ML24197A138
ML24197A138 | |
Person / Time | |
---|---|
Issue date: | 07/16/2024 |
From: | Jonathan Feibus NRC/OCIO |
To: | |
References | |
NRC-2023-0168 | |
Download: ML24197A138 (97) | |
Text
[7590-01-P]
NUCLEAR REGULATORY COMMISSION
[NRC-2023-0168]
Privacy Act of 1974;
Systems of Records
AGENCY: Nuclear Regulatory Commission.
ACTION: Notice of modified systems of records; request for comment.
SUMMARY
- Pursuant to the Privacy Act of 1974 and Office of Management and Budget
(OMB) Circular No. A-108, to ensure the system of records notices remain accurate, the
U.S. Nuclear Regulatory Commission (NRC) staff reviews each notice on a periodic
basis. As a result of this review, the NRC is republishing 16 of its system of records
notices and has made various revisions to ensure that the NRCs notices remain clear,
accurate, and up to date. Three of the syst em noticesNRC 37, Information Security
Files and Associated Records, NRC 44, Employee Fitness Center Records, and NRC
46, Health Emergency Recordsare subject to a 30-day comment period based on the
nature of their revisions. The revisions to these systems are in effect upon this
publication with the exception of the NRC 37, NRC 44 and NRC 46 modifications, which
will go into effect 30 days after this publication. The remaining systems revisions are
minor corrective and administrative changes that do not meet the threshold criteria
established by OMB for either a new or altered system of records. The minor
modifications include updating authorities, system managers, retention schedules, and
various other minor updates, in accordance with OMB Circular A-108.
DATES: Submit comments on revisions and changes by August 19, 2024. Comments
received after this date will be considered if it is practical to do so, but the Commission is able to ensure consideration only for comments received before this date.
ADDRESSES: You may submit comments by any of the following methods; however,
the NRC encourages electronic comment submission through the Federal rulemaking
website:
- Federal rulemaking website: Go to https://www.regulations.gov and search
for Docket ID NRC-2023-0168. Address questions about Docket IDs in Regulations.gov
to Stacy Schumann; telephone: 301-415-0624; email: Stacy.Schumann@nrc.gov. For
technical questions, contact the individual listed in the For Further Information Contact
section of this document.
- Mail comments to: Office of Administration, Mail Stop: TWFN-7-A60M, U.S.
Nuclear Regulatory Commission, Washington, DC 20555-0001, ATTN: Program
Management, Announcements and Editing Staff.
For additional direction on obtaining information and submitting comments, see
Obtaining Information and Submitting Comments in the SUPPLEMENTARY
INFORMATION section of this document.
FOR FURTHER INFORMATION CONTACT: Sally Hardy, Office of the Chief Information
Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, telephone:
301-415-5607; email: Sally.Hardy@nrc.gov.
SUPPLEMENTARY INFORMATION
I. Obtaining Information and Submitting Comments
A. Obtaining Information
Please refer to Docket ID NRC-2023-0168 when contacting the NRC about the
availability of information for this action. You may obtain publicly available information
related to this action by any of the following methods:
2
- Federal Rulemaking Website: Go to https://www.regulations.gov and
search for Docket ID NRC-2023-0168.
- NRCs Agencywide Documents Access and Management System
(ADAMS): You may obtain publicly available documents online in the ADAMS Public
Documents collection at https://www.nrc.gov/reading-rm/adams.html. To begin the
search, select Begin Web-based ADAMS Search. For problems with ADAMS, please
contact the NRCs Public Document Room (P DR) reference staff at 1-800-397-4209, at
301-415-4737, or by email to PDR.Resource@nrc.gov.
- NRCs PDR: The PDR, where you may examine and order copies of publicly
available documents, is open by appointment. To make an appointment to visit the PDR,
please send an email to PDR.Resource@nrc.gov or call 1-800-397-4209 or 301-415-
4737, between 8 a.m. and 4 p.m. eastern time (ET), Monday through Friday, except
Federal holidays.
B. Submitting Comments
The NRC encourages electronic comment submission through the Federal
rulemaking website (https://www.regulations.gov). Please include Docket ID NRC-2023-
0168 in your comment submission.
The NRC cautions you not to include ident ifying or contact information that you
do not want to be publicly disclosed in y our comment submission. The NRC will post all
comment submissions at https://www.regulat ions.gov as well as enter the comment
submissions into ADAMS. The NRC does not routinely edit comment submissions to
remove identifying or contact information.
If you are requesting or aggregating comments from other persons for
submission to the NRC, then you should inform those persons not to include identifying
or contact information that they do not w ant to be publicly disclosed in their comment
3 submission. Your request should state that the NRC does not routinely edit comment
submissions to remove such information before making the comment submissions
available to the public or entering the comment into ADAMS.
II. Background
Pursuant to the Privacy Act of 1974 and OMB Circular No. A-108, Federal
Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act,
notice is hereby given that the NRC is republishi ng 16 of its system of records notices. In
12 of those system of records notices, there are revisions that include minor and
administrative changes that do not meet the criter ia for either a new or altered system of
records notice. One system is being republished without any revisions as part of our
review process for ease of use and reference since the last publication in 2019.
The changes in the following three Privacy Act system of records notices do
meet the criteria for an altered system of records:
The NRC is revising NRC 37, Information Security Files and Associated Records.
Modifications include revision of the purpose, categories of records in the system, record
source categories and storage of records.
The NRC is revising NRC 44, Employee Fitness Center Records. Modifications
include removing duplicate system locations.
The NRC is revising NRC 46, Health Emergency Records. Modifications include
revision of the authority for maintenance of the system, categories of individuals
covered, categories of records, record source categories, routine uses and storage of
records.
A report on these revisions has been sent to OMB, the Committee on Homeland
Security and Governmental Affairs of U.S. Senate, and the Committee on Oversight and
Accountability of the U.S. House of Repres entatives, as required by the Privacy Act.
4 If changes are made based on the NRCs review of comments received, the NRC
will publish a subsequent notice.
The text of the report, in its entirety, is attached.
Dated: July 16, 2024.
For the Nuclear Regulatory Commission.
/RA/
Jonathan Feibus, Senior Agency Official for Privacy, Office of the Chief Information Officer.
5 Attachment - Nuclear Regulatory Commission Privacy Act Systems of Records
NRC Systems of Records
- 25. Oral History ProgramNRC.
- 26. Transit Subsidy Benefits Program RecordsNRC.
- 27. Radiation Exposure Information and Reporting System (REIRS) Records
NRC.
- 32. Office of the Chief Financial Officer Financial Transactions and Debt
Collection Management RecordsNRC.
- 33. Special Inquiry RecordsNRC.
- 35. Drug Testing Program RecordsNRC.
- 36. Employee Locator RecordsNRC.
- 37. Information Security Files and Associated RecordsNRC.
- 38. Mailing ListsNRC.
- 39. Personnel Security Files and Associated RecordsNRC.
- 40. Facility Security Access Control RecordsNRC.
- 41. Tort Claims and Personal Property Claims RecordsNRC.
- 43. Employee Health Center Records NRC.
- 44. Employee Fitness Center Records NRC.
- 45. Electronic Credentials for Personal Identity VerificationNRC.
- 46. Health Emergency RecordsNRC.
These systems of records are maintained by the NRC and contain personal
information about individuals that is retrieved by an individuals name or identifier.
The notice for each system of records states the name and location of the record
system, the authority for and manner of its operation, the categories of individuals that it
covers, the types of records that it contains, the sources of information in those records,
6 and the routine uses of each system of records. Each notice also includes the business
address of the NRC official who will inform interested persons of the procedures
whereby they may gain access to and request amendment of records pertaining to them.
The Privacy Act provides certain safeguards for an individual against an invasion
of personal privacy by requiring Federal agencies to protect records contained in an
agency system of records from unauthorized discl osure and to ensure that information is
current and accurate for its intended use and that adequate safeguards are provided to
prevent misuse of such information.
SYSTEM NAME AND NUMBER:
Oral History ProgramNRC 25.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Office of the Secretary, NRC, One White Flint North, 11555 Rockville Pike,
Rockville, Maryland.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 2161(b) and 44 U.S.C. 3301.
PURPOSE(S) OF THE SYSTEM:
Recorded interviews and transcribed scripts of interviews for providing a history
of the nuclear regulatory program.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who volunteer to be interviewed for the purpose of providing
information for a history of the nuclear regulatory program.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records consist of recorded interviews and as needed, transcribed scripts of the
7 interviews.
RECORD SOURCE CATEGORIES:
Information in this system of records is obtained from interviews granted on a
voluntary basis to the Historian.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under subsection (b) of the
Privacy Act, the NRC may disclose information contained in this system of records
without the consent of the subject individual if the disclosure is compatible with the
purpose for which the record was collected under the following routine uses:
- a. For incorporation in publications on the history of the nuclear regulatory
program;
- b. To provide information to historians and other researchers;
- c. A record from this system of records may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed
that there has been a breach of the system of records, (2) NRC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, NRC
(including its information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies, entities, and persons
is reasonably necessary to assist in connection with NRC efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such harm; and
- d. A record from this system of records may be disclosed as a routine use to
another Federal agency or Federal entity, when the NRC determines that information
from this system of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2) preventing,
8 minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
(including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Maintained on electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information is accessed by the name of the interviewee.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Narrative Histories will be retained under NRCs approved schedule found in the
NUREG 0910 version 4 at 2.22.7.a(1): Record copy maintained by the NRC Historian.
Permanent. Transfer to the National Archives when 20 years old. (Paper records created
before 4/1/2000. ADAMS PDF files and TIFF files (2.22.7.a(4) re cutoff at the close of
the fiscal year. Transfer to the National Archives 5 years after cutoff.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Maintained on an access restricted drive. Access to and use of these records is
limited to those authorized by the Historian or a designee.
SYSTEM MANAGER(S):
NRC Historian, Office of the Secretary, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001.
RECORD ACCESS PROCEDURES:
Same as Notification procedures.
CONTESTING RECORD PROCEDURES:
Same as Notification procedures.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records contains
9 information about them should write to the Freedom of Information Act or Privacy Act
Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, and comply with the procedures contained in NRCs
Privacy Act regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
SYSTEM NAME AND NUMBER:
Transit Subsidy Benefits Program RecordsNRC 26.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Facility and Logistics Branch, Office of Administration, NRC, Two White Flint
North, 11545 Rockville Pike, Rockville, Maryland.
SYSTEM MANAGER(S):
Chief, Facility and Logistics Branch, Division of Facilities and Security, Office of
Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 7905; 26 U.S.C. 132; 31 U.S.C. 3511; 41 CFR 102-74.210; 41 CFR
subtitle F; 41 CFR 102-71.20; Executive Order (E.O.) 9397, as amended by E.O. 13478;
E.O. 13150.
PURPOSE(S) OF THE SYSTEM:
The information contained in this system is used to enroll employees in the
Transit Subsidy Program.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
NRC employees who apply for subsidized mass transit costs.
10 CATEGORIES OF RECORDS IN THE SYSTEM:
The records consist of an individuals application to participate in the program
which includes, but is not limited to, the applicant's name, home address, office
telephone number, and information regarding the employee's commuting schedule and
mass transit system(s) used.
RECORD SOURCE CATEGORIES:
NRC employees.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under subsection (b) of the
Privacy Act, the NRC may disclose information contained in this system of records
without the consent of the subject individual if the disclosure is compatible with the
purpose for which the record was collected under the following routine uses:
- a. To provide statistical reports to the city, county, State, and Federal
government agencies;
- b. To provide the basis for program approval and issue monthly subsides;
- c. A record from this system of records which indicates a violation of civil or
criminal law, regulation or order may be referred as a routine use to a Federal, State,
local or foreign agency that has authority to investigate, enforce, implement or prosecute
such laws. Further, a record from this system of records may be disclosed for civil or
criminal law or regulatory enforcement purposes to another agency in response to a
written request from that agencys head or an official who has been delegated such
authority;
- d. A record from this system of records may be disclosed as a routine use in the
course of discovery; in presenting evidenc e to a court, magistrate, administrative
11 tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative
dispute resolution proceedings, such as arbitration or mediation; or in the course of
settlement negotiations;
- e. A record from this system of records may be disclosed as a routine use to a
Congressional office from the record of an individual in response to an inquiry from the
Congressional office made at the request of that individual;
- f. A record from this system of records may be disclosed as a routine use to
NRC-paid experts or consultants, and those under contract with the NRC on a need-to-
know basis for a purpose within the scope of the pertinent NRC task. This access will
be granted to an NRC contractor or employee of such contractor by a system manager
only after satisfactory justification has been provided to the system manager;
- g. A record from this system of records may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed
that there has been a breach of the system of records, (2) NRC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, NRC
(including its information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies, entities, and persons
is reasonably necessary to assist in connection with NRC efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such harm; and
- h. A record from this system of records may be disclosed as a routine use to
another Federal agency or Federal entity, when the NRC determines that information
from this system of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
12 (including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Accessed by name and smart trip card.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained under the National Archives and Records Administrations
General Records Schedule 2.4: Employee Compensation and Benefit Records, Item
130, Transportation subsidy program administrative records. Destroy when 3 years old,
but longer retention is authorized if required for business use. Records are also retained
under General Records Schedule 2.4, item 131, Transportation subsidy program
individual case files. Destroy 2 years after employee participation concludes, but longer
retention is authorized if required for business use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Computer files are maintained on a hard drive, access to which is password
protected. Access to and use of these records is limited to those persons whose official
duties require access.
RECORD ACCESS PROCEDURES:
Same as Notification procedures.
CONTESTING RECORD PROCEDURES:
Same as Notification procedures.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records contains
information about them should write to the Freedom of Information Act or Privacy Act
13 Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, and comply with the procedures contained in NRCs
Privacy Act regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
SYSTEM NAME AND NUMBER:
Radiation Exposure Information and Reporting System (REIRS) Records-NRC
27.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Primary systemOak Ridge Associated Universities (ORAU), Oak Ridge,
Tennessee (or current contractor facility).
Duplicate systemDuplicate systems exist, in part, regarding employee
exposure records, with the NRCs Radiation Safe ty Officers at Regional office locations
listed in Addendum 1, Part 2, in the Office of Nuclear Reactor Regulations (NRR), the
Office of Nuclear Material Safety and Safeguards (NMSS). The Office of Administration
(ADM), NRC, One White Flint North, 11555 Rockville Pike, Rockville, Maryland,
maintains the employee dosimeter tracking system.
SYSTEM MANAGER(S):
REIRS Project Manager, Radiation Prot ection Branch, Division of Systems
Analysis, Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 7902; 29 U.S.C. 668; 42 U.S.C. 2051, 2073, 2093, 2095, 2111, 2133,
14 2134, and 2201(o); 10 CFR parts 20 and 34; Executive Order (E.O.) 9397, as amended
by E.O. 13478; E.O. 12196, as amended.
PURPOSE(S) OF THE SYSTEM:
REIRS serves as the central repository for all NRC radiation exposure monitoring
records that are recorded and reported pursuant to part 20 of title 10 of the Code of
Federal Regulations (10 CFR) and Regulatory Guide 8.7. This central repository is used
for the oversight of radiation protection po licies and practices at NRC-licensed facilities.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals monitored for radiation exposure while employed by or visiting or
temporarily assigned to certain NRC-licensed facilities; individuals who are exposed to
radiation or radioactive materials in incidents required to be reported under
10 CFR 20.2201-20.2204 and 20.2206 by all NRC licensees; individuals who may have
been exposed to radiation or radioactive materials offsite from a facility, plant installation,
or other place of use of licensed materials, or in unrestricted areas, as a result of an
incident involving byproduct, source, or special nuclear material.
CATEGORIES OF RECORDS IN THE SYSTEM:
These records contain information relating to an individuals name, sex, social
security number, birth date, place and period date of exposure; name and license
number of individuals employer; name and number of licensees reporting the
information; radiation doses or estimates of exposure received during this period, type of
radiation, part(s) or organ(s) exposed, and radionuclide(s) involved.
RECORD SOURCE CATEGORIES:
Information in this system of records comes from licensees; the subject
individual; the individuals employer; the person in charge of the facility where the
individual has been assigned; NRC Form 5, Occupational Exposure Record for a
15 Monitoring Period, or equivalent, contractor reports, and Radiation Safety Officers.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under subsection (b) of the
Privacy Act, the NRC may disclose information contained in this system of records
without the consent of the subject individual if the disclosure is compatible with the
purpose for which the record was collected under the following routine uses:
- a. To provide data to other Federal and State agencies involved in monitoring
and/or evaluating radiation exposure rece ived by individuals as enumerated in the
paragraph Categories of individual s covered by the system;
- b. To return data provided by licensee upon request;
- c. A record from this system of records which indicates a violation of civil or
criminal law, regulation or order may be referred as a routine use to a Federal, State,
local or foreign agency that has authority to investigate, enforce, implement or prosecute
such laws. Further, a record from this system of records may be disclosed for civil or
criminal law or regulatory enforcement purposes to another agency in response to a
written request from that agencys head or an official who has been delegated such
authority;
- d. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency to obtain information relevant to an NRC decision
concerning hiring or retaining an employee, letting a contract, or issuing a security
clearance, license, grant or other benefit;
- e. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency requesting a record that is relevant and
necessary to its decision on a matter of hiring or retaining an employee, issuing a
16 security clearance, reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
- f. A record from this system of records may be disclosed as a routine use in the
course of discovery; in presenting evidenc e to a court, magistrate, administrative
tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative
dispute resolution proceedings, such as arbitration or mediation; or in the course of
settlement negotiations;
- g. A record from this system of records may be disclosed as a routine use to a
Congressional office from the record of an individual in response to an inquiry from the
Congressional office made at the request of that individual;
- h. A record from this system of records may be disclosed as a routine use to
NRC-paid experts or consultants, and those under contract with the NRC on a need-to-
know basis for a purpose within the scope of the pertinent NRC task. This access will
be granted to an NRC contractor or employee of such contractor by a system manager
only after satisfactory justification has been provided to the system manager;
- i. A record from this system of records may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed
that there has been a breach of the system of records, (2) NRC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, NRC
(including its information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies, entities, and persons
is reasonably necessary to assist in connection with NRC efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such harm; and
- j. A record from this system of records may be disclosed as a routine use to
another Federal agency or Federal entity, when the NRC determines that information
17 from this system of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
(including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on paper and electronic media. The electronic records
maintained in Oak Ridge, TN, are in a cent ralized database management system that is
password protected. Backup tapes of the database are generated and maintained at a
secure, off-site location for disaster recovery purposes. During the processing and data
entry, paper records are temporarily stored in designated business offices that are
locked when not in use and are accessible only to authorized personnel. Upon
completion of data entry and processing, the paper records are stored in an offsite
security storage facility accessib le only to authorized personnel.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are accessed by individual name, social security number, date of birth,
and/or by licensee name or number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records managed using REIRS are scheduled under NRCs NUREG-0910,
Revision 4. Transfer a copy of REIRS data to the National Archives and Records
Administration every 5 years (2.19.16). Retain Personnel monitoring reports and
personnel overexposure reports entered into REIRS, Paper records, are retained under
2.19.14.a(1). Destroy 2 years after data are input into REIRS. ADAMS PDF files, TIFF
files, ADAMS document profiles, and ADAMS digital signature and concurrence data are
retained under 2.19.14.a(4) and are cut off at the end of the fiscal year and destroyed 2
18 years after cutoff. Personnel monitoring repor ts and personnel overexposure reports of
which only selected data are entered into REIRS, records are retained under
2.19.14.b(1). Cut off at end of fiscal year. Transfer to National Archives and Records
Administration (NARA) when 20 years old.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Information maintained at ORAU is accessible by the Office of Nuclear
Regulatory Research (RES) and individuals that have been authorized access by NRC,
including all NRC Radiation Safety Officers and ORAU employees that are directly
involved in the REIRS project. Reports received and reviewed by the NRCs RES, NRR,
NMSS, and Regional offices are in lockabl e file cabinets and bookcases in secured
buildings. A log is maintained of both telephone and written requests for information.
The data maintained in the REIRS database are protected from unauthorized
access by several means. The database server resides in a protected environment with
physical security barriers under keycard access control. Accounts authorizing access to
the server and databases are maintained by the ORAU REIRS system administrator. In
addition, ORAU maintains a computer security firewall that further restricts access to
the ORAU computer network. Authorization for access must be approved by NRC,
ORAU project management, and ORAU computer security. Transmittal of data via the
Internet is protected by data encryption.
RECORD ACCESS PROCEDURES:
Same as Notification procedures.
CONTESTING RECORD PROCEDURES:
Same as Notification procedures.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records contains
19 information about them should write to the Freedom of Information Act or Privacy Act
Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, and comply with the procedures contained in NRCs
Privacy Act regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
SYSTEM NAME AND NUMBER:
Office of the Chief Financial Officer Financial Transactions and Debt Collection
Management RecordsNRC 32.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Office of the Chief Financial Officer, NRC, Two White Flint North, 11545
Rockville Pike, Rockville, Maryland. NRC has an interagency agreement with the U.S.
Treasury, Administrative Resource Center (ARC), Parkersburg, WV, as a Federal
service provider for transactional services in the NRC core financial system since March
2018.
Other systems of records contain information that may duplicate some of the
records in this system. These other systems include, but are not limited to:
NRC-10, Freedom of Information Act (FOIA) and Privacy Act (PA) Request
RecordsNRC;
NRC-18, Office of the Inspector General (OIG) Investigative RecordsNRC;
NRC-19, Official Personnel Training RecordsNRC;
NRC-21, Payroll Accounting RecordsNRC;
NRC-41, Tort Claims and Personal Property Claims RecordsNRC; and
20 GSA/GOVT-4, Contracted Travel Services Program (E-Travel).
SYSTEM MANAGER:
Comptroller, Division of the Comptroller, Office of the Chief Financial Officer,
U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 552a; 5 U.S.C. 5514; 15 U.S.C. 1681; 26 U.S.C. 6103; 31 U.S.C.
chapter 37; 31 U.S.C. 6501-6508; 42 U.S.C. 2201; 42 U.S.C. 5841; 31 CFR 900-904; 10
CFR parts 15, 16, 170, 171; Executive Order (E.O.) 9397, as amended by E.O. 13478;
and E.O. 12731.
PURPOSE(S) OF THE SYSTEM:
Financial Transactions and Debt Collection
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered are those to who the NRC owes/owed money, those who
receive/received a payment from NRC, and those who owe/owed money to the United
States. Individuals receiving payments include, but are not limited to, current and former
employees, contractors, consultants, vendors, and others who travel or perform certain
services for NRC. Individuals owing money include, but are not limited to, those who
have received goods or services from NRC for which there is a charge or fee (NRC
licensees, applicants for NRC licenses, Freedom of Information Act requesters, etc.) and
those who have been overpaid and owe NRC a re fund (current and former employees,
contractors, consultants, vendors, etc.).
CATEGORIES OF RECORDS IN THE SYSTEM:
Information in the system includes, but is not limited to, names, addresses,
telephone numbers, Social Security Numbers (SSN), employee identification number
(EIN), Taxpayer Identification Numbers (TIN), Individual Taxpayer Identification
21 Numbers (ITIN), Data Universal Numbering System (DUNS) number, fee categories,
application and license numbers, contract numbers, vendor numbers, amounts owed,
background and supporting documentation, correspondence concerning claims and
debts, credit reports, and billing and payment histories. The overall agency accounting
system contains data and information integrating accounting functions such as general
ledger, funds control, travel, accounts receivable, accounts payable, property, and
appropriation of funds. Although this system of records contains information on
corporations and other business entities, only those records that contain information
about individuals that is retrieved by the individuals name or other personal identifier are
subject to the Privacy Act.
RECORD SOURCE CATEGORIES:
Record source categories include, but are not limited to, individuals covered by
the system, their attorneys, or other representatives; NRC; collection agencies or
contractors; employing agencies of debtors; and Federal, State, and local agencies.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In accordance with an interagency agreement, the NRC may disclose records to
Treasury ARC as a Federal service provider fo r transactional services in the NRC core
financial system. In addition to the other types of disclosures permitted under subsection
(b) of the Privacy Act, the NRC may disclose information contained in this system of
records without the consent of the subject individual if the disclosure is compatible with
the purpose for which the record was collected under the following routine uses or,
where determined to be appropriate and necessary, the NRC may authorize Treasury
ARC to make the disclosure:
- a. To debt collection contractors (31 U.S.C. 3718) or to other Federal agencies
22 such as the Department of the Treasury (Treasury) and Department of Interior (DOI) for
the purpose of collecting and reporting on delinquent debts as authorized by the Debt
Collection Act of 1982 or the Debt Collection Improvement Act (DCIA) of 1996 and the
Digital Accountability and Transparency Act (DATA) of 2014;
- b. To Treasury; the Defense Manpower Data Center, Department of Defense; the
United States Postal Service; government corporations; or any other Federal, State, or
local agency to conduct an authorized computer matching program in compliance with
the Privacy Act of 1974, as amended, to identify and locate individuals, including Federal
employees, who are delinquent in their repayment of certain debts owed to the U.S.
Government, including those incurred under certain programs or services administered
by the NRC, in order to collect debts under common law or under the provisions of the
Debt Collection Act of 1982 or the Debt Collection Improvement Act of 1996 and DATA
of 2014 which include by voluntary repayment, administrative or salary offset, and
referral to debt collection contractors;
- c. To the Department of Justice, United States Attorney Treasury ARC, or other
Federal agencies for further collection action on any delinquent account when
circumstances warrant;
- d. To credit reporting agencies/credit bureaus for the purpose of either adding to
a credit history file or obtaining a credit history file or comparable credit information for
use in the administration of debt collecti on. As authorized by the DCIA, NRC may report
current (not delinquent) as well as delinquent consumer and commercial debt to these
entities in order to aid in the collection of debts, typically by providing an incentive to the
person to repay the debt timely;
- e. To any Federal agency where the debtor is employed or receiving some form
of remuneration for the purpose of enabling that agency to collect a debt owed the
23 Federal Government on NRC's behalf by counseling the debtor for voluntary repayment
or by initiating administrative or salary offset procedures, or other authorized debt
collection methods under the provisions of the Debt Collection Act of 1982 or the DCIA
of 1996. Under the DCIA, NRC may garnish non-Federal wages of certain delinquent
debtors so long as required due process proced ures are followed. In these instances,
NRCs notice to the employer will disclose only the information that may be necessary
for the employer to comply with the withholding order;
- f. To the Internal Revenue Service (IRS) by computer matching to obtain the
mailing address of a taxpayer for the purpose of locating such taxpayer to collect or to
compromise a Federal claim by NRC against the taxpayer under 26 U.S.C. 6103(m)(2)
and under 31 U.S.C. 3711, 3717, and 3718 or common law. Re-disclosure of a mailing
address obtained from the IRS may be made only for debt collection purposes, including
to a debt collection agent to facilitate the collection or compromise of a Federal claim
under the Debt Collection Act of 1982 or the DCIA of 1996, except that re-disclosure of a
mailing address to a reporting agency is for the limited purpose of obtaining a credit
report on the particular taxpayer. Any mailing address information obtained from the IRS
will not be used or shared for any other NRC purpose or disclosed by NRC to another
Federal, State, or local agency which seeks to locate the same taxpayer for its own debt
collection purposes;
- g. To refer legally enforceable debts to the IRS or to Treasurys Debt
Management Services to be offset against the debtor's tax refunds under the Federal
Tax Refund Offset Program;
- h. To prepare W-2, 1099, or other forms or electronic submittals, to forward to the
IRS and applicable State and local governments for tax reporting purposes. Under the
provisions of the DCIA, NRC is permitted to provide Treasury with Form 1099-C
24 information on discharged debts so that Treasury may file the form on NRCs behalf with
the IRS. W-2 and 1099 Forms contain information on items to be considered as income
to an individual, including certain travel related payments to employees, payments made
to persons not treated as employees (e.g., fees to consultants and experts), and
amounts written-off as legally or administratively uncollectible, in whole or in part;
- i. To banks enrolled in the Treasury Credit Card Network to collect a payment or
debt when the individual has given his or her credit card number for this purpose;
- j. To another Federal agency that has asked the NRC to effect an administrative
offset under common law or under 31 U.S.C. 3716 to help collect a debt owed the United
States. Disclosure under this routine use is limited to name, address, SSN, EIN, TIN,
ITIN, and other information necessary to identify the individual; information about the
money payable to or held for the individual; and other information concerning the
administrative offset;
- k. To Treasury or other Federal agencies with whom NRC has entered into an
agreement establishing the terms and conditions for debt collection cross servicing
operations on behalf of the NRC to satisfy, in whole or in part, debts owed to the U.S.
Government. Cross servicing includes the possible use of all debt collection tools such
as administrative offset, tax refund offset, referral to debt collection contractors, salary
offset, administrative wage garnishment, and referral to the Department of Justice. The
DCIA of 2014 requires agencies to transfer to Treasury or Treasury-designated Debt
Collection Centers for cross servicing certain nontax debt over 120 days delinquent.
Treasury has the authority to act in the Federal Governments best interest to service,
collect, compromise, suspend, or terminate collection action under existing laws under
which the debts arise;
- l. Information on past due, legally enforceable nontax debts more than 120 days
25 delinquent will be referred to Treasury for the purpose of locating the debtor and/or
effecting administrative offset against monies payable by the Government to the debtor,
or held by the Government for the debtor under the DCIAs mandatory, Government-
wide Treasury Offset Program (TOP). Under TOP, Treasury maintains a database of all
qualified delinquent nontax debts and works with agencies to match by computer their
payments against the delinquent debtor database in order to divert payments to pay the
delinquent debt. Treasury has the authority to waive the computer matching requirement
for NRC and other agencies upon written certification that administrative due process
notice requirements have been complied with;
- m. For debt collection purposes, NRC may publish or otherwise publicly
disseminate information regarding the identity of delinquent nontax debtors and the
existence of the nontax debts under the provisions of the DCIA of 1996;
- n. To the Department of Labor (DOL) and the Department of Health and Human
Services (HHS) to conduct an authorized computer matching program in compliance
with the Privacy Act of 1974, as amended, to match NRCs debtor records with records
of DOL and HHS to obtain names, name cont rols, names of employers, addresses,
dates of birth, and TINs. The DCIA requires all Federal agencies to obtain taxpayer
identification numbers from each individual or entity doing business with the agency,
including applicants and recipients of licenses, grants, or benefit payments; contractors;
and entities and individuals owing fines, fees, or penalties to the agency. NRC will use
TINs in collecting and reporting any delinquent amounts resulting from the activity and in
making payments;
- o. If NRC decides or is required to sell a delinquent nontax debt under 31 U.S.C.
3711(I), information in this system of reco rds may be disclosed to purchasers, potential
purchasers, and contractors engaged to assist in the sale or to obtain information
26 necessary for potential purchasers to formulate bids and information necessary for
purchasers to pursue collection remedies;
- p. If NRC has current and delinquent colla teralized nontax debts under 31 U.S.C.
3711(i)(4)(A), certain information in this system of records on its portfolio of loans, notes
and guarantees, and other collateralized debts will be reported to Congress based on
standards developed by the Office of Management and Budget, in consultation with
Treasury;
- q. To Treasury in order to request a pay ment to individuals owed money by the
NRC;
- r. To the National Archives and Records Administration or to the General
Services Administration for records management inspections conducted under 44 U.S.C.
2904 and 2906;
- s. A record from this system of records which indicates a violation of civil or
criminal law, regulation or order may be referred as a routine use to a Federal, State,
local or foreign agency that has authority to investigate, enforce, implement or prosecute
such laws. Further, a record from this system of records may be disclosed for civil or
criminal law or regulatory enforcement purposes to another agency in response to a
written request from that agencys head or an official who has been delegated such
authority;
- t. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency to obtain information relevant to an NRC decision
concerning hiring or retaining an employee, letting a contract, or issuing a security
clearance, license, grant or other benefit;
- u. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency requesting a record that is relevant and
27 necessary to its decision on a matter of hiring or retaining an employee, issuing a
security clearance, reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
- v. A record from this system of records may be disclosed as a routine use in the
course of discovery; in presenting evidenc e to a court, magistrate, administrative
tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative
dispute resolution proceedings, such as arbitration or mediation; or in the course of
settlement negotiations;
- w. A record from this system of records may be disclosed as a routine use to a
Congressional office from the record of an individual in response to an inquiry from the
Congressional office made at the request of that individual;
- x. A record from this system of records may be disclosed as a routine use to
NRC-paid experts or consultants, and those under contract with the NRC on a need-to-
know basis for a purpose within the scope of the pertinent NRC task. This access will
be granted to an NRC contractor or employee of such contractor by a system manager
only after satisfactory justification has been provided to the system manager;
- y. A record from this system of records may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed
that there has been a breach of the system of records, (2) NRC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, NRC
(including its information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies, entities, and persons
is reasonably necessary to assist in connection with NRC efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such harm; and
28
- z. A record from this system of records may be disclosed as a routine use to
another Federal agency or Federal entity, when the NRC determines that information
from this system of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
(including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Information in this system is stored on paper, microfiche, and electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Automated information can be retrieved by name, SSN, TIN, DUNS number,
license or application number, contract or purchase order number, invoice number,
voucher number, and/or vendor code. Paper re cords are retrieved by invoice number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained under the National Archives and Records Administrations
General Records Schedule 1.1: Financial Management and Reporting Records, Item
010, Financial transaction records related to procuring goods and services, paying bills,
collecting debts, and accounting as the Official record held in the office of record.
Destroy 6 years after final payment or cancellation, but longer retention is authorized if
needed for business use. Records related to Administrative claims by or against the
United States are retained under General Records Schedule 1.1: Financial Management
and Reporting Records, item 080. Destroy 7 years after final action, but longer retention
is authorized if required for business use. Records used to calculate payroll, arrange
paycheck deposit, and change previously issued paychecks are scheduled under
General Records Schedule 2.4: Employee Compensation and Benefits Records, item
29 010. Destroy 3 years after paying agency or payroll processor validates data, but longer
retention is authorized if required for business use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records in the primary system are maintained in a building where access is
controlled by a security guard force. Records are kept in lockable file rooms or at users
workstations in an area where access is c ontrolled by keycard and is limited to NRC and
contractor personnel who need the records to perform their official duties. The records
are under visual control during duty hours. Access to automated data requires use of
proper password and user identification codes by NRC or contractor personnel.
RECORDS ACCESS PROCEDURES:
Same as Notification procedures.
CONTESTING RECORD PROCEDURES:
Same as Notification procedures.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records contains
information about them should write to the Freedom of Information Act or Privacy Act
Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, and comply with the procedures contained in NRCs
Privacy Act regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
DISCLOSURES TO CONSUMER REPORTING AGENCIES:
Disclosures Pursuant to 5 U.S.C. 552a(b)(12): Disclosures of information to a consumer
reporting agency are not considered a routine use of records. Disclosures may be made
from this system to consumer reporting agencies as defined in the Fair Credit
30 Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966, as
amended (31 U.S.C. 3701(a)(3)).
SYSTEM NAME AND NUMBER:
Special Inquiry RecordsNRC 33.
SECURITY CLASSIFICATION:
Classified and Unclassified
SYSTEM LOCATION:
Primary systemSpecial Inquiry Group, NRC, One White Flint North, 11555
Rockville Pike, Rockville, Maryland.
Duplicate systemDuplicate sy stems exist, in whole or in part, at the locations
listed in Addendum I, Parts 1 and 2.
SYSTEM MANAGER(S):
Records Manager-, Special Inquiry Group, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 2051, 2052, 2201(c), (i) and (o).
PURPOSE(S) OF THE SYSTEM:
Investigation material for potential or actual concerns in connection with
investigations of accidents or incidents at nuclear power plants or other nuclear facility,
nuclear materials or an allegation regarding public health and safety.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals possessing information regarding or having knowledge of matters of
potential or actual concern to the Commission in connection with the investigation of an
accident or incident at a nuclear power plant or other nuclear facility, or an incident
involving nuclear materials or an allegation regarding the public health and safety related
31 to the NRCs mission responsibilities.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system consists of an alphabetical index file bearing individual names. The
index provides access to associated records which are arranged by subject matter, title,
or identifying number(s) and/or letter(s). The system incorporates the records of all
Commission correspondence, memoranda, audit reports and data, interviews,
questionnaires, legal papers, exhibits, investigative reports and data, and other material
relating to or developed as a result of the inquiry, study, or investigation of an accident or
incident.
RECORD SOURCE CATEGORIES:
The information in this system of records is obtained from sources including, but
not limited to, NRC officials and employees; Federal, State, local, and foreign agencies;
NRC licensees; nuclear reactor vendors and ar chitectural engineering firms; other
organizations or persons knowledgeable about the incident or activity under
investigation; and relevant NRC records.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under subsection (b) of the
Privacy Act, the NRC may disclose information contained in this system of records
without the consent of the subject individual if the disclosure is compatible with the
purpose for which the record was collected under the following routine uses:
- a. To provide information relating to an item which has been referred to the
Commission or Special Inquiry Group for investigation by an agency, group,
organization, or individual and may be disclosed as a routine use to notify the referring
agency, group, organization, or individual of the status of the matter or of any decision or
32 determination that has been made;
- b. To disclose a record as a routine use to a foreign country under an
international treaty or convention entered into and ratified by the United States;
- c. To provide records relating to the integrity and efficiency of the Commission's
operations and management and may be disseminated outside the Commission as part
of the Commission's responsibility to inform the Congress and the public about
Commission operations;
- d. A record from this system of record s which indicates a violation of civil or
criminal law, regulation or order may be referred as a routine use to a Federal, State,
local or foreign agency that has authority to investigate, enforce, implement or prosecute
such laws. Further, a record from this system of records may be disclosed for civil or
criminal law or regulatory enforcement purposes to another agency in response to a
written request from that agencys head or an official who has been delegated such
authority;
- e. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency to obtain information relevant to an NRC decision
concerning hiring or retaining an employee, letting a contract, or issuing a security
clearance, license, grant or other benefit;
- f. A record from this system of records may be disclosed as a routine use in the
course of discovery; in presenting evidenc e to a court, magistrate, administrative
tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative
dispute resolution proceedings, such as arbitration or mediation; or in the course of
settlement negotiations;
- g. A record from this system of records may be disclosed as a routine use to a
Congressional office from the record of an individual in response to an inquiry from the
33 Congressional office made at the request of that individual;
- h. A record from this system of records may be disclosed as a routine use to
NRC-paid experts or consultants, and those under contract with the NRC on a need-to-
know basis for a purpose within the scope of the pertinent NRC task. This access will
be granted to an NRC contractor or employee of such contractor by a system manager
only after satisfactory justification has been provided to the system manager;
- i. A record from this system of records may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed
that there has been a breach of the system of records, (2) NRC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, NRC
(including its information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies, entities, and persons
is reasonably necessary to assist in connection with NRC efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such harm; and
- j. A record from this system of records may be disclosed as a routine use to
another Federal agency or Federal entity, when the NRC determines that information
from this system of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
(including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on paper in file folders and electronic media. Documents
are maintained in secured vault facilities.
34 POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Accessed by name (author or recipient), corporate source, title of document,
subject matter, or other identifying document or control number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Permanent Records retained as General Program Correspondence Files
(Subject Files) at the Office Director Level are scheduled under NUREG 0910 rev 4 -
2.18.5.a(1). Cut off at close of fiscal year. Transfer to the National Archives and Records
Administration when 20 years old. Permanent Nuclear Power Plant Docket Files are
scheduled under NUREG 0910 Rev 4 - 2.18.11.a(1). Cut off files upon license
termination following completion of decommissioning procedure. Closing date is the
termination date following completion of decommissioning procedure. Transfer to the
National Archives and Records Administration 20 years after termination of license.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
These records are located in locking filing cabinets or safes in a secured facility
and are available only to authorized personnel whose duties require access.
RECORD ACCESS PROCEDURES:
Same as Notification procedures. Information classified under Executive Order
12958 will not be disclosed. Information received in confidence will not be disclosed to
the extent that disclosure would reveal a confidential source.
CONTESTING RECORD PROCEDURES:
Same as Notification procedures.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records contains
information about them should write to the Freedom of Information Act or Privacy Act
Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
35 Washington, DC 20555-0001, and comply with the procedures contained in NRCs
Privacy Act regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(k)(1), (k)(2), and (k)(5), the Commission has
exempted portions of this system of records from 5 U.S.C. 552a(c)(3), (d), (e)(1),
(e)(4)(G), (H), and (I), and (f).
SYSTEM NAME AND NUMBER:
Drug Testing Program RecordsNRC 35.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Primary systemDivision of Facilities and Security, Office of Administration,
NRC, Two White Flint North, 11545 Rockville Pike, Rockville, Maryland.
Duplicate systemDuplicate systems exist in part at the NRC Regional office
locations listed in Addendum I, Part 2 (for a temporary period of time); and at the current
contractor testing laboratories, collection/evaluation facilities.
SYSTEM MANAGER(S):
Director, Division of Facilities and Security, Office of Administration, U.S. Nuclear
Regulatory Commission, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C 7301; 5 U.S.C. 7361-7363; 42 U.S.C. 2165; 42 U.S.C. 290dd; Executive
Order (E.O.) 12564; 9397, as amended by E.O. 13478.
PURPOSE(S) OF THE SYSTEM:
This record system will maintain info rmation gathered by and in the possession
of NRC Drug Testing Program, used in verifying positive test results for illegal use of
36 controlled substance, as well as collecting and maintaining evidence of possession,
distribution, or trafficking of controlled substances.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
NRC employees, applicants, consultants, licensees, and contractors.
CATEGORIES OF RECORDS IN THE SYSTEM:
These records contain information regarding the drug testing program; requests
for and results of initial, confirmatory and follow-up testing, if appropriate; additional
information supplied by NRC employees, employ ment applicants, consultants, licensees,
or contractors in challenge to positive test results; and written statements or medical
evaluations of attending physicians and/or information regarding prescription or
nonprescription drugs.
RECORD SOURCE CATEGORIES:
NRC employees, employment applicants, co nsultants, licensees, and contractors
who have been identified for drug testing who have been tested; physicians making
statements regarding medical evaluations and/or authorized prescriptions for drugs;
NRC contractors for processing including, but not limited to, specimen collection,
laboratories for analysis, and medical evaluations; and NRC staff administering the drug
testing program to ensure the achievement of a drug-free workplace.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under subsection (b) of the
Privacy Act, the NRC may disclose information contained in this system of records
without the consent of the subject individual if the disclosure is compatible with the
purpose for which the record was collected under the following routine uses:
- a. To identify substance abusers within the agency;
37
- b. To initiate counseling and/or rehabilitation programs;
- c. To take personnel actions;
- d. To take personnel security actions;
- e. For statistical reporting purposes. Statistical reporting will not include
personally identifiable information;
- f. A record from this system of records may be disclosed as a routine use to
NRC-paid experts or consultants, and those under contract with the NRC on a need-to-
know basis for a purpose within the scope of the pertinent NRC task. This access will
be granted to an NRC contractor or employee of such contractor by a system manager
only after satisfactory justification has been provided to the system manager;
- g. A record from this system of records may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed
that there has been a breach of the system of records, (2) NRC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, NRC
(including its information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies, entities, and persons
is reasonably necessary to assist in connection with NRC efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such harm; and
- h. A record from this system of records may be disclosed as a routine use to
another Federal agency or Federal entity, when the NRC determines that information
from this system of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
(including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
38 POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on paper and electronic media. Specimens are
maintained in appropriate environments.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are indexed and accessed by name, social security number, testing
position number, specimen number, drug test ing laboratory accession number, or a
combination thereof.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Employee drug test plans, procedures, and scheduling records are retained
under the National Archives and Records Administrations General Records Schedule
2.7: Employee Health and Safety Records, item 100. Destroy when 3 years old or when
superseded or obsolete. Employee drug test acknowledgement of notice forms are
retained under General Records Schedule 2.7, item 110. Destroy when employee
separates from testing-designated position. Employee drug testing specimen records are
retained under General Records Schedule 2.7, item 120. Destroy 3 years after date of
last entry or when 3 years old, whichever is later. Employee drug test results (Positive
Results) are retained under General Records Schedule 2.7, item 130. Destroy when
employee leaves agency or when 3 years old, whichever is later. Employee drug test
results (Negative results) are retained under General Records Schedule 2.7, item 131.
Destroy when 3 years old.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records in use are protected to ensure that access is limited to those persons
whose official duties require such acce ss. Unattended records are maintained in NRC-
controlled space in locked offices, locked desk drawers, or locked file cabinets. Stand-
alone and network processing systems are password protected and removable media is
39 stored in locked offices, locked desk drawers, or locked file cabinets when unattended.
Network processing systems have roles and responsibilities protection and system
security plans. Records at laboratory, collection, and evaluation facilities are stored with
appropriate security measures to control and lim it access to those persons whose official
duties require such access.
RECORD ACCESS PROCEDURES:
Same as Notification procedures.
CONTESTING RECORD PROCEDURES:
Same as Notification procedures.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records contains
information about them should write to the Freedom of Information Act or Privacy Act
Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, and comply with the procedures contained in NRCs
Privacy Act regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(k)(5), the Commission has exempted portions of this
system of records from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4)(G), (H), and (I), and (f).
SYSTEM NAME AND NUMBER:
Employee Locator RecordsNRC 36.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Primary systemPart 1: For Headquarters personnel: Office of Chief Human
Capital Officer, NRC, Two White Flint North, 11545 Rockville Pike, Rockville, Maryland.
40 For Regional personnel: Regional Offices I-IV at the locations listed in Addendum 1, Part
2.
Part 2: Operations Division, Office of the Chief Information Officer, NRC, Two
White Flint North, 11545 Rockville Pike, Rockville, Maryland.
Part 3: Division of Administrative Serv ices, Office of Administration, NRC, One
White Flint North, 11555 Rockville Pike, Rockville, Maryland.
Duplicate systemDuplicate systems ex ist, in part, for Incident Response
Operations within the Office of Nuclear Security and Incident Response, NRC, Two
White Flint North, 11545 Rockville Pike, Rockville, Maryland, and at the NRCs Regional
Offices, at the locations listed in Addendum I, Part 2.
Duplicate systemDuplicate systems may exist, in part, within the organization
where an individual actually works, at the locations listed in Addendum I, Parts 1 and 2.
SYSTEM MANAGER(S):
Part 1: For Headquarters personnel: Associate Director for Human Resources
Operations and Policy, Office of the Chief Human Capital Officer, U.S. Nuclear
Regulatory Commission (NRC), Washington, DC 20555-0001; and for Regional
personnel: Regional Personnel Officer at the Regional Offices listed in Addendum I, Part
2; Part 2: IT Specialist, Network/Infrastructure Services Branch, IT Services
Development & Operations Division, Office of the Chief Information Officer, NRC,
Washington, DC 20555-0001; Part 3: Mail Services Team Leader, Administrative
Services Center, Division of Administrative Services, Office of Administration, NRC,
Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
44 U.S.C. 3101, 3301; Executive Order (E.O.) 9397, as amended by E.O. 13478;
and E.O. 12656.
41 PURPOSE(S) OF THE SYSTEM:
The purpose of this system is for NRC employees and contractors
accountability, to support NRC emergency response, and to contact designated persons
in the event of an emergency.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
NRC employees and contractors.
CATEGORIES OF RECORDS IN THE SYSTEM:
These records include, but are not limited to, an individuals name, home
address, office organization and location (building, room number, mail stop), telephone
number (home, business, and cell), person to be notified in case of emergency (name,
address, telephone number), and other related records.
RECORD SOURCE CATEGORIES:
Individual on whom the record is maintained; Employee Express; Enterprise
Identity Hub (EIH), and other related records.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under subsection (b) of the
Privacy Act, the NRC may disclose information contained in this system of records
without the consent of the subject individual if the disclosure is compatible with the
purpose for which the record was collected under the following routine uses:
- a. To contact the subject individuals designated emergency contact in the case
of an emergency;
- b. To contact the subject individual regarding matters of official business;
- c. To maintain the agency telephone directory (accessible from www.nrc.gov);
- d. For internal agency mail services;
42
- e. A record from this system of record s which indicates a violation of civil or
criminal law, regulation or order may be referred as a routine use to a Federal, State,
local or foreign agency that has authority to investigate, enforce, implement or prosecute
such laws. Further, a record from this system of records may be disclosed for civil or
criminal law or regulatory enforcement purposes to another agency in response to a
written request from that agencys head or an official who has been delegated such
authority;
- f. A record from this system of records may be disclosed as a routine use to
NRC-paid experts or consultants, and those under contract with the NRC on a need-to-
know basis for a purpose within the scope of the pertinent NRC task. This access will
be granted to an NRC contractor or employee of such contractor by a system manager
only after satisfactory justification has been provided to the system manager;
- g. A record from this system of records may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed
that there has been a breach of the system of records, (2) NRC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, NRC
(including its information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies, entities, and persons
is reasonably necessary to assist in connection with NRC efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such harm; and
- h. A record from this system of records may be disclosed as a routine use to
another Federal agency or Federal entity, when the NRC determines that information
from this system of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
43 (including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information is accessed by name.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Mail, printing, and telecommunication service control records are retained under
the National Archives and Records Administrations General Records Schedule 5.5:
Mail, Printing, and Telecommunications Service Management Records, item 020.
Destroy when 1 year old or when superseded or obsolete, whichever is applicable, but
longer retention is authorized if required for business use. Custom/client records are
retained under General Records Schedule 6.5: Public Customer Service Records, item
020. Destroy when superseded, obsolete, or when customer requests the agency to
remove the records.
Administrative records maintained in any agency office are retained under
General Records Schedule 5.1: Common Office Records, item 010. Destroy when
business use ceases.
Employee emergency contact information records are retained under the
National Archives General Records Schedule 5.3 item 020. Destroy when superseded or
obsolete, or upon separation or transfer of employee. These records are used to account
for and maintain communication with personnel during emergencies, office dismissal,
and closure situations.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Electronic records are password protected. Access to and use of these records is
44 limited to those persons whose official duties require such access.
RECORD ACCESS PROCEDURES:
Same as Notification procedures.
CONTESTING RECORD PROCEDURES:
Same as Notification procedures.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records contains
information about them should write to the Freedom of Information Act or Privacy Act
Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, and comply with the procedures contained in NRCs
Privacy Act regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
SYSTEM NAME AND NUMBER:
Information Security Files and Associated RecordsNRC 37.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Division of Security Operations, Office of Nuclear Security and Incident
Response, NRC, One White Flint North, 11555 Rockville Pike, Rockville, Maryland.
SYSTEM MANAGER(S):
Director, Division of Security Operations, Office of Nuclear Security and Incident
Response, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 2161-2169 and 2201(i); Executive Order 13526; 10 CFR part 95.
45 PURPOSE(S) OF THE SYSTEM:
Keep track of NRC employees, contractors, consultants, licensees, and other
cleared persons who have been grant ed classification authority.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals include present and former NRC employees, contractors, consultants,
licensees, and other cleared persons.
CATEGORIES OF RECORDS IN THE SYSTEM:
These records include information regarding:
- a. Personnel who are authorized access to specified levels, categories and types
of information, the approving authority, and related documents; and
- b. Names of individuals who classify and/or declassify documents (e.g., for the
protection of Classified National Security Information and Restricted Data).
RECORD SOURCE CATEGORIES:
NRC employees, contractors, consultants, and licensees.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under subsection (b) of the
Privacy Act, the NRC may disclose information contained in this system of records
without the consent of the subject individual if the disclosure is compatible with the
purpose for which the record was collected under the following routine uses:
- a. To prepare statistical reports for the Information Security Oversight Office;
- b. A record from this system of record s which indicates a violation of civil or
criminal law, regulation or order may be referred as a routine use to a Federal, State,
local or foreign agency that has authority to investigate, enforce, implement or prosecute
such laws. Further, a record from this system of records may be disclosed for civil or
46 criminal law or regulatory enforcement purposes to another agency in response to a
written request from that agencys head or an official who has been delegated such
authority;
- c. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency to obtain information relevant to an NRC decision
concerning hiring or retaining an employee, letting a contract, or issuing a security
clearance, license, grant or other benefit;
- d. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency requesting a record that is relevant and
necessary to its decision on a matter of hiring or retaining an employee, issuing a
security clearance, reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
- e. A record from this system of records may be disclosed as a routine use in the
course of discovery; in presenting evidenc e to a court, magistrate, administrative
tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative
dispute resolution proceedings, such as arbitration or mediation; or in the course of
settlement negotiations;
- f. A record from this system of records may be disclosed as a routine use to a
Congressional office from the record of an individual in response to an inquiry from the
Congressional office made at the request of that individual;
- g. A record from this system of records may be disclosed as a routine use to
NRC-paid experts or consultants, and those under contract with the NRC on a need-to-
know basis for a purpose within the scope of the pertinent NRC task. This access will
be granted to an NRC contractor or employee of such contractor by a system manager
only after satisfactory justification has been provided to the system manager;
47
- h. A record from this system of records may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed
that there has been a breach of the system of records, (2) NRC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, NRC
(including its information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies, entities, and persons
is reasonably necessary to assist in connection with NRC efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such harm; and
- i. A record from this system of records may be disclosed as a routine use to
another Federal agency or Federal entity, when the NRC determines that information
from this system of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
(including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Accessed by name and/or assigned number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained under the National Archives and Records Administrations,
General Records Schedule 4.2: Information Access and Protection Records. FOIA,
Privacy Act, and classified administrative re cords are retained under General Records
Schedule 4.2, item 001. Destroy when 3 years old, but longer retention is authorized if
needed for business use. Information access and protection tracking and control records
48 are retained under General Records Schedule 4.2, item 030. Destroy 2 years after last
form entry, reply, or submission; or when associated documents are declassified or
destroyed; or when authorization expires; whichever is appropriate. Longer retention is
authorized if required for business use. Access control records are retained under
General Records Schedule 4.2, item 031. Destroy when superseded or obsolete, but
longer retention is authorized if required for business use. Accounting for and control of
access to classified and controlled unclassified records and records requested under
FOIA, PA and MDR are retained under General Records Schedule 4.2, item 040.
Destroy or delete 5 years after date of last entry, final adjudication by courts, or final
action by agency (such as downgrading, transfe r or destruction of related classified
documents, or release of information from controlled unclassified status), as may apply,
whichever is later; but longer retention is authorized if required for business use.
Classified information nondisclosure agreements which are maintained
separately from the individuals official personnel folder are retained under the National
Archives and Records Administrations General Records Schedule 4.2 item 121. Destroy
records when 50 years old.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Information maintained in locked buildings, containers, or security areas under
guard and/or alarm protection, as appropriate. Records are processed only on systems
approved for processing classified information or accessible through password protected
systems for unclassified information. The cl assified systems are stand-alone systems
located within secure facilities or with removable hard drives that are either stored in
locked security containers or in alarmed vaults cleared for open storage of TOP
SECRET information.
49 CONTESTING RECORD PROCEDURE:
Same as Notification procedures.
RECORD ACCESS PROCEDURE:
Same as Notification procedures. Some information is classified under
Executive Order 13526 and will not be disclosed. Other information has been received in
confidence and will not be disclosed to the extent that disclosure would reveal a
confidential source.
NOTIFICATION PROCEDURE:
Individuals seeking to determine whether this system of records contains
information about them should write to the Freedom of Information Act or Privacy Act
Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, and comply with the procedures contained in NRCs
Privacy Act regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(k)(1) and (k)(5), the Commission has exempted
portions of this system of records from 5 U.S.C. 552a(c)(3), (d), (e)(1), (e)(4), (G), (H),
and (I), and (f).
SYSTEM NAME AND NUMBER:
Mailing ListsNRC 38.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Primary systemDigital Communications & Administrative Services Branch,
Division of Facilities and Securities, Office of Administration, NRC, 11545 Rockville Pike,
Rockville, Maryland.
50 Duplicate systemDuplicate sy stems exist in whole or in part at the locations
listed in Addendum I, Parts 1 and 2.
SYSTEM MANAGER(S):
Digital Communications & Administrative Services Branch, Division of Facilities
and Securities, Office of Administration, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
44 U.S.C. 3101, 3301.
PURPOSE(S) OF THE SYSTEM:
The system is maintained for the purpose of mailing informational literature or
responses to those who request it; maintaining lists of individuals who attend meetings;
and for other purposes for which mailing or contact lists may be created.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals, including NRC staff, with an interest in receiving information from the
NRC.
CATEGORIES OF RECORDS IN THE SYSTEM:
Mailing lists include an individual's name and address; and title, occupation, and
institutional affiliation, when applicable.
RECORD SOURCE CATEGORIES:
NRC staff, NRC licensees, and individuals expressing an interest in NRC
activities and publications.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under subsection (b) of the
Privacy Act, the NRC may disclose information contained in this system of records
51 without the consent of the subject individual if the disclosure is compatible with the
purpose for which the record was collected under the following routine uses:
- a. A record from this system of records may be disclosed as a routine use for
distribution of documents to persons and organizations listed on the mailing list;
- b. A record from this system of records may be disclosed as a routine use to
NRC-paid experts or consultants, and those under contract with the NRC on a need-to-
know basis for a purpose within the scope of the pertinent NRC task. This access will
be granted to an NRC contractor or employee of such contractor by a system manager
only after satisfactory justification has been provided to the system manager;
- c. A record from this system of records may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed
that there has been a breach of the system of records, (2) NRC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, NRC
(including its information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies, entities, and persons
is reasonably necessary to assist in connection with NRC efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such harm; and
- d. A record from this system of records may be disclosed as a routine use to
another Federal agency or Federal entity, when the NRC determines that information
from this system of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
(including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
52 POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records maintained on paper, and electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are accessed by company name, individual name, or file code
identification number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Customer/client records are retained under the National Archives and Records
Administrations General Records Schedule 6.5: Public Customer Service Records, Item
020. Delete when superseded, obsolete, or when customer requests the agency to
remove the records.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Access to and use of these records is limited to those persons whose official
duties require such access.
RECORD ACCESS PROCEDURES:
Same as Notification procedures.
CONTESTING RECORD PROCEDURES:
Same as Notification procedures.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records contains
information about them should write to the Freedom of Information Act or Privacy Act
Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, and comply with the procedures contained in NRCs
Privacy Act regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
53 SYSTEM NAME AND NUMBER:
Personnel Security Files and Associated RecordsNRC 39.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Division of Facilities and Security, Office of Administration, NRC, Two White Flint
North, Rockville, Maryland.
SYSTEM MANAGER(S):
Director, Division of Facilities and Security, Office of Administration, U.S. Nuclear
Regulatory Commission, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 2011 et seq.; 42 U.S.C. 2165, 2201(i), 2201a, and 2284; 42 U.S.C.
5801 et seq.; Executive Order (E.O.) 9397, as amended by E.O. 13478; E.O. 10450, as
amended; E.O. 10865, as amended; E.O. 13467; E.O. 13526; E.O. 13587; 10 CFR parts
10, 11, 14, 25, 50, 73, 95; OMB Circular No. A-130, Revised; 5 CFR parts 731, 732, and
authorities cited therein.
PURPOSE(S) OF THE SYSTEM:
This record system will maintain info rmation gathered by and in the possession
of the NRC Division of Facilities and Security to maintain the NRCs Personnel Security
and Insider Threat programs.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Persons including NRC employees, empl oyment applicants, consultants,
contractors, and licensees; other Government agency personnel, other persons who
have been considered for an access authorization, special nuclear material access
authorization, unescorted access to NRC buildings or nuclear power plants, NRC
54 building access, access to Federal automated information systems or data, or
participants in the criminal history program; aliens who visit NRC's facilities; and actual
or suspected violators of laws administered by NRC.
CATEGORIES OF RECORDS IN THE SYSTEM:
These records contain information about individuals, which includes, but is not
limited to, their name(s), address, date and place of birth, social security number,
identifying information, citizenship, residence history, employment history, military
history, financial history, foreign travel, foreign contacts, education, spouse/cohabitant
and relatives, personal references, organizational membership, medical, fingerprints,
criminal record, and security clearance history. These records also contain copies of
personnel security investigative reports from other Federal agencies, summaries of
investigative reports, results of Federal agency indices and database checks, records
necessary for participation in the criminal hi story program, reports of personnel security
interviews, clearance actions information (e.g., grants and terminations), access
approval/disapproval actions related to NRC building access or unescorted access to
nuclear plants, or access to Federal automated information systems or data, violations of
laws, reports of security infraction, insider threat program inquiry records including
analysis, results, referrals, and/or mitigation actions, and other related personnel security
processing documents.
RECORD SOURCE CATEGORIES:
NRC applicants, employees, contractors, consultants, licensees, visitors and
others, as well as information furnished by other Government agencies or their
contractors.
55 ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
Information in these records may be used by the Division of Facilities and
Security and on a need-to-know basis by appropr iate NRC officials, Hearing Examiners,
Personnel Security Review Panel members, Office of Personnel Management, Central
Intelligence Agency, Office of the Director of National intelligence, and other Federal
agencies under the following routine uses:
- a. To determine clearance or access authorization eligibility;
- b. To determine eligibility for access to NRC buildings or access to Federal
automated information systems or data;
- c. To certify clearance or access authorization;
- d. To maintain the NRC personnel security program, including the Insider Threat
Program;
- e. To provide licensees information needed for unescorted access or access to
safeguards information determinations;
- f. A record from this system of records which indicates a violation of civil or
criminal law, regulation or order may be referred as a routine use to a Federal, State,
local or foreign agency that has authority to investigate, enforce, implement or prosecute
such laws. Further, a record from this system of records may be disclosed for civil or
criminal law or regulatory enforcement purposes to another agency in response to a
written request from that agencys head or an official who has been delegated such
authority;
- g. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency to obtain information relevant to an NRC decision
concerning hiring or retaining an employee, letting a contract, or issuing a security
56 clearance, license, grant or other benefit;
- h. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency requesting a record that is relevant and
necessary to its decision on a matter of hiring or retaining an employee, issuing a
security clearance, reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
- i. A record from this system of records may be disclosed as a routine use in the
course of discovery; in presenting evidenc e to a court, magistrate, administrative
tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative
dispute resolution proceedings, such as arbitration or mediation; or in the course of
settlement negotiations;
- j. A record from this system of records may be disclosed as a routine use to a
Congressional office from the record of an individual in response to an inquiry from the
Congressional office made at the request of that individual;
- k. A record from this system of records may be disclosed as a routine use to
NRC-paid experts or consultants, and those under contract with the NRC on a need-to-
know basis for a purpose within the scope of the pertinent NRC task. This access will
be granted to an NRC contractor or employee of such contractor by a system manager
only after satisfactory justification has been provided to the system manager;
- l. A record from this system of records may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed
that there has been a breach of the system of records, (2) NRC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, NRC
(including its information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies, entities, and persons
57 is reasonably necessary to assist in connection with NRC efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such harm; and
- m. A record from this system of records may be disclosed as a routine use to
another Federal agency or Federal entity, when the NRC determines that information
from this system of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
(including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records maintained on paper, tapes, and electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Indexed and accessed by name, social security number, docket number, or a
combination thereof.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Security administrative records are retained under the National Archives and
Records Administrations General Records Schedule 5.6: Security Records, Item 010.
Destroy when 3 years old, but longer retention is authorized if required for business use.
Visitor processing records in areas requiring highest level security awareness are
retained under General Records Schedule 5.6, item 110. Destroy when 5 years old, but
longer retention is authorized if required for business use. Visitor processing records in
all other facility security areas are retained under General Records Schedule 5.6, item
111. Destroy when 2 years old, but longer retention is authorized if required for business
use. Personnel security and access clearance records of people issued clearances are
retained under General Records Schedule 5.6, item 181. Destroy 5 years after employee
58 or contractor relationship ends, but longer retention is authorized if required for business
use. Indexes to the personnel security case files are retained according to General
Records Schedule 5.6 item 190 and destroyed when superseded or obsolete.
Insider threat inquiry records are retained according to General Records
Schedule 5.6 item 220 and destroyed 25 years afte r close of inquiry, but longer retention
is authorized if required for business use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records in use are protected to ensure that access is limited to those persons
whose official duties require such access. Unattended records are maintained in
NRC-controlled space in locked offices, lock ed desk drawers, or locked file cabinets.
Mass storage of records is protected when unattended by a combination lock and alarm
system. Unattended classified records are protected in appropriate security containers in
accordance with Management Directive 12.1.
NOTIFICATION PROCEDURE:
Individuals seeking to determine whether this system of records contains
information about them should write to the Freedom of Information Act or Privacy Act
Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, and comply with the procedures contained in NRCs
Privacy Act regulations, 10 CFR part 9.
RECORD ACCESS PROCEDURE:
Same as Notification procedures. Some information is classified under
Executive Order 12958 and will not be disclosed. Other information has been received in
confidence and will not be disclosed to the extent the disclosure would reveal a
confidential source.
59 CONTESTING RECORD PROCEDURE:
Same as Notification procedures.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
Pursuant to 5 U.S.C. 552a(k)(1), (k)(2), and (k)(5), the Commission has
exempted portions of this system of records from 5 U.S.C. 552a(c)(3), (d), (e)(1),
(e)(4)(G), (H), and (I), and (f).
SYSTEM NAME AND NUMBER:
Facility Security Access Control RecordsNRC 40.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Primary systemDivision of Facilities and Security, Office of Administration,
NRC, Two White Flint North, 11545 Rockville Pike, Rockville, Maryland.
Duplicate systemDuplicate systems exist in part at NRC Regional Offices and
the NRC Technical Training Center at the locations listed in Addendum I, Part 2.
SYSTEM MANAGER(S):
Director, Division of Facilities and Security, Office of Administration, U.S. Nuclear
Regulatory Commission, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
42 U.S.C. 2165-2169 and 2201; Executive Order (E.O.) 9397, as amended by
E.O. 13478; E.O. 13462, as amended by E.O. 13516.
PURPOSE(S) OF THE SYSTEM:
Tracking issued NRC personal identificat ion badges issued for access to
NRC-controlled space and approved visitors to the NRC.
60 CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Current and former NRC employees, consultants, contractors, other Government
agency personnel, and approved visitors.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system includes information regar ding: (1) NRC personal identification
badges issued for continued access to NRC-controlled space; and (2) records regarding
visitors to NRC. The records include, but are not limited to, an individuals name, social
security number, electronic image, badge num ber, citizenship, employer, purpose of
visit, person visited, date and time of visit, and other information contained on
Government issued credentials.
RECORD SOURCE CATEGORIES:
Sources of information include NRC empl oyees, contractors, consultants,
employees of other Government agencies, and visitors.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under subsection (b) of the
Privacy Act, the NRC may disclose information contained in this system of records
without the consent of the subject individual if the disclosure is compatible with the
purpose for which the record was collected under the following routine uses:
- a. To control access to NRC classified information and to NRC spaces by human
or electronic means;
- b. Information (identification badge) may also be used for tracking applications
within the NRC for other than security access purposes;
- c. The electronic image used for the NRC employee personal identification badge
may be used for other than security purposes only with the written consent of the subject
61 individual;
- d. A record from this system of record s which indicates a violation of civil or
criminal law, regulation or order may be referred as a routine use to a Federal, State,
local or foreign agency that has authority to investigate, enforce, implement or prosecute
such laws. Further, a record from this system of records may be disclosed for civil or
criminal law or regulatory enforcement purposes to another agency in response to a
written request from that agencys head or an official who has been delegated such
authority;
- e. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency to obtain information relevant to an NRC decision
concerning hiring or retaining an employee, letting a contract, or issuing a security
clearance, license, grant or other benefit;
- f. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency requesting a record that is relevant and
necessary to its decision on a matter of hiring or retaining an employee, issuing a
security clearance, reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
- g. A record from this system of records may be disclosed as a routine use in the
course of discovery; in presenting evidenc e to a court, magistrate, administrative
tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative
dispute resolution proceedings, such as arbitration or mediation; or in the course of
settlement negotiations;
- h. A record from this system of records may be disclosed as a routine use to a
Congressional office from the record of an individual in response to an inquiry from the
Congressional office made at the request of that individual;
62
- i. A record from this system of records may be disclosed as a routine use to
NRC-paid experts or consultants, and those under contract with the NRC on a need-to-
know basis for a purpose within the scope of the pertinent NRC task. This access will
be granted to an NRC contractor or employee of such contractor by a system manager
only after satisfactory justification has been provided to the system manager;
- j. A record from this system of records may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed
that there has been a breach of the system of records, (2) NRC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, NRC
(including its information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies, entities, and persons
is reasonably necessary to assist in connection with NRC efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such harm; and
- k. A record from this system of records may be disclosed as a routine use to
another Federal agency or Federal entity, when the NRC determines that information
from this system of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
(including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on paper and electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information is indexed and accessed by individuals name, social security
number, identification badge number, employers name, date of visit, or sponsors name.
63 POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
The National Archives and Records Administrations General Records Schedule
5.6 includes Security Records. Visitor processing records in areas requiring highest level
security awareness, including areas designat ed by the interagency Security Committee
as Facility Security Level V, are retained according to General Records Schedule 5.6,
item 110. Destroy when 5 years old, but longer retention is authorized if required for
business use. Visitor processing records in facility security areas not requiring highest
level security awareness, including areas designated by the interagency Security
Committee as Facility Security Levels I th rough IV, are retained under General Records
Schedule 5.6, item 111. Destroy when 2 years old, but longer retention is authorized if
required for business use. Indexes to personnel security case files are retained under
General Records Schedule 5.6, item 190. Destroy when superseded or obsolete.
Records of routine security operations are retained under General Records Schedule
5.6, item 090. Destroy when 30 days old, but longer retention is authorized if required for
business use. Personal identification credentials and cards, including application and
activation records, are retained according to General Records Schedule 5.6, item 120.
Destroy 6 years after the end of an employee or contractors tenure, but longer retention
is authorized if required for business use. Personal identification cards are retained
according to General Records Schedule 5.6 item 121 and destroyed after expiration,
confiscation, or return. Personnel suitability and eligibility investigative reports are
retained according to General Records Schedule 5.6, item 170. Destroy in accordance
with the investigating agency instruction. Reports and records created by agencies
conducting investigations under delegated investigative authority are retained according
to General Records Schedule 5.6, item 171. Destroy in accordance with delegated
authority agreement or memorandum of understanding.
64 ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
All records are maintained in NRC-controlled space that is secured after normal
duty hours or a security area under guard presence in a locked security container/vault.
There is an approved security plan which identifies the physical protective measures and
access controls (i.e., passwords and software design limiting access based on each
individuals role and responsibilities relative to the system) specific to each system.
RECORD ACCESS PROCEDURES:
Same as Notification procedures.
CONTESTING RECORD PROCEDURES:
Same as Notification procedures.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records contains
information about them should write to the Freedom of Information Act or Privacy Act
Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, and comply with the procedures contained in NRCs
Privacy Act regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
SYSTEM NAME AND NUMBER:
Tort Claims and Personal Property Claims RecordsNRC 41.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Primary systemOffice of the General Counsel, NRC, One White Flint North,
11555 Rockville Pike, Rockville, Maryland.
65 Duplicate systemDuplicate sy stems exist, in whole or in part, in the Office of
the Chief Financial Officer, NRC, Two White Flint North, 11545 Rockville Pike, Rockville,
Maryland, and at the locations listed in Addendum I, Parts 1 and 2. Other NRC systems
of records, including but not limited to, NRC-18, Office of the Inspector General (OIG)
Investigative RecordsNRC and Defense Nucl ear Facilities Safety Board (DNFSB),
and NRC-32, Office of the Chief Financia l Officer Financial Transactions and Debt
Collection Management RecordsNRC, may contain some of the information in this
system of records.
SYSTEM MANAGER:
Assistant General Counsel for Labor, Employment and Contract Law, U.S.
Nuclear Regulatory Commission, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Federal Tort Claims Act, 28 U.S.C. 2671 et seq.; Military Personnel and Civilian
Employees' Claims Act, 31 U.S.C. 3721; 44 U.S.C. 3101.
PURPOSE(S) OF THE SYSTEM:
Claims with the NRC under the Federal Tort Claims Act or the Military Personnel
and Civilian Employees Claims Act.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals who have filed claims with NRC under the Federal Tort Claims Act or
the Military Personnel and Civilian Employees' Claims Act and individuals who have
matters pending before the NRC that may result in a claim being filed.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system contains information relating to loss or damage to property and/or
personal injury or death in which the U.S. Government may be liable. This information
includes, but is not limited to, the individual's name, home address and phone number,
66 work address and phone number, drivers license number, claim forms and supporting
documentation, police reports, witness statements, medical records, insurance
information, investigative reports, repair/replacement receipts and estimates, litigation
documents, court decisions, and other information necessary for the evaluation and
settlement of claims.
RECORD SOURCE CATEGORIES:
Information is obtained from a number of sources, including but not limited to,
claimants, NRC employees involved in t he incident, witnesses or others having
knowledge of the matter, police reports, medical reports, investigative reports, insurance
companies, and attorneys.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under subsection (b) of the
Privacy Act, NRC may disclose information cont ained in a record in this system of
records without the consent of the subject individual if the disclosure is compatible with
the purpose for which the record was collected under the following routine uses:
- a. To third parties, including claimants' attorneys, insurance companies,
witnesses, potential witnesses, local police authorities where an accident occurs, and
others who may have knowledge of the matter to the extent necessary to obtain
information that will be used to evaluate, settle, refer, pay, and/or adjudicate claims;
- b. To the Department of Justice (DOJ) when the matter comes within their
jurisdiction, such as to coordinate litigation or when NRC's authority is limited, and DOJ
advice or approval is required before NRC can award, adjust, compromise, or settle
certain claims;
67
- c. To the appropriate Federal agency or agencies when a claim has been
incorrectly filed with NRC or when more than one agency is involved, and NRC makes
agreements with the other agencies as to which one will investigate the claim;
- d. To the Department of the Treasury to request payment of an award,
compromise, or settlement of a claim;
- e. Information contained in litigation records is public to the extent that the
documents have been filed in a court or public administrative proceeding, unless the
court or other adjudicative body has ordered otherwise. This public information, including
information concerning the nature, status, and disposition of the proceeding, may be
disclosed to any person, unless it is determined that release of specific information in the
context of a particular case would constitute an unwarranted invasion of personal
privacy;
- f. To the National Archives and Records Administration or to the General
Services Administration for records management inspections conducted under 44 U.S.C.
2904 and 2906;
- g. A record from this system of record s which indicates a violation of civil or
criminal law, regulation or order may be referred as a routine use to a Federal, State,
local or foreign agency that has authority to investigate, enforce, implement or prosecute
such laws. Further, a record from this system of records may be disclosed for civil or
criminal law or regulatory enforcement purposes to another agency in response to a
written request from that agencys head or an official who has been delegated such
authority;
- h. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency to obtain information relevant to an NRC decision
concerning hiring or retaining an employee, letting a contract, or issuing a security
68 clearance, license, grant or other benefit;
- i. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency requesting a record that is relevant and
necessary to its decision on a matter of hiring or retaining an employee, issuing a
security clearance, reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
- j. A record from this system of records may be disclosed as a routine use in the
course of discovery; in presenting evidenc e to a court, magistrate, administrative
tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative
dispute resolution proceedings, such as arbitration or mediation; or in the course of
settlement negotiations;
- k. A record from this system of records may be disclosed as a routine use to a
Congressional office from the record of an individual in response to an inquiry from the
Congressional office made at the request of that individual;
- l. A record from this system of records may be disclosed as a routine use to
NRC-paid experts or consultants, and those under contract with the NRC on a need-to-
know basis for a purpose within the scope of the pertinent NRC task. This access will
be granted to an NRC contractor or employee of such contractor by a system manager
only after satisfactory justification has been provided to the system manager;
- m. A record from this system of records may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed
that there has been a breach of the system of records, (2) NRC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, NRC
(including its information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies, entities, and persons
69 is reasonably necessary to assist in connection with NRC efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such harm; and
- n. A record from this system of records may be disclosed as a routine use to
another Federal agency or Federal entity, when the NRC determines that information
from this system of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
(including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Information in this system of records is stored on paper and computer media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information is indexed and accessed by the claimant's name.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records will be retained under the National Archives and Records
Administrations General Records Schedules and the NRC NUREG 0910 Revision 4.
Financial transaction records related to procuring goods and services, paying
bills, collecting debts, and accounting, are retained according to General Records
Schedule 1.1: Financial Management and Reporting Records, item 010 (Official record
held in the office of record). Financial transaction records are destroyed 6 years after
final payment or cancellation, but longer retention is authorized if required for business
use. Since the General Records Schedule (GRS) allows for longer retention, NRC
chooses to retain records for 7 years as required for its business use, before destruction.
Administrative claims by or against the United States are retained according to General
Records Schedule 1.1, item 080. Administrative claims records are destroyed 7 years
70 after final action, but longer retention is authorized if required for business use. Litigation
Case Files, are retained according to NRCs NUREG 0910, Revision 4, Part 2.12.7.a.
Closed files are retired 7 years after cases are closed and transferred to the National
Archives and Records Administration 20 years after cases are closed. ADAMS PDF files
and TIFF files are cutoff when case is closed and transferred to the National Archives 20
years after case is closed.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The paper records are stored in locked file cabinets and access is restricted to
those agency personnel whose official duties and responsibilities require access.
Automated records are protected by password.
RECORD ACCESS PROCEDURES:
Same as Notification procedures.
CONTESTING RECORD PROCEDURES:
Same as Notification procedures.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records contains
information about them should write to the Freedom of Information Act or Privacy Act
Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, and comply with the procedures contained in NRCs
Privacy Act regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
Disclosure Pursuant to 5 U.S.C. 552a(b)(12): Disclosure of information to a consumer
reporting agency is not considered a routine use of records. Disclosures may be made
71 from this system of records to consum er reporting agencies as defined in the Fair
Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966,
as amended (31 U.S.C. 3701(a)(3)).
SYSTEM NAME AND NUMBER:
Employee Health Center RecordsNRC 43.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Primary systemEmployee Health Center, NRC, One White Flint North, 11555
Rockville Pike, Rockville, Maryland.
Duplicate systemDuplicate systems exist, in part, at health care facilities
operating under a contract or agreement with NRC for health-related services in the
vicinity of each of NRCs Regional offices listed in Addendum I, Part 2. NRCs Regional
offices may also maintain copies of occupational health records for their employees.
This system may contain some of the information maintained in other systems of
records, including NRC-11, Reasonable Accommodation RecordsNRC, NRC-44,
Employee Fitness Center RecordsNRC, and DOL/GOVT-1 Office of Workers
Compensation Programs, Federal Employees Compensation Act File.
SYSTEM MANGERS(S):
Technical Assistance Project Manager, Office of the Chief Human Capital Officer,
U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 7901; Executive Order 9397, as amended by E.O. 13478.
PURPOSE(S) OF THE SYSTEM:
Maintaining health records for current and former NRC employees, consultants,
72 contractors, other Government personnel, and anyone who may require emergency or
first-aid treatment on NRC premises.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Current and former NRC employees, consultants, contractors, other Government
personnel, and anyone on NRC premises who requi res emergency or first-aid treatment.
CATEGORIES OF RECORDS IN THE SYSTEM:
This system is comprised of records developed as a result of voluntary employee
use of health services provided by the Heal th Center, and of emergency health services
rendered by Health Center staff to individuals for injuries and illnesses suffered while on
NRC premises. Specific information maintained on individuals may include, but is not
limited to, their name, date of birth, and so cial security number; medical history and
other biographical data; test reports and medical diagnoses based on employee health
maintenance physical examinations or health screening programs (tests for single
medical conditions or diseases); history of complaint, diagnosis, and treatment of injuries
and illness rendered by the Health Center st aff; immunization records; records of
administration by Health Center staff of medications prescribed by personal physicians;
medical consultation records; statistical records; daily log of patients; and medical
documentation such as personal physician correspondence, test results submitted to the
Health Center staff by the employee; and o ccupational health records. This system does
not maintain records that are a result of a condition of employment, records and reports
generated in relation to a Workers Compensation claim, or records resulting from
participation in an agency-sponsored health and wellness program. Such records are
maintained in the government-wide system of records notice OPM/GOVT-10 Employee
Medical File System Records.
73 RECORD SOURCE CATEGORIES:
Information in this system of records is obtained from a number of sources
including, but not limited to, the individual to whom it pertains; laboratory reports and test
results; NRC Health Center physicians, nur ses, and other medical technicians or
personnel who have examined, tested, or treated the individual; the individual's
coworkers or supervisors; other systems of records; the individual's personal
physician(s); NRC Fitness Center staff; other Federal agencies; and other Federal
employee health units.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under subsection (b) of the
Privacy Act, the NRC may disclose information contained in this system of records
without the consent of the subject individual if the disclosure is compatible with the
purpose for which the record was collected under the following routine uses:
- a. To refer information required by applicable law to be disclosed to a Federal,
State, or local public health service agency concerning individuals who have contracted
certain communicable diseases or conditions in an effort to prevent further outbreak of
the disease or condition;
- b. To disclose information to the appropriate Federal, State, or local agency
responsible for investigation of an accident, disease, medical condition, or injury as
required by pertinent legal authority;
- c. To disclose information to the Office of Workers' Compensation Programs in
connection with a claim for benefits filed by an employee;
- d. To Health Center staff and medical personnel under a contract or agreement
with NRC who need the information in order to schedule, conduct, evaluate, or follow up
74 on physical examinations, tests, emergency treatments, or other medical and health care
services;
- e. To refer information to private physicians designated by the individual when
requested in writing;
- f. To the National Archives and Records Administration or to the General
Services Administration for records management inspections conducted under 44 U.S.C.
2904 and 2906;
- g. A record from this system of record s which indicates a violation of civil or
criminal law, regulation or order may be referred as a routine use to a Federal, State,
local or foreign agency that has authority to investigate, enforce, implement or prosecute
such laws. Further, a record from this system of records may be disclosed for civil or
criminal law or regulatory enforcement purposes to another agency in response to a
written request from that agencys head or an official who has been delegated such
authority;
- h. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency to obtain information relevant to an NRC decision
concerning hiring or retaining an employee, letting a contract, or issuing a security
clearance, license, grant or other benefit;
- i. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency requesting a record that is relevant and
necessary to its decision on a matter of hiring or retaining an employee, issuing a
security clearance, reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
- j. A record from this system of records may be disclosed as a routine use in the
course of discovery; in presenting evidenc e to a court, magistrate, administrative
75 tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative
dispute resolution proceedings, such as arbitration or mediation; or in the course of
settlement negotiations;
- k. A record from this system of records may be disclosed as a routine use to a
Congressional office from the record of an individual in response to an inquiry from the
Congressional office made at the request of that individual;
- l. A record from this system of records may be disclosed as a routine use to
NRC-paid experts or consultants, and those under contract with the NRC on a need-to-
know basis for a purpose within the scope of the pertinent NRC task. This access will
be granted to an NRC contractor or employee of such contractor by a system manager
only after satisfactory justification has been provided to the system manager;
- m. A record from this system of records may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed
that there has been a breach of the system of records, (2) NRC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, NRC
(including its information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies, entities, and persons
is reasonably necessary to assist in connection with NRC efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such harm; and
- n. A record from this system of records may be disclosed as a routine use to
another Federal agency or Federal entity, when the NRC determines that information
from this system of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
76 (including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored in file folders, on electronic media, and on file cards, logs, x-
rays, and other medical reports and forms.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrieved by the individuals name, date of birth, and social security
number, or any combination of those identifiers.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Clinic Scheduling Records are retained under the National Archives and Records
Administrations General Records Schedule 2.7: Employee Health and Safety Records,
item 010. Destroy when 3 years old, but longer retention is authorized if required for
business use. Short-term occupational individual medical case files are retained under
General Records Schedule 2.7, item 061. Destroy 1 year after employee separation or
transfer. Individual employee health case files created prior to establishment of the
Employee Medical File system in 1986 ar e retained under General Records Schedule
2.7, item 062. Destroy 60 years after retire ment to the NARA records storage facility.
Non-occupational individual medical case files are retained under General Records
Schedule 2.7, item 070. Destroy 10 years after the most recent encounter, but longer
retention is authorized if needed for business use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records in the primary system are maintained in a building where access is
controlled by a security guard force and entry to each floor is controlled by keycard.
Records in the system are maintained in lockable file cabinets with access limited to
agency or contractor personnel whose duties require access. The records are under
77 visual control during duty hours. Access to automated data requires use of proper
password and user identification codes by authorized personnel.
RECORD ACCESS PROCEDURES:
Same as Notification procedures.
CONTESTING RECORD PROCEDURES:
Same as Notification procedures.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records contains
information about them should write to the Freedom of Information Act or Privacy Act
Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001; comply with the procedures contained in NRCs Privacy
Act regulations, 10 CFR part 9; and provide their full name, any former name(s), date of
birth, and Social Security number.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
SYSTEM NAME AND NUMBER:
Employee Fitness Center RecordsNRC 44.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Primary systemFitness Center, NRC, Two White Flint North, 11545 Rockville
Pike, Rockville, Maryland.
SYSTEM MANAGER(S):
Office of Chief Human Capital Officer C ontracting Officer Representative, Office
of the Chief Human Capital Officer, U.S. Nuclear Regulatory Commission, Washington,
78 DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 7901; Executive Order (E.O.) 9397, as amended by E.O. 13478.
PURPOSE(S) OF THE SYSTEM:
Maintaining membership for the NRC Fitness Center.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
NRC employees who apply for membership at the Fitness Center, including
current and former members.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system includes applications to participate in NRCs Fitness Center,
information on an individuals degree of physical fitness and their fitness activities and
goals; and various forms, memoranda, and correspondence related to Fitness Facilities
membership and financial/payment matters. Specific information contained in the
application for membership includes the employee applicant's name, gender, age, badge
id, height, weight, and medical information, including a history of certain medical
conditions; the name of the individual's pers onal physician and any prescription or over-
the-counter drugs taken on a regular basis; and the name and address of a person to be
notified in case of emergency.
RECORD SOURCE CATEGORIES:
Information in this system of records is principally obtained from the subject
individual. Other sources of information include, but are not limited to, the NRC Fitness
Center Director, staff physicians retained by the NRC, and the individuals personal
physicians.
79 ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under subsection (b) of the
Privacy Act, the NRC may disclose information contained in this system of records
without the consent of the subject individual if the disclosure is compatible with the
purpose for which the record was collected under the following routine uses:
- a. To the individual listed as an emergency contact, in the event of an
emergency;
- b. To the National Archives and Records Administration or to the General
Services Administration for records management inspections conducted under 44 U.S.C.
2904 or 2906;
- c. A record from this system of records which indicates a violation of civil or
criminal law, regulation or order may be referred as a routine use to a Federal, State,
local or foreign agency that has authority to investigate, enforce, implement or prosecute
such laws. Further, a record from this system of records may be disclosed for civil or
criminal law or regulatory enforcement purposes to another agency in response to a
written request from that agencys head or an official who has been delegated such
authority;
- d. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency to obtain information relevant to an NRC decision
concerning hiring or retaining an employee, letting a contract, or issuing a security
clearance, license, grant or other benefit;
- e. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency requesting a record that is relevant and
necessary to its decision on a matter of hiring or retaining an employee, issuing a
80 security clearance, reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
- f. A record from this system of records may be disclosed as a routine use in the
course of discovery; in presenting evidenc e to a court, magistrate, administrative
tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative
dispute resolution proceedings, such as arbitration or mediation; or in the course of
settlement negotiations;
- g. A record from this system of records may be disclosed as a routine use to a
Congressional office from the record of an individual in response to an inquiry from the
Congressional office made at the request of that individual;
- h. A record from this system of records may be disclosed as a routine use to
NRC-paid experts or consultants, and those under contract with the NRC on a need-to-
know basis for a purpose within the scope of the pertinent NRC task. This access will
be granted to an NRC contractor or employee of such contractor by a system manager
only after satisfactory justification has been provided to the system manager;
- i. A record from this system of records may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed
that there has been a breach of the system of records, (2) NRC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, NRC
(including its information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies, entities, and persons
is reasonably necessary to assist in connection with NRC efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such harm; and
- j. A record from this system of records may be disclosed as a routine use to
another Federal agency or Federal entity, when the NRC determines that information
81 from this system of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
(including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are maintained on paper and electronic media.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Information is indexed and accessed by an individuals name and/or NRC Badge
ID number.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS
Fitness Center records are retained according to the National Archives and
Records Administrations General Records Schedule 2.7: Employee Health and Safety
Records, item 080, Non-occupational health and wellness program records. Destroy 3
years after the project/activity or transaction is completed or superseded, but longer
retention is authorized if needed for business use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Records are maintained in a building where access is controlled by a security
guard force. Access to the Fitness Center is controlled by keycard and bar code
verification. Records in paper form are st ored alphabetically by individuals names in
lockable file cabinets maintained in the NRC where access to the records is limited to
agency and Fitness Center personnel whose duties require access. The records are
under visual control during duty hours. Automated records are protected by screen
saver. Access to automated data requires use of proper password and user identification
codes. Only authorized personnel have access to areas in which information is stored.
82 RECORD ACCESS PROCEDURES:
Same as Notification procedures.
CONTESTING RECORD PROCEDURES:
Same as Notification procedures.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records contains
information about them should write to the Freedom of Information Act or Privacy Act
Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, and comply with the procedures contained in NRCs
Privacy Act regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
DISCLOSURES TO CONSUMER REPORTING AGENCIES:
Disclosures Pursuant to 5 U.S.C. 552a(b)(12): Disclosures of information to a
consumer reporting agency are not considered a routine use of records. Disclosures
may be made from this system to consumer reporting agencies as defined in the Fair
Credit Reporting Act (15 U.S.C. 1681a(f)) or the Federal Claims Collection Act of 1966,
as amended (31 U.S.C. 3701(a)(3)).
SYSTEM NAME AND NUMBER:
Electronic Credentials for Personal Identity Verification-NRC 45.
SECURITY CLASSIFICATION:
Unclassified
SYSTEM LOCATION:
Primary systemOffice of the Chief Information Officer, NRC, White Flint North
Complex, 11555 Rockville Pike, Rockville, Maryland, and current contractor facility.
83 Duplicate system-Duplicate systems may exist, in whole or in part, at the
locations listed in Addendum I, Part 2.
SYSTEM MANAGER(S):
Director, Solutions Development and Operations Division, Office of the Chief
Information Officer, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
5 U.S.C. 301; 42 U.S.C. 2165 and 2201(i); 44 U.S.C. 3501, 3504; Electronic
Government Act of 2002, 44 U.S.C. chapter 36; Homeland Security Presidential
Directive 12 (HSPD-12), Policy for a Common Identification Standard for Federal
Employees and Contractors, August 27, 2004; Executive Order (E.O.) 9397, as
amended by E.O. 13478.
PURPOSE(S) OF THE SYSTEM:
Track and control PIV cards issued to persons entering and exiting the NRC
facilities or using NRC systems; and verify that all person entering federal facilities, using
Federal information resources, are authorized to do so.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Individuals covered are persons who have applied for the issuance of electronic
credentials for signature, encryption, and/or authentication purposes; have had their
credentials renewed, replaced, suspended, revoked, or denied; have used their
credentials to electronically make contact wi th, retrieve information from, or submit
information to an automated information sy stem; or have corresponded with NRC or its
contractor concerning digital services.
CATEGORIES OF RECORDS IN THE SYSTEM:
The system contains information needed to establish and verify the identity of
users, to maintain the system, and to establish accountability and audit controls. System
84 records may include: (a) applications for the issuance, amendment, renewal,
replacement, or revocation of electronic credentials, including evidence provided by
applicants or proof of identity and authority, and sources used to verify an applicant's
identity and authority; (b) credentials issued; (c) credentials denied, suspended, or
revoked, including reasons for denial, suspension, or revocation; (d) a list of currently
valid credentials; (e) a list of currently invalid credentials; (f) a record of validation
transactions attempted with electronic credentials; and (g) a record of validation
transactions completed with electronic credentials.
RECORD SOURCE CATEGORIES:
The sources for information are the individuals who apply for electronic
credentials, the NRC and contractors using multiple sources to verify identities, and
internal system transactions designed to gather and maintain data needed to manage
and evaluate the electronic credentials program.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the disclosures permitted under subsection (b) of the Privacy Act,
the NRC may disclose information contained in this system of records without the
consent of the subject individual if the disclosure is compatible with the purpose for
which the record was collected under the following routine uses:
- a. To agency electronic credential program contractors to compile and maintain
documentation on applicants for verifying applicants' identity and authority to access
information system applications; to establish and maintain documentation on information
sources for verifying applicants' identities; to ensure proper management, data accuracy,
and evaluation of the system;
- b. To Federal authorities to determine the validity of subscriber digital certificates
85 and other identity attributes;
- c. To the National Archives and Records Administration (NARA) for records
management purposes;
- d. To a public data repository (only name, e-mail address, organization, and
public key) to facilitate secure communications using digital certificates;
- e. A record from this system of record s which indicates a violation of civil or
criminal law, regulation or order may be referred as a routine use to a Federal, State,
local or foreign agency that has authority to investigate, enforce, implement or prosecute
such laws. Further, a record from this system of records may be disclosed for civil or
criminal law or regulatory enforcement purposes to another agency in response to a
written request from that agencys head or an official who has been delegated such
authority;
- f. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency to obtain information relevant to an NRC decision
concerning hiring or retaining an employee, letting a contract, or issuing a security
clearance, license, grant or other benefit;
- g. A record from this system of records may be disclosed as a routine use to a
Federal, State, local, or foreign agency requesting a record that is relevant and
necessary to its decision on a matter of hiring or retaining an employee, issuing a
security clearance, reporting an investigation of an employee, letting a contract, or
issuing a license, grant, or other benefit;
- h. A record from this system of records may be disclosed as a routine use in the
course of discovery; in presenting evidenc e to a court, magistrate, administrative
tribunal, or grand jury or pursuant to a qualifying order from any of those; in alternative
dispute resolution proceedings, such as arbitration or mediation; or in the course of
86 settlement negotiations;
- i. A record from this system of records may be disclosed as a routine use to a
Congressional office from the record of an individual in response to an inquiry from the
Congressional office made at the request of that individual;
- j. A record from this system of records may be disclosed as a routine use to
NRC-paid experts or consultants, and those under contract with the NRC on a need-to-
know basis for a purpose within the scope of the pertinent NRC task. This access will
be granted to an NRC contractor or employee of such contractor by a system manager
only after satisfactory justification has been provided to the system manager;
- k. A record from this system of records may be disclosed as a routine use to
appropriate agencies, entities, and persons when (1) NRC suspects or has confirmed
that there has been a breach of the system of records, (2) NRC has determined that as a
result of the suspected or confirmed breach there is a risk of harm to individuals, NRC
(including its information systems, programs, and operations), the Federal Government,
or national security; and (3) the disclosure made to such agencies, entities, and persons
is reasonably necessary to assist in connection with NRC efforts to respond to the
suspected or confirmed breach or to prevent, minimize, or remedy such harm; and
- l. A record from this system of records may be disclosed as a routine use to
another Federal agency or Federal entity, when the NRC determines that information
from this system of records is reasonably necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
(including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
87 POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
Records are stored electronically or on paper.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records are retrievable by an individuals name, e-mail address, certificate
status, certificate number or credential number, certificate issuance date, or approval
role.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
Records are retained under the National Archives and Records Administrations,
General Records Schedule 5.6: Security Records. Application and activation records for
personal identification credentials and cards are retained under General Records
Schedule 5.6, item 120. Destroy 6 years after the end of an employee or contractors
tenure, but longer retention is authorized if required for business use. Personnel
identification cards are retained under General Records Schedule 5.6, item 121. Destroy
after expiration, confiscation, or return. Local facility identification and card access
records are retained under General Records Schedule 5.6, item 130. Destroy upon
immediate collection once the temporary credential or card is returned for potential
reissuance due to nearing expiration or not to exceed 6 months from time of issuance or
when individual no longer requires access, whichever is sooner, but longer retention is
authorized if required for business use.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
Technical, administrative, and personnel security measures are implemented to
ensure confidentiality, integrity, and availability of the system data stored, processed,
and transmitted. Hard copy documents are maintained in locking file cabinets. Electronic
records are, at a minimum, password protected. Access to and use of these records is
limited to those individuals whose official duties require access.
88 RECORD ACCESS PROCEDURES:
Same as Notification procedures.
CONTESTING RECORD PROCEDURES:
Same as Notification procedures.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records contains
information about them should write to the Freedom of Information Act or Privacy Act
Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, and comply with the procedures contained in NRCs
Privacy Act regulations, 10 CFR part 9.
EXEMPTIONS CLAIMS FOR THE SYSTEM:
None.
DISCLOSURE TO CONSUMER REPORTING AGENCIES:
Disclosure of system records to cons umer reporting systems is not permitted.
SYSTEM NAME AND NUMBER:
Health Emergency RecordsNRC 46.
SECURITY CLASSIFICATION:
Unclassified.
SYSTEM LOCATION:
Headquarters, 11555 Rockville Pike, Rockville, Maryland. Records may be
maintained at all locations at which the NRC, or contractors on behalf of the NRC,
operate or at which NRC operations are supported.
SYSTEM MANAGER(S):
Chief Human Capital Officer, Office of the Chief Human Capital Officer, U.S.
Nuclear Regulatory Commission, Washington, DC 20555-0001.
89 AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
Workforce safety Federal requirements, which include: the Occupational Safety
and Health Act of 1970; Executive Order 12196; and 5 U.S.C. 7902, Safety programs.
Federal laws that authorize the NRC to create and maintain Federal records of agency
activities, which include: 44 U.S.C. 3101; the Religious Freedom Restoration Act of
1933, 42 U.S.C. Chapter 21B; Title VII of the Civil Rights Act of 1964, as amended, 42
U.S.C. 2000e; and the Rehabilitation Act of 1973, as amended, 29 U.S.C. 701 et seq.
Authorities addressing the federal governments preparation for, and response to, public
health threats, including the PREVENT Pandemics Act, 42 U.S.C. § 300hh-3; and
Executive Order 13987, Organizing and Mobilizing the United States Government to
Provide a Unified and Effective Response to Combat COVID-19 and to Provide United
States Leadership on Global Health and Security.
PURPOSE(S) OF THE SYSTEM:
Maintaining records necessary and relevant to NRC activities responding to and
mitigating high-consequence public health threats. Records may include, but are not
limited to, those applicable health related records needed to understand the impact of an
illness or disease on the NRC workforce or to assist the NRC in protecting its workforce
from a declared public health emergency, pandemic, or other high-consequence public
health threat, including records submitted by NRC personnel or by the lawful
representative of such personnel.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
NRC's employees.
CATEGORIES OF RECORDS IN THE SYSTEM:
Records maintained in this system may include:
A. Full name, NRC employee ID number; telephone number, worksite, email
90 address, supervisor's name, address and contact information.
C. Other information about the individual directly related to the disease or illness
(e.g., testing results/information, symptoms, treatments, source of exposure, or other
applicable health related information).
D. Appointment scheduling information, including the date, time, and location of a
scheduled appointment.
E. Medical screening information, including the individual's name, date of birth,
age, category of employment, current medica l status, related medical history, and any
relevant medical history.
RECORD SOURCE CATEGORIES:
Records may be obtained from NRC employees or their representative who may
provide relevant information on a suspected or confirmed disease or illness, or the
prevention of such disease or illness, which is the subject of a high-consequence public
health threat.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING
CATEGORIES OF USERS AND THE PURPOSES OF SUCH USES:
In addition to the other types of disclosures permitted under subsection (b) of the
Privacy Act, the NRC may disclose information contained in this system of records
without the consent of the persons or entities mentioned herein if the disclosure is
compatible with the purpose for which the record was collected under the following
routine uses:
A. To appropriate medical facilities, or Federal, State, local, Tribal, territorial or
foreign government agencies, to the extent permitted by law, for the purpose of
protecting the vital interests of individual(s), including to assist the United States
Government in responding to or mitigating high-consequence public health threats.
91 B. To determine eligibility for access to NRC buildings, NRC licensee facilities or
sites, or other Federal facilities.
C. To provide licensees information needed for unescorted access or access to
the licensee's facility(s).
D. Where a record, either alone or in conjunction with other information, indicates
a violation or potential violation of lawcriminal, civil, or regulatory in naturethe
relevant records may be referred to the appropriate Federal, State, local, territorial,
Tribal, or foreign law enforcement authority or other appropriate entity charged with the
responsibility for investigating or prosecuting such violation or charged with enforcing or
implementing such law.
E. In an appropriate proceeding before a court, grand jury, or administrative or
adjudicative body, when the NRC determines that the records are arguably relevant to
its proceeding; or in an appropriate proceeding before an administrative or adjudicative
body when the adjudicator determines the records to be relevant to the proceeding.
F. To contractors, grantees, experts, consultants, students, and others
performing or working on a contract, service, grant, cooperative agreement, or other
assignment for the Federal Government, when necessary to accomplish an NRC
function related to this system of records.
G. A record on an employee from this system of records may be disclosed as a
routine use to a Federal, State, local, territorial, Tribal, or foreign agency requesting a
record that is relevant and necessary to its decision on a matter of hiring or retaining an
employee, issuing a security clearance, reporting an investigation of that individual,
letting a contract, or issuing a license, grant, or other benefit.
H. A record on an employee from this system of records may be disclosed as a
routine use to a Congressional office in response to an inquiry from the Congressional
92 office made at the request of that individual.
I. To the National Archives and Records Administration for purposes of records
management inspections conducted under the authority of 44 U.S.C. 2904 and 2906.
J. To appropriate agencies, entities, and persons when (1) the NRC suspects or
has confirmed that there has been a breach of the system of records. (2) the NRC has
determined that as a result of the suspected or confirmed breach there is a risk of harm
to an individual(s), the NRC (including its information systems, programs, and
operations), the Federal Government, or national security; and (3) the disclosure made
to such agencies, entities, and persons is reasonably necessary to assist in connection
with the NRC's efforts to respond to the suspected or confirmed breach or to prevent,
minimize, or remedy such harm.
K. To another Federal agency or Federal entity, when the NRC determines that
information from this system of records is necessary to assist the recipient agency or
entity in (1) responding to a suspected or confirmed breach, or (2) preventing,
minimizing, or remedying the risk of harm to individuals, the recipient agency or entity
(including its information systems, programs, and operations), the Federal Government,
or national security, resulting from a suspected or confirmed breach.
L. To any agency, organization, or individual for the purpose of performing
authorized audit or oversight operations of the NRC and meeting related reporting
requirements.
M. To such recipients and under such circumstances and procedures as are
mandated by Federal statute or treaty.
N. A record from this system of records may be disclosed as a routine use to
NRC-paid experts or consultants, and those under contract with the NRC on a need-to-
know basis for purpose within the scope of the pertinent NRC task. This access will be
93 granted to an NRC contractor or employee of such contractor by a system manager only
after satisfactory justification has been provided to the system manager.
O. To a Federal agency employee, expert, consultant, or contractor in performing
a Federal duty for purposes of authorizing, arranging, and/or claiming reimbursement for
official travel, including, but not limit ed to, traveler profile information.
POLICIES AND PRACTICES FOR STORAGE OF RECORDS:
All records in this system of records are maintained and in compliance with
applicable executive orders, statutes, and agency implementing recommendations.
Electronic records are stored in databases. Paper records are maintained in a secure,
access-controlled room, with access limited to authorized personnel.
POLICIES AND PRACTICES FOR RETRIEVAL OF RECORDS:
Records will be retrieved by any of the categories of records, including name,
location, date of applicable health information, or work status.
POLICIES AND PRACTICES FOR RETENTION AND DISPOSAL OF RECORDS:
To the extent applicable, to ensure compliance with Americans with Disabilities
Act, the Rehabilitation Act, and the Genetic Information Nondiscrimination Act of 2008,
medical information must be maintained on separate forms and in separate medical
files and be treated as a confidential medical record. 42 U.S.C. 12112(d)(3)(B);
42 U.S.C. sec 2000ff-5(a); 29 CFR 1630.14(b)(1), (c)(1),(d)(4)(i); and 29 CFR 1635.9(a).
This means that medical information and documents must be stored separately from
other personnel records. As such, the NRC must keep medical records for at least 1
year from creation date. 29 CFR 1602.14. Further, records compiled under this system
of records notice will be maintained in accordance with the National Archives and
Records Administration General Records Schedule (GRS) 2.7, Employee Health and
Safety Records, Items 010, 070, or 080 to the extent applicable.
94 GRS 2.7 item 010 (DAA-GRS-2017-0010-0001)Clinic scheduling records.
Temporary. Destroy when 3 years old, but longer retention is authorized if needed for
business use.
GRS 2.7 item 070 (DAA-GRS-2017-0010-0012)Non-occupational individual
case files. Temporary. Destroy 10 years after the most recent encounter, but longer
retention is authorized if needed for business use.
GRS 2.7 item 080 (DAA-GRS-2017-0010-0013)Non-occupational health and
wellness program records. Temporary. Destroy 3 years after the project/activity/or
transaction is completed or superseded, but longer retention is authorized if needed for
business use.
GRS 2.7 item 063 (DAA-GRS-2021-0003-0001)Vaccination attestations and
proof of vaccination records. Federal employees and contractors. Temporary. Destroy
when 3 years old.
GRS 2.7 item 064 (DAA-GRS-2021-0003-0002)Vaccination attestations and
proof of vaccination records. Visitors. Temporary. Destroy when 30 days old.
ADMINISTRATIVE, TECHNICAL, AND PHYSICAL SAFEGUARDS:
The NRC safeguards records in this system according to applicable rules and
polices, including all applicable NRC automat ed systems security and access policies.
The NRC has imposed controls to minimize the risk of compromising the information that
is being stored. Users of individual computers can only gain access to the data by valid
user identification and password. Paper records are maintained in a secure, access-
controlled room, with access limited to authorized personnel.
RECORDS ACCESS PROCEDURES:
Same as Notification procedures.
95 CONTESTING RECORD PROCEDURES:
Same as Notification procedures.
NOTIFICATION PROCEDURES:
Individuals seeking to determine whether this system of records contains
information about them should write to the Free dom of Information Act Officer or Privacy
Act Officer, Office of the Chief Information Officer, U.S. Nuclear Regulatory Commission,
Washington, DC 20555-0001, and comply with procedures contained in NRC's Privacy
Act regulations, 10 CFR part 9.
EXEMPTIONS CLAIMED FOR THE SYSTEM:
None.
HISTORY:
None.
96 Addendum IList of U.S. Nuclear Regulatory Commission Locations
Part 1NRC Headquarters Offices
- 1. One White Flint North, 11555 Rockville Pike, Rockville, Maryland.
- 2. Two White Flint North, 11545 Rockville Pike, Rockville, Maryland.
- 3. Three White Flint North, 11601 Landsdown Street, North Bethesda, MD
Part 2NRC Regional Offices
- 1. NRC Region I, 475 Allendale Road, Suite 102, King of Prussia, Pennsylvania.
- 2. NRC Region II, Marquis One Tower, 245 Peachtree Center Avenue N.E., Suite
1200, Atlanta, Georgia.
- 3. NRC Region III, 2443 Warrenville Road, Suite 210, Lisle, Illinois.
- 4. NRC Region IV, 1600 East Lamar Boulevard, Arlington, Texas.
- 5. NRC Technical Training Center, Osborne Office Center, 5746 Marlin Road, Suite
200, Chattanooga, Tennessee.
97