90 FR 148 pgs. 37571-37574 - Privacy Act of 1974; System of Records
Type: NOTICEVolume: 90Number: 148Pages: 37571 - 37574
Pages: 37571, 37572, 37573, 37574FR document: [FR Doc. 2025-14825 Filed 8-4-25; 8:45 am]
Agency: National Intelligence, Office of the National Director
Official PDF Version: PDF Version
[top]
OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE
Privacy Act of 1974; System of Records
AGENCY:
National Counterintelligence and Security Center (NCSC), Office of the Director of National Intelligence (ODNI).
ACTION:
Notice of a modified system of records.
SUMMARY:
The NCSC is revising a system of records subject to the Privacy Act of 1974, as amended, 5 U.S.C. 552a, in order to (1) update the name to ODNI/NCSC-001, "Damage Assessment Records"; (2) update and modernize the administrative information; (3) clarify that the scope of the damage assessments is not limited to espionage or criminal violations but to actual or potential damage to national security resulting from the unauthorized disclosure or compromise of classified information; (4) clarify the categories of individuals covered by the system and records in the system to align with the lawful scope of damage assessments; and (5) clarify that portions of records, and not only final damage assessments, may be disclosed pursuant to the routine uses.
DATES:
Comments on this proposed modified system of records must be submitted by September 4, 2025. This modified System of Records Notice will go into effect thirty days after the date of publication in the Federal Register , unless changes are required as a result of public comment, per OMB A-108, Section 6(e).
ADDRESSES:
You may submit comments by any of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov.
Email: transparency@dni.gov.
Mail: Director, Information Management Office, Chief Operating Officer, Office of the Director of National Intelligence (ODNI), Washington, DC 20511.
SUPPLEMENTARY INFORMATION:
This SORN was originally published on 28 December 2007, as "Damage Assessment Records" (ONCIX/ODNI-001) by the Office of the National Counterintelligence Executive (ONCIX). ONCIX was established by the President and later codified in statute by the Counterintelligence Enhancement Act of 2002. Under the Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004, ONCIX became a component of the ODNI. On 1 December 2014, consistent with the authority of the Director of National Intelligence (DNI) to establish national intelligence centers to address intelligence priorities, the DNI established the National Counterintelligence and Security Center (NCSC) to effectively integrate and align counterintelligence and security mission areas and allow the DNI to address counterintelligence and security responsibilities under a single organizational construct. Following a period where NCSC fulfilled ONCIX's counterintelligence responsibilities, NCSC superseded ONCIX in statute in 2017; the Director of NCSC similarly superseded the role of the National Counterintelligence Executive (NCIX).
The Director of NCSC serves as the head of national counterintelligence for the U.S. Government and is the principal substantive advisor to the DNI on counterintelligence issues. NCSC oversees and coordinates the production of strategic analysis of counterintelligence matters, including in-depth damage assessments that evaluate the actual or potential damage to national security resulting from the unauthorized disclosure or compromise of classified information.
The system of records published herewith contains information about unauthorized disclosures, including acts of espionage or other national security-related crimes. Accordingly, to protect classified and sensitive law enforcement information, and to prevent the compromise of sources and methods, ODNI has published a rule (73 FR 16539 (Mar. 28, 2008)) to exempt this system of records from certain portions of the Privacy Act and those records for which the source agency claimed exemption.
The NCSC is revising this SORN in order to (1) update the name to ODNI/NCSC-001, "Damage Assessment Records"; (2) update and modernize the administrative information; (3) clarify that the scope of the damage assessments is not limited to espionage or criminal violations but to actual or potential damage to national security resulting from the unauthorized disclosure or compromise of classified information; (4) clarify the categories of individuals covered by the system and records in the system to align with the lawful scope of damage assessments; and (5) clarify that portions of records, and not only final damage assessments, may be disclosed pursuant to the routine uses.
SYSTEM NAME AND NUMBER:
ODNI/NCSC-001, "Damage Assessment Records."
SECURITY CLASSIFICATION:
The classification of records in this system can range from UNCLASSIFIED to TOP SECRET.
SYSTEM LOCATION:
[top] Office of the Director of National Intelligence (ODNI), National Counterintelligence and Security Center (NCSC), Washington, DC 20511.
SYSTEM MANAGER(S):
Assistant Director, Mission Capabilities Directorate, ODNI/NCSC, Washington, DC 20511.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
The Intelligence Reform and Terrorism Prevention Act of 2004, Public Law 108-458, 118 Stat. 3638; Consolidated Appropriations Act, 2017, Public Law 115-31, 131 Stat. 817; The National Security Act of 1947, 50 U.S.C. 3023 et seq., as amended; The Counterintelligence Enhancement Act of 2002, as amended; and Executive Order 12333, as amended.
PURPOSE(S) OF THE SYSTEM:
The NCSC Damage Assessment Records System supports NCSC's responsibility to evaluate the actual or potential damage to national security resulting from an unauthorized disclosure of classified information.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals known or suspected to have committed an unauthorized disclosure or compromise of classified information, including those convicted of, or indicted for, espionage or other national security-related crimes, and whose activities are the subject of an NCSC-led damage assessment; individuals whose identities and government affiliations are known or believed to have been compromised as a result of the unauthorized disclosure; individuals who are identified in records related to the unauthorized disclosure or compromise; individuals interviewed in association with the damage assessment, or individuals mentioned in such interviews, such as colleagues, friends, acquaintances, and family members of individuals known or suspected to have committed an unauthorized disclosure or compromise; and individuals who may have knowledge of facts surrounding the unauthorized disclosure or compromise.
CATEGORIES OF RECORDS IN THE SYSTEM:
Final and draft damage assessments; records about unauthorized disclosures or compromises of classified information and copies of records known or suspected of having been disclosed or compromised in an unauthorized manner, including law enforcement records ( e.g., convictions, subpoenas, rap sheets); records of investigations conducted by the FBI or other law enforcement elements; records received in response to information requests to government agencies or entities pursuant to damage assessments; transcripts (including precursor records) of debriefings/interviews of individuals known or suspected to have committed an unauthorized disclosure or compromise, and with individuals who possess knowledge that may be relevant to the unauthorized disclosure or compromise; information about, and psychological assessment records/profiles and polygraph records of, individuals known or suspected to have committed an unauthorized disclosure or compromise; personal information and personally identifiable information (PII) ( e.g., name, address, phone number, Social Security number (SSN), date of birth (DOB)) belonging to individuals known or suspected to have committed an unauthorized disclosure or compromise, or to other individuals interviewed in connection with an investigation of the disclosure/compromise or assessment of the damage.
RECORD SOURCE CATEGORIES:
Records derived from human and record sources consulted in the course of investigating disclosure of classified information.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act of 1974, as amended, records or portions of records maintained in this system may be disclosed outside ODNI as a routine use pursuant to 5 U.S.C. 552a(b)(3) and in accordance with the following routine uses, including select routine uses published in the ODNI rule implementing the Privacy Act Subpart C of ODNI's Privacy Act Regulation published at 32 CFR part 1701 (73 FR 16531, 16541):
(a) Except as noted on Standard Forms 85, 85P and 86 or the successor personnel vetting questionnaire and supplemental forms thereto (questionnaires for employment within the Federal government), a record that on its face or in conjunction with other information indicates or relates to a violation or potential violation of law, whether civil, criminal, administrative, or regulatory in nature, and whether arising by general statute, particular program statute, regulation, rule, or order issued pursuant thereto, may be disclosed as a routine use to an appropriate Federal, state, territorial, tribal, local law enforcement authority, foreign government, or international law enforcement authority, or to an appropriate regulatory body charged with investigating, enforcing, or prosecuting such violations.
(b) A record from this system of records may be disclosed as a routine use, subject to appropriate protections for further disclosure, in the course of presenting information or evidence to an administrative law judge or to the presiding official of an administrative board, panel or other administrative body.
(c) A record from this system of records may be disclosed as a routine use to representatives of the Department of Justice or any other entity responsible for representing the interests of ODNI in connection with potential or actual civil, criminal, administrative, judicial or legislative proceedings or hearings, for the purpose of representing or providing advice to: ODNI; any staff of ODNI in his or her official capacity; any staff of ODNI in his or her individual capacity where the staff has submitted a request for representation by the United States or for reimbursement of expenses associated with retaining counsel; or the United States or another Federal agency, when the United States or the agency is a party to such proceeding and the record is relevant and necessary to such proceeding.
(d) A record from this system of records may be disclosed as a routine use in a proceeding before a court, magistrate, special master, or adjudicative body when any of the following is a party to litigation or has an interest in such litigation, and ODNI, Office of General Counsel, determines that use of such records is relevant and necessary to the litigation: ODNI; any staff of ODNI in his or her official capacity; any staff of ODNI in his or her individual capacity where the Department of Justice has agreed to represent the staff or has agreed to provide counsel at government expense; or the United States or another Department or agency (D/A), where ODNI, Office of General Counsel, determines that litigation is likely to affect ODNI.
(e) A record from this system of records may be disclosed as a routine use to representatives of the Department of Justice and other U.S. Government entities, to the extent necessary to obtain advice on any matter within the official responsibilities of such representatives and the responsibilities of ODNI.
[top] (f) A record from this system of records may be disclosed as a routine use to a Federal, state or local agency or other appropriate entities or individuals from which/whom information may be sought relevant to: a decision concerning the hiring or retention of an
(g) A record from this system of records may be disclosed as a routine use to any Federal, state, local, tribal or other public authority, or to a legitimate agency of a foreign government or international authority to the extent the record is relevant and necessary to the other entity's decision regarding the hiring or retention of an employee or other personnel action; the issuing or retention of a security clearance or special access, contract, grant, license, or other benefit; or the conduct of an authorized investigation or inquiry, to the extent necessary to identify the individual, inform the source of the nature and purpose of the inquiry, and identify the type of information requested.
(h) A record from this system of records may be disclosed as a routine use to any agency, organization, or individual for authorized audit operations, and for meeting related reporting requirements, including disclosure to the National Archives and Records Administration for records management inspections and such other purposes conducted under the authority of 44 U.S.C. 2904 and 2906, or successor provisions.
(i) A record from this system of records may be disclosed as a routine use pursuant to Executive Order to the President's Foreign Intelligence Advisory Board, the President's Intelligence Oversight Board, to any successor organizations, and to any intelligence oversight entity established by the President, when the Office of the General Counsel or the Office of the Inspector General determines that disclosure will assist such entities in performing their oversight functions and that such disclosure is otherwise lawful.
(j) A record from this system of records may be disclosed as a routine use to contractors, grantees, experts, consultants, or others when access to the record is necessary to perform the function or service for which they have been engaged by ODNI.
(k) A record from this system of records may be disclosed as a routine use to any Federal D/A when documents or other information obtained from that D/A are used in compiling the record and the record is relevant to the official responsibilities of that D/A, provided that disclosure of the recompiled or enhanced record to the source agency is otherwise authorized and lawful.
(l) A record from this system of records may be disclosed as a routine use for the purpose of conducting or supporting authorized "counterintelligence" activities as defined by section 3(3) of the National Security Act of 1947, as amended, to elements of the "intelligence community" as defined by section 3(4) of the National Security Act of 1947, as amended [definitions codified at 50 U.S.C. 3003]; to the head of any Federal D/A; and to selected counterintelligence officers within the Federal government.
(m) A record from this system of records may be disclosed as a routine use to a Federal, state, local, tribal, territorial, foreign, or multinational government agency or entity, or to other authorized entities or individuals, but only if such disclosure is undertaken in furtherance of responsibilities conferred by, and in a manner consistent with, the National Security Act of 1947, as amended; the Counterintelligence Enhancement Act of 2002, as amended; Executive Order 12333, as amended, or any successor order together with its implementing procedures approved by the Attorney General; and other provisions of law, including Executive Orders or directives relating to national intelligence or otherwise applicable to ODNI. This routine use is not intended to supplant the other routine uses published by ODNI.
(n) A record from this system of records may be disclosed as a routine use to appropriate agencies, entities, and persons when: (1) ODNI suspects or has confirmed that there has been a breach of the system of records; (2) ODNI has determined that as a result of the suspected or confirmed breach there is a risk of harm to individuals, ODNI (including its information systems, programs, and operations), the Federal government, or national security, and; (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with ODNI's efforts to respond to the suspected or confirmed breach or to prevent, minimize, or remedy such harm.
(o) A record from this system of records may be disclosed as a routine use to another Federal agency or Federal entity, when ODNI determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in (1) responding to a suspected or confirmed breach or (2) preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Electronic records are stored in secure fileservers located in government-managed facilities on secure, private cloud-based systems that are connected only to a government network. Paper records are stored in secured areas of facilities within the control of the Federal government.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
The records in this system are retrieved by name, Social Security number, or other unique identifier. Information may be retrieved from this system of records by automated capabilities used in the normal course of business. All searches of this system of records are performed by authorized executive branch personnel.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Pursuant to 44 U.S.C. 3303a(d) and 36 CFR Chapter 12, Subchapter B, Part 1228-Disposition of Federal Records, records will not be disposed of until such time as the National Archives and Records Administration (NARA) approves an applicable ODNI Records Control Schedule.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Information in this system is safeguarded in accordance with recommended and/or prescribed administrative, physical, and technical safeguards. Records are maintained in secure government-managed facilities with access limited to authorized personnel. Physical security protections include guards and locked facilities requiring badges and passwords for access.
Records are accessed only by current government-authorized personnel whose official duties require access to the records. Electronic authorization and authentication of users is required at all points before any system information can be accessed. Communications are encrypted where required and other safeguards are in place to monitor and audit access, and to detect intrusions. System backup is maintained separately.
RECORD ACCESS PROCEDURES:
[top] As specified below, records in this system have been exempted from
CONTESTING RECORDS PROCEDURES:
As specified below, records in this system have been exempted from certain notification, access and amendment procedures. Individuals seeking to correct or amend non-exempt records should address their requests at the address and according to the requirements set forth above under the heading "Record Access Procedures." Regulations regarding requests to amend, for disputing the contents of one's record or for appealing initial determinations concerning these matters are contained in the ODNI regulation implementing the Privacy Act, 32 CFR part 1701 (73 FR 16531).
NOTIFICATION PROCEDURES:
As specified below, records in this system are exempt from certain notification, access, and amendment procedures. Individuals seeking to learn whether this system contains non- exempt information about them should address inquiries to ODNI at the address and according to the requirements set forth above under the heading "Record Access Procedures."
EXEMPTIONS PROMULGATED FOR THE SYSTEM:
Records contained within this System of Records may be exempted from the requirements of subsections (c)(3); (d)(1),(2),(3),(4); (e)(1) and (e)(4),(G),(H),(I); and (f) of the Privacy Act pursuant to 5 U.S.C. 552a(k)(1), and (k)(2). Records may be exempted from these subsections or, additionally, from the requirements of subsections (c)(4); (e)(2),(3),(5),(8)(12); and (g) of the Privacy Act consistent with any exemptions claimed under 5 U.S.C. 552a(j) or (k) by the originator of the record, provided the reason for protecting the record from disclosure remains valid and necessary.
HISTORY:
This is a revision to an existing ODNI/NCSC system of records, ONCIX/NCSC-001, Damage Assessment Records, 72 FR 73898 (Dec. 28, 2007). In accordance with 5 U.S.C. 552(r), ODNI has provided a report of this revision to the Office of Management and Budget and to Congress.
Dated: July 10, 2025.
Rebecca J. Richards,
Civil Liberties Protection Officer, Office of the Director of National Intelligence.
[FR Doc. 2025-14825 Filed 8-4-25; 8:45 am]
BILLING CODE 9500-01-P-P