[Federal Register Volume 86, Number 132 (Wednesday, July 14, 2021)] [Notices] [Pages 37181-37184] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2021-14985] ----------------------------------------------------------------------- DEPARTMENT OF THE INTERIOR National Park Service [DOI-2021-0001; PPWOVPADU0/POPFR2021.XZ0000] Privacy Act of 1974; System of Records AGENCY: National Park Service, Interior. ACTION: Notice of a modified system of records. ----------------------------------------------------------------------- SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of the Interior (DOI) is issuing a public notice of its intent to modify the National Park Service (NPS) Privacy Act system of records, INTERIOR/NPS-1, Special Use Permits. DOI is updating this system of records notice (SORN) to update the authorities, system location, and categories of records; propose new and modified routine uses; and add new sections and make general updates to remaining sections to accurately reflect management of the system of records in accordance with the Office of Management and Budget (OMB) policy. This modified system will be included in DOI's inventory of record systems. DATES: This modified system will be effective upon publication. New or [[Page 37182]] modified routine uses will be effective August 13, 2021. Submit comments on or before August 13, 2021. ADDRESSES: You may send comments identified by docket number [DOI-2021- 0001] by any of the following methods:Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for sending comments. Email: [email protected]. Include docket number [DOI-2021-0001] in the subject line of the message. U.S. mail or hand-delivery: Teri Barnett, Departmental Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, Room 7112, Washington, DC 20240. Instructions: All submissions received must include the agency name and docket number [DOI-2021-0001]. All comments received will be posted without change to http://www.regulations.gov, including any personal information provided. Docket: For access to the docket to read background documents or comments received, go to http://www.regulations.gov. FOR FURTHER INFORMATION CONTACT: Felix Uribe, Associate Privacy Officer, National Park Service, 12201 Sunrise Valley Drive, Reston, VA 20192, [email protected] or (202) 354-6925. SUPPLEMENTARY INFORMATION: I. Background The NPS maintains the ``Special Use Permits--Interior, NPS-1'' system of records. The purpose of the system is to provide park superintendents with information to approve or deny requests for activities on NPS managed park lands that provide a benefit to an individual, group or organization, rather than the public at large. The system also assists park staff to ensure that the permitted activity does not interfere with the enjoyment of the park by visitors and that the natural and cultural resources of the park are protected. DOI is publishing this revised notice to update the system location, categories of records; add sections for security classification, purpose and history of the system of records, and make general updates to the remaining sections to accurately reflect management of the system of records in accordance with OMB Circular A-108, Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act. DOI is revising the authority to replace former provisions in accordance with the new Title 54 of the U.S. Code, which includes only laws applicable to NPS. DOI is proposing to modify existing routine uses to provide clarity and transparency, and to facilitate sharing of information with agencies and organizations to promote the integrity of the records in the system or carry out a statutory responsibility of the DOI or Federal Government. Additionally, DOI is proposing to add two new routine uses to facilitate sharing with the Executive Office of the President to resolve issues upon request of the subject of the record and with other Federal agencies or entities to respond to a breach of personally identifiable information (PII). Routine use A was slightly modified to further clarify disclosures to the Department of Justice (DOJ) or other Federal agencies when necessary in relation to litigation or judicial hearings. Routine use B was modified to clarify disclosures to a congressional office to respond to or resolve an individual's request made to that office. Proposed routine use C facilitates sharing of information with the Executive Office of the President to resolve issues concerning individuals' records. Routine use I was modified to include grantees to facilitate sharing of information when authorized and necessary to perform services on DOI's behalf. Modified routine use J and proposed routine use K allow DOI and NPS to share information with appropriate Federal agencies or entities when reasonably necessary to respond to a breach of PII and to prevent, minimize, or remedy the risk of harm to individuals or the Federal Government, or assist an agency in locating individuals affected by a breach in accordance with OMB Memorandum M- 17-12, Preparing for and Responding to a Breach of Personally Identifiable Information. Routine use N was modified to clarify circumstances where information may be shared with the news media and the public. II. Privacy Act The Privacy Act of 1974, as amended, embodies fair information practice principles in a statutory framework governing the means by which Federal agencies collect, maintain, use, and disseminate individuals' records. The Privacy Act applies to records about individuals that are maintained in a ``system of records.'' A ``system of records'' is a group of any records under the control of an agency from which information is retrieved by the name of an individual or by some identifying number, symbol, or other identifying particular assigned to the individual. The Privacy Act defines an individual as a United States citizen or lawful permanent resident. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of DOI by complying with DOI Privacy Act regulations at 43 CFR part 2, subpart K, and following the procedures outlined in the Records Access, Contesting Record, and Notification Procedures sections of this notice. The Privacy Act requires each agency to publish in the Federal Register a description denoting the existence and character of each system of records that the agency maintains and the routine uses of each system. The INTERIOR/NPS-1, Special Use Permits, system of records notice is published in its entirety below. In accordance with 5 U.S.C. 552a(r), DOI has provided a report of this system of records to the Office of Management and Budget and to Congress. III. Public Participation You should be aware your entire comment including your personally identifiable information, such as your address, phone number, email address, or any other personal information in your comment, may be made publicly available at any time. While you may request to withhold your personally identifiable information from public review, we cannot guarantee we will be able to do so. SYSTEM NAME AND NUMBER: INTERIOR/NPS-1, Special Use Permits. SECURITY CLASSIFICATION: Unclassified. SYSTEM LOCATION: This system is managed by the Special Park Uses Program, 1849 C Street NW, Mail Stop 2460, Washington, DC 20240. Records are located at the parks responsible for issuing special use permits. A current listing of park offices and contact information may be obtained by visiting the NPS website at http://www.nps.gov or by contacting the System Manager. SYSTEM MANAGER(S): Special Park Uses Program Manager, 1849 C Street NW, Mail Stop 2460, Washington, DC 20240. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: Title 54, United States Code, National Park Service and Related Programs. PURPOSE(S) OF THE SYSTEM: The purpose of the system is to provide park superintendents with information to approve or deny requests for activities on NPS managed park lands that provide a benefit to an individual, group or organization, rather [[Page 37183]] than the public at large. The system also helps park staff ensure that the permitted activity does not interfere with the enjoyment of the park by visitors and that the natural and cultural resources of the park are protected. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Individuals covered by the system include NPS employees and contractors responsible for processing applications for special use permits, applicants of special use permits, and holders of special use permits. This system contains records concerning corporations and other business entities, which are not subject to the Privacy Act. However, records pertaining to individuals acting on behalf of corporations and other business entities may reflect personal information that may be maintained in this system of records. CATEGORIES OF RECORDS IN THE SYSTEM: The system contains: (1) Applications for special use permits; (2) decisions, correspondence or records generated in support of the program; and (3) supporting documentation for permitted activities containing site plans, diagrams, story boards or scripts, crowd control and emergency medical plans and proposed site plan(s). These records may include name, organization, Social Security number, Tax Identification Number (TIN), date of birth, address, telephone number, fax number, email address, person's position title; information of proposed activity including park alpha code, permit number, date, location, number of participants and vehicles, type of use, equipment, support personnel for the activity, company, project name and type, fees, liability insurance information; payment information including amounts paid, credit card number, credit card expiration date, check number, money order number, bank or financial institution, account number, payment reference number and tracking ID number; information on special activities including number of minors, livestock, aircraft type, special effects, special effect technician's license and permit number, stunts, unusual or hazardous activities; information on driver's license including number, state, and expiration date; vehicle information including year, make, color, weight, plate number, and insurance information. RECORD SOURCE CATEGORIES: Records in the system are obtained from applicants of special use permits and holders of special use permits. ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, all or a portion of the records or information contained in this system may be disclosed outside DOI as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows: A. To the Department of Justice (DOJ), including Offices of the U.S. Attorneys, or other Federal agency conducting litigation or in proceedings before any court, adjudicative, or administrative body, when it is relevant or necessary to the litigation and one of the following is a party to the litigation or has an interest in such litigation: (1) DOI or any component of DOI; (2) Any other Federal agency appearing before the Office of Hearings and Appeals; (3) Any DOI employee or former employee acting in his or her official capacity; (4) Any DOI employee or former employee acting in his or her individual capacity when DOI or DOJ has agreed to represent that employee or pay for private representation of the employee; or (5) The United States Government or any agency thereof, when DOJ determines that DOI is likely to be affected by the proceeding. B. To a congressional office when requesting information on behalf of, and at the request of, the individual who is the subject of the record. C. To the Executive Office of the President in response to an inquiry from that office made at the request of the subject of a record or a third party on that person's behalf, or for a purpose compatible with the reason for which the records are collected or maintained. D. To any criminal, civil, or regulatory law enforcement authority (whether Federal, state, territorial, local, tribal or foreign) when a record, either alone or in conjunction with other information, indicates a violation or potential violation of law--criminal, civil, or regulatory in nature, and the disclosure is compatible with the purpose for which the records were compiled. E. To an official of another Federal agency to provide information needed in the performance of official duties related to reconciling or reconstructing data files or to enable that agency to respond to an inquiry by the individual to whom the record pertains. F. To Federal, state, territorial, local, tribal, or foreign agencies that have requested information relevant or necessary to the hiring, firing or retention of an employee or contractor, or the issuance of a security clearance, license, contract, grant or other benefit, when the disclosure is compatible with the purpose for which the records were compiled. G. To representatives of the National Archives and Records Administration (NARA) to conduct records management inspections under the authority of 44 U.S.C. 2904 and 2906. H. To state, territorial and local governments and tribal organizations to provide information needed in response to court order and/or discovery purposes related to litigation, when the disclosure is compatible with the purpose for which the records were compiled. I. To an expert, consultant, grantee, or contractor (including employees of the contractor) of DOI that performs services requiring access to these records on DOI's behalf to carry out the purposes of the system. J. To appropriate agencies, entities, and persons when: (1) DOI suspects or has confirmed that there has been a breach of the system of records; (2) DOI has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, DOI (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with DOI's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm. K. To another Federal agency or Federal entity, when DOI determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in: (1) responding to a suspected or confirmed breach; or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. L. To the Office of Management and Budget (OMB) during the coordination and clearance process in connection with legislative affairs as mandated by OMB Circular A-19. M. To the Department of the Treasury to recover debts owed to the United States. N. To the news media and the public, with the approval of the Public Affairs Officer in consultation with counsel and [[Page 37184]] the Senior Agency Official for Privacy, where there exists a legitimate public interest in the disclosure of the information, except to the extent it is determined that release of the specific information in the context of a particular case would constitute an unwarranted invasion of personal privacy. DISCLOSURE TO CONSUMER REPORTING AGENCIES: Disclosure pursuant to 5 U.S.C. 552a(b)(12). Disclosures may be made from this system to consumer reporting agencies as defined in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Act of 1966 (31 U.S.C. 3701(a)(3)). POLICIES AND PRACTICES FOR STORAGE OF RECORDS: Paper records are contained in file folders stored within filing cabinets. Electronic records are maintained in computers, computer databases, email, and electronic media such as removable hard drives, magnetic disks, compact discs, and computer tapes. POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS: Records in the system are retrieved by permittee's name, permit number or date of activity. POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS: Records in this system are retained in accordance with the NPS Service Records Schedule Resource Management and Lands (Category 1). This schedule has been approved by NARA (Job No. N1-79-08-1). The disposition is temporary. Retention of records with short-term operational value and not considered essential for the ongoing management of land and cultural and natural resources are destroyed 15 years after closure. Paper records are disposed of by shredding or pulping, and records contained on electronic media are degaussed or erased in accordance with 384 Departmental Manual 1. ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS: The records contained in this system are safeguarded in accordance with 43 CFR 2.226 and other applicable security rules and policies. Paper records are maintained in file cabinets located in secured DOI facilities under the control of authorized personnel. Access to DOI networks and records in this system requires DOI credentials or a valid username, password and is limited to DOI personnel who have a need to know the information for the performance of their official duties. Computers and storage media are encrypted in accordance with DOI security policy. Computers containing files are password protected to restrict unauthorized access. The computer servers in which electronic records are stored are located in secured DOI facilities. Computerized records systems follow the National Institute of Standards and Technology privacy and security standards as developed to comply with the Privacy Act of 1974, as amended, 5 U.S.C. 552a; Paperwork Reduction Act of 1995, 44 U.S.C. 3501 et seq.; Federal Information Security Modernization Act of 2014, 44 U.S.C. 3551 et seq.; and the Federal Information Processing Standards 199: Standards for Security Categorization of Federal Information and Information Systems. Security controls include user identification, passwords, database permissions, encryption, firewalls, audit logs, and network system security monitoring, and software controls. Access to records in the system is limited to authorized personnel who have a need to access the records in the performance of their official duties, and each user's access is restricted to only the functions and data necessary to perform that person's job responsibilities. System administrators and authorized users are trained and required to follow established internal security protocols and must complete all security, privacy, and records management training and sign the DOI Rules of Behavior. RECORD ACCESS PROCEDURES: An individual requesting records on himself or herself should send a signed, written inquiry to the applicable System Manager identified above. The request must include the specific bureau or office that maintains the record to facilitate location of the applicable records. The request envelope and letter should both be clearly marked ``PRIVACY ACT REQUEST FOR ACCESS.'' A request for access must meet the requirements of 43 CFR 2.238. CONTESTING RECORD PROCEDURES: An individual requesting corrections or the removal of material from his or her records should send a signed, written request to the applicable System Manager as identified above. The request must include the specific bureau or office that maintains the record to facilitate location of the applicable records. A request for corrections or removal must meet the requirements of 43 CFR 2.246. NOTIFICATION PROCEDURES: An individual requesting notification of the existence of records on himself or herself should send a signed, written inquiry to the applicable System Manager as identified above. The request must include the specific bureau or office that maintains the record to facilitate location of the applicable records. The request envelope and letter should both be clearly marked ``PRIVACY ACT INQUIRY.'' A request for notification must meet the requirements of 43 CFR 2.235. EXEMPTIONS PROMULGATED FOR THE SYSTEM: None. HISTORY: 79 FR 9272 (February 18, 2014). Teri Barnett, Departmental Privacy Officer, Department of the Interior. [FR Doc. 2021-14985 Filed 7-13-21; 8:45 am] BILLING CODE 4312-52-P