[Federal Register Volume 89, Number 165 (Monday, August 26, 2024)]
[Notices]
[Pages 68462-68466]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-19117]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE INTERIOR
[DOI-2024-0007; 24XD0120AF-DT64201000-DSB4B0000.P1CE00]
Privacy Act of 1974; System of Records
AGENCY: Bureau of Trust Funds Administration, Interior.
ACTION: Notice of a modified system of records.
-----------------------------------------------------------------------
SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as
amended, the Department of the Interior (DOI, Department) proposes to
modify the INTERIOR/OS-03, The Box Index Search System (BISS), system
of records. The Department is updating this system of records notice
(SORN) to establish the Bureau of Trust Funds Administration, formerly
the Office of the Special Trustee for American Indians (OST), as the
new responsible organization, propose new and modified routine uses,
and update all other sections of the system notice to accurately
reflect management of the system in accordance with the Office of
Management and Budget (OMB) policy. This modified system will be
included in DOI's inventory of systems of records.
DATES: This modified system will be effective upon publication. New or
modified routine uses will be effective September 25, 2024. Submit
comments on or before September 25, 2024.
ADDRESSES: You may send comments identified by docket number [DOI-2024-
0007] by any of the following methods:
Federal eRulemaking Portal: https://www.regulations.gov.
Follow the instructions for sending comments.
Email: [email protected]. Include docket number
[DOI-2024-0007] in the subject line of the message.
U.S. Mail or Hand-Delivery: Teri Barnett, Departmental
Privacy Officer, U.S. Department of the Interior, 1849 C Street NW,
Room 7112, Washington, DC 20240.
Instructions: All submissions received must include the agency name
and docket number [DOI-2024-0007]. All comments received will be posted
without change to https://www.regulations.gov, including any personal
information provided.
Docket: For access to the docket to read background documents or
comments received, go to https://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: Teri Barnett, Departmental Privacy
Officer, U.S. Department of the Interior, 1849 C Street NW, Room 7112,
Washington, DC 20240, [email protected] or (202) 208-1605.
SUPPLEMENTARY INFORMATION:
I. Background
On August 31, 2020, Secretary's Order 3384 directed the realignment
of the OST within the Office of the Secretary (OS) into the new Bureau
of Trust Funds Administration (BTFA) under the Assistant Secretary--
Indian Affairs, effective October 1, 2020. The mission of the BTFA is
to manage the trust beneficiaries' financial assets, which is
integrally related to DOI's goal of
[[Page 68463]]
meeting its trust responsibilities to American Indians. The BTFA
assumed the responsibility for two systems of records previously
managed by OST, the INTERIOR/OS-02, Individual Indian Money (IIM) Trust
Funds, and the INTERIOR/OS-03, The Box Index Search System (BISS),
systems of records notice (SORN). The INTERIOR/OS-3, The Box Index
Search System (BISS), is being renamed as INTERIOR/BTFA-02, Box Index
Search System (BISS), to reflect the new BTFA organization and is being
renumbered as the second system of records maintained by BTFA. BTFA
will also publish a separate revised notice for the INTERIOR/OS-02,
Individual Indian Money (IIM) Trust Funds, SORN in the Federal
Register.
The BISS enables centralized management of access to inactive
historical records dating back to the 1850's that are retired to the
American Indian Records Repository (AIRR) and provides the capacity to
(1) create file level listings of the content of boxes containing
inactive historical records retired to AIRR as a quick finding aid in
the form of an index, (2) provide authorized users with a tool to
search a file level index of all inactive historical records, (3)
support requests for copies of historical records received from the
original record owners, and conduct research in response to requests
made under the Freedom of Information Act (FOIA) and in support of
litigation, and (4) track box inventories that accession retired
inactive historical records into the National Archives and Records
Administration (NARA).
The BISS serves as an indexing system locator tool and does not
contain copies or contents of the original program files that are
transferred from the originating office to the AIRR. The inactive
historical records are owned by the originating office where the
original records were created and are covered by applicable SORNs that
cover the Privacy Act records. Requests for Privacy Act access to
inactive historical records are processed in collaboration with the
AIRR and the originating office as the data owner. The INTERIOR/OS-03,
The Box Index Search System (BISS), system notice was last published in
the Federal Register at 70 FR 43899 (July 29, 2005); modification
published at 73 FR 8342 (February 13, 2008).
DOI is publishing this revised notice to reflect the BTFA
management of the system; update the system location, system manager,
and authorities for maintenance of the system; expand on categories of
individuals and categories of records covered by the modified system,
add a new section to describe the purpose of the system, update the
records source categories, storage, safeguards, and the retention and
disposal of records sections; update the record access, contesting
record, and notification procedures; and provide general administrative
updates in accordance with the OMB Circular A-108, Federal Agency
Responsibilities for Review, Reporting, and Publication Under the
Privacy Act. Additionally, DOI is changing the routine uses from a
numeric to an alphabetic list and is proposing to add new routine uses
and modify existing routine uses to provide clarification and
transparency and reflect updates consistent with standard DOI routine
uses, facilitate the sharing of information when necessary to carry out
the purpose of the system or promote the integrity of the records, or
carry out a statutory responsibility of the DOI or Federal Government.
Routine use A has been modified to further clarify disclosures to
the Department of Justice or other Federal agencies as necessary in
relation to litigation or judicial hearings. Routine use B has been
modified to clarify disclosures to a congressional office to respond to
or resolve an individual's request made to that office. Routine use D
has been modified to allow DOI to share information with other agencies
when there is an indication of a violation of law. Routine use E has
been modified to allow DOI to share information with other Federal
agencies to assist in the performance of their responsibility to ensure
records are accurate and complete, and to respond to requests from
individuals who are the subject of the records. Routine use G was
slightly modified to update legal authority for disclosures to NARA to
perform oversight of records management functions. Routine use H has
been modified to add territorial governments to the sharing of
information in response to court orders or for discovery purposes
related to litigation. Routine use I has been modified to include the
sharing of information with grantees and shared service providers
performing services for DOI who require access to records to carry out
the purposes of the system. Modified routine use J and new routine use
K allow DOI to share information with appropriate Federal agencies or
entities when reasonably necessary to respond to a breach of personally
identifiable information and to prevent, minimize, or remedy the risk
of harm to individuals or the Federal Government resulting from a
breach, in accordance with OMB Memorandum M-17-12, Preparing for and
Responding to a Breach of Personally Identifiable Information. Routine
use P has been modified to further clarify disclosures to authorized
external entities for the purpose of researching records maintained by
the system and conducting on-site research of the underlying files at
the AIRR.
Proposed routine use C permits sharing of information with the
Executive Office of the President to respond to an inquiry by the
individual to whom the record pertains. Proposed routine use F allows
DOI to share information with agencies when relevant for hiring,
firing, and retention, or issuance of a security clearance, license,
contract, grant or other benefit. Proposed routine use L allows DOI to
share information with OMB during the coordination and clearance
process in connection with legislative affairs. Proposed routine use M
allows DOI to share information with the Department of Treasury to
recover debts owed to the United States. Proposed routine use N allows
DOI to share information with the news media and the public when there
is a legitimate public interest in the disclosure of the information.
II. Privacy Act
The Privacy Act of 1974, as amended, embodies fair information
practice principles in a statutory framework governing the means by
which Federal agencies collect, maintain, use, and disseminate
individuals' records. The Privacy Act applies to records about
individuals that are maintained in a ``system of records.'' A ``system
of records'' is a group of any records under the control of an agency
from which information is retrieved by the name of an individual or by
some identifying number, symbol, or other identifying particular
assigned to the individual. The Privacy Act defines an individual as a
United States citizen or lawful permanent resident. Individuals may
request access to their own records that are maintained in a system of
records in the possession or under the control of DOI by complying with
DOI Privacy Act regulations at 43 CFR part 2, subpart K, and following
the procedures outlined in the Record Access, Contesting Record, and
Notification Procedures sections of this notice.
The Privacy Act requires each agency to publish in the Federal
Register a description denoting the existence and character of each
system of records that the agency maintains and the routine uses of
each system. The INTERIOR/BTFA-02, Box Index Search System (BISS),
system of records is published in its entirety below. In accordance
with 5 U.S.C. 552a(r), DOI has provided a
[[Page 68464]]
report of this system of records to the Office of Management and Budget
and to Congress.
III. Public Participation
You should be aware your entire comment including your personally
identifiable information, such as your address, phone number, email
address, or any other personal information in your comment, may be made
publicly available at any time. While you may request to withhold your
personally identifiable information from public review, we cannot
guarantee we will be able to do so.
SYSTEM NAME AND NUMBER:
INTERIOR/BTFA-02, Box Index Search System (BISS).
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
This system is located at the Bureau of Indian Affairs (BIA),
Southwest Region, Albuquerque Data Center, 1001 Indian School Road,
Albuquerque, New Mexico 87109, and DOI cloud service provider
facilities.
SYSTEM MANAGER(S):
Director of AIRR, Division of Records Management Operations, Office
of Trust Records, BTFA, 17501 West 98th Street, Lenexa, Kansas 66219.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Records Management by Agency Heads, 44 U.S.C. 3101; Establishment
of Program Management, 44 U.S.C. 3102; Departmental Regulations, 5
U.S.C. 301; and American Indian Trust Fund Management Reform Act of
1994, Public Law 103-412, 108 Stat. 4239.
PURPOSE(S) OF THE SYSTEM:
The purpose of the system is to provide the capability to search a
file level index of all inactive historical records to help BTFA (1)
create a file-level listing of the contents of boxes that are retired
to the AIRR; (2) provide authorized users with a tool to search a file
level index of all inactive historical records; (3) support research
requests for copies of inactive historical records from original record
owners, and conduct research in response to requests made under the
Freedom of Information Act (FOIA) and in support of litigation; and (4)
track box inventories of retired inactive historical records that are
accessioned into the National Archives and Records Administration
(NARA).
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals whose names or other identifying information appear on
file folder labels of records being retired to AIRR, which may include:
(1) Individual Indians or Alaskan Natives (or their heirs, if
deceased);
(2) Current and former Federal employees and contractors;
(3) Individual landowners of land held in trust or restricted
status by the Federal Government;
(4) Individuals who lease, contract, or who are permit holders on
Indian lands;
(5) Members of the public and individuals associated with external
entities with whom the Federal Government may conduct business; and
(6) Tribes that contract or compact Federal Government programs,
functions, activities, and/or services under Public Law 93-638 Self-
Governance.
File folder labels may also contain information about business
entities that are not subject to the Privacy Act. However, personal
information on file folder labels about an individual who is associated
with a business entity is subject to the Privacy Act.
CATEGORIES OF RECORDS IN THE SYSTEM:
Files in the system include file folder label information, type of
inactive historical records, and personally identifiable information
(PII), as well as date ranges and location of the originating inactive
historical records, general records management information, and
miscellaneous information associated with records storage boxes. The
file folder labels may contain a combination of PII on individuals
including but not limited to name, other names used, maiden name,
Social Security numbers (SSN), truncated SSNs, Tax Identification
Numbers, Tribe or Tribal affiliation/agency, Tribal enrollment or
census numbers, IIM account numbers, dates of birth and/or dates of
death, mailing or home address, case file numbers, school names or
educational institutions, and other information that may be included in
the historical records or provided to facilitate research, access, and
communications.
The BISS does not maintain the information about the contents of
original documents within the file folders. Inactive historical records
that are retired to the AIRR may be covered by other applicable SORNs
established by the bureau where the records originated.
RECORD SOURCE CATEGORIES:
Records in the system are obtained from BTFA, BIA, Bureau of Indian
Education, and other DOI bureaus and offices; other Federal agencies;
programs or offices of Indian Tribes; offices of contractors or Federal
Government service providers under contract to the DOI; and other
third-party sources that conduct business with the Federal Government.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DOI as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
A. To the Department of Justice (DOJ), including Offices of the
U.S. Attorneys, or other Federal agency conducting litigation or in
proceedings before any court, adjudicative, or administrative body,
when it is relevant or necessary to the litigation and one of the
following is a party to the litigation or has an interest in such
litigation:
(1) DOI or any component of DOI;
(2) Any other Federal agency appearing before the Office of
Hearings and Appeals;
(3) Any DOI employee or former employee acting in his or her
official capacity;
(4) Any DOI employee or former employee acting in his or her
individual capacity when DOI or DOJ has agreed to represent that
employee or pay for private representation of the employee; or
(5) The United States Government or any agency thereof, when DOJ
determines that DOI is likely to be affected by the proceeding.
B. To a congressional office when requesting information on behalf
of, and at the request of, the individual who is the subject of the
record.
C. To the Executive Office of the President in response to an
inquiry from that office made at the request of the subject of a record
or a third party on that person's behalf, or for a purpose compatible
with the reason for which the records are collected or maintained.
D. To any criminal, civil, or regulatory law enforcement authority
(whether Federal, State, territorial, local, Tribal or foreign) when a
record, either alone or in conjunction with other information,
indicates a violation or potential violation of law--criminal, civil,
or regulatory in nature, and the disclosure is compatible with the
purpose for which the records were compiled.
E. To an official of another Federal agency to provide information
needed in the performance of official duties related to reconciling or
reconstructing data files or to enable that agency to
[[Page 68465]]
respond to an inquiry by the individual to whom the record pertains.
F. To Federal, State, territorial, local, Tribal, or foreign
agencies that have requested information relevant or necessary to the
hiring, firing or retention of an employee or contractor, or the
issuance of a security clearance, license, contract, grant or other
benefit, when the disclosure is compatible with the purpose for which
the records were compiled.
G. To representatives of the National Archives and Records
Administration (NARA) to conduct records management inspections under
the authority of 44 U.S.C. 2904 and 2906.
H. To State, territorial and local governments and Tribal
organizations to provide information needed in response to court order
and/or discovery purposes related to litigation, when the disclosure is
compatible with the purpose for which the records were compiled.
I. To an expert, consultant, grantee, shared service provider, or
contractor (including employees of the contractor) of DOI that performs
services requiring access to these records on DOI's behalf to carry out
the purposes of the system.
J. To appropriate agencies, entities, and persons when:
(1) DOI suspects or has confirmed that there has been a breach of
the system of records;
(2) DOI has determined that as a result of the suspected or
confirmed breach there is a risk of harm to individuals, DOI (including
its information systems, programs, and operations), the Federal
Government, or national security; and
(3) the disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with DOI's efforts to
respond to the suspected or confirmed breach or to prevent, minimize,
or remedy such harm.
K. To another Federal agency or Federal entity, when DOI determines
that information from this system of records is reasonably necessary to
assist the recipient agency or entity in:
(1) responding to a suspected or confirmed breach; or
(2) preventing, minimizing, or remedying the risk of harm to
individuals, the recipient agency or entity (including its information
systems, programs, and operations), the Federal Government, or national
security, resulting from a suspected or confirmed breach.
L. To the Office of Management and Budget (OMB) during the
coordination and clearance process in connection with legislative
affairs as mandated by OMB Circular A-19.
M. To the Department of the Treasury to recover debts owed to the
United States.
N. To the news media and the public, with the approval of the
Public Affairs Officer in consultation with counsel and the Senior
Agency Official for Privacy, where there exists a legitimate public
interest in the disclosure of the information, except to the extent it
is determined that release of the specific information in the context
of a particular case would constitute an unwarranted invasion of
personal privacy.
O. To Indian Tribal account holders or their heirs, if deceased.
P. To external entities authorized by the Office of Trust Records
Director to research records maintained by the system and conduct on-
site research of the underlying files at the AIRR in Lenexa, Kansas.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Paper records are maintained in file folders stored in secured
filing cabinets. Electronic records are stored in computers, email, and
electronic databases.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information stored in BISS is full text indexed and can be searched
by any significant textual item (words, numbers) or combination of
textual items, as well as by any significant field in the database, and
may be retrieved by identifiers associated with file folder labels that
may be used to retrieve information as described above in the section
for Categories of Records in the System.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained in accordance with the applicable Indian
Affairs Records Schedule (IARS) and the Departmental Records Schedule
(DRS) approved by the NARA. Retention periods vary according to agency
needs, specific subject matter, and may also be suspended by litigation
holds, court orders, preservation notices, and similar limitations on
records disposition issued by the Office of the Solicitor, DOI Records
Officer, or by other authorized officials. Within the BISS, information
associated with the Box number, Box title, Tribes identified, File
title, and at times Document types are covered by IARS 6013-BISS. The
disposition for these records is permanent. Permanent records that are
no longer needed for agency use are transferred to NARA for permanent
retention in accordance with NARA guidelines. Subsequent legal transfer
of the records will be as jointly agreed to between DOI and NARA, in
accordance with regulations currently cited in 36 CFR part 1235.
Copies of records related to vital record backups are covered by
DRS 1.4.0013, Short-term Information Technology Records, and System
Security records are covered by DRS 1.4.0014, System Planning, Design,
and Documentation. The disposition for records that are covered by DRS
1.4.0013 and DRS 1.4.0014 is temporary. These records are destroyed/
deleted 3 years after cut-off. Approved destruction methods for
temporary records that have met their retention period include NARA
guidelines and Departmental policy.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The records contained in this system are safeguarded in accordance
with 43 CFR 2.226 and other applicable security and privacy rules and
policies. During normal hours of operation, paper records are
maintained in locked file cabinets under the control of authorized
personnel. Computer servers on which electronic records are stored are
located in secured DOI controlled facilities with physical, technical
and administrative levels of security to prevent unauthorized access to
the DOI network and information assets. Access granted to authorized
personnel is password-protected, and each person granted access to the
system must be individually authorized to use the system. A Privacy Act
Warning Notice appears on computer monitor screens when records
containing information on individuals are first displayed. Data
exchanged between the servers and the system is encrypted. Backup tapes
are encrypted and stored in a locked and controlled room in a secure,
off-site location.
Computerized records systems follow the National Institute of
Standards and Technology privacy and security standards as developed to
comply with the Privacy Act of 1974, as amended, 5 U.S.C. 552a;
Paperwork Reduction Act of 1995, 44 U.S.C. 3501 et seq.; Federal
Information Security Modernization Act of 2014, 44 U.S.C. 3551 et seq.;
and the Federal Information Processing Standards 199: Standards for
Security Categorization of Federal Information and Information Systems.
Security controls include user identification, passwords, database
permissions, encryption, firewalls, audit logs, network system security
monitoring, and software controls.
Access to records in the system is limited to authorized personnel
who
[[Page 68466]]
have a need to access the records in the performance of their official
duties, and each user's access is restricted to only the functions and
data necessary to perform that person's job responsibilities. System
administrators and authorized users are trained and required to follow
established internal security protocols and must complete all security,
privacy, and records management training and sign the DOI Rules of
Behavior. A Privacy Impact Assessment was conducted on the BISS to
ensure that Privacy Act requirements are met and appropriate privacy
controls were implemented to safeguard the PII contained in the system,
derived from the file folder labels.
RECORD ACCESS PROCEDURES:
An individual requesting access to their records should send a
written inquiry to the System Manager identified above. Inactive
historical records subject to the Privacy Act of 1974 will be processed
in accordance with 43 CFR part 2, subpart K, as described in the
applicable SORN. DOI forms and instructions for submitting a Privacy
Act request may be obtained from the DOI Privacy Act Requests website
at https://doi.gov/privacy/privacy-act-requests. The request must
include a general description of the records sought and the requester's
full name, current address, and sufficient identifying information such
as date of birth or other information required for verification of the
requester's identity. Records that are retired to the AIRR remain under
the ownership of the Bureau/Office that sent them to the AIRR. Privacy
Act requests will require collaboration between the System Manager,
Associate Privacy Officer, and in coordination with the staff at the
AIRR. The request must be signed and dated and be either notarized or
submitted under penalty of perjury in accordance with 28 U.S.C. 1746.
The request must include the specific bureau or office that maintains
the record to facilitate location of the applicable records. Requests
submitted by mail must be clearly marked ``PRIVACY ACT REQUEST FOR
ACCESS'' on both the envelope and letter. A request for access must
meet the requirements of 43 CFR 2.238.
CONTESTING RECORD PROCEDURES:
An individual requesting amendment of their records should send a
written request to the System Manager as identified above. Inactive
historical records subject to the Privacy Act of 1974 will be processed
in accordance with 43 CFR part 2, subpart K, as described in the
applicable SORN. DOI instructions for submitting a request for
amendment of records are available on the DOI Privacy Act Requests
website at https://doi.gov/privacy/privacy-act-requests. The request
must clearly identify the records for which amendment is being sought,
the reasons for requesting the amendment, and the proposed amendment to
the record. The request must include the requester's full name, current
address, and sufficient identifying information such as date of birth
or other information required for verification of the requester's
identity. Records that are retired to the AIRR remain under the
ownership of the Bureau/Office that sent them to the AIRR. Privacy Act
requests will require collaboration between the System Manager,
Associate Privacy Officer, and in coordination with the staff at the
AIRR. The request must be signed and dated and be either notarized or
submitted under penalty of perjury in accordance with 28 U.S.C. 1746.
Requests submitted by mail must be clearly marked ``PRIVACY ACT REQUEST
FOR AMENDMENT'' on both the envelope and letter. A request for
amendment must meet the requirements of 43 CFR 2.246.
NOTIFICATION PROCEDURES:
An individual requesting notification of the existence of records
about them should send a written inquiry to the System Manager as
identified above. Inactive historical records subject to the Privacy
Act of 1974 will be processed in accordance with 43 CFR part 2, subpart
K, as described in the applicable SORN. DOI instructions for submitting
a request for notification are available on the DOI Privacy Act Request
website at https://doi.gov/privacy/privacy-act-requests. The request
must include a general description of the records and the requester's
full name, current address, and sufficient identifying information such
as the date of birth or other information required for verification of
the requester's identity. Records that are retired to the AIRR remain
under the ownership of the Bureau/Office that sent them to the AIRR.
Privacy Act requests will require collaboration between the applicable
System Manager, Associate Privacy Officer, and in coordination with the
staff at the AIRR. The request must be signed and dated and be either
notarized or submitted under penalty of perjury in accordance with 28
U.S.C. 1746. Requests submitted by mail must be clearly marked
``PRIVACY ACT INQUIRY'' on both the envelope and letter. A request for
notification must meet the requirements of 43 CFR 2.235.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
70 FR 43899 (July 29, 2005); modification published at 73 FR 8342
(February 13, 2008).
Teri Barnett,
Departmental Privacy Officer, U.S. Department of the Interior.
[FR Doc. 2024-19117 Filed 8-23-24; 8:45 am]
BILLING CODE 4334-98-P