-
AGENCY:
U.S. Department of Energy.
ACTION:
Notice of a modified system of records.
SUMMARY:
As required by the Privacy Act of 1974 and the Office of Management and Budget (OMB) Circulars A-108 and A-130, the Department of Energy (DOE or the Department) is publishing a notice of a modification to an existing Privacy Act system of records. DOE proposes to amend System of Records DOE-3 Employee Concerns Program Records. This Systems of Records Notice (SORN) is being modified to align with new formatting requirements published by the OMB, and to ensure appropriate Privacy Act coverage of business processes and Privacy Act information. Substantive changes to the “Purpose(s) of the System,” “Categories of Individuals” and “Categories of Records” sections covered by this SORN have been made to align with DOE Order 442.1B. Department of Energy Employee Concerns Program, which was approved by the Department on January 31, 2019. Substantive changes have also been made to the “System Locations,” “Routine Uses,” and “Administrative, Technical and Physical Safeguards” sections to provide greater transparency. Changes to “Routine Uses” include new provisions related to responding to breaches of information held under a Privacy Act SORN as required by OMB's Memorandum M-17-12, “Preparing for and Responding to a Breach of Personally Identifiable Information” (January 3, 2017). Language throughout the SORN has been updated to align with applicable Federal privacy laws, policies, procedures, and best practices.
DATES:
This modified SORN will become applicable following the end of the public comment period on October 7, 2024 unless comments are received that result in a contrary determination.
ADDRESSES:
Written comments should be sent to the DOE Desk Officer, Office of Information and Regulatory Affairs, Office of Management and Budget, New Executive Office Building, Room 10102, 735 17th Street NW, Washington, DC 20503 and to Ken Hunt, Chief Privacy Officer, U.S. Department of Energy, 1000 Independence Avenue SW, Rm 8H-085, Washington, DC 20585 or by facsimile at (202) 586-8151 or by email at privacy@hq.doe.gov.
FOR FURTHER INFORMATION CONTACT:
Ken Hunt, Chief Privacy Officer, U.S. Department of Energy, 1000 Independence Avenue SW, Rm 8H-085, Washington, DC 20585 or by facsimile at (202) 586-8151, by email at privacy@hq.doe.gov, or by telephone at (240) 686-9485.
SUPPLEMENTARY INFORMATION:
On January 9, 2009, DOE published a Compilation of its Privacy Act systems of records, which included System of Records DOE-3 Employee Concerns Program Records. This notice proposes amendments to the “System Location” section of that system of records by updating system locations to which this DOE-3 is applicable. In the “Routine Uses” section, this modified notice deletes a previous routine use concerning efforts responding to a suspected or confirmed loss of confidentiality of information as it appears in DOE's compilation of its Privacy Act systems of records (January 9, 2009) and replaces it with a routine use intended to assist DOE with responding to a suspected or confirmed breach of its records containing Personally Identifiable Information (PII), modeled with language from OMB's Memorandum M-17-12, “Preparing for and Responding to a Breach of Personally Identifiable Information” (January 3, 2017). Further, this notice adds two new routine uses. First, this notice clarifies that a record from the system may be used to document and address employee concerns pursuant to DOE Order 442.1B, Department of Energy Employee Concerns Program (and successor documents) and complaints filed with the Employee Concerns Program pursuant to provisions of 10 CFR part 708, DOE Contractor Employee Protection Program. In addition, DOE may assist another agency or entity in responding to the other agency's or entity's confirmed or suspected breach of PII, as appropriate, as aligned with OMB's Memorandum M-17-12. An administrative change required by the FOIA Improvement Act of 2016 extends the length of time a requestor is permitted to file an appeal under the Privacy Act from 30 to 90 days. Both the “System Locations” and “Administrative, Technical and Physical Safeguards” sections have been modified to reflect the Department's usage of cloud-based services for records storage. Language throughout the SORN has been updated to align with applicable Federal privacy laws, policies, procedures, and best practices.
SYSTEM NAME AND NUMBER:
DOE-3 Employee Concerns Program Records.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Systems to which this SORN is applicable may exist in multiple locations. All systems storing records in a cloud-based server are required to use government-approved cloud services and follow National Institute of Standards and Technology (NIST) security and privacy standards for access and data retention. Records maintained in a government-approved cloud server are accessed through secure data centers in the continental United States.
U.S. Department of Energy Headquarters, 1000 Independence Avenue SW, Washington, DC 20585.
U.S. Department of Energy, National Nuclear Security Administration, 1000 Independence Avenue SW, Washington, DC 20585.
U.S. Department of Energy, Office of Legacy Management, 1000 ( print page 72831) Independence Avenue SW, Washington, DC 20585.
U.S. Department of Energy, Idaho Operations Office, 1955 Fremont Avenue, Idaho Falls, ID 83415.
U.S. Department of Energy, Golden Field Office, Room C302-5, 15301 Denver West Parkway, Golden, CO 80401.
U.S. Department of Energy, National Energy Technology Laboratory (Alaska), 222 W. 7th Avenue, Suite 108, Anchorage, AK 99501.
U.S. Department of Energy, National Energy Technology Laboratory (Albany), 1450 Queen Avenue SW, Albany, OR 97321.
U.S. Department of Energy, National Energy Technology Laboratory (Houston), 1011 Highway 6 S., Suite 309, Houston, TX 77077.
U.S. Department of Energy, National Energy Technology Laboratory (Morgantown), 3610 Collins Ferry Road, Morgantown, WV 26505.
U.S. Department of Energy, National Energy Technology Laboratory (Pittsburgh), 626 Cochran Mill Road, Pittsburgh, PA 15236.
U.S. Department of Energy, Carlsbad Field Office, Skeen/Whitlock Building, 4021 National Parks Hwy, 2nd Floor, Room Number T295B, Carlsbad, NM 88220.
U.S. Department of Energy, Environmental Management Consolidated Business Center (EMCBC), 550 Main Street, Rm 7-010, Cincinnati, OH 45202.
U.S. Department of Energy, Portsmouth/Paducah Project Office, 1017 Majestic Drive, Lexington, KY 40513.
U.S. Department of Energy, Office of River Protection, P.O. Box 450, Richland, WA 99352.
U.S. Department of Energy, Richland Operations Office, P.O. Box 550, Richland, WA 99352.
U.S. Department of Energy, West Valley Demonstration Project, 9030 Route 219, West Valley, NY 14171.
U.S. Department of Energy, Bonneville Power Administration, 901 NE 11th Ave., Portland, OR 97232.
U.S. Department of Energy, Southeastern Power Administration, 1166 Athens Tech Road, Elberton, GA 30635-6711.
U.S. Department of Energy, Southwestern Power Administration, One West Third Street, Suite 1500, Tulsa, OK 74103.
U.S. Department of Energy, Western Area Power Administration, 12155 W. Alameda Pkwy., Lakewood, CO 80228.
U.S. Department of Energy, Strategic Petroleum Reserve Project Management Office, 900 Commerce Road East, New Orleans, LA 70123.
U.S. Department of Energy, Office of Science, Chicago Office, Consolidated Service Center, 9800 South Cass Avenue, Lemont, IL 60439.
U.S. Department of Energy, Office of Science, Argonne Site Office, 9800 S Cass Ave (B201), Lemont, IL 60439.
U.S. Department of Energy, Office of Science, Ames Site Office, 9800 S Cass Ave (B201) Room 360B, Lemont, IL 60439.
U.S. Department of Energy, Office of Science, Princeton Site Office, 9800 S Cass Ave (B201) Room 360B, Lemont, IL 60439.
U.S. Department of Energy, Office of Science, Berkeley Site Office, Lawrence Berkeley National Laboratory, 1 Cyclotron Road, Mailstop 90-1023, Berkeley, CA. 94720-8123.
U.S. Department of Energy, Office of Science, Brookhaven Site Office, 53 Bell Avenue, Bldg. 464, Upton, NY 11973.
U.S. Department of Energy, Office of Science, Fermi Site Office, MS 118, P.O. Box 2000, Kirk Road and Pine Street, Batavia, IL 60510.
U.S. Department of Energy, Office of Science Consolidated Service Center, P.O. Box 2001, Oak Ridge, TN 37831.
U.S. Department of Energy, Office of Science, ORNL Site Office, US DOE—OSO, P.O. Box 2008 MS-6269, Oak Ridge, TN 37831.
U.S. Department of Energy, Office of Science, Pacific Northwest Site Office, 3200 Innovation Blvd., Richland, WA 99354.
U.S. Department of Energy, Office of Science, SLAC Site Office, 2575 Sand Hill Road, MS-8A, Menlo Park, CA 94025.
U.S. Department of Energy, Office of Science, Thomas Jefferson Site Office, 12000 Jefferson Avenue, Suite 14, Newport News, VA 23606.
U.S. Department of Energy, NNSA John A. Gordon, Albuquerque Complex, 24600 20th Street SE, Albuquerque, NM 87116.
U.S. Department of Energy, Pantex Site Office, P.O. Box 30030, Amarillo, TX 79120.
U.S. Department of Energy, Kansas Field Office, 2000 East 95th Street, Kansas City, MO 64131.
U.S. Department of Energy, Los Alamos Field Office 2900 E. Road, Los Alamos, NM 87544.
U. S. Department of Energy, Livermore Site Office, P.O. Box 808, L-293, Livermore, CA 94551-0808.
Nevada Field Office, 232 Energy Way North, Las Vegas, NV 89030.
Sandia Site Office, 24600 20th Street SE, Albuquerque, NM 87116.
U.S. Department of Energy, Savannah River Site Office, Road 1A, Aiken, SC 29801.
U.S. Department of Energy, Y-12 Site Office, P.O. Box 2009, Oak Ridge, TN 37831-8245.
National Nuclear Security Administration, Los Alamos Acquisition and Project Management Office, NA-95, c/o Los Alamos National Laboratory, 30 Bikini Atoll, TA 50 Building 9008 Los Alamos, NM 87545.
National Nuclear Security Administration, Savannah River Acquisition and Project Management Office, P.O. Box A, Aiken, SC 29802.
National Nuclear Security Administration, Naval Reactors Laboratory, Building A4, 814 Pittsburgh-McKeesport Boulevard, West Mifflin, PA 15122.
SYSTEM MANAGER(S):
Headquarters: Office of Environment, Health, Safety and Security, U.S. Department of Energy, 1000 Independence Avenue SW, Washington, DC 20585.
Field Offices: The managers of the Employee Concerns Programs at the “System Locations” listed above are the system managers for their respective portions of this system.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 7101 et seq.;50 U.S.C. 2401 et seq.;42 U.S.C. 2201(p); 42 U.S.C. 7254; 42 U.S.C. 5801(a).
PURPOSE(S) OF THE SYSTEM:
Records in this system are maintained and used by the Department to (i) document and address employee concerns about an activity, policy or practice of DOE or its contractors or subcontractors, including but not limited to environmental, safety, health, security, quality, and management issues or harassment, intimidation, retaliation/reprisal or discrimination for raising an employee concern, and (ii) document and address complaints under 10 CFR part 708 that are filed with the Employee Concerns Program.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Current and former DOE (including NNSA) employees, and DOE and DOE/NNSA contractor and subcontractor employees who have filed employee concerns or complaints with DOE Employee Concerns Program offices, or individuals who have participated or provided information in an employee concerns process or complaints under 10 CFR part 708 that have been filed with Employee Concerns Program.
CATEGORIES OF RECORDS IN THE SYSTEM:
Employee concerns; complaints filed pursuant to 10 CFR part 708 with the Employee Concern Program; names, ( print page 72832) Social Security numbers, work and home addresses, telephone numbers; job titles, series, grade or pay levels; organization; supervisors' names and telephone numbers; copies of employee records such as personnel actions, performance appraisals, pay and leave records and security clearance documents; management reports; witness statements; affidavits; checklists; notes; inspection reports; audit reports; financial records; medical records; contractor/corporate-owned records; documents related to environment, health, safety, and security conditions; and relevant correspondence.
RECORD SOURCE CATEGORIES:
The concerned employee or complainant; witnesses; management officials; program office records; and congressional offices.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
1. A record from this system may be used to address employee concerns pursuant to DOE Order 442.1B, Department of Energy Employee Concerns Program (and successor documents), and complaints filed with the Employee Concerns Program pursuant to provisions of 10 CFR part 708, DOE Contractor Employee Protection Program.
2. A record from this system may be disclosed as a routine use to union officials acting in their official capacity as a representative of the grievant or affected employees under 5 U.S.C. Chapter 71.
3. A record from this system may be disclosed as a routine use to a member of Congress submitting a request involving a constituent when the constituent has requested assistance from the member concerning the subject matter of the record. The member of Congress must provide a copy of the constituent's signed request for assistance.
4. A record from this system may be disclosed as a routine use to the appropriate local, tribal, state, or Federal agency when records, alone or in conjunction with other information, indicate a violation or potential violation of law whether civil, criminal, or regulatory in nature, and whether arising by general statute or particular program pursuant thereto.
5. A record from this system may be disclosed as a routine use for the purpose of an investigation, settlement of claims, or the preparation and conduct of litigation to (1) persons representing the Department in the investigation, settlement or litigation, and to individuals assisting in such representation; (2) others involved in the investigation, settlement, and litigation, and their representatives and individuals assisting those representatives; (3) witnesses, potential witnesses, or their representatives and assistants; and (4) any other persons who possess information pertaining to the matter when it is relevant and necessary to obtain information or testimony relevant to the matter.
6. A record from this system may be disclosed as a routine use to DOE contractors in performance of their contracts, and their officers and employees who have a need for the record in the performance of their duties. Those provided information under this routine use are subject to the same limitations applicable to Department officers and employees under the Privacy Act.
7. A record from this system may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) the Department suspects or has confirmed that there has been a breach of the system of records; (2) the Department has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, DOE (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
8. A record from this system may be disclosed as a routine use to another Federal agency or Federal entity, when the Department determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records may be stored as paper records or electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by name of the concerned employee or complainant or other personal identifier.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Retention and disposition of these records is in accordance with the National Archives and Records Administration-approved records disposition schedule with a retention of 4 or 75 years.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Electronic records may be secured and maintained on a cloud-based software server and operating system that resides in a Federal Risk and Authorization Management Program (FedRAMP) and Federal Information Security Modernization Act (FISMA) hosting environment. Data located in the cloud-based server is firewalled and encrypted at rest and in transit. The security mechanisms for handling data at rest and in transit are in accordance with DOE encryption standards. Records are protected from unauthorized access through the following appropriate safeguards:
- Administrative: Access to all records is limited to lawful government purposes only, with access to electronic records based on role and either two-factor authentication or password protection. The system requires passwords to be complex and to be changed frequently. Users accessing system records undergo frequent training in Privacy Act and information security requirements. Security and privacy controls are reviewed on an ongoing basis.
- Technical: Computerized records systems are safeguarded on the Departmental networks configured for role-based access based on job responsibilities and organizational affiliation. Privacy and security controls are in place for this system and are updated in accordance with applicable requirements as determined by NIST and DOE directives and guidance.
- Physical: Computer servers on which electronic records are stored are located in secured Department facilities, which are protected by security guards, identification badges, and cameras. Paper copies of all records are locked in file cabinets, file rooms, or offices and are under the control of authorized personnel. Access to these facilities is granted only to authorized personnel and each person granted access to the system must be an individual authorized to use or administer the system. ( print page 72833)
RECORD ACCESS PROCEDURES:
The Department follows the procedures outlined in 10 CFR 1008.4. Valid identification of the individual making the request is required before information will be processed, given, access granted, or a correction considered, to ensure that information is processed, given, corrected, or records disclosed or corrected only at the request of the proper person.
CONTESTING RECORD PROCEDURES:
Any individual may submit a request to the System Manager and request a copy of any records relating to them. In accordance with 10 CFR 1008.11, any individual may appeal the denial of a request made by him or her for information about or for access to or correction or amendment of records. An appeal shall be filed within 90 calendar days after receipt of the denial. When an appeal is filed by mail, the postmark is conclusive as to timeliness. The appeal shall be in writing and must be signed by the individual. The words “PRIVACY ACT APPEAL” should appear in capital letters on the envelope and the letter. Appeals of denials relating to records maintained in government-wide system of records reported by Office of Personnel Management (OPM), shall be filed, as appropriate, with the Assistant Director for Agency Compliance and Evaluation, OPM, 1900 E Street NW, Washington, DC 20415. All other appeals relating to DOE records shall be directed to the Director, Office of Hearings and Appeals (OHA), 1000 Independence Avenue SW, Washington, DC 20585.
NOTIFICATION PROCEDURES:
In accordance with the DOE regulation implementing the Privacy Act, 10 CFR part 1008, a request by an individual to determine if a system of records contains information about themselves should be directed to the U.S. Department of Energy, Headquarters, Privacy Act Officer. The request should include the requester's complete name and the time period for which records are sought.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
The system is exempt under subsections 552a(k)(1), (2) and (5) of the Privacy Act to the extent that information within the system meets the criteria of those subsections of the Act. Such information has been exempted from the provisions of subsections (c)(3); 5 U.S.C. 552a (d); 5 U.S.C. 552a (e)(1) of the Act; see the Department's Privacy Act regulation at 10 CFR part 1008.
HISTORY:
This SORN was last published in the Federal Register (FR), 74 FR 1000-1002, on January 9, 2009.
Signing Authority
This document of the Department of Energy was signed on August 29, 2024 by Ann Dunkin, Senior Agency Official for Privacy, pursuant to delegated authority from the Secretary of Energy. That document with the original signature and date is maintained by DOE. For administrative purposes only, and in compliance with requirements of the Office of the Federal Register, the undersigned DOE Federal Register Liaison Officer has been authorized to sign and submit the document in electronic format for publication, as an official document of the Department of Energy. This administrative process in no way alters the legal effect of this document upon publication in the Federal Register .
Signed in Washington, DC, on September 3, 2024.
Treena V. Garrett,
Federal Register Liaison Officer, U.S. Department of Energy.
[FR Doc. 2024-20086 Filed 9-5-24; 8:45 am]
BILLING CODE 6450-01-P
Document Information
- Published:
- 09/06/2024
- Department:
- Energy Department
- Entry Type:
- Notice
- Action:
- Notice of a modified system of records.
- Document Number:
- 2024-20086
- Dates:
- This modified SORN will become applicable following the end of the public comment period on October 7, 2024 unless comments are received that result in a contrary determination.
- Pages:
- 72830-72833 (4 pages)
- PDF File:
- 2024-20086.pdf