[Federal Register Volume 89, Number 91 (Thursday, May 9, 2024)]
[Notices]
[Pages 39637-39640]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-10144]


-----------------------------------------------------------------------

DEPARTMENT OF THE INTERIOR

Bureau of Land Management

[DOI-2023-0025; LLHQ500000, L18500000.YC0000, LIITADC10000, 245]


Privacy Act of 1974; System of Records

AGENCY: Bureau of Land Management, Interior.

ACTION: Notice of a modified system of records.

-----------------------------------------------------------------------

SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as 
amended, the Department of the Interior (DOI) is issuing a public 
notice of its intent to modify the Bureau of Land Management (BLM) 
Privacy Act system of records, INTERIOR/BLM-16, Timber Sale Information 
System (TSIS). DOI is publishing this revised system of records notice 
(SORN) to change the system name to INTERIOR/BLM-16, Forest Resources 
Information System (FRIS), to provide organizational clarification 
related to the overall management of the forest resources program and 
to update all sections of the notice in accordance with the Office of 
Management and Budget (OMB) policy. This modified system will be 
included in DOI's inventory of record systems.

DATES: This modified system will be effective upon publication. New or 
modified routine uses will be effective June 10, 2024. Submit comments 
on or before June 10, 2024.

ADDRESSES: You may send comments identified by docket number [DOI-2023-
0025] by any of the following methods:
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for sending comments.
     Email: [email protected]. Include docket number 
[DOI-2023-0025] in the subject line of the message.
     U.S. mail or hand-delivery: Teri Barnett, Departmental 
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW, 
Room 7112, Washington, DC 20240.
    Instructions: All submissions received must include the agency name 
and docket number [DOI-2023-0025]. All comments received will be posted 
without change to http://www.regulations.gov, including any personal 
information provided.
    Docket: For access to the docket to read background documents or 
comments received, go to http://www.regulations.gov.

FOR FURTHER INFORMATION CONTACT: Ashanti Murphy-Jones, Acting Associate 
Privacy Officer, Bureau of Land Management, 1849 C Street NW, Room No. 
5644, Washington, DC 20240, [email protected] or (202) 365-1429.

SUPPLEMENTARY INFORMATION: 

I. Background

    BLM maintains the INTERIOR/BLM-16, Timber Sale Information System 
(TSIS), system of records to support the management and tracking of 
forest resources, including timber sale, accounting, management, and 
activity tracking; stewardship contract management and activity; and 
special consolidated reporting. Each of these modules provide direct 
support to the BLM mission goals related to managing the use of forest 
and woodland products in the Public Domain (PD) and in the Oregon and 
California Grant Lands (O&C).
    DOI is publishing this revised notice to change the system name 
from INTERIOR/BLM-16, Timber Sale Information System (TSIS), to 
INTERIOR/BLM-16, Forest Resources Information System (FRIS), to provide 
organizational clarification for the overall forest resources program. 
DOI is also adding a new purpose section to describe the primary 
purpose of FRIS; updating the system location to reflect a move to a 
DOI data center and the cloud environment; updating the system manager 
section, authorities for maintenance of the system, and the records 
source categories section to provide additional clarification on 
individual sources of information; updating the policies and practices 
for retention of records section to clarify the records retention 
schedule; updating safeguards to protect records; and providing an 
updated description on the retrieval of records. DOI is further 
expanding the categories of individuals to provide clarification on the 
individuals covered by the system and the categories of records to 
reflect additional types of records that are maintained in the system; 
and updating the records access, contesting record, and notification 
procedures to provide guidance on how individuals may submit requests 
under the Privacy Act. This notice also reorganizes the sections and 
updates section titles in accordance with OMB Circular A-108, Federal 
Agency Responsibilities for Review, Reporting, and Publication under 
the Privacy Act.
    The existing routine uses are being updated from a numeric to 
alphabetic list and are being modified to provide clarity and 
transparency and reflect updates consistent with standard DOI routine 
uses. Additionally, DOI is proposing new routine uses to facilitate 
sharing of information with agencies and organizations to promote the 
integrity of the records in the system or carry out a statutory 
responsibility of the DOI or Federal government.
    Routine use A was slightly modified to further clarify disclosures 
to the Department of Justice (DOJ) or other Federal agencies, when 
necessary, in relation to litigation or judicial hearings. Routine use 
B was modified to clarify disclosures to a congressional office to 
respond to or resolve an individual's request made to that office. 
Routine use H was slightly modified to include sharing of information 
with territorial government agencies in response to court orders or for 
discovery purposes related to litigation. Routine use I was modified to 
include grantees and shared service providers to facilitate sharing of 
information when authorized and necessary to perform services on DOI's 
behalf. Modified routine use J allows DOI and BLM to share information 
with appropriate Federal agencies or entities when reasonably necessary 
to respond to a breach of PII and to prevent, minimize, or remedy the 
risk of harm to individuals or the Federal government in accordance 
with OMB Memorandum M-17-12, Preparing for and Responding to a Breach 
of Personally Identifiable Information. Routine use N was modified to 
clarify sharing with the news media and the public where there is a 
legitimate public interest or in support of a legitimate law 
enforcement or public safety function.
    Proposed routine use C facilitates sharing of information with the 
Executive Office of the President to resolve issues concerning 
individuals' records. BLM is removing the former routine use 13 for 
disclosure to consumer reporting agencies and has included that notice 
at the end of this section.
    Pursuant to the Privacy Act, 5 U.S.C. 552a(b)(12), DOI may disclose

[[Page 39638]]

information from this system to consumer reporting agencies as defined 
in the Fair Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal 
Claims Collection Act of 1966 (31 U.S.C. 3701(a)(3)) to aid in the 
collection of outstanding debts owed to the Federal Government.

II. Privacy Act

    The Privacy Act of 1974, as amended, embodies fair information 
practice principles in a statutory framework governing how Federal 
agencies collect, maintain, use, and disseminate individuals' records. 
The Privacy Act applies to records about individuals that are 
maintained in a ``system of records.'' A ``system of records'' is a 
group of any records under the control of an agency from which 
information is retrieved by the name of an individual or by some 
identifying number, symbol, or other identifying information assigned 
to the individual. The Privacy Act defines an individual as a United 
States citizen or lawful permanent resident. Individuals may request 
access to their own records that are maintained in a system of records 
in the possession or under the control of DOI by complying with DOI 
Privacy Act regulations at 43 CFR part 2, subpart K, and following the 
procedures outlined in the Records Access, Contesting Record, and 
Notification Procedures sections of this notice.
    The Privacy Act requires each agency to publish in the Federal 
Register a description denoting the existence and character of each 
system of records that the agency maintains, and the routine uses of 
each system. The INTERIOR/BLM-16, Forest Resources Information System 
(FRIS), SORN is published in its entirety below. In accordance with 5 
U.S.C. 552a(r), DOI has provided a report of this system of records to 
the OMB and to Congress.

III. Public Participation

    You should be aware your entire comment including your personally 
identifiable information, such as your address, phone number, email 
address, or any other personal information in your comment, may be made 
publicly available at any time. While you may request to withhold your 
personally identifiable information from public review, we cannot 
guarantee we will be able to do so.

SYSTEM NAME AND NUMBER:
    INTERIOR/BLM-16, Forest Resources Information System (FRIS).

SECURITY CLASSIFICATION:
    Unclassified.

SYSTEM LOCATION:
    Records are maintained at National Operations Center, Bureau of 
Land Management, U.S. Department of the Interior, 6th Avenue & Kipling 
Boulevard, Denver Federal Center, Building 50, Denver, Colorado 80225. 
Records may also be located in a cloud location managed by the DOI.

SYSTEM MANAGER(S):
    Deputy State Director, Division of Resources, Lands, and Minerals 
(OR930), Oregon State Office, Bureau of Land Management, U.S. 
Department of the Interior, P.O. Box 2965, Portland, OR 97208.

AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
    Exportation of unprocessed timber from Federal lands, 16 U.S.C. 
617; Mineral Materials Act of 1947, 30 U.S.C. 601; Oregon and 
California Revested Lands Sustained Yield Management Act of 1937, 43 
U.S.C. 2601; Healthy Forests Restoration Act of 2003, Public Law 108-
148; Agricultural Act of 2014, Public Law 113-79.

PURPOSE(S) OF THE SYSTEM:
    The primary purpose of FRIS is to track and record BLM's Forest 
management lifecycle activity. FRIS provides users with a suite of 
computational tools and procedures for managing activities associated 
with the management of forest resources. FRIS provides the tools for 
managing BLM timber sale contracts; special forest product permits, 
stewardship contracting process, non-contracted forest depletions, 
forest treatment spatial extents, pre/post contract forest inventory, 
timber volumes and appraisals, protest appeals, forest trespass 
activity, and reports.

CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
    The categories of the individuals covered in the system include 
members of the public entering a forestry products contract with BLM or 
individual appellants associated with a forestry management decision. 
These include timber purchasers/contractors (i.e., individual, 
partnership, corporate); contact person(s) for timber purchaser/
contractor; permittees (i.e., individual or contractor) of special 
forest products; and appellant (i.e., individual or organization) of 
forestry management decision.
    This system contains records concerning corporations and other 
business entities, which are not subject to the Privacy Act. However, 
records pertaining to individuals acting on behalf of corporations and 
other business entities may reflect personal information that may be 
maintained in this system of records.

CATEGORIES OF RECORDS IN THE SYSTEM:
    The system contains records related to the management of forest 
resources. The records contain BLM timber sale contracts, special 
forest product permits, stewardship contracting process, non-contracted 
forest depletions, forest treatment spatial extents, pre/post contract 
forest inventory, timber volumes and appraisals, protest, appeals, 
forest trespass activity, and reports.
    These records for purchaser contracts include business name, 
address, and designated representatives, timber quantity, contract 
price, BLM assigned contract number, and information on debts owed to 
BLM because of defective payments. These documents also contain the BLM 
contractor officer's name and title.
    For permits issued to the public, the information may include 
individuals name, citizenship, personal email address, mailing/home 
address, personal phone numbers, driver's license, vehicle information, 
license plate information, and description of the material purchased.

RECORD SOURCE CATEGORIES:
    The sources of information in the system include purchasers, 
purchasers' contracts, and holders of forest product permits, which can 
be collected on the FRIS public facing website, in person at a BLM 
facility, or from an authorized BLM Contracting Officer.

ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES 
OF USERS AND PURPOSES OF SUCH USES:
    In addition to those disclosures generally permitted under 5 U.S.C. 
552a(b) of the Privacy Act, all or a portion of the records or 
information contained in this system may be disclosed outside DOI as a 
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
    A. To the Department of Justice (DOJ), including Offices of the 
U.S. Attorneys, or other Federal agency conducting litigation or in 
proceedings before any court, adjudicative, or administrative body when 
it is relevant or necessary to the litigation and one of the following 
is a party to the litigation or has an interest in such litigation:
    (1) DOI or any component of DOI;
    (2) Any other Federal agency appearing before the Office of 
Hearings and Appeals;
    (3) Any DOI employee or former employee acting in his or her 
official capacity;

[[Page 39639]]

    (4) Any DOI employee or former employee acting in his or her 
individual capacity if DOI or DOJ has agreed to represent that employee 
or pay for private representation of the employee; or
    (5) The U.S. Government or any agency thereof, when DOJ determines 
that DOI is likely to be affected by the proceeding.
    B. To a congressional office when requesting information on behalf 
of, and at the request of, the individual who is the subject of the 
record.
    C. To the Executive Office of the President in response to an 
inquiry from that office made at the request of the subject of a record 
or a third party on that person's behalf, or for a purpose compatible 
with the reason for which the records are collected or maintained.
    D. To any criminal, civil, or regulatory law enforcement authority 
(whether Federal, State, territorial, local, or Tribal or foreign) when 
a record, either alone or in conjunction with other information, 
indicates a violation or potential violation of law--criminal, civil, 
or regulatory in nature, and the disclosure is compatible with the 
purpose for which the records were compiled.
    E. To an official of another Federal agency to provide information 
needed in the performance of official duties related to reconciling or 
reconstructing data files or to enable that agency to respond to an 
inquiry by the individual to whom the record pertains.
    F. To Federal, State, territorial, local, Tribal, or foreign 
agencies that have requested information relevant or necessary to the 
hiring, firing, or retention of an employee or contractor, or the 
issuance of a security clearance, license, contract, grant or other 
benefit, when the disclosure is compatible with the purpose for which 
the records were compiled.
    G. To representatives of the National Archives and Records 
Administration to conduct records management inspections under the 
authority of 44 U.S.C. 2904 and 2906.
    H. To State, territorial, and local governments and Tribal 
organizations or their representatives to provide information needed in 
response to court order and/or discovery purposes related to 
litigation, when the disclosure is compatible with the purpose for 
which the records were compiled.
    I. To an expert, consultant, grantee, shared service provider, or 
contractor (including employees of the contractor) of DOI that performs 
services requiring access to these records on DOI's behalf to carry out 
the purposes of the system.
    J. To appropriate agencies, entities, and persons when:
    (1) DOI suspects or has confirmed that there has been a breach of 
the system of records;
    (2) DOI has determined that as a result of the suspected or 
confirmed breach, there is a risk of harm to individuals, DOI 
(including its information systems, programs, and operations), the 
Federal government, or national security; and
    (3) the disclosure made to such agencies, entities, and persons is 
reasonably necessary to assist in connection with DOI's efforts to 
respond to the suspected or confirmed breach or to prevent, minimize, 
or remedy such harm.
    K. To another Federal agency or Federal entity, when DOI determines 
that information from this system of records is reasonably necessary to 
assist the recipient agency or entity in:
    (1) responding to a suspected or confirmed breach; or
    (2) preventing, minimizing, or remedying the risk of harm to 
individuals, the recipient agency or entity (including its information 
systems, programs, and operations), the Federal Government, or national 
security, resulting from a suspected or confirmed breach.
    L. To the Office of Management and Budget (OMB) during the 
coordination and clearance process in connection with legislative 
affairs as mandated by OMB Circular A-19.
    M. To the Department of the Treasury to recover debts owed to the 
United States.
    N. To the news media and the public, with the approval of the 
Public Affairs Officer in consultation with counsel and the Senior 
Agency Official for Privacy, where there exists a legitimate public 
interest in the disclosure of the information, except to the extent it 
is determined that release of the specific information in the context 
of a particular case would constitute an unwarranted invasion of 
personal privacy.

POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
    Paper records are contained in file folders stored within locked 
file cabinets. Electronic records are stored on disk, system hard 
drive, tape, or other appropriate media.

POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
    Records may be retrieved by permit or contract number, name, 
purchaser or permittee name, address, email, and phone number.

POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
    Records in this system are retained in accordance with NARA 
procedures and Department Records Schedule (DRS)/General Records 
Schedule (GRS)/BLM Records Retention Catalog, under 4/6g(1), Forest 
Resource Information System. This schedule has been approved by NARA 
under Job Number N1-049-09-3, 1a. The records disposition is permanent. 
A copy of the master file is transferred to NARA along with the 
technical documentation in accordance with 36 CFR 1235.44-50. 
Thereafter, a copy transfers every 5 years along with the current 
technical documentation.

ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
    The records contained in this system are safeguarded in accordance 
with 43 CFR 2.226 and other applicable security and privacy rules and 
policies. During normal hours of operation, paper records are 
maintained in secure cabinets and/or in secure file rooms under the 
control of authorized personnel.
    Computerized records systems follow the National Institute of 
Standards and Technology privacy and security standards as developed to 
comply with the Privacy Act of 1974, as amended, 5 U.S.C. 552a; 
Paperwork Reduction Act of 1995, 44 U.S.C. 3501 et seq.; Federal 
Information Security Modernization Act of 2014, 44 U.S.C. 3551 et seq.; 
and the Federal Information Processing Standards 199: Standards for 
Security Categorization of Federal Information and Information Systems. 
Security controls include user identification, passwords, multi-factor 
authentication, database permissions, firewalls, audit logs, and 
network system security monitoring, and software controls.
    Access to records in the system is limited to authorized personnel 
who have a need to access the records in the performance of their 
official duties, and each user's access is restricted to only the 
functions and data necessary to perform that person's job 
responsibilities. System administrators and authorized users are 
trained and required to follow established internal security protocols 
and must complete all security, privacy, and records management 
training and sign the DOI Rules of Behavior. A Privacy Impact 
Assessment was completed for the associated information systems to 
ensure that Privacy Act requirements are met, and appropriate privacy 
controls were implemented to safeguard the personally identifiable 
information contained in the systems.

[[Page 39640]]

RECORD ACCESS PROCEDURES:
    An individual requesting access to their records should send a 
written inquiry to the applicable System Manager identified above. DOI 
forms and instructions for submitting a Privacy Act request may be 
obtained from the DOI Privacy Act Requests website at https://www.doi.gov/privacy/privacy-act-requests. The request must include a 
general description of the records sought and the requester's full 
name, current address, and sufficient identifying information such as 
date of birth or other information required for verification of the 
requester's identity. The request must be signed and dated and be 
either notarized or submitted under penalty of perjury in accordance 
with 28 U.S.C. 1746. Requests submitted by mail must be clearly marked 
``PRIVACY ACT REQUEST FOR ACCESS'' on both the envelope and letter. A 
request for access must meet the requirements of 43 CFR 2.238.

CONTESTING RECORD PROCEDURES:
    An individual requesting amendment of their records should send a 
written request to the applicable System Manager as identified above. 
DOI instructions for submitting a request for amendment of records are 
available on the DOI Privacy Act Requests website at https://www.doi.gov/privacy/privacy-act-requests. The request must clearly 
identify the records for which amendment is being sought, the reasons 
for requesting the amendment, and the proposed amendment to the record. 
The request must include the requester's full name, current address, 
and sufficient identifying information such as date of birth or other 
information required for verification of the requester's identity. The 
request must be signed and dated and be either notarized or submitted 
under penalty of perjury in accordance with 28 U.S.C. 1746. Requests 
submitted by mail must be clearly marked ``PRIVACY ACT REQUEST FOR 
AMENDMENT'' on both the envelope and letter. A request for amendment 
must meet the requirements of 43 CFR 2.246.

NOTIFICATION PROCEDURES:
    An individual requesting notification of the existence of records 
about them should send a written inquiry to the applicable System 
Manager as identified above. DOI instructions for submitting a request 
for notification are available on the DOI Privacy Act Requests website 
at https://www.doi.gov/privacy/privacy-act-requests. The request must 
include a general description of the records and the requester's full 
name, current address, and sufficient identifying information such as 
date of birth or other information required for verification of the 
requester's identity. The request must be signed and dated and be 
either notarized or submitted under penalty of perjury in accordance 
with 28 U.S.C. 1746. Requests submitted by mail must be clearly marked 
``PRIVACY ACT INQUIRY'' on both the envelope and letter. A request for 
notification must meet the requirements of 43 CFR 2.235.

EXEMPTIONS PROMULGATED FOR THE SYSTEM:
    None.

HISTORY:
    75 FR 3919 (January 25, 2010), modification published at 86 FR 
50156 (September 7, 2021).

Teri Barnett,
Departmental Privacy Officer, U.S. Department of the Interior.
[FR Doc. 2024-10144 Filed 5-8-24; 8:45 am]
BILLING CODE 4130-84-P