AGENCY:
U.S. Office of Personnel Management.
ACTION:
Notice; Routine Use Implementation and Response to Comments.
SUMMARY:
Pursuant to the provisions of the Privacy Act of 1974, 5 U.S.C. 552a, and Office of Management and Budget (OMB), Circular No. A-130, notice is given that the U.S. Office of Personnel Management is implementing the modification, proposed in 80 FR 42133, to all of its systems of records, as identified in the list below.
SUPPLEMENTARY INFORMATION:
On July 16, 2015, OPM published a notice to establish a new Privacy Act routine use which is applicable to all OPM systems of records. The new routine use allows OPM to disclose information to appropriate persons and entities for response and remediation purposes in the event of suspected or confirmed compromise of information in any of its systems. 80 FR 42133 (July 16, 2015). The July 16th notice invited comments on the new routine use until August 17, 2015. OPM received 5 comments during this period. After reviewing and considering the comments, OPM has decided to implement the new routine use without substantive alteration. A description of the comments and OPM's corresponding responses are included below.
Two Federal agencies requested administrative changes that were unrelated to the form or substance of this routine use. In response to one agency comment, OPM re-listed all of the OPM systems to which the new routine use will apply, including OPM/Central-19, which had been inadvertently left out of the prior notice. OPM determined that the other suggested changes do not affect implementation of the newly proposed use because they pertain specifically to other OPM systems of records. Therefore, those suggestions will be considered in future updates to notices regarding those systems.
OPM also received comments from a non-governmental organization regarding the location of certain records in other OPM systems and requesting notice in the event that those systems are compromised. OPM plans to continue fulfilling its breach notification responsibilities whenever appropriate and will respond separately to the organization with regard to its other comments, which seek OPM's response to a previous communication.
Finally, one individual and one Federal employee union sought information about security measures that would be taken to convey information shared outside of OPM pursuant to the new routine use. As with information shared outside the agency pursuant any routine use associated with its systems, OPM will transmit such information in accordance with applicable information security laws, guidelines, and standards including, but not limited to, the Federal Information Security Management Act (Pub. L. 107-296), and associated OMB policies, standards and guidance from the National Institute of Standards and Technology.
The individual commenter and employee union also questioned whether the routine use is appropriately tailored to address activities related to the suspected or confirmed compromise of information, OPM adopted the model language developed by the Office of Management and Budget (OMB Memorandum 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, Attachment 2) and adopted by a number of other Federal agencies. As drafted, this routine use permits the agency to protect sensitive information contained in OPM's systems while also facilitating mitigation and prevention activities in the event of confirmed or suspected compromise of information. Therefore, OPM has adopted the new routine use, first published on July 16, 2015, without further change.
A description of the modification to the agency's systems of records is provided below. In accordance with 5 U.S.C. 552a(r), the agency has provided a report to OMB and the Congress.
U.S. Office of Personnel Management.
Beth F. Cobert,
Director.
U.S. Office of Personnel Management Privacy Act notices and citations follow. An asterisk (*) designates the last publication of the complete document in the Federal Register.
| SORN | Title | FR# |
|---|---|---|
| 2013 statement | 2013 OPM Statement of Routine Uses for OPM's Internal and Central Systems of Records | 60 FR 63075. |
| CENTRAL-1 | Civil Service Retirement and Insurance Records | 73 FR 15013.* 64 FR 54930. 63 FR 45881. 60 FR 63075. |
| CENTRAL-2 | Complaints and Inquiries Records | 60 FR 63075. |
| CENTRAL-4 | Inspector General Investigations Case File | 60 FR 63075. |
| CENTRAL-5 | Intergovernmental Personnel Act Assignment Records | 64 FR 60249.* 60 FR 63075. |
| CENTRAL-6 | Administrative Law Judge Application Records | 60 FR 63075. |
| CENTRAL-7 | Litigation and Claims Records | 60 FR 63075. |
| CENTRAL-8 | Privacy Act/Freedom of Information Act (PA/FOIA) Case Records | 64 FR 53424.* 60 FR 63075. vol. 58, no. 68, 4/12/1993. |
| CENTRAL-9 | Personnel Investigations Records | 75 FR 28307.* 60 FR 63075. |
| CENTRAL-10 | Federal Executive Institute Program Participants Records | 64 FR 59221.* 60 FR 63075. |
| CENTRAL-11 | Presidential Management Fellows (PMF) Program Records | 77 FR 61791.* 74 FR 42334. 60 FR 63075. |
| CENTRAL-13 | Executive Personnel Records | 64 FR 60247.* 60 FR 63075. |
| CENTRAL-14 | Debarment or Suspension Records for Federal Employee Health Benefits | 60 FR 63075.* 60 FR 39194. |
| CENTRAL-15 | Health Claims Data Warehouse | 78 FR 23313.* 76 FR 35050. |
| CENTRAL-16 | Health Claims Disputes External Review Services | 76 FR 70512.* 75 FR 56601. |
| CENTRAL-18 | Federal Employees Health Benefits Program Claims Data Warehouse | 76 FR 35052. |
| CENTRAL-19 | External Review Records for Multi-State Plan (MSP) Program | 78 FR 65011. |
| CENTRAL-X | Federal Competency Assessment Tool | 72 FR 60396. |
| GOVT-1 | General Personnel Records | 77 FR 73694.* 76 FR 32997. 71 FR 35342. |
| 65 FR 24732. 61 FR 36919. | ||
| GOVT-2 | Employee Performance File System Records | 71 FR 35342.* 65 FR 24732. 61 FR 36919. |
| GOVT-3 | Records of Adverse Actions, Performance Based Reductions In Grade and Removal Actions, and Terminations of Probationers | 71 FR 35342.* 65 FR 24732. 61 FR 36919. |
| GOVT-5 | Recruiting, Examining and Placement Records | 79 FR 16834.* 71 FR 35342. 65 FR 24732. |
| GOVT-6 | Personnel Research and Test Validation Records | 71 FR 35342.* 65 FR 24732. 61 FR 36919. |
| GOVT-7 | Applicant Race, Sex, National Origin, and Disability Status Records | 71 FR 35342.* 65 FR 24732. 61 FR 36919. |
| GOVT-9 | File on Position Classification Appeals, Job Grading Appeals, Retained Grade or Pay Appeals, Fair Labor Standard Act (FLSA) Claims and Complaints, Federal Civilian Employee Compensation and Leave Claims, and Settlement of Accounts for Deceased Civilian Officers and Employees | 78 FR 60331.* 71 FR 35342. 65 FR 24732. 61 FR 36919. |
| GOVT-10 | Employee Medical File Systems Records | 75 FR 35099.* 71 FR 35342. 65 FR 24732. |
| Internal-1 | Defense Mobilization Emergency Cadre Records | 64 FR 72705.* 60 FR 63075. |
| Internal-2 | Negotiated Grievance Procedure Records | 60 FR 63075. |
| Internal-3 | Security Officer Control Files | 65 FR 14635.* 60 FR 63075. |
| Internal-4 | Health Program Records | 64 FR 51807.* 60 FR 63075. |
| Internal-5 | Pay, Leave, and Travel Records | 64 FR 61949.* 60 FR 63075. |
| Internal-6 | Appeal and Administrative Review Records | 60 FR 63075. |
| Internal-7 | Complaints and Inquiries Records | 60 FR 63075. |
| Internal-8 | Employee Counseling Services Program Records | 60 FR 63075. |
| Internal-9 | Employee Locator Card Files (PDF file) | 64 FR 51807.* 60 FR 63075. |
| Internal-10 | Motor Vehicle Operator and Accident Report Records | 60 FR 63075. |
| Internal-11 | Administrative Grievance Records | 60 FR 63075. |
| Internal-12 | Telephone Call Detail Records | 64 FR 54934. |
| Internal-13 | Parking Program Records | 65 FR 540. |
| Internal-14 | Photo Identification and Visitor Access Control Records | 64 FR 73108. |
| Internal-15 | OPM Child Care Tuition Assistance Records | 65 FR 30643. |
| Internal-16 | Adjudications Officer Control Files | 79 FR 30202.* 66 FR 42568. |
| Internal-17 | Web-Enabled Voting Rights System (WEVRS) | 71 FR 38190. |
| Internal-18 | CyberCorps®: Scholarship For Service (SFS) | 79 FR 42064.* 74 FR 42336. |
| Internal-19 | Investigation Training Records | 79 FR 8515. |
| Internal-20 | Integrity Assurance Officer Control Files | 80 FR 2447. |
Routine Uses of Records Maintained in the System, Including Categories of Users and the Purposes of Such Uses:
To appropriate agencies, entities, and persons when (1) OPM suspects or has confirmed that the security or confidentiality of information in the system of records has been compromised; (2) the agency has determined that as a result of the suspected or confirmed compromise there is a risk of harm to economic or property interests, identity theft or fraud, or harm to the security or integrity of this system or other systems or programs (whether maintained by OPM or another agency or entity) that rely upon the compromised information; and (3) the disclosure made to such agencies, entities, and persons is reasonably necessary to assist in connection with OPM's efforts to respond to the suspected or confirmed compromise and prevent, minimize, or remedy such harm.
[FR Doc. 2015-30309 Filed 11-27-15; 8:45 am]
BILLING CODE P