SUMMARY: Under the Privacy Act of 1974, as amended, the Department of the Interior is issuing a public notice of its intent to amend the Office of the Secretary Privacy Act system of records, "Incident Management, Analysis and Reporting System," to update the address for the system manager and amend Routine Use (16). The amendment will protect ongoing law enforcement proceedings, the identity of certain confidential informants, the health and safety of individuals, and the privacy interests of parties involved, injured or identified in incident reports related to traffic accidents, personal injuries, or the loss or damage of property.
DATES: Comments must be received by July 14, 2014. This amended system will be effective July 14, 2014.
ADDRESSES: Any person interested in commenting on this amendment may do so by: submitting comments in writing to the Departmental Privacy Act Officer, 1849 C Street NW., Mail Stop 5547 MIB, Washington, DC 20240; hand-delivering comments to the Departmental Privacy Act Officer, 1849 C Street NW., Mail Stop 5547 MIB, Washington, DC 20240 or emailing comments to Privacy@ios.doi.gov.
FOR FURTHER INFORMATION CONTACT: IMARS System Manager, 1849 C Street NW., Mail Stop 3060 MIB, Washington, DC 20240, or by phone at 202-208-3601.
The Department of the Interior (DOI), Office of the Secretary, maintains an enterprise-wide system of records known as the "Incident Management, Analysis and Reporting System, DOI-10" system of records. The amendment to the Incident Management, Analysis and Reporting System (IMARS) will revise the routine uses section to update Routine Use (16) to provide information to parties who need it to adjudicate a claim. The amendment to Routine Use (16) states that:
• The release of information under these circumstances should only occur when it will not interfere with ongoing law enforcement proceedings, risk the health or safety of an individual, or reveal the identity of an informant or witness that has received an explicit assurance of confidentiality.
• To protect individual privacy, Social Security numbers and tribal identification numbers should not be released under these circumstances unless the Social Security number or tribal identification number belongs to the individual requester.
The IMARS system provides a unified system for Department of the Interior law enforcement agencies to manage law enforcement investigations, measure performance and meet reporting requirements. The system also provides the capability to prevent, detect and investigate known and suspected criminal activity; to interface with Department of Homeland Security and National Incident Based Reporting System; analyze and prioritize protection efforts; provide information to justify law enforcement funding requests and expenditures; assist in managing visitor use and protection programs, including training; investigate, detain and apprehend those committing crimes on DOI properties or tribal reservations (for the purpose of this system of records notice, tribal reservations include contiguous areas policed by tribal or Bureau of Indian Affairs law enforcement offices) managed by a Native American tribe under DOI's Bureau of Indian Affairs; and investigate and prevent visitor accident injuries on DOI properties or tribal reservations. Incident and non-incident data related to criminal and civil activity will be collected in support of law enforcement, homeland security, and security (physical, personnel and stability, information, and industrial) activities. This may include data documenting investigations and law enforcement activities, traffic safety, property damage claims, traffic accidents and domestic issues, and emergency management, sharing and analysis activities.
Accordingly, DOI consolidated the following DOI Privacy Act systems of records: Bureau of Reclamation Law Enforcement Management Information System (RLEMIS)--Interior, WBR-50 (73 FR 62314, October 20, 2008); Fish and Wildlife Service Investigative Case File System-Interior, FWS-20 (48 FR 54719, December 6, 1983); Bureau of Land Management Criminal Case Investigation--Interior, BLM-18 (73 FR 17376, April 1, 2008); Bureau of Indian Affairs Law Enforcement Services-Interior, BIA-18 (70 FR 1264, January 6, 2005); and National Park Service Case Incident Reporting System, NPS-19 (70 FR 1274, January 6, 2005) into one Department of the Interior system of records, titled the Incident Management, Analysis and Reporting System (IMARS). The IMARS system is maintained by the DOI Office of Law Enforcement Services, and is managed by the IMARS Security Manager (the "System Manager"). The IMARS system notice was last published in the Federal Register on July 30, 2013 (Volume 78, Number 146).
The amendments to the system will be effective as proposed at the end of the comment period (the comment period will end 40 days after the publication of this notice in the Federal Register), unless comments are received which would require a contrary determination. DOI will publish a revised notice if changes are made based upon a review of the comments received.
The Department of the Interior published a notice of proposed rulemaking in the Federal Register on August 1, 2013 (Volume 78, Number 148) in accordance with the requirements of 5 U.S.C. 553(b), (c) and (e), to exempt records maintained in this system from certain provisions of the Privacy Act pursuant to 5 U.S.C. 552a(j)(2) and (k)(2). The exemptions for the consolidated system of records will continue to be applicable until the final rule has been completed.
II. Privacy Act
The Privacy Act of 1974, as amended, embodies fair information practice principles in a statutory framework governing the means by which Federal Agencies collect, maintain, use, and disseminate individuals' personal information. The Privacy Act applies to information that is maintained in a "system of records." A "system of records" is a group of any records under the control of an agency for which information about an individual is retrieved by the name or by some identifying number, symbol, or other identifying particulars assigned to the individual. The Privacy Act defines an individual as a United States citizen or lawful permanent resident. As a matter of policy, DOI extends administrative Privacy Act protections to all individuals. Individuals may request access to their own records that are maintained in a system of records in the possession or under the control of DOI by complying with DOI Privacy Act regulations, 43 CFR Part 2, subpart K.
The Privacy Act requires each agency to publish in the Federal Register a description denoting the type and character of each system of records that the agency maintains and the routine uses of each system to make agency recordkeeping practices transparent, notify individuals regarding the uses of their records, and assist individuals to more easily find such records within the agency. The system notice for the amended "Incident Management, Analysis and Reporting System, DOI-10" is published in its entirety below.
In accordance with 5 U.S.C. 552a(r), DOI has provided a report of this system of records to the Office of Management and Budget and to Congress.
III. Public Disclosure
Before including your address, phone number, email address, or other personal identifying information in your comment, you should be aware that your entire comment--including your personal identifying information--may be made publicly available at any time. While you can ask us in your comment to withhold your personal identifying information from public review, we cannot guarantee that we will be able to do so.
Departmental Privacy Act Officer.
Incident Management, Analysis and Reporting System, DOI-10
Interior Business Center, U.S. Department of the Interior, 7301 W Mansfield Ave., Denver, CO 80235.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
The categories of individuals covered in the system include current and former Federal employees and contractors, Federal, tribal, state and local law enforcement officers. Additionally, this system contains information regarding members of the general public, including individuals and/or groups of individuals involved with law enforcement incidents involving Federal assets or occurring on public lands and tribal reservations, such as witnesses, individuals making complaints, individuals being investigated or arrested for criminal or traffic offenses, or certain types of non-criminal incidents; and members of the general public involved in an accident on DOI properties or tribal reservations.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system includes law enforcement incident reports, law enforcement personnel records, and law enforcement training records, which contain the following information: Social Security numbers, drivers license numbers, vehicle identification numbers, license plate numbers, names, home addresses, work addresses, telephone numbers, email addresses and other contact information, emergency contact information, ethnicity and race, tribal identification numbers or other tribal enrollment data, work history, educational history, affiliations, and other related data, dates of birth, places of birth, passport numbers, gender, fingerprints, hair and eye color, and any other physical or distinguishing attributes of an individual. Incident reports and records may include attachments such as photos, video, sketches, medical reports, and email and text messages. Incident reports may also include information concerning criminal activity, response, and outcome of the incident. Records in this system also include information concerning Federal civilian employees and contractors, Federal, tribal, state and local law enforcement officers and may contain information regarding an officer's name, contact information, station and career history, firearms qualifications, medical history, background investigation and status, date of birth and Social Security Number. Information regarding officers' equipment, such as firearms, tasers, body armor, vehicles, computers and special equipment related skills is also included in this system.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Uniform Federal Crime Reporting Act, 28 U.S.C. 534; Intelligence Reform and Terrorism Prevention Act of 2004 (Pub. L. 108-458); Homeland Security Act of 2002 (Pub. L. 107-296); USA PATRIOT ACT of 2001 (Pub. L. 107-56); USA PATRIOT Improvement Act of 2005 (Pub. L. 109-177); Tribal Law and Order Act of 2010 (Pub. L. 111-211); Homeland Security Presidential Directive 7--Critical Infrastructure Identification, Prioritization, and Protection; Homeland Security Presidential Directive 12--Policy for a Common Identification Standard for Federal Employees and Contractors; Criminal Intelligence Systems Operating Policies, 28 CFR part 23.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
The IMARS system of records is an incident management and reporting application used to prevent, detect and investigate known and suspected criminal activity; protect natural and cultural resources; capture, integrate and share law enforcement and related information and observations from other sources; measure performance of law enforcement programs and management of emergency incidents; meet reporting requirements, provide Department of Homeland Security (DHS) and National Incident Based Reporting System (NIBRS) interface frameworks; analyze and prioritize protection efforts; assist in managing visitor use and protection programs; employee training; enable the ability to investigate, detain and apprehend those committing crimes on DOI properties or tribal reservations; and to investigate and prevent visitor accident injuries on DOI properties or tribal reservations.
In addition to those disclosures generally permitted under 5 U.S.C. 552a(b) of the Privacy Act, records or information contained in this system may be disclosed outside DOI as a routine use pursuant to 5 U.S.C. 552a(b)(3) as follows:
(1) (a) To any of the following entities or individuals, when the circumstances set forth in paragraph (b) are met:
(i) The U.S. Department of Justice (DOJ);
(ii) A court or an adjudicative or other administrative body;
(iii) A party in litigation before a court or an adjudicative or other administrative body; or
(iv) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee;
(i) One of the following is a party to the proceeding or has an interest in the proceeding:
(A) DOI or any component of DOI;
(B) Any other Federal agency appearing before the Office of Hearings and Appeals;
(C) Any DOI employee acting in his or her official capacity;
(D) Any DOI employee acting in his or her individual capacity if DOI or DOJ has agreed to represent that employee or pay for private representation of the employee;
(E) The United States, when DOJ determines that DOI is likely to be affected by the proceeding; and
(ii) DOI deems the disclosure to be:
(A) Relevant and necessary to the proceeding; and
(B) Compatible with the purpose for which the records were compiled.
(2) To a congressional office in response to a written inquiry that an individual covered by the system, or the heir of such individual if the covered individual is deceased, has made to the office, to the extent the records have not been exempted from disclosure pursuant to 5 U.S.C. 552a(j)(2) and (k)(2).
(3) To the Executive Office of the President in response to an inquiry from that office made at the request of the subject of a record or a third party on that person’s behalf, or for a purpose compatible for which the records are collected or maintained, to the extent the records have not been exempted from disclosure pursuant to 5 U.S.C. 552a(j)(2) and (k)(2).
(4) To any criminal, civil, or regulatory law enforcement authority (whether Federal, State, territorial, local, tribal or foreign) when a record, either alone or in conjunction with other information, indicates a violation or potential violation of law—criminal, civil, or regulatory in nature, and the disclosure is compatible with the purpose for which the records were compiled.
(5) To an official of another Federal agency to provide information needed in the performance of official duties related to reconciling or reconstructing data files or to enable that agency to respond to an inquiry by the individual to whom the record pertains.
(6) To Federal, State, territorial, local, tribal, or foreign agencies that have requested information relevant or necessary to the hiring, firing or retention of an employee or contractor, or the issuance of a security clearance, license, contract, grant or other benefit, when the disclosure is compatible with the purpose for which the records were compiled.
(7) To representatives of the National Archives and Records Administration to conduct records management inspections under the authority of 44 U.S.C. 2904 and 2906.
(8) To State and local governments and tribal organizations to provide information needed in response to court order and/or discovery purposes related to litigation, when the disclosure is compatible with the purpose for which the records were compiled.
(9) To an expert, consultant, or contractor (including employees of the contractor) of DOI that performs services requiring access to these records on DOI’s behalf to carry out the purposes of the system.
(10) To appropriate agencies, entities, and persons when:
(a) It is suspected or confirmed that the security or confidentiality of information in the system of records has been compromised; and
(b) The Department has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interest, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by the Department or another agency or entity) that rely upon the compromised information; and
(c) The disclosure is made to such agencies, entities and persons who are reasonably necessary to assist in connection with the Department’s efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
(11) To the Office of Management and Budget during the coordination and clearance process in connection with legislative affairs as mandated by OMB Circular A-19.
(12) To the Department of the Treasury to recover debts owed to the United States.
(13) To a consumer reporting agency if the disclosure requirements of the Debt Collection Act, as outlined at 31 U.S.C. 3711(e)(1), have been met.
(14) To the Department of Justice, the Department of Homeland Security, and other federal, state and local law enforcement agencies for the purpose of information exchange on law enforcement activity.
(15) To agency contractors, grantees, or volunteers for DOI or other Federal Departments who have been engaged to assist the Government in the performance of a contract, grant, cooperative agreement, or other activity related to this system of records and who need to have access to the records in order to perform the activity.
(16) To any of the following entities or individuals, for the purpose of providing information on traffic accidents, personal injuries, or the loss or damage of property:
(a) Individuals involved in such incidents;
(b) Persons injured in such incidents;
(c) Owners of property damaged, lost or stolen in such incidents; and/or
(d) These individuals’ duly verified insurance companies, personal representatives, administrators of estates, and/or attorneys.
The release of information under these circumstances should only occur when it will not interfere with ongoing law enforcement proceedings; risk the health or safety of an individual; or reveal the identity of an information or witness that has received an explicit assurance of confidentiality. Social Security numbers and tribal identification numbers should not be released under these circumstances unless the Social Security number or tribal identification number belongs to the individual requestor.
(17) To any criminal, civil, or regulatory authority (whether Federal, State, territorial, local, tribal or foreign) for the purpose of providing background search information on individuals for legally authorized purposes, including but not limited to background checks on individuals residing in a home with a minor or individuals seeking employment opportunities requiring background checks.
(18) To the news media and the public, with the approval of the System Manager in consultation with the Office of the Solicitor and the Senior Agency Official for Privacy, in support of the law enforcement activities, including obtaining public assistance with identifying and locating criminal suspects and lost or missing individuals, and providing the public with alerts about dangerous individuals.
(19) To another Federal agency or Federal entity, when DOI determines that information from this system of records is reasonably necessary to assist the recipient agency or entity in:
(a) Responding to a suspected or confirmed breach; or
(b) Preventing, minimizing, or remedying the risk of harm to individuals, the recipient agency or entity (including its information systems, programs, and operations), the Federal Government, or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING AND DISPOSING OF RECORDS IN THE SYSTEM:
Electronic records are maintained in password protected removable drives and other user-authenticated, password-protected systems that are compliant with the Federal Information Security Management Act. All records are accessed only by authorized personnel who have a need to access the records in the performance of their official duties. Paper records are contained in file folders stored in file cabinets.
Multiple fields allow retrieval of individual record information including Social Security number, first or last name, badge number, address, phone number, vehicle information and physical attributes.
The records contained in this system are safeguarded in accordance with 43 CFR 2.226 and other applicable security rules and policies. During normal hours of operation, paper records are maintained in locked filed cabinets under the control of authorized personnel. Computerized records systems follow the National Institute of Standards and Technology standards as developed to comply with the Privacy Act of 1974 (Pub. L. 93-579), Paperwork Reduction Act of 1995 (Pub. L. 104-13), Federal Information Security Management Act of 2002 (Pub. L. 107-347), and the Federal Information Processing Standards 199, Standards for Security Categorization of Federal Information and Information Systems. Computer servers in which electronic records are stored are located in secured Department of the Interior facilities.
Access to records in the system is limited to authorized personnel who have a need to access the records in the performance of their official duties. Electronic data is protected through user identification, passwords, database permissions and software controls. Such security measures establish different access levels for different types of users associated with pre-defined groups and/or bureaus. Each user's access is restricted to only the functions and data necessary to perform that person's job responsibilities. Access can be restricted to specific functions (create, update, delete, view, assign permissions) and is restricted utilizing role-based access.
Authorized users are trained and required to follow established internal security protocols and must complete all security, privacy, and records management training and sign the Rules of Behavior. Contract employees with access to the system are monitored by their Contracting Officer's Technical Representative and the agency Security Manager.
RETENTION AND DISPOSAL:
Records in this system are retained and disposed of in accordance with Office of the Secretary Records Schedule 8151, Incident, Management, Analysis and Reporting System, which was approved by the National Archives and Records Administration (NARA) (N1-048-09-5), and other NARA approved bureau or office records schedules. The specific record schedule for each type of record or form is dependent on the subject matter and records series. After the retention period has passed, temporary records are disposed of in accordance with the applicable records schedule and DOI policy. Disposition methods include burning, pulping, shredding, erasing and degaussing in accordance with DOI-384 Departmental Manual-1. Permanent records that are no longer active or needed for agency use are transferred to the National Archives for permanent retention in accordance with NARA guidelines.
SYSTEM MANAGER AND ADDRESS:
IMARS Security Manager, 1849 C Street NW., Mail Stop 3060 MIB, Washington, DC 20240.
The Department of the Interior has exempted portions of this system from the notification procedures of the Privacy Act pursuant to sections (j)(2) and (k)(2). An individual requesting notification of the existence of records on himself or herself should send a signed, written inquiry to the System Manager identified above. The request envelope and letter should both be clearly marked "PRIVACY ACT INQUIRY." A request for notification must meet the requirements of 43 CFR 2.235.
RECORDS ACCESS PROCEDURES:
The Department of the Interior has exempted portions of this system from the access procedures of the Privacy Act pursuant to sections (j)(2) and (k)(2). An individual requesting records on himself or herself should send a signed, written inquiry to the System Manager identified above. The request should describe the records sought as specifically as possible. The request envelope and letter should both be clearly marked "PRIVACY ACT REQUEST FOR ACCESS." A request for access must meet the requirements of 43 CFR 2.238.
CONTESTING RECORDS PROCEDURES:
The Department of the Interior has exempted portions of this system from the amendment procedures of the Privacy Act pursuant to sections (j)(2) and (k)(2). An individual requesting corrections or the removal of material from his or her records should send a signed, written request to the System Manager identified above. A request for corrections or removal must meet the requirements of 43 CFR 2.246.
RECORD SOURCE CATEGORIES:
Sources of information in the system include Department, bureau, office, tribal, State and local law officials and management, complainants, informants, suspects, victims, witnesses, visitors to Federal properties, and other Federal agencies including the Federal Bureau of Investigation or the Department of Justice.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
The Privacy Act (5 U.S.C. 552a(j)(2) and (k)(2)) provides general exemption authority for some Privacy Act systems. In accordance with that authority, the Department of the Interior adopted regulations 43 CFR 2.254(a-b). Pursuant to 5 U.S.C. 552a(j)(2) and (k)(2) of the Privacy Act, portions of this systems are exempt from the following subsections of the Privacy Act (as found in 5 U.S.C. 552a); (c)(3), (c)(4), (d), (e)(1) through (e)(3), (e)(4)(G) through (e)(4)(I), (e)(5), (e)(8), (f), and (g).