NPS CLP - SORN Narratives FINAL DRAFT

Privacy Act of 1974

NARRATIVE STATEMENT FOR A NEW PRIVACY ACT SYSTEM OF RECORDS FOR THE DEPARTMENT OF THE INTERIOR, NATIONAL PARK SERVICE – COMMON LEARNING PORTAL – NPS-31

Common Learning Portal – NPS-31

1. Describe the purposes of the system of records.

The Common Learning Portal is a website that will serve as a common location for advertising national, regional, and park specific training events to National Park Service (NPS) employees. The system also establishes communities of practice using interest groups and forums in order to increase communication among the NPS training community.

The following are functions that will be performed with the Common Learning Portal:

• Hosting information regarding upcoming NPS training events.

• Providing community forums for NPS learning professionals to collaborate.

• Creating a knowledge store of vetted training articles and information.

The records in the system contain individual’s system account and profile information and other optional information entered by the individual about themselves or while posting information on the website during forums participation and discussions.

The system is maintained by NPS Learning & Development.

a. An estimate of the number of individual records expected to be in the system.

It is possible that 1,000 to 20,000 NPS employee and 1,000 to 2,000 public accounts could be active in the system within the system.

b. The steps taken to minimize the amount of personal data to be maintained.

Steps were taken to minimize the amount of personal data maintained in the Common Learning Portal by reducing the number of fields required for registering an account on the system; Personally Identifiable Information (PII) is only stored in the system only if a person decides to register for an account.

2. Identify the specific statute or Executive Order which authorizes the maintenance of the system of records.

54 U.S.C. § 101321, Service employee training; and 54 U.S.C. § 101322, Management development and training.

3. Provide an evaluation of the probable or potential effect of the proposal on the privacy of individuals.

The purpose of the Common Learning Portal is only to provide a common location for advertising NPS training events. Privacy controls have been implemented as described in the System Security Plan to protect the information in the Common Learning Portal, there should be no increased privacy risk to the information on individuals in this system.

4. Describe the relationship of the proposal, if any, to the other branches of

the Federal government and to State and local governments.

The Common Learning Portal initiative is not a multi-agency initiative and will not affect other agencies or organizations.

5. Provide a brief description of steps taken by the agency to minimize the risk of unauthorized access to the system of records.

Access to DOI networks and records in this system requires a valid username and password and PIV card, and is limited to DOI personnel who have a need to know the information for the performance of their official duties.

Access to records in the system is limited to authorized personnel whose official duties require such access; authorized personnel are required to complete annual Federal Information Systems Security Awareness and Privacy and Records Management FISSA training and sign the DOI Rules of Behavior. Access to DOI networks and data requires a valid Personal Identity Verification (PIV) card and Personal Identification Number (PIN) and is limited to DOI personnel who have a need to know the information for the performance of their official duties. Electronic data will be protected through user identification, passwords, database permissions and software controls. Information delivered to and from an individual’s web browser will be encrypted using approved federal encryption protocols. These security measures will establish different degrees of access for different types of users. The system has undergone a Privacy Impact Assessment to identify, evaluate and analyze potential privacy risks associated with the use of the system.

6. Explain how each proposed routine use is compatible with the purpose for which the records are collected and maintained.

In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DOI as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:

(1) (a) To any of the following entities or individuals, when the circumstances set forth in paragraph (b) are met:

(i) The U.S. Department of Justice (DOJ);

(ii) A court or an adjudicative or other administrative body;

(iii) A party in litigation before a court or an adjudicative or other administrative body; or

(iv) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee;

(b) When:

(i) One of the following is a party to the proceeding or has an interest in the proceeding:

(A) DOI or any component of DOI;

(B) Any other Federal agency appearing before the Office of Hearings and Appeals;

(C) Any DOI employee acting in his or her official capacity;

(D) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee;

(E) The United States, when DOJ determines that DOI is likely to be affected by the proceeding; and

(ii) DOI deems the disclosure to be:

(A) Relevant and necessary to the proceeding; and

(B) Compatible with the purpose for which the records were compiled.

(2) To a congressional office in response to a written inquiry that an individual covered by the system, or the heir of such individual if the covered individual is deceased, has made to the office.

(3) To the Executive Office of the President in response to an inquiry from that office made at the request of the subject of a record or a third party on that person's behalf, or for a purpose compatible with the reason for which the records are collected or maintained.

(4) To any criminal, civil, or regulatory law enforcement authority (whether Federal, state, territorial, local, tribal or foreign) when a record, either alone or in conjunction with other information, indicates a violation or potential violation of law – criminal, civil, or regulatory in nature, and the disclosure is compatible with the purpose for which the records were compiled.

(5) To an official of another Federal agency to provide information needed in the performance of official duties related to reconciling or reconstructing data files or to enable that agency to respond to an inquiry by the individual to whom the record pertains.

(6) To Federal, state, territorial, local, tribal, or foreign agencies that have requested information relevant or necessary to the hiring, firing or retention of an employee or contractor, or the issuance of a security clearance, license, contract, grant or other benefit, when the disclosure is compatible with the purpose for which the records were compiled.

(7) To representatives of the National Archives and Records Administration (NARA) to conduct records management inspections under the authority of 44 U.S.C. 2904 and 2906.

(8) To state, territorial and local governments and tribal organizations to provide information needed in response to court order and/or discovery purposes related to litigation, when the disclosure is compatible with the purpose for which the records were compiled.

(9) To an expert, consultant, or contractor (including employees of the contractor) of DOI that performs services requiring access to these records on DOI’s behalf to carry out the purposes of the system.

(10) To appropriate agencies, entities, and persons when:

(a) DOI suspects or has confirmed that there has been a breach of the system of records;

(b) DOI has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, DOI (including its information systems, program, and operations), the Federal government, or national security; and

(c) the disclosure made to such agencies, entities and persons is reasonably necessary to assist in connection with DOI’s efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.

(11) To another Federal agency or Federal entity, when DOI determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in:

(a) responding to a suspected or confirmed breach; or

(b) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.

(12) To the Office of Management and Budget (OMB) during the coordination and clearance process in connection with legislative affairs as mandated by OMB Circular A-19.

(13) To the Department of the Treasury to recover debts owed to the United States.

(14) To the news media and the public, with the approval of the Public Affairs Officer in consultation with counsel and the Senior Agency Official for Privacy, where there exists a legitimate public interest in the disclosure of the information, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy.

7. Provide the OMB clearance numbers, expiration dates, and titles of any OMB-approved information collection requirements contained in the system of records.

There is no OMB information collection requirement for this system of records.

7. Does the proposal require new or revised agency rules to be published in the Federal Register. (Say no or if yes – describe the rulemaking action and attach an advance copy of the document)

No. This system of records does not require new or revised agency rules to be published in the Federal Register.