Privacy Act Regulations for EPA-83

AGENCY:

Environmental Protection Agency (EPA).

ACTION:

Proposed rule.

SUMMARY:

The Environmental Protection Agency (EPA or Agency) is proposing to revise the Agency's Privacy Act regulations to exempt a system of records, EPA–83, the Personnel Security System (PSS) 2.0, from certain requirements of the Privacy Act because the system will contain information relevant to insider threat inquiries and background investigations. If such information is not kept confidential, it could jeopardize EPA or a referring agency's ability to conduct background investigations, insider threat inquiries, or any related inquiries. In the “Rules and Regulations” section of this Federal Register , EPA is simultaneously publishing the revision of the Agency's Privacy Act Regulations to include EPA–83 as a direct final rule without a prior proposed rule. If the Agency receives no adverse comment, it will not take further action on this proposed rule.

DATES:

Comments must be received on or before December 18, 2023.

ADDRESSES:

Submit your comments, identified by Docket ID No. EPA–HQ–OMS–2019–0371, at https://www.regulations.gov/. Follow the online instructions for submitting comments. Once submitted, comments cannot be edited or removed from Regulations.gov. The EPA may publish any comment received to its public docket. Do not submit electronically any information you consider to be Confidential Business Information (CBI) or other information whose disclosure is restricted by statute. Multimedia submissions (audio, video, etc.) must be accompanied by a written comment. The written comment is considered the official comment and should include discussion of all points you wish to make. The EPA will generally not consider comments or comment contents located outside of the primary submission ( i.e., on the web, cloud, or other file sharing system). For additional submission methods, the full EPA public comment policy, information about CBI or multimedia submissions, and general guidance on making effective comments, please visit https://www.epa.gov/dockets/commenting-epa-dockets.

FOR FURTHER INFORMATION CONTACT:

John Goldsby, Personnel Security Branch, Environmental Protection Agency, William Jefferson Clinton North Building, Mail Code 3206A, 1200 Pennsylvania Avenue NW, Washington, DC 20460; telephone number: (202) 564–1569; email address: Goldsby.John@epa.gov.

SUPPLEMENTARY INFORMATION:

I. Why is EPA issuing this proposed rule?

The EPA proposes to revise the Agency's Privacy Act regulations in order to exempt a system of records, EPA–83, the Personnel Security System (PSS) 2.0, from certain requirements of the Privacy Act. The EPA has published a direct final rule exempting this system of records in the “Rules and Regulations” section of this Federal Register because it views this as a noncontroversial action and anticipates no adverse comment. EPA explains its reasons for the direct final rule in the preamble to that rule. If EPA receives no adverse comment, it will not take further action on this proposed rule. If EPA receives adverse comment, it will withdraw the direct final rule and the rule will not take effect. EPA will address public comments in any subsequent final rule based on this proposed rule. EPA does not intend to institute a second comment period on this action. Any parties interested in commenting must do so at this time. For further information, please see the information provided in the ADDRESSES section of this document.

II. General Information

The EPA published a Privacy Act system of records notice for information collected and maintained in the Personnel Security System (PSS) 2.0 (85 FR 32380, May 29, 2020), and a Notice of a Modified System of Records concurrently with this proposed rule. PSS 2.0 supports the Personnel Security Branch (PSB) with tracking the documentation associated with background investigations for Federal and non-Federal personnel working for EPA. PSS 2.0 contains investigatory material compiled for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, Federal contracts, or access to classified information. Additionally, the PSB plans to update PSS 2.0 with a new module focused on providing the agency with insider threat inquiry management and coordination capabilities. The Insider Threat Program module will contain information relevant to insider threat inquiries on cleared individuals with access to EPA resources, including facilities, information, equipment, networks, and systems. At a later date, and once relevant authorities are updated, the insider threat module will also contain information on uncleared individuals with access to EPA resources. Information maintained in the Insider Threat Program module may be directly collected by EPA's Office of Homeland Security (OHS) or may be obtained by OHS from law enforcement agencies or systems. Specifically, OHS will use the module to detect, deter, and mitigate potential insider threats before they harm national security. OHS will collect and maintain information in the module to identify potential insider threats, which may form the predicate of law enforcement investigations conducted by other law enforcement entities. Further, if an inquiry uncovers insider threat indicators, OHS may share relevant data from the module with authorized law enforcement organizations, like EPA's Office of Inspector General or the Federal Bureau of Investigation, for those organizations to conduct any necessary investigations.

Pursuant to the Privacy Act, when information is maintained for the purpose of civil actions, the relevant provision of the Privacy Act is 5 U.S.C. 552a(d)(5) which states “nothing in this [Act] shall allow an individual access to any information compiled in reasonable anticipation of a civil action or proceeding.” 5 U.S.C. 552a(d)(5).

In addition, section (k)(2) of the Privacy Act provides that the head of an agency may promulgate regulations to exempt the system from certain provisions of the Act if the system “is investigatory material compiled for law enforcement purposes, other than material within the scope of subsection (j)(2)” of 5 U.S.C. 552a. Accordingly, EPA proposes to exempt all such records in the PSS 2.0 system (including certain background investigation records and records maintained in the Insider Threat module) from 5 U.S.C. 552a(c)(3); (d); and (e)(1);) for the following reasons:

(1) From subsection 552a(c)(3), because making available to a named individual an accounting of disclosures of records concerning him/her/them would alert the subjects of an investigation or inquiry to the existence of the investigation or inquiry. This could allow record subjects to impede the inquiry, e.g., destroy evidence, intimidate potential witnesses, or flee the area to avoid inquiries or apprehension by law enforcement personnel. Further, such a disclosure could reveal the identity of a confidential source and hamper the Agency's inquiry.

(2) From subsection 552(d), which requires an agency to permit an individual to gain access to records pertaining to him/her/them, to request amendment to such records, to request a review of an agency decision not to amend such records, and to contest the information contained in such records. Granting requesters access to information compiled for insider threat inquiries, PSS 2.0 background investigation information compiled to investigate personnel/an applicant that is/would be responsible for law enforcement and/or national security matters, or other PSS 2.0 information related to such insider threat inquiries or background investigations could inform the subject of an investigation/inquiry of an actual or potential criminal violation, of the existence of that investigation/inquiry, of the nature and scope of the information or evidence obtained as to their activities, and of the identity of confidential sources, witnesses, and law enforcement personnel. Such a disclosure could enable the subject to avoid detection or apprehension. Specifically, granting access to such information could seriously impede or compromise an investigation or inquiry; endanger the physical safety of confidential sources, witnesses, law enforcement personnel and their families; lead to the improper influencing of witnesses, the destruction of evidence, or the fabrication of testimony; and could disclose sensitive or confidential investigative techniques and procedures.

(3) From subsections 552a(e)(1), which requires an agency to collect/maintain only information about an individual that is relevant and necessary to accomplish a purpose of the Agency, because the relevance of information obtained in the course of a background investigation or insider threat inquiry is not always known when collected. Material that may seem unrelated, or irrelevant when collected may take on added meaning or significance as the inquiry progresses. Also, it is appropriate to retain all information that may aid in establishing patterns of illegal or insider threat activity. Therefore, it would impede the inquiry process if it were necessary to assure the relevance of all information obtained at the time of collection.

Additionally, pursuant to 5 U.S.C. 552a(k)(5), an individual's request for access to his or her or their record(s) may be exempt from specific access provisions of the Privacy Act where the information is investigatory material compiled solely for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, military service, Federal contracts, or access to classified information if disclosure of such material would reveal the identity of a confidential source who furnished information to the Government under an express promise that the source's identity would be kept confidential. Under 5 U.S.C. 552a(k)(5), EPA is proposing to exempt such materials stored in PSS 2.0 from 5 U.S.C. 552(a)(c)(3) and (d) for the following reason(s):

(1) From subsection 552a(c)(3), because an accounting of disclosures of records concerning the record subject may contain information about the identity of a confidential source, and if the Agency was required to disclose this information to the record subject, such a disclosure would reveal the identity of the confidential source, endangering the physical safety of the confidential source. Further, such a disclosure could allow record subjects to impede a background investigation or insider threat inquiry by contacting and intimidating confidential sources and those that are potential witnesses.

(2) From subsection 552a(d), which requires an agency to permit an individual to gain access to records pertaining to him/her/them, to request amendment to such records, to request a review of an agency decision not to amend such records, and to contest the information contained in such records. Granting such access could cause the identity of a confidential source to be revealed, endangering the physical safety of the confidential source, and could impair the ability of the EPA to compile, in the future, investigatory material for the purpose of determining suitability, eligibility, or qualifications for Federal civilian employment, Federal contracts, or access to classified information.

III. Statutory and Executive Order Reviews

Additional information about these statutes and Executive orders can be found at https://www.epa.gov/laws-regulations/laws-and-executive-orders.

A. Executive Order 12866: Regulatory Planning and Review, and Executive Order 13563: Improving Regulation and Regulatory Review

This action is being submitted to the Office of Management and Budget (OMB) for review.

B. Paperwork Reduction Act (PRA)

This action does not impose an information collection burden under the PRA. This action contains no provisions constituting a collection of information under the PRA.

C. Regulatory Flexibility Act (RFA)

I certify that this action will not have a significant economic impact on a substantial number of small entities under the RFA. This action will not impose any requirements on small entities.

D. Unfunded Mandates Reform Act (UMRA)

This action does not contain any unfunded mandate as described in UMRA, 2 U.S.C. 1531–1538, and does not significantly or uniquely affect small governments.

E. Executive Order 13132 (Federalism)

This action does not have federalism implications. It will not have substantial direct effects on the states, on the relationship between the National Government and the states, or on the distribution of power and responsibilities among the various levels of government.

F. Executive Order 13175: Consultation and Coordination With Indian Tribal Governments

This action does not have tribal implications as specified in Executive Order 13175. Thus, Executive Order 13175 does not apply to this action.

G. Executive Order 13045: Protection of Children From Environmental Health Risks and Safety Risks

The EPA interprets Executive Order 13045 as applying only to those regulatory actions that concern environmental health or safety risks that the EPA has reason to believe may disproportionately affect children, per the definition of “covered regulatory action” in section 2–202 of the Executive order. This action is not subject to Executive Order 13045 because it does not concern an environmental health risk or safety risk.

H. Executive Order 13211: Actions Concerning Regulations That Significantly Affect Energy Supply, Distribution, or Use

This action is not subject to Executive Order 13211, because it is not a significant regulatory action under Executive Order 12866.

I. National Technology Transfer and Advancement Act

This rulemaking does not involve technical standards.

J. Executive Order 12898: Federal Actions To Address Environmental Justice in Minority Populations and Low-Income Populations

The EPA believes that this action does not have disproportionately high and adverse human health or environmental effects on minority populations, low-income populations and/or indigenous peoples, as specified in Executive Order 12898 (59 FR 7629, February 16, 1994).

List of Subjects in 40 CFR Part 16

• Environmental protection
• Administrative practice and procedure
• Confidential business information
• Government employees
• Privacy

For the reasons stated in the preamble, title 40, chapter I, part 16 of the Code of Federal Regulations is proposed to be amended as follows:

PART 16—IMPLEMENTATION OF PRIVACY ACT OF 1974

1. The authority citation for part 16 continues to read as follows:

Authority: 5 U.S.C. 301, 552a (as revised).

2. Amend § 16.12 by:

a. Revising paragraphs (a)(1), (a)(4)(i), (a)(5) introductory text, and (b)(1);

b. Adding paragraph (b)(4)(iii); and

c. Revising paragraph (b)(5) introductory text.

The revisions and addition read as follows: