NASA Notice of proposed revisions to an existing Privacy Act system of records

[Federal Register: August 10, 2006 (Volume 71, Number 154)] [Notices] [Page 45859-45862] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr10au06-121]

NATIONAL AERONAUTICS AND SPACE ADMINISTRATION

[Notice (06-050)]

Privacy Act of 1974; Privacy Act System of Records

AGENCY: National Aeronautics And Space Administration (NASA).

ACTION: Notice of proposed revisions to an existing Privacy Act system of records.

SUMMARY: The National Aeronautics and Space Administration proposes to revise an existing system of records titled ”Security Records System” (NASA 10SECR), last published on December 13, 1999, (64 FR 69556).

This system of records is being revised to describe the additional types of information being collected by NASA required by Homeland Security Presidential Directive 12 (Policy for a Common Identification Standard for Federal Employees and Contractors) and FIPS 201 (Personal Identity Verification (PIV) of Federal Employees and Contractors). Additionally, this system of records is being revised to reflect that NASA now collects and maintains emergency contact information for employees and contractors in order for notification of an employee or contractor’s next-of-kin in the event of a mishap involving the individual.

The purposes of this system of records are to:

1. Document security violations and supervisory actions taken.

2. Ensure the safety and security of NASA facilities, systems, or information, and Agency occupants and users.

3. Notify an employee’s next-of-kin or contractor in the event of a mishap involving the NASA or contractor employee.

4. Complete the NASA identity proofing and registration process.

5. Create data records in the Personal Identity Verification (PIV) Identity Management System (IDMS).

6. Issue PIV cards to verify that individuals entering Federal facilities, using Federal information resources, or accessing classified information are authorized to do so.

7. Track and control issued PIV cards.

DATES: Submit comments September 11, 2006.

ADDRESSES: Patti F. Stockman, Privacy Act Officer, Office of the Chief Information Officer, National Aeronautics and Space Administration Headquarters, Washington, DC 20546-0001, (202) 358-4787, NASA-PAOfficer@nasa.gov.

FOR FURTHER INFORMATION CONTACT: NASA Privacy Act Officer, Patti F. Stockman, (202) 358-4787, NASA-PAOfficer@nasa.gov.

SUPPLEMENTARY INFORMATION: This publication is in accordance with the Privacy Act requirement that agencies publish their amended systems of records in the Federal Register when there is a revision, change, or addition. NASA’s Office of Security and Program Protection (OSPP) has reviewed its systems of records notices and has determined that its record system, Security Records System (NASA 10SECR), must be revised to incorporate the changes described herein. NASA 10 SECR

System Name: Security Records System.

Security Classification: None.

System Location: Locations 1 through 9 and Locations 11, 12, and 14 as set forth in Appendix A.

Categories of Individuals Covered by the System:

Civil Servant Employees, applicants, NASA committee members, NASA consultants, NASA experts, NASA Resident Research Associates, guest workers, contractor employees, detailees, visitors, correspondents (written and telephonic), Faculty Fellows, Intergovernmental Personnel Mobility Act (IPA) Employees, Grantees, Cooperative Employees, and Remote Users of NASA Non-Public Information Technology Resources.

Categories of Records in the System:

Personnel Security Records, Personal Identity Records, Emergency Data Records, Criminal Matters, and Traffic Management. Specific records fields include, but are not limited to: Name, former names, date of birth, place of birth, social security number, home address, phone numbers, citizenship, traffic infraction, security violation, security incident, security violation discipline status and action taken.

Authority for Maintenance of the System:

42 U.S.C. 2451, et seq., the National Aeronautics and Space Act of 1958, as amended; Espionage and Information Control Statutes, 18 U.S.C. 793-799; Sabotage Statutes, 18 U.S.C. 2151-2157; Conspiracy Statute, 18 U.S.C. 371; 18 U.S.C. 202-208, 3056; Internal Security Act of 1950; Atomic Energy Act of 1954, as amended; Executive Order 12958, as amended, Classified National Security Information; Executive Order 12968, as amended, Access to Classified Information; Executive Order 10865, Safeguarding Classified Information Within Industry; Executive Order 10450, Security Requirements for Government Employees; Pub. L. 81-733; Pub. L. 107-347, Federal Information Security Management Act 2002; 41 CFR Chapter 101; 14 CFR Part 1203; and 44 U.S.C. 3101; Homeland Security Presidential Directive (HSPD) 12, Policy for a Common Identification Standard for Federal Employees and Contractors, August 27, 2004.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

Any disclosures of information will be compatible with the purpose for which the Agency collected the information. The records and information in these records may be disclosed to:

1. To the Department of Justice when: (a) The agency or any component thereof; or (b) any employee of the agency in his or her official capacity; (c) any employee of the agency in his or her individual capacity where agency or the Department of Justice has agreed to represent the employee; or (d) the United States Government, is a party to litigation or has an interest in such litigation, and by careful review, the agency determines that the records are both relevant and necessary to the litigation and the use of such records by DOJ is therefore deemed by the agency to be for a purpose compatible with the purpose for which the agency collected the records.

2. To a court or adjudicative body in a proceeding when: (a) The agency or any component thereof; (b) any employee of the agency in his or her official capacity; (c) any employee of the agency in his or her individual capacity where agency or the Department of Justice has agreed to represent the employee; or (d) the United States Government, is a party to litigation or has an interest in such litigation, and by careful review, the agency determines that the records are both relevant and necessary to the litigation and the use of such records is therefore deemed by the agency to be for a purpose that is compatible with the purpose for which the agency collected the records.

3. To an Agency in order to provide a basis for determining preliminary visa eligibility.

4. To a Member of Congress or to a Congressional staff member in response to an inquiry of the Congressional office made at the written request of the constituent about whom the record is maintained.

5. To a staff member of the Executive Office of the President in response to an inquiry from the White House.

6. To the National Archives and Records Administration or to the General Services Administration for records management inspections conducted under 44 U.S.C. Sec. Sec. 2904 and 2906.

7. To agency contractors, grantees, or volunteers who have been engaged to assist the agency in the performance of a contract service, grant, cooperative agreement, or other activity related to this system of records and who need to have access to the records in order to perform their activity. Recipients shall be required to comply with the requirements of the Privacy Act of 1974, as amended, 5 U.S.C. Sec. 552a.

8. To other Federal agencies and relevant contractor facilities to determine eligibility of individuals to access classified National Security information.

9. To any official investigative or judicial source from which information is requested in the course of an investigation, to the extent necessary to identify the individual, inform the source of the nature and purpose of the investigation, and to identify the type of information requested.

10. To the news media or the general public, factual information the disclosure of which would be in the public interest and which would not constitute an unwarranted invasion of personal privacy, consistent with Freedom of Information Act standards.

11. To a Federal State, or local agency, or other appropriate entities or individuals, or through established liaison channels to selected foreign governments, in order to enable an intelligence agency to carry out its responsibilities under the National Security Act of 1947 as amended, the CIA Act of 1949 as amended, Executive Order 12333 or any successor order, applicable national security directives, or classified implementing procedures approved by the Attorney General and promulgated pursuant to such statutes, orders or directives.

12. In order to notify an employee’s next-of-kin or contractor in the event of a mishap involving that employee or contractor.

13. To notify another Federal agency when, or verify whether, a PIV card is no longer valid.

14. To provide relevant information to an internal or external organization or element thereof conducting audit activities of a NASA contractor or subcontractor.

15. Disclosure to a NASA contractor, subcontractor, grantee, or other Government organization information developed in an investigation or administrative inquiry concerning a violation of a Federal or state statute or regulation on the part of an officer or employee of the contractor, subcontractor, grantee, or other Government organization.

16. Standard routine uses 1 through 4 inclusive as set forth in Appendix B.

Policies and Practices for Storing, Retrieving, Accessing, Retaining, and Disposing of Records in the System: Storage:

Electronic media and hard-copy documents.

Retrievability:

Records are indexed by individual’s name, file number, badge number, decal number, payroll number, Agency-specific unique personal identification code, and/or Social Security Number.

Safeguards:

Access to system records is controlled by either Government personnel or selected personnel of NASA contractor guard/security force and contractor personnel. After presenting proper identification and requesting a file or record, a person with an official need to know and, if appropriate, a proper clearance may have access to a file or records only after it has been retrieved and approved for release by a NASA security representative. These records are secured in security storage equipment, and/or information technology systems employing security countermeasures.

Retention and Disposal:

The Personnel Security Records are maintained in Agency files and destroyed upon notification of the death or within 5 years after separation or transfer of employee or within 5 years after contract relationship expires, whichever is applicable in accordance with NASA Records Retention Schedules, Schedule 1 Item 103.

The Personal Identity Records are maintained in Agency files and destroyed upon notification of the death or within 5 years after separation or transfer of employee or within 5 years after contract relationship expires, whichever is applicable in accordance with NASA Records Retention Schedules, Schedule 1 Item 103.

The Emergency Data Records are maintained in Agency files and destroyed when no longer needed in accordance with General Records Schedule 18, Item 22a.

The Criminal Matter Records are maintained in Agency files and destroyed when 8 years old in accordance with NASA Records Retention Schedules, Schedule 2 Item 4B2.

The Traffic Management Records are maintained in Agency files and destroyed upon transfer or separation of permit holder or when permit is superseded or revoked whichever is sooner in accordance with NASA Records Retention Schedules, Schedule 6 Item 11B.

System Manager(S) and Address:

Director, Security Management Division, Location 1.

Subsystem Managers: Chief, Protective Services Division, Location 2; Chief, Security Branch, Locations 4 and 5; Security Officer, Location 3, 8, and 11; Chief, Protective Services Office, Location 6; Head, Office of Security and Public Safety, Location 7; Chief, Security Division, Location 9; Chief, Administration Office, Location 12; Safety and Security Officer at Location 14. Locations are as set forth in Appendix A.

Notification Procedure:

Information may be obtained from the cognizant system or subsystem manager listed above. Requests must contain the following identifying data concerning the requestor: First, middle, and last name; date of birth; Social Security Number; period and place of employment with NASA, if applicable.

Record Access Procedures:

Personnel Security Records compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, Federal contracts, or access to classified information have been exempted by the Administrator under 5 U.S.C. 552a(k)(5) from the access provisions of the Act.

Personal Identity Records: Requests from individuals should be addressed to the same address as stated in the Notification section above.

Emergency Data Records: Requests from individuals should be addressed to the same address as stated in the Notification section above.

Criminal Matter Records compiled for civil or criminal law enforcement purposes have been exempted by the Administrator under 5 U.S.C. 552a(k)(2) from the access provision of the Act.

Traffic Management Records: Requests from individuals should be addressed to the same address as stated in the Notification section above.

Contesting Record Procedures:

For Personnel Security Records and Criminal Matters Records, see Record Access Procedures, above. For Personal Identity Records, Emergency Data Records, and Traffic Management Records, the NASA rules for access to records and for contesting contents and appealing initial determinations by the individual concerned appear at 14 CFR part 1212.

Record Source Categories:

Information is obtained from a variety of sources including the employee, contractor, or applicant via use of the Standard Form (SF) SF-85, SF-85P, or SF-86 and personal interviews; employers’ and former employers’ records; FBI criminal history records and other databases; financial institutions and credit reports; medical records and health care providers; educational institutions; interviews of witnesses such as neighbors, friends, co-workers, business associates, teachers, landlords, or family members; tax records; and other public records. Security violation information is obtained from a variety of sources, such as guard reports, security inspections, witnesses, supervisor’s reports, audit reports.

Exemptions Claimed for the System:

Personnel Security Records compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, Federal contracts, or access to classified information, but only to the extent that the disclosure of such material would reveal the identity of a confidential source, are exempt from the following sections of the Privacy Act of 1974, 5 U.S.C. 552a(c)(3) relating to access to the disclosure accounting; (d) relating to access to the records; (e)(1) relating to the type of information maintained in the records; (e)(4)(G), (H) and (I) relating to publishing in the annual system notice information as to agency procedures for access and correction and information as to the categories of sources of records; and (f) relating to developing agency rules for gaining access and making corrections. The determination to exempt the Personnel Security Records portion of the Security Records System has been made by the Administrator of NASA in accordance with 5 U.S.C. 552a(k)(5) and Subpart 5 of the NASA regulations appearing in 14 CFR part 1212.

Criminal Matter Records to the extent they constitute investigatory material compiled for law enforcement purposes are exempt from the following sections of the Privacy Act of 1974, 5 U.S.C. 552a(c)(3) relating to access to the disclosure accounting; (d) relating to access to the records; (e)(1) relating to the type of information maintained in the records; (e)(4)(G), (H) and (I) relating to publishing in the annual system notice information as to agency procedures for access and correction and information as to the categories of sources of records; and (f) relating to developing agency rules for gaining access and making corrections. The determination to exempt the Criminal Matter Records portion of the Security Records System has been made by the Administrator of NASA in accordance with 5 U.S.C. 552a(k)(2) and subpart 5 of the NASA regulations appearing in 14 CFR part 1212.

Records subject to the provisions of 5 U.S.C. 552(b)(1) required by Executive Order to be kept secret in the interest of national defense or foreign policy are exempt from the following sections of the Privacy Act of 1974, 5 U.S.C. 552a:(c)(3) relating to access to the disclosure accounting; (d) relating to the access to the records; (e)(1) relating to the type of information maintained in the records; (e)(4)(G), (H) and (I) relating to publishing in the annual system notice information as to agency procedures for access and correction and information as to the categories of sources of records; and (f) relating to developing agency rules for gaining access and making corrections.

The determination to exempt this portion of the Security Records System has been made by the Administrator of NASA in accordance with 5 U.S.C. 552a(k)(1) and subpart 5 of the NASA regulations appearing in 14 CFR part 1212.

John W. McManus,
Acting Chief Information Officer.

Appendix A–Location Numbers and Mailing Addresses of NASA Installations at Which Records Are Located

Location 1

NASA Headquarters, National Aeronautics and Space Administration, Washington, DC 20546-0001.

Location 2

Ames Research Center, National Aeronautics and Space Administration, Moffett Field, CA 94035-1000.

[[Page 45862]]

Location 3

Dryden Flight Research Center, National Aeronautics and Space Administration, PO Box 273, Edwards, CA 93523-0273.

Location 4

Goddard Space Flight Center, National Aeronautics and Space Administration, Greenbelt, MD 20771-0001.

Location 5

Lyndon B. Johnson Space Center, National Aeronautics and Space Administration, Houston, TX 77058-3696.

Location 6

John F. Kennedy Space Center, National Aeronautics and Space Administration, Kennedy Space Center, FL 32899-0001.

Location 7

Langley Research Center, National Aeronautics and Space Administration, Hampton, VA 23681-2199.

Location 8

John H. Glenn Research Center at Lewis Field, National Aeronautics and Space Administration, 21000 Brookpark Road, Cleveland, OH 44135-3191.

Location 9

George C. Marshall Space Flight Center, National Aeronautics and Space Administration, Marshall Space Flight Center, AL 35812-0001.

Location 10

HQ NASA Management Office-JPL, National Aeronautics and Space Administration, 4800 Oak Grove Drive, Pasadena, CA 91109-8099.

Location 11

John C. Stennis Space Center, National Aeronautics and Space Administration, Stennis Space Center, MS 39529-6000.

Location 12

JSC White Sands Test Facility, National Aeronautics and Space Administration, PO Drawer MM, Las Cruces, NM 88004-0020.

Location 13

GRC Plum Brook Station, National Aeronautics and Space Administration, Sandusky, OH 44870.

Location 14

MSFC Michoud Assembly Facility, National Aeronautics and Space Administration, PO Box 29300, New Orleans, LA 70189.

Location 15

NASA Independent Verification and Validation Facility (NASA IV&V), 100 University Drive, Fairmont, WV 26554.

Location 16

Edison Post of Duty, c/o DCIS, PO 1054, Edison, NJ 08818.

Location 17

Western Field Office, Glenn Anderson Federal Building, 501 West Ocean Blvd., Long Beach, CA 90802-4222.

Appendix B–Standard Routine Uses–NASA

The following routine uses of information contained in SORs, subject to the Privacy Act of 1974, are standard for many NASA systems. They are cited by reference in the paragraph “Routine uses of records maintained in the system, including categories of users and the purpose of such uses” of the Federal Register Notice on those systems to which they apply.

Standard Routine Use No. 1–Law Enforcement–In the event this system of records indicates a violation or potential violation of law, whether civil, criminal, or regulatory in nature, and whether arising by general statute or particular program statute, or by regulation, rule or order issued pursuant thereto, the relevant records in the SOR may be referred, as a routine use, to the appropriate agency, whether Federal, State, local or foreign, charged with the responsibility of investigating or prosecuting such violation or charged with enforcing or implementing the statute, or rule, regulation or order issued pursuant thereto.

Standard Routine Use No. 2–Disclosure When Requesting Information–A record from this SOR may be disclosed as a “routine use” to a Federal, State, or local agency maintaining civil, criminal, or other relevant enforcement information or other pertinent information, such as current licenses, if necessary to obtain information relevant to an agency decision concerning the hiring or retention of an employee, the issuance of a security clearance, the letting of a contract, or the issuance of a license, grant, or other benefit.

Standard Routine Use No. 3–Disclosure of Requested Information–A record from this SOR may be disclosed to a Federal agency, in response to its request, in connection with the hiring or retention of an employee, the issuance of a security clearance, the reporting of an investigation of an employee, the letting of a contract, or the issuance of a license, grant, or other benefit by the requesting agency, to the extent that the information is relevant and necessary to the requesting agency’s decision on the matter.

Standard Routine Use No. 4–Court or Other Formal Proceedings– In the event there is a pending court or formal administrative proceeding, any records that are relevant to the proceeding may be disclosed to the Department of Justice or other agency for purposes of representing the Government, or in the course of presenting evidence, or they may be produced to parties or counsel involved in the proceeding in the course of pretrial discovery.

[FR Doc. E6-13009 Filed 8-9-06; 8:45 am]

BILLING CODE 7510-13-P