Privacy Act of 1974; Implementation

Download PDF
Federal RegisterMay 19, 2022
87 Fed. Reg. 30416 (May. 19, 2022)

AGENCY:

Office of the Secretary of Defense (OSD), Department of Defense (DoD).

ACTION:

Final rule.

SUMMARY:

The DoD is issuing a final rule to amend its regulations to exempt portions of the DoD-0003, “Mobilization Deployment Management Information System (MDMIS),” system of records from certain provisions of the Privacy Act of 1974.

DATES:

This rule is effective on June 21, 2022.

FOR FURTHER INFORMATION CONTACT:

Ms. Rahwa Keleta, Privacy and Civil Liberties Division, Directorate for Privacy, Civil Liberties and Freedom of Information, Office of the Assistant to the Secretary of Defense for Privacy, Civil Liberties, and Transparency, Department of Defense, 4800 Mark Center Drive, Mailbox #24, Suite 08D09, Alexandria, VA 22350-1700; OSD.PCLFD@mail.mil ; (703) 571-0070.

SUPPLEMENTARY INFORMATION:

Discussion of Comments and Changes

In the notice of proposed rulemaking (NPRM), the proposed rule was to be published at 32 CFR 310.13(e)(3). DoD is now publishing this rule at 32 CFR 310.13(e)(9). The proposed rule published in the Federal Register on December 16, 2020 (85 FR 81438-81439). Comments were accepted for 60 days until February 16, 2021. One comment was received. Please see the summarized comment and the Department's response as follows:

DoD received one substantive comment on the NPRM. The commenter voiced concern regarding the classification process within the DoD. Although this comment does not directly pertain to the Privacy Act and the exemption claimed for this SORN, to promote public understanding in this area, a description of the DoD classification process is provided in this preamble.

Executive Order 13526 prescribes the framework for the Federal government (to include DoD) to classify national security information. Only DoD personnel who are delegated original classification authority in writing are authorized to review the DoD's information and make the initial decision that an item of information could reasonably be expected to cause identifiable or describable damage to the national security if it were disclosed to the public. Several oversight and compliance safeguarding mechanisms exist to ensure the process to classify information is appropriate.

These existing safeguarding mechanisms include the following: Personnel authorized to make original classification determinations are required to receive training in proper classification, including the avoidance of over-classification, and declassification at least once a calendar year. Additionally, information may only be classified if it pertains to specific categories or subjects, including military plans, weapons systems, or operations and intelligence activities. Furthermore, agency heads must (on a periodic basis) complete a comprehensive review of the agency's classification guidance, to include reviewing information that is classified within the agency; provide the results of such review to appropriate officials outside the agency at the National Archives and Records Administration (NARA); and release an unclassified version of the review to the public. Authorized holders of classified information are also encouraged and expected to “challenge” classification determinations if they believe the classification status is improper, and any individual or entity can request any Federal agency to review classified information for declassification, regardless of its age or origin, in accordance with the Mandatory Declassification Review (MDR) process. Additional information about the MDR process can be found on the NARA's MDR program page at https://www.archives.gov/isoo/training/mdr. In the interest of protecting information critical to the Nation's defense, it is appropriate for the DoD to properly classify and exempt such information from public release under the Privacy Act so as to protect U.S. national security.

Having considered the public comment, the DoD will implement the rulemaking without any changes resulting from the comment. However, DoD will make one corrective edit to 32 CFR 310.13(e)(9)(iii)(A). In the prior NPRM, records in that paragraph were referenced as “common enterprise records,” a term that does not appear in the DoD-0003 system of records notice nor necessarily apply to records in the MDMIS. The final rule removes this description and simply references “records in this system.”

Background

In finalizing this rule, DoD exempts portions of the updated and reissued DoD-0003 MDMIS system of records from certain provisions of the Privacy Act. DoD uses this system of records to automate financial and business transactions, perform cost-management analysis, produce oversight and audit reports, and provide critical data linking to improve performance of mission objectives. This system of records supports DoD in creating predictive analytic models based upon specific data streams to equip decision makers with critical data necessary for execution of fiscal and operational requirements. Some of the records that are part of the DoD-0003 MDMIS system of records may contain classified national security information and disclosure of those records to an individual may cause damage to national security. The Privacy Act, pursuant to 5 U.S.C. 552a(k)(1), authorizes agencies to claim an exemption for systems of records that contain information properly classified pursuant to executive order. For this reason, DoD has exempted portions of the DoD-0003 MDMIS system of records from the access and amendment requirements of the Privacy Act, pursuant to 5 U.S.C. 552a(k)(1), to prevent disclosure of any information properly classified pursuant to executive order, including Executive Order 13526, as implemented by DoD Instruction 5200.01 and DoD Manual 5200.01, Volumes 1 and 3. This rule will deny an individual access under the Privacy Act to only those portions of records for which the claimed exemption applies. In addition, records in the DoD-0003 MDMIS system of records are only exempt from the Privacy Act to the extent the purposes underlying the exemption pertain to the record.

Regulatory Analysis

Executive Order 12866, “Regulatory Planning and Review” and Executive Order 13563, “Improving Regulation and Regulatory Review”

Executive Orders 12866 and 13563 direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distribute impacts, and equity). Executive Order 13563 emphasizes the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility. It has been determined that this rule is not a significant regulatory action.

Congressional Review Act

This rule is not a “major rule” as defined by 5 U.S.C. 804(2).

Public Law 96-354, “Regulatory Flexibility Act” (5 U.S.C. Chapter 6)

The Assistant to the Secretary of Defense for Privacy, Civil Liberties, and Transparency certified that this Privacy Act rule does not have significant economic impact on a substantial number of small entities because they are concerned only with the administration of Privacy Act systems of records within the DoD.

Public Law 96-511, “Paperwork Reduction Act” (44 U.S.C. Chapter 35)

It has been determined that this rule does not impose additional information collection requirements on the public under the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq. ).

Section 202, Public Law 104-4, “Unfunded Mandates Reform Act”

It has been determined that this rule does not involve a Federal mandate that may result in the expenditure by State, local and tribal governments, in the aggregate, or by the private sector, of $100 million or more and that it will not significantly or uniquely affect small governments.

Executive Order 13132, “Federalism”

It has been determined that this rule does not have federalism implications. This rule does not have substantial direct effects on the States, on the relationship between the National Government and the States, or on the distribution of power and responsibilities among the various levels of government.

Executive Order 13175, “Consultation and Coordination With Indian Tribal Governments”

Executive Order 13175 establishes certain requirements that an agency must meet when it promulgates a proposed rule (and subsequent final rule) that imposes substantial direct compliance costs on one or more Indian tribes, preempts tribal law, or effects the distribution of power and responsibilities between the federal government and Indian tribes. This rule will not have a substantial effect on Indian tribal governments.

List of Subjects in 32 CFR Part 310

  • Privacy

Accordingly, 32 CFR part 310 is amended as follows:

PART 310—[AMENDED]

1. The authority citation for 32 CFR part 310 continues to read as follows:

Authority: 5 U.S.C. 552a.

2. Section 310.13 is amended by adding reserved paragraphs (e)(7) and (8) and adding paragraph (e)(9) to read as follows:

§ 310.13
Exemptions for DoD-wide systems.

(e) * * *

(7)-(8) [Reserved]

(9) System identifier and name. DoD-0003, “Mobilization Deployment Management Information System (MDMIS).”

(i) Exemptions. This system of records is exempt from subsections 5 U.S.C. 552a(c)(3), (d)(1), (d)(2), (d)(3), and (d)(4) of the Privacy Act.

(ii) Authority. 5 U.S.C. 552a(k)(1).

(iii) Exemption from the particular subsections. Exemption from the particular subsections is justified for the following reasons:

(A) Subsection (c)(3) (accounting of disclosures). Because records in this system may contain information properly classified pursuant to executive order, the disclosure accountings of such records may also contain information properly classified pursuant to executive order, the disclosure of which may cause damage to national security.

(B) Subsections (d)(1), (2), (3), and (4) (record subject's right to access and amend records). Access to and amendment of records by the record subject could disclose information properly classified pursuant to executive order. Disclosure of classified records to an individual may cause damage to national security.

(iv) Exempt records from other systems. In addition, in the course of carrying out the overall purpose for this system, exempt records from other system of records may in turn become part of the records maintained in this system. To the extent that copies of exempt records from those other systems of records are maintained in this system, the DoD claims the same exemptions for the records from those other systems that are entered into this system, as claimed for the prior system(s) of which they are a part, provided the reason for the exemption remains valid and necessary.

Dated: May 11, 2022.

Aaron T. Siegel,

Alternate OSD Federal Register Liaison Officer, Department of Defense.

[FR Doc. 2022-10656 Filed 5-18-22; 8:45 am]

BILLING CODE 5001-06-P