89 FR 243 pgs. 102874-102877 - Privacy Act of 1974; System of Records
Type: NOTICEVolume: 89Number: 243Pages: 102874 - 102877
Pages: 102874, 102875, 102876, 102877FR document: [FR Doc. 2024-29995 Filed 12-17-24; 8:45 am]
Agency: Energy Department
Official PDF Version: PDF Version
[top]
DEPARTMENT OF ENERGY
Privacy Act of 1974; System of Records
AGENCY:
U.S. Department of Energy.
ACTION:
Notice of a modified system of records.
SUMMARY:
[top] As required by the Privacy Act of 1974 and the Office of Management and Budget (OMB) Circulars A-108 and A-130, the Department of Energy (DOE or the Department) is publishing notice of a modification to an existing Privacy Act
DATES:
This modified SORN will become applicable following the end of the public comment period on January 17, 2025 unless comments are received that result in a contrary determination.
ADDRESSES:
Written comments should be sent to Ken Hunt, Chief Privacy Officer, U.S. Department of Energy, 1000 Independence Avenue SW, Rm 8H-085, Washington, DC 20585, by facsimile at (202) 586-8151, or by email at privacy@hq.doe.gov.
FOR FURTHER INFORMATION CONTACT:
Ken Hunt, Chief Privacy Officer, U.S. Department of Energy, 1000 Independence Avenue SW, Rm 8H-085, Washington, DC 20585, by facsimile at (202) 586-8151, by email at privacy@hq.doe.gov, or by telephone at (240) 686-9485.
SUPPLEMENTARY INFORMATION:
On January 9, 2009, DOE published a Compilation of its Privacy Act Systems of Records, which included System of Records DOE-28 General Training Records. This notice proposes amendments to the system locations section of that system of records by removing the following system locations where DOE-28 is no longer applicable: four (4) Bonneville Power Administration locations (Lower Columbia Area, Puget Sound Area, Snake River Area, Upper Columbia Area), two (2) Office of Science locations (Chicago and Oak Ridge), two (2) Office of Energy Efficiency and Renewable Energy locations (Boston and Philadelphia Support Offices), Alaska Power Administration, Office of Amarillo Site Operations, Atlanta Support Office, Continuous Electron Beam Accelerator Facility, Dayton Area Office, Kansas City Site Office, Kansas City Support Office, National Nuclear Security Administration (NNSA) Sandia Site Office, NNSA Los Alamos Site Office, NNSA Los Alamos National Laboratory, Strategic Petroleum Reserve Project Management Office, New York Support Office, NNSA Nevada Site Office, and the Office of Scientific and Technical Information (OSTI). The following addresses have been updated: Golden Field Office, John A. Gordon Albuquerque Complex, Office of River Protection, and the Southwestern Power Administration. The following addresses have been added: two (2) National Energy Technology Laboratory locations (Morgantown and Albany). In the "Routine Uses" section, this modified notice deletes a previous routine use concerning efforts responding to a suspected or confirmed loss of confidentiality of information as it appears in DOE's compilation of its Privacy Act systems of records (January 9, 2009) and replaces it with one to assist DOE with responding to a suspected or confirmed breach of its records of Personally Identifiable Information (PII), modeled with language from OMB's Memorandum M-17-12, "Preparing for and Responding to a Breach of Personally Identifiable Information" (January 3, 2017). Further, this notice adds one new routine use to ensure that DOE may assist another agency or entity in responding to the other agency's or entity's confirmed or suspected breach of PII, as appropriate, as aligned with OMB's Memorandum M-17-12. In addition to these routine uses, this notice adds three other routine uses (eight, nine, and ten). These routine uses permit the disclosure of information to union officials acting in their official capacity, for the purpose of an investigation, settlement of claims, or the preparation and conduct of litigation, and to a contractor of the Department, or a subcontractor to a Department contractor, who is authorized to disclose the record. The "System Manager" section has been revised to clarify that the system manager is the "Office of the Chief Human Capital Officer." In the "Purpose(s) of the System" section, "employee" has been struck from the phrase "employee training and development." The "Categories of Individuals Covered by the System" section now includes "detailees and assignees to DOE, including NNSA, and individuals seeking access to DOE/NNSA information, resources, or facilities." The "Categories of Records in the System" section now includes "employer identification number, office location/room number, business phone, business cell phone, and business email address." Additionally, "quarterly" has been struck from "quarterly training." "Record Source Categories" now includes "training instructors or vendors." "Policies and Practices for Retrieval of Records" now includes "other unique identifier, such as employee ID." An administrative change required by the FOIA Improvement Act of 2016 extends the length of time a requestor is permitted to file an appeal under the Privacy Act from 30 to 90 days. Both the "System Locations" and "Administrative, Technical and Physical Safeguards" sections have been modified to reflect the Department's usage of cloud-based services for records storage. Language throughout the SORN has been updated to align with applicable Federal privacy laws, policies, procedures, and best practices.
SYSTEM NAME AND NUMBER:
DOE-28 General Training Records.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Systems leveraging this SORN may exist in multiple locations. All systems storing records in a cloud-based server are required to use government-approved cloud services and follow National Institute of Standards and Technology (NIST) security and privacy standards for access and data retention. Records maintained in a government-approved cloud server are accessed through secure data centers in the continental United States.
U.S. Department of Energy, Headquarters, Forrestal Building, Office of the Chief Human Capital Officer, 1000 Independence Avenue SW, Washington, DC 20585.
U.S. Department of Energy, Headquarters, Germantown, 19901 Germantown Road, Germantown, MD 20585.
U.S. Department of Energy, Bonneville Power Administration, P.O. Box 3621, Portland, OR 97208.
U.S. Department of Energy, Environmental Management Consolidated Business Center (EMCBC), 550 Main Street, Rm 7-010, Cincinnati, OH 45202.
U.S. Department of Energy, Golden Field Office, 15013 Denver West Parkway, Golden, CO 80401.
U.S. Department of Energy, Idaho Operations Office, 1955 Fremont Avenue, Idaho Falls, ID 83415.
U.S. Department of Energy, National Energy Technology Laboratory (Pittsburgh), P.O. Box 10940, 626 Cochrans Mill Road, Pittsburgh, PA 15236.
U.S. Department of Energy, National Energy Technology Laboratory (Morgantown), 3610 Collins Ferry Road, Morgantown, WV 26505.
U.S. Department of Energy, National Energy Technology Laboratory (Albany), 1450 Queen Avenue SW, Albany, OR 97321.
U.S. Department of Energy, NNSA Naval Reactors Field Office, Pittsburgh Naval Reactors, P.O. Box 109, West Mifflin, PA 15122-0109.
[top] U.S. Department of Energy, NNSA Naval Reactors Field Office,
U.S. Department of Energy, Pittsburgh Naval Reactors Office, Idaho Branch Office, P.O. Box 2469, Idaho Falls, ID 83403-2469.
U.S. Department of Energy, John A. Gordon Albuquerque Complex, 24600 20th Street SE, Albuquerque, NM 87116.
U.S. Department of Energy, Hanford Field Office, P.O. Box 550, Richland, WA 99352.
U.S. Department of Energy, Savannah River Operations Office, P.O. Box A, Aiken, SC 29801.
U.S. Department of Energy, Southeastern Power Administration, 1166 Athens Tech Road, Elberton, GA 30635-6711.
U.S. Department of Energy, Southwestern Power Administration, One West Third Street, Suite 1500, Tulsa, OK 74103.
U.S. Department of Energy, Strategic Petroleum Reserve Project Management Office, 900 Commerce Road East, New Orleans, LA 70123.
U.S. Department of Energy, Western Area Power Administration, P.O. Box 281213, Lakewood, CO 80228-8213.
U.S. Department of Energy, Western Area Power Administration, Billings Area Office, P.O. Box 35800, Billings, MT 59107-5800.
U.S. Department of Energy, Western Area Power Administration, Loveland Area Office, P.O. Box 3700, Loveland, CO 80539-3003.
U.S. Department of Energy, Western Area Power Administration, Salt Lake City Area Office, P.O. Box 11606, Salt Lake City, UT 84147-0606.
SYSTEM MANAGER(S):
Headquarters: Director, Training and Human Resource Development, Office of the Chief Human Capital Officer, U.S. Department of Energy, 1000 Independence Avenue SW, Washington, DC 20585-0702.
Field Offices: The Directors, Training and Human Resource Development of the "System Locations" listed above are the system managers for their respective portions of this system.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 7101 et seq.; 50 U.S.C. 2401 et seq.; Nuclear Waste Policy Act of 1982 (Pub. L. 97-425); Nuclear Waste Policy Amendment Act of 1987 (Pub. L. 100-203); Government Employees Training Act of 1958; and title 5 CFR parts 410 and 412.
PURPOSE(S) OF THE SYSTEM:
Records in this system are maintained and used by the Department to document planning, completion, funding and effectiveness of training and development. Appropriate local, State, and Federal agencies use certain records maintained in this system to ensure Departmental compliance with other regulatory requirements.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
All DOE employees, including NNSA employees and contractor employees, detailees, and assignees to DOE, including NNSA, and individuals seeking access to DOE/NNSA information, resources, or facilities.
CATEGORIES OF RECORDS IN THE SYSTEM:
Name, resume, assigned number, occupational series, training requests and authorizations, grade, organization, date of birth, Social Security or employer identification number, office location/room number, business phone, business cell phone, and business email address, home address and telephone number, special interest area, education completed, course name, justification for attending the course, direct and indirect costs of training, coded information dealing with purpose, type, source of training, training evaluations, course evaluation forms, training examinations, training attendance records, lesson plans, training assignment sheets, reading assignment sheets, position qualification statement, self-study sheet, position descriptions, accounting records, and training reports.
RECORD SOURCE CATEGORIES:
The subject individuals, their supervisors, training instructors or vendors.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND PURPOSES OF SUCH USES:
1. A record from this system may be disclosed as a routine use to Federal agencies, including the Office of Personnel Management, for purposes of determining eligibility or suitability for training and as source documents for training reports; to training institutions that personnel have requested to attend; and to other Federal agencies as necessary for verification of completion or payment of training costs.
2. A record from this system may be disclosed as a routine use to State and local governments, the Nuclear Regulatory Commission (NRC), and other Federal agencies that conduct research, investigations, or audits to determine whether DOE or contractor personnel satisfy quality assurance requirements for activities necessary to obtain a license from the NRC for the construction, operation and closing of a nuclear waste repository or a Monitored Retrievable Storage facility. These activities also include research and development, site characterization, transportation, waste packaging, handling, design, maintenance, performance confirmation, inspection, fabrication, and development and production of repository waste forms.
3. A record from this system may be disclosed as a routine use to Federal, State, Tribal, or local government officials where the regulatory program being implemented is applicable to the DOE or contractor program and requires that such access be provided for the conduct of the regulatory agencies' activities. Those provided information under this routine use are subject to the same limitations applicable to DOE officers and employees under the Privacy Act.
4. A record from this system may be disclosed as a routine use to the appropriate local, Tribal, State, or Federal agency when records, alone or in conjunction with other information, indicate a violation or potential violation of law whether civil, criminal, or regulatory in nature, and whether arising by general statute or particular program pursuant thereto.
5. A record from this system may be disclosed as a routine use to a member of Congress submitting a request involving a constituent when the constituent has requested assistance from the member concerning the subject matter of the record. The member of Congress must provide a copy of the constituent's signed request for assistance.
6. A record from this system may be disclosed as a routine use to appropriate agencies, entities, and persons when (1) the Department suspects or has confirmed that there has been a breach of the system of records; (2) the Department has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, DOE (including its information systems, programs, and operations), the Federal Government, or national security; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
[top] 7. A record from this system may be disclosed as a routine use to another Federal agency or Federal entity, when the Department determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or
8. A record from this system may be disclosed as a routine use to union officials acting in their official capacity as a representative of the grievant or affected employees.
9. A record from this system may be disclosed as a routine use for the purpose of an investigation, settlement of claims, or the preparation and conduct of litigation to (1) a person representing the Department, Contractor, or assisting in such representation; (2) others involved in the matter, their representatives, and persons assisting such persons; and (3) witnesses, potential witnesses, their representatives and assistants, and any other persons possessing information pertaining to the matter when it is necessary to obtain information or testimony relevant to the matter.
10. A record from this system may be disclosed as a routine use to a contractor of the Department, or a subcontractor to a Department contractor. Those provided information under this routine use are subject to the same limitations applicable to Department officers and employees under the Privacy Act.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records may be stored as paper records or electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by name, Social Security number, or other unique identifier, such as employee ID.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Retention and disposition of these records is in accordance with the National Archives and Records Administration-approved records disposition schedule with retentions of 10 years to 250 years.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Electronic records may be secured and maintained on a cloud-based software server and operating system that resides in Federal Risk and Authorization Management Program (FedRAMP) and Federal Information Security Modernization Act (FISMA) hosting environment. Data located in the cloud-based server is firewalled and encrypted at rest and in transit. The security mechanisms for handling data at rest and in transit are in accordance with DOE encryption standards. Records are protected from unauthorized access through the following appropriate safeguards:
• Administrative: Access to all records is limited to lawful government purposes only, with access to electronic records based on role and either two-factor authentication or password protection. The system requires passwords to be complex and to be changed frequently. Users accessing system records undergo frequent training in Privacy Act and information security requirements. Security and privacy controls are reviewed on an ongoing basis.
• Technical: Computerized records systems are safeguarded on Departmental networks configured for role-based access based on job responsibilities and organizational affiliation. Privacy and security controls are in place for this system and are updated in accordance with applicable requirements as determined by NIST and DOE directives and guidance.
• Physical: Computer servers on which electronic records are stored are located in secured Department facilities, which are protected by security guards, identification badges, and cameras. Paper copies of all records are locked in file cabinets, file rooms, or offices and are under the control of authorized personnel. Access to these facilities is granted only to authorized personnel and each person granted access to the system must be an individual authorized to use or administer the system.
RECORD ACCESS PROCEDURES:
The Department follows the procedures outlined in 10 CFR 1008.4. Valid identification of the individual making the request is required before information will be processed, given, access granted, or a correction considered, to ensure that information is processed, given, corrected, or records disclosed or corrected only at the request of the proper person.
CONTESTING RECORD PROCEDURES:
Any individual may submit a request to the System Manager and request a copy of any records relating to them. In accordance with 10 CFR 1008.11, any individual may appeal the denial of a request made by him or her for information about or for access to or correction or amendment of records. An appeal shall be filed within 90 calendar days after receipt of the denial. When an appeal is filed by mail, the postmark is conclusive as to timeliness. The appeal shall be in writing and must be signed by the individual. The words "PRIVACY ACT APPEAL" should appear in capital letters on the envelope and the letter. Appeals relating to DOE records shall be directed to the Director, Office of Hearings and Appeals (OHA), 1000 Independence Avenue SW, Washington, DC 20585.
NOTIFICATION PROCEDURES:
In accordance with the DOE regulation implementing the Privacy Act, 10 CFR part 1008, a request by an individual to determine if a system of records contains information about themselves should be directed to the U.S. Department of Energy, Headquarters, Privacy Act Officer. The request should include the requester's complete name and the time period for which records are sought.
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
None.
HISTORY:
This SORN was last published in the Federal Register , 74 FR 1029-1030, on January 9, 2009.
Signing Authority
This document of the Department of Energy was signed on December 12, 2024, by Ann Dunkin, Senior Agency Official for Privacy, pursuant to delegated authority from the Secretary of Energy. That document with the original signature and date is maintained by DOE. For administrative purposes only, and in compliance with requirements of the Office of the Federal Register, the undersigned DOE Federal Register Liaison Officer has been authorized to sign and submit the document in electronic format for publication, as an official document of the Department of Energy. This administrative process in no way alters the legal effect of this document upon publication in the Federal Register .
Signed in Washington, DC, December 13, 2024.
Treena V. Garrett,
Federal Register Liaison Officer, U.S. Department of Energy.
[FR Doc. 2024-29995 Filed 12-17-24; 8:45 am]
BILLING CODE 6450-01-P