addresses comments received regarding the proposed rule as applied to the fourteen new systems of records.

    DATES:

    This final rule is effective September 20, 2010.

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Mr. John F. Hackett, Director, Information Management, 703-275-2215.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    Background

    On April 2, 2010, the Office of the Director of National Intelligence (ODNI) published notice of fourteen new Privacy Act systems of records: Manuscript, Presentation and Resume Review Records (ODNI-01), Executive Secretary Action Management System Records (ODNI-02), Public Affairs Office Records (ODNI-03), Office of Legislative Affairs Records (ODNI-04), ODNI Guest Speaker Records (ODNI-05), Office of General Counsel Records (ODNI-06), Analytic Resources Catalog (ODNI-07), Intelligence Community Customer Registry Records, (ODNI-09), EEO and Diversity Office Records (ODNI-10), Office of Protocol Records (ODNI-11), IC Security Clearance and Access Approval Repository (ODNI-12), Security Clearance Reform Research Records (ODNI-13), Civil Liberties and Privacy Office Complaint Records (ODNI-14), National Intelligence Council Consultation Records (ODNI-15). These systems of records contain records that range from Unclassified to Top Secret. Accordingly, in conjunction with publication of these systems notices, the ODNI initiated a rulemaking to exempt the systems, in relevant part, from various provisions of the Privacy Start Printed Page 57164Act (enumerated above), pursuant to exemption authority afforded the head of the agency by subsection (j) of the Privacy Act. The systems notices and proposed exemption rule are published at 75 FR 16853 and 16698.

    Public Comments

    The ODNI received comments on its proposed rule and notice of fourteen systems of records from the Electronic Privacy Information Center (EPIC). EPIC's concerns and ODNI's responses are set forth below. The full text of EPIC's comments are posted at that organization's Web site, http://www.EPIC.org. In general, EPIC questions the appropriateness of the ODNI's proposal on national security grounds to exempt these systems of records from various provisions of the Privacy Act that embody fundamental tenets of information privacy.

    In light of EPIC's comments, the ODNI re-examined the systems notices, the nature of the records maintained, and the exemptions proposed. ODNI is sensitive to EPIC's view that the fourteen new system notices on their face do not obviously implicate intelligence equities, including the counterterrorism mission of one of ODNI's major components, the National Counterterrorism Center (NCTC). However we conclude that EPIC has not considered the possible inclusion of classified records in these systems, which the exemptions invoked are intended to protect.

    ODNI has determined that the comments received do not warrant changing the proposed exemptions or systems notices prior to implementation. Read in conjunction with the ODNI's Exemption Policies, as set forth in section 1701.20 of the ODNI's Privacy Act Regulations, published at 32 CFR part 1701, the fourteen new systems notices reflect that ODNI seeks to serve, whenever feasible, the dual imperatives of maximizing individual record subjects' participation in maintenance of the records and of protecting important intelligence equities.

    Detailed Response

    EPIC's comments reflect concern about ODNI's action to exempt the new systems of records from the accounting, access, amendment, redress and accuracy provisions of the Privacy Act, as well as from the requirements to establish and make public the procedures by which individuals may seek access to records about themselves. EPIC observes that the referenced provisions of the Privacy Act fulfill the important objective of promoting accountability, responsibility, oversight and openness with respect to the federal government's maintenance of personal information. The ODNI also supports fair information principles and, as a matter of published policy, honors these principles to the full extent circumstances permit.

    ODNI maintains that its proposed rule is consistent with privacy principles for the following reasons:

    1. ODNI policy is to apply exemptions narrowly.

    EPIC's main concern is that ODNI will rely on the stated exemptions to exempt apparently non-sensitive records on a blanket basis, thus denying record subjects important provisions of the Privacy Act.

    On initial review, and as confirmed on re-examination, we have determined that these systems of records may contain sensitive records. Therefore, in practice, claiming the exemption is a prophylactic measure enabling the ODNI to protect intelligence equities (e.g., sources, methods, subjects of intelligence interest) when national security considerations dictate. However, record subjects will still be able to obtain access to non-sensitive records. Each published system notice expansively describes notification procedures, record access procedures, contesting record procedures and record source categories. In addition, each systems notice references the ODNI Privacy Act Regulation, which also fully describes these procedures. 32 CFR Part 1701.

    Published ODNI policy on exercising exemptions provides that an asserted exemption applies only to records that meet the exemption criteria, and that, even then, discretion is retained to supersede the exemption where complying with a request for access would not interfere with or adversely affect a counterterrorism or law enforcement interest, or otherwise violate applicable law.[1]

    The ODNI Office of Information Management (IM) conducts access/disclosure reviews under the Privacy Act and the Freedom of Information Act, as well as pre-publication review pursuant to IC elements' secrecy agreements. IM personnel are trained classification specialists who conduct detailed reviews to ensure record subject/requester access to information in accordance with this policy and fair information principles, to include an accounting of disclosures under subsection (c)(3).

    The systems notices, read in conjunction with the Privacy Act regulation, show that ODNI intends to provide record subjects access to records about them to the extent feasible on a case-by-case basis, and not to rely on a blanket assertion of an exemption to preclude access.

    2. Material may be classified for national security reasons pursuant to Executive Order.

    As noted, the fourteen new system notices potentially include records specifically authorized under criteria established by an Executive order to be kept secret in the interest of national defense or foreign policy or that are in fact properly classified pursuant to such Executive order. Such records are exempt from the operation of Section 552 of Title 5 of the United States Code, see 5 U.S.C. 552(b)(1), and subsection (k)(1) of the Privacy Act specifically contemplates exemption under this circumstance.

    EPIC cites the Public Affairs Office Records, the Executive Secretary Action Management System Records and the Civil Liberties and Privacy Office Complaint Records as examples of ODNI's excessive use of exemption authority. Our review has determined that each of these systems of records, as well as the other eleven, could contain classified records retrieved by a record subject's name or unique identifier.

    The exemption permits ODNI to protect access to the classified material and thereby prevent compromise of sensitive national security-related information. ODNI policy would be to provide the record subject access to the entirety of non-classified records (subject to the “mosaic” analysis),[2] as well as to portions of classified records that, upon line-by-line review, have been determined not to implicate national security interests.

    3. No per se exclusion from redress.

    EPIC comments that ODNI inappropriately seeks to bar record subjects from challenging denial of an access request. The Privacy Act, subsection (g)(1)(B), does not permit agencies to exempt themselves from access challenges; ODNI agrees that Start Printed Page 57165precluding individuals from challenging the basis of a denial to a request for access to information would violate information fairness principles. Subsection (g)(3)(A) of the Privacy Act provides for de novo review of such denial, including in camera examination of records to ensure consistency with the claimed basis for exemption from access, i.e., that the records reflect a national security interest subject to classification under Executive order, or that access would disclose to the subject the identity of a confidential source of information in the record (judgments contemplated by subsections (k)(1), (2) and (5) of the Act). ODNI does not seek to deny record subjects the basic right to challenge access determinations.

    However, EPIC's position that ODNI should afford redress for all amendment denials demands the impractical result of requiring the agency to permit “correction” of records to which it properly has denied the subject access based on expert judgments regarding national security or witness/source identification. This practice would afford individuals “back-door” access to records via amendment challenges. Accordingly, ODNI will narrowly construe the proposed exemption from redress to apply only to denials to amend exempt records (i.e., records that are classified, or determined to be not disclosable under other provisions of subsection (k)).

    4. ODNI does not use these systems of records for decision-making about record subjects.

    EPIC articulates a concern that subjects' inability to access and amend exempt records undermines the fundamental principle (under subsection (e)(5) of the Privacy Act) that records used in making agency determinations about record subjects must be sufficiently accurate, relevant, timely and complete to ensure fairness to the individual.

    ODNI does not in fact propose to exempt its fourteen new SORNs from the (e)(5) requirement. Indeed, subsection (k) of the Privacy Act does not permit exemption from subsection (e)(5).[3] Additionally, records maintained in these systems are not used in personalized agency determinations of the kind for which access and amendment rights are intended to ensure data accuracy and relevance. With the possible exception of the Civil Liberties and Privacy Office Complaint Records, the Equal Employment Opportunity and Diversity Office Records and the Office of General Counsel records, the recently published notices reflect agency internal administrative functions, but not activities “affecting the rights, benefits, entitlements or opportunities (including employment) of the individual).” [4] By and large, the systems at issue permit the agency to track communications and external relations using the record subjects' name as an easy “handle.” They are record-keeping files, not decision-making files. Where claims are involved (civil liberties/privacy, disability accommodations, or actions against the agency), it is the record subject who determines what facts to report in the first instance, obviating his/her need for a check on accuracy. Nonetheless, the claimant/litigant would receive all official administrative or court filings, and obtain access to other non-exempt records in the pertinent system.

    5. “Necessary and relevant” is a fluid standard, properly subject to exemption.

    The provision from which ODNI does seek exemption is (e)(1): “Maintain [in agency] records only such information about an individual as is relevant and necessary to accomplish a purpose of the agency required to be accomplished by statute or by executive order of the President.” The purposes which these systems serve are authorized by the National Security Act of 1947 as amended by the Intelligence Reform and Terrorism Prevention Act of 2004, and generally reflect routine agency functions. Because of the transactional nature of most of these systems, relevance is a function of happenstance, i.e., whatever communication is received or transmitted, and can not be determined once and for all time. The information collected will not likely be the same for every individual who is the subject of a record in the system. With respect to claims requiring investigation (e.g., Civil Liberties/Privacy complaints) relevance often can not be determined until all materials have been collected and analyzed. Moreover, because these systems of records generally are house-keeping-type files, and not likely to be disclosed outside the agency or serve for decision-making purposes, the importance of “relevance” as a data quality criterion is diminished.

    6. Exemptions do not curtail subjects' access to complaint status or disposition.

    EPIC is especially troubled by ODNI's proposal to exempt the Civil Liberties and Privacy Office Complaint Records (alleging violations of civil liberties or privacy arising from an ODNI or IC program or activity), and argues that:

    [A]n individual who submitted a complaint would not be able to view any records pertaining to his complaint, such as records of review, investigation, or acknowledgement or disposition of allegations received. A complainant would be left without any means to inquire about the status of his complaint or to help facilitate the resolution of his complaint.

    EPIC posits that, by virtue merely of their being maintained in the exempt system, all records would be shielded from the subject's access, including the agency's acknowledgment of receipt of the complaint and any disposition of the complaint. However, complainants routinely receive acknowledgement of receipt of their complaints, a copy of which is maintained as part of the complainants' official records in the noticed Privacy Act system of records. Similarly, complainants receive notice of resolution or disposition of their cases, with as much specificity as is feasible under the circumstances. The Civil Liberties and Privacy Office articulates in writing why the allegation is, or is not, sustained by the facts as presented by the complainant and as investigated by the agency, and what the ODNI's follow-on action may be (for example, remedying a flaw or gap in agency process that the complaint has brought to light). The written disposition is also maintained as part of the official record in the noticed Privacy Act system of records. ODNI would provide access to these acknowledgement and disposition records at the complainant's request. The complainant would obtain access to other portions of the complaint file as well, to the extent they do not implicate national security interests, and do not reveal the identity of individuals providing statements or information to the investigation pursuant to assurances of confidentiality.

    ODNI believes that current policies address EPIC's concern that “the complainant is left without any means to inquire about the status of his complaint.” Complainants may at any time amend their statements, provide additional facts or seek explanation about the operative law, regulation or policy allegedly violated. Indeed, the exemption framework does not preclude a complainant from inquiring about, or learning of, the status of his complaint. Nor does it preclude the ODNI from seeking additional input from claimants.Start Printed Page 57166

    Final Rule: Implementation of Exemption Rule and Systems Notices

    After consideration of the public comments, the ODNI has determined to issue the proposed exemption rule in final form and to implement the fourteen new systems of records without change. The exemptions proposed for the fourteen noticed systems of records are necessary and appropriate to protect intelligence equities undergirding ODNI's mission and functions and narrowly applied, they do so consistent with privacy principles. By restrictively construing the exemptions to apply only to records that satisfy thresholds articulated in subsection (k), ODNI achieves the goal of balancing intelligence-related equities with fair information principles and values.

    Regulatory Flexibility Act

    This rule affects only the manner in which ODNI collects and maintains information about individuals. ODNI certifies that this rulemaking does not impact small entities and that analysis under the Regulatory flexibility Act, 5 U.S.C. 601-612, is not required.

    Small Entity Inquiries

    The Small Business Regulatory enforcement Fairness Act (SBREFA) of 1996 requires the ODNI to comply with small entity requests for information and advice about compliance with statutes and regulations within the ODNI jurisdiction. Any small entity that has a question regarding this document may address it to the information contact listed above. Further information regarding SBREFA is available on the Small Business Administration's web page at http://www.sba.gov/​advo/​laws/​law-lib.html.

    Paperwork Reduction Act

    The Paperwork Reduction Act of 1995 944 U.S.C. 3507(d)) requires that the ODNI consider the impact of paperwork and other burdens imposed on the public associated with the collection of information. There are no information collection requirements associated with this rule and therefore no analysis of burden is required.

    Executive Order 12866, Regulatory Planning and Review

    This rule is not a “significant regulatory action,” within the meaning of Executive Order 12866. This rule will not adversely affect the economy or a sector of the economy in a material way; will not create inconsistency with or interfere with other agency action; will not materially alter the budgetary impact of entitlements, grants, fees or loans or the right and obligations of recipients thereof; or raise legal or policy issues arising out of legal mandates, the President's priorities or the principles set forth in the Executive Order. Accordingly, further regulatory evaluation is not required.

    Unfunded Mandates

    Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), Public Law 104-4, 109 Stat. 48 (Mar. 22, 1995), requires Federal agencies to assess the effects of certain regulatory actions on State, local and tribal governments, and the private sector. This rule imposes no Federal mandate on any State, local or tribal government or on the private sector. Accordingly, no UMRA analysis of economic and regulatory alternatives is required.

    Executive Order 13132, Federalism

    Executive Order 13132 requires agencies to examine the implications for the distribution of power and responsibilities among the various levels of government resulting from their rules. ODNI concludes that this rule does not affect the rights, roles and responsibilities of the States, involves no preemption of State law and does not limit state policymaking discretion. This rule has no federalism implications as defined by the Executive Order.

    Environmental Impact

    This rulemaking will not have a significant effect on the human environment under the provisions of the National Environmental Policy Act of 1969 (NEPA), 42 U.S.C. 4321-4347.

    Energy Impact

    This rulemaking is not a major regulatory action under the provisions of the Energy Policy and Conservation Act (EPCA), Public Law 94-163) as amended, 42 U.S.C. 6362.

    Start List of Subjects

    List of Subjects in 32 CFR Part 1701

    • Records and Privacy Act
    End List of Subjects Start Amendment Part

    For the reasons set forth above, ODNI amends 32 CFR part 1701 as follows:

    End Amendment Part Start Part

    PART 1701—ADMINISTRATION OF RECORDS UNDER THE PRIVACY ACT OF 1974

    End Part Start Amendment Part

    1. The authority citation for part 1701 continues to read as follows:

    End Amendment Part Start Authority

    Authority: 50 U.S.C. 401-442; 5 U.S.C. 552a.

    End Authority

    Subpart B—[AMENDED]

    Start Amendment Part

    2. Add § 1701.24 to subpart B to read as follows:

    End Amendment Part
    Exemption of Office of the Director of National Intelligence (ODNI) systems of records.

    (a) The ODNI exempts the following systems of records from the requirements of subsections (c)(3); (d)(1),(2),(3) and (4); (e)(1); (e)(4)(G),(H),(I); and (f) of the Privacy Act to the extent that information in the system is subject to exemption pursuant subsections (k)(1), (k)(2) or (k)(5) of the Act as noted in the individual systems notices:

    (1) Manuscript, Presentation and Resume Review Records (ODNI-01).

    (2) Executive Secretary Action Management System Records (ODNI-02).

    (3) Public Affairs Office Records (ODNI-03).

    (4) Office of Legislative Affairs Records (ODNI-04).

    (5) ODNI Guest Speaker Records (ODNI-05).

    (6) Office of General Counsel Records (ODNI-06).

    (7) Analytic Resources Catalog (ODNI-07).

    (8) Intelligence Community Customer Registry (ODNI-09).

    (9) EEO and Diversity Office Records (ODNI-10).

    (10) Office of Protocol Records (ODNI-11).

    (11) IC Security Clearance and Access Approval Repository (ODNI-12).

    (12) Security Clearance Reform Research Records (ODNI-13).

    (13) Civil Liberties and Privacy Office Complaint Records (ODNI-14).

    (14) National Intelligence Council Records (ODNI-15).

    (b) Exemption of records in theses systems from any or all of the enumerated requirements may be necessary for the following reasons:

    (1) From subsection (c)(3) (accounting of disclosures) because an accounting of disclosures from records concerning the record subject would specifically reveal an intelligence or investigative interest on the part of the ODNI or recipient agency and could result in release of properly classified national security or foreign policy information.

    (2) From subsections (d)(1), (2), (3) and (4) (record subject's right to access and amend records) because affording access and amendment rights could alert the record subject to the investigative interest of intelligence or law enforcement agencies or compromise sensitive information classified in the interest of national security. In the absence of a national security basis for exemption, records in this system may be exempted from access and amendment to the extent necessary to honor promises of Start Printed Page 57167confidentiality to persons providing information concerning a candidate for position. Inability to maintain such confidentiality would restrict the free flow of information vital to a determination of a candidate's qualifications and suitability.

    (3) From subsection (e)(1) (maintain only relevant and necessary records) because it is not always possible to establish relevance and necessity before all information is considered and evaluated in relation to an intelligence concern. In the absence of a national security basis for exemption under subsection (k)(1), records in this system may be exempted from the relevance requirement pursuant to subsection (k)(5) because it is not possible to determine in advance what exact information may assist in determining the qualifications and suitability of a candidate for position. Seemingly irrelevant details, when combined with other data, can provide a useful composite for determining whether a candidate should be appointed.

    (4) From subsections (e)(4)(G) and (H) (publication of procedures for notifying subjects of the existence of records about them and how they may access records and contest contents) because the system is exempted from subsection (d) provisions regarding access and amendment, and from the subsection (f) requirement to promulgate agency rules. Nevertheless, the ODNI has published notice concerning notification, access, and contest procedures because it may in certain circumstances determine it appropriate to provide subjects access to all or a portion of the records about them in a system of records.

    (5) From subsection (e)(4)(I) (identifying sources of records in the system of records) because identifying sources could result in disclosure of properly classified national defense or foreign policy information, intelligence sources and methods, and investigatory techniques and procedures. Notwithstanding its proposed exemption from this requirement, ODNI identifies record sources in broad categories sufficient to provide general notice of the origins of the information it maintains in its systems of records.

    (6) From subsection (f) (agency rules for notifying subjects to the existence of records about them, for accessing and amending records, and for assessing fees) because the system is exempt from subsection (d) provisions regarding access and amendment of records by record subjects. Nevertheless, the ODNI has published agency rules concerning notification of a subject in response to his request if any system of records named by the subject contains a record pertaining to him and procedures by which the subject may access or amend the records. Notwithstanding exemption, the ODNI may determine it appropriate to satisfy a record subject's access request.

    Start Signature

    Dated: September 10, 2010.

    John F. Kimmons,

    Lieutenant General, USA, Director of the Intelligence Staff.

    End Signature End Supplemental Information

    Footnotes

    1.  See § 1701.20 of ODNI's Privacy Act Regulation (32 CFR).

    Additionally, in its Notice to Establish Systems of Records (75 FR 16853, April 2, 2010), ODNI indicated in the Supplementary Information section of the Notice that it would apply the exemption only as specifically necessary, and not as a blanket exclusion: “To protect classified and sensitive personnel or law enforcement information contained in these systems, the Director of National Intelligence is proposing to exempt these systems of records from certain portions of the Privacy Act where necessary, as permitted by law.”

    Back to Citation

    2.  Non-classified data points that, taken together, create a mosaic disclosing a matter properly classifiable under an Executive Order would be withheld from access.

    Back to Citation

    3.  Subsection (k) states that the head of any agency may promulgate rules to exempt any system of records with the agency from subsection (c)(3). (d). (e)(1), (e)(4)(G)(H), and (I) and (f) of that section.

    Back to Citation

    4.  Office of Management and Budget, Privacy Act Implementation, Guidelines and Responsibilities, Standards of Accuracy, Subsection (e)(5), 40 FR 28948, 28964 (July 9, 1975).

    Back to Citation

    [FR Doc. 2010-23320 Filed 9-17-10; 8:45 am]

    BILLING CODE P

Document Information

Comments Received:
0 Comments
Effective Date:
9/20/2010
Published:
09/20/2010
Department:
National Intelligence, Office of the National Director
Entry Type:
Rule
Action:
Final rule.
Document Number:
2010-23320
Dates:
This final rule is effective September 20, 2010.
Pages:
57163-57167 (5 pages)
PDF File:
2010-23320.pdf
CFR: (1)
32 CFR 1701.24