[Federal Register Volume 81, Number 97 (Thursday, May 19, 2016)]
[Proposed Rules]
[Pages 31561-31563]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2016-11702]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
Office of the Secretary
32 CFR Part 310
[Docket ID: DoD-2016-OS-0059]
Privacy Act of 1974; Implementation
AGENCY: Office of the Secretary of Defense, DoD.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: The Office of the Secretary of Defense proposes to exempt
records maintained in DUSDI 01-DoD ``Department of Defense (DoD)
Insider Threat Management and Analysis Center (DITMAC) and DoD
Component Insider Threat Records System,'' from subsections (c)(3) and
(4); (d)(1), (2), (3), and (4); (e)(1), (2), (3), (4)(G), (H), and (I),
(5), and (8); (f); and (g) of the Privacy Act. A system of records
notice for this system has been published today in the Federal
Register.
In addition, in the course of carrying out collections and analysis
of information in connection with the operations of the DITMAC and DoD
Component insider threat programs, exempt records received from other
systems of records may become part of this system. To the extent that
copies of exempt records from those other systems of records are
maintained in this system, the Department also claims the same
exemptions for the records from those other systems that are maintained
in this system, as claimed for the original primary system of which
they are a part.
DATES: In accordance with 5 U.S.C. 552a(e)(4) and (11), the public is
given a 30-day period in which to comment. Therefore, please submit any
comments by June 20, 2016.
ADDRESSES: You may submit comments, identified by docket number and
title, by any of the following methods:
Federal Rulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
Mail: Department of Defense, Deputy Chief Management
Officer, Directorate for Oversight and Compliance, 4800 Mark Center
Drive, ATTN: Box 24, Alexandria, VA 22350-1700.
Instructions: All submissions received must include the agency name
and docket number for this Federal Register document. The general
policy for comments and other submissions from members of the public is
to make these submissions available for public viewing on the Internet
at http://www.regulations.gov as they are received without change,
including any personal identifiers or contact information.
FOR FURTHER INFORMATION CONTACT: Cindy Allard, Director of the Defense
Privacy, Civil Liberties, and Transparency Division, 703-571-0070.
SUPPLEMENTARY INFORMATION: The DITMAC was established by the Under
Secretary of Defense for Intelligence in order to consolidate and
analyze insider threat information reported by the DoD Component
insider threat programs
[[Page 31562]]
mandated by Presidential Executive Order 13587, issued October 7, 2011,
which required Federal agencies to establish an insider threat
detection and prevention program to ensure the security of classified
networks and the responsible sharing and safeguarding of classified
information consistent with appropriate protections for privacy and
civil liberties. For purposes of this system of records, the term
``insider threat'' is defined in the Minimum Standards for Executive
Branch Insider Threat Task Force based on direction provided in Section
6.3(b) of Executive Order 13587. The DITMAC helps prevent, deter,
detect, and/or mitigate the potential threat that personnel, including
DoD military personnel, civilian employees, and contractor personnel,
who have or had been granted eligibility for access to classified
information or eligibility to hold a sensitive position may harm the
security of the United States. This threat can include damage to the
United States through espionage, terrorism, unauthorized disclosure of
national security information, or through the loss or degradation of
departmental resources or capabilities.
The system of records will be used to analyze, monitor, and audit
insider threat information for insider threat detection and mitigation
within DoD on threats that persons who have or had been granted
eligibility for access to classified information or eligibility to hold
a sensitive positions may pose to DoD and U.S. Government
installations, facilities, personnel, missions, or resources. The
system of records will support the DITMAC and DoD Component insider
threat programs, enable the identification of systemic insider threat
issues and challenges, and provide a basis for the development and
recommendation of solutions to deter, detect, and/or mitigate potential
insider threats. It will assist in identifying best practices among
other Federal Government insider threat programs, through the use of
existing DoD resources and functions and by leveraging existing
authorities, policies, programs, systems, and architectures.
Executive Order 12866, ``Regulatory Planning and Review'' and Executive
Order 13563, ``Improving Regulation and Regulatory Review''
It has been determined that this rule is not a significant rule.
This rule does not (1) Have an annual effect on the economy of $100
million or more or adversely affect in a material way the economy; a
sector of the economy; productivity; competition; jobs; the
environment; public health or safety; or State, local, or tribal
governments or communities; (2) Create a serious inconsistency or
otherwise interfere with an action taken or planned by another Agency;
(3) Materially alter the budgetary impact of entitlements, grants, user
fees, or loan programs, or the rights and obligations of recipients
thereof; or (4) Raise novel legal or policy issues arising out of legal
mandates, the President's priorities, or the principles set forth in
these Executive orders.
Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C Chapter 6)
It has been certified that this rule does not have a significant
economic impact on a substantial number of small entities because it is
concerned only with the administration of Privacy Act systems of
records within DoD. A Regulatory Flexibility Analysis is not required.
Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)
It has been determined that this rule does not impose additional
information collection requirements on the public under the Paperwork
Reduction Act of 1995 (44 U.S.C. 3501 et seq.).
Section 202, Public Law 104-4, ``Unfunded Mandates Reform Act''
It has been determined that this rule does not involve a Federal
mandate that may result in the expenditure by State, local and tribal
governments, in the aggregate, or by the private sector, of $100
million or more and that it will not significantly or uniquely affect
small governments.
Executive Order 13132, ``Federalism''
It has been determined that this rule does not have federalism
implications. This rule does not have substantial direct effects on the
States, on the relationship between the National Government and the
States, or on the distribution of power and responsibilities among the
various levels of government.
List of Subjects in 32 CFR Part 310
Privacy.
Accordingly, 32 CFR part 310 is proposed to be amended as follows:
PART 310 [Amended]
0
1. The authority citation for 32 CFR part 310 continues to read as
follows:
Authority: 5 U.S.C. 552a.
Sec. Sec. 310.30 through 310.53 [Redesignated as Sec. Sec. 310.31
through 310.54]
0
2. Redesignate Sec. 310.30 through Sec. 310.53 as Sec. 310.31
through Sec. 310.54.
0
3. In Subpart F, add a new Sec. 310.30 to read as follows:
Sec. 310.30 DoD-wide exemptions.
(a) Use of DoD-wide exemptions. DoD-wide exemptions for DOD-wide
systems of records are established pursuant to 5 U.S.C. 552a(j) and (k)
of the Privacy Act.
(b) Promises of confidentiality. (1) Only the identity of sources
that have been given an express promise of confidentiality may be
protected from disclosure under paragraphs (d)(3)(i), (ii), and (iii)
and (d)(4) of this section. However, the identity of sources who were
given implied promises of confidentiality in inquiries conducted before
September 27, 1975, also may be protected from disclosure.
(2) Ensure promises of confidentiality are not automatically given
but are used sparingly. Establish appropriate procedures and identify
fully categories of individuals who may make such promises. Promises of
confidentiality shall be made only when they are essential to obtain
the information sought (see 5 CFR part 736).
(c) Access to records for which DOD-wide exemptions are claimed.
Deny the individual access only to those portions of the records for
which the claimed exemption applies.
(d) DoD-wide exemptions. The following exemptions are applicable to
all components of the Department of Defense for the following system(s)
of records:
(1) System identifier and name: DUSDI 01-DoD ``Department of
Defense (DoD) Insider Threat Management and Analysis Center (DITMAC)
and DoD Component Insider Threat Records System.'' Exemption: This
system of records is exempted from subsections (c)(3) and (4); (d)(1),
(2), (3) and (4); (e)(1), (2), (3), (4)(G)(H) and (I), (5) and (8); and
(g) of the Privacy Act pursuant to 5 U.S.C. 552a(j) (2) and (k)(1),
(2), (4), (5), (6), and (7).
(2) Records are only exempt from pertinent provisions of 5 U.S.C.
552a to the extent that such provisions have been identified and an
exemption claimed for the record and the purposes underlying the
exemption for the record pertain to the record.
(3) Exemption from the particular subsections is justified for the
following reasons:
(i) Subsection (c)(3). To provide the subject with an accounting of
disclosures of records in this system could inform that individual of
the existence, nature, or scope of an actual or potential law
enforcement or counterintelligence investigation, and thereby seriously
impede law enforcement or counterintelligence efforts by permitting the
record subject and other persons to whom he might disclose the records
to avoid criminal
[[Page 31563]]
penalties, civil remedies, or counterintelligence measures. Access to
the accounting of disclosures could also interfere with a civil or
administrative action or investigation which may impede in those
actions or investigations. Access also could reveal the identity of
confidential sources incident to Federal employment, military service,
contract, and security clearance determinations.
(ii) Subsection (c)(4). This subsection is inapplicable to the
extent that an exemption is being claimed for subsection (d).
(iii) Subsection (d)(1). Disclosure of records in the system could
reveal the identity of confidential sources and result in an
unwarranted invasion of the privacy of others. Disclosure may also
reveal information relating to actual or potential criminal
investigations. Disclosure of classified national security information
would cause damage to the national security of the United States.
Disclosure could also interfere with a civil or administrative action
or investigation; reveal the identity of confidential sources incident
to Federal employment, military service, contract, and security
clearance determinations; and reveal the confidentiality and integrity
of Federal testing materials and evaluation materials used for military
promotions when furnished by a confidential source.
(iv) Subsection (d)(2). Amendment of the records could interfere
with ongoing criminal or civil law enforcement proceedings and impose
an impossible administrative burden by requiring investigations to be
continuously reinvestigated.
(v) Subsections (d)(3) and (4). These subsections are inapplicable
to the extent exemption is claimed from (d)(1) and (2).
(vi) Subsection (e)(1). It is often impossible to determine in
advance if investigatory records contained in this system are accurate,
relevant, timely and complete, but, in the interests of effective law
enforcement and counterintelligence, it is necessary to retain this
information to aid in establishing patterns of activity and provide
investigative leads.
(vii) Subsection (e)(2). To collect information from the subject
individual could serve notice that he or she is the subject of a
criminal investigation and thereby present a serious impediment to such
investigations.
(viii) Subsection (e)(3). To inform individuals as required by this
subsection could reveal the existence of a criminal investigation and
compromise investigative efforts.
(ix) Subsection (e)(4)(G), (H), and (I). These subsections are
inapplicable to the extent exemption is claimed from (d)(1) and (2).
(x) Subsection (e)(5). It is often impossible to determine in
advance if investigatory records contained in this system are accurate,
relevant, timely and complete, but, in the interests of effective law
enforcement, it is necessary to retain this information to aid in
establishing patterns of activity and provide investigative leads.
(xi) Subsection (e)(8). To serve notice could give persons
sufficient warning to evade investigative efforts.
(xii) Subsection (g). This subsection is inapplicable to the extent
that the system is exempt from other specific subsections of the
Privacy Act.
(4) In addition, in the course of carrying out analysis for insider
threats, exempt records from other systems of records may in turn
become part of the case records maintained in this system. To the
extent that copies of exempt records from those other systems of
records are maintained into this system, the DoD claims the same
exemptions for the records from those other systems that are entered
into this system, as claimed for the original primary system of which
they are a part.
Dated: May 13, 2016.
Aaron Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 2016-11702 Filed 5-18-16; 8:45 am]
BILLING CODE 5001-06-P