Privacy Act of 1974; Routine Use Implementation; System of Records

Download PDF
Federal RegisterNov 30, 2015
80 Fed. Reg. 74815 (Nov. 30, 2015)

AGENCY:

U.S. Office of Personnel Management.

ACTION:

Notice; Routine Use Implementation and Response to Comments.

SUMMARY:

Pursuant to the provisions of the Privacy Act of 1974, 5 U.S.C. 552a, and Office of Management and Budget (OMB), Circular No. A-130, notice is given that the U.S. Office of Personnel Management is implementing the modification, proposed in 80 FR 42133, to all of its systems of records, as identified in the list below.

SUPPLEMENTARY INFORMATION:

On July 16, 2015, OPM published a notice to establish a new Privacy Act routine use which is applicable to all OPM systems of records. The new routine use allows OPM to disclose information to appropriate persons and entities for response and remediation purposes in the event of suspected or confirmed compromise of information in any of its systems. 80 FR 42133 (July 16, 2015). The July 16th notice invited comments on the new routine use until August 17, 2015. OPM received 5 comments during this period. After reviewing and considering the comments, OPM has decided to implement the new routine use without substantive alteration. A description of the comments and OPM's corresponding responses are included below.

Two Federal agencies requested administrative changes that were unrelated to the form or substance of this routine use. In response to one agency comment, OPM re-listed all of the OPM systems to which the new routine use will apply, including OPM/Central-19, which had been inadvertently left out of the prior notice. OPM determined that the other suggested changes do not affect implementation of the newly proposed use because they pertain specifically to other OPM systems of records. Therefore, those suggestions will be considered in future updates to notices regarding those systems.

OPM also received comments from a non-governmental organization regarding the location of certain records in other OPM systems and requesting notice in the event that those systems are compromised. OPM plans to continue fulfilling its breach notification responsibilities whenever appropriate and will respond separately to the organization with regard to its other comments, which seek OPM's response to a previous communication.

Finally, one individual and one Federal employee union sought information about security measures that would be taken to convey information shared outside of OPM pursuant to the new routine use. As with information shared outside the agency pursuant any routine use associated with its systems, OPM will transmit such information in accordance with applicable information security laws, guidelines, and standards including, but not limited to, the Federal Information Security Management Act (Pub. L. 107-296), and associated OMB policies, standards and guidance from the National Institute of Standards and Technology.

The individual commenter and employee union also questioned whether the routine use is appropriately tailored to address activities related to the suspected or confirmed compromise of information, OPM adopted the model language developed by the Office of Management and Budget (OMB Memorandum 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, Attachment 2) and adopted by a number of other Federal agencies. As drafted, this routine use permits the agency to protect sensitive information contained in OPM's systems while also facilitating mitigation and prevention activities in the event of confirmed or suspected compromise of information. Therefore, OPM has adopted the new routine use, first published on July 16, 2015, without further change.

A description of the modification to the agency's systems of records is provided below. In accordance with 5 U.S.C. 552a(r), the agency has provided a report to OMB and the Congress.

U.S. Office of Personnel Management.

Beth F. Cobert,

Director.

U.S. Office of Personnel Management Privacy Act notices and citations follow. An asterisk (*) designates the last publication of the complete document in the Federal Register.

SORNTitleFR#
2013 statement2013 OPM Statement of Routine Uses for OPM's Internal and Central Systems of Records60 FR 63075.
CENTRAL-1Civil Service Retirement and Insurance Records73 FR 15013.* 64 FR 54930. 63 FR 45881. 60 FR 63075.
CENTRAL-2Complaints and Inquiries Records60 FR 63075.
CENTRAL-4Inspector General Investigations Case File60 FR 63075.
CENTRAL-5Intergovernmental Personnel Act Assignment Records64 FR 60249.* 60 FR 63075.
CENTRAL-6Administrative Law Judge Application Records60 FR 63075.
CENTRAL-7Litigation and Claims Records60 FR 63075.
CENTRAL-8Privacy Act/Freedom of Information Act (PA/FOIA) Case Records64 FR 53424.* 60 FR 63075. vol. 58, no. 68, 4/12/1993.
CENTRAL-9Personnel Investigations Records75 FR 28307.* 60 FR 63075.
CENTRAL-10Federal Executive Institute Program Participants Records64 FR 59221.* 60 FR 63075.
CENTRAL-11Presidential Management Fellows (PMF) Program Records77 FR 61791.* 74 FR 42334. 60 FR 63075.
CENTRAL-13Executive Personnel Records64 FR 60247.* 60 FR 63075.
CENTRAL-14Debarment or Suspension Records for Federal Employee Health Benefits60 FR 63075.* 60 FR 39194.
CENTRAL-15Health Claims Data Warehouse78 FR 23313.* 76 FR 35050.
CENTRAL-16Health Claims Disputes External Review Services76 FR 70512.* 75 FR 56601.
CENTRAL-18Federal Employees Health Benefits Program Claims Data Warehouse76 FR 35052.
CENTRAL-19External Review Records for Multi-State Plan (MSP) Program78 FR 65011.
CENTRAL-XFederal Competency Assessment Tool72 FR 60396.
GOVT-1General Personnel Records77 FR 73694.* 76 FR 32997. 71 FR 35342.
65 FR 24732. 61 FR 36919.
GOVT-2Employee Performance File System Records71 FR 35342.* 65 FR 24732. 61 FR 36919.
GOVT-3Records of Adverse Actions, Performance Based Reductions In Grade and Removal Actions, and Terminations of Probationers71 FR 35342.* 65 FR 24732. 61 FR 36919.
GOVT-5Recruiting, Examining and Placement Records79 FR 16834.* 71 FR 35342. 65 FR 24732.
GOVT-6Personnel Research and Test Validation Records71 FR 35342.* 65 FR 24732. 61 FR 36919.
GOVT-7Applicant Race, Sex, National Origin, and Disability Status Records71 FR 35342.* 65 FR 24732. 61 FR 36919.
GOVT-9File on Position Classification Appeals, Job Grading Appeals, Retained Grade or Pay Appeals, Fair Labor Standard Act (FLSA) Claims and Complaints, Federal Civilian Employee Compensation and Leave Claims, and Settlement of Accounts for Deceased Civilian Officers and Employees78 FR 60331.* 71 FR 35342. 65 FR 24732. 61 FR 36919.
GOVT-10Employee Medical File Systems Records75 FR 35099.* 71 FR 35342. 65 FR 24732.
Internal-1Defense Mobilization Emergency Cadre Records64 FR 72705.* 60 FR 63075.
Internal-2Negotiated Grievance Procedure Records60 FR 63075.
Internal-3Security Officer Control Files65 FR 14635.* 60 FR 63075.
Internal-4Health Program Records64 FR 51807.* 60 FR 63075.
Internal-5Pay, Leave, and Travel Records64 FR 61949.* 60 FR 63075.
Internal-6Appeal and Administrative Review Records60 FR 63075.
Internal-7Complaints and Inquiries Records60 FR 63075.
Internal-8Employee Counseling Services Program Records60 FR 63075.
Internal-9Employee Locator Card Files (PDF file)64 FR 51807.* 60 FR 63075.
Internal-10Motor Vehicle Operator and Accident Report Records60 FR 63075.
Internal-11Administrative Grievance Records60 FR 63075.
Internal-12Telephone Call Detail Records64 FR 54934.
Internal-13Parking Program Records65 FR 540.
Internal-14Photo Identification and Visitor Access Control Records64 FR 73108.
Internal-15OPM Child Care Tuition Assistance Records65 FR 30643.
Internal-16Adjudications Officer Control Files79 FR 30202.* 66 FR 42568.
Internal-17Web-Enabled Voting Rights System (WEVRS)71 FR 38190.
Internal-18CyberCorps®: Scholarship For Service (SFS)79 FR 42064.* 74 FR 42336.
Internal-19Investigation Training Records79 FR 8515.
Internal-20Integrity Assurance Officer Control Files80 FR 2447.

Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:

To appropriate agencies, entities, and persons when (1) OPM suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) the agency has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by OPM or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with OPM's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.

[FR Doc. 2015-30309 Filed 11-27-15; 8:45 am]

BILLING CODE P