AGENCY:

Defense Human Resources Activity (DHRA), Department of Defense (DoD).

ACTION:

Notice of a modified system of records.

SUMMARY:

The Office of the Secretary of Defense (OSD) is modifying the system of records titled, “Commercial Travel Information Management System,” DHRA 14 DoD. The Commercial Travel Information Management System (CTIMS) houses the CTIMS data repository and provides web-based travel information to the DoD travel community, including commercial vendors. It offers tools to submit help desk tickets, create reports, complete schedule training, plan trips, and complete other travel related functions, as well as provides a survey tool that supports the assessment of Defense Travel programs and the Defense Travel Management Office (DTMO) Workforce Assessment.

DATES:

This system of records modification is effective upon publication; however, comments on the Routine Uses will be accepted on or before October 23, 2020. The Routine Uses are effective at the close of the comment period.

ADDRESSES:

You may submit comments, identified by docket number and title, by any of the following methods:

* Federal Rulemaking Portal: https://www.regulations.gov.

Follow the instructions for submitting comments.

* Mail: DoD cannot receive written comments at this time due to the COVID-19 pandemic. Comments should Start Printed Page 59760be sent electronically to the docket listed above.

Instructions: All submissions received must include the agency name and docket number for this Federal Register document. The general policy for comments and other submissions from members of the public is to make these submissions available for public viewing on the internet at https://www.regulations.gov as they are received without change, including any personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT:

Ms. Lyn Kirby, Defense Privacy, Civil Liberties, and Transparency Division, Directorate for Oversight and Compliance, Department of Defense, 4800 Mark Center Drive, Mailbox #24, Suite 08D09, Alexandria, VA 22350-1700; OSD.DPCLTD@mail.mil; (703) 571-0070.

SUPPLEMENTARY INFORMATION:

The CTIMS serves as a repository of DoD travel records consisting of travel booked within the Defense Travel System (DTS) in order to perform key DTMO mission functions including responding to federal reporting requirements and conducting oversight operations. The OSD proposes to modify this system of records to reflect the revision of the Joint Federal Travel Regulation and its codification in 41 CFR 300-304. Additional changes were made to reflect evolving mission needs and updates to the system location and security. In all, this modification reflects changes to the system location, system manager(s), security classification, authority for maintenance of the system, purpose of the system, categories of individuals covered by the system, categories of records in the system, record source categories, routine uses of records maintained in the system, including categories of users and purposes of such users, policies and practices for retrieval of records, policies and practices for retention and disposal of records, contesting record procedures, administrative, physical, and technical safeguards, record access procedures, and notification procedures. If these updates were not made, the system would not be able to provide the full set of services required to support the mission-essential Defense Travel Program.

The DoD notices for systems of records subject to the Privacy Act of 1974, as amended, have been published in the Federal Register and are available from the address in FOR FURTHER INFORMATION CONTACT or at the Defense Privacy, Civil Liberties, and Transparency Division website at https://dpcld.defense.gov.

In accordance with 5 U.S.C. 552a(r) and Office of Management and Budget (OMB) Circular No. A-108, the DoD has provided a report of this system of records to the OMB and to Congress.

SYSTEM NAME AND NUMBER:

Commercial Travel Information Management System, DHRA 14 DoD.

SECURITY CLASSIFICATION:

Unclassified.

SYSTEM LOCATION:

Network Enterprise Center, 1422 Sultan Road, Fort Detrick, MD 21702-9200.

SYSTEM MANAGER(S):

Deputy Director, Defense Travel Management Office, 4800 Mark Center Drive, Alexandria, VA 22350-9000, email: dodhra.mc-alex.dtmo.mbx.mib-ccb@mail.mil.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:

5 U.S.C. Ch. 57, Travel, Transportation, and Subsistence; 10 U.S.C. 135, Under Secretary of Defense (Comptroller); 10 U.S.C. 136, Under Secretary of Defense for Personnel and Readiness; 37 U.S.C. 463, Programs of Compliance, Electronic Processing of Travel Claims; 41 CFR. 300-304, Federal Travel Regulation System; DoD Directive (DoDD) 4500.09, Transportation and Traffic Management; DoDD 5100.87, Department of Defense Human Resources Activity (DoDHRA); DoD Instruction (DoDI) 5154.31, Vols 1-6 Commercial Travel Management; DoDI 1100.13, DoD Survey; DoD Financial Management Regulation 7000.14-R, Vol. 9, Travel Policy; DoD 4500.9-R, Defense Transportation Regulation (DTR), Parts I-V; The Joint Federal Travel Regulation, Uniformed Service Members and DoD Civilian Employees; and E.O. 9397 (SSN), as amended

PURPOSE(S) OF THE SYSTEM:

To establish a repository of DoD travel records consisting of travel booked within the Defense Travel System (DTS) as well as through commercial travel vendors in order to satisfy reporting requirements; identify and notify travelers in potential distress due to natural or man-made disasters; assist in the planning, budgeting, and allocation of resources for future DoD travel; conduct oversight operations; analyze travel, budgetary, or other trends; detect fraud and abuse; conduct surveys for the evaluation of program effectiveness, calculate travel and housing allowances, provide insight into the gap between product/service delivery and customer expectations, assist in understanding what drives customer satisfaction; respond to authorized internal and external requests for data relating to DoD official travel and travel related services, including premium class travel, and to provide website registered guests an online customer support site for submitting inquiries regarding commercial travel within the DoD, including assistance with the DTS.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:

DoD civilian personnel; active, former, and retired military members; Reserve and National Guard personnel; military academy nominees, applicants, and cadets; dependents of DoD sponsors accompanying the DoD sponsor on travel; and all other individuals in receipt of DoD travel orders; registered website guests submitting inquiries regarding DoD commercial travel.

CATEGORIES OF RECORDS IN THE SYSTEM:

For DoD travelers, information from commercial travel booking systems and the DTS: Name, Social Security Number (SSN), DoD ID number, individual taxpayer identification number (ITIN), passport information, gender, date of birth, email address; home and/or business address, and cellular phone numbers; emergency contact information to include spouses name and number;

Employment information: Employment status, organizational information, duty station, rank, military status information, travel preferences, frequent flyer information;

Financial information to include government and/or personal charge card account numbers and expiration information, government travel charge card transactions, personal checking and/or savings account numbers, government accounting code/budget information, specific trip information to include travel itineraries (includes dates of travel) and reservations, trip record number, trip cost estimates, travel vouchers, travel-related receipts, travel document status information, travel budget information, commitment of travel funds, records of actual payment of travel funds and supporting documentation.

For dependents who are accompanying the DoD sponsor on travel: Name, date of birth, and passport information.Start Printed Page 59761

For registered website guests: Name, phone number, email address; if affiliated with DoD, duty station, rank, DoD ID number; if desiring travel alerts, cellular phone number and cellular phone provider; if requiring assistance with the DTS, last four of the SSN.

RECORD SOURCE CATEGORIES:

The individual, DTS, General Services Administration data repository, and commercial travel booking systems.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, as amended, the records contained herein may be disclosed outside the DoD as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

a. To contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, cooperative agreement, or other assignment for the federal government when necessary to accomplish an agency function related to this system of records.

b. To Federal and private entities providing travel services for purposes of arranging transportation at Government expense for official business.

c. To the appropriate Federal, State, local, territorial, tribal, foreign, or international law enforcement authority or other appropriate entity where a record, either alone or in conjunction with other information, indicates a violation or potential violation of law, whether criminal, civil, or regulatory in nature.

d. To any component of the Department of Justice for the purpose of representing the DoD, or its components, officers, employees, or members in pending or potential litigation to which the record is pertinent.

e. In an appropriate proceeding before a court, grand jury, or administrative or adjudicative body or official, when the DoD or other Agency representing the DoD determines the records are relevant and necessary to the proceeding; or in an appropriate proceeding before an administrative or adjudicative body when the adjudicator determines the records to be relevant to the proceeding.

f. To the National Archives and Records Administration for the purpose of records management inspections conducted under the authority of 44 U.S.C. 2904 and 2906.

g. To a Member of Congress or staff acting upon the Member's behalf when the Member or staff requests the information on behalf of, and at the request of, the individual who is the subject of the record.

h. To appropriate agencies, entities, and persons when (1) the DoD suspects or confirms a breach of the system of records; (2) the DoD determines as a result of the suspected or confirmed breach there is a risk of harm to individuals, the DoD (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the DoD's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

i. To another Federal agency or Federal entity, when the DoD determines information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:

Records are maintained in electronic storage media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:

Name, home/business address, email address, passport number, date of birth, SSN, and/or DoD ID number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:

Destroy 6 years after final payment or cancellation.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:

Records are stored on secure military installations. Physical controls include use of visitor registers and identification badges, electronic key card access, safes, security guards, and closed-circuit television monitoring. Technical controls including intrusion detection systems, secure socket layer encryption, firewalls, intrusion detection systems, external certificate authority certificates, least privilege access, and virtual private networks protect the data in transit and at rest. Physical and electronic access is limited to individuals who are properly screened and cleared on a need-to-know basis in the performance of their official duties. Usernames and passwords, Common Access Cards, and DoD Public Key Infrastructure, in addition to role-based access controls are used to control access to the system data. Procedures are in place to deter and detect browsing and unauthorized access including periodic security audits and monitoring of users' security practices. Backups are stored on encrypted media and secured off-site. Periodic security audits and regular monitoring of user's security practices also occur. Electronic records are maintained in a controlled facility. Physical entry is restricted by the use of locks, guards, and is accessible only to authorized personnel. Access to records is limited to person(s) servicing the record in performance of their official duties and who are properly screened and cleared for need-to-know. Access to computerized data is restricted by the use of Common Access Cards (CAC) and data encryption.

RECORD ACCESS PROCEDURES:

Individuals seeking access to records about themselves contained in this system should address written inquiries to the Office of the Secretary of Defense/Joint Staff, Freedom of Information Act Requester Service Center, Office of Freedom of Information, 1155 Defense Pentagon, Washington, DC 20301-1155. Signed, written requests should contain the individual's full name, personal contact information (home address, phone number, email), and the number and name of this system of records notice. In addition, the requester must provide either a notarized statement or a declaration made in accordance with 28 U.S.C. 1746, using the following format:

If executed outside the United States: “I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on (date). (Signature).”

If executed within the United States, its territories, possessions, or commonwealths: “I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature).”

CONTESTING RECORD PROCEDURES:

The DoD rules for accessing records, contesting contents and appealing initial agency determinations are published in 32 CFR part 310, or may be obtained from the system manager.

NOTIFICATION PROCEDURES:

Individuals seeking to determine whether information about themselves is contained in this system should address written inquiries to the Deputy Director, Defense Travel Management Start Printed Page 59762Office, 4800 Mark Center Drive, Alexandria, VA 22350-9000. Signed, written requests should contain full name, email address, telephone number, and SSN (or passport number). Website registered guests should provide their full name and email address. In addition, the requester must provide either a notarized statement or an unsworn declaration made in accordance with 28 U.S.C. 1746, in the following format:

If executed outside the United States: “I declare (or certify, verify, or state) under penalty of perjury under the laws of the United States of America that the foregoing is true and correct. Executed on (date). (Signature).”

If executed within the United States, its territories, possessions, or commonwealths: “I declare (or certify, verify, or state) under penalty of perjury that the foregoing is true and correct. Executed on (date). (Signature).”

EXEMPTIONS PROMULGATED FOR THE SYSTEM:

None.

HISTORY:

August 22, 2014, 79 FR 49764.