75 FR 3919 (January 25, 2010); Modification published 86 FR 50156 (September 7, 2021) ============================================================================================================= DEPARTMENT OF THE INTERIOR Bureau of Land Management Privacy Act of 1974, as Amended; Amendment of an Existing System of Records AGENCY: Bureau of Land Management, Interior. ACTION: Notice of Amendment to an Existing System of Records. ---------------------------------------------------------------------------------------------------------------------------------------------------------------- SUMMARY: Pursuant to the provisions of the Privacy Act of 1974, as amended, the Department of the Interior (DOI) is issuing a public notice of its intent to amend the Bureau of Land Management "Mineral and Vegetal Material Sales"--Interior, (BLM)-16 notice. The amendment includes a change in the system name from "Mineral and Vegetal Material Sales'' to "Timber Sale Information System (TSIS)." The amendment includes an update to the record content for Special Forest Products and incorporates the Stewardship Contracting Information Database (SCID) as a module of TSIS. The amended system of records is captioned "Interior-BLM-16" and is titled "Timber Sale Information System (TSIS)." DATES: Comments must be received by March 8, 2010. ADDRESSES: Any person interested in commenting on this amendment may do so by: submitting comments in writing to Privacy Act Officer, Oregon State Office, P.O. Box 2965, Portland, Oregon 97208; hand-delivering comments to Oregon State Office, 333 SW. 1st Avenue, Portland, Oregon 97204; or e-mailing comments to Sherrie_Reid@blm.gov. Before including your address, phone number, e-mail address, or other personal identifying information in your comment, you should be aware that your entire comment--including your personal identifying information--may be made publicly available at any time. While you can ask us in your comment to withhold your personal identifying information from public review, we cannot guarantee that we will be able to do so. FOR FURTHER INFORMATION CONTACT: Deputy State Director, Division of Resource Planning, Use and Protection (OR930), U.S. Department of the Interior, Bureau of Land Management, Oregon State Office, 333 SW. 1st Avenue, Portland, Oregon 97204. SUPPLEMENTARY INFORMATION: The Bureau of Land Management maintains the TSIS system of records. The purpose of this system is to track timber sale contract administration and accounting; Special Forest Products (SFP) sales and permits; and the use of procurement contracts and agreements for removing vegetal products from public lands through stewardship contracting authorized under the Omnibus Appropriations Bill of 2003, (Pub. L. 108-7, Section 323). Authorization for TSIS and its components fall under the Clinger-Cohen Act of 1996, OMB Circular A-130 "Management of Federal Information Resources'', and the Oregon and California Lands Act of 1937. The system also provides data for reporting accomplishments. The amendments to the system will be effective as proposed at the end of the comment period (the comment period will end 40 days after the publication of this notice in the Federal Register), unless comments are received which would require a contrary determination. The DOI will publish a revised notice if changes are made based upon a review of the comments received. Beverly E. Walker, Privacy Act Officer, Bureau of Land Management. INTERIOR/BLM-16 SYSTEM NAME: Timber Sale Information System (TSIS)--Interior, BLM-16 SYSTEM LOCATION: U.S. Department of the Interior, Bureau of Land Management, Oregon State Office, 333 SW. 1st Avenue, Portland, Oregon 97204. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM: Purchasers of vegetal materials. Purchasers refer to those individuals that purchase vegetative materials, and enter into timber sales and stewardship contracts; and include, but are not limited to, the following descriptive terminology: individual buyers or permittees, partnerships, corporations or contractors. CATEGORIES OF RECORDS IN THE SYSTEM: The record contains customer information on timber purchasers, contact person(s) for timber purchasers of special forest products, and stewardship agreement recipient’s individual, partnership, corporate). Information is collected in person from a purchaser physically present at a BLM facility or from an authorized BLM Contracting Officer. The data is entered into TSIS by an authorized BLM employee or contractor. The record may contain the purchaser's name, address, phone numbers, driver license, vehicle information, description of the material purchased, quantity, sale price, the Bureau's assigned sale number, and information on debts owed the Bureau because of defective payments. The SCID module contains the contractor/agreement recipient's name and telephone number. The system operates under the Privacy Act of 1974 and the regulations in 43 CFR 2.48(d). Note: Certain categories of information must be reviewed under the Freedom of Information Act (FOIA) and are not included in the information available for public inspection. AUTHORITY FOR MAINTENANCE OF THE SYSTEM: 16 U.S.C. 617, 30 U.S.C. 601, 43 U.S.C. 1181(a). ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES: The primary uses of the records are: (1) Timber sale accounting, management, activity tracking and tracking of Special Forest Product (SFP) sales and permits. The TSIS provides direct support to BLM Mission Goals 2.4.01 and 2.4.02 related to managing the use of forest and woodland products in the Public Domain (PD) and in the Oregon and California Lands (O&C). The volumes calculated in 2.4.01 and 2.4.02 are used to determine the percentages in 2.4.03 and 2.4.04. The TSIS is the sole automated process to track timber sale and special forest product activity and accomplishments, and it is the sole source for validation of timber sale and special forest product revenues in the BLM's financial system. The SCID module is the sole automated process to track stewardship contracts and agreements, and is the sole source for validation of revenues received via stewardship contracting from timber sales, procurement contracts and agreements. In addition, SCID records earned credits for work performed on public lands in exchange for the vegetal contracts. The work credit is reported to the contractor and the Internal Revenue Service on a 1099 form by the BLM. (2) Vehicle and identification information, if provided by the SFP permittee, is provided to BLM law enforcement officials to support enforcement of permit stipulations and requirements. Contact information (name, address) is printed on each permit and is useful to identify the uniqueness of a permittee. DISCLOSURES OUTSIDE DOI MAY BE MADE WITHOUT THE CONSENT OF THE INDIVIDUAL TO WHOM THE RECORD PERTAINS AS A ROUTINE USE UNDER THE FOLLOWING CIRCUMSTANCES: (1) (a) To any of the following entities or individuals, when the circumstances set forth in paragraph (b) are met: (1) (a) To any of the following entities or individuals, when the circumstances set forth in paragraph (b) are met: (i) The U.S. Department of Justice (DOJ); (ii) A court or an adjudicative or other administrative body; (iii) A party in litigation before a court or an adjudicative or other administrative body; or (iv) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee; (b) When: (i) One of the following is a party to the proceeding or has an interest in the proceeding: (A) DOI or any component of DOI; (B) Any other Federal agency appearing before the Office of Hearings and Appeals; (C) Any DOI employee acting in his or her official capacity; (D) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee; (E) The United States, when DOJ determines that DOI is likely to be affected by the proceeding; and (ii) DOI deems the disclosure to be: (A) Relevant and necessary to the proceeding; and (B) Compatible with the purpose for which the records were compiled. (2) To a congressional office in response to a written inquiry that an individual covered by the system, or the heir of such individual if the covered individual is deceased, has made to the office. (3) To any criminal, civil, or regulatory law enforcement authority (whether Federal, State, territorial, local, Tribal or foreign) when a record, either alone or in conjunction with other information, indicates a violation or potential violation of law--criminal, civil, or regulatory in nature--and the disclosure is compatible with the purpose for which the records were compiled. (4) To an official of another Federal agency to provide information needed in the performance of official duties related to reconciling or reconstructing data files or to enable that agency to respond to an inquiry by the individual to whom the record pertains. (5) To Federal, State, territorial, local, Tribal, or foreign agencies that have requested information relevant or necessary to the hiring, firing or retention of an employee or contractor, or the issuance of a security clearance, license, contract, grant or other benefit, when the disclosure is compatible with the purpose for which the records were compiled. (6) To representatives of the National Archives and Records Administration to conduct records management inspections under the authority of 44 U.S.C. 2904 and 2906. (7) To State and local governments and Tribal organizations to provide information needed in response to court order and/or discovery purposes related to litigation, when the disclosure is compatible with the purpose for which the records were compiled. (8) To an expert, consultant, or contractor (including employees of the contractor) of DOI that performs services requiring access to these records on DOI's behalf to carry out the purposes of the system. (9) The appropriate agencies, entities, and persons when: (a) It is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; and (b) The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interest, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the compromised information; and (c) The disclosure is made to such agencies, entities and persons who are reasonably necessary to assist in connection with the Department's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm. (10) To the Office of Management and Budget during the coordination and clearance process in connection with legislative affairs as mandated by OMB Circular A-19. (11) To the Department of the Treasury to recover debts owed to the United States. (12) To the news media when the disclosure is compatible with the purpose for which the records were compiled. (13) To a consumer reporting agency if the disclosure requirements of the Debt Collection Act, as outlined at 31 U.S.C. 3711(e)(1), have been met. (14) To another Federal agency or Federal entity, when DOI determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in: (a) Responding to a suspected or confirmed breach; or (b) Preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach. POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING AND DISPOSING OF RECORDS IN THE SYSTEM: STORAGE: Paper records are stored in file folders, in locked file cabinets until data input is verified. Any paper records that are not input into the system are maintained in secured files. Electronic records are stored on disk, system hard drive, tape or other appropriate media. RETRIEVABILITY: Indexed by system-generated identifiers, an assigned number is used to retrieve SFP permit number, purchaser, contractor and dates. An existing purchaser may be located by entering a portion (or all) of the individual's contact information (name, address, this may include a phone number if it was provided) and reviewing the list of individuals matching the search criteria. The search functionality for timber sales allows users to browse lists of timber sales, purchasers, and sureties. SAFEGUARDS: Access to records is limited to authorized personnel. Electronic records are maintained with safeguards meeting security requirements of 43 CFR 2.51. A security plan was developed to prevent unauthorized access to the system and secure transmission of the data. A Privacy Impact Assessment was completed and signed in January 2008. (1) Physical Security--Information is collected in person from a purchaser(s) physically present at a BLM facility or from an authorized BLM Contracting Officer. The data is entered into SFP-Web by an authorized BLM employee or contractor. These forms are only available on the BLM intranet and are not available to the public on any Website. Any paper records that are not input into the system are maintained in locked file cabinets. (2) Technical Security--TSIS users are granted access to the TSIS application via the district TSIS data steward. The request for access must be signed by the TSIS data steward (ORSO) and IT Security Manager (ORSO) and passwords are required. The SFP Users are granted access to the TSIS-Web application by the district TSIS data steward. SCID Users are granted access to the SCID module Web application by the State office or district SCID data steward. The request for access must be signed by the TSIS data steward (ORSO) or SCID data steward, and IT Security Manager (ORSO). Data from the current TSIS (Unix-based) version are integrated into a data warehouse with the new TSIS-Web version and the SCID Web module each night. The data is unloaded from the TSIS (Informix) database to a local directory where the system developer and system administrators have access. This data is then loaded into a new database (MySQL) on another server where the TSIS-Web data also resides. The integration of data sources excludes the identification provided by the permittee (for the 5450-24 permit), but does include permittee name, address, phone (if provided), and vehicle information (where provided). The TSIS data warehouse database is only available to the system developer, and information from this database is available to BLM users only via read-only reports. Most reports that are available from the warehouse data do not contain Personally Identifiable Information (PII). Of the few reports (6 total) that do contain PII, only four contain more than first/last name. Only users with access to the BLM intranet, authenticated BLM domain users, who are also members of the TSIS group in Active Directory, are able to retrieve these reports. These electronic records are maintained in compliance with Office of Management and Budget and Departmental guidelines. (3) Administrative Security--All BLM employees with access to the system are required to complete Privacy Act, Records Management Act, and IT Security Awareness training prior to being given access to the system, and on an annual basis thereafter. The Rules of Behavior are in accordance with the BLM policy that requires the signature of all BLM Network users. Applicable Privacy Act warning statements are placed on all information printouts of data from the system. RETENTION AND DISPOSAL: Records are retained and disposed of in accordance with National Archives and Records Administration (NARA) procedures and General Records Schedule (GRS) BLM 4/6d(4) and (6). Records are to be destroyed or deleted when data has been transferred to an electronic medium and verified. However, due to the current freeze on the destruction/deletion of all records and the GRS/BLM records, all records are permanent until the freeze is lifted. SYSTEM MANAGER(S) AND ADDRESS: Deputy State Director, Division of Resource Planning, Use and Protection (OR930), U.S. Department of the Interior, Bureau of Land Management, Oregon State Office, P.O. Box 2965, Portland, Oregon 97208. NOTIFICATION PROCEDURE: An individual requesting notification of the existence of records on himself or herself should send a signed, written inquiry to the Systems Manager identified above. The request envelope and letter should both be clearly marked "PRIVACY ACT INQUIRY." A request for notification must meet the requirements of 43 CFR 2.60. RECORDS ACCESS PROCEDURES: An individual requesting records on himself or herself should send a signed, written inquiry to the Systems Manager identified above. The request should describe the records sought as specifically as possible. The request envelope and letter should both be clearly marked "PRIVACY ACT REQUEST FOR ACCESS." A request for access must meet the requirements of 43 CFR 2.63. CONTESTING RECORD PROCEDURES: An individual requesting corrections or the removal of material from his or her records should send a signed, written request to the System Manager identified above. A request for corrections or removal must meet the requirements of 43 CFR 2.71. RECORD SOURCE CATEGORIES: Information is provided by the purchaser, contractor, or agreement recipient. EXEMPTIONS CLAIMED FOR THE SYSTEM: None.