Text

Enclosure 1 NARRATIVE STATEMENT Pursuant to the Privacy Act of 1974 and Office of Management and Budget (OMB) Circular No. A-108, Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act, dated December 23, 2016, the U.S. Nuclear Regulatory Commission (NRC) conducted a comprehensive review of 16 of its Privacy Act systems of records. As a result of this review, the NRC is republishing 16 of its system of records notices. In 12 of the system of records notices, the revisions include minor and administrative changes that do not meet the criteria for either a new or altered system of records, and one system of records notice is being republished with no changes. However, the changes in the following three Privacy Act system of records notices do meet the criteria for either a new or altered system of records.

NRC - 37, Information Security Files and Associated Records NRC - 44, Employee Fitness Center Records NRC - 46, Health Emergency Records

1. Purpose NRC-37 is being revised to clarify the purpose of the system, the categories of records in the system, the record source categories, and the practices for storage or records.

NRC-44 is being updated to remove duplicate system locations from regional offices.

NRC-46 is being revised to clarify the purpose of the system, and update the authority for maintenance of the system, categories of individuals covered, categories of records, the record source categories and the routine uses and storage of records.

2. Authority NRC-37 42 U.S.C. 2161-2169 and 2201(i); Executive Order 13526; 10 CFR part 95.

NRC-44 5 U.S.C. 7901; Executive Order (E.O.) 9397, as amended by E.O. 13478.

NRC-46 Workforce safety Federal requirements, which include: the Occupational Safety and Health Act of 1970; Executive Order 12196, and 5 U.S.C. 7902, Safety programs. Federal laws that authorize the NRC to create and maintain Federal records of agency activities, which include: 44 U.S.C. 3101; the Religious Freedom Restoration Act of 1933, 42 U.S.C. Chapter 21B; Title VII of the Civil Rights Act of 1964, as amended, 42 U.S.C. 2000e; and the Rehabilitation Act of 1973, as amended, 29U.S.C. 701 et seq. Authorities addressing the federal governments preparation for, and response to, public health threats, including the PREVENT Pandemics Act, 42 U.S.C. § 300hh-3; and Executive Order 13987, Organizing and Mobilizing the United States Government to Provide a Unified and Effective Response to Combat COVID-19 and to Provide United States Leadership on Global Health and Security.

2

3. Potential Effects on the Privacy of Individuals The NRC will use and disclose the information in the revised systems of records as discussed in Section 1, per the system of records notices. Given the steps taken to protect the records in the systems and the limitations on the disclosure of the records, the NRC does not anticipate any unwarranted adverse effects on the privacy of individuals as a result of the maintenance of these revised systems of records.

4. Protection of the Information The NRC will protect the information about individuals contained in a system of records as stated in each system of records notice.

NRC-37 Information maintained in locked buildings, containers, or security areas under guard and/or alarm protection, as appropriate. Records are processed only on systems approved for processing classified information or accessible through password protected systems for unclassified information. The classified systems are standalone systems located within secure facilities or with removable hard drives that are either stored in locked security containers or in alarmed vaults cleared for open storage of TOP SECRET information.

NRC-44 Records are maintained in a building where access is controlled by a security guard force. Access to the Fitness Center is controlled by keycard and bar code verification. Records in paper form are stored alphabetically by individuals names in lockable file cabinets maintained in the NRC where access to the records is limited to agency and Fitness Center personnel whose duties require access. The records are under visual control during duty hours. Automated records are protected by screen saver. Access to automated data requires use of proper password and user identification codes. Only authorized personnel have access to areas in which information is stored.

NRC-46 The NRC safeguards records in this system according to applicable rules and polices, including all applicable NRC automated systems security and access policies. The NRC has imposed controls to minimize the risk of compromising the information that is being stored. Users of individual computers can only gain access to the data by valid user identification and password. Paper records are maintained in a secure, access-controlled room, with access limited to authorized personnel.

5. Compatibility with Section (a)(7) of the Privacy Act The NRC adheres to the Privacy Act and permits the disclosure of information about individuals contained in a system of records without their consent for a routine use when the disclosure is compatible with the purpose for which the information was collected. OMB has indicated that a compatible use is a use that is necessary and proper (OMB Circular No. A-108 at 11-12).

3 NRC-37 There are no changes in the routine uses.

NRC-44 There are no changes in the routine uses.

NRC-46 The NRC considers the disclosure of information to other Federal organizations, including but not limited to, the Federal, State, local, territorial, Tribal, or foreign agency requesting a record that is relevant and necessary to its decision on a matter of hiring or retaining an employee, issuing a security clearance, reporting an investigation of that individual, letting a contract, or issuing a license, grant, or other benefit to be a disclosure for a compatible use, because those specifically listed can become officially involved in the personnel-related matters for which records are maintained in this system. The NRC also considers the disclosure of information to Congressional offices from the record of an individual in response to an inquiry made by that individual through their Congressional offices to be a disclosure for a compatible use, because such disclosure directly supports the individual for which the records in this system are about. The NRC modified these routine uses by removing the references to contractor records, consistent with the categories of records in the system being modified to reflect that the system no longer contains records on NRC contractors. In addition, the NRC removed the specific references to diseases and illness relating to a public health emergency in routine use A references that had been tailored to the circumstances of the COVID-19 public health emergency that has now endedbut left in place the more general language about disclosing records to assist the United States Government in responding to or mitigating high-consequence public health threats. These revisions ensure compatibility with the purpose of collecting records in this system, which is to support the NRCs response and mitigation activities related to any high-consequence public health threats that may require collection and maintenance of Privacy Act records.

Specifically, the revisions to routine use A maintain alignment with language in the Purpose(s) of the System section of the NRC-46 notice, as now modified, while continuing to ensure that, in the event of a high-consequence public health threat, the NRC will be able to disclose records as needed (for example, in response to any government-wide direction or guidance) to support broader U.S. Government efforts to respond to and mitigate the threat.

6. Office of Management and Budget Control Numbers None.