Skip to Content

Proposed Rule

Privacy Act Procedures

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

National Indian Gaming Commission, Department of the Interior.

ACTION:

Notice of proposed rulemaking.

SUMMARY:

The purpose of this document is to propose amendments to the procedures followed by the National Indian Gaming Commission (Commission) when processing a request under the Privacy Act of 1974. The proposed amendments make the following changes to the current regulations. These changes will serve to update certain Commission information, streamline how the Commission processes its Privacy Act requests, and aligns those processes with its procedures for processing Freedom of Information Act requests.

DATES:

Written comments on this proposed rule must be received on or before October 11, 2016.

ADDRESSES:

Comments may be mailed to Attn: National Indian Gaming Commission, FOIA/PA Officer, C/O Department of the Interior, 1849 C Street NW., Mail Stop #1621, Washington, DC 20240 or faxed to (202) 632-7066 (this is not a toll free number). Comments may be inspected between 9:00 a.m. and noon and between 2:00 p.m. and 5:00 p.m., Monday through Friday, at 90 K Street NE., Washington, DC 20002. Comments may also be submitted electronically at www.regulations.gov or emailed to pacomments@nigc.gov.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Andrew Mendoza at (202) 632-7003 or by fax (202) 632-7066 (these numbers are not toll free).

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

I. Comments Invited

Interested parties are invited to participate in this proposed rulemaking by submitting such written data, views, or arguments as they may desire. Comments that provide the factual basis supporting the views and suggestions presented are particularly helpful in developing reasoned regulatory decisions on the proposal.

II. Background

The Indian Gaming Regulatory Act (IGRA), enacted on October 17, 1988, established the National Indian Gaming Commission. Congress enacted the Privacy Act in 1974 (Pub. L. 93-579, 5 Start Printed Page 58891U.S.C. 552a). The Commission originally adopted Privacy Act procedures on January 22, 1993. Since that time, the Commission has changed the location of its headquarters office, established a new system of records, and streamlined the way it processes Privacy Act requests. These proposed amendments serve to incorporate those changes into the Commission's regulations and to better align the Commission's processing of its Privacy Act with its Freedom of Information Act requests.

Regulatory Flexibility Act: The Commission certifies that the proposed rule will not have a significant economic impact on a substantial number of small entities under the Regulatory Flexibility Act (5 U.S.C. 601 et seq.). The factual basis for this certification is as follows: This rule is procedural in nature and will not impose substantive requirements that would be considered impacts within the scope of the Act.

Unfunded Mandates Reform Act

The Commission is an independent regulatory agency, and, as such, is exempt from the Unfunded Mandates Reform Act, 2 U.S.C. 1501 et seq.

Takings

In accordance with Executive Order 12630, the Commission has determined that this proposed rule does not have significant takings implications. A takings implication assessment is not required.

Civil Justice Reform

In accordance with Executive Order 12988, the Commission has determined that the rule does not unduly burden the judicial system and meets the requirements of sections 3(a) and 3(b)(2) of the Executive Order.

Small Business Regulatory Enforcement Fairness Act

The proposed rule is not a major rule under 5 U.S.C. 804(2), the Small Business Regulatory Enforcement Fairness Act. The proposed rule will not result in an annual effect on the economy of more than $100 million per year; a major increase in costs or prices for consumers, individual industries, Federal, State, or local government agencies, or geographic regions; or significant adverse effects on competition, employment, investment, productivity, innovation, or on the ability of U.S. based enterprises.

Paperwork Reduction Act

The proposed rule does not contain any information collection requirements for which the Office of Management and Budget approval under the Paperwork Reduction Act (44 U.S.C. 3501-3520) would be required.

National Environmental Policy Act

The Commission has determined that the proposed rule does not constitute a major Federal Action significantly affecting the quality of the human environment and that no detailed statement is required pursuant to the National Environmental Policy Act of 1969.

Start List of Subjects

List of Subjects in 25 CFR Part 515

  • Administrative practice and procedure
  • Privacy
  • Reporting and recordkeeping
End List of Subjects

For the reasons set forth in the preamble, the Commission proposes to revise part 25 CFR part 515 to read as follows:

Start Part

PART 515—PRIVACY ACT PROCEDURES

515.1
Purpose and scope.
515.2
Definitions.
515.3
Request for access to records.
515.4
Responsibility for responding to requests.
515.5
Responses to requests for access to records.
515.6
Request for amendment or correction of records.
515.7
Appeals of initial agency adverse determination.
515.8
Requests for an accounting of record disclosure.
515.9
Notice of court-ordered and emergency disclosures.
515.10
Fees.
515.11
Penalties.
515.12
[Reserved]
515.13
Specific exemptions.
Start Authority

Authority: 5 U.S.C. 552a

End Authority
Purpose and scope.

This part contains the regulations the National Indian Gaming Commission (Commission) follows in implementing the Privacy Act of 1974. These regulations should be read together with the Privacy Act, which provides additional information about records maintained on individuals. The regulations in this part apply to all records contained within systems of records maintained by the Commission that are retrieved by an individual's name or personal identifier. They describe the procedures by which individuals may request access to records about themselves, request amendment or correction of those records, and request an accounting of disclosures of those records by the Commission. The Commission shall also process all Privacy Act requests for access to records under the Freedom of Information Act (FOIA), 5 U.S.C. 552, and the Commission's FOIA regulations contained in 25 CFR part 517, which gives requesters maximum disclosure.

Definitions.

For the purposes of this subpart:

(a) Individual means a citizen of the United States or an alien lawfully admitted for permanent residence.

(b) Maintain means store, collect, use, or disseminate.

(c) Record means any item, collection, or grouping of information about an individual that is maintained by the Commission, including education, financial transactions, medical history, and criminal or employment history, and that contains the individual's name, or identifying number, symbol, or other identifier assigned to the individual, such as social security number, finger or voice print, or photograph.

(d) System of records means a group of any records under the control of the Commission from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifier assigned to the individual.

(e) Routine use means use of a record for a purpose that is compatible with the purpose for which it was collected.

(f) Working day means a Federal workday that does not include Saturdays, Sundays, or Federal holidays.

Request for access to records.

(a) How made and addressed. Any individual may make a request to the Commission for access to records about him or herself. Such requests shall conform to the requirements of this section. The request may be made in person at 90 K Street NE., Suite 200, Washington, DC 20002 during the hours of 9 a.m. to 12 noon and 2 p.m. to 5 p.m. Monday through Friday, in writing at NIGC Attn: Privacy Act Office, C/O Department of the Interior, 1849 C Street NW., Mail Stop #1621, Washington, DC 20240, or via electronic mail addressed to PARequests@nigc.gov.

(b) Description of records sought. Each request for access to records must describe the records sought in enough detail to enable Commission personnel to locate the system of records containing them with a reasonable amount of effort. Whenever possible, the request should describe the records sought, the time periods in which the records were compiled, any tribal gaming facility with which they were associated, and the name or identifying number of each system of records in which the records are kept.Start Printed Page 58892

(c) Agreement to pay fees. Requests shall also include a statement indicating the maximum amount of fees the requester is willing to pay to obtain the requested information. The requester must send acknowledgment to the Privacy Act Officer indicating his/her willingness to pay the fees. Absent such an acknowledgment within the specified time frame, the request will be considered incomplete, no further work shall be done, and the request will be administratively closed.

(d) Verification of identity. When making a request for access to records the individual seeking access must provide verification of identity. The requester must provide a full name, current address, and date and place of birth. The request must be signed and must either be notarized or submitted under 28 U.S.C. 1746, which is a law that permits statements to be made under penalty of perjury as a substitute for notarization. In order to assist in the identification and location of requested records, a request may also, at the requester's option, include a social security number.

(e) Verification of guardianship. When making a request as a parent or guardian of a minor or as the guardian of someone determined by a court to be incompetent, for access to records about that individual, the request must establish:

(1) The identity of the individual who is the subject of the record by stating the name, current address, date and place of birth, and, at the requester's option, the social security number of the individual;

(2) The requester's own identity, as required in paragraph (d) of this section;

(3) That the requester is the parent or guardian of the individual and proof of such relationship by providing a birth certificate showing parentage or a court order establishing guardianship; and

(4) That the requester is acting on behalf of that individual in making the request.

(f) Verification in the case of third party information requests. Any individual who desires to have a record covered by this part disclosed to or mailed to another person may designate such person and authorize such person to act as his or her agent for that specific purpose. The authorization shall be in writing, signed by the individual whose record is requested, and notarized or witnessed as provided in paragraph (d) of this section.

(g) In-person disclosures. An individual to whom a record is to be disclosed in person, pursuant to this section, may have a person of his or her own choosing accompany him or her when the record is disclosed. If a requester is accompanied by another individual, the requester shall be required to authorize in writing any discussion of the records in the presence of the other person.

Responsibility for responding to requests.

(a) In general. In determining which records are responsive to a request, the Commission ordinarily will include only records in its possession as of the date it begins its search for records. If any other date is used, the Privacy Act Office shall inform the requester of that date.

(b) Authority to grant or deny requests. The Privacy Act Office shall make initial determinations either to grant or deny in whole or in part access to records.

(c) Consultations and referrals. When the Commission receives a request for a record in its possession, the Privacy Act Office shall determine whether another agency of the Federal Government is better able to determine whether the record is exempt from disclosure under the Privacy Act. If the Privacy Act Office determines that it is best able to process the record in response to the request, then it shall do so. If the Privacy Act Office determines that it is not best able to process the record, then it shall either:

(1) Respond to the request regarding that record, after consulting with the agency best able to determine whether to disclose it and with any other agency that has a substantial interest in it; or

(2) Refer the responsibility for responding to the request regarding that record to the agency best able to determine whether to disclose it, or to another agency that originated the record. Ordinarily, the agency that originated a record will be presumed to be best able to determine whether to disclose it.

(d) Notice of referral. Whenever the Privacy Act Office refers all or any part of the responsibility for responding to a request to another agency, it ordinarily shall notify the requester of the referral and inform the requester of the name of each agency to which the request has been referred and of the part of the request that has been referred.

Responses to requests for access to records.

(a) Acknowledgement of requests. Upon receipt of a request, the Privacy Act Office ordinarily shall, within 20 working days, send an acknowledgement letter which shall confirm the requester's agreement to pay fees under § 515.9 and provide an assigned request number.

(b) Grants of requests for access. Once the Privacy Act Office makes a determination to grant a request for access in whole or in part, it shall notify the requester in writing. The notice shall inform the requester of any fee charged under § 515.9 and the Privacy Act Office shall disclose records to the requester promptly on payment of any applicable fee. If a request is made in person, the Privacy Act Office will disclose the records to the requester directly, in a manner not unreasonably disruptive of its operations, on payment of any applicable fee and with a written record made of the grant of the request. If a requester is accompanied by another individual, the requester shall be required to authorize in writing any discussion of the records in the presence of the other person.

(c) Adverse determinations of requests for access. If the Privacy Act Office makes any adverse determination denying a request for access in any respect, it shall notify the requester of that determination in writing. The notification letter shall be signed by the official making the determination and include:

(1) The name and title of the person responsible for the denial;

(2) A brief statement of the reason(s) for the denial, including any Privacy Act exemption(s) applied to the denial;

(3) A statement that the denial may be appealed under § 515.7 and a description of the requirements of § 515.7.

Request for amendment or correction of records.

(a) How made and addressed. An individual may make a request for an amendment or correction to a Commission record about that individual by writing directly to the Privacy Act Office, following the procedures in § 515.3. The request should identify each particular record in question, state the amendment or correction that is sought, and state why the record is not accurate, relevant, timely, or complete. The request may include any documentation that would be helpful to substantiate the reasons for the amendment sought.

(b) Privacy Act Office response. The Privacy Act Office shall, not later than 10 working days after receipt of a request for an amendment or correction of a record, acknowledge receipt of the request and provide notification of whether the request is granted or denied. If the request is granted in whole or in part, the Privacy Act Office shall describe the amendment or Start Printed Page 58893correction made and shall advise the requester of the right to obtain a copy of the amended or corrected record. If the request is denied in whole or in part, the Privacy Act Office shall send a letter signed by the denying official stating:

(1) The reason(s) for the denial; and

(2) The procedure for appeal of the denial under paragraph (c) of this section.

(c) Appeals. A requester may appeal a denial of a request for amendment or correction in the same manner as a denial of a request for access as described in § 515.7. If the appeal is denied, the requester shall be advised of the right to file a Statement of Disagreement as described in paragraph (d) of this section and of the right under the Privacy Act for judicial review of the decision.

(d) Statements of Disagreement. If the appeal under this section is denied in whole or in part, the requester has the right to file a Statement of Disagreement that states the reason(s) for disagreeing with the Privacy Act Office's denial of the request for amendment or correction. Statements of Disagreement must be concise, must clearly identify each part of any record that is disputed, and should be no longer than one typed page for each fact disputed. The Statement of Disagreement shall be placed in the system of records in which the disputed record is maintained and the record shall be marked to indicate a Statement of Disagreement has been filed.

(e) Notification of amendment, correction, or disagreement. Within 30 working days of the amendment or correction of the record, the Privacy Act Office shall notify all persons, organizations, or agencies to which it previously disclosed the record, if an accounting of that disclosure was made, that the record has been amended or corrected. If a Statement of Disagreement was filed, the Commission shall append a copy of it to the disputed record whenever the record is disclosed and may also append a concise statement of its reason(s) for denying the request to amend the record.

(f) Records not subject to amendment. Section 515.13 lists the records that are exempt from amendment or correction.

Appeals of initial adverse agency determination.

(a) Adverse determination. An initial adverse agency determination of a request may consist of: A determination to withhold any requested record in whole or in part; a determination that a requested record does not exist or cannot be located; a determination that the requested record is not a record subject to the Privacy Act; a determination that a record will not be amended; a determination to deny a request for an accounting; a determination on any disputed fee matter; and any associated denial of a request for expedited treatment under the Commission's FOIA regulations.

(b) Appeals. If the Privacy Act Office issues an adverse determination in response to a request, the requester may file a written notice of appeal. The notice shall be accompanied by the original request, the initial adverse determination that is being appealed, and a statement describing why the adverse determination was in error. The appeal shall be addressed to the Privacy Act Appeals Officer at the locations listed in § 515.3 no later than 30 working days after the date of the letter denying the request. Both the appeal letter and envelope should be marked “Privacy Act Appeal.” Any Privacy Act appeals submitted via electronic mail should state “Privacy Act Appeal” in the subject line.

(c) Responses to appeals. The decision on appeal will be made in writing within 30 working days of receipt of the notice of appeal by the Privacy Act Appeals Officer. For good cause shown, however, the Privacy Act Appeals Officer may extend the 30 working day period. If such an extension is taken, the requester shall be promptly notified of such extension and the anticipated date of decision. A decision affirming an adverse determination in whole or in part will include a brief statement of the reason(s) for the determination, including any Privacy Act exemption(s) applied. If the adverse determination is reversed or modified in whole or in part, the requester will be notified in a written decision and the request will be reprocessed in accordance with that appeal decision. The response to the appeal shall also advise of the right to institute a civil action in a Federal district court for judicial review of the decision.

(d) When appeal is required. In order to institute a civil action in a Federal district court for judicial review of an adverse determination, a requester must first appeal it under this section.

Requests for an accounting of record disclosure.

(a) How made and addressed. Subject to the exceptions listed in paragraph (b) of this section, an individual may make a request for an accounting of the disclosures of any record about that individual that the Commission has made to another person, organization, or agency. The accounting contains the date, nature and purpose of each disclosure, as well as the name and address of the person, organization, or agency to which the disclosure was made. The request for an accounting should identify each particular record in question and should be made in writing to the Commission's Privacy Act Office, following the procedures in § 515.3.

(b) Where accountings are not required. The Commission is not required to provide an accounting where they relate to:

(1) Disclosures for which accountings are not required to be kept, such as those that are made to employees of the Commission who have a need for the record in the performance of their duties and disclosures that are made under section 552 of title 5;

(2) Disclosures made to law enforcement agencies for authorized law enforcement activities in response to written requests from those law enforcement agencies specifying the law enforcement activities for which the disclosures are sought; or

(3) Disclosures made from law enforcement systems of records that have been exempted from accounting requirements.

(c) Appeals. A requester may appeal a denial of a request for an accounting in the same manner as a denial of a request for access as described in § 515.7 and the same procedures will be followed.

(d) Preservation of accountings. All accountings made under this section will be retained for at least five years or the life of the record, whichever is longer, after the disclosure for which the accounting is made.

Notice of court-ordered and emergency disclosures.

(a) Court-ordered disclosures. When a record pertaining to an individual is required to be disclosed by a court order, the Privacy Act Office shall make reasonable efforts to provide notice of this to the individual. Notice shall be given within a reasonable time after the Privacy Act Office's receipt of the order—except that in a case in which the order is not a matter of public record, the notice shall be given only after the order becomes public. This notice shall be mailed to the individual's last known address and shall contain a copy of the order and a description of the information disclosed. Notice shall not be given if disclosure is made from a criminal law enforcement system of records that has been exempted from the notice requirement.Start Printed Page 58894

(b) Emergency disclosures. Upon disclosing a record pertaining to an individual made under compelling circumstances affecting health or safety, the Privacy Act Office shall, within a reasonable time, notify that individual of the disclosure. This notice shall be mailed to the individual's last known address and shall state the nature of the information disclosed; the person, organization, or agency to which it was disclosed; the date of disclosure; and the compelling circumstances justifying disclosure.

Fees.

The Commission shall charge fees for duplication of records under the Privacy Act in the same way in which it charges duplication fees under § 517.9. No search or review fee may be charged for any record. Additionally, when the Privacy Act Office makes a copy of a record as a necessary part of reviewing the record or granting access to the record, the Commission shall not charge for the cost of making that copy. Otherwise, the Commission may charge a fee sufficient to cover the cost of duplicating a copy.

Penalties.

Any person who makes a false statement in connection with any request for access to a record, or an amendment thereto, under this part, is subject to the penalties prescribed in 18 U.S.C. 494 and 495.

[Reserved]
Specific exemptions.

(a) The following systems of records are exempt from 5 U.S.C. 552a(c)(3), (d), (e)(1) and (f):

(1) Indian Gaming Individuals Records System.

(2) Management Contract Individuals Record System.

(b) The exemptions under paragraph (a) of this section apply only to the extent that information in these systems is subject to exemption under 5 U.S.C. 552a(k)(2). When compliance would not appear to interfere with or adversely affect the overall responsibilities of the Commission, with respect to licensing of key employees and primary management officials for employment in an Indian gaming operation, the applicable exemption may be waived by the Commission.

(c) Exemptions from the particular sections are justified for the following reasons:

(1) From 5 U.S.C. 552a(c)(3), because making available the accounting of disclosures to an individual who is the subject of a record could reveal investigative interest. This would permit the individual to take measures to destroy evidence, intimidate potential witnesses, or flee the area to avoid the investigation.

(2) From 5 U.S.C. 552a(d), (e)(1), and (f) concerning individual access to records, when such access could compromise classified information related to national security, interfere with a pending investigation or internal inquiry, constitute an unwarranted invasion of privacy, reveal a sensitive investigative technique, or pose a potential threat to the Commission or its employees or to law enforcement personnel. Additionally, access could reveal the identity of a source who provided information under an express promise of confidentiality.

(3) From 5 U.S.C. 552a(d)(2), because to require the Commission to amend information thought to be incorrect, irrelevant, or untimely, because of the nature of the information collected and the length of time it is maintained, would create an impossible administrative and investigative burden by continually forcing the Commission to resolve questions of accuracy, relevance, timeliness, and completeness.

(4) From 5 U.S.C. 552a(e)(1) because:

(i) It is not always possible to determine relevance or necessity of specific information in the early stages of an investigation.

(ii) Relevance and necessity are matters of judgment and timing in that what appears relevant and necessary when collected may be deemed unnecessary later. Only after information is assessed can its relevance and necessity be established.

(iii) In any investigation the Commission may receive information concerning violations of law under the jurisdiction of another agency. In the interest of effective law enforcement and under 25 U.S.C. 2716(b), the information could be relevant to an investigation by the Commission.

(iv) In the interviewing of individuals or obtaining evidence in other ways during an investigation, the Commission could obtain information that may or may not appear relevant at any given time; however, the information could be relevant to another investigation by the Commission.

Start Signature

Jonodev O. Chaudhuri,

Chairman.

Kathryn Isom-Clause,

Vice Chair.

E. Sequoyah Simermeyer,

Associate Commissioner.

End Signature End Part End Supplemental Information

[FR Doc. 2016-19749 Filed 8-25-16; 8:45 am]

BILLING CODE 7565-01-P