Download:
html
Federal Register, Volume 83 Issue 195 (Tuesday, October 9, 2018)
[Federal Register Volume 83, Number 195 (Tuesday, October 9, 2018)]
[Notices]
[Pages 50682-50686]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-21796]
-----------------------------------------------------------------------
DEPARTMENT OF THE INTERIOR
Office of the Secretary
[DOI-2018-0008; 18XD4523WS, DS64900000, DWSN00000.000000, DP.64916]
Privacy Act of 1974; System of Records
AGENCY: Office of the Secretary, Interior.
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as
amended, the Department of the Interior proposes to modify the
Department of the Interior ``DOI-16, DOI LEARN (Department-wide
Learning Management System)'' system of records notice. This system of
[[Page 50683]]
records helps the Department of the Interior maintain and validate
training records, manage class rosters and transcripts, meet Federal
mandatory training and statistical reporting requirements, and manage
other functions related to training and educational programs. This
modified system will be included in the Department of the Interior's
inventory of record systems.
DATES: This modified system will be effective upon publication. New or
modified routine uses will be effective November 8, 2018. Submit
comments on or before November 8, 2018.
ADDRESSES: You may submit comments, identified by docket number DOI-
2018-0008, by any of the following methods:
Federal e-Rulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
Mail: Teri Barnett, Departmental Privacy Officer, U.S.
Department of the Interior, 1849 C Street NW, Room 7112, Washington, DC
20240.
Hand-delivering comments to Teri Barnett, Departmental
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW,
Room 7112, Washington, DC 20240.
Email: [email protected].
All submissions received must include the agency name and docket
number. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided.
FOR FURTHER INFORMATION CONTACT: Teri Barnett, Departmental Privacy
Officer, U.S. Department of the Interior, 1849 C Street NW, Room 7112,
Washington, DC 20240, email at [email protected] or by telephone
at (202) 208-1605.
SUPPLEMENTARY INFORMATION:
I. Background
The Department of the Interior (DOI), Office of the Secretary
maintains the DOI-16, DOI LEARN, system of records to manage
Department-wide, bureau and office training and learning programs. This
system of record helps DOI maintain and validate training records,
manage class rosters and transcripts for course administrators and the
student or learner, meet Federal mandatory training and statistical
reporting requirements, and manage other programmatic functions related
to training and educational programs. DOI collects personal information
from students in order to communicate training opportunities, manage
course registration and delivery, validate training records necessary
for certification or granting of college credit, process billing
information for training classes, and to meet Federal training
reporting requirements. Information may also be collected to comply
with the Americans with Disabilities Act requirements to address
facilities accommodations. Training and learning records are maintained
in DOI's web-based learning management system, and bureau and office
systems and locations where training programs are managed.
DOI is revising the system of records notice to update the system
name, system location, system manager and address, categories of
individuals, categories of records, storage, retrievability,
safeguards, retention and disposal, notification procedures, records
access and contesting procedures, and records source categories;
reorganize the sections and add new sections to describe the purpose of
the system and history in accordance with Office of Management and
Budget (OMB) Circular A-108; and provide general and administrative
updates to the remaining sections. Additionally, DOI is modifying
existing routine uses to provide clarity and transparency, and
proposing to add new proposed routine uses to permit sharing of
information with other agencies to respond to breaches of personally
identifiable information. Routine uses D, E, H, I, and J have been
modified to provide additional clarification on external organizations
and circumstances where disclosures are proper and necessary to
facilitate training functions or to comply with Federal requirements.
Routine use G was modified to further clarify disclosures to the
Department of Justice or other Federal agencies when necessary in
relation to litigation or judicial proceedings.
DOI is proposing to add new routine uses K through S to facilitate
sharing of information with agencies and organizations to ensure the
efficient and effective management of training for employees, promote
the integrity of the records in the system, or carry out a statutory
responsibility of the DOI or the Federal Government. Proposed routine
use K facilitates sharing of information with the Executive Office of
the President to resolve issues concerning individual's records.
Routine use L allows DOI to refer matters to the appropriate Federal,
state, local, or foreign agencies, or other public authority agencies
responsible for investigating or prosecuting violations of law. Routine
use M facilitates sharing with other government and tribal
organizations pursuant to a court order or discovery request. Modified
routine use N and proposed routine use O allow DOI to share information
with appropriate Federal agencies or entities when reasonably necessary
to respond to a breach of personally identifiable information and to
prevent, minimize, or remedy the risk of harm to individuals or the
Federal Government, or assist an agency in locating individuals
affected by a breach in accordance with OMB Memorandum M-17-12,
``Preparing for and Responding to a Breach of Personally Identifiable
Information.'' Routine use P facilitates sharing of privacy information
with OMB as required under OMB Circular A-19, ``Legislative
Coordination and Clearance.'' Routine use Q allows DOI to share
information with the Department of the Treasury to recover debts owed
to the United States. Routine use R allows DOI to disclose information
to the news media and the public when there is a legitimate public
interest in the information, or to demonstrate accountability or ensure
effective Government functions. Routine use S allows DOI to share
information with the Office of Personnel Management to maintain
integrity of employee training records and provide training reports to
meet Federal training requirements.
II. Privacy Act
The Privacy Act of 1974, as amended, embodies fair information
practice principles in a statutory framework governing the means by
which Federal agencies collect, maintain, use, and disseminate
individuals' records. The Privacy Act applies to records about
individuals that are maintained in a ``system of records.'' A ``system
of records'' is a group of any records under the control of an agency
from which information is retrieved by the name of an individual or by
some identifying number, symbol, or other identifying particular
assigned to the individual. The Privacy Act defines an individual as a
United States citizen or an alien lawfully admitted for permanent
residence. Individuals may request access to their own records that are
maintained in a system of records in the possession or under the
control of DOI by complying with DOI Privacy Act regulations at 43 CFR
part 2, subpart K, and following the procedures outlined in the Records
Access, Contesting Record, and Notification Procedures sections of this
notice.
The Privacy Act requires each agency to publish in the Federal
Register a description denoting the existence and character of each
system of records that the agency maintains and the routine uses of
each system. The revised DOI
[[Page 50684]]
learning management system of records notice is published in its
entirety below. In accordance with 5 U.S.C. 552a(r), DOI has provided a
report of this system of records to the Office of Management and Budget
and to Congress.
III. Public Participation
You should be aware your entire comment including your personal
identifying information, such as your address, phone number, email
address, or any other personal identifying information in your comment,
may be made publicly available at any time. While you may request to
withhold your personal identifying information from public review, we
cannot guarantee we will be able to do so.
Teri Barnett,
Departmental Privacy Officer.
SYSTEM NAME AND NUMBER:
INTERIOR/DOI-16, Learning Management System.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
(1) Department-wide training records are centrally managed by the
Office of Policy, Management and Budget, Chief Human Capital Office,
and are maintained in the Department's learning management system
located at a DOI-controlled datacenter at U.S. Department of the
Interior, 7301 W Mansfield Avenue, Denver, CO 80235.
(2) Records are also located in DOI bureau and office facilities,
systems, and portals that manage or sponsor training and educational
programs.
SYSTEM MANAGER(S):
(1) Chief Learning Officer, Office of the Secretary, Department of
the Interior, Main Interior Building, 1849 C Street NW, Washington, DC
20240.
(2) Bureau and Office Learning Managers responsible for managing
training, educational and learning programs. A current list of the
Learning Managers and their addresses is available on the DOI Learn
Bureau Contact website at https://www.doi.gov/doilearn/datastewards/.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 4101, et seq., Government Organization and Employee
Training; 5 U.S.C. 1302, 2951, 4118, 4506, 3101; 43 U.S.C. 1457; Title
VI of the Civil Rights Act of 1964 as amended (42 U.S.C. 2000d);
Executive Order 11348, Providing for Further Training of Government
Employees, as amended by Executive Order 12107, Relating to Civil
Service Commission and Labor Management in Federal Service; 5 CFR 410,
Subpart C, Establishing and Implementing Training Programs; Americans
with Disabilities Act (42 U.S.C. 12101); and the E-Government Act of
2002 (44 U.S.C. 3501, et seq.).
PURPOSE(S) OF THE SYSTEM:
The primary purposes of the system are to: (1) Manage training and
learning programs; (2) plan and facilitate training courses including
outreach, registration, enrollment and payment; (3) maintain and
validate training records for certification and mandatory compliance
reporting; (4) meet Federal training statistical reporting
requirements; (5) maintain class rosters and transcripts for course
administrators, students and learners; and (6) generate budget
estimates for training requirements.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
DOI employees, contractors, interns, emergency workers, volunteers
and appointees who receive training related to their official duties,
whether or not sponsored by DOI bureaus and offices. Non-DOI
individuals who participate in DOI-sponsored training and educational
programs, or participate in DOI-sponsored meetings and activities
related to training and educational programs. Non-DOI individuals may
include individuals from other Federal, state or local agencies,
private or not-for-profit organizations, universities and other
schools, and members of the public.
CATEGORIES OF RECORDS IN THE SYSTEM:
Training, educational and learning management records may include
course registration, attendance rosters, and course information
including course title, class name, objectives, description, and who
should attend; class status information including begin and end dates,
responsible class instructor, completion status and certification
requirements; student transcripts (course(s) completed/not completed,
test scores, acquired skills); and correspondence, reports and
documentation related to training, education and learning management
programs. These records may contain: Name, Social Security number,
employee common identifier generated from the DOI Federal Personnel and
Payroll System (FPPS), login username, password, agency or organization
affiliation, work or personal address, work or personal phone and fax
number, work or personal email address, gender, date of birth,
organization code, position title, occupational series, pay plan, grade
level, supervisory status, type of appointment, education level, duty
station code, agency, bureau, office, organization, supervisor's name
and phone number, date of Federal service, date of organization or
position assignment, date of last promotion, occupational category,
race, national origin, and adjusted basic pay. Records may also include
billing information such as responsible agency, tax identifier number,
DUNS number, purchase order numbers, agency location codes and credit
card information. Records maintained on non-DOI individuals is
generally limited to name, agency or organization affiliation, address,
work and personal phone and fax numbers, work and personal email
addresses, supervisor name and contact information, position title,
occupational series, and billing information.
RECORD SOURCE CATEGORIES:
Information on DOI employees is obtained directly from individuals
on whom the records are maintained, supervisors, or existing DOI
records. Historical employee training records may be obtained from
other DOI learning management systems. Information from non-DOI
individuals who register or participate in DOI-sponsored training
programs is obtained from individuals through paper and electronic
forms. Information may also be obtained by another agency, institution
or organization that sponsored the training event.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DOI as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To release statistical information and training reports to other
organizations who are involved with the training.
B. To disclose information to other Government training facilities
(Federal, state, and local) and to non-Government training facilities
(private vendors of training courses or programs, private schools,
etc.) for training purposes.
C. To provide transcript information to education institutions upon
the student's request in order to facilitate transfer of credit to that
institution, and to provide college and university officials with
information about their students working in the Pathways
[[Page 50685]]
Program, Volunteer Service, or other similar programs necessary to a
student's obtaining credit for the experience.
D. To Federal, state, territorial, local, tribal, or foreign
agencies that have requested information relevant or necessary to the
hiring, firing or retention of an employee or contractor, or the
issuance of a security clearance, license, contract, grant or other
benefit, when the disclosure is compatible with the purpose for which
the records were compiled.
E. To an expert, consultant, grantee, or contractor (including
employees of the contractor) of DOI that performs services requiring
access to these records on DOI's behalf to carry out the purposes of
the system.
F. To share logistical or attendance information with partner
agencies (Government or non-Government) who, based on cooperative
training agreements, have a need to know.
G. To the Department of Justice (DOJ), including Offices of the
U.S. Attorneys, or other Federal agency conducting litigation or in
proceedings before any court, adjudicative, or administrative body,
when it is relevant or necessary to the litigation and one of the
following is a party to the litigation or has an interest in such
litigation:
(1) DOI or any component of DOI;
(2) Any other Federal agency appearing before the Office of
Hearings and Appeals;
(3) Any DOI employee or former employee acting in his or her
official capacity;
(4) Any DOI employee or former employee acting in his or her
individual capacity when DOI or DOJ has agreed to represent that
employee or pay for private representation of the employee; or
(5) The United States Government or any agency thereof, when DOJ
determines that DOI is likely to be affected by the proceeding.
H. To a congressional office when requesting information on behalf
of, and at the request of, the individual who is the subject of the
record.
I. To an official of another Federal, state or local government or
Tribal organization to provide information needed in the performance of
official duties related to reconciling or reconstructing data files, in
support of the functions for which the records were collected and
maintained, or to enable that agency to respond to an inquiry by the
individual to whom the record pertains.
J. To representatives of the National Archives and Records
Administration (NARA) to conduct records management inspections under
the authority of 44 U.S.C. 2904 and 2906.
K. To the Executive Office of the President in response to an
inquiry from that office made at the request of the subject of a record
or a third party on that person's behalf, or for a purpose compatible
with the reason for which the records are collected or maintained.
L. To any criminal, civil, or regulatory law enforcement authority
(whether Federal, state, territorial, local, tribal or foreign) when a
record, either alone or in conjunction with other information,
indicates a violation or potential violation of law--criminal, civil,
or regulatory in nature, and the disclosure is compatible with the
purpose for which the records were compiled.
M. To state, territorial and local governments and tribal
organizations to provide information needed in response to court order
and/or discovery purposes related to litigation, when the disclosure is
compatible with the purpose for which the records were compiled.
N. To appropriate agencies, entities, and persons when:
(1) DOI suspects or has confirmed that there has been a breach of
the system of records;
(2) DOI has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, DOI (including
its information systems, programs, and operations), the Federal
Government, or national security; and
(3) the disclosure made to such agencies, entities and persons is
reasonably necessary to assist in connection with DOI's efforts to
respond to the suspected or confirmed breach or to prevent, minimize,
or remedy such harm.
O. To another Federal agency or Federal entity, when DOI determines
that information from this system of records is reasonably necessary to
assist the recipient agency or entity in:
(1) responding to a suspected or confirmed breach; or
(2) preventing, minimizing, or remedying the risk of harm to
individuals, the recipient agency or entity (including its information
systems, programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
P. To the Office of Management and Budget (OMB) during the
coordination and clearance process in connection with legislative
affairs as mandated by OMB Circular A-19.
Q. To the Department of the Treasury to recover debts owed to the
United States.
R. To the news media and the public, with the approval of the
Public Affairs Officer in consultation with counsel and the Senior
Agency Official for Privacy, where there exists a legitimate public
interest in the disclosure of the information, except to the extent it
is determined that release of the specific information in the context
of a particular case would constitute an unwarranted invasion of
personal privacy.
S. To the Office of Personnel Management to disclose information on
employee general training, including recommendations and completion,
specialized training obtained, participation in government-sponsored
training, or training history as required to provide workforce
information for official personnel files.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
Pursuant to 5 U.S.C. 552a(b)(12), records may be disclosed to
consumer reporting agencies as they are defined in the Fair Credit
Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act
of 1966 (31 U.S.C. 3701(a)(3)).
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in systems, databases, electronic media on hard
disks, magnetic tapes, compact disks and paper media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information from this system is retrieved by either unique
identifying fields (e.g., student name or email address) or by general
category (e.g., course code, training location, class start date,
registration date, affiliation, mandatory training compliance and
payment status).
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
DOI training records are maintained under Department Records
Schedule (DRS)--1.2.0004, Short-Term Human Resources Records (DAA-0048-
2013-0001-0004) and DRS -1.2.0005, Long-term Human Resources Records
(DAA-0048-2013-0001-0005), which were approved by NARA. General
employee training records and working files have a temporary
disposition authority and are maintained for three years. Records will
be cut off at the end of fiscal year in which files are closed, and the
records will be destroyed 3 years after cut-off. Employee performance
and competency management records maintained under DRS 1.2.0005 have a
longer retention period. The records
[[Page 50686]]
disposition is temporary, and records will be cut off at the end of the
fiscal year in which the record is created. Contractor data will be cut
off when the contractor separates or is no longer employed by the
agency. Records must be retained 7 years after cut-off.
Training records related to specialized program areas may be
covered under other approved records retention schedules based on the
program or mission area and agency needs. Retention periods may vary
based on the training program or subject matter, and longer retention
is authorized for specific training programs when it is necessary to
support business use or to meet Federal records requirements. Approved
destruction methods for temporary records that have met their retention
period include shredding or pulping paper records, and erasing or
degaussing electronic records in accordance with 384 Departmental
Manual 1 and NARA guidelines.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The records maintained in this system are safeguarded in accordance
with 43 CFR 2.226 and other applicable security rules and policies.
During normal hours of operation, paper or micro format records are
maintained in locked file cabinets in secured rooms under the control
of authorized personnel. Information technology systems follow the
National Institute of Standards and Technology privacy and security
standards developed to comply with the Privacy Act of 1974 as amended,
5 U.S.C. 552a; the Paperwork Reduction Act of 1995, Public Law 104-13;
the Federal Information Security Modernization Act of 2014, Public Law
113-283, as codified at 44 U.S.C. 3551, et seq.; and the Federal
Information Processing Standard 199, Standards for Security
Categorization of Federal Information and Information Systems.
Computer servers on which electronic records are stored are located
in secured DOI facilities with physical, technical and administrative
levels of security to prevent unauthorized access to the DOI network
and information assets. Security controls include encryption,
firewalls, audit logs, and network system security monitoring.
Electronic data is protected through user identification, passwords,
database permissions and software controls. Access to records in the
system is limited to authorized personnel who have a need to access the
records in the performance of their official duties, and each person's
access is restricted to only the functions and data necessary to
perform that person's job responsibilities. System administrators and
authorized users for DOI are trained and required to follow established
internal security protocols and must complete all security, privacy,
and records management training, and sign DOI Rules of Behavior.
Computerized records systems follow the National Institute of
Standards and Technology privacy and security standards as developed to
comply with the Privacy Act of 1974, 5 U.S.C. 552a; Paperwork Reduction
Act of 1995, 44 U.S.C. 3501-3521; Federal Information Security
Modernization Act of 2014, 44 U.S.C. 3551-3558; and the Federal
Information Processing Standards 199: Standards for Security
Categorization of Federal Information and Information Systems. Security
controls include user identification, passwords, database permissions,
encryption, firewalls, audit logs, and network system security
monitoring, and software controls. A privacy impact assessment was
conducted on DOI's learning management system to ensure that Privacy
Act requirements are met and appropriate privacy controls were
implemented to safeguard personally identifiable information.
RECORD ACCESS PROCEDURES:
An individual requesting records on himself or herself should send
a signed, written inquiry to the System Manager as identified above.
The request must include the specific bureau or office that maintains
the record to facilitate location of the applicable records. The
request envelope and letter should both be clearly marked ``PRIVACY ACT
REQUEST FOR ACCESS.'' A request for access must meet the requirements
of 43 CFR 2.238.
CONTESTING RECORD PROCEDURES:
An individual requesting corrections or the removal of material
from his or her records should send a signed, written request to the
System Manager as identified above. The request must include the
specific bureau or office that maintains the record to facilitate
location of the applicable records. A request for corrections or
removal must meet the requirements of 43 CFR 2.246.
NOTIFICATION PROCEDURES:
An individual requesting notification of the existence of records
on himself or herself should send a signed, written inquiry to the
System Manager as identified above. The request must include the
specific bureau or office that maintains the record to facilitate
location of the applicable records. The request envelope and letter
should both be clearly marked ``PRIVACY ACT INQUIRY.'' A request for
notification must meet the requirements of 43 CFR 2.235.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
70 FR 58230 (October 5, 2005); modification published at 73 FR 8342
(February 13, 2008).
[FR Doc. 2018-21796 Filed 10-5-18; 8:45 am]
BILLING CODE 4334-63-P
File Type | text/html |
File Modified | 0000-00-00 |
File Created | 0000-00-00 |